mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-31 05:57:16 +00:00

Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.

Go to file

Richard W.M. Jones 45912ac399 rpc: Pass OPENSSL_CONF through to ssh invocations It's no longer possible for libvirt to connect over the ssh transport from RHEL 9 to RHEL 5. This is because SHA1 signatures have been effectively banned in RHEL 9 at the openssl level. They are required to check the RHEL 5 host key. Note this is a separate issue from openssh requiring additional configuration in order to connect to older servers. Connecting from a RHEL 9 client to RHEL 5 server: $ cat ~/.ssh/config Host 192.168.0.91 KexAlgorithms +diffie-hellman-group14-sha1 MACs +hmac-sha1 HostKeyAlgorithms +ssh-rsa PubkeyAcceptedKeyTypes +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa $ virsh -c 'qemu+ssh://root@192.168.0.91/system' list error: failed to connect to the hypervisor error: Cannot recv data: ssh_dispatch_run_fatal: Connection to 192.168.0.91 port 22: error in libcrypto: Connection reset by peer "error in libcrypto: Connection reset by peer" is the characteristic error of openssl having been modified to disable SHA1 by default. (You will not see this on non-RHEL-derived distros.) You could enable the legacy crypto policy which downgrades security on the entire host, but a more fine-grained way to do this is to create an alternate openssl configuration file that enables the "forbidden" signatures. However this requires passing the OPENSSL_CONF environment variable through to ssh to specify the alternate configuration. Libvirt filters out this environment variable, but this commit allows it through. With this commit: $ cat /var/tmp/openssl.cnf .include /etc/ssl/openssl.cnf [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = yes $ OPENSSL_CONF=/var/tmp/openssl.cnf ./run virsh -c 'qemu+ssh://root@192.168.0.91/system' list root@192.168.0.91's password: Id Name State -------------------- Essentially my argument here is that OPENSSL_CONF is sufficiently similar in nature to KRB5CCNAME, SSH* and XAUTHORITY that we should permit it to be passed through. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2062360 Signed-off-by: Richard W.M. Jones <rjones@redhat.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>		2022-07-25 15:54:00 +02:00
.ctags.d	maint: Add support for .ctags.d	2019-05-31 17:54:28 +02:00
.github/workflows	Switch to new GitHub repo-lockdown configuration	2021-10-20 14:27:20 +01:00
.gitlab/issue_templates	gitlab: issue_template: Remove labelling commands	2022-06-01 12:27:10 +02:00
build-aux	syntax-check: Add check prohibiting remote reference to local file	2022-06-01 12:27:10 +02:00
ci	ci: Move builds from alpine-314 to alpine-315	2022-07-25 10:50:08 +02:00
docs	lib: Use G_NO_INLINE instead of G_GNUC_NO_INLINE	2022-07-18 17:23:15 +02:00
examples	Introduce VIR_DOMAIN_RUNNING_POSTCOPY_FAILED	2022-06-07 17:40:20 +02:00
include	admin: Introduce virAdmConnectSetDaemonTimeout	2022-07-07 14:35:30 +02:00
po	Translated using Weblate (Georgian)	2022-07-25 08:19:01 +02:00
scripts	lib: Use G_NO_INLINE instead of G_GNUC_NO_INLINE	2022-07-18 17:23:15 +02:00
src	rpc: Pass OPENSSL_CONF through to ssh invocations	2022-07-25 15:54:00 +02:00
tests	tests: qemucapabilities: Update test data for the qemu-7.1 cycle on x86_64	2022-07-25 10:50:03 +02:00
tools	cmdQemuMonitorCommandQMPWrap: Reset ignored errors from JSON parsing	2022-07-25 12:25:02 +02:00
.ctags	ctags: Generate tags for headers, i.e. function prototypes	2018-09-18 14:21:33 +02:00
.dir-locals.el	build: avoid tabs that failed syntax-check	2012-09-06 09:43:46 -06:00
.editorconfig	Add .editorconfig	2019-09-06 12:47:46 +02:00
.gitattributes	Add .gitattributes file	2022-03-17 14:33:12 +01:00
.gitignore	gitignore: Ignore __pycache__ directory	2021-03-22 12:05:11 +01:00
.gitlab-ci.yml	gitlab: mark job dependencies as optional	2022-05-27 08:11:15 -04:00
.gitmodules	gnulib: delete all gnulib integration	2020-02-07 15:03:54 +00:00
.gitpublish	gitpublish: add a subject prefix	2020-01-16 13:04:11 +00:00
.mailmap	mailmap: consolidate my email addresses	2020-10-06 12:05:09 +02:00
AUTHORS.rst.in	AUTHORS: change my (Nikolay Shirokovskiy) email	2022-04-06 11:00:53 +03:00
config.h	configure: bump min required CLang to 6.0 / XCode 10.0	2022-01-17 10:44:29 +00:00
configmake.h.in	meson: generate configmake.h	2020-08-03 09:26:48 +02:00
CONTRIBUTING.rst	meson: adjust our documentation to mention meson instead of autoconf	2020-08-03 09:27:09 +02:00
COPYING	maint: follow recommended practice for using LGPL	2013-05-20 14:15:21 -06:00
COPYING.LESSER	maint: Remove control characters from LGPL license file	2015-09-25 09:16:24 +02:00
gitdm.config	gitdm: add 'ibm' file	2019-10-18 17:32:52 +02:00
libvirt-admin.pc.in	Add libvirt-admin library	2015-06-16 13:46:20 +02:00
libvirt-lxc.pc.in	Add pkg-config files for libvirt-qemu & libvirt-lxc	2014-06-23 16:17:27 +01:00
libvirt-qemu.pc.in	Add pkg-config files for libvirt-qemu & libvirt-lxc	2014-06-23 16:17:27 +01:00
libvirt.pc.in	Add pkg-config files for libvirt-qemu & libvirt-lxc	2014-06-23 16:17:27 +01:00
libvirt.spec.in	spec: Fix indentation	2022-06-13 09:09:35 -04:00
meson_options.txt	meson: Introduce qemu_datadir option	2021-11-18 15:48:59 +01:00
meson.build	meson: Require gnutls-3.6.0 or newer	2022-07-01 13:04:58 +02:00
mingw-libvirt.spec.in	rpm: fix mingw obsoletes lines	2021-08-02 13:47:20 +01:00
NEWS.rst	NEWS: Document improvements to firmware autoselection	2022-07-01 15:10:44 +02:00
README.rst	README: drop Travis CI badge	2020-08-03 15:08:28 +02:00
run.in	run: gracefully handle SIGHUP, SIGQUIT, SIGTERM	2022-03-10 08:06:12 +00:00

README.rst

Libvirt API for virtualization

For some of these hypervisors, it provides a stateful management daemon which runs on the virtualization host allowing access to the API both by non-privileged local users and remote users.

Layered packages provide bindings of the libvirt C API into other languages including Python, Perl, PHP, Go, Java, OCaml, as well as mappings into object systems such as GObject, CIM and SNMP.

Further information about the libvirt project can be found on the website:

https://libvirt.org

License

The libvirt C API is distributed under the terms of GNU Lesser General Public License, version 2.1 (or later). Some parts of the code that are not part of the C library may have the more restrictive GNU General Public License, version 2.0 (or later). See the files COPYING.LESSER and COPYING for full license terms & conditions.

Installation

Instructions on building and installing libvirt can be found on the website:

https://libvirt.org/compiling.html

Contributing

The libvirt project welcomes contributions in many ways. For most components the best way to contribute is to send patches to the primary development mailing list. Further guidance on this can be found on the website:

https://libvirt.org/contribute.html

Contact

The libvirt project has two primary mailing lists:

libvirt-users@redhat.com (for user discussions)
libvir-list@redhat.com (for development only)

Further details on contacting the project are available on the website:

https://libvirt.org/contact.html