History log of /openbmc/qemu/crypto/trace-events (Results 1 – 19 of 19)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: v9.2.0, v9.1.2, v9.1.1, v9.1.0, v8.0.0, v7.2.0, v7.0.0, v6.2.0, v6.1.0
# 8c345b3e 02-Jun-2021 Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/thuth-gitlab/tags/pull-request-2021-06-02' into staging

* Update the references to some doc files (use *.rst instead of *.txt)
* Bump minimum versions of some r

Merge remote-tracking branch 'remotes/thuth-gitlab/tags/pull-request-2021-06-02' into staging

* Update the references to some doc files (use *.rst instead of *.txt)
* Bump minimum versions of some requirements after removing CentOS 7 support

# gpg: Signature made Wed 02 Jun 2021 08:12:18 BST
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5

* remotes/thuth-gitlab/tags/pull-request-2021-06-02:
configure: bump min required CLang to 6.0 / XCode 10.0
configure: bump min required GCC to 7.5.0
configure: bump min required glib version to 2.56
tests/docker: drop CentOS 7 container
tests/vm: convert centos VM recipe to CentOS 8
crypto: drop used conditional check
crypto: bump min gnutls to 3.5.18, dropping RHEL-7 support
crypto: bump min gcrypt to 1.8.0, dropping RHEL-7 support
crypto: drop back compatibility typedefs for nettle
crypto: bump min nettle to 3.4, dropping RHEL-7 support
patchew: move quick build job from CentOS 7 to CentOS 8 container
block/ssh: Bump minimum libssh version to 0.8.7
docs: fix references to docs/devel/s390-dasd-ipl.rst
docs: fix references to docs/specs/tpm.rst
docs: fix references to docs/devel/build-system.rst
docs: fix references to docs/devel/atomics.rst
docs: fix references to docs/devel/tracing.rst

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...


# d0fb9657 17-May-2021 Stefano Garzarella <sgarzare@redhat.com>

docs: fix references to docs/devel/tracing.rst

Commit e50caf4a5c ("tracing: convert documentation to rST")
converted docs/devel/tracing.txt to docs/devel/tracing.rst.

We still have several referenc

docs: fix references to docs/devel/tracing.rst

Commit e50caf4a5c ("tracing: convert documentation to rST")
converted docs/devel/tracing.txt to docs/devel/tracing.rst.

We still have several references to the old file, so let's fix them
with the following command:

sed -i s/tracing.txt/tracing.rst/ $(git grep -l docs/devel/tracing.txt)

Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210517151702.109066-2-sgarzare@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

show more ...


Revision tags: v5.2.0
# aecdfcc3 09-Jul-2020 Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/philmd-gitlab/tags/fw_cfg-20200704' into staging

firmware (and crypto) patches

- add the tls-cipher-suites object,
- add the ability to QOM objects to produce

Merge remote-tracking branch 'remotes/philmd-gitlab/tags/fw_cfg-20200704' into staging

firmware (and crypto) patches

- add the tls-cipher-suites object,
- add the ability to QOM objects to produce data consumable
by the fw_cfg device,
- let the tls-cipher-suites object implement the
FW_CFG_DATA_GENERATOR interface.

This is required by EDK2 'HTTPS Boot' feature of OVMF to tell
the guest which TLS ciphers it can use.

CI jobs results:
https://travis-ci.org/github/philmd/qemu/builds/704724619
https://gitlab.com/philmd/qemu/-/pipelines/162938106
https://cirrus-ci.com/build/4682977303068672

# gpg: Signature made Sat 04 Jul 2020 17:37:08 BST
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/fw_cfg-20200704:
crypto/tls-cipher-suites: Produce fw_cfg consumable blob
softmmu/vl: Allow -fw_cfg 'gen_id' option to use the 'etc/' namespace
softmmu/vl: Let -fw_cfg option take a 'gen_id' argument
hw/nvram/fw_cfg: Add the FW_CFG_DATA_GENERATOR interface
crypto: Add tls-cipher-suites object

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...


Revision tags: v5.0.0, v4.2.0, v4.0.0, v4.0.0-rc1, v4.0.0-rc0, v3.1.0, v3.1.0-rc5, v3.1.0-rc4, v3.1.0-rc3, v3.1.0-rc2, v3.1.0-rc1, v3.1.0-rc0
# 993aec27 11-Oct-2018 Philippe Mathieu-Daudé <philmd@redhat.com>

crypto: Add tls-cipher-suites object

On the host OS, various aspects of TLS operation are configurable.
In particular it is possible for the sysadmin to control the TLS
cipher/protocol algorithms th

crypto: Add tls-cipher-suites object

On the host OS, various aspects of TLS operation are configurable.
In particular it is possible for the sysadmin to control the TLS
cipher/protocol algorithms that applications are permitted to use.

* Any given crypto library has a built-in default priority list
defined by the distro maintainer of the library package (or by
upstream).

* The "crypto-policies" RPM (or equivalent host OS package)
provides a config file such as "/etc/crypto-policies/config",
where the sysadmin can set a high level (library-independent)
policy.

The "update-crypto-policies --set" command (or equivalent) is
used to translate the global policy to individual library
representations, producing files such as
"/etc/crypto-policies/back-ends/*.config". The generated files,
if present, are loaded by the various crypto libraries to
override their own built-in defaults.

For example, the GNUTLS library may read
"/etc/crypto-policies/back-ends/gnutls.config".

* A management application (or the QEMU user) may overide the
system-wide crypto-policies config via their own config, if
they need to diverge from the former.

Thus the priority order is "QEMU user config" > "crypto-policies
system config" > "library built-in config".

Introduce the "tls-cipher-suites" object for exposing the ordered
list of permitted TLS cipher suites from the host side to the
guest firmware, via fw_cfg. The list is represented as an array
of bytes.

The priority at which the host-side policy is retrieved is given
by the "priority" property of the new object type. For example,
"priority=@SYSTEM" may be used to refer to
"/etc/crypto-policies/back-ends/gnutls.config" (given that QEMU
uses GNUTLS).

The firmware uses the IANA_TLS_CIPHER array for configuring
guest-side TLS, for example in UEFI HTTPS Boot.

[Description from Daniel P. Berrangé, edited by Laszlo Ersek.]

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200623172726.21040-2-philmd@redhat.com>

show more ...


# d132baa0 25-Mar-2019 Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging

Pull request

Compilation fixes and cleanups for QEMU 4.0.0.

# gpg: Signature made Mon 25 Mar 2019 15:58:28 GM

Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging

Pull request

Compilation fixes and cleanups for QEMU 4.0.0.

# gpg: Signature made Mon 25 Mar 2019 15:58:28 GMT
# gpg: using RSA key 9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/tracing-pull-request:
trace-events: Fix attribution of trace points to source
trace-events: Delete unused trace points
scripts/cleanup-trace-events: Update for current practice
trace-events: Shorten file names in comments
trace-events: Consistently point to docs/devel/tracing.txt
trace: avoid SystemTap dtrace(1) warnings on empty files
trace: handle tracefs path truncation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...


# 500016e5 14-Mar-2019 Markus Armbruster <armbru@redhat.com>

trace-events: Shorten file names in comments

We spell out sub/dir/ in sub/dir/trace-events' comments pointing to
source files. That's because when trace-events got split up, the
comments were moved

trace-events: Shorten file names in comments

We spell out sub/dir/ in sub/dir/trace-events' comments pointing to
source files. That's because when trace-events got split up, the
comments were moved verbatim.

Delete the sub/dir/ part from these comments. Gets rid of several
misspellings.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190314180929.27722-3-armbru@redhat.com
Message-Id: <20190314180929.27722-3-armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...


# 86c7e2f4 26-Feb-2019 Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/berrange/tags/authz-core-pull-request' into staging

Add a standard authorization framework

The current network services now support encryption via TLS and in s

Merge remote-tracking branch 'remotes/berrange/tags/authz-core-pull-request' into staging

Add a standard authorization framework

The current network services now support encryption via TLS and in some
cases support authentication via SASL. In cases where SASL is not
available, x509 client certificates can be used as a crude authorization
scheme, but using a sub-CA and controlling who you give certs to. In
general this is not very flexible though, so this series introduces a
new standard authorization framework.

It comes with four initial authorization mechanisms

- Simple - an exact username match. This is useful when there is
exactly one user that is known to connect. For example when live
migrating from one QEMU to another with TLS, libvirt would use
the simple scheme to whitelist the TLS cert of the source QEMU.

- List - an full access control list, with optional regex matching.
This is more flexible and is used to provide 100% backcompat with
the existing HMP ACL commands. The caveat is that we can't create
these via the CLI -object arg yet.

- ListFile - the same as List, but with the rules stored in JSON
format in an external file. This avoids the -object limitation
while also allowing the admin to change list entries on the file.
QEMU uses inotify to notice these changes and auto-reload the
file contents. This is likely a good default choice for most
network services, if the "simple" mechanism isn't sufficient.

- PAM - delegate the username lookup to a PAM module, which opens
the door to many options including things like SQL/LDAP lookups.

# gpg: Signature made Tue 26 Feb 2019 15:33:46 GMT
# gpg: using RSA key BE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/authz-core-pull-request:
authz: delete existing ACL implementation
authz: add QAuthZPAM object type for authorizing using PAM
authz: add QAuthZListFile object type for a file access control list
authz: add QAuthZList object type for an access control list
authz: add QAuthZSimple object type for easy whitelist auth checks
authz: add QAuthZ object as an authorization base class
hw/usb: switch MTP to use new inotify APIs
hw/usb: fix const-ness for string params in MTP driver
hw/usb: don't set IN_ISDIR for inotify watch in MTP driver
qom: don't require user creatable objects to be registered
util: add helper APIs for dealing with inotify in portable manner

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...


Revision tags: libfdt-20181002, ppc-for-3.1-20180925, ppc-for-3.1-20180907, ppc-for-3.1-20180821, v3.0.0, v3.0.0-rc4, v2.12.1, ppc-for-3.0-20180801, v3.0.0-rc3, v3.0.0-rc2, v3.0.0-rc1, ppc-for-3.0-20180716, v3.0.0-rc0, ppc-for-3.0-20180709, ppc-for-3.0-20180703, v2.11.2, ppc-for-3.0-20180622, ppc-for-3.0-20180618, ppc-for-3.0-20180612, ppc-for-2.13-20180504, ppc-for-2.13-20180427, v2.12.0, v2.12.0-rc4, v2.12.0-rc3, ppc-for-2.12-20180410, v2.12.0-rc2, v2.12.0-rc1, v2.12.0-rc0, ppc-for-2.12-20180319, ppc-for-2.12-20180315, ppc-for-2.12-20180306, ppc-for-2.12-20180302, ppc-for-2.12-20180216, v2.11.1, ppc-for-2.12-20180212, ppc-for-2.12-20180129, ppc-for-2.12-20180121, ppc-for-2.12-20180119, ppc-for-2.12-20180117, ppc-for-2.12-20180111, ppc-for-2.12-20180108, ppc-for-2.12-20180103, ppc-for-2.12-20171219, v2.10.2, ppc-for-2.12-20171215, v2.11.0, v2.11.0-rc5, v2.11.0-rc4, ppc-for-2.11-20171205, ppc-for-2.11-20171204, v2.11.0-rc3, ppc-for-2.11-20171127, ppc-for-2.11-20171122, v2.11.0-rc2, ppc-for-2.11-20171120, v2.11.0-rc1, ppc-for-2.11-20171114, ppc-for-2.11-20171108, v2.11.0-rc0, ppc-for-2.11-20171017, v2.10.1, ppc-for-2.11-20170927, ppc-for-2.11-20170915, ppc-for-2.11-20170908, v2.9.1, v2.10.0, v2.10.0-rc4, ppc-for-2.10-20170823, ppc-for-2.10-20170822, v2.10.0-rc3, ppc-for-2.10-20170809, v2.10.0-rc2, v2.10.0-rc1, ppc-for-2.10-20170731, v2.10.0-rc0, ppc-for-2.10-20170725, ppc-for-2.10-20170717, ppc-for-2.10-20170714, ppc-for-2.10-20170711, ppc-for-2.10-20170630, ppc-for-2.10-20170609, ppc-for-2.10-20170606, ppc-for-2.10-20170525, ppc-for-2.10-20170511, ppc-for-2.10-20170510, ppc-for-2.10-20170426, ppc-for-2.10-20170424, v2.8.1.1, v2.9.0, v2.9.0-rc5, v2.9.0-rc4, v2.9.0-rc3, ppc-for-2.9-20170403, v2.8.1, ppc-for-2.9-20170329, v2.9.0-rc2, ppc-for-2.9-20170323, v2.9.0-rc1, v2.9.0-rc0, ppc-for-2.9-20170314, ppc-for-2.9-20170306, submodule-update-20170303, ppc-for-2.9-20170303, ppc-for-2.9-20170301, ppc-for-2.9-20170222, isa-cleanup-20170206, ppc-for-2.9-20170202, ppc-for-2.9-20170112, master-20170112, v2.7.1, v2.8.0, v2.8.0-rc4, v2.8.0-rc3, ppc-for-2.8-20161201, v2.8.0-rc2, ppc-for-2.8-20161123, v2.8.0-rc1, isa-cleanup-20161118, qemu-kvm-1.5.3-127.el7, v2.8.0-rc0, ppc-for-2.8-20161115, qemu-kvm-1.5.3-126.el7_3.1, qemu-kvm-0.12.1.2-2.496.el6, ppc-for-2.8-20161028, qemu-kvm-0.12.1.2-2.495.el6, ppc-for-2.8-20161026, ppc-for-2.8-20161017, qemu-kvm-rhev-2.3.0-31.el7_2.23, ppc-for-2.7-20161013, qemu-kvm-1.5.3-105.el7_2.10, ppc-for-2.8-20161006, qemu-kvm-1.5.3-105.el7_2.9, v2.6.2, RHELSA-7.3_qemu-kvm-rhev, qemu-kvm-rhev-2.6.0-28.el7, RHEL-7.3_qemu-kvm-rhev, qemu-kvm-rhev-2.6.0-27.el7, ppc-for-2.8-20160923, qemu-kvm-0.12.1.2-2.494.el6, ppc-for-2.8-20160922, RHEL-7.3_qemu-kvm, qemu-kvm-1.5.3-126.el7, qemu-kvm-rhev-2.6.0-26.el7, vfio-fixes-20160915.0, qemu-kvm-1.5.3-125.el7, qemu-kvm-rhev-2.3.0-31.el7_2.22, qemu-kvm-rhev-2.6.0-25.el7, qemu-kvm-1.5.3-124.el7, qemu-kvm-rhev-2.6.0-24.el7, qemu-kvm-1.5.3-123.el7, qemu-kvm-0.12.1.2-2.415.el6_5.16, ppc-for-2.8-20160907, qemu-kvm-rhev-2.6.0-23.el7, ppc-for-2.8-20160906, v2.7.0, RHEL-7.3-qemu-guest-agent, qemu-guest-agent-2.5.0-3.el7, v2.7.0-rc5, qemu-kvm-1.5.3-122.el7, qemu-kvm-rhev-2.6.0-22.el7, v2.7.0-rc4, v2.6.1, v2.7.0-rc3, qemu-kvm-rhev-2.6.0-21.el7, qemu-kvm-1.5.3-105.el7_2.8, ppc-for-2.7-20160815, qemu-kvm-rhev-2.6.0-20.el7, ppc-for-2.7-20160810, v2.7.0-rc2, ppc-for-2.7-20160808, qemu-kvm-rhev-2.6.0-19.el7, ppc-for-2.7-20160803, qemu-kvm-rhev-2.6.0-18.el7, qemu-kvm-1.5.3-105.el7_2.7, qemu-kvm-rhev-2.3.0-31.el7_2.21, qemu-kvm-1.5.3-121.el7, v2.7.0-rc1, qemu-kvm-rhev-2.6.0-17.el7, qemu-kvm-1.5.3-120.el7, ppc-for-2.7-20160729, qemu-kvm-0.12.1.2-2.493.el6, qemu-kvm-1.5.3-105.el7_2.6, qemu-kvm-0.12.1.2-2.491.el6_8.3, qemu-kvm-rhev-2.3.0-31.el7_2.20, qemu-kvm-1.5.3-119.el7, qemu-kvm-rhev-2.6.0-16.el7, ppc-for-2.7-20160726, v2.7.0-rc0, qemu-kvm-rhev-2.6.0-15.el7, qemu-kvm-rhev-2.3.0-31.el7_2.19, qemu-kvm-rhev-2.6.0-14.el7, qemu-kvm-1.5.3-118.el7, vfio-update-20160718.0, ppc-for-2.7-20160718, qemu-kvm-1.5.3-117.el7, qemu-kvm-rhev-2.6.0-13.el7, qemu-kvm-rhev-2.6.0-12.el7, qemu-kvm-rhev-2.3.0-31.el7_2.18, ppc-for-2.7-20160705, qemu-kvm-rhev-2.6.0-11.el7, qemu-kvm-1.5.3-105.el7_2.5, ppc-for-2.7-20160701, vfio-update-20160630.0, qemu-kvm-0.12.1.2-2.492.el6, qemu-kvm-rhev-2.6.0-10.el7, qemu-kvm-rhev-2.3.0-31.el7_2.17, qemu-kvm-1.5.3-116.el7, ppc-for-2.7-20160627, qemu-kvm-rhev-2.6.0-9.el7, ppc-for-2.7-20160623, qemu-kvm-0.12.1.2-2.491.el6_8.2, qemu-kvm-rhev-2.6.0-8.el7, qemu-kvm-1.5.3-115.el7, ppc-for-2.7-20160617, qemu-kvm-rhev-2.3.0-31.el7_2.16, qemu-kvm-rhev-2.6.0-7.el7, qemu-kvm-rhev-2.6.0-6.el7, qemu-kvm-1.5.3-114.el7, qemu-guest-agent-2.5.0-2.el7, ppc-for-2.7-20160614, ppc-for-2.7-20160607, qemu-kvm-rhev-2.3.0-31.el7_2.15, qemu-kvm-rhev-2.6.0-5.el7, ppc-for-2.7-20160531, qemu-kvm-1.5.3-113.el7, ppc-for-2.7-20160527, vfio-update-20160526.1, maintainers-for-peter, qemu-kvm-rhev-2.6.0-4.el7, qemu-kvm-rhev-2.6.0-3.el7, qemu-kvm-rhev-2.1.2-23.el7_1.12, qemu-kvm-rhev-2.6.0-2.el7, qemu-kvm-rhev-2.3.0-31.el7_2.14, qemu-kvm-1.5.3-112.el7, qemu-kvm-rhev-2.6.0-1.el7, v2.6.0, v2.5.1.1, v2.6.0-rc5, qemu-kvm-1.5.3-111.el7, qemu-kvm-1.5.3-110.el7, qemu-kvm-0.12.1.2-2.479.el6_7.5, qemu-kvm-0.12.1.2-2.491.el6_8.1, qemu-kvm-rhev-2.3.0-31.el7_2.13, v2.6.0-rc4, ppc-for-2.6-20160426, ppc-for-2.6-20160423, v2.6.0-rc3, ppc-for-2.6-20160419, ppc-for-2.6-20160418, v2.6.0-rc2, qemu-kvm-rhev-2.3.0-31.el7_2.12, ppc-for-2.6-20160408, qemu-kvm-rhev-2.3.0-31.el7_2.11, v2.6.0-rc1, ppc-for-2.6-20160405, openbmc-20160404-1, qemu-kvm-rhev-2.5.0-4.el7, v2.6.0-rc0, qemu-kvm-0.12.1.2-2.491.el6, v2.5.1, vfio-update-20160328.0, ppc-for-2.6-20160324, qemu-kvm-rhev-2.5.0-3.el7, vfio-ddw-20160322, machine-pull-request, ppc-for-2.6-20160316, qemu-kvm-rhev-2.3.0-31.el7_2.10, qemu-kvm-1.5.3-109.el7, qemu-kvm-rhev-2.3.0-31.el7_2.9, vfio-update-20160310.2, vfio-update-20160311.0, qemu-kvm-rhev-2.5.0-2.el7, qemu-kvm-0.12.1.2-2.490.el6, ppc-for-2.6-20160229, ppc-for-2.6-20160225, qemu-kvm-rhev-2.3.0-31.el7_2.8, qemu-slof-20160223, vfio-update-20160219.1, qemu-kvm-0.12.1.2-2.489.el6
# b76806d4 18-Feb-2016 Daniel P. Berrange <berrange@redhat.com>

authz: delete existing ACL implementation

The 'qemu_acl' type was a previous non-QOM based attempt to provide an
authorization facility in QEMU. Because it is non-QOM based it cannot be
created via

authz: delete existing ACL implementation

The 'qemu_acl' type was a previous non-QOM based attempt to provide an
authorization facility in QEMU. Because it is non-QOM based it cannot be
created via the command line and requires special monitor commands to
manipulate it.

The new QAuthZ subclasses provide a superset of the functionality in
qemu_acl, so the latter can now be deleted. The HMP 'acl_*' monitor
commands are converted to use the new QAuthZSimple data type instead
in order to provide temporary backwards compatibility.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

show more ...


# 2a018f6e 03-Jul-2018 Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/berrange/tags/qcrypto-next-pull-request' into staging

Add support for PSK credentials with TLS

# gpg: Signature made Tue 03 Jul 2018 13:04:51 BST
# gpg:

Merge remote-tracking branch 'remotes/berrange/tags/qcrypto-next-pull-request' into staging

Add support for PSK credentials with TLS

# gpg: Signature made Tue 03 Jul 2018 13:04:51 BST
# gpg: using RSA key BE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/qcrypto-next-pull-request:
crypto: Implement TLS Pre-Shared Keys (PSK).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...


# e1a6dc91 03-Jul-2018 Richard W.M. Jones <rjones@redhat.com>

crypto: Implement TLS Pre-Shared Keys (PSK).

Pre-Shared Keys (PSK) is a simpler mechanism for enabling TLS
connections than using certificates. It requires only a simple secret
key:

$ mkdir -m 0

crypto: Implement TLS Pre-Shared Keys (PSK).

Pre-Shared Keys (PSK) is a simpler mechanism for enabling TLS
connections than using certificates. It requires only a simple secret
key:

$ mkdir -m 0700 /tmp/keys
$ psktool -u rjones -p /tmp/keys/keys.psk
$ cat /tmp/keys/keys.psk
rjones:d543770c15ad93d76443fb56f501a31969235f47e999720ae8d2336f6a13fcbc

The key can be secretly shared between clients and servers. Clients
must specify the directory containing the "keys.psk" file and a
username (defaults to "qemu"). Servers must specify only the
directory.

Example NBD client:

$ qemu-img info \
--object tls-creds-psk,id=tls0,dir=/tmp/keys,username=rjones,endpoint=client \
--image-opts \
file.driver=nbd,file.host=localhost,file.port=10809,file.tls-creds=tls0,file.export=/

Example NBD server using qemu-nbd:

$ qemu-nbd -t -x / \
--object tls-creds-psk,id=tls0,endpoint=server,dir=/tmp/keys \
--tls-creds tls0 \
image.qcow2

Example NBD server using nbdkit:

$ nbdkit -n -e / -fv \
--tls=on --tls-psk=/tmp/keys/keys.psk \
file file=disk.img

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...


# 25dd0e77 31-Jul-2017 Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-fetch' into staging

trivial patches for 2017-07-31

# gpg: Signature made Mon 31 Jul 2017 11:18:57 BST
# gpg: using RSA

Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-fetch' into staging

trivial patches for 2017-07-31

# gpg: Signature made Mon 31 Jul 2017 11:18:57 BST
# gpg: using RSA key 0x701B4F6B1A693E59
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5
# Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931 4B22 701B 4F6B 1A69 3E59

* remotes/mjt/tags/trivial-patches-fetch: (25 commits)
docs: fix broken paths to docs/specs/ivshmem-spec.txt
docs: fix broken paths to docs/config/ich9-ehci-uhci.cfg
docs: fix broken paths to docs/devel/tracing.txt
docs: fix broken paths to docs/devel/atomics.txt
docs: fix broken paths to docs/devel/qapi-code-gen.txt
docs: fix broken paths to docs/interop/qcow2.txt
docs: fix broken paths to docs/interop dir
thunk: assert nb_fields is valid
syscall: check inotify() and eventfd() return value
syscall: fix use of uninitialized values
syscall: fix dereference of undefined pointer
linux-user/sh4: fix incorrect memory write
m68k/translate: fix incorrect copy/paste
net/eth: fix incorrect check of iov_to_buf() return value
ui/vnc: fix leak of SocketAddress **
qcow2: fix null pointer dereference
ivshmem: fix incorrect error handling in ivshmem_recv_msg()
loader: check get_image_size() return value
tests: add missing dependency to build QTEST_QEMU_BINARY
qemu-system-tricore: segfault when entering "x 0" on the monitor
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...


# 87e0331c 28-Jul-2017 Philippe Mathieu-Daudé <f4bug@amsat.org>

docs: fix broken paths to docs/devel/tracing.txt

With the move of some docs/ to docs/devel/ on ac06724a71,
no references were updated.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Review

docs: fix broken paths to docs/devel/tracing.txt

With the move of some docs/ to docs/devel/ on ac06724a71,
no references were updated.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...


# 98c710f2 27-Jun-2016 Andrew Jeffery <andrew@aj.id.au>

Merge remote-tracking branch 'clg/aspeed'

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>


# 3d47a139 19-Sep-2016 Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-2016-09-19-2' into staging

Merge qcrypto 2016/09/19 v2

# gpg: Signature made Mon 19 Sep 2016 16:30:52 BST
# gpg: usin

Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-2016-09-19-2' into staging

Merge qcrypto 2016/09/19 v2

# gpg: Signature made Mon 19 Sep 2016 16:30:52 BST
# gpg: using RSA key 0xBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/pull-qcrypto-2016-09-19-2:
crypto: add trace points for TLS cert verification
crypto: support more hash algorithms for pbkdf
crypto: increase default pbkdf2 time for luks to 2 seconds
crypto: remove bogus /= 2 for pbkdf iterations
crypto: use correct derived key size when timing pbkdf
crypto: clear out buffer after timing pbkdf algorithm
crypto: make PBKDF iterations configurable for LUKS format
crypto: use uint64_t for pbkdf iteration count parameters

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...


# b57482d7 14-Sep-2016 Daniel P. Berrange <berrange@redhat.com>

crypto: add trace points for TLS cert verification

It is very useful to know about TLS cert verification
status when debugging, so add a trace point for it.

Signed-off-by: Daniel P. Berrange <berra

crypto: add trace points for TLS cert verification

It is very useful to know about TLS cert verification
status when debugging, so add a trace point for it.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

show more ...


# aba5d976 15-Aug-2016 Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging

# gpg: Signature made Fri 12 Aug 2016 11:48:03 BST
# gpg: using RSA key 0x9CA4ABB381AB73C8
# gpg

Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging

# gpg: Signature made Fri 12 Aug 2016 11:48:03 BST
# gpg: using RSA key 0x9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/tracing-pull-request:
trace-events: fix first line comment in trace-events

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...


# e723b871 08-Aug-2016 Laurent Vivier <lvivier@redhat.com>

trace-events: fix first line comment in trace-events

Documentation is docs/tracing.txt instead of docs/trace-events.txt.

find . -name trace-events -exec \
sed -i "s?See docs/trace-events.txt f

trace-events: fix first line comment in trace-events

Documentation is docs/tracing.txt instead of docs/trace-events.txt.

find . -name trace-events -exec \
sed -i "s?See docs/trace-events.txt for syntax documentation.?See docs/tracing.txt for syntax documentation.?" \
{} \;

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Message-id: 1470669081-17860-1-git-send-email-lvivier@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...


# b0ad00b8 20-Jun-2016 Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging

# gpg: Signature made Mon 20 Jun 2016 21:29:27 BST
# gpg: using RSA key 0x9CA4ABB381AB73C8
# gpg

Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging

# gpg: Signature made Mon 20 Jun 2016 21:29:27 BST
# gpg: using RSA key 0x9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/tracing-pull-request: (42 commits)
trace: split out trace events for linux-user/ directory
trace: split out trace events for qom/ directory
trace: split out trace events for target-ppc/ directory
trace: split out trace events for target-s390x/ directory
trace: split out trace events for target-sparc/ directory
trace: split out trace events for net/ directory
trace: split out trace events for audio/ directory
trace: split out trace events for ui/ directory
trace: split out trace events for hw/alpha/ directory
trace: split out trace events for hw/arm/ directory
trace: split out trace events for hw/acpi/ directory
trace: split out trace events for hw/vfio/ directory
trace: split out trace events for hw/s390x/ directory
trace: split out trace events for hw/pci/ directory
trace: split out trace events for hw/ppc/ directory
trace: split out trace events for hw/9pfs/ directory
trace: split out trace events for hw/i386/ directory
trace: split out trace events for hw/isa/ directory
trace: split out trace events for hw/sd/ directory
trace: split out trace events for hw/sparc/ directory
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...


# 8451f2f2 16-Jun-2016 Daniel P. Berrange <berrange@redhat.com>

trace: split out trace events for crypto/ directory

Move all trace-events for files in the crypto/ directory to
their own file.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1

trace: split out trace events for crypto/ directory

Move all trace-events for files in the crypto/ directory to
their own file.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1466066426-16657-4-git-send-email-berrange@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...