[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libvir] [PATCH] A variety of fixes for Debian, old versions of GnuTLS



Attached is a patch to get libvirt working on Debian/stable again.

(1) Add ./configure option --disable-stack-protector. The stack protector feature is still enabled by default, but it causes no end of problems when compiling on Debian systems, apparently because of bugs in their gcc. So Debian users would be well advised to try disabling it if they have problems building.

(2) Adds support for GnuTLS 1.0.x by detecting this version and enabling some simple compatibility macros.

(3) In qemudDispatchClientEvent, a prototype shadowed a global function name. A simple name change to a parameter fixes it.

(4) Debian (and likely non-Linux systems also) don't have the SIOCBRADDBR and related ioctls. If these are missing, then I've changed this to runtime errors. This means that these systems won't be able to start the network daemon, but other (non-network) features of libvirt continue to work.

(5) Removed a warning in src/qemu_conf.c.

Rich.

PS. You need to drop the file gnutls_1_0_compat.h into src/ subdirectory. Sorry this file isn't in the proper patch but I don't have write access to CVS from the testing machine.

--
Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/
Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod
Street, Windsor, Berkshire, SL4 1TE, United Kingdom.  Registered in
England and Wales under Company Registration No. 03798903
? src/gnutls_1_0_compat.h
Index: acinclude.m4
===================================================================
RCS file: /data/cvs/libvirt/acinclude.m4,v
retrieving revision 1.4
diff -u -p -r1.4 acinclude.m4
--- acinclude.m4	26 Mar 2007 09:30:36 -0000	1.4
+++ acinclude.m4	7 Aug 2007 11:50:10 -0000
@@ -19,7 +19,7 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
 
     warnCFLAGS=
 
-    try_compiler_flags="-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -fasynchronous-unwind-tables"
+    try_compiler_flags="-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fasynchronous-unwind-tables"
 
     case "$enable_compile_warnings" in
     no)
Index: configure.in
===================================================================
RCS file: /data/cvs/libvirt/configure.in,v
retrieving revision 1.79
diff -u -p -r1.79 configure.in
--- configure.in	24 Jul 2007 15:58:41 -0000	1.79
+++ configure.in	7 Aug 2007 11:50:10 -0000
@@ -100,6 +100,17 @@ if test x"$enable_debug" = x"yes"; then
    AC_DEFINE(ENABLE_DEBUG, [], [whether debugging is enabled])
 fi
 
+dnl --disable-stack-protector
+AC_ARG_ENABLE(stack-protector,
+	      AC_HELP_STRING([--disable-stack-protector],
+			     [disable stack protector]),
+			     [],
+			     [enable_stack_protector=yes])
+if test x"$enable_stack_protector" = x"yes"; then
+    CFLAGS="$CFLAGS -fstack-protector --param=ssp-buffer-size=4"
+fi
+
+
 AC_MSG_CHECKING([where to write libvirtd PID file])
 AC_ARG_WITH(remote-pid-file, AC_HELP_STRING([--with-remote-pid-file=[pidfile|none]], [PID file for libvirtd]))
 if test "x$with_remote_pid_file" == "x" ; then
@@ -302,6 +313,14 @@ AC_CHECK_LIB(gnutls, gnutls_handshake,
        [],
        [AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt])])
 
+dnl Old versions of GnuTLS uses types like 'gnutls_session' instead
+dnl of 'gnutls_session_t'.  Try to detect this type if defined so
+dnl that we can offer backwards compatibility.
+AC_CHECK_TYPE(gnutls_session,
+	AC_DEFINE(GNUTLS_1_0_COMPAT,[],
+		[enable GnuTLS 1.0 compatibility macros]),,
+	[#include <gnutls/gnutls.h>])
+
 dnl virsh libraries
 AC_CHECK_LIB(curses, initscr, 
 	[VIRSH_LIBS="$VIRSH_LIBS -lcurses"],
Index: qemud/internal.h
===================================================================
RCS file: /data/cvs/libvirt/qemud/internal.h,v
retrieving revision 1.32
diff -u -p -r1.32 internal.h
--- qemud/internal.h	27 Jun 2007 00:12:29 -0000	1.32
+++ qemud/internal.h	7 Aug 2007 11:50:10 -0000
@@ -27,6 +27,7 @@
 
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
+#include "../src/gnutls_1_0_compat.h"
 
 #include "protocol.h"
 #include "remote_protocol.h"
Index: qemud/qemud.c
===================================================================
RCS file: /data/cvs/libvirt/qemud/qemud.c,v
retrieving revision 1.54
diff -u -p -r1.54 qemud.c
--- qemud/qemud.c	12 Jul 2007 15:04:05 -0000	1.54
+++ qemud/qemud.c	7 Aug 2007 11:50:10 -0000
@@ -48,8 +48,6 @@
 #include <getopt.h>
 #include <assert.h>
 #include <fnmatch.h>
-#include <gnutls/gnutls.h>
-#include <gnutls/x509.h>
 
 #include <libvirt/virterror.h>
 
@@ -110,7 +108,7 @@ static void qemudDispatchClientEvent(int
 static void qemudDispatchServerEvent(int fd, int events, void *opaque);
 static int qemudRegisterClientEvent(struct qemud_server *server,
                                     struct qemud_client *client,
-                                    int remove);
+                                    int removeFirst);
 
 static int
 remoteCheckCertFile(const char *type, const char *file)
@@ -818,8 +816,10 @@ remoteCheckCertificate (gnutls_session_t
         if (status & GNUTLS_CERT_REVOKED)
             qemudLog (QEMUD_ERR, "remoteCheckCertificate: the client certificate has been revoked.");
 
+#ifndef GNUTLS_1_0_COMPAT
         if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
             qemudLog (QEMUD_ERR, "remoteCheckCertificate: the client certificate uses an insecure algorithm.");
+#endif
 
         return -1;
     }
Index: src/bridge.c
===================================================================
RCS file: /data/cvs/libvirt/src/bridge.c,v
retrieving revision 1.2
diff -u -p -r1.2 bridge.c
--- src/bridge.c	29 Jun 2007 13:23:13 -0000	1.2
+++ src/bridge.c	7 Aug 2007 11:50:10 -0000
@@ -124,6 +124,7 @@ brShutdown(brControl *ctl)
  *
  * Returns 0 in case of success or an errno code in case of failure.
  */
+#ifdef SIOCBRADDBR
 int
 brAddBridge(brControl *ctl,
             const char *nameOrFmt,
@@ -170,6 +171,15 @@ brAddBridge(brControl *ctl,
 
     return errno;
 }
+#else
+int brAddBridge (brControl *ctl ATTRIBUTE_UNUSED,
+                 const char *nameOrFmt ATTRIBUTE_UNUSED,
+                 char *name ATTRIBUTE_UNUSED,
+                 int maxlen ATTRIBUTE_UNUSED)
+{
+    return EINVAL;
+}
+#endif
 
 /**
  * brDeleteBridge:
@@ -180,6 +190,7 @@ brAddBridge(brControl *ctl,
  *
  * Returns 0 in case of success or an errno code in case of failure.
  */
+#ifdef SIOCBRDELBR
 int
 brDeleteBridge(brControl *ctl,
                const char *name)
@@ -189,7 +200,16 @@ brDeleteBridge(brControl *ctl,
 
     return ioctl(ctl->fd, SIOCBRDELBR, name) == 0 ? 0 : errno;
 }
+#else
+int
+brDeleteBridge(brControl *ctl ATTRIBUTE_UNUSED,
+               const char *name ATTRIBUTE_UNUSED)
+{
+    return EINVAL;
+}
+#endif
 
+#if defined(SIOCBRADDIF) && defined(SIOCBRDELIF)
 static int
 brAddDelInterface(brControl *ctl,
                   int cmd,
@@ -215,6 +235,7 @@ brAddDelInterface(brControl *ctl,
 
     return ioctl(ctl->fd, cmd, &ifr) == 0 ? 0 : errno;
 }
+#endif
 
 /**
  * brAddInterface:
@@ -226,6 +247,7 @@ brAddDelInterface(brControl *ctl,
  *
  * Returns 0 in case of success or an errno code in case of failure.
  */
+#ifdef SIOCBRADDIF
 int
 brAddInterface(brControl *ctl,
                const char *bridge,
@@ -233,6 +255,15 @@ brAddInterface(brControl *ctl,
 {
     return brAddDelInterface(ctl, SIOCBRADDIF, bridge, iface);
 }
+#else
+int
+brAddInterface(brControl *ctl ATTRIBUTE_UNUSED,
+               const char *bridge ATTRIBUTE_UNUSED,
+               const char *iface ATTRIBUTE_UNUSED)
+{
+    return EINVAL;
+}
+#endif
 
 /**
  * brDeleteInterface:
@@ -244,6 +275,7 @@ brAddInterface(brControl *ctl,
  *
  * Returns 0 in case of success or an errno code in case of failure.
  */
+#ifdef SIOCBRDELIF
 int
 brDeleteInterface(brControl *ctl,
                   const char *bridge,
@@ -251,7 +283,15 @@ brDeleteInterface(brControl *ctl,
 {
     return brAddDelInterface(ctl, SIOCBRDELIF, bridge, iface);
 }
-
+#else
+int
+brDeleteInterface(brControl *ctl ATTRIBUTE_UNUSED,
+                  const char *bridge ATTRIBUTE_UNUSED,
+                  const char *iface ATTRIBUTE_UNUSED)
+{
+    return EINVAL;
+}
+#endif
 
 /**
  * brAddTap:
Index: src/qemu_conf.c
===================================================================
RCS file: /data/cvs/libvirt/src/qemu_conf.c,v
retrieving revision 1.9
diff -u -p -r1.9 qemu_conf.c
--- src/qemu_conf.c	31 Jul 2007 14:27:12 -0000	1.9
+++ src/qemu_conf.c	7 Aug 2007 11:50:10 -0000
@@ -768,7 +768,7 @@ static struct qemud_vm_net_def *qemudPar
     } else if (net->type == QEMUD_NET_CLIENT ||
                net->type == QEMUD_NET_SERVER ||
                net->type == QEMUD_NET_MCAST) {
-        int len;
+        int len = 0;
         char *ret;
 
         if (port == NULL) {
Index: src/remote_internal.c
===================================================================
RCS file: /data/cvs/libvirt/src/remote_internal.c,v
retrieving revision 1.16
diff -u -p -r1.16 remote_internal.c
--- src/remote_internal.c	27 Jul 2007 23:23:00 -0000	1.16
+++ src/remote_internal.c	7 Aug 2007 11:50:10 -0000
@@ -43,6 +43,7 @@
 #include <rpc/xdr.h>
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
+#include "gnutls_1_0_compat.h"
 #include <libxml/uri.h>
 
 #include "internal.h"
@@ -1085,9 +1086,11 @@ verify_certificate (virConnectPtr conn A
     
         if (status & GNUTLS_CERT_REVOKED)
             reason = "The certificate has been revoked.";
-    
+
+#ifndef GNUTLS_1_0_COMPAT
         if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
             reason = "The certificate uses an insecure algorithm";
+#endif
     
         error (NULL, VIR_ERR_RPC, reason);
         return -1;
/*
 * gnutls_1_0_compat.h: GnuTLS 1.0 compatibility
 *
 * Copyright (C) 2007 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
 *
 * Author: Richard W.M. Jones <rjones redhat com>
 */

#ifndef LIBVIRT_GNUTLS_1_0_COMPAT_H__

#include "config.h"

#ifdef GNUTLS_1_0_COMPAT
#define gnutls_session_t                 gnutls_session
#define gnutls_x509_crt_t                gnutls_x509_crt
#define gnutls_dh_params_t               gnutls_dh_params
#define gnutls_transport_ptr_t           gnutls_transport_ptr
#define gnutls_datum_t                   gnutls_datum
#define gnutls_certificate_credentials_t gnutls_certificate_credentials
#endif

#endif /* LIBVIRT_GNUTLS_1_0_COMPAT_H__ */

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]