From: Thomas Huth <thuth@redhat.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>, qemu-devel@nongnu.org
Cc: "Willian Rampazzo" <willianr@redhat.com>,
"Stefan Weil" <sw@weilnetz.de>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Philippe Mathieu-Daudé" <f4bug@amsat.org>,
"Wainer dos Santos Moschetta" <wainersm@redhat.com>
Subject: Re: [PATCH v2 05/12] crypto: bump min gcrypt to 1.8.0, dropping RHEL-7 support
Date: Fri, 14 May 2021 14:23:49 +0200 [thread overview]
Message-ID: <ac161007-8b05-fa5e-2f8d-d757f91f1fde@redhat.com> (raw)
In-Reply-To: <20210514120415.1368922-6-berrange@redhat.com>
On 14/05/2021 14.04, Daniel P. Berrangé wrote:
> It has been over two years since RHEL-8 was released, and thus per the
> platform build policy, we no longer need to support RHEL-7 as a build
> target. This lets us increment the minimum required gcrypt version and
> assume that HMAC is always supported
>
> Per repology, current shipping versions are:
>
> RHEL-8: 1.8.5
> Debian Buster: 1.8.4
> openSUSE Leap 15.2: 1.8.2
> Ubuntu LTS 18.04: 1.8.1
> Ubuntu LTS 20.04: 1.8.5
> FreeBSD: 1.9.2
> Fedora 33: 1.8.6
> Fedora 34: 1.9.3
> OpenBSD: 1.9.3
> macOS HomeBrew: 1.9.3
>
> Ubuntu LTS 18.04 has the oldest version and so 1.8.0 is the new minimum.
Maybe add a note why 1.8.0 and not 1.8.1 ? (if I see it correctly, the
configure script does not check for the third digit?)
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
> .gitlab-ci.yml | 10 ----------
> configure | 18 +-----------------
> crypto/meson.build | 6 +-----
> 3 files changed, 2 insertions(+), 32 deletions(-)
>
> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
> index f012b16b79..f44c5b08ef 100644
> --- a/.gitlab-ci.yml
> +++ b/.gitlab-ci.yml
> @@ -707,16 +707,6 @@ build-coroutine-sigaltstack:
> #
> # These jobs test old gcrypt and nettle from RHEL7
> # which had some API differences.
> -crypto-old-gcrypt:
> - <<: *native_build_job_definition
> - needs:
> - job: amd64-centos7-container
> - variables:
> - IMAGE: centos7
> - TARGETS: x86_64-softmmu x86_64-linux-user
> - CONFIGURE_ARGS: --disable-nettle --enable-gcrypt
> - MAKE_CHECK_ARGS: check
> -
> crypto-only-gnutls:
> <<: *native_build_job_definition
> needs:
> diff --git a/configure b/configure
> index 050299290d..f077cdb9c3 100755
> --- a/configure
> +++ b/configure
> @@ -426,7 +426,6 @@ gnutls="$default_feature"
> nettle="$default_feature"
> nettle_xts="no"
> gcrypt="$default_feature"
> -gcrypt_hmac="no"
> gcrypt_xts="no"
> qemu_private_xts="yes"
> auth_pam="$default_feature"
> @@ -2849,7 +2848,7 @@ has_libgcrypt() {
> maj=`libgcrypt-config --version | awk -F . '{print $1}'`
> min=`libgcrypt-config --version | awk -F . '{print $2}'`
>
> - if test $maj != 1 || test $min -lt 5
> + if test $maj != 1 || test $min -lt 8
> then
> return 1
> fi
> @@ -2915,18 +2914,6 @@ if test "$gcrypt" != "no"; then
> gcrypt="yes"
> cat > $TMPC << EOF
> #include <gcrypt.h>
> -int main(void) {
> - gcry_mac_hd_t handle;
> - gcry_mac_open(&handle, GCRY_MAC_HMAC_MD5,
> - GCRY_MAC_FLAG_SECURE, NULL);
> - return 0;
> -}
> -EOF
> - if compile_prog "$gcrypt_cflags" "$gcrypt_libs" ; then
> - gcrypt_hmac=yes
> - fi
> - cat > $TMPC << EOF
> -#include <gcrypt.h>
> int main(void) {
> gcry_cipher_hd_t handle;
> gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_XTS, 0);
> @@ -5722,9 +5709,6 @@ if test "$gnutls" = "yes" ; then
> fi
> if test "$gcrypt" = "yes" ; then
> echo "CONFIG_GCRYPT=y" >> $config_host_mak
> - if test "$gcrypt_hmac" = "yes" ; then
> - echo "CONFIG_GCRYPT_HMAC=y" >> $config_host_mak
> - fi
> echo "GCRYPT_CFLAGS=$gcrypt_cflags" >> $config_host_mak
> echo "GCRYPT_LIBS=$gcrypt_libs" >> $config_host_mak
> fi
> diff --git a/crypto/meson.build b/crypto/meson.build
> index 7f37b5d335..af7e80c6f6 100644
> --- a/crypto/meson.build
> +++ b/crypto/meson.build
> @@ -26,11 +26,7 @@ if 'CONFIG_NETTLE' in config_host
> crypto_ss.add(files('hash-nettle.c', 'hmac-nettle.c', 'pbkdf-nettle.c'))
> elif 'CONFIG_GCRYPT' in config_host
> crypto_ss.add(files('hash-gcrypt.c', 'pbkdf-gcrypt.c'))
> - if 'CONFIG_GCRYPT_HMAC' in config_host
> - crypto_ss.add(files('hmac-gcrypt.c'))
> - else
> - crypto_ss.add(files('hmac-glib.c'))
> - endif
> + crypto_ss.add(files('hmac-gcrypt.c'))
>
I think you could also add it to the previous line (as it is done with
nettle) instead of adding it in a separate line. But well, that's just
cosmetics, so either way:
Reviewed-by: Thomas Huth <thuth@redhat.com>
next prev parent reply other threads:[~2021-05-14 12:29 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-14 12:04 [PATCH v2 00/12] Wave goodbye to RHEL 7 vintage distros Daniel P. Berrangé
2021-05-14 12:04 ` [PATCH v2 01/12] gitlab: drop linux user build job for CentOS 7 Daniel P. Berrangé
2021-05-14 12:13 ` Thomas Huth
2021-05-14 16:47 ` Willian Rampazzo
2021-05-27 15:58 ` Philippe Mathieu-Daudé
2021-05-14 12:04 ` [PATCH v2 02/12] patchew: move quick build job from CentOS 7 to CentOS 8 container Daniel P. Berrangé
2021-05-14 12:18 ` Thomas Huth
2021-05-14 16:46 ` Willian Rampazzo
2021-05-14 12:04 ` [PATCH v2 03/12] crypto: bump min nettle to 3.4, dropping RHEL-7 support Daniel P. Berrangé
2021-05-14 12:19 ` Thomas Huth
2021-05-14 16:48 ` Willian Rampazzo
2021-05-14 12:04 ` [PATCH v2 04/12] crypto: drop back compatibility typedefs for nettle Daniel P. Berrangé
2021-05-14 16:51 ` Willian Rampazzo
2021-05-14 12:04 ` [PATCH v2 05/12] crypto: bump min gcrypt to 1.8.0, dropping RHEL-7 support Daniel P. Berrangé
2021-05-14 12:23 ` Thomas Huth [this message]
2021-05-14 12:04 ` [PATCH v2 06/12] crypto: bump min gnutls to 3.5.18, " Daniel P. Berrangé
2021-05-14 12:27 ` Thomas Huth
2021-05-14 16:52 ` Willian Rampazzo
2021-05-14 12:04 ` [PATCH v2 07/12] crypto: drop used conditional check Daniel P. Berrangé
2021-05-14 12:04 ` [PATCH v2 08/12] tests/vm: convert centos VM recipe to CentOS 8 Daniel P. Berrangé
2021-05-14 17:31 ` Willian Rampazzo
2021-05-17 9:03 ` Daniel P. Berrangé
2021-05-14 12:04 ` [PATCH v2 09/12] tests/docker: drop CentOS 7 container Daniel P. Berrangé
2021-05-14 12:04 ` [PATCH v2 10/12] configure: bump min required glib version to 2.56 Daniel P. Berrangé
2021-05-14 12:29 ` Thomas Huth
2021-05-14 17:34 ` Willian Rampazzo
2021-05-14 12:04 ` [PATCH v2 11/12] configure: bump min required GCC to 7.5.0 Daniel P. Berrangé
2021-05-14 12:29 ` Thomas Huth
2021-05-14 17:35 ` Willian Rampazzo
2021-05-14 12:04 ` [PATCH v2 12/12] configure: bump min required CLang to 6.0 / XCode 10.0 Daniel P. Berrangé
2021-05-14 12:29 ` Philippe Mathieu-Daudé
2021-05-14 17:36 ` Willian Rampazzo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ac161007-8b05-fa5e-2f8d-d757f91f1fde@redhat.com \
--to=thuth@redhat.com \
--cc=alex.bennee@linaro.org \
--cc=berrange@redhat.com \
--cc=f4bug@amsat.org \
--cc=qemu-devel@nongnu.org \
--cc=sw@weilnetz.de \
--cc=wainersm@redhat.com \
--cc=willianr@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).