On Wed, Apr 20, 2022 at 7:43 PM Paolo Bonzini <pbonzini@redhat.com> wrote:

> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>


> ---
>  configure                     | 44 -----------------------------------
>  crypto/meson.build            |  4 +++-
>  meson.build                   | 15 +++++++++++-
>  meson_options.txt             |  2 ++
>  scripts/meson-buildoptions.sh |  3 +++
>  5 files changed, 22 insertions(+), 46 deletions(-)
>
> diff --git a/configure b/configure
> index cfd15c3518..1c74d2c5f2 100755
> --- a/configure
> +++ b/configure
> @@ -322,7 +322,6 @@ trace_file="trace"
>  coroutine=""
>  tls_priority="NORMAL"
>  plugins="$default_feature"
> -secret_keyring="$default_feature"
>  meson=""
>  meson_args=""
>  ninja=""
> @@ -1009,10 +1008,6 @@ for opt do
>    ;;
>    --gdb=*) gdb_bin="$optarg"
>    ;;
> -  --enable-keyring) secret_keyring="yes"
> -  ;;
> -  --disable-keyring) secret_keyring="no"
> -  ;;
>    --enable-gio) gio=yes
>    ;;
>    --disable-gio) gio=no
> @@ -2440,41 +2435,6 @@ case "$slirp" in
>      ;;
>  esac
>
> -##########################################
> -# check for usable __NR_keyctl syscall
> -
> -if test "$linux" = "yes" ; then
> -
> -    have_keyring=no
> -    cat > $TMPC << EOF
> -#include <errno.h>
> -#include <asm/unistd.h>
> -#include <linux/keyctl.h>
> -#include <unistd.h>
> -int main(void) {
> -    return syscall(__NR_keyctl, KEYCTL_READ, 0, NULL, NULL, 0);
> -}
> -EOF
> -    if compile_prog "" "" ; then
> -        have_keyring=yes
> -    fi
> -fi
> -if test "$secret_keyring" != "no"
> -then
> -    if test "$have_keyring" = "yes"
> -    then
> -       secret_keyring=yes
> -    else
> -       if test "$secret_keyring" = "yes"
> -       then
> -           error_exit "syscall __NR_keyctl requested, \
> -but not implemented on your system"
> -       else
> -           secret_keyring=no
> -       fi
> -    fi
> -fi
> -
>  ##########################################
>  # End of CC checks
>  # After here, no more $cc or $ld runs
> @@ -2760,10 +2720,6 @@ if test -n "$gdb_bin"; then
>      fi
>  fi
>
> -if test "$secret_keyring" = "yes" ; then
> -  echo "CONFIG_SECRET_KEYRING=y" >> $config_host_mak
> -fi
> -
>  echo "ROMS=$roms" >> $config_host_mak
>  echo "MAKE=$make" >> $config_host_mak
>  echo "PYTHON=$python" >> $config_host_mak
> diff --git a/crypto/meson.build b/crypto/meson.build
> index 19c44bea89..f065f2f277 100644
> --- a/crypto/meson.build
> +++ b/crypto/meson.build
> @@ -34,7 +34,9 @@ else
>    crypto_ss.add(files('hash-glib.c', 'hmac-glib.c', 'pbkdf-stub.c'))
>  endif
>
> -crypto_ss.add(when: 'CONFIG_SECRET_KEYRING', if_true:
> files('secret_keyring.c'))
> +if have_keyring
> +  crypto_ss.add(files('secret_keyring.c'))
> +endif
>  if have_afalg
>    crypto_ss.add(if_true: files('afalg.c', 'cipher-afalg.c',
> 'hash-afalg.c'))
>  endif
> diff --git a/meson.build b/meson.build
> index bdee186702..066bb69174 100644
> --- a/meson.build
> +++ b/meson.build
> @@ -1938,6 +1938,19 @@ config_host_data.set('CONFIG_GETAUXVAL',
> cc.links(gnu_source_prefix + '''
>      return getauxval(AT_HWCAP) == 0;
>    }'''))
>
> +have_keyring = get_option('keyring') \
> +  .require(targetos == 'linux', error_message: 'keyring is only available
> on Linux') \
> +  .require(cc.compiles('''
> +    #include <errno.h>
> +    #include <asm/unistd.h>
> +    #include <linux/keyctl.h>
> +    #include <sys/syscall.h>
> +    #include <unistd.h>
> +    int main(void) {
> +        return syscall(__NR_keyctl, KEYCTL_READ, 0, NULL, NULL, 0);
> +    }'''), error_message: 'keyctl syscall not available on this
> system').allowed()
> +config_host_data.set('CONFIG_SECRET_KEYRING', have_keyring)
> +
>  have_cpuid_h = cc.links('''
>    #include <cpuid.h>
>    int main(void) {
> @@ -3684,7 +3697,7 @@ if nettle.found()
>  endif
>  summary_info += {'AF_ALG support':    have_afalg}
>  summary_info += {'rng-none':          get_option('rng_none')}
> -summary_info += {'Linux keyring':
>  config_host.has_key('CONFIG_SECRET_KEYRING')}
> +summary_info += {'Linux keyring':     have_keyring}
>  summary(summary_info, bool_yn: true, section: 'Crypto')
>
>  # Libraries
> diff --git a/meson_options.txt b/meson_options.txt
> index c00e0866e9..d58c69315c 100644
> --- a/meson_options.txt
> +++ b/meson_options.txt
> @@ -90,6 +90,8 @@ option('avx2', type: 'feature', value: 'auto',
>         description: 'AVX2 optimizations')
>  option('avx512f', type: 'feature', value: 'disabled',
>         description: 'AVX512F optimizations')
> +option('keyring', type: 'feature', value: 'auto',
> +       description: 'Linux keyring support')
>
>  option('attr', type : 'feature', value : 'auto',
>         description: 'attr/xattr support')
> diff --git a/scripts/meson-buildoptions.sh b/scripts/meson-buildoptions.sh
> index cd922614e8..0daeb11fd3 100644
> --- a/scripts/meson-buildoptions.sh
> +++ b/scripts/meson-buildoptions.sh
> @@ -68,6 +68,7 @@ meson_options_help() {
>    printf "%s\n" '  hvf             HVF acceleration support'
>    printf "%s\n" '  iconv           Font glyph conversion support'
>    printf "%s\n" '  jack            JACK sound support'
> +  printf "%s\n" '  keyring         Linux keyring support'
>    printf "%s\n" '  kvm             KVM acceleration support'
>    printf "%s\n" '  l2tpv3          l2tpv3 network backend support'
>    printf "%s\n" '  libdaxctl       libdaxctl support'
> @@ -229,6 +230,8 @@ _meson_option_parse() {
>      --disable-install-blobs) printf "%s" -Dinstall_blobs=false ;;
>      --enable-jack) printf "%s" -Djack=enabled ;;
>      --disable-jack) printf "%s" -Djack=disabled ;;
> +    --enable-keyring) printf "%s" -Dkeyring=enabled ;;
> +    --disable-keyring) printf "%s" -Dkeyring=disabled ;;
>      --enable-kvm) printf "%s" -Dkvm=enabled ;;
>      --disable-kvm) printf "%s" -Dkvm=disabled ;;
>      --enable-l2tpv3) printf "%s" -Dl2tpv3=enabled ;;
> --
> 2.35.1
>
>
>
>

-- 
Marc-André Lureau