]>
Commit | Line | Data |
---|---|---|
927caa3c JR |
1 | diff -ur libvirt-8.4.0/docs/auth.rst libvirt-8.4.0-sasl/docs/auth.rst |
2 | --- libvirt-8.4.0/docs/auth.rst 2022-06-01 09:28:24.000000000 +0200 | |
3 | +++ libvirt-8.4.0-sasl/docs/auth.rst 2022-06-19 22:04:15.902929541 +0200 | |
4 | @@ -225,7 +225,7 @@ | |
72b1baa0 | 5 | |
927caa3c JR |
6 | Since the libvirt SASL config file defaults to using ``GSSAPI`` (Kerberos), a |
7 | config change is required to enable plain password auth. This is done by | |
8 | -editing ``/etc/sasl2/libvirt.conf`` to set the ``mech_list`` | |
9 | +editing ``/etc/sasl/libvirt.conf`` to set the ``mech_list`` | |
10 | parameter to ``scram-sha-256``. | |
11 | ||
12 | **Note:** previous versions of libvirt suggested ``DIGEST-MD5`` and | |
cf08a5bf JB |
13 | --- libvirt-9.10.0/libvirt.spec.orig 2024-04-05 22:06:11.920080254 +0200 |
14 | +++ libvirt-9.10.0/libvirt.spec 2024-04-05 22:10:45.821929734 +0200 | |
15 | @@ -1980,7 +1980,7 @@ exit 0 | |
16 | %files daemon-common | |
17 | %{_unitdir}/virt-guest-shutdown.target | |
18 | %{_unitdir}/libvirt-guests.service | |
927caa3c JR |
19 | -%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf |
20 | +%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf | |
cf08a5bf JB |
21 | %dir %{_datadir}/libvirt/ |
22 | %ghost %dir %{_rundir}/libvirt/ | |
23 | %ghost %dir %{_rundir}/libvirt/common/ | |
24 | --- libvirt-9.10.0/libvirt.spec.in.orig 2024-04-05 22:06:11.953413407 +0200 | |
25 | +++ libvirt-9.10.0/libvirt.spec.in 2024-04-05 22:10:58.908525504 +0200 | |
26 | @@ -1980,7 +1980,7 @@ exit 0 | |
27 | %files daemon-common | |
28 | %{_unitdir}/virt-guest-shutdown.target | |
29 | %{_unitdir}/libvirt-guests.service | |
927caa3c JR |
30 | -%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf |
31 | +%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf | |
cf08a5bf JB |
32 | %dir %{_datadir}/libvirt/ |
33 | %ghost %dir %{_rundir}/libvirt/ | |
34 | %ghost %dir %{_rundir}/libvirt/common/ | |
927caa3c JR |
35 | diff -ur libvirt-8.4.0/src/qemu/qemu.conf.in libvirt-8.4.0-sasl/src/qemu/qemu.conf.in |
36 | --- libvirt-8.4.0/src/qemu/qemu.conf.in 2022-06-01 09:28:24.000000000 +0200 | |
37 | +++ libvirt-8.4.0-sasl/src/qemu/qemu.conf.in 2022-06-19 22:04:16.306265553 +0200 | |
38 | @@ -141,18 +141,18 @@ | |
72b1baa0 JR |
39 | # Examples include vinagre, virt-viewer and virt-manager |
40 | # itself. UltraVNC, RealVNC, TightVNC do not support this | |
41 | # | |
42 | -# It is necessary to configure /etc/sasl2/qemu.conf to choose | |
43 | +# It is necessary to configure /etc/sasl/qemu.conf to choose | |
44 | # the desired SASL plugin (eg, GSSPI for Kerberos) | |
45 | # | |
bf3e9ac8 | 46 | #vnc_sasl = 1 |
72b1baa0 JR |
47 | |
48 | ||
49 | -# The default SASL configuration file is located in /etc/sasl2/ | |
50 | +# The default SASL configuration file is located in /etc/sasl/ | |
51 | # When running libvirtd unprivileged, it may be desirable to | |
52 | # override the configs in this location. Set this parameter to | |
53 | # point to the directory, and create a qemu.conf in that location | |
54 | # | |
bf3e9ac8 JB |
55 | -#vnc_sasl_dir = "/some/directory/sasl2" |
56 | +#vnc_sasl_dir = "/some/directory/sasl" | |
72b1baa0 JR |
57 | |
58 | ||
bf3e9ac8 | 59 | # QEMU implements an extension for providing audio over a VNC connection, |
927caa3c | 60 | @@ -217,17 +217,17 @@ |
875b1e77 KM |
61 | # Enable use of SASL encryption on the SPICE server. This requires |
62 | # a SPICE client which supports the SASL protocol extension. | |
63 | # | |
64 | -# It is necessary to configure /etc/sasl2/qemu.conf to choose | |
65 | +# It is necessary to configure /etc/sasl/qemu.conf to choose | |
66 | # the desired SASL plugin (eg, GSSPI for Kerberos) | |
67 | # | |
68 | #spice_sasl = 1 | |
69 | ||
70 | -# The default SASL configuration file is located in /etc/sasl2/ | |
71 | +# The default SASL configuration file is located in /etc/sasl/ | |
72 | # When running libvirtd unprivileged, it may be desirable to | |
73 | # override the configs in this location. Set this parameter to | |
74 | # point to the directory, and create a qemu.conf in that location | |
75 | # | |
76 | -#spice_sasl_dir = "/some/directory/sasl2" | |
77 | +#spice_sasl_dir = "/some/directory/sasl" | |
78 | ||
79 | # Enable use of TLS encryption on the chardev TCP transports. | |
80 | # | |
927caa3c JR |
81 | diff -ur libvirt-8.4.0/src/qemu/test_libvirtd_qemu.aug.in libvirt-8.4.0-sasl/src/qemu/test_libvirtd_qemu.aug.in |
82 | --- libvirt-8.4.0/src/qemu/test_libvirtd_qemu.aug.in 2022-06-01 09:28:24.000000000 +0200 | |
83 | +++ libvirt-8.4.0-sasl/src/qemu/test_libvirtd_qemu.aug.in 2022-06-19 22:04:16.336265751 +0200 | |
84 | @@ -13,7 +13,7 @@ | |
85 | { "vnc_tls_x509_verify" = "1" } | |
86 | { "vnc_password" = "XYZ12345" } | |
87 | { "vnc_sasl" = "1" } | |
88 | -{ "vnc_sasl_dir" = "/some/directory/sasl2" } | |
89 | +{ "vnc_sasl_dir" = "/some/directory/sasl" } | |
90 | { "vnc_allow_host_audio" = "0" } | |
91 | { "spice_listen" = "0.0.0.0" } | |
92 | { "spice_tls" = "1" } | |
93 | @@ -21,7 +21,7 @@ | |
94 | { "spice_auto_unix_socket" = "1" } | |
95 | { "spice_password" = "XYZ12345" } | |
96 | { "spice_sasl" = "1" } | |
97 | -{ "spice_sasl_dir" = "/some/directory/sasl2" } | |
98 | +{ "spice_sasl_dir" = "/some/directory/sasl" } | |
99 | { "chardev_tls" = "1" } | |
100 | { "chardev_tls_x509_cert_dir" = "/etc/pki/libvirt-chardev" } | |
101 | { "chardev_tls_x509_verify" = "1" } | |
102 | diff -ur libvirt-8.4.0/src/remote/libvirtd.conf.in libvirt-8.4.0-sasl/src/remote/libvirtd.conf.in | |
103 | --- libvirt-8.4.0/src/remote/libvirtd.conf.in 2022-06-01 09:28:24.000000000 +0200 | |
104 | +++ libvirt-8.4.0-sasl/src/remote/libvirtd.conf.in 2022-06-19 22:04:16.336265751 +0200 | |
105 | @@ -136,7 +136,7 @@ | |
106 | # the network providing auth (eg, TLS/x509 certificates) | |
107 | # | |
108 | # - sasl: use SASL infrastructure. The actual auth scheme is then | |
109 | -# controlled from @sysconfdir@/sasl2/libvirt.conf. For the TCP | |
110 | +# controlled from @sysconfdir@/sasl/libvirt.conf. For the TCP | |
111 | # socket only GSSAPI & DIGEST-MD5 mechanisms will be used. | |
112 | # For non-TCP or TLS sockets, any scheme is allowed. | |
113 | # | |
114 | @@ -186,7 +186,7 @@ | |
115 | # If you don't enable SASL, then all TCP traffic is cleartext. | |
116 | # Don't do this outside of a dev/test scenario. For real world | |
117 | # use, always enable SASL and use the GSSAPI or DIGEST-MD5 | |
118 | -# mechanism in @sysconfdir@/sasl2/libvirt.conf | |
119 | +# mechanism in @sysconfdir@/sasl/libvirt.conf | |
120 | #auth_tcp = "sasl" | |
121 | ||
122 | # Change the authentication scheme for TLS sockets. | |
123 | diff -ur libvirt-8.4.0/src/remote/meson.build libvirt-8.4.0-sasl/src/remote/meson.build | |
124 | --- libvirt-8.4.0/src/remote/meson.build 2022-06-01 09:28:24.000000000 +0200 | |
125 | +++ libvirt-8.4.0-sasl/src/remote/meson.build 2022-06-19 22:04:16.336265751 +0200 | |
126 | @@ -302,7 +302,7 @@ | |
127 | if conf.has('WITH_SASL') | |
128 | install_data( | |
129 | 'libvirtd.sasl', | |
130 | - install_dir: sysconfdir / 'sasl2', | |
131 | + install_dir: sysconfdir / 'sasl', | |
132 | rename: [ 'libvirt.conf' ], | |
133 | ) | |
134 | endif | |
cf08a5bf JB |
135 | --- libvirt-9.10.0/tests/qemuxml2argvdata/graphics-spice-sasl.x86_64-latest.args.orig 2024-04-05 22:06:12.593409940 +0200 |
136 | +++ libvirt-9.10.0/tests/qemuxml2argvdata/graphics-spice-sasl.x86_64-latest.args 2024-04-05 22:13:33.401021880 +0200 | |
137 | @@ -6,7 +6,7 @@ LOGNAME=test \ | |
138 | XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.local/share \ | |
139 | XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.cache \ | |
140 | XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ | |
141 | -SASL_CONF_PATH=/etc/sasl2 \ | |
142 | +SASL_CONF_PATH=/etc/sasl \ | |
927caa3c JR |
143 | /usr/bin/qemu-system-x86_64 \ |
144 | -name guest=QEMUGuest1,debug-threads=on \ | |
145 | -S \ | |
cf08a5bf JB |
146 | --- libvirt-9.10.0/tests/qemuxml2argvdata/graphics-vnc-sasl.x86_64-latest.args.orig 2024-04-05 22:06:12.796742172 +0200 |
147 | +++ libvirt-9.10.0/tests/qemuxml2argvdata/graphics-vnc-sasl.x86_64-latest.args 2024-04-05 22:13:53.787578103 +0200 | |
148 | @@ -6,7 +6,7 @@ LOGNAME=test \ | |
149 | XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.local/share \ | |
150 | XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.cache \ | |
151 | XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ | |
152 | -SASL_CONF_PATH=/etc/sasl2 \ | |
153 | +SASL_CONF_PATH=/etc/sasl \ | |
927caa3c JR |
154 | /usr/bin/qemu-system-x86_64 \ |
155 | -name guest=QEMUGuest1,debug-threads=on \ | |
156 | -S \ | |
cf08a5bf JB |
157 | --- libvirt-9.10.0/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-5.2.0.args.orig 2024-04-05 22:06:12.800075487 +0200 |
158 | +++ libvirt-9.10.0/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-5.2.0.args 2024-04-05 22:14:10.387488174 +0200 | |
159 | @@ -6,7 +6,7 @@ LOGNAME=test \ | |
160 | XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.local/share \ | |
161 | XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.cache \ | |
162 | XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ | |
163 | -SASL_CONF_PATH=/etc/sasl2 \ | |
164 | +SASL_CONF_PATH=/etc/sasl \ | |
927caa3c JR |
165 | /usr/bin/qemu-system-x86_64 \ |
166 | -name guest=QEMUGuest1,debug-threads=on \ | |
167 | -S \ | |
cf08a5bf JB |
168 | --- libvirt-9.10.0/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-latest.args.orig 2024-04-05 22:06:12.843408586 +0200 |
169 | +++ libvirt-9.10.0/tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-latest.args 2024-04-05 22:14:23.584083348 +0200 | |
170 | @@ -6,7 +6,7 @@ LOGNAME=test \ | |
171 | XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.local/share \ | |
172 | XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.cache \ | |
173 | XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ | |
174 | -SASL_CONF_PATH=/etc/sasl2 \ | |
175 | +SASL_CONF_PATH=/etc/sasl \ | |
927caa3c JR |
176 | /usr/bin/qemu-system-x86_64 \ |
177 | -name guest=QEMUGuest1,debug-threads=on \ | |
178 | -S \ | |
cf08a5bf JB |
179 | --- libvirt-9.10.0/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-latest.args.orig 2024-04-05 22:06:12.853408531 +0200 |
180 | +++ libvirt-9.10.0/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-latest.args 2024-04-05 22:14:38.737334590 +0200 | |
181 | @@ -6,7 +6,7 @@ LOGNAME=test \ | |
182 | XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.local/share \ | |
183 | XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.cache \ | |
184 | XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \ | |
185 | -SASL_CONF_PATH=/etc/sasl2 \ | |
186 | +SASL_CONF_PATH=/etc/sasl \ | |
927caa3c JR |
187 | /usr/bin/qemu-system-x86_64 \ |
188 | -name guest=QEMUGuest1,debug-threads=on \ | |
189 | -S \ | |
927caa3c JR |
190 | diff -ur libvirt-8.4.0/tests/virconfdata/libvirtd.conf libvirt-8.4.0-sasl/tests/virconfdata/libvirtd.conf |
191 | --- libvirt-8.4.0/tests/virconfdata/libvirtd.conf 2022-06-01 09:28:24.000000000 +0200 | |
192 | +++ libvirt-8.4.0-sasl/tests/virconfdata/libvirtd.conf 2022-06-19 22:04:16.999603490 +0200 | |
875b1e77 | 193 | @@ -91,7 +91,7 @@ |
72b1baa0 JR |
194 | # the network providing auth (eg, TLS/x509 certificates) |
195 | # | |
196 | # - sasl: use SASL infrastructure. The actual auth scheme is then | |
197 | -# controlled from /etc/sasl2/libvirt.conf. For the TCP | |
198 | +# controlled from /etc/sasl/libvirt.conf. For the TCP | |
199 | # socket only GSSAPI & DIGEST-MD5 mechanisms will be used. | |
200 | # For non-TCP or TLS sockets, any scheme is allowed. | |
201 | # | |
875b1e77 | 202 | @@ -122,7 +122,7 @@ |
72b1baa0 JR |
203 | # If you don't enable SASL, then all TCP traffic is cleartext. |
204 | # Don't do this outside of a dev/test scenario. For real world | |
205 | # use, always enable SASL and use the GSSAPI or DIGEST-MD5 | |
206 | -# mechanism in /etc/sasl2/libvirt.conf | |
207 | +# mechanism in /etc/sasl/libvirt.conf | |
208 | auth_tcp = "sasl" | |
209 | ||
210 | # Change the authentication scheme for TLS sockets. | |
927caa3c JR |
211 | diff -ur libvirt-8.4.0/tests/virconfdata/libvirtd.out libvirt-8.4.0-sasl/tests/virconfdata/libvirtd.out |
212 | --- libvirt-8.4.0/tests/virconfdata/libvirtd.out 2022-06-01 09:28:24.000000000 +0200 | |
213 | +++ libvirt-8.4.0-sasl/tests/virconfdata/libvirtd.out 2022-06-19 22:04:16.999603490 +0200 | |
875b1e77 | 214 | @@ -73,7 +73,7 @@ |
72b1baa0 JR |
215 | # the network providing auth (eg, TLS/x509 certificates) |
216 | # | |
217 | # - sasl: use SASL infrastructure. The actual auth scheme is then | |
218 | -# controlled from /etc/sasl2/libvirt.conf. For the TCP | |
219 | +# controlled from /etc/sasl/libvirt.conf. For the TCP | |
220 | # socket only GSSAPI & DIGEST-MD5 mechanisms will be used. | |
221 | # For non-TCP or TLS sockets, any scheme is allowed. | |
222 | # | |
875b1e77 | 223 | @@ -102,7 +102,7 @@ |
72b1baa0 JR |
224 | # If you don't enable SASL, then all TCP traffic is cleartext. |
225 | # Don't do this outside of a dev/test scenario. For real world | |
226 | # use, always enable SASL and use the GSSAPI or DIGEST-MD5 | |
227 | -# mechanism in /etc/sasl2/libvirt.conf | |
228 | +# mechanism in /etc/sasl/libvirt.conf | |
229 | auth_tcp = "sasl" | |
230 | # Change the authentication scheme for TLS sockets. | |
231 | # |