1 diff -ur libvirt-8.4.0/docs/auth.rst libvirt-8.4.0-sasl/docs/auth.rst
2 --- libvirt-8.4.0/docs/auth.rst 2022-06-01 09:28:24.000000000 +0200
3 +++ libvirt-8.4.0-sasl/docs/auth.rst 2022-06-19 22:04:15.902929541 +0200
6 Since the libvirt SASL config file defaults to using ``GSSAPI`` (Kerberos), a
7 config change is required to enable plain password auth. This is done by
8 -editing ``/etc/sasl2/libvirt.conf`` to set the ``mech_list``
9 +editing ``/etc/sasl/libvirt.conf`` to set the ``mech_list``
10 parameter to ``scram-sha-256``.
12 **Note:** previous versions of libvirt suggested ``DIGEST-MD5`` and
13 --- libvirt-9.10.0/libvirt.spec.orig 2024-04-05 22:06:11.920080254 +0200
14 +++ libvirt-9.10.0/libvirt.spec 2024-04-05 22:10:45.821929734 +0200
15 @@ -1980,7 +1980,7 @@ exit 0
17 %{_unitdir}/virt-guest-shutdown.target
18 %{_unitdir}/libvirt-guests.service
19 -%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
20 +%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
21 %dir %{_datadir}/libvirt/
22 %ghost %dir %{_rundir}/libvirt/
23 %ghost %dir %{_rundir}/libvirt/common/
24 --- libvirt-9.10.0/libvirt.spec.in.orig 2024-04-05 22:06:11.953413407 +0200
25 +++ libvirt-9.10.0/libvirt.spec.in 2024-04-05 22:10:58.908525504 +0200
26 @@ -1980,7 +1980,7 @@ exit 0
28 %{_unitdir}/virt-guest-shutdown.target
29 %{_unitdir}/libvirt-guests.service
30 -%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
31 +%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
32 %dir %{_datadir}/libvirt/
33 %ghost %dir %{_rundir}/libvirt/
34 %ghost %dir %{_rundir}/libvirt/common/
35 diff -ur libvirt-8.4.0/src/qemu/qemu.conf.in libvirt-8.4.0-sasl/src/qemu/qemu.conf.in
36 --- libvirt-8.4.0/src/qemu/qemu.conf.in 2022-06-01 09:28:24.000000000 +0200
37 +++ libvirt-8.4.0-sasl/src/qemu/qemu.conf.in 2022-06-19 22:04:16.306265553 +0200
39 # Examples include vinagre, virt-viewer and virt-manager
40 # itself. UltraVNC, RealVNC, TightVNC do not support this
42 -# It is necessary to configure /etc/sasl2/qemu.conf to choose
43 +# It is necessary to configure /etc/sasl/qemu.conf to choose
44 # the desired SASL plugin (eg, GSSPI for Kerberos)
49 -# The default SASL configuration file is located in /etc/sasl2/
50 +# The default SASL configuration file is located in /etc/sasl/
51 # When running libvirtd unprivileged, it may be desirable to
52 # override the configs in this location. Set this parameter to
53 # point to the directory, and create a qemu.conf in that location
55 -#vnc_sasl_dir = "/some/directory/sasl2"
56 +#vnc_sasl_dir = "/some/directory/sasl"
59 # QEMU implements an extension for providing audio over a VNC connection,
61 # Enable use of SASL encryption on the SPICE server. This requires
62 # a SPICE client which supports the SASL protocol extension.
64 -# It is necessary to configure /etc/sasl2/qemu.conf to choose
65 +# It is necessary to configure /etc/sasl/qemu.conf to choose
66 # the desired SASL plugin (eg, GSSPI for Kerberos)
70 -# The default SASL configuration file is located in /etc/sasl2/
71 +# The default SASL configuration file is located in /etc/sasl/
72 # When running libvirtd unprivileged, it may be desirable to
73 # override the configs in this location. Set this parameter to
74 # point to the directory, and create a qemu.conf in that location
76 -#spice_sasl_dir = "/some/directory/sasl2"
77 +#spice_sasl_dir = "/some/directory/sasl"
79 # Enable use of TLS encryption on the chardev TCP transports.
81 diff -ur libvirt-8.4.0/src/qemu/test_libvirtd_qemu.aug.in libvirt-8.4.0-sasl/src/qemu/test_libvirtd_qemu.aug.in
82 --- libvirt-8.4.0/src/qemu/test_libvirtd_qemu.aug.in 2022-06-01 09:28:24.000000000 +0200
83 +++ libvirt-8.4.0-sasl/src/qemu/test_libvirtd_qemu.aug.in 2022-06-19 22:04:16.336265751 +0200
85 { "vnc_tls_x509_verify" = "1" }
86 { "vnc_password" = "XYZ12345" }
88 -{ "vnc_sasl_dir" = "/some/directory/sasl2" }
89 +{ "vnc_sasl_dir" = "/some/directory/sasl" }
90 { "vnc_allow_host_audio" = "0" }
91 { "spice_listen" = "0.0.0.0" }
94 { "spice_auto_unix_socket" = "1" }
95 { "spice_password" = "XYZ12345" }
96 { "spice_sasl" = "1" }
97 -{ "spice_sasl_dir" = "/some/directory/sasl2" }
98 +{ "spice_sasl_dir" = "/some/directory/sasl" }
99 { "chardev_tls" = "1" }
100 { "chardev_tls_x509_cert_dir" = "/etc/pki/libvirt-chardev" }
101 { "chardev_tls_x509_verify" = "1" }
102 diff -ur libvirt-8.4.0/src/remote/libvirtd.conf.in libvirt-8.4.0-sasl/src/remote/libvirtd.conf.in
103 --- libvirt-8.4.0/src/remote/libvirtd.conf.in 2022-06-01 09:28:24.000000000 +0200
104 +++ libvirt-8.4.0-sasl/src/remote/libvirtd.conf.in 2022-06-19 22:04:16.336265751 +0200
106 # the network providing auth (eg, TLS/x509 certificates)
108 # - sasl: use SASL infrastructure. The actual auth scheme is then
109 -# controlled from @sysconfdir@/sasl2/libvirt.conf. For the TCP
110 +# controlled from @sysconfdir@/sasl/libvirt.conf. For the TCP
111 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
112 # For non-TCP or TLS sockets, any scheme is allowed.
115 # If you don't enable SASL, then all TCP traffic is cleartext.
116 # Don't do this outside of a dev/test scenario. For real world
117 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
118 -# mechanism in @sysconfdir@/sasl2/libvirt.conf
119 +# mechanism in @sysconfdir@/sasl/libvirt.conf
122 # Change the authentication scheme for TLS sockets.
123 diff -ur libvirt-8.4.0/src/remote/meson.build libvirt-8.4.0-sasl/src/remote/meson.build
124 --- libvirt-8.4.0/src/remote/meson.build 2022-06-01 09:28:24.000000000 +0200
125 +++ libvirt-8.4.0-sasl/src/remote/meson.build 2022-06-19 22:04:16.336265751 +0200
127 if conf.has('WITH_SASL')
130 - install_dir: sysconfdir / 'sasl2',
131 + install_dir: sysconfdir / 'sasl',
132 rename: [ 'libvirt.conf' ],
135 --- libvirt-10.2.0/tests/qemuxmlconfdata/graphics-spice-sasl.x86_64-latest.args.orig 2024-04-05 22:06:12.593409940 +0200
136 +++ libvirt-10.2.0/tests/qemuxmlconfdata/graphics-spice-sasl.x86_64-latest.args 2024-04-05 22:13:33.401021880 +0200
137 @@ -6,7 +6,7 @@ LOGNAME=test \
138 XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.local/share \
139 XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.cache \
140 XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
141 -SASL_CONF_PATH=/etc/sasl2 \
142 +SASL_CONF_PATH=/etc/sasl \
143 /usr/bin/qemu-system-x86_64 \
144 -name guest=QEMUGuest1,debug-threads=on \
146 --- libvirt-10.2.0/tests/qemuxmlconfdata/graphics-vnc-sasl.x86_64-latest.args.orig 2024-04-05 22:06:12.796742172 +0200
147 +++ libvirt-10.2.0/tests/qemuxmlconfdata/graphics-vnc-sasl.x86_64-latest.args 2024-04-05 22:13:53.787578103 +0200
148 @@ -6,7 +6,7 @@ LOGNAME=test \
149 XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.local/share \
150 XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.cache \
151 XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
152 -SASL_CONF_PATH=/etc/sasl2 \
153 +SASL_CONF_PATH=/etc/sasl \
154 /usr/bin/qemu-system-x86_64 \
155 -name guest=QEMUGuest1,debug-threads=on \
157 --- libvirt-10.2.0/tests/qemuxmlconfdata/graphics-vnc-tls-secret.x86_64-5.2.0.args.orig 2024-04-05 22:06:12.800075487 +0200
158 +++ libvirt-10.2.0/tests/qemuxmlconfdata/graphics-vnc-tls-secret.x86_64-5.2.0.args 2024-04-05 22:14:10.387488174 +0200
159 @@ -6,7 +6,7 @@ LOGNAME=test \
160 XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.local/share \
161 XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.cache \
162 XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
163 -SASL_CONF_PATH=/etc/sasl2 \
164 +SASL_CONF_PATH=/etc/sasl \
165 /usr/bin/qemu-system-x86_64 \
166 -name guest=QEMUGuest1,debug-threads=on \
168 --- libvirt-10.2.0/tests/qemuxmlconfdata/graphics-vnc-tls-secret.x86_64-latest.args.orig 2024-04-05 22:06:12.843408586 +0200
169 +++ libvirt-10.2.0/tests/qemuxmlconfdata/graphics-vnc-tls-secret.x86_64-latest.args 2024-04-05 22:14:23.584083348 +0200
170 @@ -6,7 +6,7 @@ LOGNAME=test \
171 XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.local/share \
172 XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.cache \
173 XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
174 -SASL_CONF_PATH=/etc/sasl2 \
175 +SASL_CONF_PATH=/etc/sasl \
176 /usr/bin/qemu-system-x86_64 \
177 -name guest=QEMUGuest1,debug-threads=on \
179 --- libvirt-10.2.0/tests/qemuxmlconfdata/graphics-vnc-tls.x86_64-latest.args.orig 2024-04-05 22:06:12.853408531 +0200
180 +++ libvirt-10.2.0/tests/qemuxmlconfdata/graphics-vnc-tls.x86_64-latest.args 2024-04-05 22:14:38.737334590 +0200
181 @@ -6,7 +6,7 @@ LOGNAME=test \
182 XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.local/share \
183 XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.cache \
184 XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
185 -SASL_CONF_PATH=/etc/sasl2 \
186 +SASL_CONF_PATH=/etc/sasl \
187 /usr/bin/qemu-system-x86_64 \
188 -name guest=QEMUGuest1,debug-threads=on \
190 diff -ur libvirt-8.4.0/tests/virconfdata/libvirtd.conf libvirt-8.4.0-sasl/tests/virconfdata/libvirtd.conf
191 --- libvirt-8.4.0/tests/virconfdata/libvirtd.conf 2022-06-01 09:28:24.000000000 +0200
192 +++ libvirt-8.4.0-sasl/tests/virconfdata/libvirtd.conf 2022-06-19 22:04:16.999603490 +0200
194 # the network providing auth (eg, TLS/x509 certificates)
196 # - sasl: use SASL infrastructure. The actual auth scheme is then
197 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
198 +# controlled from /etc/sasl/libvirt.conf. For the TCP
199 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
200 # For non-TCP or TLS sockets, any scheme is allowed.
203 # If you don't enable SASL, then all TCP traffic is cleartext.
204 # Don't do this outside of a dev/test scenario. For real world
205 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
206 -# mechanism in /etc/sasl2/libvirt.conf
207 +# mechanism in /etc/sasl/libvirt.conf
210 # Change the authentication scheme for TLS sockets.
211 diff -ur libvirt-8.4.0/tests/virconfdata/libvirtd.out libvirt-8.4.0-sasl/tests/virconfdata/libvirtd.out
212 --- libvirt-8.4.0/tests/virconfdata/libvirtd.out 2022-06-01 09:28:24.000000000 +0200
213 +++ libvirt-8.4.0-sasl/tests/virconfdata/libvirtd.out 2022-06-19 22:04:16.999603490 +0200
215 # the network providing auth (eg, TLS/x509 certificates)
217 # - sasl: use SASL infrastructure. The actual auth scheme is then
218 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
219 +# controlled from /etc/sasl/libvirt.conf. For the TCP
220 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
221 # For non-TCP or TLS sockets, any scheme is allowed.
224 # If you don't enable SASL, then all TCP traffic is cleartext.
225 # Don't do this outside of a dev/test scenario. For real world
226 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
227 -# mechanism in /etc/sasl2/libvirt.conf
228 +# mechanism in /etc/sasl/libvirt.conf
230 # Change the authentication scheme for TLS sockets.