SHA256
1
0
forked from pool/libvirt
libvirt/suse-libvirtd-disable-tls.patch
James Fehlig 4e3b0799c4 Accepting request 1068569 from home:jfehlig:branches:Virtualization
- Update to libvirt 9.1.0
  - Many incremental improvements and bug fixes, see
    https://libvirt.org/news.html#v9-1-0-2023-03-01
  - spec: Remove obsolete Groups tag
  - spec: Integrate upstream spec file changes that split the
    libvirt-daemon package, allowing more modular, customized
    installations
  - spec: New subpackages libvirt-daemon-common, libvirt-daemon-lock,
    libvirt-daemon-log, libvirt-daemon-proxy, and
    libvirt-daemon-plugin-lockd
  - spec: Renamed subpackage libvirt-lock-sanlock to
    libvirt-daemon-plugin-sanlock
  - Dropped patches:
    ef482951-apparmor-Allow-umount-dev.patch,
    d6a8b9ee-qemu-Fix-managed-no-when-creating-ethdev.patch,
    c3f16cea-qemu-cleanup-label-on-umount-failure.patch,
    697c16e3-qemu_process-better-debug-message.patch,
    5155ab4b-qemu_namespace-nested-mounts-when-umount.patch

OBS-URL: https://build.opensuse.org/request/show/1068569
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=968
2023-03-02 00:49:27 +00:00

58 lines
2.2 KiB
Diff

From 8c89cd65098dde736ff86e90283a8728dfed96d8 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 5 Jul 2022 11:40:27 -0600
Subject: Disable TLS by default
On SUSE distros, the default is for libvirtd to listen only on the
Unix Domain Socket. The libvirt client still provides remote access
via a SSH tunnel.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
src/remote/libvirtd.conf.in | 4 ++--
src/remote/remote_daemon_config.c | 2 +-
src/remote/test_libvirtd.aug.in | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
Index: libvirt-9.1.0/src/remote/libvirtd.conf.in
===================================================================
--- libvirt-9.1.0.orig/src/remote/libvirtd.conf.in
+++ libvirt-9.1.0/src/remote/libvirtd.conf.in
@@ -19,8 +19,8 @@
# It is necessary to setup a CA and issue server certificates before
# using this capability.
#
-# This is enabled by default, uncomment this to disable it
-#listen_tls = 0
+# This is disabled by default, uncomment this to enable it
+#listen_tls = 1
# Listen for unencrypted TCP connections on the public TCP/IP port.
#
Index: libvirt-9.1.0/src/remote/remote_daemon_config.c
===================================================================
--- libvirt-9.1.0.orig/src/remote/remote_daemon_config.c
+++ libvirt-9.1.0/src/remote/remote_daemon_config.c
@@ -95,7 +95,7 @@ daemonConfigNew(bool privileged G_GNUC_U
#ifdef WITH_IP
# ifdef LIBVIRTD
- data->listen_tls = true; /* Only honoured if --listen is set */
+ data->listen_tls = false; /* Only honoured if --listen is set */
# else /* ! LIBVIRTD */
data->listen_tls = false; /* Always honoured, --listen doesn't exist. */
# endif /* ! LIBVIRTD */
Index: libvirt-9.1.0/src/remote/test_libvirtd.aug.in
===================================================================
--- libvirt-9.1.0.orig/src/remote/test_libvirtd.aug.in
+++ libvirt-9.1.0/src/remote/test_libvirtd.aug.in
@@ -3,7 +3,7 @@ module Test_@DAEMON_NAME@ =
test @DAEMON_NAME_UC@.lns get conf =
@CUT_ENABLE_IP@
- { "listen_tls" = "0" }
+ { "listen_tls" = "1" }
{ "listen_tcp" = "1" }
{ "tls_port" = "16514" }
{ "tcp_port" = "16509" }