Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 749825 - app-emulation/libvirt: add gnutls TLS policy support
Summary: app-emulation/libvirt: add gnutls TLS policy support
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Matthias Maier
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-17 20:44 UTC by Vjaceslavs Klimovs
Modified: 2020-12-25 20:50 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
patch for ebuild (patch.patch,321 bytes, patch)
2020-10-17 20:46 UTC, Vjaceslavs Klimovs
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Vjaceslavs Klimovs 2020-10-17 20:44:51 UTC
Gnutls allows TLS ciphersuit configuration to be systemwide. On Gentoo, that configuration lives in /etc/gnutls/config, which is unchanged default. Apps using gnutls are encouraged to rely on centralized config, see

https://gitlab.com/libvirt/libvirt/-/issues/66

for details.

Reproducible: Always
Comment 1 Vjaceslavs Klimovs 2020-10-17 20:46:03 UTC
Created attachment 666383 [details, diff]
patch for ebuild

Attached patch allows using systemwide configuration in addition to an app specific configuration that may be deprecated in the future.
Comment 2 Vjaceslavs Klimovs 2020-10-25 19:03:43 UTC
Please see discussion in https://bugs.gentoo.org/747928 as well... for this to work properly, an ebuild needs to install /etc/gnutls/config with:

[priorities]
LIBVIRT = NORMAL

as well.
Comment 3 Matthias Maier gentoo-dev 2020-12-25 20:05:12 UTC
Anyone interested in this: Would you mind opening a pull request for the suggested changes on github?
Comment 4 Matthias Maier gentoo-dev 2020-12-25 20:50:56 UTC
(In reply to Vjaceslavs Klimovs from comment #0)
> Gnutls allows TLS ciphersuit configuration to be systemwide. On Gentoo, that
> configuration lives in /etc/gnutls/config, which is unchanged default. Apps
> using gnutls are encouraged to rely on centralized config, see
> 
> https://gitlab.com/libvirt/libvirt/-/issues/66
> 
> for details.
> 
> Reproducible: Always

I am hesitant to apply this patch.

Would you mind trying

  MYMESONARGS='-Dtls_priority="@LIBVIRT,NORMAL"' emerge -1 libvirt

If that works, you can make this change more permanent by using the portage.env facility.