On Tue, May 14, 2019 at 12:16:30PM -0700, Richard Henderson wrote: > For user-only, we require only the random number bits of the > crypto subsystem. > > We need to preserve --static linking, which for many recent Linux > distributions precludes using GnuTLS or GCrypt. Instead, use our > random-platform module unconditionally.
I don't think we need to special case in this way. Today if you do a default build with all targets & tools and want to use --static, but don't have static libs available for some things you can achieve that ./configure --static --disable-gnutls --disable-gcrypt --disable-nettle Previously if you took care to disable system emulators & tools you could avoid the need to pass the --disable-* args, but I think that's fairly minor. So I think we should just use $(crypto-obj-y) unconditionally in the user emulators, and get rid of crypto-aes-obj-y too. This will give a consistent crypto story across all the things we build with no special cases. If people want a minimal static build they can stsill pass the above --disable-XXX args which will result in them only using the aes.o and rng-platform.o pieces. > > Signed-off-by: Richard Henderson <richard.hender...@linaro.org> > --- > Makefile | 6 ++++-- > Makefile.objs | 1 + > Makefile.target | 3 ++- > crypto/Makefile.objs | 1 + > 4 files changed, 8 insertions(+), 3 deletions(-) > > diff --git a/Makefile b/Makefile > index 66d5c65156..524f2f8a57 100644 > --- a/Makefile > +++ b/Makefile > @@ -411,6 +411,7 @@ dummy := $(call unnest-vars,, \ > block-obj-m \ > crypto-obj-y \ > crypto-aes-obj-y \ > + crypto-rng-obj-y \ > qom-obj-y \ > io-obj-y \ > common-obj-y \ > @@ -482,8 +483,9 @@ subdir-capstone: .git-submodule-status > subdir-slirp: .git-submodule-status > $(call quiet-command,$(MAKE) -C $(SRC_PATH)/slirp > BUILD_DIR="$(BUILD_DIR)/slirp" CC="$(CC)" AR="$(AR)" LD="$(LD)" > RANLIB="$(RANLIB)" CFLAGS="$(QEMU_CFLAGS) $(CFLAGS)" LDFLAGS="$(LDFLAGS)") > > -$(SUBDIR_RULES): libqemuutil.a $(common-obj-y) $(chardev-obj-y) \ > - $(qom-obj-y) $(crypto-aes-obj-$(CONFIG_USER_ONLY)) > +$(SUBDIR_RULES): libqemuutil.a $(common-obj-y) $(chardev-obj-y) $(qom-obj-y) > \ > + $(crypto-aes-obj-$(CONFIG_USER_ONLY)) \ > + $(crypto-rng-obj-$(CONFIG_USER_ONLY)) > > ROMSUBDIR_RULES=$(patsubst %,romsubdir-%, $(ROMS)) > # Only keep -O and -g cflags > diff --git a/Makefile.objs b/Makefile.objs > index cf065de5ed..0c13ff47ea 100644 > --- a/Makefile.objs > +++ b/Makefile.objs > @@ -26,6 +26,7 @@ block-obj-m = block/ > > crypto-obj-y = crypto/ > crypto-aes-obj-y = crypto/ > +crypto-rng-obj-y = crypto/ > > ####################################################################### > # qom-obj-y is code used by both qemu system emulation and qemu-img > diff --git a/Makefile.target b/Makefile.target > index ae02495951..4e579a0a84 100644 > --- a/Makefile.target > +++ b/Makefile.target > @@ -181,6 +181,7 @@ dummy := $(call unnest-vars,.., \ > chardev-obj-y \ > crypto-obj-y \ > crypto-aes-obj-y \ > + crypto-rng-obj-y \ > qom-obj-y \ > io-obj-y \ > common-obj-y \ > @@ -189,7 +190,7 @@ all-obj-y += $(common-obj-y) > all-obj-y += $(qom-obj-y) > all-obj-$(CONFIG_SOFTMMU) += $(authz-obj-y) > all-obj-$(CONFIG_SOFTMMU) += $(block-obj-y) $(chardev-obj-y) > -all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y) > +all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y) $(crypto-rng-obj-y) > all-obj-$(CONFIG_SOFTMMU) += $(crypto-obj-y) > all-obj-$(CONFIG_SOFTMMU) += $(io-obj-y) > > diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs > index 256c9aca1f..ee7e628ca6 100644 > --- a/crypto/Makefile.objs > +++ b/crypto/Makefile.objs > @@ -37,5 +37,6 @@ crypto-obj-y += block-luks.o > > # Let the userspace emulators avoid linking gnutls/etc > crypto-aes-obj-y = aes.o > +crypto-rng-obj-y = random-platform.o > > stub-obj-y += pbkdf-stub.o > -- > 2.17.1 > > Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|