[lxc-devel] [PATCH 1/1] lxc_create: prepend pretty header to config file

Daniel P. Berrange berrange at redhat.com
Fri Jul 12 15:49:33 UTC 2013 

On Fri, Jul 12, 2013 at 10:27:14AM -0500, Serge Hallyn wrote:
> Quoting Stéphane Graber (stgraber at ubuntu.com):
> > On Thu, Jul 11, 2013 at 11:51:25PM -0500, Serge Hallyn wrote:
> > > Define a sha1sum_file() function in utils.c (which requires configure.ac
> > > to check for -lcrypto and -lssl).  Use that in lxcapi_create to write out
> > > the sha1sum of the template being used.
> > > 
> > > Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> > > ---
> > >  configure.ac           |    2 +
> > >  src/lxc/Makefile.am    |    2 +-
> > >  src/lxc/lxccontainer.c |  109 ++++++++++++++++++++++++++++++++++++++++++++++--
> > >  src/lxc/utils.c        |   36 ++++++++++++++++
> > >  src/lxc/utils.h        |    2 +
> > >  5 files changed, 146 insertions(+), 5 deletions(-)
> > 
> > Does the LXC license allow linking to OpenSSL?
> > 
> > Specifically we need the following bit in the license:
> >  * In addition, as a special exception, the copyright holders give
> >  * permission to link the code of portions of this program with the
> >  * OpenSSL library under certain conditions as described in each
> >  * individual source file, and distribute linked combinations
> >  * including the two.
> >  * You must obey the GNU General Public License in all respects
> >  * for all of the code used other than OpenSSL.  If you modify
> >  * file(s) with this exception, you may extend this exception to your
> >  * version of the file(s), but you are not obligated to do so.  If you
> >  * do not wish to do so, delete this exception statement from your
> >  * version.  If you delete this exception statement from all source
> >  * files in the program, then also delete it here.
> > 
> > Details: https://people.gnome.org/~markmc/openssl-and-the-gpl.html
> 
> (&$%(*$(%)**(^#($)(*#
> 
> Ok, so as you suggested in irc (thanks) we could use gnutls.  But I
> also like the idea of just grabbing lib/sha1.c from coreutils (which
> is under gpl) which is what is used by sha1sum, which we used before
> in the lxc-create script.  It looks like much simpler usage, and less
> dependencies.
> 
> Any objections?

Copy+pasting code for encryption algorithms is really not nice.
It means that instead of distributors of your package being able
to rely on the fact 'gnutls' is (eg) FIPS certified, they now have
to explicitly certify the copy of the code in your package too :-(

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the lxc-devel mailing list