--- libvirt-0.3.3.orig/debian/compat +++ libvirt-0.3.3/debian/compat @@ -0,0 +1 @@ +5 --- libvirt-0.3.3.orig/debian/libvirt-dev.install +++ libvirt-0.3.3/debian/libvirt-dev.install @@ -0,0 +1,4 @@ +usr/lib/libvirt.so +usr/lib/libvirt.a +usr/include/* +usr/lib/pkgconfig/* --- libvirt-0.3.3.orig/debian/libvirt0.install +++ libvirt-0.3.3/debian/libvirt0.install @@ -0,0 +1,2 @@ +usr/lib/libvirt.so.* + --- libvirt-0.3.3.orig/debian/watch +++ libvirt-0.3.3/debian/watch @@ -0,0 +1,3 @@ +# format version number, currently 3; this line is compulsory! +version=3 +http://libvirt.org/sources/libvirt-([\d\.]*)\.tar\.gz --- libvirt-0.3.3.orig/debian/libvirt-bin.install +++ libvirt-0.3.3/debian/libvirt-bin.install @@ -0,0 +1,4 @@ +usr/bin/* +usr/lib/libvirt/* +usr/sbin/* +etc/libvirt/* --- libvirt-0.3.3.orig/debian/libvirt-doc.docs +++ libvirt-0.3.3/debian/libvirt-doc.docs @@ -0,0 +1 @@ +docs/* --- libvirt-0.3.3.orig/debian/python-libvirt.install +++ libvirt-0.3.3/debian/python-libvirt.install @@ -0,0 +1,2 @@ +usr/lib/python*/*/*.so +usr/lib/python*/*/*.py --- libvirt-0.3.3.orig/debian/pycompat +++ libvirt-0.3.3/debian/pycompat @@ -0,0 +1 @@ +2 --- libvirt-0.3.3.orig/debian/changelog +++ libvirt-0.3.3/debian/changelog @@ -0,0 +1,95 @@ +libvirt (0.3.3-4ubuntu2) hardy; urgency=low + + * Start libvirtd by default. + * Create libvirtd group, and have libvirtd's sockets have group ownership + "libvirtd". + + -- Soren Hansen Thu, 13 Dec 2007 15:08:29 +0100 + +libvirt (0.3.3-4ubuntu1) hardy; urgency=low + + * Fakesync with Debian. + * Reenable Xen. + + -- Soren Hansen Thu, 06 Dec 2007 13:33:13 +0100 + +libvirt (0.3.3-4) unstable; urgency=low + + * put packages into the proper sections + * fix messed up Standards-Version (Closes: #453900) + + -- Guido Guenther Sun, 02 Dec 2007 14:50:11 +0100 + +libvirt (0.3.3-3) unstable; urgency=low + + * add initscript to start libvirtd + + -- Guido Guenther Wed, 28 Nov 2007 10:30:29 +0100 + +libvirt (0.3.3-2) unstable; urgency=low + + * debian/copyright: + * update FSF address + * update upstream author and copyright information + * install the virsh manpage + * use binary:Version instead of Source-Version + + -- Guido Guenther Fri, 23 Nov 2007 22:31:26 +0100 + +libvirt (0.3.3-1) unstable; urgency=low + + * repackage for Debian (Closes: #384300) + * enable avahi + * build with qemu/kvm support + * disable xen support until #402249 is fixed + * disable qemu autonetwork for now, causes libvirtd to seqfault + * fix path to kvm + * switch off DH_VERBOSE + * thanks to the Ubuntu maintainers for their work! + + -- Guido Guenther Fri, 23 Nov 2007 01:58:56 +0100 + +libvirt (0.3.3-0ubuntu1) hardy; urgency=low + + * New upstream release. + * Update maintainer. + + -- Soren Hansen Wed, 14 Nov 2007 23:09:33 +0100 + +libvirt (0.3.0-0ubuntu2) gutsy; urgency=low + + * Add lingnutls-dev Build-Dep. + + -- Fabio M. Di Nitto Mon, 16 Jul 2007 12:10:41 +0200 + +libvirt (0.3.0-0ubuntu1) gutsy; urgency=low + + * Import new upstram release that can actually build on xen-3.1. + + -- Fabio M. Di Nitto Mon, 16 Jul 2007 10:23:04 +0200 + +libvirt (0.2.2-0ubuntu1) gutsy; urgency=low + + * Depends on libxen3.1-dev. + + -- Chuck Short Fri, 13 Jul 2007 11:04:00 -0400 + +libvirt (0.2.2-0ubuntu0) gutsy; urgency=low + + * New upstream version. + * Updated libvirt-bin.install, thanks to Marcelo Boveto Shima. + + -- Chuck Short Sun, 24 Jun 2007 09:54:54 -0400 + +libvirt (0.1.8-0ubuntu2) feisty; urgency=low + + * Rebuild for python2.5 as the default python version. + + -- Matthias Klose Fri, 12 Jan 2007 13:21:55 +0000 + +libvirt (0.1.8-0ubuntu1) feisty; urgency=low + + * Initial release + + -- Andrew Mitchell Mon, 23 Oct 2006 20:00:28 +1300 + --- libvirt-0.3.3.orig/debian/copyright +++ libvirt-0.3.3/debian/copyright @@ -0,0 +1,44 @@ +libvirt was initially debianized by Andrew Mitchell + +It was downloaded from http://libvirt.org/sources/ + +Upstream Author: + + Daniel Veillard or + +Copyright: + + 2005,2006 Red Hat, Inc + +Licenses: + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + + src/hash.c: + + Copyright (C) 2000 Bjorn Reese and Daniel Veillard. + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF + MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE AUTHORS AND + CONTRIBUTORS ACCEPT NO RESPONSIBILITY IN ANY CONCEIVABLE MANNER. + + +On Debian systems, the complete text of the GNU Lesser General +Public License can be found in `/usr/share/common-licenses/LGPL'. --- libvirt-0.3.3.orig/debian/libvirt-bin.dirs +++ libvirt-0.3.3/debian/libvirt-bin.dirs @@ -0,0 +1 @@ +/var/run/libvirt --- libvirt-0.3.3.orig/debian/libvirt-bin.manpages +++ libvirt-0.3.3/debian/libvirt-bin.manpages @@ -0,0 +1 @@ +virsh.1 --- libvirt-0.3.3.orig/debian/patches/qemu-disable-network.diff +++ libvirt-0.3.3/debian/patches/qemu-disable-network.diff @@ -0,0 +1,26 @@ +Index: libvirt/qemud/Makefile.am +=================================================================== +--- libvirt.orig/qemud/Makefile.am 2007-11-23 01:45:38.000000000 +0100 ++++ libvirt/qemud/Makefile.am 2007-11-23 01:46:42.000000000 +0100 +@@ -47,8 +47,6 @@ + mkdir -p $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart + $(INSTALL_DATA) $(srcdir)/default-network.xml $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml + sed -i -e "s,,\n $(UUID)," $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml +- test -e $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml || \ +- ln -s ../default.xml $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml + mkdir -p $(DESTDIR)$(localstatedir)/log/libvirt/qemu + mkdir -p $(DESTDIR)$(localstatedir)/run/libvirt + mkdir -p $(DESTDIR)$(localstatedir)/lib/libvirt +Index: libvirt/qemud/Makefile.in +=================================================================== +--- libvirt.orig/qemud/Makefile.in 2007-11-23 01:46:47.000000000 +0100 ++++ libvirt/qemud/Makefile.in 2007-11-23 01:47:00.000000000 +0100 +@@ -646,8 +646,6 @@ + mkdir -p $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart + $(INSTALL_DATA) $(srcdir)/default-network.xml $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml + sed -i -e "s,,\n $(UUID)," $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml +- test -e $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml || \ +- ln -s ../default.xml $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml + mkdir -p $(DESTDIR)$(localstatedir)/log/libvirt/qemu + mkdir -p $(DESTDIR)$(localstatedir)/run/libvirt + mkdir -p $(DESTDIR)$(localstatedir)/lib/libvirt --- libvirt-0.3.3.orig/debian/patches/qemu-path.diff +++ libvirt-0.3.3/debian/patches/qemu-path.diff @@ -0,0 +1,26 @@ +Index: libvirt/src/qemu_conf.c +=================================================================== +--- libvirt.orig/src/qemu_conf.c 2007-11-23 01:13:23.000000000 +0100 ++++ libvirt/src/qemu_conf.c 2007-11-23 01:13:33.000000000 +0100 +@@ -292,7 +292,7 @@ + char *path; + + if (virtType == QEMUD_VIRT_KVM) +- name = "qemu-kvm"; ++ name = "kvm"; + else + name = qemudDefaultBinaryForArch(arch); + +Index: libvirt/src/qemu_driver.c +=================================================================== +--- libvirt.orig/src/qemu_driver.c 2007-11-23 01:13:17.000000000 +0100 ++++ libvirt/src/qemu_driver.c 2007-11-23 01:13:47.000000000 +0100 +@@ -1540,7 +1540,7 @@ + r = virBufferAdd (xml, + "\ + \n\ +- /usr/bin/qemu-kvm\n\ ++ /usr/bin/kvm\n\ + \n", -1); + if (r == -1) goto vir_buffer_failed; + } --- libvirt-0.3.3.orig/debian/patches/series +++ libvirt-0.3.3/debian/patches/series @@ -0,0 +1,2 @@ +qemu-path.diff +qemu-disable-network.diff --- libvirt-0.3.3.orig/debian/control +++ libvirt-0.3.3/debian/control @@ -0,0 +1,69 @@ +Source: libvirt +Section: devel +Priority: optional +Maintainer: Ubuntu MOTU Developers +XSBC-Original-Maintainer: Guido Guenther +Build-Depends: cdbs (>= 0.4.43), debhelper (>= 5.0.38), libxml2-dev, libncurses5-dev, libreadline5-dev, zlib1g-dev, libgnutls-dev, python-all-dev (>= 2.3.5-11), python-central (>= 0.5.6), quilt, libavahi-client-dev, libxen3.1-dev +XS-Python-Version: current +Standards-Version: 3.7.2 + +Package: libvirt-bin +Architecture: any +Depends: ${shlibs:Depends} +Enhances: qemu, kvm +Section: admin +Description: the programs for the libvirt library + Libvirt is a C toolkit to interract with the virtualization capabilities + of recent versions of Linux (and other OSes). The library aims at providing + a long term stable C API for different virtualization mechanisms. It currently + supports QEMU and KVM. + . + This package contains the supporting binaries to use with libvirt + +Package: libvirt0 +Architecture: any +Section: libs +Depends: ${shlibs:Depends} +Description: library for interfacing with Xen & other virtualization systems + Libvirt is a C toolkit to interract with the virtualization capabilities + of recent versions of Linux (and other OSes). The library aims at providing + a long term stable C API for different virtualization mechanisms. It currently + supports QEMU and KVM.. + +Package: libvirt-doc +Architecture: all +Section: doc +Description: documentation for the libvirt library + Libvirt is a C toolkit to interract with the virtualization capabilities + of recent versions of Linux (and other OSes). The library aims at providing + a long term stable C API for different virtualization mechanisms. It currently + supports QEMU and KVM. + . + This package contains the documentation. + +Package: libvirt-dev +Architecture: any +Depends: libvirt0 (= ${binary:Version}) +Description: development files for the libvirt library + Libvirt is a C toolkit to interract with the virtualization capabilities + of recent versions of Linux (and other OSes). The library aims at providing + a long term stable C API for different virtualization mechanisms. It currently + supports QEMU and KVM. + . + This package contains the header files and static libraries which are + needed for developing the applications with libvirt. + +Package: python-libvirt +Architecture: any +Depends: ${shlibs:Depends}, ${python:Depends} +Provides: ${python:Provides} +Section: python +XB-Python-Version: ${python:Versions} +Description: libvirt python bindings + Libvirt is a C toolkit to interract with the virtualization capabilities + of recent versions of Linux (and other OSes). The library aims at providing + a long term stable C API for different virtualization mechanisms. It currently + supports QEMU and KVM. + . + This package contains python bindings for the libvirt library + --- libvirt-0.3.3.orig/debian/libvirt-bin.default +++ libvirt-0.3.3/debian/libvirt-bin.default @@ -0,0 +1,9 @@ +# Defaults for libvirt-bin initscript (/etc/init.d/libvirt-bin) +# This is a POSIX shell fragment + +# change to "no" to not start libvirtd on system startup +start_libvirtd="yes" + +# options passed to libvirtd +libvirtd_opts="-d" + --- libvirt-0.3.3.orig/debian/libvirt-bin.init +++ libvirt-0.3.3/debian/libvirt-bin.init @@ -0,0 +1,154 @@ +#! /bin/sh +# +# Init skript for libvirtd +# +# (c) 2007 Guido Guenther +# based on the skeletons that comes with dh_make +# +### BEGIN INIT INFO +# Provides: libvirtd +# Required-Start: $network $local_fs +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: libvirt management daemon +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/libvirtd +NAME=libvirtd +DESC="libvirt management daemon" + +test -x $DAEMON || exit 0 +. /lib/lsb/init-functions + +PIDFILE=/var/run/$NAME.pid +DODTIME=1 # Time to wait for the server to die, in seconds + +# Include libvirtd defaults if available +if [ -f /etc/default/libvirt-bin ] ; then + . /etc/default/libvirt-bin +fi + +set -e + +check_start_libvirtd_option() { + if [ ! "$start_libvirtd" = "yes" ]; then + log_warning_msg "Not starting libvirt management daemon libvirtd, disabled via /etc/default/libvirt-bin" + return 1 + else + return 0 + fi +} + +running_pid() +{ + # Check if a given process pid's cmdline matches a given name + pid=$1 + name=$2 + [ -z "$pid" ] && return 1 + [ ! -d /proc/$pid ] && return 1 + cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1` + # Is this the expected child? + [ "$cmd" != "$name" ] && return 1 + return 0 +} + +running() +{ +# Check if the process is running looking at /proc +# (works for all users) + # No pidfile, probably no daemon present + [ ! -f "$PIDFILE" ] && return 1 + # Obtain the pid and check it against the binary name + pid=`cat $PIDFILE` + running_pid $pid $DAEMON || return 1 + return 0 +} + +force_stop() { +# Forcefully kill the process + [ ! -f "$PIDFILE" ] && return + if running ; then + kill -15 $pid + # Is it really dead? + [ -n "$DODTIME" ] && sleep "$DODTIME"s + if running ; then + kill -9 $pid + [ -n "$DODTIME" ] && sleep "$DODTIME"s + if running ; then + echo "Cannot kill $LABEL (pid=$pid)!" + exit 1 + fi + fi + fi + rm -f $PIDFILE + return 0 +} + +case "$1" in + start) + if check_start_libvirtd_option; then + log_daemon_msg "Starting $DESC" "$NAME" + if running ; then + log_progress_msg "already running" + log_end_msg 0 + exit 0 + fi + start-stop-daemon --start --quiet --pidfile $PIDFILE \ + --exec $DAEMON -- $libvirtd_opts + running && log_end_msg 0 || log_end_msg 1 + fi + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + if ! running ; then + log_progress_msg "not running" + log_end_msg 0 + exit 0 + fi + start-stop-daemon --stop --quiet --pidfile $PIDFILE \ + --exec $DAEMON + log_end_msg 0 + ;; + force-stop) + log_daemon_msg "Forcefully stopping $DESC" "$NAME" + force_stop + ! running && log_end_msg 0 || log_end_msg 1 + ;; + force-reload) + # check wether $DAEMON is running. If so, restart + start-stop-daemon --stop --test --quiet --pidfile \ + /var/run/$NAME.pid --exec $DAEMON \ + && $0 restart || exit 0 + ;; + restart) + if check_start_libvirtd_option; then + log_daemon_msg "Restarting $DESC" "$DAEMON" + start-stop-daemon --oknodo --stop --quiet --pidfile \ + /var/run/$NAME.pid --exec $DAEMON + [ -n "$DODTIME" ] && sleep $DODTIME + start-stop-daemon --start --quiet --pidfile \ + /var/run/$NAME.pid --exec $DAEMON -- $libvirtd_opts + running && log_end_msg 0 || log_end_msg 1 + fi + ;; + status) + log_daemon_msg "Checking status of $DESC" "$NAME" + if running ; then + log_progress_msg "running" + log_end_msg 0 + else + log_progress_msg "not running" + log_end_msg 1 + fi + ;; + *) + N=/etc/init.d/libvirt-bin + # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $N {start|stop|restart|force-reload|status|force-stop}" >&2 + exit 1 + ;; +esac + +exit 0 --- libvirt-0.3.3.orig/debian/rules +++ libvirt-0.3.3/debian/rules @@ -0,0 +1,17 @@ +#!/usr/bin/make -f + +DEB_PYTHON_SYSTEM=pycentral +DEB_DH_INSTALL_SOURCEDIR = debian/tmp + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/class/autotools.mk +include /usr/share/cdbs/1/class/python-distutils.mk +include /usr/share/cdbs/1/rules/patchsys-quilt.mk + +DEB_CONFIGURE_EXTRA_FLAGS := --disable-rpath --with-qemu --without-openvz --with-avahi +DEB_PYTHON_SETUP_CMD := /dev/null + +build/libvirt-bin:: + mkdir -p debian/tmp/etc/libvirt + install -m 750 debian/libvirtd.conf debian/tmp/etc/libvirt + install -m 750 debian/qemud.conf debian/tmp/etc/libvirt --- libvirt-0.3.3.orig/debian/qemud.conf +++ libvirt-0.3.3/debian/qemud.conf @@ -0,0 +1,49 @@ +# Master configuration file for the QEMU driver. +# All settings described here are optional - if omitted, sensible +# defaults are used. + +# VNC is configured to listen on 127.0.0.1 by default. +# To make it listen on all public interfaces, uncomment +# this next option. +# +# NB, strong recommendation to enable TLS + x509 certificate +# verification when allowing public access +# +# vnc_listen = "0.0.0.0" + + +# Enable use of TLS encryption on the VNC server. This requires +# a VNC client which supports the VeNCrypt protocol extension. +# Examples include vinagre, virt-viewer, virt-manager and vencrypt +# itself. UltraVNC, RealVNC, TightVNC do not support this +# +# It is neccessary to setup CA and issue a server certificate +# before enabling this. +# +# vnc_tls = 1 + + +# Use of TLS requires that x509 certificates be issued. The +# default it to keep them in /etc/pki/libvirt-vnc. This directory +# must contain +# +# ca-cert.pem - the CA master certificate +# server-cert.pem - the server certificate signed with ca-cert.pem +# server-key.pem - the server private key +# +# This option allows the certificate directory to be changed +# +# vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" + + +# The default TLS configuration only uses certificates for the server +# allowing the client to verify the server's identity and establish +# and encrypted channel. +# +# It is possible to use x509 certificates for authentication too, by +# issuing a x509 certificate to every client who needs to connect. +# +# Enabling this option will reject any client who does not have a +# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem +# +# vnc_tls_x509_verify = 1 --- libvirt-0.3.3.orig/debian/libvirt-bin.postinst +++ libvirt-0.3.3/debian/libvirt-bin.postinst @@ -0,0 +1,13 @@ +#! /bin/sh + +set -e + +# add the libvirtd group +if ! getent group libvirtd > /dev/null 2>&1 +then + addgroup --system libvirtd +fi + +#DEBHELPER# + +exit 0 --- libvirt-0.3.3.orig/debian/libvirtd.conf +++ libvirt-0.3.3/debian/libvirtd.conf @@ -0,0 +1,141 @@ +# Master libvirt daemon configuration file +# +# For further information consult http://libvirt.org/format.html + + +# Flag listening for secure TLS connections on the public TCP/IP port. +# NB, must pass the --listen flag to the libvirtd process for this to +# have any effect. +# +# It is neccessary to setup a CA and issue server certificates before +# using this capability. +# +# This is enabled by default, uncomment this to disable it +# listen_tls = 0 + +# Listen for unencrypted TCP connections on the public TCP/IP port. +# NB, must pass the --listen flag to the libvirtd process for this to +# have any effect. +# +# NB, this is insecure. Do not use except for development. +# +# This is disabled by default, uncomment this to enable it. +# listen_tcp = 1 + + + +# Override the port for accepting secure TLS connections +# This can be a port number, or service name +# +# tls_port = "16514" + +# Override the port for accepting insecure TCP connections +# This can be a port number, or service name +# +# tcp_port = "16509" + + + +# Flag toggling mDNS advertizement of the libvirt service. +# +# Alternatively can disable for all services on a host by +# stopping the Avahi daemon +# +# This is enabled by default, uncomment this to disable it +# mdns_adv = 0 + +# Override the default mDNS advertizement name. This must be +# unique on the immediate broadcast network. +# +# The default is "Virtualization Host HOSTNAME", where HOSTNAME +# is subsituted for the short hostname of the machine (without domain) +# +# mdns_name "Virtualization Host Joe Demo" + + + +# Set the UNIX domain socket group ownership. This can be used to +# allow a 'trusted' set of users access to management capabilities +# without becoming root. +# +# This is restricted to 'root' by default. +unix_sock_group = "libvirtd" + +# Set the UNIX socket permissions for the R/O socket. This is used +# for monitoring VM status only +# +# Default allows any user. If setting group ownership may want to +# restrict this to: +# unix_sock_ro_perms "0777" + +# Set the UNIX socket permissions for the R/W socket. This is used +# for full management of VMs +# +# Default allows only root. If setting group ownership may want to +# relax this to: +unix_sock_rw_perms = "0770" + + + +# Flag to disable verification of client certificates +# +# Client certificate verification is the primary authentication mechanism. +# Any client which does not present a certificate signed by the CA +# will be rejected. +# +# Default is to always verify. Uncommenting this will disable +# verification - make sure an IP whitelist is set +# tls_no_verify_certificate 1 + +# Flag to disable verification of client IP address +# +# Client IP address will be verified against the CommonName field +# of the x509 certificate. This has minimal security benefit since +# it is easy to spoof source IP. +# +# Uncommenting this will disable verification +# tls_no_verify_address 1 + +# Override the default server key file path +# +# key_file "/etc/pki/libvirt/private/serverkey.pem" + +# Override the default server certificate file path +# +# cert_file "/etc/pki/libvirt/servercert.pem" + +# Override the default CA certificate path +# +# ca_file "/etc/pki/CA/cacert.pem" + +# Specify a certificate revocation list. +# +# Defaults to not using a CRL, uncomment to enable it +# crl_file "/etc/pki/CA/crl.pem" + +# A whitelist of allowed x509 Distinguished Names +# This list may contain wildcards such as +# +# "C=GB,ST=London,L=London,O=Red Hat,CN=*" +# +# See the POSIX fnmatch function for the format of the wildcards. +# +# NB If this is an empty list, no client can connect, so comment out +# entirely rather than using empty list to disable these checks +# +# By default, no DN's are checked +# tls_allowed_dn_list ["DN1", "DN2"] + + +# A whitelist of allowed client IP addresses +# +# This list may contain wildcards such as 192.168.* See the POSIX fnmatch +# function for the format of the wildcards. +# +# NB If this is an empty list, no client can connect, so comment out +# entirely rather than using empty list to disable these checks +# +# By default, no IP's are checked. This can be IPv4 or IPv6 addresses +# tls_allowed_ip_list ["ip1", "ip2", "ip3"] + +