From 36debafddd788066be10b33c5f11b984a08e5c85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 1 Dec 2022 04:22:11 -0500 Subject: [PATCH] ui: remove deprecated 'password' option for SPICE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This has been replaced by the 'password-secret' option, which references a 'secret' object instance. Reviewed-by: Fabiano Rosas Reviewed-by: Markus Armbruster Signed-off-by: Daniel P. Berrangé --- docs/about/deprecated.rst | 8 -------- docs/about/removed-features.rst | 7 +++++++ qemu-options.hx | 9 +-------- ui/spice-core.c | 15 --------------- 4 files changed, 8 insertions(+), 31 deletions(-) diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index d31ffa86d40..2827b0c0beb 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -66,14 +66,6 @@ and will cause a warning. The replacement for the ``nodelay`` short-form boolean option is ``nodelay=on`` rather than ``delay=off``. -``-spice password=string`` (since 6.0) -'''''''''''''''''''''''''''''''''''''' - -This option is insecure because the SPICE password remains visible in -the process listing. This is replaced by the new ``password-secret`` -option which lets the password be securely provided on the command -line using a ``secret`` object instance. - ``-smp`` ("parameter=0" SMP configurations) (since 6.2) ''''''''''''''''''''''''''''''''''''''''''''''''''''''' diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst index 4a84e6174fe..e901637ce5f 100644 --- a/docs/about/removed-features.rst +++ b/docs/about/removed-features.rst @@ -428,6 +428,13 @@ respectively. The actual backend names should be used instead. Use ``-drive if=pflash`` to configure the OTP device of the sifive_u RISC-V machine instead. +``-spice password=string`` (removed in 8.0) +''''''''''''''''''''''''''''''''''''''''''' + +This option was insecure because the SPICE password remained visible in +the process listing. This was replaced by the new ``password-secret`` +option which lets the password be securely provided on the command +line using a ``secret`` object instance. QEMU Machine Protocol (QMP) commands ------------------------------------ diff --git a/qemu-options.hx b/qemu-options.hx index e79ff4d8fb9..cafd8be8eda 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -2135,7 +2135,7 @@ DEF("spice", HAS_ARG, QEMU_OPTION_spice, " [,tls-channel=[main|display|cursor|inputs|record|playback]]\n" " [,plaintext-channel=[main|display|cursor|inputs|record|playback]]\n" " [,sasl=on|off][,disable-ticketing=on|off]\n" - " [,password=][,password-secret=]\n" + " [,password-secret=]\n" " [,image-compression=[auto_glz|auto_lz|quic|glz|lz|off]]\n" " [,jpeg-wan-compression=[auto|never|always]]\n" " [,zlib-glz-wan-compression=[auto|never|always]]\n" @@ -2161,13 +2161,6 @@ SRST ``ipv4=on|off``; \ ``ipv6=on|off``; \ ``unix=on|off`` Force using the specified IP version. - ``password=`` - Set the password you need to authenticate. - - This option is deprecated and insecure because it leaves the - password visible in the process listing. Use ``password-secret`` - instead. - ``password-secret=`` Set the ID of the ``secret`` object containing the password you need to authenticate. diff --git a/ui/spice-core.c b/ui/spice-core.c index 72f8f1681c6..76f7c2bc3d1 100644 --- a/ui/spice-core.c +++ b/ui/spice-core.c @@ -412,9 +412,6 @@ static QemuOptsList qemu_spice_opts = { .name = "unix", .type = QEMU_OPT_BOOL, #endif - },{ - .name = "password", - .type = QEMU_OPT_STRING, },{ .name = "password-secret", .type = QEMU_OPT_STRING, @@ -666,20 +663,8 @@ static void qemu_spice_init(void) } passwordSecret = qemu_opt_get(opts, "password-secret"); if (passwordSecret) { - if (qemu_opt_get(opts, "password")) { - error_report("'password' option is mutually exclusive with " - "'password-secret'"); - exit(1); - } password = qcrypto_secret_lookup_as_utf8(passwordSecret, &error_fatal); - } else { - str = qemu_opt_get(opts, "password"); - if (str) { - warn_report("'password' option is deprecated and insecure, " - "use 'password-secret' instead"); - password = g_strdup(str); - } } if (tls_port) { -- GitLab