Eric Blake
2019-Mar-06 15:59 UTC
Re: [Libguestfs] [PATCH nbdkit] Add ssh plugin using libssh.
On 3/6/19 9:40 AM, Richard W.M. Jones wrote:> --- > plugins/curl/nbdkit-curl-plugin.pod | 22 +- > plugins/ssh/nbdkit-ssh-plugin.pod | 150 ++++++++ > configure.ac | 17 + > plugins/ssh/ssh.c | 521 ++++++++++++++++++++++++++++ > README | 4 + > TODO | 10 +- > plugins/ssh/Makefile.am | 69 ++++ > 7 files changed, 779 insertions(+), 14 deletions(-)> + > +=item B<password=>PASSWORD > + > +Set the password to use when connecting to the remote server. > + > +Note that passing this on the command line is not secure on shared > +machines.Worth noting that PASSWORD cannot begin with - or +, because of:> + > +=item B<password=-> > + > +Ask for the password (interactively) when nbdkit starts up. > + > +=item B<password=+>FILENAME > + > +Read the password from the named file. This is the most secure method > +to supply a password, as long as you set the permissions on the file > +appropriately.these? Is it also worth a way to read the password over an inherited file descriptor (including a pipe)?> +=head1 AUTHORS > + > +Richard W.M. Jones > + > +Parts derived from Pino Toscano’s qemu libssh driver.Is that a compatible license? Or I guess another way of wording it - what is the license of libssh itself? The resulting ssh plugin may already require a stronger license than what nbdkit proper allows, but the license of the .so plugin being stronger than the license of the .c files does not require the same level of care as when the license of one .c file prevents refactoring code out from there into a looser licensed .c file elsewhere.> +++ b/plugins/ssh/ssh.c > @@ -0,0 +1,521 @@ > +/* nbdkit > + * Copyright (C) 2014-2019 Red Hat Inc. > + * All rights reserved.I've always found it funny to consider how "All rights reserved" is compatible with the later statements that modification rights are being granted - how can you reserve a right that you gave away? But that's not a problem with this patch (so much as a more general musing on the typical boilerplate for the BSD license), as you are faithfully copying-and-pasting a widely used pattern (that is, it's not a problem unique to nbdkit, and I don't see a reason to change that phrase in any of the existing nbdkit files or this patch without specific instructions from a legal department). -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
Richard W.M. Jones
2019-Mar-06 16:05 UTC
Re: [Libguestfs] [PATCH nbdkit] Add ssh plugin using libssh.
On Wed, Mar 06, 2019 at 09:59:33AM -0600, Eric Blake wrote:> On 3/6/19 9:40 AM, Richard W.M. Jones wrote: > > --- > > plugins/curl/nbdkit-curl-plugin.pod | 22 +- > > plugins/ssh/nbdkit-ssh-plugin.pod | 150 ++++++++ > > configure.ac | 17 + > > plugins/ssh/ssh.c | 521 ++++++++++++++++++++++++++++ > > README | 4 + > > TODO | 10 +- > > plugins/ssh/Makefile.am | 69 ++++ > > 7 files changed, 779 insertions(+), 14 deletions(-) > > > + > > +=item B<password=>PASSWORD > > + > > +Set the password to use when connecting to the remote server. > > + > > +Note that passing this on the command line is not secure on shared > > +machines. > > Worth noting that PASSWORD cannot begin with - or +, because of: > > > + > > +=item B<password=-> > > + > > +Ask for the password (interactively) when nbdkit starts up. > > + > > +=item B<password=+>FILENAME > > + > > +Read the password from the named file. This is the most secure method > > +to supply a password, as long as you set the permissions on the file > > +appropriately. > > these? > > Is it also worth a way to read the password over an inherited file > descriptor (including a pipe)?This is actually a standard bit of blurb which we use on other pages (probably podwrapper should substitute it). See for example: https://github.com/libguestfs/nbdkit/blob/master/plugins/curl/nbdkit-curl-plugin.pod#parameters It could probably be improved as you note.> > +=head1 AUTHORS > > + > > +Richard W.M. Jones > > + > > +Parts derived from Pino Toscano’s qemu libssh driver. > > Is that a compatible license? Or I guess another way of wording it - > what is the license of libssh itself? The resulting ssh plugin may > already require a stronger license than what nbdkit proper allows, but > the license of the .so plugin being stronger than the license of the .c > files does not require the same level of care as when the license of one > .c file prevents refactoring code out from there into a looser licensed > .c file elsewhere.The current (libssh2) block/ssh.c has: * Copyright (C) 2013 Red Hat Inc., Richard W.M. Jones <rjones@redhat.com> * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. The latest version of Pino's patch doesn't change the license so I suppose he's happy with it: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg07267.html Anyway I think that's compatible? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder quickly builds VMs from scratch http://libguestfs.org/virt-builder.1.html
Eric Blake
2019-Mar-06 16:09 UTC
Re: [Libguestfs] [PATCH nbdkit] Add ssh plugin using libssh.
On 3/6/19 10:05 AM, Richard W.M. Jones wrote:> On Wed, Mar 06, 2019 at 09:59:33AM -0600, Eric Blake wrote: >> On 3/6/19 9:40 AM, Richard W.M. Jones wrote:>>> +Parts derived from Pino Toscano’s qemu libssh driver. >> >> Is that a compatible license? Or I guess another way of wording it - >> what is the license of libssh itself? The resulting ssh plugin may >> already require a stronger license than what nbdkit proper allows, but >> the license of the .so plugin being stronger than the license of the .c >> files does not require the same level of care as when the license of one >> .c file prevents refactoring code out from there into a looser licensed >> .c file elsewhere. > > The current (libssh2) block/ssh.c has: ><snip>> > Anyway I think that's compatible?Sounds like a BSD license, so you should be good. (Not all of qemu is BSD licensed, so my gut reaction to copying from qemu is to do ask - if nothing else, now the mailing list archives why we agree it should be okay) -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org