)]}'
{"nova/tests/unit/virt/libvirt/test_driver.py":[{"author":{"_account_id":6962,"name":"Kashyap Chamarthy","email":"kchamart@redhat.com","username":"kashyapc"},"change_message_id":"cd410b3a73ff1e74d3d805faffc61e8f97dd40ad","unresolved":true,"context_lines":[{"line_number":5339,"context_line":"                \u0027/usr/share/OVMF/OVMF_VARS.secboot.fd\u0027, cfg.os_nvram_template)"},{"line_number":5340,"context_line":"            self.assertTrue(cfg.os_loader_secure)"},{"line_number":5341,"context_line":"        else:"},{"line_number":5342,"context_line":"            # if not, silently ignore"},{"line_number":5343,"context_line":"            self.assertEqual("},{"line_number":5344,"context_line":"                \u0027/usr/share/OVMF/OVMF_CODE.fd\u0027, cfg.os_loader)"},{"line_number":5345,"context_line":"            self.assertEqual("}],"source_content_type":"text/x-python","patch_set":7,"id":"8ee87d7a_8fbe60bd","line":5342,"range":{"start_line":5342,"start_character":12,"end_line":5342,"end_character":37},"updated":"2021-03-11 10:08:53.000000000","message":"Yep; reasonable.","commit_id":"e7d704899f4e2e32a290b4fc66b22656a2a158b7"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"9714909d1ff65327a4a20db6737db704b2ab43c6","unresolved":false,"context_lines":[{"line_number":5339,"context_line":"                \u0027/usr/share/OVMF/OVMF_VARS.secboot.fd\u0027, cfg.os_nvram_template)"},{"line_number":5340,"context_line":"            self.assertTrue(cfg.os_loader_secure)"},{"line_number":5341,"context_line":"        else:"},{"line_number":5342,"context_line":"            # if not, silently ignore"},{"line_number":5343,"context_line":"            self.assertEqual("},{"line_number":5344,"context_line":"                \u0027/usr/share/OVMF/OVMF_CODE.fd\u0027, cfg.os_loader)"},{"line_number":5345,"context_line":"            self.assertEqual("}],"source_content_type":"text/x-python","patch_set":7,"id":"a8cbe6ed_8469aec7","line":5342,"range":{"start_line":5342,"start_character":12,"end_line":5342,"end_character":37},"in_reply_to":"8ee87d7a_8fbe60bd","updated":"2021-03-11 15:19:49.000000000","message":"Ack","commit_id":"e7d704899f4e2e32a290b4fc66b22656a2a158b7"}],"nova/virt/libvirt/driver.py":[{"author":{"_account_id":6962,"name":"Kashyap Chamarthy","email":"kchamart@redhat.com","username":"kashyapc"},"change_message_id":"b33efef67fd6a8202055534976acc336c45c57de","unresolved":true,"context_lines":[{"line_number":5834,"context_line":""},{"line_number":5835,"context_line":"        if ("},{"line_number":5836,"context_line":"            arch \u003d\u003d fields.Architecture.X86_64 and"},{"line_number":5837,"context_line":"            \u0027q35\u0027 not in machine_type"},{"line_number":5838,"context_line":"        ):"},{"line_number":5839,"context_line":"            # secure boot on x86_64 requires the Q35 machine type"},{"line_number":5840,"context_line":"            return False"}],"source_content_type":"text/x-python","patch_set":6,"id":"ceaf0fc7_dd05dc58","line":5837,"range":{"start_line":5837,"start_character":12,"end_line":5837,"end_character":37},"updated":"2021-03-10 15:55:36.000000000","message":"Looks good.  As discussed on IRC, even if the JSON file descriptors only check for Q35, it\u0027s good that we, Nova, too have a guard for it.","commit_id":"a2e9dec72a17721f529ffd356950540222ffadcd"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"9806c8d7e9df4514f9dc65be493b846c7d464ceb","unresolved":false,"context_lines":[{"line_number":5901,"context_line":"                # TODO(stephenfin): Drop this when we drop support for legacy"},{"line_number":5902,"context_line":"                # architectures"},{"line_number":5903,"context_line":"                if not mach_type:"},{"line_number":5904,"context_line":"                    raise exception.UEFINotSupported()"},{"line_number":5905,"context_line":""},{"line_number":5906,"context_line":"                os_secure_boot \u003d hardware.get_secure_boot_constraint("},{"line_number":5907,"context_line":"                    flavor, image_meta)"}],"source_content_type":"text/x-python","patch_set":6,"id":"47b2de78_b0c52550","line":5904,"updated":"2021-03-09 13:00:58.000000000","message":"This should probably go into \u0027_check_secure_boot_support\u0027. Will move if I respin (and remember)","commit_id":"a2e9dec72a17721f529ffd356950540222ffadcd"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"020ec7991e98c62a14cc4a0ae0a601073564b157","unresolved":false,"context_lines":[{"line_number":5901,"context_line":"                # TODO(stephenfin): Drop this when we drop support for legacy"},{"line_number":5902,"context_line":"                # architectures"},{"line_number":5903,"context_line":"                if not mach_type:"},{"line_number":5904,"context_line":"                    raise exception.UEFINotSupported()"},{"line_number":5905,"context_line":""},{"line_number":5906,"context_line":"                os_secure_boot \u003d hardware.get_secure_boot_constraint("},{"line_number":5907,"context_line":"                    flavor, image_meta)"}],"source_content_type":"text/x-python","patch_set":6,"id":"84a325f0_58ef28e8","line":5904,"in_reply_to":"1c016700_93fbb63d","updated":"2021-03-10 10:45:42.000000000","message":"Actually, I need to keep this here since it\u0027s not specific to the secure boot stuff. We also require it to get a loader (since loaders are arch and machine-type specific). That\u0027s the cause of the failure in the preceding patch","commit_id":"a2e9dec72a17721f529ffd356950540222ffadcd"},{"author":{"_account_id":10135,"name":"Lee Yarwood","display_name":"Lee Yarwood","email":"lyarwood@redhat.com","username":"lyarwood"},"change_message_id":"4421f4cae9f4dbd7ac953c6ead60aedece856711","unresolved":false,"context_lines":[{"line_number":5901,"context_line":"                # TODO(stephenfin): Drop this when we drop support for legacy"},{"line_number":5902,"context_line":"                # architectures"},{"line_number":5903,"context_line":"                if not mach_type:"},{"line_number":5904,"context_line":"                    raise exception.UEFINotSupported()"},{"line_number":5905,"context_line":""},{"line_number":5906,"context_line":"                os_secure_boot \u003d hardware.get_secure_boot_constraint("},{"line_number":5907,"context_line":"                    flavor, image_meta)"}],"source_content_type":"text/x-python","patch_set":6,"id":"1c016700_93fbb63d","line":5904,"in_reply_to":"47b2de78_b0c52550","updated":"2021-03-09 14:35:18.000000000","message":"Yup agreed and replace the raise with return False right?","commit_id":"a2e9dec72a17721f529ffd356950540222ffadcd"},{"author":{"_account_id":10135,"name":"Lee Yarwood","display_name":"Lee Yarwood","email":"lyarwood@redhat.com","username":"lyarwood"},"change_message_id":"32161cd6efcc848fad26c6aaae6a2c9c4431aed7","unresolved":false,"context_lines":[{"line_number":5901,"context_line":"                # TODO(stephenfin): Drop this when we drop support for legacy"},{"line_number":5902,"context_line":"                # architectures"},{"line_number":5903,"context_line":"                if not mach_type:"},{"line_number":5904,"context_line":"                    raise exception.UEFINotSupported()"},{"line_number":5905,"context_line":""},{"line_number":5906,"context_line":"                os_secure_boot \u003d hardware.get_secure_boot_constraint("},{"line_number":5907,"context_line":"                    flavor, image_meta)"}],"source_content_type":"text/x-python","patch_set":6,"id":"0d4fb291_13ad4ec5","line":5904,"in_reply_to":"84a325f0_58ef28e8","updated":"2021-03-10 11:58:17.000000000","message":"Yup understood thanks.","commit_id":"a2e9dec72a17721f529ffd356950540222ffadcd"},{"author":{"_account_id":6962,"name":"Kashyap Chamarthy","email":"kchamart@redhat.com","username":"kashyapc"},"change_message_id":"b33efef67fd6a8202055534976acc336c45c57de","unresolved":true,"context_lines":[{"line_number":5914,"context_line":"                        raise exception.SecureBootNotSupported()"},{"line_number":5915,"context_line":""},{"line_number":5916,"context_line":"                    guest.os_loader_secure \u003d True"},{"line_number":5917,"context_line":"                elif os_secure_boot \u003d\u003d \u0027optional\u0027:"},{"line_number":5918,"context_line":"                    # only enable it if the host is configured appropriately"},{"line_number":5919,"context_line":"                    guest.os_loader_secure \u003d self._check_secure_boot_support("},{"line_number":5920,"context_line":"                        arch, mach_type, hw_firmware_type,"}],"source_content_type":"text/x-python","patch_set":6,"id":"d58dad3f_ed910263","line":5917,"range":{"start_line":5917,"start_character":1,"end_line":5917,"end_character":50},"updated":"2021-03-10 15:55:36.000000000","message":"Hmm, I\u0027m not quite comfortable with this — in the \"optional\" case we should default to normal / UEFI boot (or even better SeaBIOS). It\u0027s a more \"conservative\" approach.\n\nMy worry is about \"move operations\"—which can be buggy / less (or not at all) tested with secure boot: because of the NVRAM file getting reset on some occasions, see[1].  An operator might get bitten accidentally.\n\n(For cases where some explicitly requests secure boot, I\u0027d expect them to understand that there\u0027ll be some trade-offs to accept—like move operations.)\n\n[1] https://bugs.launchpad.net/nova/+bug/1633447 (\"nova stop/start or reboot --hard resets uefi nvram\")","commit_id":"a2e9dec72a17721f529ffd356950540222ffadcd"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"9699705c4221ea14a7615c023aeecb9cf1584b44","unresolved":true,"context_lines":[{"line_number":5914,"context_line":"                        raise exception.SecureBootNotSupported()"},{"line_number":5915,"context_line":""},{"line_number":5916,"context_line":"                    guest.os_loader_secure \u003d True"},{"line_number":5917,"context_line":"                elif os_secure_boot \u003d\u003d \u0027optional\u0027:"},{"line_number":5918,"context_line":"                    # only enable it if the host is configured appropriately"},{"line_number":5919,"context_line":"                    guest.os_loader_secure \u003d self._check_secure_boot_support("},{"line_number":5920,"context_line":"                        arch, mach_type, hw_firmware_type,"}],"source_content_type":"text/x-python","patch_set":6,"id":"db8dc70b_628be689","line":5917,"range":{"start_line":5917,"start_character":1,"end_line":5917,"end_character":50},"in_reply_to":"d58dad3f_ed910263","updated":"2021-03-10 17:56:50.000000000","message":"If we did that, \u0027optional\u0027 would be exactly the same as \u0027disabled\u0027 and becomes meaningless. \u0027optional\u0027 isn\u0027t the default - that\u0027s \u0027disabled\u0027 - so if a user has specifically requested \u0027optional\u0027 then they\u0027re saying \"give me secure boot if you can, but I don\u0027t care if you don\u0027t\" along with all the negatives that having UEFI has","commit_id":"a2e9dec72a17721f529ffd356950540222ffadcd"},{"author":{"_account_id":6962,"name":"Kashyap Chamarthy","email":"kchamart@redhat.com","username":"kashyapc"},"change_message_id":"cd410b3a73ff1e74d3d805faffc61e8f97dd40ad","unresolved":true,"context_lines":[{"line_number":5914,"context_line":"                        raise exception.SecureBootNotSupported()"},{"line_number":5915,"context_line":""},{"line_number":5916,"context_line":"                    guest.os_loader_secure \u003d True"},{"line_number":5917,"context_line":"                elif os_secure_boot \u003d\u003d \u0027optional\u0027:"},{"line_number":5918,"context_line":"                    # only enable it if the host is configured appropriately"},{"line_number":5919,"context_line":"                    guest.os_loader_secure \u003d self._check_secure_boot_support("},{"line_number":5920,"context_line":"                        arch, mach_type, hw_firmware_type,"}],"source_content_type":"text/x-python","patch_set":6,"id":"7cecad11_b630bed2","line":5917,"range":{"start_line":5917,"start_character":1,"end_line":5917,"end_character":50},"in_reply_to":"db8dc70b_628be689","updated":"2021-03-11 10:08:53.000000000","message":"Right; on thinking more, that\u0027s a fair response.  As the default is disabled.  It is not unreasonable to expect from those going the \"optional\" route read a little bit of documentation.  We can\u0027t put a guard against every potential foot-gun.","commit_id":"a2e9dec72a17721f529ffd356950540222ffadcd"},{"author":{"_account_id":6962,"name":"Kashyap Chamarthy","email":"kchamart@redhat.com","username":"kashyapc"},"change_message_id":"b33efef67fd6a8202055534976acc336c45c57de","unresolved":true,"context_lines":[{"line_number":5928,"context_line":"                        has_secure_boot\u003dguest.os_loader_secure)"},{"line_number":5929,"context_line":"                except exception.UEFINotSupported as exc:"},{"line_number":5930,"context_line":"                    if guest.os_loader_secure:"},{"line_number":5931,"context_line":"                        # we raise a specific exception if we requested secure"},{"line_number":5932,"context_line":"                        # boot and couldn\u0027t get that"},{"line_number":5933,"context_line":"                        raise exception.SecureBootNotSupported() from exc"},{"line_number":5934,"context_line":"                    raise"}],"source_content_type":"text/x-python","patch_set":6,"id":"29bf8a18_e9082a6c","line":5931,"range":{"start_line":5931,"start_character":26,"end_line":5931,"end_character":78},"updated":"2021-03-10 15:55:36.000000000","message":"Makes sense.","commit_id":"a2e9dec72a17721f529ffd356950540222ffadcd"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"e523dd7ce36e47d759ae2e7a7fcd2debb6063c38","unresolved":false,"context_lines":[{"line_number":5928,"context_line":"                        has_secure_boot\u003dguest.os_loader_secure)"},{"line_number":5929,"context_line":"                except exception.UEFINotSupported as exc:"},{"line_number":5930,"context_line":"                    if guest.os_loader_secure:"},{"line_number":5931,"context_line":"                        # we raise a specific exception if we requested secure"},{"line_number":5932,"context_line":"                        # boot and couldn\u0027t get that"},{"line_number":5933,"context_line":"                        raise exception.SecureBootNotSupported() from exc"},{"line_number":5934,"context_line":"                    raise"}],"source_content_type":"text/x-python","patch_set":6,"id":"971d2bbb_8b20b1c2","line":5931,"range":{"start_line":5931,"start_character":26,"end_line":5931,"end_character":78},"in_reply_to":"29bf8a18_e9082a6c","updated":"2021-03-11 09:52:59.000000000","message":"Ack","commit_id":"a2e9dec72a17721f529ffd356950540222ffadcd"}]}