Use @SYSTEM priority for TLS on Fedora >= 21

In Fedora >= 21, there is a new crypto priority framework
that sets TLS policies globally for all apps. To activate
this with GNUTLS we must request "@SYSTEM" instead of
the traditional "NORMAL" string. The '@' causes gnutls todo
a lookup in its config file for the 'SYSTEM' keyword entry.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

diff --git a/libvirt.spec.in b/libvirt.spec.in
index b93a53c02e2eed91ee8523920a0367dc44491646..ee6162e7eea593198688c6ebd6fb6b165b35adbe 100644 (file)
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -206,6 +206,12 @@
     %define enable_werror --disable-werror
 %endif
 
+%if 0%{?fedora} >= 21
+    %define tls_priority "@SYSTEM"
+%else
+    %define tls_priority "NORMAL"
+%endif
+
 
 Summary: Library providing a simple virtualization API
 Name: libvirt
@@ -1152,6 +1158,7 @@ rm -f po/stamp-po
            %{arg_packager_version} \
            --with-qemu-user=%{qemu_user} \
            --with-qemu-group=%{qemu_group} \
+           --with-tls-priority=%{tls_priority} \
            %{?arg_loader_nvram} \
            %{?enable_werror} \
            --enable-expensive-tests \