From nobody Thu May 2 07:30:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1529535687429548.715056856177; Wed, 20 Jun 2018 16:01:27 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 039AC30832DC; Wed, 20 Jun 2018 23:01:26 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 27D0E280D3; Wed, 20 Jun 2018 23:01:25 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id EFE4E4A460; Wed, 20 Jun 2018 23:01:23 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w5KN1Lsx019823 for ; Wed, 20 Jun 2018 19:01:21 -0400 Received: by smtp.corp.redhat.com (Postfix) id D1FF396131; Wed, 20 Jun 2018 23:01:21 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-14.phx2.redhat.com [10.3.116.14]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9428D86EF0 for ; Wed, 20 Jun 2018 23:01:21 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Wed, 20 Jun 2018 19:01:10 -0400 Message-Id: <20180620230119.6276-2-jferlan@redhat.com> In-Reply-To: <20180620230119.6276-1-jferlan@redhat.com> References: <20180620230119.6276-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 01/10] storage: Don't allow encryption secretPath to be NULL X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Wed, 20 Jun 2018 23:01:26 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Allowing a NULL @secretPath for virStorageBackendCreateQemuImgCmdFromVol would result in a generated command line with a dangling "file=3D" output. So let's make sure the @secretPath exists before processing. This means we should pass a dummy path from the storage test. Signed-off-by: John Ferlan --- src/storage/storage_util.c | 5 +++++ tests/storagevolxml2argvtest.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index 87f2115869..88427cecb4 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -1233,6 +1233,11 @@ virStorageBackendCreateQemuImgCmdFromVol(virStorageP= oolObjPtr pool, =20 if (info.format =3D=3D VIR_STORAGE_FILE_RAW && vol->target.encryption = && vol->target.encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMA= T_LUKS) { + if (!info.secretPath) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("path to secret data file is required")); + goto error; + } if (virAsprintf(&info.secretAlias, "%s_encrypt0", vol->name) < 0) goto error; if (storageBackendCreateQemuImgSecretObject(cmd, info.secretPath, diff --git a/tests/storagevolxml2argvtest.c b/tests/storagevolxml2argvtest.c index 0265a0ffe2..4286c50c6e 100644 --- a/tests/storagevolxml2argvtest.c +++ b/tests/storagevolxml2argvtest.c @@ -82,7 +82,7 @@ testCompareXMLToArgvFiles(bool shouldFail, cmd =3D virStorageBackendCreateQemuImgCmdFromVol(obj, vol, inputvol, flags, create_tool, - NULL); + "/path/to/secretFile"); if (!cmd) { if (shouldFail) { virResetLastError(); --=20 2.14.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 07:30:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1529535697061251.16107016832507; Wed, 20 Jun 2018 16:01:37 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B9FAD3DFD0; Wed, 20 Jun 2018 23:01:35 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 77CDE308BDB2; Wed, 20 Jun 2018 23:01:35 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 1EDD1180053B; Wed, 20 Jun 2018 23:01:35 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w5KN1M0t019828 for ; Wed, 20 Jun 2018 19:01:22 -0400 Received: by smtp.corp.redhat.com (Postfix) id 44CEE86EF0; Wed, 20 Jun 2018 23:01:22 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-14.phx2.redhat.com [10.3.116.14]) by smtp.corp.redhat.com (Postfix) with ESMTP id 02F71B2A4B for ; Wed, 20 Jun 2018 23:01:21 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Wed, 20 Jun 2018 19:01:11 -0400 Message-Id: <20180620230119.6276-3-jferlan@redhat.com> In-Reply-To: <20180620230119.6276-1-jferlan@redhat.com> References: <20180620230119.6276-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 02/10] tests: Add luks creation examples to storagevolxml2argvtest X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.24 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Wed, 20 Jun 2018 23:01:36 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Add the storagevolxml2xmltest "luks" and "luks-cipher" tests to the storagevolxml2argvtest. Signed-off-by: John Ferlan --- tests/storagevolxml2argvdata/luks-cipher.argv | 5 +++++ tests/storagevolxml2argvdata/luks.argv | 4 ++++ tests/storagevolxml2argvtest.c | 7 +++++++ 3 files changed, 16 insertions(+) create mode 100644 tests/storagevolxml2argvdata/luks-cipher.argv create mode 100644 tests/storagevolxml2argvdata/luks.argv diff --git a/tests/storagevolxml2argvdata/luks-cipher.argv b/tests/storagev= olxml2argvdata/luks-cipher.argv new file mode 100644 index 0000000000..a8a19f03ff --- /dev/null +++ b/tests/storagevolxml2argvdata/luks-cipher.argv @@ -0,0 +1,5 @@ +qemu-img create -f luks \ +--object secret,id=3DLuksDemo.img_encrypt0,file=3D/path/to/secretFile \ +-o key-secret=3DLuksDemo.img_encrypt0,cipher-alg=3Dserpent-256,cipher-mode= =3Dcbc,\ +hash-alg=3Dsha256,ivgen-alg=3Dplain64,ivgen-hash-alg=3Dsha256 \ +/var/lib/libvirt/images/LuksDemo.img 5242880K diff --git a/tests/storagevolxml2argvdata/luks.argv b/tests/storagevolxml2a= rgvdata/luks.argv new file mode 100644 index 0000000000..336238ecab --- /dev/null +++ b/tests/storagevolxml2argvdata/luks.argv @@ -0,0 +1,4 @@ +qemu-img create -f luks \ +--object secret,id=3DLuksDemo.img_encrypt0,file=3D/path/to/secretFile \ +-o key-secret=3DLuksDemo.img_encrypt0 \ +/var/lib/libvirt/images/LuksDemo.img 5242880K diff --git a/tests/storagevolxml2argvtest.c b/tests/storagevolxml2argvtest.c index 4286c50c6e..b8afe4abcc 100644 --- a/tests/storagevolxml2argvtest.c +++ b/tests/storagevolxml2argvtest.c @@ -232,6 +232,13 @@ mymain(void) "pool-dir", "vol-file-iso", "iso-input", 0); =20 + DO_TEST("pool-dir", "vol-luks", + NULL, NULL, + "luks", 0); + DO_TEST("pool-dir", "vol-luks-cipher", + NULL, NULL, + "luks-cipher", 0); + return ret =3D=3D 0 ? EXIT_SUCCESS : EXIT_FAILURE; } =20 --=20 2.14.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 07:30:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1529535703222631.4602640762768; Wed, 20 Jun 2018 16:01:43 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D43B881DED; Wed, 20 Jun 2018 23:01:41 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8DD0360BF6; Wed, 20 Jun 2018 23:01:41 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3D6284A46D; Wed, 20 Jun 2018 23:01:41 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w5KN1PBk019849 for ; Wed, 20 Jun 2018 19:01:25 -0400 Received: by smtp.corp.redhat.com (Postfix) id CACC286EF0; Wed, 20 Jun 2018 23:01:25 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-14.phx2.redhat.com [10.3.116.14]) by smtp.corp.redhat.com (Postfix) with ESMTP id 563A4B2A64 for ; Wed, 20 Jun 2018 23:01:22 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Wed, 20 Jun 2018 19:01:12 -0400 Message-Id: <20180620230119.6276-4-jferlan@redhat.com> In-Reply-To: <20180620230119.6276-1-jferlan@redhat.com> References: <20180620230119.6276-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 03/10] storage: Rename encryption info variable for clarity X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 20 Jun 2018 23:01:42 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Change from @enc to @encinfo leaving @enc for the vol->target.encryption in the storageBackendCreateQemuImgSetOptions code path. Signed-off-by: John Ferlan --- src/storage/storage_util.c | 21 +++++++++++---------- src/util/virqemu.c | 26 +++++++++++++------------- 2 files changed, 24 insertions(+), 23 deletions(-) diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index 88427cecb4..90cadb9d13 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -817,7 +817,7 @@ struct _virStorageBackendQemuImgInfo { =20 =20 static int -storageBackendCreateQemuImgOpts(virStorageEncryptionInfoDefPtr enc, +storageBackendCreateQemuImgOpts(virStorageEncryptionInfoDefPtr encinfo, char **opts, struct _virStorageBackendQemuImgInfo info) { @@ -827,8 +827,8 @@ storageBackendCreateQemuImgOpts(virStorageEncryptionInf= oDefPtr enc, virBufferAsprintf(&buf, "backing_fmt=3D%s,", virStorageFileFormatTypeToString(info.backingFor= mat)); =20 - if (info.format =3D=3D VIR_STORAGE_FILE_RAW && enc) { - virQEMUBuildQemuImgKeySecretOpts(&buf, enc, info.secretAlias); + if (info.format =3D=3D VIR_STORAGE_FILE_RAW && encinfo) { + virQEMUBuildQemuImgKeySecretOpts(&buf, encinfo, info.secretAlias); } else { if (info.encryption) virBufferAddLit(&buf, "encryption=3Don,"); @@ -1037,7 +1037,7 @@ storageBackendCreateQemuImgSetBacking(virStoragePoolO= bjPtr pool, =20 static int storageBackendCreateQemuImgSetOptions(virCommandPtr cmd, - virStorageEncryptionInfoDefPtr enc, + virStorageEncryptionInfoDefPtr encin= fo, struct _virStorageBackendQemuImgInfo= info) { char *opts =3D NULL; @@ -1045,7 +1045,7 @@ storageBackendCreateQemuImgSetOptions(virCommandPtr c= md, if (info.format =3D=3D VIR_STORAGE_FILE_QCOW2 && !info.compat) info.compat =3D "0.10"; =20 - if (storageBackendCreateQemuImgOpts(enc, &opts, info) < 0) + if (storageBackendCreateQemuImgOpts(encinfo, &opts, info) < 0) return -1; if (opts) virCommandAddArgList(cmd, "-o", opts, NULL); @@ -1209,7 +1209,8 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePo= olObjPtr pool, .secretPath =3D secretPath, .secretAlias =3D NULL, }; - virStorageEncryptionInfoDefPtr enc =3D NULL; + virStorageEncryptionPtr enc =3D vol->target.encryption; + virStorageEncryptionInfoDefPtr encinfo =3D NULL; =20 virCheckFlags(VIR_STORAGE_VOL_CREATE_PREALLOC_METADATA, NULL); =20 @@ -1231,8 +1232,8 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePo= olObjPtr pool, if (info.backingPath) virCommandAddArgList(cmd, "-b", info.backingPath, NULL); =20 - if (info.format =3D=3D VIR_STORAGE_FILE_RAW && vol->target.encryption = && - vol->target.encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMA= T_LUKS) { + if (info.format =3D=3D VIR_STORAGE_FILE_RAW && enc && + enc->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) { if (!info.secretPath) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("path to secret data file is required")); @@ -1243,10 +1244,10 @@ virStorageBackendCreateQemuImgCmdFromVol(virStorage= PoolObjPtr pool, if (storageBackendCreateQemuImgSecretObject(cmd, info.secretPath, info.secretAlias) < 0) goto error; - enc =3D &vol->target.encryption->encinfo; + encinfo =3D &enc->encinfo; } =20 - if (storageBackendCreateQemuImgSetOptions(cmd, enc, info) < 0) + if (storageBackendCreateQemuImgSetOptions(cmd, encinfo, info) < 0) goto error; VIR_FREE(info.secretAlias); =20 diff --git a/src/util/virqemu.c b/src/util/virqemu.c index e16429d80d..30b8dc18d4 100644 --- a/src/util/virqemu.c +++ b/src/util/virqemu.c @@ -315,7 +315,7 @@ virQEMUBuildBufferEscapeComma(virBufferPtr buf, const c= har *str) /** * virQEMUBuildQemuImgKeySecretOpts: * @buf: buffer to build the string into - * @enc: pointer to encryption info + * @encinfo: pointer to encryption info * @alias: alias to use * * Generate the string for id=3D$alias and any encryption options for @@ -334,37 +334,37 @@ virQEMUBuildBufferEscapeComma(virBufferPtr buf, const= char *str) */ void virQEMUBuildQemuImgKeySecretOpts(virBufferPtr buf, - virStorageEncryptionInfoDefPtr enc, + virStorageEncryptionInfoDefPtr encinfo, const char *alias) { virBufferAsprintf(buf, "key-secret=3D%s,", alias); =20 - if (!enc->cipher_name) + if (!encinfo->cipher_name) return; =20 virBufferAddLit(buf, "cipher-alg=3D"); - virQEMUBuildBufferEscapeComma(buf, enc->cipher_name); - virBufferAsprintf(buf, "-%u,", enc->cipher_size); - if (enc->cipher_mode) { + virQEMUBuildBufferEscapeComma(buf, encinfo->cipher_name); + virBufferAsprintf(buf, "-%u,", encinfo->cipher_size); + if (encinfo->cipher_mode) { virBufferAddLit(buf, "cipher-mode=3D"); - virQEMUBuildBufferEscapeComma(buf, enc->cipher_mode); + virQEMUBuildBufferEscapeComma(buf, encinfo->cipher_mode); virBufferAddLit(buf, ","); } - if (enc->cipher_hash) { + if (encinfo->cipher_hash) { virBufferAddLit(buf, "hash-alg=3D"); - virQEMUBuildBufferEscapeComma(buf, enc->cipher_hash); + virQEMUBuildBufferEscapeComma(buf, encinfo->cipher_hash); virBufferAddLit(buf, ","); } - if (!enc->ivgen_name) + if (!encinfo->ivgen_name) return; =20 virBufferAddLit(buf, "ivgen-alg=3D"); - virQEMUBuildBufferEscapeComma(buf, enc->ivgen_name); + virQEMUBuildBufferEscapeComma(buf, encinfo->ivgen_name); virBufferAddLit(buf, ","); =20 - if (enc->ivgen_hash) { + if (encinfo->ivgen_hash) { virBufferAddLit(buf, "ivgen-hash-alg=3D"); - virQEMUBuildBufferEscapeComma(buf, enc->ivgen_hash); + virQEMUBuildBufferEscapeComma(buf, encinfo->ivgen_hash); virBufferAddLit(buf, ","); } } --=20 2.14.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 07:30:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1529535709091109.4687576285221; Wed, 20 Jun 2018 16:01:49 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A96A030C1119; Wed, 20 Jun 2018 23:01:47 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6F0AB5D75A; Wed, 20 Jun 2018 23:01:47 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 09EAC4BB78; Wed, 20 Jun 2018 23:01:47 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w5KN1Qeu019856 for ; Wed, 20 Jun 2018 19:01:26 -0400 Received: by smtp.corp.redhat.com (Postfix) id 39712B1A29; Wed, 20 Jun 2018 23:01:26 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-14.phx2.redhat.com [10.3.116.14]) by smtp.corp.redhat.com (Postfix) with ESMTP id EDB0B86EF0 for ; Wed, 20 Jun 2018 23:01:25 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Wed, 20 Jun 2018 19:01:13 -0400 Message-Id: <20180620230119.6276-5-jferlan@redhat.com> In-Reply-To: <20180620230119.6276-1-jferlan@redhat.com> References: <20180620230119.6276-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 04/10] tests: Remove qcow2 encryption from storagevol tests X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Wed, 20 Jun 2018 23:01:48 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" We're about to disallow creation of a qcow2 encrypted storage volume, so let's remove the qcow encryption element from the tests which are testing whether other format=3D'qcow2' related features work properly. Signed-off-by: John Ferlan --- tests/storagevolxml2argvdata/qcow2-1.1.argv | 2= +- tests/storagevolxml2argvdata/qcow2-compat.argv | 2= +- tests/storagevolxml2argvdata/qcow2-from-logical-compat.argv | 2= +- tests/storagevolxml2argvdata/qcow2-lazy.argv | 2= +- .../qcow2-nobacking-convert-prealloc-compat.argv | 2= +- tests/storagevolxml2argvdata/qcow2-nobacking-prealloc-compat.argv | 2= +- tests/storagevolxml2argvdata/qcow2-nocapacity-convert-prealloc.argv | 2= +- tests/storagevolxml2argvdata/qcow2-nocapacity.argv | 2= +- tests/storagevolxml2argvdata/qcow2-nocow-compat.argv | 2= +- tests/storagevolxml2xmlin/vol-qcow2-0.10-lazy.xml | 3= --- tests/storagevolxml2xmlin/vol-qcow2-1.1.xml | 3= --- tests/storagevolxml2xmlin/vol-qcow2-lazy.xml | 3= --- tests/storagevolxml2xmlin/vol-qcow2-nobacking.xml | 3= --- tests/storagevolxml2xmlin/vol-qcow2-nocapacity-backing.xml | 3= --- tests/storagevolxml2xmlin/vol-qcow2-nocapacity.xml | 3= --- tests/storagevolxml2xmlin/vol-qcow2-nocow.xml | 3= --- tests/storagevolxml2xmlin/vol-qcow2.xml | 3= --- tests/storagevolxml2xmlout/vol-qcow2-0.10-lazy.xml | 3= --- tests/storagevolxml2xmlout/vol-qcow2-1.1.xml | 3= --- tests/storagevolxml2xmlout/vol-qcow2-lazy.xml | 3= --- tests/storagevolxml2xmlout/vol-qcow2-nobacking.xml | 3= --- tests/storagevolxml2xmlout/vol-qcow2-nocapacity.xml | 3= --- tests/storagevolxml2xmlout/vol-qcow2-nocow.xml | 3= --- tests/storagevolxml2xmlout/vol-qcow2.xml | 3= --- 24 files changed, 9 insertions(+), 54 deletions(-) diff --git a/tests/storagevolxml2argvdata/qcow2-1.1.argv b/tests/storagevol= xml2argvdata/qcow2-1.1.argv index c4dcb1bc3c..71ff67378e 100644 --- a/tests/storagevolxml2argvdata/qcow2-1.1.argv +++ b/tests/storagevolxml2argvdata/qcow2-1.1.argv @@ -1,3 +1,3 @@ qemu-img create -f qcow2 -b /dev/null \ --o backing_fmt=3Draw,encryption=3Don,compat=3D1.1 \ +-o backing_fmt=3Draw,compat=3D1.1 \ /var/lib/libvirt/images/OtherDemo.img 5242880K diff --git a/tests/storagevolxml2argvdata/qcow2-compat.argv b/tests/storage= volxml2argvdata/qcow2-compat.argv index 37ad2c078d..fcb6bed782 100644 --- a/tests/storagevolxml2argvdata/qcow2-compat.argv +++ b/tests/storagevolxml2argvdata/qcow2-compat.argv @@ -1,3 +1,3 @@ qemu-img create -f qcow2 -b /dev/null \ --o backing_fmt=3Draw,encryption=3Don,compat=3D0.10 \ +-o backing_fmt=3Draw,compat=3D0.10 \ /var/lib/libvirt/images/OtherDemo.img 5242880K diff --git a/tests/storagevolxml2argvdata/qcow2-from-logical-compat.argv b/= tests/storagevolxml2argvdata/qcow2-from-logical-compat.argv index 5f365b1f84..f99717ad40 100644 --- a/tests/storagevolxml2argvdata/qcow2-from-logical-compat.argv +++ b/tests/storagevolxml2argvdata/qcow2-from-logical-compat.argv @@ -1,3 +1,3 @@ qemu-img convert -f raw -O qcow2 \ --o encryption=3Don,compat=3D0.10 \ +-o compat=3D0.10 \ /dev/HostVG/Swap /var/lib/libvirt/images/OtherDemo.img diff --git a/tests/storagevolxml2argvdata/qcow2-lazy.argv b/tests/storagevo= lxml2argvdata/qcow2-lazy.argv index b7058b84cc..c3c09cefef 100644 --- a/tests/storagevolxml2argvdata/qcow2-lazy.argv +++ b/tests/storagevolxml2argvdata/qcow2-lazy.argv @@ -1,3 +1,3 @@ qemu-img create -f qcow2 -b /dev/null \ --o backing_fmt=3Draw,encryption=3Don,compat=3D1.1,lazy_refcounts \ +-o backing_fmt=3Draw,compat=3D1.1,lazy_refcounts \ /var/lib/libvirt/images/OtherDemo.img 5242880K diff --git a/tests/storagevolxml2argvdata/qcow2-nobacking-convert-prealloc-= compat.argv b/tests/storagevolxml2argvdata/qcow2-nobacking-convert-prealloc= -compat.argv index 3d93ec8480..f3e230654b 100644 --- a/tests/storagevolxml2argvdata/qcow2-nobacking-convert-prealloc-compat.= argv +++ b/tests/storagevolxml2argvdata/qcow2-nobacking-convert-prealloc-compat.= argv @@ -1,3 +1,3 @@ qemu-img convert -f raw -O qcow2 \ --o encryption=3Don,preallocation=3Dmetadata,compat=3D0.10 \ +-o preallocation=3Dmetadata,compat=3D0.10 \ /var/lib/libvirt/images/sparse.img /var/lib/libvirt/images/OtherDemo.img diff --git a/tests/storagevolxml2argvdata/qcow2-nobacking-prealloc-compat.a= rgv b/tests/storagevolxml2argvdata/qcow2-nobacking-prealloc-compat.argv index 903c94e33d..841d683965 100644 --- a/tests/storagevolxml2argvdata/qcow2-nobacking-prealloc-compat.argv +++ b/tests/storagevolxml2argvdata/qcow2-nobacking-prealloc-compat.argv @@ -1,3 +1,3 @@ qemu-img create -f qcow2 \ --o encryption=3Don,preallocation=3Dmetadata,compat=3D0.10 \ +-o preallocation=3Dmetadata,compat=3D0.10 \ /var/lib/libvirt/images/OtherDemo.img 5242880K diff --git a/tests/storagevolxml2argvdata/qcow2-nocapacity-convert-prealloc= .argv b/tests/storagevolxml2argvdata/qcow2-nocapacity-convert-prealloc.argv index 73499178e7..22dd9381a4 100644 --- a/tests/storagevolxml2argvdata/qcow2-nocapacity-convert-prealloc.argv +++ b/tests/storagevolxml2argvdata/qcow2-nocapacity-convert-prealloc.argv @@ -1,4 +1,4 @@ qemu-img convert -f raw -O qcow2 \ --o encryption=3Don,preallocation=3Dfalloc,compat=3D0.10 \ +-o preallocation=3Dfalloc,compat=3D0.10 \ /var/lib/libvirt/images/sparse.img \ /var/lib/libvirt/images/OtherDemo.img diff --git a/tests/storagevolxml2argvdata/qcow2-nocapacity.argv b/tests/sto= ragevolxml2argvdata/qcow2-nocapacity.argv index fd88055890..a922d12042 100644 --- a/tests/storagevolxml2argvdata/qcow2-nocapacity.argv +++ b/tests/storagevolxml2argvdata/qcow2-nocapacity.argv @@ -1,5 +1,5 @@ qemu-img create \ -f qcow2 \ -b /dev/null \ --o backing_fmt=3Draw,encryption=3Don,compat=3D0.10 \ +-o backing_fmt=3Draw,compat=3D0.10 \ /var/lib/libvirt/images/OtherDemo.img diff --git a/tests/storagevolxml2argvdata/qcow2-nocow-compat.argv b/tests/s= toragevolxml2argvdata/qcow2-nocow-compat.argv index d5a7547011..826001f73b 100644 --- a/tests/storagevolxml2argvdata/qcow2-nocow-compat.argv +++ b/tests/storagevolxml2argvdata/qcow2-nocow-compat.argv @@ -1,3 +1,3 @@ qemu-img create -f qcow2 -b /dev/null \ --o backing_fmt=3Draw,encryption=3Don,nocow=3Don,compat=3D0.10 \ +-o backing_fmt=3Draw,nocow=3Don,compat=3D0.10 \ /var/lib/libvirt/images/OtherDemo.img 5242880K diff --git a/tests/storagevolxml2xmlin/vol-qcow2-0.10-lazy.xml b/tests/stor= agevolxml2xmlin/vol-qcow2-0.10-lazy.xml index 5bf98b7c84..6007c183d3 100644 --- a/tests/storagevolxml2xmlin/vol-qcow2-0.10-lazy.xml +++ b/tests/storagevolxml2xmlin/vol-qcow2-0.10-lazy.xml @@ -14,9 +14,6 @@ 0 - - - 0.10 diff --git a/tests/storagevolxml2xmlin/vol-qcow2-1.1.xml b/tests/storagevol= xml2xmlin/vol-qcow2-1.1.xml index 696e1e0750..9c42464ae3 100644 --- a/tests/storagevolxml2xmlin/vol-qcow2-1.1.xml +++ b/tests/storagevolxml2xmlin/vol-qcow2-1.1.xml @@ -14,9 +14,6 @@ 0 - - - diff --git a/tests/storagevolxml2xmlin/vol-qcow2-lazy.xml b/tests/storagevo= lxml2xmlin/vol-qcow2-lazy.xml index c1d7875d66..48c3d65d98 100644 --- a/tests/storagevolxml2xmlin/vol-qcow2-lazy.xml +++ b/tests/storagevolxml2xmlin/vol-qcow2-lazy.xml @@ -14,9 +14,6 @@ 0 - - - 1.1 diff --git a/tests/storagevolxml2xmlin/vol-qcow2-nobacking.xml b/tests/stor= agevolxml2xmlin/vol-qcow2-nobacking.xml index 6a6bd5bef3..a21a68d417 100644 --- a/tests/storagevolxml2xmlin/vol-qcow2-nobacking.xml +++ b/tests/storagevolxml2xmlin/vol-qcow2-nobacking.xml @@ -14,8 +14,5 @@ 0 - - - diff --git a/tests/storagevolxml2xmlin/vol-qcow2-nocapacity-backing.xml b/t= ests/storagevolxml2xmlin/vol-qcow2-nocapacity-backing.xml index f8e439bc56..2e508c6731 100644 --- a/tests/storagevolxml2xmlin/vol-qcow2-nocapacity-backing.xml +++ b/tests/storagevolxml2xmlin/vol-qcow2-nocapacity-backing.xml @@ -12,9 +12,6 @@ 0 - - - /dev/null diff --git a/tests/storagevolxml2xmlin/vol-qcow2-nocapacity.xml b/tests/sto= ragevolxml2xmlin/vol-qcow2-nocapacity.xml index 9746900f5c..2dede04295 100644 --- a/tests/storagevolxml2xmlin/vol-qcow2-nocapacity.xml +++ b/tests/storagevolxml2xmlin/vol-qcow2-nocapacity.xml @@ -12,8 +12,5 @@ 0 - - - diff --git a/tests/storagevolxml2xmlin/vol-qcow2-nocow.xml b/tests/storagev= olxml2xmlin/vol-qcow2-nocow.xml index 661475be73..30859536fc 100644 --- a/tests/storagevolxml2xmlin/vol-qcow2-nocow.xml +++ b/tests/storagevolxml2xmlin/vol-qcow2-nocow.xml @@ -14,9 +14,6 @@ 0 - - - diff --git a/tests/storagevolxml2xmlin/vol-qcow2.xml b/tests/storagevolxml2= xmlin/vol-qcow2.xml index 49a7de33d3..f576c7b3ed 100644 --- a/tests/storagevolxml2xmlin/vol-qcow2.xml +++ b/tests/storagevolxml2xmlin/vol-qcow2.xml @@ -14,9 +14,6 @@ 0 - - - /dev/null diff --git a/tests/storagevolxml2xmlout/vol-qcow2-0.10-lazy.xml b/tests/sto= ragevolxml2xmlout/vol-qcow2-0.10-lazy.xml index 1f799dae01..9b666ad5bc 100644 --- a/tests/storagevolxml2xmlout/vol-qcow2-0.10-lazy.xml +++ b/tests/storagevolxml2xmlout/vol-qcow2-0.10-lazy.xml @@ -14,9 +14,6 @@ 0 - - - 0.10 diff --git a/tests/storagevolxml2xmlout/vol-qcow2-1.1.xml b/tests/storagevo= lxml2xmlout/vol-qcow2-1.1.xml index 14f805ff2a..c033f5bd57 100644 --- a/tests/storagevolxml2xmlout/vol-qcow2-1.1.xml +++ b/tests/storagevolxml2xmlout/vol-qcow2-1.1.xml @@ -14,9 +14,6 @@ 0 - - - 1.1 diff --git a/tests/storagevolxml2xmlout/vol-qcow2-lazy.xml b/tests/storagev= olxml2xmlout/vol-qcow2-lazy.xml index 68a9756d4f..ee79e26050 100644 --- a/tests/storagevolxml2xmlout/vol-qcow2-lazy.xml +++ b/tests/storagevolxml2xmlout/vol-qcow2-lazy.xml @@ -14,9 +14,6 @@ 0 - - - 1.1 diff --git a/tests/storagevolxml2xmlout/vol-qcow2-nobacking.xml b/tests/sto= ragevolxml2xmlout/vol-qcow2-nobacking.xml index 075dc6996b..e8281e3b50 100644 --- a/tests/storagevolxml2xmlout/vol-qcow2-nobacking.xml +++ b/tests/storagevolxml2xmlout/vol-qcow2-nobacking.xml @@ -14,8 +14,5 @@ 0 - - - diff --git a/tests/storagevolxml2xmlout/vol-qcow2-nocapacity.xml b/tests/st= oragevolxml2xmlout/vol-qcow2-nocapacity.xml index 223e6892fd..dbf9003213 100644 --- a/tests/storagevolxml2xmlout/vol-qcow2-nocapacity.xml +++ b/tests/storagevolxml2xmlout/vol-qcow2-nocapacity.xml @@ -14,8 +14,5 @@ 0 - - - diff --git a/tests/storagevolxml2xmlout/vol-qcow2-nocow.xml b/tests/storage= volxml2xmlout/vol-qcow2-nocow.xml index 31dc57873c..a7d612135f 100644 --- a/tests/storagevolxml2xmlout/vol-qcow2-nocow.xml +++ b/tests/storagevolxml2xmlout/vol-qcow2-nocow.xml @@ -14,9 +14,6 @@ 0 - - - /dev/null diff --git a/tests/storagevolxml2xmlout/vol-qcow2.xml b/tests/storagevolxml= 2xmlout/vol-qcow2.xml index 31dc57873c..a7d612135f 100644 --- a/tests/storagevolxml2xmlout/vol-qcow2.xml +++ b/tests/storagevolxml2xmlout/vol-qcow2.xml @@ -14,9 +14,6 @@ 0 - - - /dev/null --=20 2.14.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 07:30:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1529535697060391.5231351600488; Wed, 20 Jun 2018 16:01:37 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BA19780F7C; Wed, 20 Jun 2018 23:01:35 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 75B3E10018FF; Wed, 20 Jun 2018 23:01:35 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 1CEC91800537; Wed, 20 Jun 2018 23:01:35 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w5KN1QUW019861 for ; Wed, 20 Jun 2018 19:01:26 -0400 Received: by smtp.corp.redhat.com (Postfix) id 9BB0496131; Wed, 20 Jun 2018 23:01:26 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-14.phx2.redhat.com [10.3.116.14]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5CD4F86EF0 for ; Wed, 20 Jun 2018 23:01:26 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Wed, 20 Jun 2018 19:01:14 -0400 Message-Id: <20180620230119.6276-6-jferlan@redhat.com> In-Reply-To: <20180620230119.6276-1-jferlan@redhat.com> References: <20180620230119.6276-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 05/10] storage: Disallow create/resize of qcow2 encrypted images X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Wed, 20 Jun 2018 23:01:36 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" https://bugzilla.redhat.com/show_bug.cgi?id=3D1526382 Since commit c4eedd793 disallowed qcow2 encrypted images to be used for domains, it no longer makes sense to allow a qcow2 encrypted volume to be created or resized. Add a test that will exhibit the failure of creation as well as the xml2xml validation of the format still being correct. Update the documentation to note the removal of the capability to create and use qcow/default encrypted volumes. Signed-off-by: John Ferlan --- docs/formatsecret.html.in | 22 +++++++-------- docs/formatstorageencryption.html.in | 29 +++++-------------= -- src/storage/storage_util.c | 22 +++++++++++++-- tests/storagevolxml2argvtest.c | 4 +++ tests/storagevolxml2xmlin/vol-qcow2-encryption.xml | 31 ++++++++++++++++++= ++++ .../storagevolxml2xmlout/vol-qcow2-encryption.xml | 31 ++++++++++++++++++= ++++ tests/storagevolxml2xmltest.c | 1 + 7 files changed, 104 insertions(+), 36 deletions(-) create mode 100644 tests/storagevolxml2xmlin/vol-qcow2-encryption.xml create mode 100644 tests/storagevolxml2xmlout/vol-qcow2-encryption.xml diff --git a/docs/formatsecret.html.in b/docs/formatsecret.html.in index 155b7c35de..defbe71731 100644 --- a/docs/formatsecret.html.in +++ b/docs/formatsecret.html.in @@ -51,7 +51,7 @@ =20

This secret is associated with a volume, whether the format is either - for a "qcow" or a "luks" encrypted volume. Each volume will have a + for a "luks" encrypted volume. Each volume will have a unique secret associated with it and it is safe to delete the secret after the volume is deleted. The <usage type=3D'volume'> element must contain a @@ -83,16 +83,6 @@ Secret value set # =20 -

- The volume type secret can be supplied in domain XML for a qcow stor= age - volume encryption as fo= llows: -

- 
-<encryption format=3D'qcow'>
-  <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21ccc2f80=
d6f'/>
-</encryption>
-
-

The volume type secret can be supplied either in volume XML during creation of a storage volu= me @@ -120,6 +110,16 @@ Secret value set # =20 +

+ The volume type secret can be supplied in domain XML for a luks stor= age + volume encryption as fo= llows: +

+ 
+<encryption format=3D'luks'>
+  <secret type=3D'passphrase' uuid=3D'f52a81b2-424e-490c-823d-6bd4235bc=
57'/>
+</encryption>
+
+

Usage type "ceph"

This secret is associated with a Ceph RBD (rados block device). diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry= ption.html.in index 434bdb609e..ea80a87cfb 100644 --- a/docs/formatstorageencryption.html.in +++ b/docs/formatstorageencryption.html.in @@ -39,22 +39,14 @@ specified uuid.

"default" format

-

- <encryption format=3D"default"/> can be specified= only - when creating a qcow volume. If the volume is successfully created,= the - encryption formats, parameters and secrets will be auto-generated by - libvirt and the attached encryption tag will be updated. - The unmodified contents of the encryption tag can be us= ed - in later operations with the volume, or when setting up a domain that - uses the volume. -

"qcow" format

- The qcow format specifies that the built-in encryption - support in qcow- or qcow2-formatted volume - images should be used. A single - <secret type=3D'passphrase'> element is expected.= Note - that this encryption is inherently broken and should not be used any= more. + Since 4.5.0, encryption formats + default and qcow may no longer be used + to create an encrypted volume. Usage of qcow encrypted volumes + in QEMU began phasing out in QEMU 2.3 and by QEMU 2.9 creation + of a qcow encrypted volume via qemu-img required usage of secret + objects, but that support was not added to libvirt.

"luks" format

@@ -121,15 +113,6 @@ =20

Examples

=20 -

- Here is a simple example, specifying use of the qcow fo= rmat: -

- - 
-<encryption format=3D'qcow'>
-   <secret type=3D'passphrase' uuid=3D'c1f11a6d-8c5d-4a3e-ac7a-4e171c5e=
0d4a' />
-</encryption>
-

Assuming a luks volume type secret is already defined, diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index 90cadb9d13..6b02bb2e9a 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -1214,6 +1214,15 @@ virStorageBackendCreateQemuImgCmdFromVol(virStorageP= oolObjPtr pool, =20 virCheckFlags(VIR_STORAGE_VOL_CREATE_PREALLOC_METADATA, NULL); =20 + if (enc && (enc->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_QCOW || + enc->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT) = && + (vol->target.format =3D=3D VIR_STORAGE_FILE_QCOW || + vol->target.format =3D=3D VIR_STORAGE_FILE_QCOW2)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("creation of qcow2 encrypted image is not support= ed")); + goto error; + } + if (virStorageBackendCreateQemuImgSetInfo(pool, vol, inputvol, &info) = < 0) goto error; =20 @@ -1232,8 +1241,7 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePo= olObjPtr pool, if (info.backingPath) virCommandAddArgList(cmd, "-b", info.backingPath, NULL); =20 - if (info.format =3D=3D VIR_STORAGE_FILE_RAW && enc && - enc->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) { + if (enc) { if (!info.secretPath) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("path to secret data file is required")); @@ -2354,6 +2362,16 @@ storageBackendResizeQemuImg(virStoragePoolObjPtr poo= l, const char *type; char *secretPath =3D NULL; char *secretAlias =3D NULL; + virStorageEncryptionPtr enc =3D vol->target.encryption; + + if (enc && (enc->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_QCOW || + enc->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT) = && + (vol->target.format =3D=3D VIR_STORAGE_FILE_QCOW || + vol->target.format =3D=3D VIR_STORAGE_FILE_QCOW2)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("resize of qcow2 encrypted image is not supported= ")); + return -1; + } =20 img_tool =3D virFindFileInPath("qemu-img"); if (!img_tool) { diff --git a/tests/storagevolxml2argvtest.c b/tests/storagevolxml2argvtest.c index b8afe4abcc..d7f5c0f51e 100644 --- a/tests/storagevolxml2argvtest.c +++ b/tests/storagevolxml2argvtest.c @@ -232,6 +232,10 @@ mymain(void) "pool-dir", "vol-file-iso", "iso-input", 0); =20 + DO_TEST_FAIL("pool-dir", "vol-qcow2-encryption", + NULL, NULL, + "qcow2-encryption", 0); + DO_TEST("pool-dir", "vol-luks", NULL, NULL, "luks", 0); diff --git a/tests/storagevolxml2xmlin/vol-qcow2-encryption.xml b/tests/sto= ragevolxml2xmlin/vol-qcow2-encryption.xml new file mode 100644 index 0000000000..49a7de33d3 --- /dev/null +++ b/tests/storagevolxml2xmlin/vol-qcow2-encryption.xml @@ -0,0 +1,31 @@ + + OtherDemo.img + /var/lib/libvirt/images/OtherDemo.img + + + 5 + 294912 + + /var/lib/libvirt/images/OtherDemo.img + + + 0644 + 0 + 0 + + + + + + + + /dev/null + + + 0644 + 0 + 0 + + + + diff --git a/tests/storagevolxml2xmlout/vol-qcow2-encryption.xml b/tests/st= oragevolxml2xmlout/vol-qcow2-encryption.xml new file mode 100644 index 0000000000..31dc57873c --- /dev/null +++ b/tests/storagevolxml2xmlout/vol-qcow2-encryption.xml @@ -0,0 +1,31 @@ + + OtherDemo.img + /var/lib/libvirt/images/OtherDemo.img + + + 5368709120 + 294912 + + /var/lib/libvirt/images/OtherDemo.img + + + 0644 + 0 + 0 + + + + + + + + /dev/null + + + 0644 + 0 + 0 + + + + diff --git a/tests/storagevolxml2xmltest.c b/tests/storagevolxml2xmltest.c index 426b100c27..7bac4974ae 100644 --- a/tests/storagevolxml2xmltest.c +++ b/tests/storagevolxml2xmltest.c @@ -106,6 +106,7 @@ mymain(void) DO_TEST("pool-dir", "vol-qcow2-lazy"); DO_TEST("pool-dir", "vol-qcow2-0.10-lazy"); DO_TEST("pool-dir", "vol-qcow2-nobacking"); + DO_TEST("pool-dir", "vol-qcow2-encryption"); DO_TEST("pool-dir", "vol-luks"); DO_TEST("pool-dir", "vol-luks-cipher"); DO_TEST("pool-disk", "vol-partition"); --=20 2.14.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 07:30:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1529535718390177.41685530244013; Wed, 20 Jun 2018 16:01:58 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 174A430832E5; Wed, 20 Jun 2018 23:01:55 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CBDAF60BC2; Wed, 20 Jun 2018 23:01:54 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6316018037ED; Wed, 20 Jun 2018 23:01:54 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w5KN1RgK019869 for ; Wed, 20 Jun 2018 19:01:27 -0400 Received: by smtp.corp.redhat.com (Postfix) id 0975B96131; Wed, 20 Jun 2018 23:01:27 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-14.phx2.redhat.com [10.3.116.14]) by smtp.corp.redhat.com (Postfix) with ESMTP id C007986EF0 for ; Wed, 20 Jun 2018 23:01:26 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Wed, 20 Jun 2018 19:01:15 -0400 Message-Id: <20180620230119.6276-7-jferlan@redhat.com> In-Reply-To: <20180620230119.6276-1-jferlan@redhat.com> References: <20180620230119.6276-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 06/10] storage: Clean up storageBackendCreateQemuImgCheckEncryption X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Wed, 20 Jun 2018 23:01:57 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Remove the checks for qcow encryption since both callers (create and resize) would have already disallowed usage. Signed-off-by: John Ferlan --- src/storage/storage_util.c | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index 6b02bb2e9a..fe588df7dd 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -891,25 +891,7 @@ storageBackendCreateQemuImgCheckEncryption(int format, { virStorageEncryptionPtr enc =3D vol->target.encryption; =20 - if (format =3D=3D VIR_STORAGE_FILE_QCOW || format =3D=3D VIR_STORAGE_F= ILE_QCOW2) { - if (enc->format !=3D VIR_STORAGE_ENCRYPTION_FORMAT_QCOW && - enc->format !=3D VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("unsupported volume encryption format %d"), - vol->target.encryption->format); - return -1; - } - if (enc->nsecrets > 1) { - virReportError(VIR_ERR_XML_ERROR, "%s", - _("too many secrets for qcow encryption")); - return -1; - } - if (enc->nsecrets =3D=3D 0) { - virReportError(VIR_ERR_XML_ERROR, "%s", - _("no secret provided for qcow encryption")); - return -1; - } - } else if (format =3D=3D VIR_STORAGE_FILE_RAW) { + if (format =3D=3D VIR_STORAGE_FILE_RAW) { if (enc->format !=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("unsupported volume encryption format %d"), --=20 2.14.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 07:30:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 152953569291866.47414241117065; Wed, 20 Jun 2018 16:01:32 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3CCD180F7A; Wed, 20 Jun 2018 23:01:31 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0604130001D5; Wed, 20 Jun 2018 23:01:31 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9B39E4A460; Wed, 20 Jun 2018 23:01:30 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w5KN1Rja019874 for ; Wed, 20 Jun 2018 19:01:27 -0400 Received: by smtp.corp.redhat.com (Postfix) id 680FC96131; Wed, 20 Jun 2018 23:01:27 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-14.phx2.redhat.com [10.3.116.14]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2D5B286EF0 for ; Wed, 20 Jun 2018 23:01:27 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Wed, 20 Jun 2018 19:01:16 -0400 Message-Id: <20180620230119.6276-8-jferlan@redhat.com> In-Reply-To: <20180620230119.6276-1-jferlan@redhat.com> References: <20180620230119.6276-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 07/10] storage: Clean up storageBackendCreateQemuImgOpts X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Wed, 20 Jun 2018 23:01:32 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Since we only generate the @encinfo when there's a secret object and thus we need to reference it in the options, Signed-off-by: John Ferlan --- src/storage/storage_util.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index fe588df7dd..e090521d79 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -827,12 +827,8 @@ storageBackendCreateQemuImgOpts(virStorageEncryptionIn= foDefPtr encinfo, virBufferAsprintf(&buf, "backing_fmt=3D%s,", virStorageFileFormatTypeToString(info.backingFor= mat)); =20 - if (info.format =3D=3D VIR_STORAGE_FILE_RAW && encinfo) { + if (encinfo) virQEMUBuildQemuImgKeySecretOpts(&buf, encinfo, info.secretAlias); - } else { - if (info.encryption) - virBufferAddLit(&buf, "encryption=3Don,"); - } =20 if (info.preallocate) { if (info.size_arg > info.allocation) --=20 2.14.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 07:30:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1529535703723733.1056674901922; Wed, 20 Jun 2018 16:01:43 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EEA713086275; Wed, 20 Jun 2018 23:01:41 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B3D5B30012A3; Wed, 20 Jun 2018 23:01:41 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 591A14A46E; Wed, 20 Jun 2018 23:01:41 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w5KN1Rdc019879 for ; Wed, 20 Jun 2018 19:01:27 -0400 Received: by smtp.corp.redhat.com (Postfix) id CB22B96131; Wed, 20 Jun 2018 23:01:27 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-14.phx2.redhat.com [10.3.116.14]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8F63986EF0 for ; Wed, 20 Jun 2018 23:01:27 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Wed, 20 Jun 2018 19:01:17 -0400 Message-Id: <20180620230119.6276-9-jferlan@redhat.com> In-Reply-To: <20180620230119.6276-1-jferlan@redhat.com> References: <20180620230119.6276-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 08/10] storage: Remove storageBackendGenerateSecretData X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.49]); Wed, 20 Jun 2018 23:01:42 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Since we no longer support creating qcow2 encryption format volumes, we no longer have to possibly create some secret and have no real need for the function, so move the remaining functionality to build the secret path back into the caller storageBackendCreateQemuImg. Signed-off-by: John Ferlan --- src/storage/storage_util.c | 134 +----------------------------------------= ---- 1 file changed, 2 insertions(+), 132 deletions(-) diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index e090521d79..e26f5e2b48 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -482,109 +482,6 @@ storageBackendCreateRaw(virStoragePoolObjPtr pool, return ret; } =20 -static int -virStorageGenerateSecretUUID(virConnectPtr conn, - unsigned char *uuid) -{ - unsigned attempt; - - for (attempt =3D 0; attempt < 65536; attempt++) { - virSecretPtr tmp; - if (virUUIDGenerate(uuid) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("unable to generate uuid")); - return -1; - } - tmp =3D virSecretLookupByUUID(conn, uuid); - if (tmp =3D=3D NULL) - return 0; - - virObjectUnref(tmp); - } - - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("too many conflicts when generating a uuid")); - - return -1; -} - -static int -virStorageGenerateQcowEncryption(virStorageVolDefPtr vol) -{ - virSecretDefPtr def =3D NULL; - virBuffer buf =3D VIR_BUFFER_INITIALIZER; - virStorageEncryptionPtr enc; - virStorageEncryptionSecretPtr enc_secret =3D NULL; - virSecretPtr secret =3D NULL; - char *xml; - unsigned char value[VIR_STORAGE_QCOW_PASSPHRASE_SIZE]; - int ret =3D -1; - virConnectPtr conn =3D NULL; - - conn =3D virGetConnectSecret(); - if (!conn) - return -1; - - enc =3D vol->target.encryption; - if (enc->nsecrets !=3D 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("secrets already defined")); - goto cleanup; - } - - if (VIR_ALLOC(enc_secret) < 0 || VIR_REALLOC_N(enc->secrets, 1) < 0 || - VIR_ALLOC(def) < 0) - goto cleanup; - - def->isephemeral =3D false; - def->isprivate =3D false; - if (virStorageGenerateSecretUUID(conn, def->uuid) < 0) - goto cleanup; - - def->usage_type =3D VIR_SECRET_USAGE_TYPE_VOLUME; - if (VIR_STRDUP(def->usage_id, vol->target.path) < 0) - goto cleanup; - xml =3D virSecretDefFormat(def); - virSecretDefFree(def); - def =3D NULL; - if (xml =3D=3D NULL) - goto cleanup; - - secret =3D virSecretDefineXML(conn, xml, 0); - if (secret =3D=3D NULL) { - VIR_FREE(xml); - goto cleanup; - } - VIR_FREE(xml); - - if (virStorageGenerateQcowPassphrase(value) < 0) - goto cleanup; - - if (virSecretSetValue(secret, value, sizeof(value), 0) < 0) - goto cleanup; - - enc_secret->type =3D VIR_STORAGE_ENCRYPTION_SECRET_TYPE_PASSPHRASE; - enc_secret->seclookupdef.type =3D VIR_SECRET_LOOKUP_TYPE_UUID; - memcpy(enc_secret->seclookupdef.u.uuid, secret->uuid, VIR_UUID_BUFLEN); - enc->format =3D VIR_STORAGE_ENCRYPTION_FORMAT_QCOW; - enc->secrets[0] =3D enc_secret; /* Space for secrets[0] allocated abov= e */ - enc_secret =3D NULL; - enc->nsecrets =3D 1; - - ret =3D 0; - - cleanup: - if (secret !=3D NULL) { - if (ret !=3D 0) - virSecretUndefine(secret); - virObjectUnref(secret); - } - virObjectUnref(conn); - virBufferFreeAndReset(&buf); - virSecretDefFree(def); - VIR_FREE(enc_secret); - return ret; -} =20 static int virStorageBackendCreateExecCommand(virStoragePoolObjPtr pool, @@ -1325,34 +1222,6 @@ storageBackendCreateQemuImgSecretPath(virStoragePool= ObjPtr pool, } =20 =20 -static int -storageBackendGenerateSecretData(virStoragePoolObjPtr pool, - virStorageVolDefPtr vol, - char **secretPath) -{ - virStorageEncryptionPtr enc =3D vol->target.encryption; - - if (!enc) - return 0; - - if ((vol->target.format =3D=3D VIR_STORAGE_FILE_QCOW || - vol->target.format =3D=3D VIR_STORAGE_FILE_QCOW2) && - (enc->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT || - enc->nsecrets =3D=3D 0)) { - if (virStorageGenerateQcowEncryption(vol) < 0) - return -1; - } - - if (vol->target.format =3D=3D VIR_STORAGE_FILE_RAW && - enc->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) { - if (!(*secretPath =3D storageBackendCreateQemuImgSecretPath(pool, = vol))) - return -1; - } - - return 0; -} - - static int storageBackendDoCreateQemuImg(virStoragePoolObjPtr pool, virStorageVolDefPtr vol, @@ -1398,7 +1267,8 @@ storageBackendCreateQemuImg(virStoragePoolObjPtr pool, return -1; } =20 - if (storageBackendGenerateSecretData(pool, vol, &secretPath) < 0) + if (vol->target.encryption && + !(secretPath =3D storageBackendCreateQemuImgSecretPath(pool, vol))) goto cleanup; =20 ret =3D storageBackendDoCreateQemuImg(pool, vol, inputvol, flags, --=20 2.14.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 07:30:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1529535709852726.6492344602216; Wed, 20 Jun 2018 16:01:49 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C5627307D859; Wed, 20 Jun 2018 23:01:47 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 89A711001940; Wed, 20 Jun 2018 23:01:47 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 27AFE3FB1D; Wed, 20 Jun 2018 23:01:47 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w5KN1STt019889 for ; Wed, 20 Jun 2018 19:01:28 -0400 Received: by smtp.corp.redhat.com (Postfix) id 4733196131; Wed, 20 Jun 2018 23:01:28 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-14.phx2.redhat.com [10.3.116.14]) by smtp.corp.redhat.com (Postfix) with ESMTP id EF00F86EF0 for ; Wed, 20 Jun 2018 23:01:27 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Wed, 20 Jun 2018 19:01:18 -0400 Message-Id: <20180620230119.6276-10-jferlan@redhat.com> In-Reply-To: <20180620230119.6276-1-jferlan@redhat.com> References: <20180620230119.6276-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 09/10] storage: Add support for using inputvol for encryption X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Wed, 20 Jun 2018 23:01:48 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Starting with QEMU 2.9, encryption convert processing requires a multi-step process in order to generate an encrypted image from some non encrypted raw image. Processing requires to first create an encrypted image using the sizing parameters from the input source and second to use the --image-opts, -n, and --target-image-opts options along with inline driver options to describe the input and output files, generating two commands such as: $ qemu-img create -f luks \ --object secret,id=3Ddemo.img_encrypt0,file=3D/path/to/secretFile \ -o key-secret=3Ddemo.img_encrypt0 \ demo.img 500K Formatting 'demo.img', fmt=3Dluks size=3D512000 key-secret=3Ddemo.img_enc= rypt0 $ qemu-img convert --image-opts -n --target-image-opts \ --object secret,id=3Ddemo.img_encrypt0,file=3D/path/to/secretFile \ driver=3Draw,file.filename=3Dsparse.img \ driver=3Dluks,file.filename=3Ddemo.img,key-secret=3Ddemo.img_encrypt0 $ This patch handles the convert processing by running the processing in a do..while loop essentially reusing the existing create logic and arguments to create the target vol from the inputvol and then converting the inputvol using new arguments. This then allows the following virsh command to work properly: virsh vol-create-from default encrypt1-luks.xml data.img --inputpool defa= ult where encrypt1-luks.xml would provided the path and secret for the new image, while data.img would be the source image. Signed-off-by: John Ferlan --- src/storage/storage_util.c | 103 +++++++++++++++++----= ---- src/storage/storage_util.h | 10 ++- tests/storagevolxml2argvdata/luks-convert.argv | 9 +++ tests/storagevolxml2argvtest.c | 65 +++++++++++++--- tests/storagevolxml2xmlin/vol-luks-convert.xml | 21 +++++ 5 files changed, 161 insertions(+), 47 deletions(-) create mode 100644 tests/storagevolxml2argvdata/luks-convert.argv create mode 100644 tests/storagevolxml2xmlin/vol-luks-convert.xml diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index e26f5e2b48..a701a75702 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -819,12 +819,15 @@ storageBackendCreateQemuImgCheckEncryption(int format, =20 static int storageBackendCreateQemuImgSetInput(virStorageVolDefPtr inputvol, + virStorageVolEncryptConvertStep conver= tStep, struct _virStorageBackendQemuImgInfo *= info) { - if (!(info->inputPath =3D inputvol->target.path)) { - virReportError(VIR_ERR_INVALID_ARG, "%s", - _("missing input volume target path")); - return -1; + if (convertStep !=3D VIR_STORAGE_VOL_ENCRYPT_CREATE) { + if (!(info->inputPath =3D inputvol->target.path)) { + virReportError(VIR_ERR_INVALID_ARG, "%s", + _("missing input volume target path")); + return -1; + } } =20 info->inputFormat =3D inputvol->target.format; @@ -995,6 +998,7 @@ static int virStorageBackendCreateQemuImgSetInfo(virStoragePoolObjPtr pool, virStorageVolDefPtr vol, virStorageVolDefPtr inputvol, + virStorageVolEncryptConvertStep conv= ertStep, struct _virStorageBackendQemuImgInfo= *info) { /* Treat output block devices as 'raw' format */ @@ -1027,11 +1031,6 @@ virStorageBackendCreateQemuImgSetInfo(virStoragePool= ObjPtr pool, return -1; } if (info->format =3D=3D VIR_STORAGE_FILE_RAW && vol->target.encryption= ) { - if (inputvol) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("cannot use inputvol with encrypted raw volum= e")); - return -1; - } if (vol->target.encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_F= ORMAT_LUKS) { info->type =3D "luks"; } else { @@ -1042,7 +1041,7 @@ virStorageBackendCreateQemuImgSetInfo(virStoragePoolO= bjPtr pool, } =20 if (inputvol && - storageBackendCreateQemuImgSetInput(inputvol, info) < 0) + storageBackendCreateQemuImgSetInput(inputvol, convertStep, info) <= 0) return -1; =20 if (virStorageSourceHasBacking(&vol->target) && @@ -1068,7 +1067,8 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePo= olObjPtr pool, virStorageVolDefPtr inputvol, unsigned int flags, const char *create_tool, - const char *secretPath) + const char *secretPath, + virStorageVolEncryptConvertStep c= onvertStep) { virCommandPtr cmd =3D NULL; struct _virStorageBackendQemuImgInfo info =3D { @@ -1098,18 +1098,25 @@ virStorageBackendCreateQemuImgCmdFromVol(virStorage= PoolObjPtr pool, goto error; } =20 - if (virStorageBackendCreateQemuImgSetInfo(pool, vol, inputvol, &info) = < 0) + if (virStorageBackendCreateQemuImgSetInfo(pool, vol, inputvol, + convertStep, &info) < 0) goto error; =20 cmd =3D virCommandNew(create_tool); =20 - /* ignore the backing volume when we're converting a volume */ - if (info.inputPath) + /* ignore the backing volume when we're converting a volume + * including when we're doing a two step convert during create */ + if (info.inputPath || convertStep =3D=3D VIR_STORAGE_VOL_ENCRYPT_CREAT= E) info.backingPath =3D NULL; =20 - if (info.inputPath) + /* Converting to use encryption is a two step process - step 1 is to + * create the image and step 2 is to convert it using special argument= s */ + if (info.inputPath && convertStep =3D=3D VIR_STORAGE_VOL_ENCRYPT_NONE) virCommandAddArgList(cmd, "convert", "-f", info.inputFormatStr, "-O", info.type, NULL); + else if (info.inputPath && convertStep =3D=3D VIR_STORAGE_VOL_ENCRYPT_= CONVERT) + virCommandAddArgList(cmd, "convert", "--image-opts", "-n", + "--target-image-opts", NULL); else virCommandAddArgList(cmd, "create", "-f", info.type, NULL); =20 @@ -1130,15 +1137,24 @@ virStorageBackendCreateQemuImgCmdFromVol(virStorage= PoolObjPtr pool, encinfo =3D &enc->encinfo; } =20 - if (storageBackendCreateQemuImgSetOptions(cmd, encinfo, info) < 0) - goto error; - VIR_FREE(info.secretAlias); + if (convertStep !=3D VIR_STORAGE_VOL_ENCRYPT_CONVERT) { + if (storageBackendCreateQemuImgSetOptions(cmd, encinfo, info) < 0) + goto error; + if (info.inputPath) + virCommandAddArg(cmd, info.inputPath); + virCommandAddArg(cmd, info.path); + if (!info.inputPath && (info.size_arg || !info.backingPath)) + virCommandAddArgFormat(cmd, "%lluK", info.size_arg); + } else { + /* source */ + virCommandAddArgFormat(cmd, "driver=3Draw,file.filename=3D%s", + info.inputPath); =20 - if (info.inputPath) - virCommandAddArg(cmd, info.inputPath); - virCommandAddArg(cmd, info.path); - if (!info.inputPath && (info.size_arg || !info.backingPath)) - virCommandAddArgFormat(cmd, "%lluK", info.size_arg); + /* dest */ + virCommandAddArgFormat(cmd, "driver=3D%s,file.filename=3D%s,key-se= cret=3D%s", + info.type, info.path, info.secretAlias); + } + VIR_FREE(info.secretAlias); =20 return cmd; =20 @@ -1228,14 +1244,15 @@ storageBackendDoCreateQemuImg(virStoragePoolObjPtr = pool, virStorageVolDefPtr inputvol, unsigned int flags, const char *create_tool, - const char *secretPath) + const char *secretPath, + virStorageVolEncryptConvertStep convertStep) { int ret; virCommandPtr cmd; =20 cmd =3D virStorageBackendCreateQemuImgCmdFromVol(pool, vol, inputvol, flags, create_tool, - secretPath); + secretPath, convertStep= ); if (!cmd) return -1; =20 @@ -1256,6 +1273,7 @@ storageBackendCreateQemuImg(virStoragePoolObjPtr pool, int ret =3D -1; char *create_tool; char *secretPath =3D NULL; + virStorageVolEncryptConvertStep convertStep =3D VIR_STORAGE_VOL_ENCRYP= T_NONE; =20 virCheckFlags(VIR_STORAGE_VOL_CREATE_PREALLOC_METADATA, -1); =20 @@ -1271,8 +1289,32 @@ storageBackendCreateQemuImg(virStoragePoolObjPtr poo= l, !(secretPath =3D storageBackendCreateQemuImgSecretPath(pool, vol))) goto cleanup; =20 - ret =3D storageBackendDoCreateQemuImg(pool, vol, inputvol, flags, - create_tool, secretPath); + /* Using an input file for encryption requires a multi-step process + * to create an image of the same size as the inputvol and then to + * convert the inputvol afterwards. */ + if (secretPath && inputvol) + convertStep =3D VIR_STORAGE_VOL_ENCRYPT_CREATE; + + do { + ret =3D storageBackendDoCreateQemuImg(pool, vol, inputvol, flags, + create_tool, secretPath, + convertStep); + + /* Failure to convert, attempt to delete what we created */ + if (ret < 0 && convertStep =3D=3D VIR_STORAGE_VOL_ENCRYPT_CONVERT) + ignore_value(virFileRemove(vol->target.path, + vol->target.perms->uid, + vol->target.perms->gid)); + + if (ret < 0 || convertStep =3D=3D VIR_STORAGE_VOL_ENCRYPT_NONE) + goto cleanup; + + if (convertStep =3D=3D VIR_STORAGE_VOL_ENCRYPT_CREATE) + convertStep =3D VIR_STORAGE_VOL_ENCRYPT_CONVERT; + else if (convertStep =3D=3D VIR_STORAGE_VOL_ENCRYPT_CONVERT) + convertStep =3D VIR_STORAGE_VOL_ENCRYPT_DONE; + } while (convertStep !=3D VIR_STORAGE_VOL_ENCRYPT_DONE); + cleanup: if (secretPath) { unlink(secretPath); @@ -2024,13 +2066,6 @@ storageBackendVolBuildLocal(virStoragePoolObjPtr poo= l, virStorageBackendBuildVolFrom create_func; =20 if (inputvol) { - if (vol->target.encryption) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - "%s", _("storage pool does not support " - "building encrypted volumes from " - "other volumes")); - return -1; - } if (!(create_func =3D virStorageBackendGetBuildVolFromFunction(vol, inputvol))) return -1; diff --git a/src/storage/storage_util.h b/src/storage/storage_util.h index 9307702754..6fc8e8972c 100644 --- a/src/storage/storage_util.h +++ b/src/storage/storage_util.h @@ -153,13 +153,21 @@ char *virStorageBackendStablePath(virStoragePoolObjPt= r pool, const char *devpath, bool loop); =20 +typedef enum { + VIR_STORAGE_VOL_ENCRYPT_NONE =3D 0, + VIR_STORAGE_VOL_ENCRYPT_CREATE, + VIR_STORAGE_VOL_ENCRYPT_CONVERT, + VIR_STORAGE_VOL_ENCRYPT_DONE, +} virStorageVolEncryptConvertStep; + virCommandPtr virStorageBackendCreateQemuImgCmdFromVol(virStoragePoolObjPtr pool, virStorageVolDefPtr vol, virStorageVolDefPtr inputvol, unsigned int flags, const char *create_tool, - const char *secretPath); + const char *secretPath, + virStorageVolEncryptConvertStep c= onvertStep); =20 int virStorageBackendSCSIFindLUs(virStoragePoolObjPtr pool, uint32_t scanhost); diff --git a/tests/storagevolxml2argvdata/luks-convert.argv b/tests/storage= volxml2argvdata/luks-convert.argv new file mode 100644 index 0000000000..6bac814300 --- /dev/null +++ b/tests/storagevolxml2argvdata/luks-convert.argv @@ -0,0 +1,9 @@ +qemu-img create -f luks \ +--object secret,id=3DOtherDemo.img_encrypt0,file=3D/path/to/secretFile \ +-o key-secret=3DOtherDemo.img_encrypt0 \ +/var/lib/libvirt/images/OtherDemo.img 5242880K +qemu-img convert --image-opts -n --target-image-opts \ +--object secret,id=3DOtherDemo.img_encrypt0,file=3D/path/to/secretFile \ +driver=3Draw,file.filename=3D/var/lib/libvirt/images/sparse.img \ +driver=3Dluks,file.filename=3D/var/lib/libvirt/images/OtherDemo.img,\ +key-secret=3DOtherDemo.img_encrypt0 diff --git a/tests/storagevolxml2argvtest.c b/tests/storagevolxml2argvtest.c index d7f5c0f51e..b795f83aee 100644 --- a/tests/storagevolxml2argvtest.c +++ b/tests/storagevolxml2argvtest.c @@ -43,6 +43,7 @@ testCompareXMLToArgvFiles(bool shouldFail, unsigned long parse_flags) { char *actualCmdline =3D NULL; + virStorageVolEncryptConvertStep convertStep =3D VIR_STORAGE_VOL_ENCRYP= T_NONE; int ret =3D -1; =20 virCommandPtr cmd =3D NULL; @@ -79,20 +80,56 @@ testCompareXMLToArgvFiles(bool shouldFail, testSetVolumeType(vol, def); testSetVolumeType(inputvol, inputpool); =20 - cmd =3D virStorageBackendCreateQemuImgCmdFromVol(obj, vol, - inputvol, flags, - create_tool, - "/path/to/secretFile"); - if (!cmd) { - if (shouldFail) { - virResetLastError(); - ret =3D 0; + /* Using an input file for encryption requires a multi-step process + * to create an image of the same size as the inputvol and then to + * convert the inputvol afterwards. Since we only care about the + * command line we have to copy code from storageBackendCreateQemuImg + * and adjust it for the test needs. */ + if (inputvol && vol->target.encryption) + convertStep =3D VIR_STORAGE_VOL_ENCRYPT_CREATE; + + do { + cmd =3D virStorageBackendCreateQemuImgCmdFromVol(obj, vol, + inputvol, flags, + create_tool, + "/path/to/secretFil= e", + convertStep); + if (!cmd) { + if (shouldFail) { + virResetLastError(); + ret =3D 0; + } + goto cleanup; } - goto cleanup; - } =20 - if (!(actualCmdline =3D virCommandToString(cmd))) - goto cleanup; + if (convertStep !=3D VIR_STORAGE_VOL_ENCRYPT_CONVERT) { + if (!(actualCmdline =3D virCommandToString(cmd))) + goto cleanup; + } else { + char *createCmdline =3D actualCmdline; + char *cvtCmdline; + int rc; + + if (!(cvtCmdline =3D virCommandToString(cmd))) + goto cleanup; + + rc =3D virAsprintf(&actualCmdline, "%s\n%s", + createCmdline, cvtCmdline); + + VIR_FREE(createCmdline); + VIR_FREE(cvtCmdline); + if (rc < 0) + goto cleanup; + } + + if (convertStep =3D=3D VIR_STORAGE_VOL_ENCRYPT_NONE) + convertStep =3D VIR_STORAGE_VOL_ENCRYPT_DONE; + else if (convertStep =3D=3D VIR_STORAGE_VOL_ENCRYPT_CREATE) + convertStep =3D VIR_STORAGE_VOL_ENCRYPT_CONVERT; + else if (convertStep =3D=3D VIR_STORAGE_VOL_ENCRYPT_CONVERT) + convertStep =3D VIR_STORAGE_VOL_ENCRYPT_DONE; + + } while (convertStep !=3D VIR_STORAGE_VOL_ENCRYPT_DONE); =20 if (virTestCompareToFile(actualCmdline, cmdline) < 0) goto cleanup; @@ -243,6 +280,10 @@ mymain(void) NULL, NULL, "luks-cipher", 0); =20 + DO_TEST("pool-dir", "vol-luks-convert", + "pool-dir", "vol-file", + "luks-convert", 0); + return ret =3D=3D 0 ? EXIT_SUCCESS : EXIT_FAILURE; } =20 diff --git a/tests/storagevolxml2xmlin/vol-luks-convert.xml b/tests/storage= volxml2xmlin/vol-luks-convert.xml new file mode 100644 index 0000000000..6e03de6b14 --- /dev/null +++ b/tests/storagevolxml2xmlin/vol-luks-convert.xml @@ -0,0 +1,21 @@ + + OtherDemo.img + /var/lib/libvirt/images/OtherDemo.img + + + 5 + 294912 + + /var/lib/libvirt/images/OtherDemo.img + + + 0644 + 0 + 0 + + + + + + + --=20 2.14.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 07:30:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1529535723162277.02287569987857; Wed, 20 Jun 2018 16:02:03 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A0A4381DFC; Wed, 20 Jun 2018 23:02:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 38B02611A1; Wed, 20 Jun 2018 23:02:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id BBAA11800537; Wed, 20 Jun 2018 23:02:00 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w5KN1S2n019894 for ; Wed, 20 Jun 2018 19:01:28 -0400 Received: by smtp.corp.redhat.com (Postfix) id A791186EF0; Wed, 20 Jun 2018 23:01:28 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-14.phx2.redhat.com [10.3.116.14]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6E118B2A4B for ; Wed, 20 Jun 2018 23:01:28 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Wed, 20 Jun 2018 19:01:19 -0400 Message-Id: <20180620230119.6276-11-jferlan@redhat.com> In-Reply-To: <20180620230119.6276-1-jferlan@redhat.com> References: <20180620230119.6276-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3 10/10] docs: Add news article for volume encryption modifications X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 20 Jun 2018 23:02:02 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Include both the domain and storage modifications in a "Removed features" section as well as describing the improvement to allow using a raw input volume to create the luks encrypted volume. Signed-off-by: John Ferlan --- docs/news.xml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index 08e5dcbda3..b97c7beb86 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -62,6 +62,21 @@ +

+ + + Remove support for qcow/default encrypted volumes + + + Disallow using a qcow encrypted volume for the guest and + disallow creation of the qcow or default encrypted volume + from the storage driver. Support for qcow encrypted volumes + has been phasing out since QEMU 2.3 and by QEMU 2.9 creation + of a qcow encrypted volume via qemu-img required usage of + secret objects, but that support was never added to libvirt. + + +
@@ -71,6 +86,16 @@ Capabilities XML now provide information about host IOMMU suppor= t. + + + Add support to use an raw input volume for encryption + + + It is now possible to provide a raw input volume as input for + to generate a luks encrypted volume via either virsh vol-create-= from + or virStorageVolCreateXMLFrom. + +
--=20 2.14.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list