On Tue, May 22, 2018 at 10:40:39 -0400, John Ferlan wrote:
>
>
> On 05/22/2018 10:04 AM, Peter Krempa wrote:
> > This applies on top of the text monitor cleanup. See explanation in 3/4
> > for justification.
> >
> > Peter Krempa (4):
> > tests: qemublock: Switch to qcow2+luks in test files
> > tests: qemu: Modernize/remove qcow2 encryption from tests not related
> > to storage
> > qemu: domain: Forbid storage with old QCOW2 encryption
> > qemu: Remove code for setting up disk passphrases
> >
>
> This would be nice, but based on this series:
>
> https://www.redhat.com/archives/libvir-list/2018-May/msg01268.html
>
> I believe there are quite a few more tests/files to modify/delete in
> order to remove qcow[2] from the source tree.
Yes, because the check in 3/4 only does this for qcow2, but it also
should be done for qcow.
>
> There's also the formatstorageencryption and formatsecret documentation
> that would need updating.
Yep.
>
> Based only on the effort from the above series to convert/consume a non
> encrypted image to result in a qcow[2] encrypted image - I assume
> conversion of qcow[2] images is not a simple exercise. Not sure whether
> anyone really uses qcow[2] encryption anymore in the wild, but just
> telling them they have to convert (without providing a shred of details
> as to what that entails isn't very friendly.
Starting with qemu 2.7 qcow[2] encryption can't be used with system
emulators only with qemu-img. It was deprecated since 2.3. While this
breaks compatibility with old qemus the upstream support for this is
declared dead.
With these patches you get a failure even with old qemus and you know
that you have to fix your images rather than waiting for the doom which
can happen.
commit 8c0dcbc4ad2bf4f9f3b27c637b357e87cad70ec7
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Mon Jun 13 12:30:09 2016 +0100
block: drop support for using qcow[2] encryption with system emulators
Back in the 2.3.0 release we declared qcow[2] encryption as
deprecated, warning people that it would be removed in a future
release.
commit a1f688f4152e65260b94f37543521ceff8bfebe4
Author: Markus Armbruster <armbru@redhat.com>
Date: Fri Mar 13 21:09:40 2015 +0100
block: Deprecate QCOW/QCOW2 encryption
> Also not sure it's possible to just convert to using LUKS since at one
> time at least usage required having code/tests inside a "# ifdef
> WITH_GNUTLS" (something that can be seen in the diffs from
> tests/qemuxml2argvtest.c in patch 3).
Well, without gnutls this will not work, but in that case even qemu
encryption will most probably not work.
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list