From nobody Mon Apr 29 07:09:20 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1526997919023551.9966083391416; Tue, 22 May 2018 07:05:19 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DC5CF30C8391; Tue, 22 May 2018 14:05:16 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5D0EC1062240; Tue, 22 May 2018 14:05:16 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 17C494CA95; Tue, 22 May 2018 14:05:15 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4ME5Cr4028260 for ; Tue, 22 May 2018 10:05:12 -0400 Received: by smtp.corp.redhat.com (Postfix) id 4A8336B581; Tue, 22 May 2018 14:05:12 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.136]) by smtp.corp.redhat.com (Postfix) with ESMTP id C335739DDC; Tue, 22 May 2018 14:05:11 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Tue, 22 May 2018 16:04:54 +0200 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Cc: Peter Krempa Subject: [libvirt] [RFC PATCH 1/4] tests: qemublock: Switch to qcow2+luks in test files X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Tue, 22 May 2018 14:05:17 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The next patch will forbid the old qcow2 encryption completely. Remove it from the tests. Signed-off-by: Peter Krempa --- .../qemublocktestdata/xml2json/file-qcow2-backing-chain-encryption.json | = 2 +- .../qemublocktestdata/xml2json/file-qcow2-backing-chain-encryption.xml | = 2 +- .../xml2json/network-qcow2-backing-chain-encryption_auth.json | = 2 +- .../xml2json/network-qcow2-backing-chain-encryption_auth.xml | = 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/qemublocktestdata/xml2json/file-qcow2-backing-chain-encr= yption.json b/tests/qemublocktestdata/xml2json/file-qcow2-backing-chain-enc= ryption.json index 94e2ecd1e2..7be2894812 100644 --- a/tests/qemublocktestdata/xml2json/file-qcow2-backing-chain-encryption.= json +++ b/tests/qemublocktestdata/xml2json/file-qcow2-backing-chain-encryption.= json @@ -20,7 +20,7 @@ "read-only": true, "driver": "qcow2", "encrypt": { - "format": "aes", + "format": "luks", "key-secret": "node-b-f-encalias" }, "file": { diff --git a/tests/qemublocktestdata/xml2json/file-qcow2-backing-chain-encr= yption.xml b/tests/qemublocktestdata/xml2json/file-qcow2-backing-chain-encr= yption.xml index a1292284bf..75a3a8f029 100644 --- a/tests/qemublocktestdata/xml2json/file-qcow2-backing-chain-encryption.= xml +++ b/tests/qemublocktestdata/xml2json/file-qcow2-backing-chain-encryption.= xml @@ -20,7 +20,7 @@ - + diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-e= ncryption_auth.json b/tests/qemublocktestdata/xml2json/network-qcow2-backin= g-chain-encryption_auth.json index 7e7a4e44f7..364d6066e6 100644 --- a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encrypti= on_auth.json +++ b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encrypti= on_auth.json @@ -32,7 +32,7 @@ "read-only": true, "driver": "qcow2", "encrypt": { - "format": "aes", + "format": "luks", "key-secret": "node-b-f-encalias" }, "file": { diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-e= ncryption_auth.xml b/tests/qemublocktestdata/xml2json/network-qcow2-backing= -chain-encryption_auth.xml index bc2925b4cf..a62c0321ec 100644 --- a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encrypti= on_auth.xml +++ b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encrypti= on_auth.xml @@ -26,7 +26,7 @@ - + --=20 2.16.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Mon Apr 29 07:09:20 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1526997934337296.17740549781615; Tue, 22 May 2018 07:05:34 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4B479B82B0; Tue, 22 May 2018 14:05:32 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id ECD5F604C8; Tue, 22 May 2018 14:05:31 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3EEC31801250; Tue, 22 May 2018 14:05:31 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4ME5DGQ028265 for ; Tue, 22 May 2018 10:05:13 -0400 Received: by smtp.corp.redhat.com (Postfix) id 0A2116B597; Tue, 22 May 2018 14:05:13 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.136]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8541D39DDC; Tue, 22 May 2018 14:05:12 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Tue, 22 May 2018 16:04:55 +0200 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Cc: Peter Krempa Subject: [libvirt] [RFC PATCH 2/4] tests: qemu: Modernize/remove qcow2 encryption from tests not related to storage X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 22 May 2018 14:05:33 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Remove the storage encryption completely from interface-server.xml as it serves no purpose there. For the user-alias test use the 'luks' encryption type for qcow to test that the names of the secret objects are generated properly. Signed-off-by: Peter Krempa --- tests/qemuxml2argvdata/interface-server.xml | 3 --- tests/qemuxml2argvdata/user-aliases.args | 8 +++++++- tests/qemuxml2argvdata/user-aliases.xml | 2 +- tests/qemuxml2argvtest.c | 3 ++- tests/qemuxml2xmloutdata/interface-server.xml | 3 --- tests/qemuxml2xmltest.c | 2 +- 6 files changed, 11 insertions(+), 10 deletions(-) diff --git a/tests/qemuxml2argvdata/interface-server.xml b/tests/qemuxml2ar= gvdata/interface-server.xml index a92aff4218..7bf119197a 100644 --- a/tests/qemuxml2argvdata/interface-server.xml +++ b/tests/qemuxml2argvdata/interface-server.xml @@ -53,9 +53,6 @@ - - -
diff --git a/tests/qemuxml2argvdata/user-aliases.args b/tests/qemuxml2argvd= ata/user-aliases.args index 5ef52fc556..293dc919d5 100644 --- a/tests/qemuxml2argvdata/user-aliases.args +++ b/tests/qemuxml2argvdata/user-aliases.args @@ -7,6 +7,8 @@ QEMU_AUDIO_DRV=3Dnone \ /usr/bin/qemu-system-x86_64 \ -name gentoo \ -S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-gentoo/master-key.aes \ -machine pc-i440fx-1.4,accel=3Dkvm,usb=3Doff,dump-guest-core=3Doff \ -m 4096 \ -smp 4,sockets=3D4,cores=3D1,threads=3D1 \ @@ -43,7 +45,11 @@ id=3Ddrive-ua-myDisk1,cache=3Dnone \ -drive file=3D/var/lib/libvirt/images/gentoo.qcow2,format=3Dqcow2,if=3Dnon= e,\ id=3Ddrive-ua-myDisk2 \ -device virtio-blk-pci,bus=3Dpci.0,addr=3D0x5,drive=3Ddrive-ua-myDisk2,id= =3Dua-myDisk2 \ --drive file=3D/var/lib/libvirt/images/OtherDemo.img,format=3Dqcow2,if=3Dno= ne,\ +-object secret,id=3Dua-myEncryptedDisk1-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3D/var/lib/libvirt/images/OtherDemo.img,encrypt.format=3Dluks,\ +encrypt.key-secret=3Dua-myEncryptedDisk1-luks-secret0,format=3Dqcow2,if=3D= none,\ id=3Ddrive-ua-myEncryptedDisk1 \ -device virtio-blk-pci,bus=3Dpci.0,addr=3D0x7,drive=3Ddrive-ua-myEncrypted= Disk1,\ id=3Dua-myEncryptedDisk1 \ diff --git a/tests/qemuxml2argvdata/user-aliases.xml b/tests/qemuxml2argvda= ta/user-aliases.xml index 9ce123b477..98b4845e52 100644 --- a/tests/qemuxml2argvdata/user-aliases.xml +++ b/tests/qemuxml2argvdata/user-aliases.xml @@ -55,7 +55,7 @@ - + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 78454acb1a..ee2b0ccff8 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -2819,7 +2819,8 @@ mymain(void) QEMU_CAPS_PIIX_DISABLE_S4, QEMU_CAPS_VNC, QEMU_CAPS_DEVICE_ISA_SERIAL, QEMU_CAPS_HDA_DUPLEX, - QEMU_CAPS_CCID_EMULATED); + QEMU_CAPS_CCID_EMULATED, + QEMU_CAPS_QCOW2_LUKS, QEMU_CAPS_OBJECT_SECRET); DO_TEST("user-aliases2", QEMU_CAPS_DEVICE_IOH3420, QEMU_CAPS_ICH9_AHCI= ); DO_TEST("user-aliases-usb", QEMU_CAPS_KVM, QEMU_CAPS_PIIX_DISABLE_S3, QEMU_CAPS_PIIX_DISABLE_S4, diff --git a/tests/qemuxml2xmloutdata/interface-server.xml b/tests/qemuxml2= xmloutdata/interface-server.xml index 049b1472a8..75b12bf96f 100644 --- a/tests/qemuxml2xmloutdata/interface-server.xml +++ b/tests/qemuxml2xmloutdata/interface-server.xml @@ -53,9 +53,6 @@ - - -
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index 7cedc2b999..5755800dcf 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -1171,7 +1171,7 @@ mymain(void) DO_TEST("pseries-cpu-exact", QEMU_CAPS_DEVICE_SPAPR_PCI_HOST_BRIDGE); - DO_TEST("user-aliases", NONE); + DO_TEST("user-aliases", QEMU_CAPS_QCOW2_LUKS); DO_TEST("input-virtio-ccw", QEMU_CAPS_CCW, QEMU_CAPS_VIRTIO_KEYBOARD, --=20 2.16.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Mon Apr 29 07:09:20 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1526997934147872.8241442440516; Tue, 22 May 2018 07:05:34 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5AF1930D351E; Tue, 22 May 2018 14:05:32 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 025655D70C; Tue, 22 May 2018 14:05:31 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 30EE2180124E; Tue, 22 May 2018 14:05:31 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4ME5Dsp028273 for ; Tue, 22 May 2018 10:05:14 -0400 Received: by smtp.corp.redhat.com (Postfix) id BFD9E39DDC; Tue, 22 May 2018 14:05:13 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.136]) by smtp.corp.redhat.com (Postfix) with ESMTP id 455926B40E; Tue, 22 May 2018 14:05:13 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Tue, 22 May 2018 16:04:56 +0200 Message-Id: <2cde9f631025afbe93223bc1ad6a56fbd4d8a4e6.1526997826.git.pkrempa@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Cc: Peter Krempa Subject: [libvirt] [RFC PATCH 3/4] qemu: domain: Forbid storage with old QCOW2 encryption X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Tue, 22 May 2018 14:05:33 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The encryption was buggy and qemu actually dropped it upstream. Forbid it for all versions since it would cause other problems too. Problems with the old encryption include weak crypto, corruption of images with blockjobs and a lot of usability problems. Replace it with a message hinting that users should convert the image to e.g. LUKS. This requires changing of the encryption type for the encrypted disk tests. Signed-off-by: Peter Krempa --- src/qemu/qemu_domain.c | 20 ++++++++++++++------ tests/qemuxml2argvdata/encrypted-disk-usage.args | 8 +++++++- tests/qemuxml2argvdata/encrypted-disk-usage.xml | 2 +- tests/qemuxml2argvdata/encrypted-disk.args | 8 +++++++- tests/qemuxml2argvdata/encrypted-disk.xml | 2 +- tests/qemuxml2argvtest.c | 4 ++-- tests/qemuxml2xmloutdata/encrypted-disk.xml | 2 +- tests/qemuxml2xmltest.c | 4 ++-- 8 files changed, 35 insertions(+), 15 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index d3beee5d87..f64b69cc3d 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -4179,12 +4179,20 @@ qemuDomainValidateStorageSource(virStorageSourcePtr= src, } if (src->format =3D=3D VIR_STORAGE_FILE_QCOW2 && - src->encryption && - src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS = && - !virQEMUCapsGet(qemuCaps, QEMU_CAPS_QCOW2_LUKS)) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("LUKS encrypted QCOW2 images are not suppored by = this QEMU")); - return -1; + src->encryption) { + if (src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_L= UKS && + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_QCOW2_LUKS)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("LUKS encrypted QCOW2 images are not suppored= by this QEMU")); + return -1; + } + + if (src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_D= EFAULT || + src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_Q= COW) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("old QCOW2 encryption is not supported, pleas= e convert images")); + return -1; + } } if (src->format =3D=3D VIR_STORAGE_FILE_FAT && diff --git a/tests/qemuxml2argvdata/encrypted-disk-usage.args b/tests/qemux= ml2argvdata/encrypted-disk-usage.args index 8c7ce3d653..32307cea71 100644 --- a/tests/qemuxml2argvdata/encrypted-disk-usage.args +++ b/tests/qemuxml2argvdata/encrypted-disk-usage.args @@ -7,6 +7,8 @@ QEMU_AUDIO_DRV=3Dnone \ /usr/bin/qemu-system-i686 \ -name encryptdisk \ -S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-encryptdisk/master-key.aes \ -machine pc,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff \ -m 1024 \ -smp 1,sockets=3D1,cores=3D1,threads=3D1 \ @@ -22,7 +24,11 @@ path=3D/tmp/lib/domain--1-encryptdisk/monitor.sock,serve= r,nowait \ -no-acpi \ -boot c \ -usb \ --drive file=3D/storage/guest_disks/encryptdisk,format=3Dqcow2,if=3Dnone,\ +-object secret,id=3Dvirtio-disk0-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3D/storage/guest_disks/encryptdisk,encrypt.format=3Dluks,\ +encrypt.key-secret=3Dvirtio-disk0-luks-secret0,format=3Dqcow2,if=3Dnone,\ id=3Ddrive-virtio-disk0 \ -device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\ id=3Dvirtio-disk0 \ diff --git a/tests/qemuxml2argvdata/encrypted-disk-usage.xml b/tests/qemuxm= l2argvdata/encrypted-disk-usage.xml index ad8f17e3df..205283b59d 100644 --- a/tests/qemuxml2argvdata/encrypted-disk-usage.xml +++ b/tests/qemuxml2argvdata/encrypted-disk-usage.xml @@ -18,7 +18,7 @@ - +
diff --git a/tests/qemuxml2argvdata/encrypted-disk.args b/tests/qemuxml2arg= vdata/encrypted-disk.args index 8c7ce3d653..32307cea71 100644 --- a/tests/qemuxml2argvdata/encrypted-disk.args +++ b/tests/qemuxml2argvdata/encrypted-disk.args @@ -7,6 +7,8 @@ QEMU_AUDIO_DRV=3Dnone \ /usr/bin/qemu-system-i686 \ -name encryptdisk \ -S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-encryptdisk/master-key.aes \ -machine pc,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff \ -m 1024 \ -smp 1,sockets=3D1,cores=3D1,threads=3D1 \ @@ -22,7 +24,11 @@ path=3D/tmp/lib/domain--1-encryptdisk/monitor.sock,serve= r,nowait \ -no-acpi \ -boot c \ -usb \ --drive file=3D/storage/guest_disks/encryptdisk,format=3Dqcow2,if=3Dnone,\ +-object secret,id=3Dvirtio-disk0-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3D/storage/guest_disks/encryptdisk,encrypt.format=3Dluks,\ +encrypt.key-secret=3Dvirtio-disk0-luks-secret0,format=3Dqcow2,if=3Dnone,\ id=3Ddrive-virtio-disk0 \ -device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\ id=3Dvirtio-disk0 \ diff --git a/tests/qemuxml2argvdata/encrypted-disk.xml b/tests/qemuxml2argv= data/encrypted-disk.xml index 391461b200..275724bdaf 100644 --- a/tests/qemuxml2argvdata/encrypted-disk.xml +++ b/tests/qemuxml2argvdata/encrypted-disk.xml @@ -18,7 +18,7 @@ - +
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index ee2b0ccff8..860e23f41a 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1631,8 +1631,8 @@ mymain(void) DO_TEST("cpu-tsc-frequency", QEMU_CAPS_KVM); qemuTestSetHostCPU(driver.caps, NULL); - DO_TEST("encrypted-disk", NONE); - DO_TEST("encrypted-disk-usage", NONE); + DO_TEST("encrypted-disk", QEMU_CAPS_QCOW2_LUKS, QEMU_CAPS_OBJECT_SECRE= T); + DO_TEST("encrypted-disk-usage", QEMU_CAPS_QCOW2_LUKS, QEMU_CAPS_OBJECT= _SECRET); # ifdef WITH_GNUTLS DO_TEST("luks-disks", QEMU_CAPS_OBJECT_SECRET); DO_TEST("luks-disks-source", QEMU_CAPS_OBJECT_SECRET); diff --git a/tests/qemuxml2xmloutdata/encrypted-disk.xml b/tests/qemuxml2xm= loutdata/encrypted-disk.xml index 45b9fcca55..3c9d2fbafc 100644 --- a/tests/qemuxml2xmloutdata/encrypted-disk.xml +++ b/tests/qemuxml2xmloutdata/encrypted-disk.xml @@ -18,7 +18,7 @@ - +
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index 5755800dcf..2610dfe086 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -480,8 +480,8 @@ mymain(void) DO_TEST("pci-rom-disabled-invalid", NONE); DO_TEST("pci-serial-dev-chardev", NONE); - DO_TEST("encrypted-disk", NONE); - DO_TEST("encrypted-disk-usage", NONE); + DO_TEST("encrypted-disk", QEMU_CAPS_QCOW2_LUKS); + DO_TEST("encrypted-disk-usage", QEMU_CAPS_QCOW2_LUKS); DO_TEST("luks-disks", NONE); DO_TEST("luks-disks-source", NONE); DO_TEST("memtune", NONE); --=20 2.16.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Mon Apr 29 07:09:20 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1526997919693537.1263686995612; Tue, 22 May 2018 07:05:19 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D18506FAC2; Tue, 22 May 2018 14:05:17 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 948F745B2A; Tue, 22 May 2018 14:05:17 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2CF9E4CA94; Tue, 22 May 2018 14:05:17 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4ME5EXi028283 for ; Tue, 22 May 2018 10:05:14 -0400 Received: by smtp.corp.redhat.com (Postfix) id 806636B581; Tue, 22 May 2018 14:05:14 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.136]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0637385794; Tue, 22 May 2018 14:05:13 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Tue, 22 May 2018 16:04:57 +0200 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Cc: Peter Krempa Subject: [libvirt] [RFC PATCH 4/4] qemu: Remove code for setting up disk passphrases X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 22 May 2018 14:05:18 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Now that the old qcow2 encryption is removed we can safely delete all this code since it's not needed any more. Signed-off-by: Peter Krempa --- src/qemu/qemu_monitor.c | 13 ------ src/qemu/qemu_monitor.h | 4 -- src/qemu/qemu_monitor_json.c | 28 ------------ src/qemu/qemu_monitor_json.h | 4 -- src/qemu/qemu_process.c | 103 ---------------------------------------= ---- tests/qemumonitorjsontest.c | 2 - 6 files changed, 154 deletions(-) diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 02d2629eb0..c4a77be9c5 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -3039,19 +3039,6 @@ qemuMonitorAddDrive(qemuMonitorPtr mon, } -int -qemuMonitorSetDrivePassphrase(qemuMonitorPtr mon, - const char *alias, - const char *passphrase) -{ - VIR_DEBUG("alias=3D%s passphrase=3D%p(value hidden)", alias, passphras= e); - - QEMU_CHECK_MONITOR(mon); - - return qemuMonitorJSONSetDrivePassphrase(mon, alias, passphrase); -} - - int qemuMonitorCreateSnapshot(qemuMonitorPtr mon, const char *name) { diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index 212d1e3e16..5024cb75a5 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -811,10 +811,6 @@ int qemuMonitorAddDrive(qemuMonitorPtr mon, int qemuMonitorDriveDel(qemuMonitorPtr mon, const char *drivestr); -int qemuMonitorSetDrivePassphrase(qemuMonitorPtr mon, - const char *alias, - const char *passphrase); - int qemuMonitorCreateSnapshot(qemuMonitorPtr mon, const char *name); int qemuMonitorLoadSnapshot(qemuMonitorPtr mon, const char *name); int qemuMonitorDeleteSnapshot(qemuMonitorPtr mon, const char *name); diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 42afa6201f..1fee9e8ff6 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -4034,34 +4034,6 @@ int qemuMonitorJSONDelObject(qemuMonitorPtr mon, } -int qemuMonitorJSONSetDrivePassphrase(qemuMonitorPtr mon, - const char *alias, - const char *passphrase) -{ - int ret =3D -1; - virJSONValuePtr cmd; - virJSONValuePtr reply =3D NULL; - - cmd =3D qemuMonitorJSONMakeCommand("block_passwd", - "s:device", alias, - "s:password", passphrase, - NULL); - if (!cmd) - return -1; - - if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) - goto cleanup; - - if (qemuMonitorJSONCheckError(cmd, reply) < 0) - goto cleanup; - - ret =3D 0; - cleanup: - virJSONValueFree(cmd); - virJSONValueFree(reply); - return ret; -} - int qemuMonitorJSONDiskSnapshot(qemuMonitorPtr mon, virJSONValuePtr actions, const char *device, const char *file, diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index 8a9c214c82..056e0f144c 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -237,10 +237,6 @@ int qemuMonitorJSONAddObject(qemuMonitorPtr mon, int qemuMonitorJSONDelObject(qemuMonitorPtr mon, const char *objalias); -int qemuMonitorJSONSetDrivePassphrase(qemuMonitorPtr mon, - const char *alias, - const char *passphrase); - int qemuMonitorJSONDiskSnapshot(qemuMonitorPtr mon, virJSONValuePtr actions, const char *device, diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 2ba432630f..bb5cc3c310 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -368,74 +368,6 @@ qemuProcessFindDomainDiskByAlias(virDomainObjPtr vm, return NULL; } -static int -qemuProcessGetVolumeQcowPassphrase(virDomainDiskDefPtr disk, - char **secretRet, - size_t *secretLen) -{ - virConnectPtr conn =3D NULL; - char *passphrase; - unsigned char *data; - size_t size; - int ret =3D -1; - virStorageEncryptionPtr enc; - - if (!disk->src->encryption) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("disk %s does not have any encryption information= "), - disk->src->path); - return -1; - } - enc =3D disk->src->encryption; - - if (!(conn =3D virGetConnectSecret())) - goto cleanup; - - if (enc->format !=3D VIR_STORAGE_ENCRYPTION_FORMAT_QCOW || - enc->nsecrets !=3D 1 || - enc->secrets[0]->type !=3D - VIR_STORAGE_ENCRYPTION_SECRET_TYPE_PASSPHRASE) { - virReportError(VIR_ERR_XML_ERROR, - _("invalid for volume %s"), - virDomainDiskGetSource(disk)); - goto cleanup; - } - - if (virSecretGetSecretString(conn, &enc->secrets[0]->seclookupdef, - VIR_SECRET_USAGE_TYPE_VOLUME, - &data, &size) < 0) - goto cleanup; - - if (memchr(data, '\0', size) !=3D NULL) { - memset(data, 0, size); - VIR_FREE(data); - virReportError(VIR_ERR_XML_ERROR, - _("format=3D'qcow' passphrase for %s must not conta= in a " - "'\\0'"), virDomainDiskGetSource(disk)); - goto cleanup; - } - - if (VIR_ALLOC_N(passphrase, size + 1) < 0) { - memset(data, 0, size); - VIR_FREE(data); - goto cleanup; - } - memcpy(passphrase, data, size); - passphrase[size] =3D '\0'; - - memset(data, 0, size); - VIR_FREE(data); - - *secretRet =3D passphrase; - *secretLen =3D size; - - ret =3D 0; - - cleanup: - virObjectUnref(conn); - return ret; -} - static int qemuProcessHandleReset(qemuMonitorPtr mon ATTRIBUTE_UNUSED, virDomainObjPtr vm, @@ -2726,11 +2658,8 @@ qemuProcessInitPasswords(virQEMUDriverPtr driver, int asyncJob) { int ret =3D 0; - qemuDomainObjPrivatePtr priv =3D vm->privateData; virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver); size_t i; - char *alias =3D NULL; - char *secret =3D NULL; for (i =3D 0; i < vm->def->ngraphics; ++i) { virDomainGraphicsDefPtr graphics =3D vm->def->graphics[i]; @@ -2752,39 +2681,7 @@ qemuProcessInitPasswords(virQEMUDriverPtr driver, goto cleanup; } - for (i =3D 0; i < vm->def->ndisks; i++) { - size_t secretLen; - - if (!vm->def->disks[i]->src->encryption || - !virDomainDiskGetSource(vm->def->disks[i])) - continue; - - if (vm->def->disks[i]->src->encryption->format !=3D - VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT && - vm->def->disks[i]->src->encryption->format !=3D - VIR_STORAGE_ENCRYPTION_FORMAT_QCOW) - continue; - - VIR_FREE(secret); - if (qemuProcessGetVolumeQcowPassphrase(vm->def->disks[i], - &secret, &secretLen) < 0) - goto cleanup; - - VIR_FREE(alias); - if (!(alias =3D qemuAliasFromDisk(vm->def->disks[i]))) - goto cleanup; - if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0) - goto cleanup; - ret =3D qemuMonitorSetDrivePassphrase(priv->mon, alias, secret); - if (qemuDomainObjExitMonitor(driver, vm) < 0) - ret =3D -1; - if (ret < 0) - goto cleanup; - } - cleanup: - VIR_FREE(alias); - VIR_FREE(secret); virObjectUnref(cfg); return ret; } diff --git a/tests/qemumonitorjsontest.c b/tests/qemumonitorjsontest.c index add5ff0f19..3b494a1dba 100644 --- a/tests/qemumonitorjsontest.c +++ b/tests/qemumonitorjsontest.c @@ -1343,7 +1343,6 @@ GEN_TEST_FUNC(qemuMonitorJSONAddNetdev, "id=3Dnet0,ty= pe=3Dtest") GEN_TEST_FUNC(qemuMonitorJSONRemoveNetdev, "net0") GEN_TEST_FUNC(qemuMonitorJSONDelDevice, "ide0") GEN_TEST_FUNC(qemuMonitorJSONAddDevice, "some_dummy_devicestr") -GEN_TEST_FUNC(qemuMonitorJSONSetDrivePassphrase, "drive-vda", "secret_pass= hprase") GEN_TEST_FUNC(qemuMonitorJSONDriveMirror, "vdb", "/foo/bar", NULL, 1024, 0= , 0, VIR_DOMAIN_BLOCK_REBASE_SHALLOW | VIR_DOMAIN_BLOCK_REBASE_RE= USE_EXT) GEN_TEST_FUNC(qemuMonitorJSONBlockCommit, "vdb", "/foo/bar1", "/foo/bar2",= NULL, 1024) @@ -2967,7 +2966,6 @@ mymain(void) DO_TEST_GEN(qemuMonitorJSONRemoveNetdev); DO_TEST_GEN(qemuMonitorJSONDelDevice); DO_TEST_GEN(qemuMonitorJSONAddDevice); - DO_TEST_GEN(qemuMonitorJSONSetDrivePassphrase); DO_TEST_GEN(qemuMonitorJSONDriveMirror); DO_TEST_GEN(qemuMonitorJSONBlockCommit); DO_TEST_GEN(qemuMonitorJSONDrivePivot); --=20 2.16.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list