From nobody Sat Apr 27 19:39:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1527085257192662.6984767397771; Wed, 23 May 2018 07:20:57 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 125FF359552; Wed, 23 May 2018 14:20:55 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 964CA608F3; Wed, 23 May 2018 14:20:54 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6CB9218033ED; Wed, 23 May 2018 14:20:53 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4NEDgwR026066 for ; Wed, 23 May 2018 10:13:43 -0400 Received: by smtp.corp.redhat.com (Postfix) id C9CF92144B23; Wed, 23 May 2018 14:13:42 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.136]) by smtp.corp.redhat.com (Postfix) with ESMTP id 502CC2144B21; Wed, 23 May 2018 14:13:42 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 23 May 2018 16:13:26 +0200 Message-Id: <0a4c34890ea8da38bf84994a458f5d99fb0d7f71.1527084603.git.pkrempa@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: libvir-list@redhat.com Cc: Peter Krempa Subject: [libvirt] [PATCH v2 1/5] tests: qemuxml2argv: Drop disk encryption from 'interface-server' test X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Wed, 23 May 2018 14:20:56 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The disk encryption part is no way relevant to the rest of the test so drop it. Signed-off-by: Peter Krempa Reviewed-by: J=EF=BF=BDn Tomko --- tests/qemuxml2argvdata/interface-server.xml | 3 --- tests/qemuxml2xmloutdata/interface-server.xml | 3 --- 2 files changed, 6 deletions(-) diff --git a/tests/qemuxml2argvdata/interface-server.xml b/tests/qemuxml2ar= gvdata/interface-server.xml index a92aff4218..7bf119197a 100644 --- a/tests/qemuxml2argvdata/interface-server.xml +++ b/tests/qemuxml2argvdata/interface-server.xml @@ -53,9 +53,6 @@ - - -
diff --git a/tests/qemuxml2xmloutdata/interface-server.xml b/tests/qemuxml2= xmloutdata/interface-server.xml index 049b1472a8..75b12bf96f 100644 --- a/tests/qemuxml2xmloutdata/interface-server.xml +++ b/tests/qemuxml2xmloutdata/interface-server.xml @@ -53,9 +53,6 @@ - - -
--=20 2.16.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 19:39:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 152708487775988.52144819216176; Wed, 23 May 2018 07:14:37 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9E41330CA8C9; Wed, 23 May 2018 14:14:34 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E9192308BDA1; Wed, 23 May 2018 14:14:32 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id CF0AA4CA81; Wed, 23 May 2018 14:14:30 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4NEDhmE026071 for ; Wed, 23 May 2018 10:13:43 -0400 Received: by smtp.corp.redhat.com (Postfix) id 89CFA2144B22; Wed, 23 May 2018 14:13:43 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.136]) by smtp.corp.redhat.com (Postfix) with ESMTP id 10F152144B21; Wed, 23 May 2018 14:13:42 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 23 May 2018 16:13:27 +0200 Message-Id: <16543dd47776059c5f2f44c9e33d4b7b17f0061e.1527084603.git.pkrempa@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: libvir-list@redhat.com Cc: Peter Krempa Subject: [libvirt] [PATCH v2 2/5] tests: qemuxml2argv: Verify that disk secret alias is correct with user-aliases X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.24 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Wed, 23 May 2018 14:14:36 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Change the disk encryption type to qcow2+luks so that the appropriate secret objects are generated. This tests that the proper alias is used for the passphrase secret object. Signed-off-by: Peter Krempa Reviewed-by: J=EF=BF=BDn Tomko --- tests/qemuxml2argvdata/user-aliases.args | 8 +++++++- tests/qemuxml2argvdata/user-aliases.xml | 2 +- tests/qemuxml2argvtest.c | 3 ++- tests/qemuxml2xmltest.c | 2 +- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/tests/qemuxml2argvdata/user-aliases.args b/tests/qemuxml2argvd= ata/user-aliases.args index 5ef52fc556..293dc919d5 100644 --- a/tests/qemuxml2argvdata/user-aliases.args +++ b/tests/qemuxml2argvdata/user-aliases.args @@ -7,6 +7,8 @@ QEMU_AUDIO_DRV=3Dnone \ /usr/bin/qemu-system-x86_64 \ -name gentoo \ -S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-gentoo/master-key.aes \ -machine pc-i440fx-1.4,accel=3Dkvm,usb=3Doff,dump-guest-core=3Doff \ -m 4096 \ -smp 4,sockets=3D4,cores=3D1,threads=3D1 \ @@ -43,7 +45,11 @@ id=3Ddrive-ua-myDisk1,cache=3Dnone \ -drive file=3D/var/lib/libvirt/images/gentoo.qcow2,format=3Dqcow2,if=3Dnon= e,\ id=3Ddrive-ua-myDisk2 \ -device virtio-blk-pci,bus=3Dpci.0,addr=3D0x5,drive=3Ddrive-ua-myDisk2,id= =3Dua-myDisk2 \ --drive file=3D/var/lib/libvirt/images/OtherDemo.img,format=3Dqcow2,if=3Dno= ne,\ +-object secret,id=3Dua-myEncryptedDisk1-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3D/var/lib/libvirt/images/OtherDemo.img,encrypt.format=3Dluks,\ +encrypt.key-secret=3Dua-myEncryptedDisk1-luks-secret0,format=3Dqcow2,if=3D= none,\ id=3Ddrive-ua-myEncryptedDisk1 \ -device virtio-blk-pci,bus=3Dpci.0,addr=3D0x7,drive=3Ddrive-ua-myEncrypted= Disk1,\ id=3Dua-myEncryptedDisk1 \ diff --git a/tests/qemuxml2argvdata/user-aliases.xml b/tests/qemuxml2argvda= ta/user-aliases.xml index 9ce123b477..98b4845e52 100644 --- a/tests/qemuxml2argvdata/user-aliases.xml +++ b/tests/qemuxml2argvdata/user-aliases.xml @@ -55,7 +55,7 @@ - + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 1d023129ac..38530cdb5c 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -2823,7 +2823,8 @@ mymain(void) QEMU_CAPS_PIIX_DISABLE_S4, QEMU_CAPS_VNC, QEMU_CAPS_DEVICE_ISA_SERIAL, QEMU_CAPS_HDA_DUPLEX, - QEMU_CAPS_CCID_EMULATED); + QEMU_CAPS_CCID_EMULATED, + QEMU_CAPS_QCOW2_LUKS, QEMU_CAPS_OBJECT_SECRET); DO_TEST("user-aliases2", QEMU_CAPS_DEVICE_IOH3420, QEMU_CAPS_ICH9_AHCI= ); DO_TEST("user-aliases-usb", QEMU_CAPS_KVM, QEMU_CAPS_PIIX_DISABLE_S3, QEMU_CAPS_PIIX_DISABLE_S4, diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index e31d8212fe..b4f9161056 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -1171,7 +1171,7 @@ mymain(void) DO_TEST("pseries-cpu-exact", QEMU_CAPS_DEVICE_SPAPR_PCI_HOST_BRIDGE); - DO_TEST("user-aliases", NONE); + DO_TEST("user-aliases", QEMU_CAPS_QCOW2_LUKS); DO_TEST("input-virtio-ccw", QEMU_CAPS_CCW, QEMU_CAPS_VIRTIO_KEYBOARD, --=20 2.16.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 19:39:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1527085274222809.7565653968076; Wed, 23 May 2018 07:21:14 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7E02D13225; Wed, 23 May 2018 14:21:11 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 15279959AB; Wed, 23 May 2018 14:21:11 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 719AC18033ED; Wed, 23 May 2018 14:21:09 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4NEDiA9026078 for ; Wed, 23 May 2018 10:13:44 -0400 Received: by smtp.corp.redhat.com (Postfix) id 4C0F52144B23; Wed, 23 May 2018 14:13:44 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.136]) by smtp.corp.redhat.com (Postfix) with ESMTP id C5A742144B21; Wed, 23 May 2018 14:13:43 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 23 May 2018 16:13:28 +0200 Message-Id: <87fd64c6b4b5629f8052d80b95e28982e8a1cd81.1527084603.git.pkrempa@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: libvir-list@redhat.com Cc: Peter Krempa Subject: [libvirt] [PATCH v2 3/5] tests: qemublock: Switch to qcow2+luks in test files X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Wed, 23 May 2018 14:21:12 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The next patch will forbid the old qcow2 encryption completely. Remove it from the tests. Signed-off-by: Peter Krempa Reviewed-by: J=EF=BF=BDn Tomko --- .../qemublocktestdata/xml2json/file-qcow2-backing-chain-encryption.json | = 2 +- .../qemublocktestdata/xml2json/file-qcow2-backing-chain-encryption.xml | = 2 +- .../xml2json/network-qcow2-backing-chain-encryption_auth.json | = 2 +- .../xml2json/network-qcow2-backing-chain-encryption_auth.xml | = 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/qemublocktestdata/xml2json/file-qcow2-backing-chain-encr= yption.json b/tests/qemublocktestdata/xml2json/file-qcow2-backing-chain-enc= ryption.json index 3469c06654..376fce9f9e 100644 --- a/tests/qemublocktestdata/xml2json/file-qcow2-backing-chain-encryption.= json +++ b/tests/qemublocktestdata/xml2json/file-qcow2-backing-chain-encryption.= json @@ -21,7 +21,7 @@ "read-only": true, "driver": "qcow2", "encrypt": { - "format": "aes", + "format": "luks", "key-secret": "node-b-f-encalias" }, "file": "node-b-s", diff --git a/tests/qemublocktestdata/xml2json/file-qcow2-backing-chain-encr= yption.xml b/tests/qemublocktestdata/xml2json/file-qcow2-backing-chain-encr= yption.xml index a1292284bf..75a3a8f029 100644 --- a/tests/qemublocktestdata/xml2json/file-qcow2-backing-chain-encryption.= xml +++ b/tests/qemublocktestdata/xml2json/file-qcow2-backing-chain-encryption.= xml @@ -20,7 +20,7 @@ - + diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-e= ncryption_auth.json b/tests/qemublocktestdata/xml2json/network-qcow2-backin= g-chain-encryption_auth.json index 6e5abbfbdd..fdb6f2ab1a 100644 --- a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encrypti= on_auth.json +++ b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encrypti= on_auth.json @@ -33,7 +33,7 @@ "read-only": true, "driver": "qcow2", "encrypt": { - "format": "aes", + "format": "luks", "key-secret": "node-b-f-encalias" }, "file": "node-b-s", diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-e= ncryption_auth.xml b/tests/qemublocktestdata/xml2json/network-qcow2-backing= -chain-encryption_auth.xml index bc2925b4cf..a62c0321ec 100644 --- a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encrypti= on_auth.xml +++ b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encrypti= on_auth.xml @@ -26,7 +26,7 @@ - + --=20 2.16.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 19:39:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1527085116596601.334233757735; Wed, 23 May 2018 07:18:36 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id ACF66C0A4F4B; Wed, 23 May 2018 14:18:34 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4D27830001E4; Wed, 23 May 2018 14:18:34 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3596F18033EF; Wed, 23 May 2018 14:18:33 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4NEDjFu026087 for ; Wed, 23 May 2018 10:13:45 -0400 Received: by smtp.corp.redhat.com (Postfix) id 0AC252144B22; Wed, 23 May 2018 14:13:45 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.136]) by smtp.corp.redhat.com (Postfix) with ESMTP id 864F02144B21; Wed, 23 May 2018 14:13:44 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 23 May 2018 16:13:29 +0200 Message-Id: <4590673c4158aa549b9563ef2e637fbf2167585c.1527084603.git.pkrempa@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: libvir-list@redhat.com Cc: Peter Krempa Subject: [libvirt] [PATCH v2 4/5] qemu: domain: Forbid storage with old QCOW2 encryption X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Wed, 23 May 2018 14:18:35 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The encryption was buggy and qemu actually dropped it upstream. Forbid it for all versions since it would cause other problems too. Problems with the old encryption include weak crypto, corruption of images with blockjobs and a lot of usability problems. This requires changing of the encryption type for the encrypted disk tests. Signed-off-by: Peter Krempa Reviewed-by: J=EF=BF=BDn Tomko --- src/qemu/qemu_domain.c | 10 ++++++++++ tests/qemuxml2argvdata/encrypted-disk-usage.args | 8 +++++++- tests/qemuxml2argvdata/encrypted-disk-usage.xml | 2 +- tests/qemuxml2argvdata/encrypted-disk.args | 8 +++++++- tests/qemuxml2argvdata/encrypted-disk.xml | 2 +- tests/qemuxml2argvtest.c | 4 ++-- tests/qemuxml2xmloutdata/encrypted-disk.xml | 2 +- tests/qemuxml2xmltest.c | 4 ++-- 8 files changed, 31 insertions(+), 9 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index ee676a2789..23dd4dab0e 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -4349,6 +4349,16 @@ qemuDomainValidateStorageSource(virStorageSourcePtr = src, return -1; } + if ((src->format =3D=3D VIR_STORAGE_FILE_QCOW || + src->format =3D=3D VIR_STORAGE_FILE_QCOW2) && + src->encryption && + (src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_DEFA= ULT || + src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_QCOW= )) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("old qcow/qcow2 encryption is not supported")= ); + return -1; + } + if (src->format =3D=3D VIR_STORAGE_FILE_QCOW2 && src->encryption && src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS = && diff --git a/tests/qemuxml2argvdata/encrypted-disk-usage.args b/tests/qemux= ml2argvdata/encrypted-disk-usage.args index 8c7ce3d653..32307cea71 100644 --- a/tests/qemuxml2argvdata/encrypted-disk-usage.args +++ b/tests/qemuxml2argvdata/encrypted-disk-usage.args @@ -7,6 +7,8 @@ QEMU_AUDIO_DRV=3Dnone \ /usr/bin/qemu-system-i686 \ -name encryptdisk \ -S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-encryptdisk/master-key.aes \ -machine pc,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff \ -m 1024 \ -smp 1,sockets=3D1,cores=3D1,threads=3D1 \ @@ -22,7 +24,11 @@ path=3D/tmp/lib/domain--1-encryptdisk/monitor.sock,serve= r,nowait \ -no-acpi \ -boot c \ -usb \ --drive file=3D/storage/guest_disks/encryptdisk,format=3Dqcow2,if=3Dnone,\ +-object secret,id=3Dvirtio-disk0-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3D/storage/guest_disks/encryptdisk,encrypt.format=3Dluks,\ +encrypt.key-secret=3Dvirtio-disk0-luks-secret0,format=3Dqcow2,if=3Dnone,\ id=3Ddrive-virtio-disk0 \ -device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\ id=3Dvirtio-disk0 \ diff --git a/tests/qemuxml2argvdata/encrypted-disk-usage.xml b/tests/qemuxm= l2argvdata/encrypted-disk-usage.xml index ad8f17e3df..205283b59d 100644 --- a/tests/qemuxml2argvdata/encrypted-disk-usage.xml +++ b/tests/qemuxml2argvdata/encrypted-disk-usage.xml @@ -18,7 +18,7 @@ - +
diff --git a/tests/qemuxml2argvdata/encrypted-disk.args b/tests/qemuxml2arg= vdata/encrypted-disk.args index 8c7ce3d653..32307cea71 100644 --- a/tests/qemuxml2argvdata/encrypted-disk.args +++ b/tests/qemuxml2argvdata/encrypted-disk.args @@ -7,6 +7,8 @@ QEMU_AUDIO_DRV=3Dnone \ /usr/bin/qemu-system-i686 \ -name encryptdisk \ -S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-encryptdisk/master-key.aes \ -machine pc,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff \ -m 1024 \ -smp 1,sockets=3D1,cores=3D1,threads=3D1 \ @@ -22,7 +24,11 @@ path=3D/tmp/lib/domain--1-encryptdisk/monitor.sock,serve= r,nowait \ -no-acpi \ -boot c \ -usb \ --drive file=3D/storage/guest_disks/encryptdisk,format=3Dqcow2,if=3Dnone,\ +-object secret,id=3Dvirtio-disk0-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3D/storage/guest_disks/encryptdisk,encrypt.format=3Dluks,\ +encrypt.key-secret=3Dvirtio-disk0-luks-secret0,format=3Dqcow2,if=3Dnone,\ id=3Ddrive-virtio-disk0 \ -device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\ id=3Dvirtio-disk0 \ diff --git a/tests/qemuxml2argvdata/encrypted-disk.xml b/tests/qemuxml2argv= data/encrypted-disk.xml index 391461b200..275724bdaf 100644 --- a/tests/qemuxml2argvdata/encrypted-disk.xml +++ b/tests/qemuxml2argvdata/encrypted-disk.xml @@ -18,7 +18,7 @@ - +
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 38530cdb5c..f9ac79f4a4 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1635,8 +1635,8 @@ mymain(void) DO_TEST("cpu-tsc-frequency", QEMU_CAPS_KVM); qemuTestSetHostCPU(driver.caps, NULL); - DO_TEST("encrypted-disk", NONE); - DO_TEST("encrypted-disk-usage", NONE); + DO_TEST("encrypted-disk", QEMU_CAPS_QCOW2_LUKS, QEMU_CAPS_OBJECT_SECRE= T); + DO_TEST("encrypted-disk-usage", QEMU_CAPS_QCOW2_LUKS, QEMU_CAPS_OBJECT= _SECRET); # ifdef WITH_GNUTLS DO_TEST("luks-disks", QEMU_CAPS_OBJECT_SECRET); DO_TEST("luks-disks-source", QEMU_CAPS_OBJECT_SECRET); diff --git a/tests/qemuxml2xmloutdata/encrypted-disk.xml b/tests/qemuxml2xm= loutdata/encrypted-disk.xml index 45b9fcca55..3c9d2fbafc 100644 --- a/tests/qemuxml2xmloutdata/encrypted-disk.xml +++ b/tests/qemuxml2xmloutdata/encrypted-disk.xml @@ -18,7 +18,7 @@ - +
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index b4f9161056..51e5d6cdfc 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -480,8 +480,8 @@ mymain(void) DO_TEST("pci-rom-disabled-invalid", NONE); DO_TEST("pci-serial-dev-chardev", NONE); - DO_TEST("encrypted-disk", NONE); - DO_TEST("encrypted-disk-usage", NONE); + DO_TEST("encrypted-disk", QEMU_CAPS_QCOW2_LUKS); + DO_TEST("encrypted-disk-usage", QEMU_CAPS_QCOW2_LUKS); DO_TEST("luks-disks", NONE); DO_TEST("luks-disks-source", NONE); DO_TEST("memtune", NONE); --=20 2.16.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 19:39:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1527085294139535.7050690580973; Wed, 23 May 2018 07:21:34 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3539530C1A68; Wed, 23 May 2018 14:21:32 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 81F0A60851; Wed, 23 May 2018 14:21:31 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6AAC94CA80; Wed, 23 May 2018 14:21:30 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4NEDj1m026092 for ; Wed, 23 May 2018 10:13:45 -0400 Received: by smtp.corp.redhat.com (Postfix) id BFEA12144B22; Wed, 23 May 2018 14:13:45 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.136]) by smtp.corp.redhat.com (Postfix) with ESMTP id 464EB2144B21; Wed, 23 May 2018 14:13:45 +0000 (UTC) From: Peter Krempa To: libvir-list@redhat.com Date: Wed, 23 May 2018 16:13:30 +0200 Message-Id: <79e3f08d047039f925439706dd5ba942d3f6a2e4.1527084603.git.pkrempa@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: libvir-list@redhat.com Cc: Peter Krempa Subject: [libvirt] [PATCH v2 5/5] qemu: Remove code for setting up disk passphrases X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Wed, 23 May 2018 14:21:33 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Now that the old qcow2 encryption is removed we can safely delete all this code since it's not needed any more. Signed-off-by: Peter Krempa Reviewed-by: J=EF=BF=BDn Tomko --- src/qemu/qemu_monitor.c | 13 ------ src/qemu/qemu_monitor.h | 4 -- src/qemu/qemu_monitor_json.c | 28 ------------ src/qemu/qemu_monitor_json.h | 4 -- src/qemu/qemu_process.c | 103 ---------------------------------------= ---- tests/qemumonitorjsontest.c | 2 - 6 files changed, 154 deletions(-) diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 43f1d2f816..88a9226e7f 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -3044,19 +3044,6 @@ qemuMonitorAddDrive(qemuMonitorPtr mon, } -int -qemuMonitorSetDrivePassphrase(qemuMonitorPtr mon, - const char *alias, - const char *passphrase) -{ - VIR_DEBUG("alias=3D%s passphrase=3D%p(value hidden)", alias, passphras= e); - - QEMU_CHECK_MONITOR(mon); - - return qemuMonitorJSONSetDrivePassphrase(mon, alias, passphrase); -} - - int qemuMonitorCreateSnapshot(qemuMonitorPtr mon, const char *name) { diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index c28db1a52b..6200908f25 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -811,10 +811,6 @@ int qemuMonitorAddDrive(qemuMonitorPtr mon, int qemuMonitorDriveDel(qemuMonitorPtr mon, const char *drivestr); -int qemuMonitorSetDrivePassphrase(qemuMonitorPtr mon, - const char *alias, - const char *passphrase); - int qemuMonitorCreateSnapshot(qemuMonitorPtr mon, const char *name); int qemuMonitorLoadSnapshot(qemuMonitorPtr mon, const char *name); int qemuMonitorDeleteSnapshot(qemuMonitorPtr mon, const char *name); diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 9f5c358795..80e710902c 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -4062,34 +4062,6 @@ int qemuMonitorJSONDelObject(qemuMonitorPtr mon, } -int qemuMonitorJSONSetDrivePassphrase(qemuMonitorPtr mon, - const char *alias, - const char *passphrase) -{ - int ret =3D -1; - virJSONValuePtr cmd; - virJSONValuePtr reply =3D NULL; - - cmd =3D qemuMonitorJSONMakeCommand("block_passwd", - "s:device", alias, - "s:password", passphrase, - NULL); - if (!cmd) - return -1; - - if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) - goto cleanup; - - if (qemuMonitorJSONCheckError(cmd, reply) < 0) - goto cleanup; - - ret =3D 0; - cleanup: - virJSONValueFree(cmd); - virJSONValueFree(reply); - return ret; -} - int qemuMonitorJSONDiskSnapshot(qemuMonitorPtr mon, virJSONValuePtr actions, const char *device, const char *file, diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index f4ac8319ac..1c83760dc6 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -237,10 +237,6 @@ int qemuMonitorJSONAddObject(qemuMonitorPtr mon, int qemuMonitorJSONDelObject(qemuMonitorPtr mon, const char *objalias); -int qemuMonitorJSONSetDrivePassphrase(qemuMonitorPtr mon, - const char *alias, - const char *passphrase); - int qemuMonitorJSONDiskSnapshot(qemuMonitorPtr mon, virJSONValuePtr actions, const char *device, diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index ac2049b95d..d76e3e28a0 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -370,74 +370,6 @@ qemuProcessFindDomainDiskByAlias(virDomainObjPtr vm, return NULL; } -static int -qemuProcessGetVolumeQcowPassphrase(virDomainDiskDefPtr disk, - char **secretRet, - size_t *secretLen) -{ - virConnectPtr conn =3D NULL; - char *passphrase; - unsigned char *data; - size_t size; - int ret =3D -1; - virStorageEncryptionPtr enc; - - if (!disk->src->encryption) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("disk %s does not have any encryption information= "), - disk->src->path); - return -1; - } - enc =3D disk->src->encryption; - - if (!(conn =3D virGetConnectSecret())) - goto cleanup; - - if (enc->format !=3D VIR_STORAGE_ENCRYPTION_FORMAT_QCOW || - enc->nsecrets !=3D 1 || - enc->secrets[0]->type !=3D - VIR_STORAGE_ENCRYPTION_SECRET_TYPE_PASSPHRASE) { - virReportError(VIR_ERR_XML_ERROR, - _("invalid for volume %s"), - virDomainDiskGetSource(disk)); - goto cleanup; - } - - if (virSecretGetSecretString(conn, &enc->secrets[0]->seclookupdef, - VIR_SECRET_USAGE_TYPE_VOLUME, - &data, &size) < 0) - goto cleanup; - - if (memchr(data, '\0', size) !=3D NULL) { - memset(data, 0, size); - VIR_FREE(data); - virReportError(VIR_ERR_XML_ERROR, - _("format=3D'qcow' passphrase for %s must not conta= in a " - "'\\0'"), virDomainDiskGetSource(disk)); - goto cleanup; - } - - if (VIR_ALLOC_N(passphrase, size + 1) < 0) { - memset(data, 0, size); - VIR_FREE(data); - goto cleanup; - } - memcpy(passphrase, data, size); - passphrase[size] =3D '\0'; - - memset(data, 0, size); - VIR_FREE(data); - - *secretRet =3D passphrase; - *secretLen =3D size; - - ret =3D 0; - - cleanup: - virObjectUnref(conn); - return ret; -} - static int qemuProcessHandleReset(qemuMonitorPtr mon ATTRIBUTE_UNUSED, virDomainObjPtr vm, @@ -2728,11 +2660,8 @@ qemuProcessInitPasswords(virQEMUDriverPtr driver, int asyncJob) { int ret =3D 0; - qemuDomainObjPrivatePtr priv =3D vm->privateData; virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver); size_t i; - char *alias =3D NULL; - char *secret =3D NULL; for (i =3D 0; i < vm->def->ngraphics; ++i) { virDomainGraphicsDefPtr graphics =3D vm->def->graphics[i]; @@ -2754,39 +2683,7 @@ qemuProcessInitPasswords(virQEMUDriverPtr driver, goto cleanup; } - for (i =3D 0; i < vm->def->ndisks; i++) { - size_t secretLen; - - if (!vm->def->disks[i]->src->encryption || - !virDomainDiskGetSource(vm->def->disks[i])) - continue; - - if (vm->def->disks[i]->src->encryption->format !=3D - VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT && - vm->def->disks[i]->src->encryption->format !=3D - VIR_STORAGE_ENCRYPTION_FORMAT_QCOW) - continue; - - VIR_FREE(secret); - if (qemuProcessGetVolumeQcowPassphrase(vm->def->disks[i], - &secret, &secretLen) < 0) - goto cleanup; - - VIR_FREE(alias); - if (!(alias =3D qemuAliasFromDisk(vm->def->disks[i]))) - goto cleanup; - if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0) - goto cleanup; - ret =3D qemuMonitorSetDrivePassphrase(priv->mon, alias, secret); - if (qemuDomainObjExitMonitor(driver, vm) < 0) - ret =3D -1; - if (ret < 0) - goto cleanup; - } - cleanup: - VIR_FREE(alias); - VIR_FREE(secret); virObjectUnref(cfg); return ret; } diff --git a/tests/qemumonitorjsontest.c b/tests/qemumonitorjsontest.c index add5ff0f19..3b494a1dba 100644 --- a/tests/qemumonitorjsontest.c +++ b/tests/qemumonitorjsontest.c @@ -1343,7 +1343,6 @@ GEN_TEST_FUNC(qemuMonitorJSONAddNetdev, "id=3Dnet0,ty= pe=3Dtest") GEN_TEST_FUNC(qemuMonitorJSONRemoveNetdev, "net0") GEN_TEST_FUNC(qemuMonitorJSONDelDevice, "ide0") GEN_TEST_FUNC(qemuMonitorJSONAddDevice, "some_dummy_devicestr") -GEN_TEST_FUNC(qemuMonitorJSONSetDrivePassphrase, "drive-vda", "secret_pass= hprase") GEN_TEST_FUNC(qemuMonitorJSONDriveMirror, "vdb", "/foo/bar", NULL, 1024, 0= , 0, VIR_DOMAIN_BLOCK_REBASE_SHALLOW | VIR_DOMAIN_BLOCK_REBASE_RE= USE_EXT) GEN_TEST_FUNC(qemuMonitorJSONBlockCommit, "vdb", "/foo/bar1", "/foo/bar2",= NULL, 1024) @@ -2967,7 +2966,6 @@ mymain(void) DO_TEST_GEN(qemuMonitorJSONRemoveNetdev); DO_TEST_GEN(qemuMonitorJSONDelDevice); DO_TEST_GEN(qemuMonitorJSONAddDevice); - DO_TEST_GEN(qemuMonitorJSONSetDrivePassphrase); DO_TEST_GEN(qemuMonitorJSONDriveMirror); DO_TEST_GEN(qemuMonitorJSONBlockCommit); DO_TEST_GEN(qemuMonitorJSONDrivePivot); --=20 2.16.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list