From nobody Wed Nov 27 20:36:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1534868618482839.7181074887751; Tue, 21 Aug 2018 09:23:38 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 241815275A; Tue, 21 Aug 2018 16:23:36 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E4A9C74EAE; Tue, 21 Aug 2018 16:23:35 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9D8A8181A13A; Tue, 21 Aug 2018 16:23:35 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w7LGNNC6010125 for ; Tue, 21 Aug 2018 12:23:23 -0400 Received: by smtp.corp.redhat.com (Postfix) id BADBF74E1A; Tue, 21 Aug 2018 16:23:23 +0000 (UTC) Received: from unknown54ee7586bd10.attlocal.net.com (ovpn-116-58.phx2.redhat.com [10.3.116.58]) by smtp.corp.redhat.com (Postfix) with ESMTP id 74B756FDD5 for ; Tue, 21 Aug 2018 16:23:23 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Tue, 21 Aug 2018 12:23:15 -0400 Message-Id: <20180821162317.31638-2-jferlan@redhat.com> In-Reply-To: <20180821162317.31638-1-jferlan@redhat.com> References: <20180821162317.31638-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 1/3] storage: Remove secretPath from _virStorageBackendQemuImgInfo X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 21 Aug 2018 16:23:36 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" There's really no need for it to be there since it's only ever used inside virStorageBackendCreateQemuImgCmdFromVol Signed-off-by: John Ferlan --- src/storage/storage_util.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index 42a9b6abf0..b32e3ccf7d 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -716,7 +716,6 @@ struct _virStorageBackendQemuImgInfo { int inputFormat; =20 char *secretAlias; - const char *secretPath; }; =20 =20 @@ -1088,7 +1087,6 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePo= olObjPtr pool, .compat =3D vol->target.compat, .features =3D vol->target.features, .nocow =3D vol->target.nocow, - .secretPath =3D secretPath, .secretAlias =3D NULL, }; virStorageEncryptionPtr enc =3D vol->target.encryption; @@ -1131,14 +1129,14 @@ virStorageBackendCreateQemuImgCmdFromVol(virStorage= PoolObjPtr pool, virCommandAddArgList(cmd, "-b", info.backingPath, NULL); =20 if (enc) { - if (!info.secretPath) { + if (!secretPath) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("path to secret data file is required")); goto error; } if (virAsprintf(&info.secretAlias, "%s_encrypt0", vol->name) < 0) goto error; - if (storageBackendCreateQemuImgSecretObject(cmd, info.secretPath, + if (storageBackendCreateQemuImgSecretObject(cmd, secretPath, info.secretAlias) < 0) goto error; encinfo =3D &enc->encinfo; --=20 2.17.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Nov 27 20:36:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1534868609793108.48974642384474; Tue, 21 Aug 2018 09:23:29 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0D3183164990; Tue, 21 Aug 2018 16:23:27 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 55FA260CD6; Tue, 21 Aug 2018 16:23:26 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7C07C18005D0; Tue, 21 Aug 2018 16:23:25 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w7LGNO2V010130 for ; Tue, 21 Aug 2018 12:23:24 -0400 Received: by smtp.corp.redhat.com (Postfix) id 38E4C74E1A; Tue, 21 Aug 2018 16:23:24 +0000 (UTC) Received: from unknown54ee7586bd10.attlocal.net.com (ovpn-116-58.phx2.redhat.com [10.3.116.58]) by smtp.corp.redhat.com (Postfix) with ESMTP id E6A5A6FDD5 for ; Tue, 21 Aug 2018 16:23:23 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Tue, 21 Aug 2018 12:23:16 -0400 Message-Id: <20180821162317.31638-3-jferlan@redhat.com> In-Reply-To: <20180821162317.31638-1-jferlan@redhat.com> References: <20180821162317.31638-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 2/3] storage: Allow for inputvol to have any format for encryption X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Tue, 21 Aug 2018 16:23:27 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Commit 39cef12a9 altered/fixed the inputvol processing to create a multistep process when using an inputvol to create an encrypted output volume; however, it unnecessarily assumed/restricted the inputvol to be of 'raw' format only. Modify the processing code to allow the inputvol format to be checked and used in order to create the encrypted volume. Signed-off-by: John Ferlan --- src/storage/storage_util.c | 15 +++++++++++-- .../luks-convert-qcow2.argv | 9 ++++++++ tests/storagevolxml2argvtest.c | 4 ++++ tests/storagevolxml2xmlin/vol-file-qcow2.xml | 21 +++++++++++++++++++ 4 files changed, 47 insertions(+), 2 deletions(-) create mode 100644 tests/storagevolxml2argvdata/luks-convert-qcow2.argv create mode 100644 tests/storagevolxml2xmlin/vol-file-qcow2.xml diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index b32e3ccf7d..cc49a5b9f7 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -699,6 +699,7 @@ storagePloopResize(virStorageVolDefPtr vol, struct _virStorageBackendQemuImgInfo { int format; const char *type; + const char *inputType; const char *path; unsigned long long size_arg; unsigned long long allocation; @@ -1021,6 +1022,15 @@ virStorageBackendCreateQemuImgSetInfo(virStoragePool= ObjPtr pool, return -1; } =20 + if (inputvol && + !(info->inputType =3D + virStorageFileFormatTypeToString(inputvol->target.format))) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("unknown inputvol storage vol type %d"), + inputvol->target.format); + return -1; + } + if (info->preallocate && info->format !=3D VIR_STORAGE_FILE_QCOW2) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("metadata preallocation only available with qcow2= ")); @@ -1080,6 +1090,7 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePo= olObjPtr pool, struct _virStorageBackendQemuImgInfo info =3D { .format =3D vol->target.format, .type =3D NULL, + .inputType =3D NULL, .path =3D vol->target.path, .allocation =3D vol->target.allocation, .encryption =3D !!vol->target.encryption, @@ -1152,8 +1163,8 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePo= olObjPtr pool, virCommandAddArgFormat(cmd, "%lluK", info.size_arg); } else { /* source */ - virCommandAddArgFormat(cmd, "driver=3Draw,file.filename=3D%s", - info.inputPath); + virCommandAddArgFormat(cmd, "driver=3D%s,file.filename=3D%s", + info.inputType, info.inputPath); =20 /* dest */ virCommandAddArgFormat(cmd, "driver=3D%s,file.filename=3D%s,key-se= cret=3D%s", diff --git a/tests/storagevolxml2argvdata/luks-convert-qcow2.argv b/tests/s= toragevolxml2argvdata/luks-convert-qcow2.argv new file mode 100644 index 0000000000..9124f5f27c --- /dev/null +++ b/tests/storagevolxml2argvdata/luks-convert-qcow2.argv @@ -0,0 +1,9 @@ +qemu-img create -f luks \ +--object secret,id=3DOtherDemo.img_encrypt0,file=3D/path/to/secretFile \ +-o key-secret=3DOtherDemo.img_encrypt0 \ +/var/lib/libvirt/images/OtherDemo.img 5242880K +qemu-img convert --image-opts -n --target-image-opts \ +--object secret,id=3DOtherDemo.img_encrypt0,file=3D/path/to/secretFile \ +driver=3Dqcow2,file.filename=3D/var/lib/libvirt/images/sparse-qcow2.img \ +driver=3Dluks,file.filename=3D/var/lib/libvirt/images/OtherDemo.img,\ +key-secret=3DOtherDemo.img_encrypt0 diff --git a/tests/storagevolxml2argvtest.c b/tests/storagevolxml2argvtest.c index b795f83aee..6a9a080dd1 100644 --- a/tests/storagevolxml2argvtest.c +++ b/tests/storagevolxml2argvtest.c @@ -284,6 +284,10 @@ mymain(void) "pool-dir", "vol-file", "luks-convert", 0); =20 + DO_TEST("pool-dir", "vol-luks-convert", + "pool-dir", "vol-file-qcow2", + "luks-convert-qcow2", 0); + return ret =3D=3D 0 ? EXIT_SUCCESS : EXIT_FAILURE; } =20 diff --git a/tests/storagevolxml2xmlin/vol-file-qcow2.xml b/tests/storagevo= lxml2xmlin/vol-file-qcow2.xml new file mode 100644 index 0000000000..025e7e0239 --- /dev/null +++ b/tests/storagevolxml2xmlin/vol-file-qcow2.xml @@ -0,0 +1,21 @@ + + sparse-qcow2.img + + 1 + 0 + + /var/lib/libvirt/images/sparse-qcow2.img + + + 0 + 0744 + 0 + + + + 1341933637.273190990 + 1341930622.047245868 + 1341930622.047245868 + + + --=20 2.17.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed Nov 27 20:36:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1534868610965618.6663629125031; Tue, 21 Aug 2018 09:23:30 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E68F3C058CBD; Tue, 21 Aug 2018 16:23:28 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B021E308BDA0; Tue, 21 Aug 2018 16:23:28 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 65999181A12E; Tue, 21 Aug 2018 16:23:28 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w7LGNO5A010135 for ; Tue, 21 Aug 2018 12:23:24 -0400 Received: by smtp.corp.redhat.com (Postfix) id BFA1D6FDD5; Tue, 21 Aug 2018 16:23:24 +0000 (UTC) Received: from unknown54ee7586bd10.attlocal.net.com (ovpn-116-58.phx2.redhat.com [10.3.116.58]) by smtp.corp.redhat.com (Postfix) with ESMTP id 64DD274E1C for ; Tue, 21 Aug 2018 16:23:24 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Tue, 21 Aug 2018 12:23:17 -0400 Message-Id: <20180821162317.31638-4-jferlan@redhat.com> In-Reply-To: <20180821162317.31638-1-jferlan@redhat.com> References: <20180821162317.31638-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 3/3] storage: Allow inputvol to be encrypted X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.24 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Tue, 21 Aug 2018 16:23:29 +0000 (UTC) X-ZohoMail: RDMRC_0 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" https://bugzilla.redhat.com/show_bug.cgi?id=3D1613737 When processing the inputvol for encryption, we need to handle the case where the inputvol is encrypted. This then allows for the encrypted inputvol to be used either for an output encrypted volume or an output volume of some XML provided type. Add tests to show the various conversion options when either input or output is encrypted. This includes when both are encrypted. Signed-off-by: John Ferlan --- src/storage/storage_util.c | 62 ++++++++++++++++--- src/storage/storage_util.h | 1 + .../luks-convert-encrypt.argv | 11 ++++ .../luks-convert-encrypt2fileqcow2.argv | 7 +++ .../luks-convert-encrypt2fileraw.argv | 7 +++ tests/storagevolxml2argvtest.c | 15 ++++- tests/storagevolxml2xmlin/vol-encrypt1.xml | 21 +++++++ tests/storagevolxml2xmlin/vol-encrypt2.xml | 21 +++++++ 8 files changed, 137 insertions(+), 8 deletions(-) create mode 100644 tests/storagevolxml2argvdata/luks-convert-encrypt.argv create mode 100644 tests/storagevolxml2argvdata/luks-convert-encrypt2fileq= cow2.argv create mode 100644 tests/storagevolxml2argvdata/luks-convert-encrypt2filer= aw.argv create mode 100644 tests/storagevolxml2xmlin/vol-encrypt1.xml create mode 100644 tests/storagevolxml2xmlin/vol-encrypt2.xml diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index cc49a5b9f7..3c1e875b27 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -1084,6 +1084,7 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePo= olObjPtr pool, unsigned int flags, const char *create_tool, const char *secretPath, + const char *inputSecretPath, virStorageVolEncryptConvertStep c= onvertStep) { virCommandPtr cmd =3D NULL; @@ -1101,6 +1102,8 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePo= olObjPtr pool, .secretAlias =3D NULL, }; virStorageEncryptionPtr enc =3D vol->target.encryption; + char *inputSecretAlias =3D NULL; + virStorageEncryptionPtr inputenc =3D inputvol ? inputvol->target.encry= ption : NULL; virStorageEncryptionInfoDefPtr encinfo =3D NULL; =20 virCheckFlags(VIR_STORAGE_VOL_CREATE_PREALLOC_METADATA, NULL); @@ -1114,6 +1117,12 @@ virStorageBackendCreateQemuImgCmdFromVol(virStorageP= oolObjPtr pool, goto error; } =20 + if (inputenc && inputenc->format !=3D VIR_STORAGE_ENCRYPTION_FORMAT_LU= KS) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("encryption format of inputvol must be LUKS")); + goto error; + } + if (virStorageBackendCreateQemuImgSetInfo(pool, vol, inputvol, convertStep, &info) < 0) goto error; @@ -1153,6 +1162,20 @@ virStorageBackendCreateQemuImgCmdFromVol(virStorageP= oolObjPtr pool, encinfo =3D &enc->encinfo; } =20 + if (inputenc && convertStep =3D=3D VIR_STORAGE_VOL_ENCRYPT_CONVERT) { + if (!inputSecretPath) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("path to inputvol secret data file is require= d")); + goto error; + } + if (virAsprintf(&inputSecretAlias, "%s_encrypt0", + inputvol->name) < 0) + goto error; + if (storageBackendCreateQemuImgSecretObject(cmd, inputSecretPath, + inputSecretAlias) < 0) + goto error; + } + if (convertStep !=3D VIR_STORAGE_VOL_ENCRYPT_CONVERT) { if (storageBackendCreateQemuImgSetOptions(cmd, encinfo, info) < 0) goto error; @@ -1163,19 +1186,32 @@ virStorageBackendCreateQemuImgCmdFromVol(virStorage= PoolObjPtr pool, virCommandAddArgFormat(cmd, "%lluK", info.size_arg); } else { /* source */ - virCommandAddArgFormat(cmd, "driver=3D%s,file.filename=3D%s", - info.inputType, info.inputPath); + if (inputenc) + virCommandAddArgFormat(cmd, + "driver=3Dluks,file.filename=3D%s,key-s= ecret=3D%s", + info.inputPath, inputSecretAlias); + else + virCommandAddArgFormat(cmd, "driver=3D%s,file.filename=3D%s", + info.inputType, info.inputPath); =20 /* dest */ - virCommandAddArgFormat(cmd, "driver=3D%s,file.filename=3D%s,key-se= cret=3D%s", - info.type, info.path, info.secretAlias); + if (enc) + virCommandAddArgFormat(cmd, + "driver=3D%s,file.filename=3D%s,key-sec= ret=3D%s", + info.type, info.path, info.secretAlias); + else + virCommandAddArgFormat(cmd, "driver=3D%s,file.filename=3D%s", + info.type, info.path); + } VIR_FREE(info.secretAlias); + VIR_FREE(inputSecretAlias); =20 return cmd; =20 error: VIR_FREE(info.secretAlias); + VIR_FREE(inputSecretAlias); virCommandFree(cmd); return NULL; } @@ -1261,6 +1297,7 @@ storageBackendDoCreateQemuImg(virStoragePoolObjPtr po= ol, unsigned int flags, const char *create_tool, const char *secretPath, + const char *inputSecretPath, virStorageVolEncryptConvertStep convertStep) { int ret; @@ -1268,7 +1305,8 @@ storageBackendDoCreateQemuImg(virStoragePoolObjPtr po= ol, =20 cmd =3D virStorageBackendCreateQemuImgCmdFromVol(pool, vol, inputvol, flags, create_tool, - secretPath, convertStep= ); + secretPath, inputSecret= Path, + convertStep); if (!cmd) return -1; =20 @@ -1289,6 +1327,7 @@ storageBackendCreateQemuImg(virStoragePoolObjPtr pool, int ret =3D -1; char *create_tool; char *secretPath =3D NULL; + char *inputSecretPath =3D NULL; virStorageVolEncryptConvertStep convertStep =3D VIR_STORAGE_VOL_ENCRYP= T_NONE; =20 virCheckFlags(VIR_STORAGE_VOL_CREATE_PREALLOC_METADATA, -1); @@ -1305,16 +1344,21 @@ storageBackendCreateQemuImg(virStoragePoolObjPtr po= ol, !(secretPath =3D storageBackendCreateQemuImgSecretPath(pool, vol))) goto cleanup; =20 + if (inputvol && inputvol->target.encryption && + !(inputSecretPath =3D storageBackendCreateQemuImgSecretPath(pool, + inputvol= ))) + goto cleanup; + /* Using an input file for encryption requires a multi-step process * to create an image of the same size as the inputvol and then to * convert the inputvol afterwards. */ - if (secretPath && inputvol) + if ((secretPath || inputSecretPath) && inputvol) convertStep =3D VIR_STORAGE_VOL_ENCRYPT_CREATE; =20 do { ret =3D storageBackendDoCreateQemuImg(pool, vol, inputvol, flags, create_tool, secretPath, - convertStep); + inputSecretPath, convertStep); =20 /* Failure to convert, attempt to delete what we created */ if (ret < 0 && convertStep =3D=3D VIR_STORAGE_VOL_ENCRYPT_CONVERT) @@ -1336,6 +1380,10 @@ storageBackendCreateQemuImg(virStoragePoolObjPtr poo= l, unlink(secretPath); VIR_FREE(secretPath); } + if (inputSecretPath) { + unlink(inputSecretPath); + VIR_FREE(inputSecretPath); + } VIR_FREE(create_tool); return ret; } diff --git a/src/storage/storage_util.h b/src/storage/storage_util.h index 6fc8e8972c..58b991c772 100644 --- a/src/storage/storage_util.h +++ b/src/storage/storage_util.h @@ -167,6 +167,7 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePool= ObjPtr pool, unsigned int flags, const char *create_tool, const char *secretPath, + const char *inputSecretPath, virStorageVolEncryptConvertStep c= onvertStep); =20 int virStorageBackendSCSIFindLUs(virStoragePoolObjPtr pool, diff --git a/tests/storagevolxml2argvdata/luks-convert-encrypt.argv b/tests= /storagevolxml2argvdata/luks-convert-encrypt.argv new file mode 100644 index 0000000000..b2ad16b7cb --- /dev/null +++ b/tests/storagevolxml2argvdata/luks-convert-encrypt.argv @@ -0,0 +1,11 @@ +qemu-img create -f luks \ +--object secret,id=3Dencrypt2.img_encrypt0,file=3D/path/to/secretFile \ +-o key-secret=3Dencrypt2.img_encrypt0 \ +/var/lib/libvirt/images/encrypt2.img 5242880K +qemu-img convert --image-opts -n --target-image-opts \ +--object secret,id=3Dencrypt2.img_encrypt0,file=3D/path/to/secretFile \ +--object secret,id=3Dencrypt1.img_encrypt0,file=3D/path/to/inputSecretFile= \ +driver=3Dluks,file.filename=3D/var/lib/libvirt/images/encrypt1.img,\ +key-secret=3Dencrypt1.img_encrypt0 \ +driver=3Dluks,file.filename=3D/var/lib/libvirt/images/encrypt2.img,\ +key-secret=3Dencrypt2.img_encrypt0 diff --git a/tests/storagevolxml2argvdata/luks-convert-encrypt2fileqcow2.ar= gv b/tests/storagevolxml2argvdata/luks-convert-encrypt2fileqcow2.argv new file mode 100644 index 0000000000..82cb364b61 --- /dev/null +++ b/tests/storagevolxml2argvdata/luks-convert-encrypt2fileqcow2.argv @@ -0,0 +1,7 @@ +qemu-img create -f qcow2 \ +-o compat=3D0.10 /var/lib/libvirt/images/sparse-qcow2.img 1073741824K +qemu-img convert --image-opts -n --target-image-opts \ +--object secret,id=3Dencrypt2.img_encrypt0,file=3D/path/to/inputSecretFile= \ +driver=3Dluks,file.filename=3D/var/lib/libvirt/images/encrypt2.img,\ +key-secret=3Dencrypt2.img_encrypt0 \ +driver=3Dqcow2,file.filename=3D/var/lib/libvirt/images/sparse-qcow2.img diff --git a/tests/storagevolxml2argvdata/luks-convert-encrypt2fileraw.argv= b/tests/storagevolxml2argvdata/luks-convert-encrypt2fileraw.argv new file mode 100644 index 0000000000..2661c345a8 --- /dev/null +++ b/tests/storagevolxml2argvdata/luks-convert-encrypt2fileraw.argv @@ -0,0 +1,7 @@ +qemu-img create -f raw \ +/var/lib/libvirt/images/sparse.img 1073741824K +qemu-img convert --image-opts -n --target-image-opts \ +--object secret,id=3Dencrypt2.img_encrypt0,file=3D/path/to/inputSecretFile= \ +driver=3Dluks,file.filename=3D/var/lib/libvirt/images/encrypt2.img,\ +key-secret=3Dencrypt2.img_encrypt0 \ +driver=3Draw,file.filename=3D/var/lib/libvirt/images/sparse.img diff --git a/tests/storagevolxml2argvtest.c b/tests/storagevolxml2argvtest.c index 6a9a080dd1..105705f348 100644 --- a/tests/storagevolxml2argvtest.c +++ b/tests/storagevolxml2argvtest.c @@ -85,7 +85,7 @@ testCompareXMLToArgvFiles(bool shouldFail, * convert the inputvol afterwards. Since we only care about the * command line we have to copy code from storageBackendCreateQemuImg * and adjust it for the test needs. */ - if (inputvol && vol->target.encryption) + if (inputvol && (vol->target.encryption || inputvol->target.encryption= )) convertStep =3D VIR_STORAGE_VOL_ENCRYPT_CREATE; =20 do { @@ -93,6 +93,7 @@ testCompareXMLToArgvFiles(bool shouldFail, inputvol, flags, create_tool, "/path/to/secretFil= e", + "/path/to/inputSecr= etFile", convertStep); if (!cmd) { if (shouldFail) { @@ -288,6 +289,18 @@ mymain(void) "pool-dir", "vol-file-qcow2", "luks-convert-qcow2", 0); =20 + DO_TEST("pool-dir", "vol-encrypt2", + "pool-dir", "vol-encrypt1", + "luks-convert-encrypt", 0); + + DO_TEST("pool-dir", "vol-file", + "pool-dir", "vol-encrypt2", + "luks-convert-encrypt2fileraw", 0); + + DO_TEST("pool-dir", "vol-file-qcow2", + "pool-dir", "vol-encrypt2", + "luks-convert-encrypt2fileqcow2", 0); + return ret =3D=3D 0 ? EXIT_SUCCESS : EXIT_FAILURE; } =20 diff --git a/tests/storagevolxml2xmlin/vol-encrypt1.xml b/tests/storagevolx= ml2xmlin/vol-encrypt1.xml new file mode 100644 index 0000000000..681734dc7b --- /dev/null +++ b/tests/storagevolxml2xmlin/vol-encrypt1.xml @@ -0,0 +1,21 @@ + + encrypt1.img + /var/lib/libvirt/images/encrypt1.img + + + 5 + 294912 + + /var/lib/libvirt/images/encrypt1.img + + + 0644 + 0 + 0 + + + + + + + diff --git a/tests/storagevolxml2xmlin/vol-encrypt2.xml b/tests/storagevolx= ml2xmlin/vol-encrypt2.xml new file mode 100644 index 0000000000..0507d3b9e6 --- /dev/null +++ b/tests/storagevolxml2xmlin/vol-encrypt2.xml @@ -0,0 +1,21 @@ + + encrypt2.img + /var/lib/libvirt/images/encrypt2.img + + + 5 + 294912 + + /var/lib/libvirt/images/encrypt2.img + + + 0644 + 0 + 0 + + + + + + + --=20 2.17.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list