From nobody Sun Feb  8 14:51:49 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1563897909; cv=none;
	d=zoho.com; s=zohoarc;
	b=CreVZ9RjBTt+YWH+lQfI8PPOyZps+4Q+T2pnFt+6a7o+AwV92cPcNG21SjlEty9MhmaltSC2RTVEj6lJDu0kDbeHfs3T4UxkzKyU5F5VNkqTkcoTgMRD1aK+k5Y/4regPCBArwkVeBMk/rU5md8IdkDm5Qm7cEgcWX8zjgVGnj8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1563897909;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results;
	bh=FWClUIFl0t6mk71SRHZ4IWhM86McPgmxSPlsBAA5z8Y=;
	b=KkG1oPFECIGhHNM5RS42vt7RfljZekDDWspXf1gWx5QRPmJYpfzs4n/HtrndbaB9XL7yLj3RlaW2YdjYQg9pLKa7DMbXMBHqi27z3vegFtiN0vvBBTPOPfU4ZlZ42Mn6yizFv90cFMc7GXmeUmk1JpYGxHPywHZ16nOQhJQsCtw=
ARC-Authentication-Results: i=1; mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
 header.from=<berrange@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 15638979092161003.1298534701226;
 Tue, 23 Jul 2019 09:05:09 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id E9E00A3EA2;
	Tue, 23 Jul 2019 16:05:07 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id BCE955D9C5;
	Tue, 23 Jul 2019 16:05:07 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 70C8718045D0;
	Tue, 23 Jul 2019 16:05:07 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
	[10.5.11.16])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x6NG56qH025130 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 23 Jul 2019 12:05:06 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 4ECF55C234; Tue, 23 Jul 2019 16:05:06 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.36.112.10])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 285B05C652;
	Tue, 23 Jul 2019 16:05:04 +0000 (UTC)
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Date: Tue, 23 Jul 2019 17:02:58 +0100
Message-Id: <20190723160319.18153-21-berrange@redhat.com>
In-Reply-To: <20190723160319.18153-1-berrange@redhat.com>
References: <20190723160319.18153-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 20/41] secret: introduce virtsecretd daemon
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]);
 Tue, 23 Jul 2019 16:05:08 +0000 (UTC)

The virtsecretd daemon will be responsible for providing the secret API
driver functionality. The secret driver is still loaded by the main
libvirtd daemon at this stage, so virtsecretd must not be running at
the same time.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 .gitignore                        |  4 ++
 libvirt.spec.in                   |  8 ++++
 src/secret/Makefile.inc.am        | 62 +++++++++++++++++++++++++++++++
 src/secret/virtsecretd.service.in | 24 ++++++++++++
 4 files changed, 98 insertions(+)
 create mode 100644 src/secret/virtsecretd.service.in

diff --git a/.gitignore b/.gitignore
index 05bc166860..162b017c4a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -166,12 +166,16 @@
 /src/remote/virtproxyd.conf
 /src/rpc/virkeepaliveprotocol.[ch]
 /src/rpc/virnetprotocol.[ch]
+/src/secret/test_virtsecretd.aug
+/src/secret/virtsecretd.aug
+/src/secret/virtsecretd.conf
 /src/util/virkeycodetable*.h
 /src/util/virkeynametable*.h
 /src/virt-aa-helper
 /src/virtlockd
 /src/virtlogd
 /src/virtproxyd
+/src/virtsecretd
 /src/virt-guest-shutdown.target
 /tests/*.log
 /tests/*.pid
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 2f64dcabe3..8b78415761 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1634,6 +1634,14 @@ exit 0
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so
=20
 %files daemon-driver-secret
+%config(noreplace) %{_sysconfdir}/libvirt/virtsecretd.conf
+%{_datadir}/augeas/lenses/virtsecretd.aug
+%{_datadir}/augeas/lenses/tests/test_virtsecretd.aug
+%{_unitdir}/virtsecretd.service
+%{_unitdir}/virtsecretd.socket
+%{_unitdir}/virtsecretd-ro.socket
+%{_unitdir}/virtsecretd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtsecretd
 %{_libdir}/%{name}/connection-driver/libvirt_driver_secret.so
=20
 %files daemon-driver-storage
diff --git a/src/secret/Makefile.inc.am b/src/secret/Makefile.inc.am
index 7a1c8f8e1a..653c95b584 100644
--- a/src/secret/Makefile.inc.am
+++ b/src/secret/Makefile.inc.am
@@ -37,4 +37,66 @@ libvirt_driver_secret_la_LIBADD =3D \
 	$(NULL)
 libvirt_driver_secret_la_LDFLAGS =3D $(AM_LDFLAGS_MOD_NOUNDEF)
 libvirt_driver_secret_la_SOURCES =3D $(SECRET_DRIVER_SOURCES)
+
+sbin_PROGRAMS +=3D virtsecretd
+
+nodist_conf_DATA +=3D secret/virtsecretd.conf
+augeas_DATA +=3D secret/virtsecretd.aug
+augeastest_DATA +=3D secret/test_virtsecretd.aug
+CLEANFILES +=3D secret/virtsecretd.aug
+
+virtsecretd_SOURCES =3D $(REMOTE_DAEMON_SOURCES)
+virtsecretd_CFLAGS =3D \
+	$(REMOTE_DAEMON_CFLAGS) \
+	-DDAEMON_NAME=3D"\"virtsecretd\"" \
+	-DMODULE_NAME=3D"\"secret\"" \
+	$(NULL)
+virtsecretd_LDFLAGS =3D $(REMOTE_DAEMON_LD_FLAGS)
+virtsecretd_LDADD =3D $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES +=3D \
+	virtsecretd.service \
+	virtsecretd.socket \
+	virtsecretd-ro.socket \
+	virtsecretd-admin.socket \
+	$(NULL)
+SYSTEMD_UNIT_FILES_IN +=3D \
+	secret/virtsecretd.service.in \
+	$(NULL)
+
+VIRTSECRETD_UNIT_VARS =3D \
+	$(VIRTD_UNIT_VARS) \
+	-e 's|[@]name[@]|Libvirt secret|g' \
+	-e 's|[@]service[@]|virtsecretd|g' \
+	-e 's|[@]sockprefix[@]|virtsecretd|g' \
+	$(NULL)
+
+virtsecretd.service: secret/virtsecretd.service.in $(top_builddir)/config.=
status
+	$(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+virtsecret%.socket: remote/libvirt%.socket.in $(top_builddir)/config.status
+	$(AM_V_GEN)sed $(VIRTSECRETD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+secret/virtsecretd.conf: remote/libvirtd.conf.in
+	$(AM_V_GEN)sed \
+		-e '/:: CUT ENABLE_IP ::/,/:: END ::/d' \
+		-e 's/:: DAEMON_NAME ::/virtsecretd/' \
+		< $^ > $@
+
+secret/virtsecretd.aug: remote/libvirtd.aug.in
+	$(AM_V_GEN)$(SED) \
+		-e '/:: CUT ENABLE_IP ::/,/:: END ::/d' \
+		-e 's/:: DAEMON_NAME ::/virtsecretd/' \
+		-e 's/:: DAEMON_NAME_UC ::/Virtsecretd/' \
+		$< > $@
+
+secret/test_virtsecretd.aug: remote/test_libvirtd.aug.in \
+		secret/virtsecretd.conf $(AUG_GENTEST)
+	$(AM_V_GEN)$(AUG_GENTEST) secret/virtsecretd.conf \
+		$(srcdir)/remote/test_libvirtd.aug.in | \
+		$(SED) -e '/:: CUT ENABLE_IP ::/,/:: END ::/d' \
+		-e 's/:: DAEMON_NAME ::/virtsecretd/' \
+		-e 's/:: DAEMON_NAME_UC ::/Virtsecretd/' \
+		> $@ || rm -f $@
+
 endif WITH_SECRETS
diff --git a/src/secret/virtsecretd.service.in b/src/secret/virtsecretd.ser=
vice.in
new file mode 100644
index 0000000000..00cdc26b97
--- /dev/null
+++ b/src/secret/virtsecretd.service.in
@@ -0,0 +1,24 @@
+[Unit]
+Description=3DVirtualization secret daemon
+Conflicts=3Dlibvirtd.service
+Requires=3Dvirtsecretd.socket
+Requires=3Dvirtsecretd-ro.socket
+Requires=3Dvirtsecretd-admin.socket
+After=3Dnetwork.target
+After=3Ddbus.service
+After=3Dapparmor.service
+After=3Dlocal-fs.target
+Documentation=3Dman:libvirtd(8)
+Documentation=3Dhttps://libvirt.org
+
+[Service]
+Type=3Dnotify
+ExecStart=3D@sbindir@/virtsecretd --timeout 120
+ExecReload=3D/bin/kill -HUP $MAINPID
+Restart=3Don-failure
+
+[Install]
+WantedBy=3Dmulti-user.target
+Also=3Dvirtsecretd.socket
+Also=3Dvirtsecretd-ro.socket
+Also=3Dvirtsecretd-admin.socket
--=20
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list