[Libguestfs] [PATCH 3/3] OCaml tools: add crypto support (RHBZ#1362649)

Pino Toscano ptoscano at redhat.com
Mon Sep 19 17:12:46 UTC 2016 

Make use of the additional command line arguments, and API needed to
decrypt LUKS partitions.

This affects only virt-customize, virt-get-kernel, virt-sparsify, and
virt-sysprep, as they are the main OCaml tools interacting with
user-provided images.
---
 customize/customize_main.ml    |  5 ++++-
 customize/virt-customize.pod   | 12 ++++++++++++
 get-kernel/get_kernel.ml       |  5 ++++-
 get-kernel/virt-get-kernel.pod | 12 ++++++++++++
 sparsify/cmdline.ml            |  2 +-
 sparsify/copying.ml            |  3 +++
 sparsify/in_place.ml           |  3 +++
 sparsify/virt-sparsify.pod     | 12 ++++++++++++
 sysprep/main.ml                |  5 ++++-
 sysprep/virt-sysprep.pod       | 12 ++++++++++++
 10 files changed, 67 insertions(+), 4 deletions(-)

diff --git a/customize/customize_main.ml b/customize/customize_main.ml
index 07fd790..5613277 100644
--- a/customize/customize_main.ml
+++ b/customize/customize_main.ml
@@ -102,7 +102,7 @@ A short summary of the options is given below.  For detailed help please
 read the man page virt-customize(1).
 ")
       prog in
-  let opthandle = create_standard_options argspec usage_msg in
+  let opthandle = create_standard_options argspec ~key_opts:true usage_msg in
   Getopt.parse opthandle;
 
   if not !format_consumed then
@@ -175,6 +175,9 @@ read the man page virt-customize(1).
     g#launch ();
     g in
 
+  (* Decrypt the disks. *)
+  inspect_decrypt g;
+
   (* Inspection. *)
   (match Array.to_list (g#inspect_os ()) with
   | [] ->
diff --git a/customize/virt-customize.pod b/customize/virt-customize.pod
index e594f61..a0ca9c9 100644
--- a/customize/virt-customize.pod
+++ b/customize/virt-customize.pod
@@ -107,6 +107,13 @@ used instead of names.
 Perform a read-only "dry run" on the guest.  This runs the sysprep
 operation, but throws away any changes to the disk at the end.
 
+=item B<--echo-keys>
+
+When prompting for keys and passphrases, virt-customize normally turns
+echoing off so you cannot see what you are typing.  If you are not
+worried about Tempest attacks and there is no one else in the room
+you can specify this flag to see what you are typing.
+
 =item B<--format> raw|qcow2|..
 
 =item B<--format> auto
@@ -131,6 +138,11 @@ If you have untrusted raw-format guest disk images, you should use
 this option to specify the disk format.  This avoids a possible
 security problem with malicious guests (CVE-2010-3851).
 
+=item B<--keys-from-stdin>
+
+Read key or passphrase parameters from stdin.  The default is
+to try to read passphrases from the user by opening F</dev/tty>.
+
 =item B<-m> MB
 
 =item B<--memsize> MB
diff --git a/get-kernel/get_kernel.ml b/get-kernel/get_kernel.ml
index f83a940..adf9649 100644
--- a/get-kernel/get_kernel.ml
+++ b/get-kernel/get_kernel.ml
@@ -70,7 +70,7 @@ A short summary of the options is given below.  For detailed help please
 read the man page virt-get-kernel(1).
 ")
       prog in
-  let opthandle = create_standard_options argspec usage_msg in
+  let opthandle = create_standard_options argspec ~key_opts:true usage_msg in
   Getopt.parse opthandle;
 
   (* Machine-readable mode?  Print out some facts about what
@@ -174,6 +174,9 @@ let main () =
   add g;
   g#launch ();
 
+  (* Decrypt the disks. *)
+  inspect_decrypt g;
+
   let roots = g#inspect_os () in
   if Array.length roots = 0 then
     error (f_"no operating system found");
diff --git a/get-kernel/virt-get-kernel.pod b/get-kernel/virt-get-kernel.pod
index 97a159c..8298fe5 100644
--- a/get-kernel/virt-get-kernel.pod
+++ b/get-kernel/virt-get-kernel.pod
@@ -70,6 +70,13 @@ not used at all.
 Add all the disks from the named libvirt guest.  Domain UUIDs can be
 used instead of names.
 
+=item B<--echo-keys>
+
+When prompting for keys and passphrases, virt-get-kernel normally turns
+echoing off so you cannot see what you are typing.  If you are not
+worried about Tempest attacks and there is no one else in the room
+you can specify this flag to see what you are typing.
+
 =item B<--format> raw|qcow2|..
 
 =item B<--format> auto
@@ -82,6 +89,11 @@ If you have untrusted raw-format guest disk images, you should use
 this option to specify the disk format.  This avoids a possible
 security problem with malicious guests (CVE-2010-3851).
 
+=item B<--keys-from-stdin>
+
+Read key or passphrase parameters from stdin.  The default is
+to try to read passphrases from the user by opening F</dev/tty>.
+
 =item B<--machine-readable>
 
 This option is used to make the output more machine friendly
diff --git a/sparsify/cmdline.ml b/sparsify/cmdline.ml
index 523d612..2a9dd48 100644
--- a/sparsify/cmdline.ml
+++ b/sparsify/cmdline.ml
@@ -90,7 +90,7 @@ A short summary of the options is given below.  For detailed help please
 read the man page virt-sparsify(1).
 ")
       prog in
-  let opthandle = create_standard_options argspec ~anon_fun usage_msg in
+  let opthandle = create_standard_options argspec ~anon_fun ~key_opts:true usage_msg in
   Getopt.parse opthandle;
 
   (* Dereference the rest of the args. *)
diff --git a/sparsify/copying.ml b/sparsify/copying.ml
index 003dbf8..9c66428 100644
--- a/sparsify/copying.ml
+++ b/sparsify/copying.ml
@@ -182,6 +182,9 @@ You can ignore this warning or change it to a hard failure using the
 
     g in
 
+  (* Decrypt the disks. *)
+  inspect_decrypt g;
+
   (* Modify SIGINT handler (set first above) to cancel the handle. *)
   let do_sigint _ =
     g#user_cancel ();
diff --git a/sparsify/in_place.ml b/sparsify/in_place.ml
index e2ee9d9..5411892 100644
--- a/sparsify/in_place.ml
+++ b/sparsify/in_place.ml
@@ -57,6 +57,9 @@ let run disk format ignores machine_readable zeroes =
   if not (g#feature_available [|"fstrim"|]) then
     error ~exit_code:3 (f_"discard/trim is not supported");
 
+  (* Decrypt the disks. *)
+  inspect_decrypt g;
+
   (* Discard non-ignored filesystems that we are able to mount, and
    * selected swap partitions.
    *)
diff --git a/sparsify/virt-sparsify.pod b/sparsify/virt-sparsify.pod
index 177cd03..fa72c23 100644
--- a/sparsify/virt-sparsify.pod
+++ b/sparsify/virt-sparsify.pod
@@ -192,6 +192,13 @@ For fine-tuning the output format, see: I<--compress>, I<-o>.
 
 You cannot use this option and I<--in-place> together.
 
+=item B<--echo-keys>
+
+When prompting for keys and passphrases, virt-sparsify normally turns
+echoing off so you cannot see what you are typing.  If you are not
+worried about Tempest attacks and there is no one else in the room
+you can specify this flag to see what you are typing.
+
 =item B<--format> raw
 
 =item B<--format> qcow2
@@ -223,6 +230,11 @@ You can give this option multiple times.
 Do in-place sparsification instead of copying sparsification.
 See L</IN-PLACE SPARSIFICATION> below.
 
+=item B<--keys-from-stdin>
+
+Read key or passphrase parameters from stdin.  The default is
+to try to read passphrases from the user by opening F</dev/tty>.
+
 =item B<--machine-readable>
 
 This option is used to make the output more machine friendly
diff --git a/sysprep/main.ml b/sysprep/main.ml
index 01ea590..2fa416f 100644
--- a/sysprep/main.ml
+++ b/sysprep/main.ml
@@ -147,7 +147,7 @@ A short summary of the options is given below.  For detailed help please
 read the man page virt-sysprep(1).
 ")
         prog in
-    let opthandle = create_standard_options args usage_msg in
+    let opthandle = create_standard_options args ~key_opts:true usage_msg in
     Getopt.parse opthandle;
 
     if not !format_consumed then
@@ -216,6 +216,9 @@ read the man page virt-sysprep(1).
 
     operations, g, mount_opts in
 
+  (* Decrypt the disks. *)
+  inspect_decrypt g;
+
   (* Inspection. *)
   (match Array.to_list (g#inspect_os ()) with
   | [] ->
diff --git a/sysprep/virt-sysprep.pod b/sysprep/virt-sysprep.pod
index bdb4580..0e59b4c 100644
--- a/sysprep/virt-sysprep.pod
+++ b/sysprep/virt-sysprep.pod
@@ -155,6 +155,13 @@ version of virt-sysprep.
 See L</OPERATIONS> below for a list and an explanation of each
 operation.
 
+=item B<--echo-keys>
+
+When prompting for keys and passphrases, virt-sysprep normally turns
+echoing off so you cannot see what you are typing.  If you are not
+worried about Tempest attacks and there is no one else in the room
+you can specify this flag to see what you are typing.
+
 =item B<--format> raw|qcow2|..
 
 =item B<--format> auto
@@ -179,6 +186,11 @@ If you have untrusted raw-format guest disk images, you should use
 this option to specify the disk format.  This avoids a possible
 security problem with malicious guests (CVE-2010-3851).
 
+=item B<--keys-from-stdin>
+
+Read key or passphrase parameters from stdin.  The default is
+to try to read passphrases from the user by opening F</dev/tty>.
+
 =item B<--list-operations>
 
 List the operations supported by the virt-sysprep program.
-- 
2.7.4

More information about the Libguestfs mailing list