[Libguestfs] [PATCH 1/3] fish: move disk decryption helpers in own file
Richard W.M. Jones
rjones at redhat.com
Mon Sep 19 17:31:37 UTC 2016
On Mon, Sep 19, 2016 at 07:12:44PM +0200, Pino Toscano wrote:
> This way it is easier to use them outside the rest of the code in
> guestfish for inspection & mount.
>
> Just code motion, no behaviour changes.
> ---
> align/Makefile.am | 1 +
> cat/Makefile.am | 1 +
> df/Makefile.am | 1 +
> diff/Makefile.am | 1 +
> edit/Makefile.am | 1 +
> fish/Makefile.am | 1 +
> fish/decrypt.c | 102 ++++++++++++++++++++++++++++++++++++++++++++++++++
> fish/inspect.c | 68 ---------------------------------
> fish/options.h | 4 +-
> format/Makefile.am | 1 +
> fuse/Makefile.am | 1 +
> inspector/Makefile.am | 1 +
> rescue/Makefile.am | 1 +
> 13 files changed, 115 insertions(+), 69 deletions(-)
> create mode 100644 fish/decrypt.c
>
> diff --git a/align/Makefile.am b/align/Makefile.am
> index 1eccf28..eb44263 100644
> --- a/align/Makefile.am
> +++ b/align/Makefile.am
> @@ -33,6 +33,7 @@ SHARED_SOURCE_FILES = \
> ../df/parallel.c \
> ../df/parallel.h \
> ../fish/config.c \
> + ../fish/decrypt.c \
> ../fish/display-options.h \
> ../fish/display-options.c \
> ../fish/domain.c \
> diff --git a/cat/Makefile.am b/cat/Makefile.am
> index 38faa94..5e55742 100644
> --- a/cat/Makefile.am
> +++ b/cat/Makefile.am
> @@ -31,6 +31,7 @@ EXTRA_DIST = \
> bin_PROGRAMS = virt-cat virt-filesystems virt-log virt-ls
>
> SHARED_SOURCE_FILES = \
> + ../fish/decrypt.c \
> ../fish/display-options.h \
> ../fish/display-options.c \
> ../fish/domain.c \
> diff --git a/df/Makefile.am b/df/Makefile.am
> index ce1686a..6efc1dc 100644
> --- a/df/Makefile.am
> +++ b/df/Makefile.am
> @@ -28,6 +28,7 @@ bin_PROGRAMS = virt-df
>
> SHARED_SOURCE_FILES = \
> ../fish/config.c \
> + ../fish/decrypt.c \
> ../fish/display-options.h \
> ../fish/display-options.c \
> ../fish/domain.c \
> diff --git a/diff/Makefile.am b/diff/Makefile.am
> index cdbe05c..7dfe2cd 100644
> --- a/diff/Makefile.am
> +++ b/diff/Makefile.am
> @@ -27,6 +27,7 @@ bin_PROGRAMS = virt-diff
> SHARED_SOURCE_FILES = \
> ../cat/visit.h \
> ../cat/visit.c \
> + ../fish/decrypt.c \
> ../fish/display-options.h \
> ../fish/display-options.c \
> ../fish/domain.c \
> diff --git a/edit/Makefile.am b/edit/Makefile.am
> index 4ac4f08..dc9fbb0 100644
> --- a/edit/Makefile.am
> +++ b/edit/Makefile.am
> @@ -26,6 +26,7 @@ bin_PROGRAMS = virt-edit
>
> SHARED_SOURCE_FILES = \
> ../fish/config.c \
> + ../fish/decrypt.c \
> ../fish/display-options.h \
> ../fish/display-options.c \
> ../fish/domain.c \
> diff --git a/fish/Makefile.am b/fish/Makefile.am
> index e1bc210..8fdcd27 100644
> --- a/fish/Makefile.am
> +++ b/fish/Makefile.am
> @@ -73,6 +73,7 @@ EXTRA_DIST = \
> # files must not include other guestfish files.
> SHARED_SOURCE_FILES = \
> config.c \
> + decrypt.c \
> display-options.h \
> display-options.c \
> domain.c \
> diff --git a/fish/decrypt.c b/fish/decrypt.c
> new file mode 100644
> index 0000000..d6e041d
> --- /dev/null
> +++ b/fish/decrypt.c
> @@ -0,0 +1,102 @@
> +/* libguestfs - shared disk decryption
> + * Copyright (C) 2010 Red Hat Inc.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, write to the Free Software
> + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> + */
> +
> +/**
> + * This file implements the decryption of disk images, usually done
> + * before mounting their partitions.
> + */
> +
> +#include <config.h>
> +
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +
> +#include "c-ctype.h"
> +
> +#include "guestfs.h"
> +
> +#include "options.h"
> +
> +/**
> + * Make a LUKS map name from the partition name,
> + * eg. C<"/dev/vda2" =E<gt> "luksvda2">
> + */
> +static void
> +make_mapname (const char *device, char *mapname, size_t len)
> +{
> + size_t i = 0;
> +
> + if (len < 5)
> + abort ();
> + strcpy (mapname, "luks");
> + mapname += 4;
> + len -= 4;
> +
> + if (STRPREFIX (device, "/dev/"))
> + i = 5;
> +
> + for (; device[i] != '\0' && len >= 1; ++i) {
> + if (c_isalnum (device[i])) {
> + *mapname++ = device[i];
> + len--;
> + }
> + }
> +
> + *mapname = '\0';
> +}
> +
> +/**
> + * Simple implementation of decryption: look for any C<crypto_LUKS>
> + * partitions and decrypt them, then rescan for VGs. This only works
> + * for Fedora whole-disk encryption. WIP to make this work for other
> + * encryption schemes.
> + */
> +void
> +inspect_do_decrypt (guestfs_h *g)
> +{
> + CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions (g);
> + if (partitions == NULL)
> + exit (EXIT_FAILURE);
> +
> + int need_rescan = 0;
> + size_t i;
> + for (i = 0; partitions[i] != NULL; ++i) {
> + CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
> + if (type && STREQ (type, "crypto_LUKS")) {
> + char mapname[32];
> + make_mapname (partitions[i], mapname, sizeof mapname);
> +
> + CLEANUP_FREE char *key = read_key (partitions[i]);
> + /* XXX Should we call guestfs_luks_open_ro if readonly flag
> + * is set? This might break 'mount_ro'.
> + */
> + if (guestfs_luks_open (g, partitions[i], key, mapname) == -1)
> + exit (EXIT_FAILURE);
> +
> + need_rescan = 1;
> + }
> + }
> +
> + if (need_rescan) {
> + if (guestfs_vgscan (g) == -1)
> + exit (EXIT_FAILURE);
> + if (guestfs_vg_activate_all (g, 1) == -1)
> + exit (EXIT_FAILURE);
> + }
> +}
> diff --git a/fish/inspect.c b/fish/inspect.c
> index 952d4f7..4a5b3c3 100644
> --- a/fish/inspect.c
> +++ b/fish/inspect.c
> @@ -202,71 +202,3 @@ print_inspect_prompt (void)
> dev ? dev : mountpoints[i+1], mountpoints[i]);
> }
> }
> -
> -/**
> - * Make a LUKS map name from the partition name,
> - * eg. C<"/dev/vda2" =E<gt> "luksvda2">
> - */
> -static void
> -make_mapname (const char *device, char *mapname, size_t len)
> -{
> - size_t i = 0;
> -
> - if (len < 5)
> - abort ();
> - strcpy (mapname, "luks");
> - mapname += 4;
> - len -= 4;
> -
> - if (STRPREFIX (device, "/dev/"))
> - i = 5;
> -
> - for (; device[i] != '\0' && len >= 1; ++i) {
> - if (c_isalnum (device[i])) {
> - *mapname++ = device[i];
> - len--;
> - }
> - }
> -
> - *mapname = '\0';
> -}
> -
> -/**
> - * Simple implementation of decryption: look for any C<crypto_LUKS>
> - * partitions and decrypt them, then rescan for VGs. This only works
> - * for Fedora whole-disk encryption. WIP to make this work for other
> - * encryption schemes.
> - */
> -void
> -inspect_do_decrypt (guestfs_h *g)
> -{
> - CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions (g);
> - if (partitions == NULL)
> - exit (EXIT_FAILURE);
> -
> - int need_rescan = 0;
> - size_t i;
> - for (i = 0; partitions[i] != NULL; ++i) {
> - CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
> - if (type && STREQ (type, "crypto_LUKS")) {
> - char mapname[32];
> - make_mapname (partitions[i], mapname, sizeof mapname);
> -
> - CLEANUP_FREE char *key = read_key (partitions[i]);
> - /* XXX Should we call guestfs_luks_open_ro if readonly flag
> - * is set? This might break 'mount_ro'.
> - */
> - if (guestfs_luks_open (g, partitions[i], key, mapname) == -1)
> - exit (EXIT_FAILURE);
> -
> - need_rescan = 1;
> - }
> - }
> -
> - if (need_rescan) {
> - if (guestfs_vgscan (g) == -1)
> - exit (EXIT_FAILURE);
> - if (guestfs_vg_activate_all (g, 1) == -1)
> - exit (EXIT_FAILURE);
> - }
> -}
> diff --git a/fish/options.h b/fish/options.h
> index 061b41f..e8a4ebc 100644
> --- a/fish/options.h
> +++ b/fish/options.h
> @@ -111,6 +111,9 @@ struct mp {
> /* in config.c */
> extern void parse_config (void);
>
> +/* in decrypt.c */
> +extern void inspect_do_decrypt (guestfs_h *g);
> +
> /* in domain.c */
> extern int add_libvirt_drives (guestfs_h *g, const char *guest);
>
> @@ -124,7 +127,6 @@ extern void print_inspect_prompt (void);
>
> #if COMPILING_VIRT_INSPECTOR
> /* (low-level inspection functions, used by virt-inspector only) */
> -extern void inspect_do_decrypt (guestfs_h *g);
> extern void inspect_mount_root (guestfs_h *g, const char *root);
> #endif
>
> diff --git a/format/Makefile.am b/format/Makefile.am
> index d196910..0e881a5 100644
> --- a/format/Makefile.am
> +++ b/format/Makefile.am
> @@ -26,6 +26,7 @@ bin_PROGRAMS = virt-format
>
> SHARED_SOURCE_FILES = \
> ../fish/config.c \
> + ../fish/decrypt.c \
> ../fish/display-options.h \
> ../fish/display-options.c \
> ../fish/domain.c \
> diff --git a/fuse/Makefile.am b/fuse/Makefile.am
> index d766479..b8f5ad6 100644
> --- a/fuse/Makefile.am
> +++ b/fuse/Makefile.am
> @@ -34,6 +34,7 @@ bin_PROGRAMS = \
> # between guestfish and guestmount.
> SHARED_SOURCE_FILES = \
> ../fish/config.c \
> + ../fish/decrypt.c \
> ../fish/display-options.h \
> ../fish/display-options.c \
> ../fish/domain.c \
> diff --git a/inspector/Makefile.am b/inspector/Makefile.am
> index 00ca5d5..760e810 100644
> --- a/inspector/Makefile.am
> +++ b/inspector/Makefile.am
> @@ -54,6 +54,7 @@ bin_PROGRAMS = virt-inspector
>
> SHARED_SOURCE_FILES = \
> ../fish/config.c \
> + ../fish/decrypt.c \
> ../fish/display-options.h \
> ../fish/display-options.c \
> ../fish/domain.c \
> diff --git a/rescue/Makefile.am b/rescue/Makefile.am
> index c2545bd..f2a3c39 100644
> --- a/rescue/Makefile.am
> +++ b/rescue/Makefile.am
> @@ -27,6 +27,7 @@ bin_PROGRAMS = virt-rescue
>
> SHARED_SOURCE_FILES = \
> ../fish/config.c \
> + ../fish/decrypt.c \
> ../fish/display-options.h \
> ../fish/display-options.c \
> ../fish/domain.c \
> --
> 2.7.4
This appears to be straight code motion, so ACK.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/
More information about the Libguestfs
mailing list