[Libguestfs] [PATCH 3/3] OCaml tools: add crypto support (RHBZ#1362649)

Richard W.M. Jones rjones at redhat.com
Mon Sep 19 17:35:22 UTC 2016 

On Mon, Sep 19, 2016 at 07:12:46PM +0200, Pino Toscano wrote:
> Make use of the additional command line arguments, and API needed to
> decrypt LUKS partitions.
> 
> This affects only virt-customize, virt-get-kernel, virt-sparsify, and
> virt-sysprep, as they are the main OCaml tools interacting with
> user-provided images.
> ---
>  customize/customize_main.ml    |  5 ++++-
>  customize/virt-customize.pod   | 12 ++++++++++++
>  get-kernel/get_kernel.ml       |  5 ++++-
>  get-kernel/virt-get-kernel.pod | 12 ++++++++++++
>  sparsify/cmdline.ml            |  2 +-
>  sparsify/copying.ml            |  3 +++
>  sparsify/in_place.ml           |  3 +++
>  sparsify/virt-sparsify.pod     | 12 ++++++++++++
>  sysprep/main.ml                |  5 ++++-
>  sysprep/virt-sysprep.pod       | 12 ++++++++++++
>  10 files changed, 67 insertions(+), 4 deletions(-)
> 
> diff --git a/customize/customize_main.ml b/customize/customize_main.ml
> index 07fd790..5613277 100644
> --- a/customize/customize_main.ml
> +++ b/customize/customize_main.ml
> @@ -102,7 +102,7 @@ A short summary of the options is given below.  For detailed help please
>  read the man page virt-customize(1).
>  ")
>        prog in
> -  let opthandle = create_standard_options argspec usage_msg in
> +  let opthandle = create_standard_options argspec ~key_opts:true usage_msg in
>    Getopt.parse opthandle;
>  
>    if not !format_consumed then
> @@ -175,6 +175,9 @@ read the man page virt-customize(1).
>      g#launch ();
>      g in
>  
> +  (* Decrypt the disks. *)
> +  inspect_decrypt g;
> +
>    (* Inspection. *)
>    (match Array.to_list (g#inspect_os ()) with
>    | [] ->
> diff --git a/customize/virt-customize.pod b/customize/virt-customize.pod
> index e594f61..a0ca9c9 100644
> --- a/customize/virt-customize.pod
> +++ b/customize/virt-customize.pod
> @@ -107,6 +107,13 @@ used instead of names.
>  Perform a read-only "dry run" on the guest.  This runs the sysprep
>  operation, but throws away any changes to the disk at the end.
>  
> +=item B<--echo-keys>
> +
> +When prompting for keys and passphrases, virt-customize normally turns
> +echoing off so you cannot see what you are typing.  If you are not
> +worried about Tempest attacks and there is no one else in the room
> +you can specify this flag to see what you are typing.
> +
>  =item B<--format> raw|qcow2|..
>  
>  =item B<--format> auto
> @@ -131,6 +138,11 @@ If you have untrusted raw-format guest disk images, you should use
>  this option to specify the disk format.  This avoids a possible
>  security problem with malicious guests (CVE-2010-3851).
>  
> +=item B<--keys-from-stdin>
> +
> +Read key or passphrase parameters from stdin.  The default is
> +to try to read passphrases from the user by opening F</dev/tty>.
> +
>  =item B<-m> MB
>  
>  =item B<--memsize> MB
> diff --git a/get-kernel/get_kernel.ml b/get-kernel/get_kernel.ml
> index f83a940..adf9649 100644
> --- a/get-kernel/get_kernel.ml
> +++ b/get-kernel/get_kernel.ml
> @@ -70,7 +70,7 @@ A short summary of the options is given below.  For detailed help please
>  read the man page virt-get-kernel(1).
>  ")
>        prog in
> -  let opthandle = create_standard_options argspec usage_msg in
> +  let opthandle = create_standard_options argspec ~key_opts:true usage_msg in
>    Getopt.parse opthandle;
>  
>    (* Machine-readable mode?  Print out some facts about what
> @@ -174,6 +174,9 @@ let main () =
>    add g;
>    g#launch ();
>  
> +  (* Decrypt the disks. *)
> +  inspect_decrypt g;
> +
>    let roots = g#inspect_os () in
>    if Array.length roots = 0 then
>      error (f_"no operating system found");
> diff --git a/get-kernel/virt-get-kernel.pod b/get-kernel/virt-get-kernel.pod
> index 97a159c..8298fe5 100644
> --- a/get-kernel/virt-get-kernel.pod
> +++ b/get-kernel/virt-get-kernel.pod
> @@ -70,6 +70,13 @@ not used at all.
>  Add all the disks from the named libvirt guest.  Domain UUIDs can be
>  used instead of names.
>  
> +=item B<--echo-keys>
> +
> +When prompting for keys and passphrases, virt-get-kernel normally turns
> +echoing off so you cannot see what you are typing.  If you are not
> +worried about Tempest attacks and there is no one else in the room
> +you can specify this flag to see what you are typing.
> +
>  =item B<--format> raw|qcow2|..
>  
>  =item B<--format> auto
> @@ -82,6 +89,11 @@ If you have untrusted raw-format guest disk images, you should use
>  this option to specify the disk format.  This avoids a possible
>  security problem with malicious guests (CVE-2010-3851).
>  
> +=item B<--keys-from-stdin>
> +
> +Read key or passphrase parameters from stdin.  The default is
> +to try to read passphrases from the user by opening F</dev/tty>.
> +
>  =item B<--machine-readable>
>  
>  This option is used to make the output more machine friendly
> diff --git a/sparsify/cmdline.ml b/sparsify/cmdline.ml
> index 523d612..2a9dd48 100644
> --- a/sparsify/cmdline.ml
> +++ b/sparsify/cmdline.ml
> @@ -90,7 +90,7 @@ A short summary of the options is given below.  For detailed help please
>  read the man page virt-sparsify(1).
>  ")
>        prog in
> -  let opthandle = create_standard_options argspec ~anon_fun usage_msg in
> +  let opthandle = create_standard_options argspec ~anon_fun ~key_opts:true usage_msg in
>    Getopt.parse opthandle;
>  
>    (* Dereference the rest of the args. *)
> diff --git a/sparsify/copying.ml b/sparsify/copying.ml
> index 003dbf8..9c66428 100644
> --- a/sparsify/copying.ml
> +++ b/sparsify/copying.ml
> @@ -182,6 +182,9 @@ You can ignore this warning or change it to a hard failure using the
>  
>      g in
>  
> +  (* Decrypt the disks. *)
> +  inspect_decrypt g;
> +
>    (* Modify SIGINT handler (set first above) to cancel the handle. *)
>    let do_sigint _ =
>      g#user_cancel ();
> diff --git a/sparsify/in_place.ml b/sparsify/in_place.ml
> index e2ee9d9..5411892 100644
> --- a/sparsify/in_place.ml
> +++ b/sparsify/in_place.ml
> @@ -57,6 +57,9 @@ let run disk format ignores machine_readable zeroes =
>    if not (g#feature_available [|"fstrim"|]) then
>      error ~exit_code:3 (f_"discard/trim is not supported");
>  
> +  (* Decrypt the disks. *)
> +  inspect_decrypt g;
> +
>    (* Discard non-ignored filesystems that we are able to mount, and
>     * selected swap partitions.
>     *)
> diff --git a/sparsify/virt-sparsify.pod b/sparsify/virt-sparsify.pod
> index 177cd03..fa72c23 100644
> --- a/sparsify/virt-sparsify.pod
> +++ b/sparsify/virt-sparsify.pod
> @@ -192,6 +192,13 @@ For fine-tuning the output format, see: I<--compress>, I<-o>.
>  
>  You cannot use this option and I<--in-place> together.
>  
> +=item B<--echo-keys>
> +
> +When prompting for keys and passphrases, virt-sparsify normally turns
> +echoing off so you cannot see what you are typing.  If you are not
> +worried about Tempest attacks and there is no one else in the room
> +you can specify this flag to see what you are typing.
> +
>  =item B<--format> raw
>  
>  =item B<--format> qcow2
> @@ -223,6 +230,11 @@ You can give this option multiple times.
>  Do in-place sparsification instead of copying sparsification.
>  See L</IN-PLACE SPARSIFICATION> below.
>  
> +=item B<--keys-from-stdin>
> +
> +Read key or passphrase parameters from stdin.  The default is
> +to try to read passphrases from the user by opening F</dev/tty>.
> +
>  =item B<--machine-readable>
>  
>  This option is used to make the output more machine friendly
> diff --git a/sysprep/main.ml b/sysprep/main.ml
> index 01ea590..2fa416f 100644
> --- a/sysprep/main.ml
> +++ b/sysprep/main.ml
> @@ -147,7 +147,7 @@ A short summary of the options is given below.  For detailed help please
>  read the man page virt-sysprep(1).
>  ")
>          prog in
> -    let opthandle = create_standard_options args usage_msg in
> +    let opthandle = create_standard_options args ~key_opts:true usage_msg in
>      Getopt.parse opthandle;
>  
>      if not !format_consumed then
> @@ -216,6 +216,9 @@ read the man page virt-sysprep(1).
>  
>      operations, g, mount_opts in
>  
> +  (* Decrypt the disks. *)
> +  inspect_decrypt g;
> +
>    (* Inspection. *)
>    (match Array.to_list (g#inspect_os ()) with
>    | [] ->
> diff --git a/sysprep/virt-sysprep.pod b/sysprep/virt-sysprep.pod
> index bdb4580..0e59b4c 100644
> --- a/sysprep/virt-sysprep.pod
> +++ b/sysprep/virt-sysprep.pod
> @@ -155,6 +155,13 @@ version of virt-sysprep.
>  See L</OPERATIONS> below for a list and an explanation of each
>  operation.
>  
> +=item B<--echo-keys>
> +
> +When prompting for keys and passphrases, virt-sysprep normally turns
> +echoing off so you cannot see what you are typing.  If you are not
> +worried about Tempest attacks and there is no one else in the room
> +you can specify this flag to see what you are typing.
> +
>  =item B<--format> raw|qcow2|..
>  
>  =item B<--format> auto
> @@ -179,6 +186,11 @@ If you have untrusted raw-format guest disk images, you should use
>  this option to specify the disk format.  This avoids a possible
>  security problem with malicious guests (CVE-2010-3851).
>  
> +=item B<--keys-from-stdin>
> +
> +Read key or passphrase parameters from stdin.  The default is
> +to try to read passphrases from the user by opening F</dev/tty>.
> +
>  =item B<--list-operations>
>  
>  List the operations supported by the virt-sysprep program.

Looks good, ACK.

Thanks,

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top

More information about the Libguestfs mailing list