[Libguestfs] [PATCH v2 1/2] mltools, options: support --allow-discards when decrypting LUKS devices
Jan Synacek
jsynacek at redhat.com
Mon Jan 27 12:12:35 UTC 2020
---
mltools/tools_utils-c.c | 8 ++++----
mltools/tools_utils.ml | 6 +++---
mltools/tools_utils.mli | 8 ++++++--
options/decrypt.c | 5 +++--
options/inspect.c | 2 +-
options/options.h | 2 +-
6 files changed, 18 insertions(+), 13 deletions(-)
diff --git a/mltools/tools_utils-c.c b/mltools/tools_utils-c.c
index 6c43b8d..1dcebc4 100644
--- a/mltools/tools_utils-c.c
+++ b/mltools/tools_utils-c.c
@@ -36,7 +36,7 @@
#include "options.h"
-extern value guestfs_int_mllib_inspect_decrypt (value gv, value gpv, value keysv);
+extern value guestfs_int_mllib_inspect_decrypt (value gv, value gpv, value keysv, value allowdiscards);
extern value guestfs_int_mllib_set_echo_keys (value unitv);
extern value guestfs_int_mllib_set_keys_from_stdin (value unitv);
extern value guestfs_int_mllib_rfc3339_date_time_string (value unitv);
@@ -46,9 +46,9 @@ int echo_keys = 0;
int keys_from_stdin = 0;
value
-guestfs_int_mllib_inspect_decrypt (value gv, value gpv, value keysv)
+guestfs_int_mllib_inspect_decrypt (value gv, value gpv, value keysv, value allowdiscards)
{
- CAMLparam3 (gv, gpv, keysv);
+ CAMLparam4 (gv, gpv, keysv, allowdiscards);
CAMLlocal2 (elemv, v);
guestfs_h *g = (guestfs_h *) (intptr_t) Int64_val (gpv);
struct key_store *ks = NULL;
@@ -86,7 +86,7 @@ guestfs_int_mllib_inspect_decrypt (value gv, value gpv, value keysv)
keysv = Field (keysv, 1);
}
- inspect_do_decrypt (g, ks);
+ inspect_do_decrypt (g, ks, Int_val (allowdiscards));
CAMLreturn (Val_unit);
}
diff --git a/mltools/tools_utils.ml b/mltools/tools_utils.ml
index 1271802..cb94125 100644
--- a/mltools/tools_utils.ml
+++ b/mltools/tools_utils.ml
@@ -29,7 +29,7 @@ and key_store_key =
| KeyString of string
| KeyFileName of string
-external c_inspect_decrypt : Guestfs.t -> int64 -> (string * key_store_key) list -> unit = "guestfs_int_mllib_inspect_decrypt"
+external c_inspect_decrypt : Guestfs.t -> int64 -> (string * key_store_key) list -> bool -> unit = "guestfs_int_mllib_inspect_decrypt"
external c_set_echo_keys : unit -> unit = "guestfs_int_mllib_set_echo_keys" "noalloc"
external c_set_keys_from_stdin : unit -> unit = "guestfs_int_mllib_set_keys_from_stdin" "noalloc"
external c_rfc3339_date_time_string : unit -> string = "guestfs_int_mllib_rfc3339_date_time_string"
@@ -650,7 +650,7 @@ let is_btrfs_subvolume g fs =
if g#last_errno () = Guestfs.Errno.errno_EINVAL then false
else raise exn
-let inspect_decrypt g ks =
+let inspect_decrypt g ?(allow_discards = false) ks =
(* Turn the keys in the key_store into a simpler struct, so it is possible
* to read it using the C API.
*)
@@ -664,7 +664,7 @@ let inspect_decrypt g ks =
* function.
*)
c_inspect_decrypt g#ocaml_handle (Guestfs.c_pointer g#ocaml_handle)
- keys_as_list
+ keys_as_list allow_discards
let with_timeout op timeout ?(sleep = 2) fn =
let start_t = Unix.gettimeofday () in
diff --git a/mltools/tools_utils.mli b/mltools/tools_utils.mli
index ab70f58..ac11a58 100644
--- a/mltools/tools_utils.mli
+++ b/mltools/tools_utils.mli
@@ -194,10 +194,14 @@ val inspect_mount_root_ro : Guestfs.guestfs -> string -> unit
val is_btrfs_subvolume : Guestfs.guestfs -> string -> bool
(** Checks if a filesystem is a btrfs subvolume. *)
-val inspect_decrypt : Guestfs.guestfs -> key_store -> unit
+val inspect_decrypt : Guestfs.guestfs -> ?allow_discards:bool -> key_store -> unit
(** Simple implementation of decryption: look for any [crypto_LUKS]
partitions and decrypt them, then rescan for VGs. This only works
- for Fedora whole-disk encryption. *)
+ for Fedora whole-disk encryption.
+
+ If [?allow_discards] is set, the underlying [crypto_LUKS] partitions
+ will be decrypted with the discard operation allowed, which allows
+ the partitions to be trimmed (and sparsified). Default is [false]. *)
val with_timeout : string -> int -> ?sleep:int -> (unit -> 'a option) -> 'a
(** [with_timeout op timeout ?sleep fn] implements a timeout loop.
diff --git a/options/decrypt.c b/options/decrypt.c
index 683cf5e..7e24254 100644
--- a/options/decrypt.c
+++ b/options/decrypt.c
@@ -71,7 +71,7 @@ make_mapname (const char *device, char *mapname, size_t len)
* encryption schemes.
*/
void
-inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
+inspect_do_decrypt (guestfs_h *g, struct key_store *ks, bool allowdiscards)
{
CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions (g);
if (partitions == NULL)
@@ -101,7 +101,8 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
* is set? This might break 'mount_ro'.
*/
guestfs_push_error_handler (g, NULL, NULL);
- r = guestfs_luks_open (g, partitions[i], keys[j], mapname);
+ r = guestfs_luks_open_opts (g, partitions[i], keys[j], mapname,
+ GUESTFS_LUKS_OPEN_OPTS_ALLOWDISCARDS, allowdiscards, -1);
guestfs_pop_error_handler (g);
if (r == 0)
goto opened;
diff --git a/options/inspect.c b/options/inspect.c
index 3de6d70..be69419 100644
--- a/options/inspect.c
+++ b/options/inspect.c
@@ -70,7 +70,7 @@ inspect_mount_handle (guestfs_h *g, struct key_store *ks)
if (live)
error (EXIT_FAILURE, 0, _("don’t use --live and -i options together"));
- inspect_do_decrypt (g, ks);
+ inspect_do_decrypt (g, ks, false);
char **roots = guestfs_inspect_os (g);
if (roots == NULL)
diff --git a/options/options.h b/options/options.h
index 9b78302..2467804 100644
--- a/options/options.h
+++ b/options/options.h
@@ -137,7 +137,7 @@ struct key_store {
extern void parse_config (void);
/* in decrypt.c */
-extern void inspect_do_decrypt (guestfs_h *g, struct key_store *ks);
+extern void inspect_do_decrypt (guestfs_h *g, struct key_store *ks, bool allowdiscards);
/* in domain.c */
extern int add_libvirt_drives (guestfs_h *g, const char *guest);
--
2.24.1
More information about the Libguestfs
mailing list