[Libguestfs] [libguestfs-common PATCH 08/12] options: introduce selector tpe "key_clevis"
Laszlo Ersek
lersek at redhat.com
Tue Jun 28 11:49:11 UTC 2022
From an earlier patch in this series, we can now represent LUKS decryption
with Clevis+Tang in those matching keys that we distill for a particular
guestfs device or LUKS UUID. Now extend the keystore (composed from
command line options), i.e. the store that is filtered into matching keys,
with a selector type that stands for Clevis+Tang.
Again, this patch introduces no change in observable behavior; there is
still no user interface for placing a selector of the new type into the
keystore.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
---
options/options.h | 1 +
options/keys.c | 8 ++++++++
2 files changed, 9 insertions(+)
diff --git a/options/options.h b/options/options.h
index 61a385da13ae..e7a0364cc926 100644
--- a/options/options.h
+++ b/options/options.h
@@ -113,10 +113,11 @@ struct key_store_key {
char *id;
enum {
key_string, /* key specified as string */
key_file, /* key stored in a file */
+ key_clevis, /* key reconstructed with Clevis+Tang */
} type;
union {
struct {
char *s; /* string of the key */
} string;
diff --git a/options/keys.c b/options/keys.c
index 75c659561c52..7729fe79c99b 100644
--- a/options/keys.c
+++ b/options/keys.c
@@ -169,10 +169,15 @@ get_keys (struct key_store *ks, const char *device, const char *uuid,
s = read_first_line_from_file (key->file.name);
match->clevis = false;
match->passphrase = s;
++match;
break;
+ case key_clevis:
+ match->clevis = true;
+ match->passphrase = NULL;
+ ++match;
+ break;
}
}
}
if (match == r) {
@@ -289,9 +294,12 @@ free_key_store (struct key_store *ks)
free (key->string.s);
break;
case key_file:
free (key->file.name);
break;
+ case key_clevis:
+ /* nothing */
+ break;
}
free (key->id);
}
}
--
2.19.1.3.g30247aa5d201
More information about the Libguestfs
mailing list