[Libguestfs] [libguestfs-common PATCH 08/12] options: introduce selector tpe "key_clevis"

Laszlo Ersek lersek at redhat.com
Wed Jun 29 12:24:04 UTC 2022 

On 06/28/22 16:34, Richard W.M. Jones wrote:
> On Tue, Jun 28, 2022 at 01:49:11PM +0200, Laszlo Ersek wrote:
>> >From an earlier patch in this series, we can now represent LUKS decryption
>> with Clevis+Tang in those matching keys that we distill for a particular
>> guestfs device or LUKS UUID. Now extend the keystore (composed from
>> command line options), i.e. the store that is filtered into matching keys,
>> with a selector type that stands for Clevis+Tang.
>>
>> Again, this patch introduces no change in observable behavior; there is
>> still no user interface for placing a selector of the new type into the
>> keystore.
>>
>> Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
>> Signed-off-by: Laszlo Ersek <lersek at redhat.com>
>> ---
>>  options/options.h | 1 +
>>  options/keys.c    | 8 ++++++++
>>  2 files changed, 9 insertions(+)
>>
>> diff --git a/options/options.h b/options/options.h
>> index 61a385da13ae..e7a0364cc926 100644
>> --- a/options/options.h
>> +++ b/options/options.h
>> @@ -113,10 +113,11 @@ struct key_store_key {
>>    char *id;
>>  
>>    enum {
>>      key_string,             /* key specified as string */
>>      key_file,               /* key stored in a file */
>> +    key_clevis,             /* key reconstructed with Clevis+Tang */
>>    } type;
>>    union {
>>      struct {
>>        char *s;              /* string of the key */
>>      } string;
>> diff --git a/options/keys.c b/options/keys.c
>> index 75c659561c52..7729fe79c99b 100644
>> --- a/options/keys.c
>> +++ b/options/keys.c
>> @@ -169,10 +169,15 @@ get_keys (struct key_store *ks, const char *device, const char *uuid,
>>          s = read_first_line_from_file (key->file.name);
>>          match->clevis = false;
>>          match->passphrase = s;
>>          ++match;
>>          break;
>> +      case key_clevis:
>> +        match->clevis = true;
>> +        match->passphrase = NULL;
>> +        ++match;
>> +        break;
>>        }
>>      }
>>    }
>>  
>>    if (match == r) {
>> @@ -289,9 +294,12 @@ free_key_store (struct key_store *ks)
>>        free (key->string.s);
>>        break;
>>      case key_file:
>>        free (key->file.name);
>>        break;
>> +    case key_clevis:
>> +      /* nothing */
>> +      break;
>>      }
>>      free (key->id);
>>    }
> 
> Reviewed-by: Richard W.M. Jones <rjones at redhat.com>
> 
> 

(I need to correct the "tpe" typo on the subject line.)

More information about the Libguestfs mailing list