[libvirt] [PATCH v2 0/4] Add a domain masterKey secret for qemu,
John Ferlan
jferlan at redhat.com
Thu Apr 7 00:31:57 UTC 2016
On 03/29/2016 07:11 PM, John Ferlan wrote:
> v1: http://www.redhat.com/archives/libvir-list/2016-March/msg01206.html
>
> Patch 1 is already ACK'd. I assume this code won't go into 1.3.3, but
> would hopefully be early in 1.3.4 and I didn't want to break up the
> capability bits across releases...
>
> Differences to v1
>
> - Patch 2 is new - it's taking the virUUIDGenerateRandomBytes and making
> it generic since we'll use it in Patch 3 (it already opens/reads from
> /dev/urandom, so I figured it'd be better to share than cut, copy, paste).
>
> - Patch 3 has changes from review:
>
> * Less comments in qemuDomainGetMasterKeyFilePath
>
> * Master key no longer base64 encoded to be written (or read). Instead
> the Write code will open, truncate, and write the secret directly.
> The Read code will read the secret directly
>
> * The fallback algorithm for key generation uses virGenerateRandomBytes
>
> * Changed 'masterKey' from "char *" to "uint8_t *" and added the
> masterKeyLen
>
> - Patch 4 changes in order to tell qemu the format of the file is 'raw'.
> Also affects test .args file
>
>
> Removed references to encode/decode, adjusted commit messages.
>
> Ran through Coverity checker... happy...
>
> Created a domain that would pass/read the file... Killed libvirtd, restarted
> and read the masterKey file properly. Also ensured the #else of the secret
> generation compiled...
>
> John Ferlan (4):
> qemu: Add capability bit for qemu secret object
> util: Introduce virGenerateRandomBytes
> qemu: Create domain master key
> qemu: Introduce qemuBuildMasterKeyCommandLine
>
> src/libvirt_private.syms | 1 +
> src/qemu/qemu_alias.c | 17 ++
> src/qemu/qemu_alias.h | 3 +
> src/qemu/qemu_capabilities.c | 2 +
> src/qemu/qemu_capabilities.h | 1 +
> src/qemu/qemu_command.c | 68 ++++++
> src/qemu/qemu_domain.c | 252 +++++++++++++++++++++
> src/qemu/qemu_domain.h | 15 ++
> src/qemu/qemu_process.c | 11 +
> src/util/virutil.c | 36 +++
> src/util/virutil.h | 3 +
> src/util/viruuid.c | 30 +--
> tests/qemucapabilitiesdata/caps_2.6.0-1.caps | 1 +
> tests/qemucapabilitiesdata/caps_2.6.0-1.replies | 3 +
> .../qemuxml2argvdata/qemuxml2argv-master-key.args | 23 ++
> tests/qemuxml2argvdata/qemuxml2argv-master-key.xml | 30 +++
> tests/qemuxml2argvtest.c | 2 +
> 17 files changed, 469 insertions(+), 29 deletions(-)
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-master-key.args
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-master-key.xml
>
Made requested adjustments and pushed.
Working through the IV support now...
Tks for the review,
John
More information about the libvir-list
mailing list