[libvirt] [PATCH v2 0/4] Add a domain masterKey secret for qemu,

John Ferlan jferlan at redhat.com
Thu Apr 7 00:31:57 UTC 2016



On 03/29/2016 07:11 PM, John Ferlan wrote:
> v1: http://www.redhat.com/archives/libvir-list/2016-March/msg01206.html
> 
> Patch 1 is already ACK'd. I assume this code won't go into 1.3.3, but
> would hopefully be early in 1.3.4 and I didn't want to break up the
> capability bits across releases...
> 
> Differences to v1
> 
>  - Patch 2 is new - it's taking the virUUIDGenerateRandomBytes and making
>    it generic since we'll use it in Patch 3 (it already opens/reads from
>    /dev/urandom, so I figured it'd be better to share than cut, copy, paste).
> 
>  - Patch 3 has changes from review:
> 
>    * Less comments in qemuDomainGetMasterKeyFilePath
> 
>    * Master key no longer base64 encoded to be written (or read). Instead
>      the Write code will open, truncate, and write the secret directly.
>      The Read code will read the secret directly
> 
>    * The fallback algorithm for key generation uses virGenerateRandomBytes
> 
>    * Changed 'masterKey' from "char *" to "uint8_t *" and added the
>      masterKeyLen
> 
>  - Patch 4 changes in order to tell qemu the format of the file is 'raw'.
>    Also affects test .args file
> 
> 
> Removed references to encode/decode, adjusted commit messages.
> 
> Ran through Coverity checker... happy...
> 
> Created a domain that would pass/read the file...  Killed libvirtd, restarted
> and read the masterKey file properly. Also ensured the #else of the secret
> generation compiled...
> 
> John Ferlan (4):
>   qemu: Add capability bit for qemu secret object
>   util: Introduce virGenerateRandomBytes
>   qemu: Create domain master key
>   qemu: Introduce qemuBuildMasterKeyCommandLine
> 
>  src/libvirt_private.syms                           |   1 +
>  src/qemu/qemu_alias.c                              |  17 ++
>  src/qemu/qemu_alias.h                              |   3 +
>  src/qemu/qemu_capabilities.c                       |   2 +
>  src/qemu/qemu_capabilities.h                       |   1 +
>  src/qemu/qemu_command.c                            |  68 ++++++
>  src/qemu/qemu_domain.c                             | 252 +++++++++++++++++++++
>  src/qemu/qemu_domain.h                             |  15 ++
>  src/qemu/qemu_process.c                            |  11 +
>  src/util/virutil.c                                 |  36 +++
>  src/util/virutil.h                                 |   3 +
>  src/util/viruuid.c                                 |  30 +--
>  tests/qemucapabilitiesdata/caps_2.6.0-1.caps       |   1 +
>  tests/qemucapabilitiesdata/caps_2.6.0-1.replies    |   3 +
>  .../qemuxml2argvdata/qemuxml2argv-master-key.args  |  23 ++
>  tests/qemuxml2argvdata/qemuxml2argv-master-key.xml |  30 +++
>  tests/qemuxml2argvtest.c                           |   2 +
>  17 files changed, 469 insertions(+), 29 deletions(-)
>  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-master-key.args
>  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-master-key.xml
> 

Made requested adjustments and pushed.

Working through the IV support now...

Tks for the review,

John




More information about the libvir-list mailing list