[libvirt] [PATCH v5 0/9] Add native TLS encrypted chardev TCP support
John Ferlan
jferlan at redhat.com
Thu Aug 4 15:21:18 UTC 2016
v4: http://www.redhat.com/archives/libvir-list/2016-June/msg01709.html
Since I have it on a branch and have been updating, I figured I'd post
the most recent stuff. Patches 1-4 were "partially" ACK'd in v2 of this
series, but there's been changes to the conf handling upstream. Patch 5
adds a new secret type 'tls'. Previous incarnations of these changes
borrowed a common secret type, but this one is specific. It's more or
less what got removed for LUKS with the names changed to protect the
innocent (reference Dragnet). Patches 6-9 is what was mostly missing
in the earlier series.
Differences to v4... mostly updates/merges with the numerous changes
to master since that time.
I lost track of whether the desire was to have /etc/pki/libvirt-%s or
/etc/pki/qemu-%s directories... I think we've been using the libvirt-%s
for vnc/spice so far, so I just followed that for chardev although there
was a comment at one time to use qemu-chardev during review of patch 2
of the v2 series:
http://www.redhat.com/archives/libvir-list/2016-June/msg01072.html
John Ferlan (9):
conf: Add new default TLS X.509 certificate default directory
conf: Introduce chartcp_tls_x509_cert_dir
qemu: Add support for TLS X.509 path to TCP chardev backend
qemu: Add the ability to hotplug the TLS X.509 environment
conf: Add new secret type "tls"
conf: Add new secret element for tcp chardev
qemu: Introduce qemuDomainChardevPrivatePtr
qemu: Add a secret object to/for a chardev tcp with secret
qemu: Add the ability to hotplug a secret object for TCP chardev TLS
docs/aclpolkit.html.in | 4 +
docs/formatdomain.html.in | 29 +++++
docs/formatsecret.html.in | 59 ++++++++-
docs/schemas/domaincommon.rng | 21 +++
docs/schemas/secret.rng | 10 ++
include/libvirt/libvirt-secret.h | 1 +
src/access/viraccessdriverpolkit.c | 13 ++
src/conf/domain_conf.c | 64 ++++++++--
src/conf/domain_conf.h | 8 +-
src/conf/secret_conf.c | 23 +++-
src/conf/secret_conf.h | 1 +
src/conf/virsecretobj.c | 5 +
src/libxl/libxl_domain.c | 2 +-
src/lxc/lxc_native.c | 2 +-
src/qemu/libvirtd_qemu.aug | 11 +-
src/qemu/qemu.conf | 83 +++++++++---
src/qemu/qemu_alias.c | 16 +++
src/qemu/qemu_alias.h | 3 +
src/qemu/qemu_command.c | 141 ++++++++++++++++++++-
src/qemu/qemu_command.h | 9 ++
src/qemu/qemu_conf.c | 57 ++++++++-
src/qemu/qemu_conf.h | 7 +
src/qemu/qemu_domain.c | 124 +++++++++++++++++-
src/qemu/qemu_domain.h | 22 ++++
src/qemu/qemu_driver.c | 2 +-
src/qemu/qemu_hotplug.c | 104 ++++++++++++++-
src/qemu/qemu_hotplug.h | 3 +-
src/qemu/qemu_monitor_json.c | 9 ++
src/qemu/qemu_parse_command.c | 4 +-
src/qemu/qemu_process.c | 2 +-
src/qemu/test_libvirtd_qemu.aug.in | 5 +
src/vz/vz_sdk.c | 2 +-
src/xenconfig/xen_sxpr.c | 2 +-
tests/qemuhotplugtest.c | 2 +-
.../qemuxml2argv-serial-tcp-tlsx509-chardev.args | 33 +++++
.../qemuxml2argv-serial-tcp-tlsx509-chardev.xml | 41 ++++++
...xml2argv-serial-tcp-tlsx509-secret-chardev.args | 38 ++++++
...uxml2argv-serial-tcp-tlsx509-secret-chardev.xml | 51 ++++++++
tests/qemuxml2argvtest.c | 21 +++
.../qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml | 50 ++++++++
...ml2xmlout-serial-tcp-tlsx509-secret-chardev.xml | 1 +
tests/qemuxml2xmltest.c | 2 +
tests/secretxml2xmlin/usage-tls.xml | 7 +
tests/secretxml2xmltest.c | 1 +
44 files changed, 1038 insertions(+), 57 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.xml
create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml
create mode 120000 tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-secret-chardev.xml
create mode 100644 tests/secretxml2xmlin/usage-tls.xml
--
2.7.4
More information about the libvir-list
mailing list