[libvirt] [PATCH v4 0/7] Add support for LUKS encrypted devices
John Ferlan
jferlan at redhat.com
Tue Jul 19 14:04:25 UTC 2016
On 07/11/2016 02:07 PM, John Ferlan wrote:
> According to Dan's post commit response:
>
> http://www.redhat.com/archives/libvir-list/2016-July/msg00088.html
>
> to the v3 series:
>
> http://www.redhat.com/archives/libvir-list/2016-June/msg01935.html
>
> using a 'passphrase' usage is not desired, rather a 'volume' usage
> model should be used for LUKS.
>
> So patches 1 & 2 make those alterations to already pushed docs and tests
>
> Patch 3 then repurposes the 'passphrase' usage to a 'tls' usage type.
> I posted with this series since it removed the 'passphrase' usage and
> thus flushed out any errors in subsequent patches. I could hold off and
> repost it with the TLS changes that will also need to be made...
>
> Patches 4-7 were reviewed previously and had been given what I took
> as provisional ACK's; however, I reposted the changes after the most
> recent review "just in case". Fortunately (I guess) I didn't push
> them along with the other changes. In any case, there are once again
> posted here - the primary difference between what's posted in this
> series vs. what was posted previously is the change to use a "volume"
> secret plus a tweak to the qemuxml2argvtest to fix some issues found
> while making the change.
>
> John Ferlan (7):
> tests: Adjust LUKS tests to use 'volume' secret type
> docs: Update docs to reflect LUKS secret changes
> Repurpose the 'passphrase' secret to 'tls'
> storage: Add support to create a luks volume
> qemu: Add secinfo for hotplug virtio disk
> qemu: Alter the qemuDomainGetSecretAESAlias to add new arg
> qemu: Add luks support for domain disk
>
> docs/aclpolkit.html.in | 2 +-
> docs/formatsecret.html.in | 81 +++++---
> docs/formatstorage.html.in | 16 ++
> docs/formatstorageencryption.html.in | 29 ++-
> docs/schemas/secret.rng | 6 +-
> include/libvirt/libvirt-secret.h | 2 +-
> src/access/viraccessdriverpolkit.c | 2 +-
> src/conf/secret_conf.c | 12 +-
> src/conf/virsecretobj.c | 2 +-
> src/libvirt_private.syms | 1 +
> src/qemu/qemu_alias.c | 10 +-
> src/qemu/qemu_alias.h | 3 +-
> src/qemu/qemu_command.c | 9 +
> src/qemu/qemu_domain.c | 40 +++-
> src/qemu/qemu_hotplug.c | 126 +++++++++++-
> src/storage/storage_backend.c | 218 +++++++++++++++++++--
> src/storage/storage_backend.h | 3 +-
> src/util/virqemu.c | 23 +++
> src/util/virqemu.h | 6 +
> .../qemuxml2argv-luks-disk-cipher.xml | 45 -----
> .../qemuxml2argvdata/qemuxml2argv-luks-disks.args | 36 ++++
> tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml | 2 +-
> tests/qemuxml2argvtest.c | 24 ++-
> .../qemuxml2xmlout-luks-disk-cipher.xml | 1 -
> tests/qemuxml2xmltest.c | 1 -
> tests/secretxml2xmlin/usage-passphrase.xml | 7 -
> tests/secretxml2xmlin/usage-tls.xml | 7 +
> tests/secretxml2xmltest.c | 2 +-
> tests/storagevolxml2argvtest.c | 3 +-
> tests/storagevolxml2xmlin/vol-luks-cipher.xml | 2 +-
> tests/storagevolxml2xmlin/vol-luks.xml | 2 +-
> tests/storagevolxml2xmlout/vol-luks-cipher.xml | 2 +-
> tests/storagevolxml2xmlout/vol-luks.xml | 2 +-
> 33 files changed, 577 insertions(+), 150 deletions(-)
> delete mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disk-cipher.xml
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.args
> delete mode 120000 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disk-cipher.xml
> delete mode 100644 tests/secretxml2xmlin/usage-passphrase.xml
> create mode 100644 tests/secretxml2xmlin/usage-tls.xml
>
Based on the ACK's here and the changes already ACK'd/pushed for
adjusting the hotplug error paths, I've made the appropriate alterations
here as requested in code review and as a result of the hotplug changes
and pushed this.
Again, thanks for the persistence on this.
John
More information about the libvir-list
mailing list