[libvirt] [PATCH v2 00/15] Add support for LUKS encrypted devices
John Ferlan
jferlan at redhat.com
Thu Jun 23 17:28:56 UTC 2016
v1: http://www.redhat.com/archives/libvir-list/2016-June/msg00804.html
Differences since v1 (beyond those patches already pushed)
Patch 1: Adjust via recent comments for patch 8 of previous series
Patch 2: Already ACK'd, adjust slightly based on merge conflicts
Patch 3: Used to be patch 14
- Use VIR_SECRET_USAGE_TYPE_PASSPHRASE (instead of _KEY)
- Use "usage.id" (instead of "usage.key")
Patch 4: Used by be patch 11 (wasn't reviewed)
Patch 5: Split from patch 13 for separate endian code to read a 16 bit value
Patch 6: NEW - based slightly on former patch 12
- No longer use cryptType
- Use versionSize instead in order to decode verision data as 16 or 32 bits
Patch 7: Former patch 13 with adjustments based on previous patches
Patch 8-9: Former patch 15-16 w/ adjustments from review and to keep up with
other changes
Patch 10: NEW - Reaction to former patch 17 comments with respect to a
file name. Need a way to build a path to temporarily save the secret
where that path is not in the pool. Chose the "stateDir", but since
storage_driver is the only place that knows, added helper API to access.
Patch 11: Former patch 17 with adjustments from code review and to handle
other changes so far
Patches 12-14: NEW - Really a bug fix submitted as a separate patch
(although there are a few differences here), but I need it for patch 15
Patch 15: Former patch 19 plus adjustments for hotplug.
John Ferlan (15):
qemu: Change protocol parameter for secret setup
qemu: Remove authdef from secret setup
conf: Add new secret type "passphrase"
util: Add 'usage' for encryption
util: Introduce virReadBufInt16LE and virReadBufInt16BE
util: Modify the FileTypeInfo to add a version size
util: Add 'luks' to the FileTypeInfo
encryption: Add luks parsing for storageencryption
encryption: Add <cipher> and <ivgen> to encryption
storage: Introduce virStoragePoolObjBuildTempFilePath
storage: Add support to create a luks volume
qemu: Remove type from qemuBuildSecretInfoProps
qemu: Make qemuBuildSecretInfoProps global
qemu: Add secinfo for hotplug virtio disk
qemu: Add luks support for domain disk
docs/aclpolkit.html.in | 4 +
docs/formatsecret.html.in | 62 ++++-
docs/formatstorageencryption.html.in | 116 ++++++++-
docs/schemas/secret.rng | 10 +
docs/schemas/storagecommon.rng | 57 ++++-
include/libvirt/libvirt-secret.h | 3 +-
src/access/viraccessdriverpolkit.c | 13 +
src/conf/domain_conf.c | 11 +
src/conf/secret_conf.c | 26 +-
src/conf/secret_conf.h | 1 +
src/conf/virsecretobj.c | 5 +
src/libvirt_private.syms | 1 +
src/qemu/qemu_command.c | 23 +-
src/qemu/qemu_command.h | 4 +
src/qemu/qemu_domain.c | 126 +++++-----
src/qemu/qemu_hotplug.c | 107 ++++++++-
src/qemu/qemu_process.c | 19 +-
src/storage/storage_backend.c | 266 +++++++++++++++++++--
src/storage/storage_backend.h | 3 +-
src/storage/storage_backend_fs.c | 10 +-
src/storage/storage_backend_gluster.c | 2 +
src/storage/storage_driver.c | 24 ++
src/storage/storage_driver.h | 6 +-
src/util/virendian.h | 24 ++
src/util/virqemu.c | 23 ++
src/util/virqemu.h | 6 +
src/util/virstorageencryption.c | 152 ++++++++++--
src/util/virstorageencryption.h | 17 +-
src/util/virstoragefile.c | 84 +++++--
src/util/virstoragefile.h | 1 +
.../qemuxml2argv-encrypted-disk-usage.args | 24 ++
.../qemuxml2argv-encrypted-disk-usage.xml | 32 +++
.../qemuxml2argv-luks-disk-cipher.args | 36 +++
.../qemuxml2argv-luks-disk-cipher.xml | 41 ++++
.../qemuxml2argvdata/qemuxml2argv-luks-disks.args | 36 +++
tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml | 41 ++++
tests/qemuxml2argvtest.c | 12 +-
.../qemuxml2xmlout-encrypted-disk-usage.xml | 36 +++
.../qemuxml2xmlout-luks-disk-cipher.xml | 45 ++++
.../qemuxml2xmlout-luks-disks.xml | 45 ++++
tests/qemuxml2xmltest.c | 3 +
tests/secretxml2xmlin/usage-passphrase.xml | 7 +
tests/secretxml2xmltest.c | 1 +
tests/storagevolxml2argvtest.c | 3 +-
tests/storagevolxml2xmlin/vol-luks-cipher.xml | 23 ++
tests/storagevolxml2xmlin/vol-luks.xml | 21 ++
tests/storagevolxml2xmlout/vol-luks-cipher.xml | 23 ++
tests/storagevolxml2xmlout/vol-luks.xml | 21 ++
tests/storagevolxml2xmltest.c | 2 +
tests/virendiantest.c | 18 ++
50 files changed, 1495 insertions(+), 181 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disk-cipher.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disk-cipher.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml
create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-encrypted-disk-usage.xml
create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disk-cipher.xml
create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml
create mode 100644 tests/secretxml2xmlin/usage-passphrase.xml
create mode 100644 tests/storagevolxml2xmlin/vol-luks-cipher.xml
create mode 100644 tests/storagevolxml2xmlin/vol-luks.xml
create mode 100644 tests/storagevolxml2xmlout/vol-luks-cipher.xml
create mode 100644 tests/storagevolxml2xmlout/vol-luks.xml
--
2.5.5
More information about the libvir-list
mailing list