[libvirt] [PATCH 2/2] storage: Check qemu-img encryption type capability
Ján Tomko
jtomko at redhat.com
Tue Apr 17 20:47:46 UTC 2018
On Tue, Apr 17, 2018 at 03:23:33PM -0400, John Ferlan wrote:
>https://bugzilla.redhat.com/show_bug.cgi?id=1526382
>
>As of QEMU 2.9, qemu-img has enforced using the "key-secret" for
>creation of encrypted volumes. That is, LUKS encryption is now
>required and the old (awful) qcow[2] encryption methodolgy is
>no longer supported.
>
>In order to check for this, we scan the qemu-img -o help options
>looking for "key-secret" and if set, we enforce during the create
>volume processing that the about to be encrypted volume doesn't
>attempt to use the old crufty encryption mechanism.
>
>Signed-off-by: John Ferlan <jferlan at redhat.com>
>---
> src/storage/storage_util.c | 32 ++++++++++++++++++++++++++++++--
> 1 file changed, 30 insertions(+), 2 deletions(-)
>
>diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c
>index 7df52239c2..d2e02a57ca 100644
>--- a/src/storage/storage_util.c
>+++ b/src/storage/storage_util.c
>@@ -797,6 +797,7 @@ storagePloopResize(virStorageVolDefPtr vol,
> enum {
> QEMU_IMG_BACKING_FORMAT_OPTIONS = 0,
> QEMU_IMG_BACKING_FORMAT_OPTIONS_COMPAT,
>+ QEMU_IMG_BACKING_FORMAT_OPTIONS_KEY_SECRET,
> };
>
> static char *
>@@ -824,6 +825,14 @@ virStorageBackendQemuImgSupportsCompat(const char *output)
> return strstr(output, "\ncompat ");
> }
>
>+
>+static bool
>+virStorageBackendQemuImgRequiresKeySecret(const char *output)
>+{
>+ return strstr(output, "key-secret");
>+}
>+
>+
NACK
adding more -help output scraping just for a nicer error message for a
feature noone should be using in the first place is not worth it.
Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180417/8c12140e/attachment-0001.sig>
More information about the libvir-list
mailing list