From nobody Wed May 14 17:29:58 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 15223243060023.54473228812617;
 Thu, 29 Mar 2018 04:51:46 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 714AE7FDEA;
	Thu, 29 Mar 2018 11:51:44 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 3D2B260BE2;
	Thu, 29 Mar 2018 11:51:44 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id E017E181BA0A;
	Thu, 29 Mar 2018 11:51:43 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w2TBpONW016349 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 29 Mar 2018 07:51:24 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 7DAC81102E2D; Thu, 29 Mar 2018 11:51:24 +0000 (UTC)
Received: from angien.brq.redhat.com (unknown [10.43.2.136])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 077BE1102E2B;
	Thu, 29 Mar 2018 11:51:23 +0000 (UTC)
From: Peter Krempa <pkrempa@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 29 Mar 2018 13:51:08 +0200
Message-Id: 
 <e2e2dd04459895f20624b1abeb3d7439f2653ada.1522323985.git.pkrempa@redhat.com>
In-Reply-To: <cover.1522323985.git.pkrempa@redhat.com>
References: <cover.1522323985.git.pkrempa@redhat.com>
In-Reply-To: <cover.1522323985.git.pkrempa@redhat.com>
References: <cover.1522323985.git.pkrempa@redhat.com>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
Subject: [libvirt] [PATCH 11/14] qemu: command: Add support for qcow2 + luks
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]);
 Thu, 29 Mar 2018 11:51:45 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

The old qcow2 encryption format was buggy, so the new approach is to use
luks inside qcow2. As it turns out, it didn't require that many changes.

It was necessary to fix the command line formatter to stop mangling the
format when secrets are present and specify the encryption format and
secret in correct format.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
You can easily create a qcow2+luks disk image by:

qemu-img create --object secret,id=3Dsec0,data=3Dasdf -f qcow2 \
    -o encrypt.format=3Dluks,encrypt.key-secret=3Dsec0 luks.qcow2 10M

 src/qemu/qemu_command.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 6a13714eae..c1225591b3 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1525,6 +1525,7 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk,
     qemuDomainSecretInfoPtr encinfo =3D NULL;
     virJSONValuePtr srcprops =3D NULL;
     char *source =3D NULL;
+    bool rawluks =3D false;
     int ret =3D -1;

     if (srcpriv) {
@@ -1598,14 +1599,21 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk,
     }
     virBufferAddLit(buf, ",");

-    if (encinfo)
-        virQEMUBuildLuksOpts(buf, &disk->src->encryption->encinfo,
-                             encinfo->s.aes.alias);
+    if (encinfo) {
+        if (disk->src->format =3D=3D VIR_STORAGE_FILE_RAW) {
+            virBufferAsprintf(buf, "key-secret=3D%s,", encinfo->s.aes.alia=
s);
+            rawluks =3D true;
+        } else if (disk->src->format =3D=3D VIR_STORAGE_FILE_QCOW2 &&
+                   disk->src->encryption->format =3D=3D VIR_STORAGE_ENCRYP=
TION_FORMAT_LUKS) {
+            virBufferAddLit(buf, "encrypt.format=3Dluks,");
+            virBufferAsprintf(buf, "encrypt.key-secret=3D%s,", encinfo->s.=
aes.alias);
+        }
+    }

     if (disk->src->format > 0 &&
         disk->src->type !=3D VIR_STORAGE_TYPE_DIR) {
         const char *qemuformat =3D virStorageFileFormatTypeToString(disk->=
src->format);
-        if (qemuDomainDiskHasEncryptionSecret(disk->src))
+        if (rawluks)
             qemuformat =3D "luks";
         virBufferAsprintf(buf, "format=3D%s,", qemuformat);
     }
--=20
2.16.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list