See RFC: http://www.redhat.com/archives/libvir-list/2016-June/msg00312.html For: https://bugzilla.redhat.com/show_bug.cgi?id=1301021 Changes since RFC: 1. Address Dan's comment regarding providing secinfo objects for both secret for RBD as well as secret for LUKS 2. Remove code from secret/secret_util.{h,c} and need for including "secret/secret_util.h" (as well as cfg.mk change) 3. Change secret usage name from "luks" to "key". The "key" secret type will be reused for work I have in other local trees (eg. TLS) 4. Reorder the patches a bit. Patches 1-9 are more or less setup for patches 10-19. John Ferlan (19): storage: Adjust qemu-img switches check storage: Create helper to set backing for CreateQemuImg code storage: Create helper to set options for CreateQemuImg code storage: Use virSecretGetSecretString secret: Move virStorageSecretType and rename util: Move and rename virStorageAuthDefParseSecret util: Introduce virSecretFormatSecret qemu: Change protocol parameter for secret setup qemu: Remove authdef from secret setup tests: Adjust tests for encrypted storage util: Add 'usage' for encryption util: Modify the FileTypeInfo for meta data checks util: Add 'luks' to the FileTypeInfo conf: Add new secret type "key" encryption: Add luks parsing for storageencryption encryption: Add <cipher> and <ivgen> to encryption storage: Add support to create a luks volume qemu: Add new secret info type qemu: Add luks support for domain disk docs/aclpolkit.html.in | 4 + docs/formatsecret.html.in | 62 ++- docs/formatstorageencryption.html.in | 115 ++++- docs/schemas/secret.rng | 10 + docs/schemas/storagecommon.rng | 58 ++- include/libvirt/libvirt-secret.h | 3 +- po/POTFILES.in | 1 + src/Makefile.am | 2 + src/access/viraccessdriverpolkit.c | 13 + src/conf/domain_conf.c | 11 + src/conf/secret_conf.c | 26 +- src/conf/secret_conf.h | 3 +- src/conf/virsecretobj.c | 5 + src/libvirt_private.syms | 8 + src/libxl/libxl_conf.c | 2 +- src/qemu/qemu_command.c | 12 +- src/qemu/qemu_domain.c | 148 ++++--- src/qemu/qemu_domain.h | 5 + src/qemu/qemu_process.c | 19 +- src/secret/secret_util.c | 18 +- src/secret/secret_util.h | 10 +- src/storage/storage_backend.c | 480 +++++++++++++++------ src/storage/storage_backend.h | 3 +- src/storage/storage_backend_fs.c | 10 +- src/storage/storage_backend_gluster.c | 2 + src/storage/storage_backend_iscsi.c | 54 +-- src/storage/storage_backend_rbd.c | 49 +-- src/util/virendian.h | 24 ++ src/util/virqemu.c | 23 + src/util/virqemu.h | 6 + src/util/virsecret.c | 127 ++++++ src/util/virsecret.h | 56 +++ src/util/virstorageencryption.c | 156 ++++++- src/util/virstorageencryption.h | 18 +- src/util/virstoragefile.c | 196 ++++----- src/util/virstoragefile.h | 18 +- tests/qemuargv2xmltest.c | 4 +- .../qemuxml2argv-encrypted-disk-usage.args | 24 ++ .../qemuxml2argv-encrypted-disk-usage.xml | 32 ++ .../qemuxml2argv-encrypted-disk.args | 26 +- .../qemuxml2argv-encrypted-disk.xml | 4 +- .../qemuxml2argv-luks-disk-cipher.args | 36 ++ .../qemuxml2argv-luks-disk-cipher.xml | 41 ++ .../qemuxml2argvdata/qemuxml2argv-luks-disks.args | 36 ++ tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml | 41 ++ tests/qemuxml2argvtest.c | 14 +- .../qemuxml2xmlout-encrypted-disk-usage.xml | 36 ++ .../qemuxml2xmlout-encrypted-disk.xml | 4 +- .../qemuxml2xmlout-luks-disk-cipher.xml | 45 ++ .../qemuxml2xmlout-luks-disks.xml | 45 ++ tests/qemuxml2xmltest.c | 3 + tests/secretxml2xmlin/usage-key.xml | 7 + tests/secretxml2xmltest.c | 1 + tests/storagevolxml2argvdata/qcow2-flag.argv | 2 - .../qcow2-nobacking-convert-flag.argv | 2 - .../qcow2-nobacking-convert-none.argv | 2 - .../qcow2-nobacking-flag.argv | 1 - .../qcow2-nobacking-none.argv | 1 - tests/storagevolxml2argvdata/qcow2-none.argv | 1 - tests/storagevolxml2argvtest.c | 25 +- tests/storagevolxml2xmlin/vol-luks-cipher.xml | 23 + tests/storagevolxml2xmlin/vol-luks.xml | 21 + tests/storagevolxml2xmlout/vol-luks-cipher.xml | 23 + tests/storagevolxml2xmlout/vol-luks.xml | 21 + tests/storagevolxml2xmltest.c | 2 + tests/virendiantest.c | 18 + 66 files changed, 1792 insertions(+), 506 deletions(-) create mode 100644 src/util/virsecret.c create mode 100644 src/util/virsecret.h create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disk-cipher.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disk-cipher.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-encrypted-disk-usage.xml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disk-cipher.xml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml create mode 100644 tests/secretxml2xmlin/usage-key.xml delete mode 100644 tests/storagevolxml2argvdata/qcow2-flag.argv delete mode 100644 tests/storagevolxml2argvdata/qcow2-nobacking-convert-flag.argv delete mode 100644 tests/storagevolxml2argvdata/qcow2-nobacking-convert-none.argv delete mode 100644 tests/storagevolxml2argvdata/qcow2-nobacking-flag.argv delete mode 100644 tests/storagevolxml2argvdata/qcow2-nobacking-none.argv delete mode 100644 tests/storagevolxml2argvdata/qcow2-none.argv create mode 100644 tests/storagevolxml2xmlin/vol-luks-cipher.xml create mode 100644 tests/storagevolxml2xmlin/vol-luks.xml create mode 100644 tests/storagevolxml2xmlout/vol-luks-cipher.xml create mode 100644 tests/storagevolxml2xmlout/vol-luks.xml -- 2.5.5 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list