Re: [PATCH 15/19] encryption: Add luks parsing for storageencryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jun 13, 2016 at 20:27:54 -0400, John Ferlan wrote:
> Add parse and format of the luks/key secret including tests for
> volume XML parsing.
> 
> Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
> ---
>  docs/formatsecret.html.in                          |  7 +++-
>  docs/formatstorageencryption.html.in               | 24 +++++++++++-
>  docs/schemas/storagecommon.rng                     |  3 ++
>  src/qemu/qemu_process.c                            |  6 +++
>  src/storage/storage_backend.c                      |  3 +-
>  src/storage/storage_backend_fs.c                   |  7 +++-
>  src/storage/storage_backend_gluster.c              |  2 +
>  src/util/virstorageencryption.c                    |  4 +-
>  src/util/virstorageencryption.h                    |  2 +
>  tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml | 41 ++++++++++++++++++++
>  .../qemuxml2xmlout-luks-disks.xml                  | 45 ++++++++++++++++++++++
>  tests/qemuxml2xmltest.c                            |  1 +
>  tests/storagevolxml2xmlin/vol-luks.xml             | 21 ++++++++++
>  tests/storagevolxml2xmlout/vol-luks.xml            | 21 ++++++++++
>  tests/storagevolxml2xmltest.c                      |  1 +
>  15 files changed, 181 insertions(+), 7 deletions(-)
>  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml
>  create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml
>  create mode 100644 tests/storagevolxml2xmlin/vol-luks.xml
>  create mode 100644 tests/storagevolxml2xmlout/vol-luks.xml

[]

> diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in
> index 048cc8e..ae2e815 100644
> --- a/docs/formatstorageencryption.html.in
> +++ b/docs/formatstorageencryption.html.in
> @@ -59,8 +59,20 @@
>        the <code>secret</code> element is not present during volume creation,
>        a secret is automatically generated and attached to the volume.
>      </p>
> +    <h3><a name="StorageEncryptionLuks">"luks" format</a></h3>
> +    <p>
> +      The <code>luks</code> format is specific to a luks encrypted volume
> +      and the secret used in order to either encrypt or decrypt the volume.
> +      A single <code>&lt;secret type='key'&gt;</code> element is expected.

I've explained in some other patch why 'key' is not a desired name.

> +      The secret may be referenced via either a <code>uuid</code> or
> +      <code>usage</code> attribute. One of the two must be present. When
> +      present for volume creation, the secret will be used in order for
> +      volume encryption.  When present for domain usage, the secret will
> +      be used as the key to decrypt the volume.
> +      <span class="since">Since 1.3.6</span>.
> +    </p>
>  
> -    <h2><a name="example">Example</a></h2>
> +    <h2><a name="example">Examples</a></h2>
>  
>      <p>
>        Here is a simple example, specifying use of the <code>qcow</code> format:

I'll like to see a updated version.

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]