[PATCH v5 0/9] Add native TLS encrypted chardev TCP support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



v4: http://www.redhat.com/archives/libvir-list/2016-June/msg01709.html

Since I have it on a branch and have been updating, I figured I'd post
the most recent stuff. Patches 1-4 were "partially" ACK'd in v2 of this
series, but there's been changes to the conf handling upstream. Patch 5
adds a new secret type 'tls'. Previous incarnations of these changes
borrowed a common secret type, but this one is specific. It's more or
less what got removed for LUKS with the names changed to protect the
innocent (reference Dragnet). Patches 6-9 is what was mostly missing
in the earlier series.

Differences to v4... mostly updates/merges with the numerous changes
to master since that time.

I lost track of whether the desire was to have /etc/pki/libvirt-%s or
/etc/pki/qemu-%s directories... I think we've been using the libvirt-%s
for vnc/spice so far, so I just followed that for chardev although there
was a comment at one time to use qemu-chardev during review of patch 2
of the v2 series:

http://www.redhat.com/archives/libvir-list/2016-June/msg01072.html

John Ferlan (9):
  conf: Add new default TLS X.509 certificate default directory
  conf: Introduce chartcp_tls_x509_cert_dir
  qemu: Add support for TLS X.509 path to TCP chardev backend
  qemu: Add the ability to hotplug the TLS X.509 environment
  conf: Add new secret type "tls"
  conf: Add new secret element for tcp chardev
  qemu: Introduce qemuDomainChardevPrivatePtr
  qemu: Add a secret object to/for a chardev tcp with secret
  qemu: Add the ability to hotplug a secret object for TCP chardev TLS

 docs/aclpolkit.html.in                             |   4 +
 docs/formatdomain.html.in                          |  29 +++++
 docs/formatsecret.html.in                          |  59 ++++++++-
 docs/schemas/domaincommon.rng                      |  21 +++
 docs/schemas/secret.rng                            |  10 ++
 include/libvirt/libvirt-secret.h                   |   1 +
 src/access/viraccessdriverpolkit.c                 |  13 ++
 src/conf/domain_conf.c                             |  64 ++++++++--
 src/conf/domain_conf.h                             |   8 +-
 src/conf/secret_conf.c                             |  23 +++-
 src/conf/secret_conf.h                             |   1 +
 src/conf/virsecretobj.c                            |   5 +
 src/libxl/libxl_domain.c                           |   2 +-
 src/lxc/lxc_native.c                               |   2 +-
 src/qemu/libvirtd_qemu.aug                         |  11 +-
 src/qemu/qemu.conf                                 |  83 +++++++++---
 src/qemu/qemu_alias.c                              |  16 +++
 src/qemu/qemu_alias.h                              |   3 +
 src/qemu/qemu_command.c                            | 141 ++++++++++++++++++++-
 src/qemu/qemu_command.h                            |   9 ++
 src/qemu/qemu_conf.c                               |  57 ++++++++-
 src/qemu/qemu_conf.h                               |   7 +
 src/qemu/qemu_domain.c                             | 124 +++++++++++++++++-
 src/qemu/qemu_domain.h                             |  22 ++++
 src/qemu/qemu_driver.c                             |   2 +-
 src/qemu/qemu_hotplug.c                            | 104 ++++++++++++++-
 src/qemu/qemu_hotplug.h                            |   3 +-
 src/qemu/qemu_monitor_json.c                       |   9 ++
 src/qemu/qemu_parse_command.c                      |   4 +-
 src/qemu/qemu_process.c                            |   2 +-
 src/qemu/test_libvirtd_qemu.aug.in                 |   5 +
 src/vz/vz_sdk.c                                    |   2 +-
 src/xenconfig/xen_sxpr.c                           |   2 +-
 tests/qemuhotplugtest.c                            |   2 +-
 .../qemuxml2argv-serial-tcp-tlsx509-chardev.args   |  33 +++++
 .../qemuxml2argv-serial-tcp-tlsx509-chardev.xml    |  41 ++++++
 ...xml2argv-serial-tcp-tlsx509-secret-chardev.args |  38 ++++++
 ...uxml2argv-serial-tcp-tlsx509-secret-chardev.xml |  51 ++++++++
 tests/qemuxml2argvtest.c                           |  21 +++
 .../qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml  |  50 ++++++++
 ...ml2xmlout-serial-tcp-tlsx509-secret-chardev.xml |   1 +
 tests/qemuxml2xmltest.c                            |   2 +
 tests/secretxml2xmlin/usage-tls.xml                |   7 +
 tests/secretxml2xmltest.c                          |   1 +
 44 files changed, 1038 insertions(+), 57 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.xml
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.xml
 create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml
 create mode 120000 tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-secret-chardev.xml
 create mode 100644 tests/secretxml2xmlin/usage-tls.xml

-- 
2.7.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]