On Tue, May 22, 2018 at 10:40:39 -0400, John Ferlan wrote: > > > On 05/22/2018 10:04 AM, Peter Krempa wrote: > > This applies on top of the text monitor cleanup. See explanation in 3/4 > > for justification. > > > > Peter Krempa (4): > > tests: qemublock: Switch to qcow2+luks in test files > > tests: qemu: Modernize/remove qcow2 encryption from tests not related > > to storage > > qemu: domain: Forbid storage with old QCOW2 encryption > > qemu: Remove code for setting up disk passphrases > > > > This would be nice, but based on this series: > > https://www.redhat.com/archives/libvir-list/2018-May/msg01268.html > > I believe there are quite a few more tests/files to modify/delete in > order to remove qcow[2] from the source tree. Yes, because the check in 3/4 only does this for qcow2, but it also should be done for qcow. > > There's also the formatstorageencryption and formatsecret documentation > that would need updating. Yep. > > Based only on the effort from the above series to convert/consume a non > encrypted image to result in a qcow[2] encrypted image - I assume > conversion of qcow[2] images is not a simple exercise. Not sure whether > anyone really uses qcow[2] encryption anymore in the wild, but just > telling them they have to convert (without providing a shred of details > as to what that entails isn't very friendly. Starting with qemu 2.7 qcow[2] encryption can't be used with system emulators only with qemu-img. It was deprecated since 2.3. While this breaks compatibility with old qemus the upstream support for this is declared dead. With these patches you get a failure even with old qemus and you know that you have to fix your images rather than waiting for the doom which can happen. commit 8c0dcbc4ad2bf4f9f3b27c637b357e87cad70ec7 Author: Daniel P. Berrange <berrange@xxxxxxxxxx> Date: Mon Jun 13 12:30:09 2016 +0100 block: drop support for using qcow[2] encryption with system emulators Back in the 2.3.0 release we declared qcow[2] encryption as deprecated, warning people that it would be removed in a future release. commit a1f688f4152e65260b94f37543521ceff8bfebe4 Author: Markus Armbruster <armbru@xxxxxxxxxx> Date: Fri Mar 13 21:09:40 2015 +0100 block: Deprecate QCOW/QCOW2 encryption > Also not sure it's possible to just convert to using LUKS since at one > time at least usage required having code/tests inside a "# ifdef > WITH_GNUTLS" (something that can be seen in the diffs from > tests/qemuxml2argvtest.c in patch 3). Well, without gnutls this will not work, but in that case even qemu encryption will most probably not work.
Attachment:
signature.asc
Description: PGP signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
