qemu-block
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-block] [PATCH v1 11/15] qcow2: convert QCow2 to use QCryptoBlo


From: Daniel P. Berrange
Subject: Re: [Qemu-block] [PATCH v1 11/15] qcow2: convert QCow2 to use QCryptoBlock for encryption
Date: Tue, 24 Jan 2017 12:33:34 +0000
User-agent: Mutt/1.7.1 (2016-10-04)

On Sat, Jan 21, 2017 at 08:07:57PM +0100, Max Reitz wrote:
> On 03.01.2017 19:27, Daniel P. Berrange wrote:
> > This converts the qcow2 driver to make use of the QCryptoBlock
> > APIs for encrypting image content, using the legacyy QCow2 AES
> > scheme.
> > 
> > With this change it is now required to use the QCryptoSecret
> > object for providing passwords, instead of the current block
> > password APIs / interactive prompting.
> > 
> >   $QEMU \
> >     -object secret,id=sec0,filename=/home/berrange/encrypted.pw \
> >     -drive file=/home/berrange/encrypted.qcow2,aes-key-secret=sec0
> > 
> > Signed-off-by: Daniel P. Berrange <address@hidden>
> > ---
> >  block/qcow2-cluster.c      |  47 +----------
> >  block/qcow2.c              | 190 
> > +++++++++++++++++++++++++++++----------------
> >  block/qcow2.h              |   5 +-
> >  qapi/block-core.json       |   7 +-
> >  tests/qemu-iotests/049     |   2 +-
> >  tests/qemu-iotests/049.out |   4 +-
> >  tests/qemu-iotests/082.out |  27 +++++++
> >  tests/qemu-iotests/087     |  28 ++++++-
> >  tests/qemu-iotests/087.out |   6 +-
> >  tests/qemu-iotests/134     |  18 +++--
> >  tests/qemu-iotests/134.out |  10 +--
> >  tests/qemu-iotests/158     |  19 +++--
> >  tests/qemu-iotests/158.out |  14 +---
> >  13 files changed, 219 insertions(+), 158 deletions(-)
> 
> [...]
> 
> > diff --git a/tests/qemu-iotests/134 b/tests/qemu-iotests/134
> > index af618b8..c2458d8 100755
> > --- a/tests/qemu-iotests/134
> > +++ b/tests/qemu-iotests/134
> > @@ -43,23 +43,31 @@ _supported_os Linux
> >  
> >  
> >  size=128M
> > -IMGOPTS="encryption=on" _make_test_img $size
> > +
> > +SECRET="secret,id=sec0,data=astrochicken"
> > +SECRETALT="secret,id=sec0,data=platypus"
> > +
> > +_make_test_img --object $SECRET -o "encryption=on,qcow-key-secret=sec0" 
> > $size
> > +
> > +IMGSPEC="driver=$IMGFMT,file.filename=$TEST_IMG,qcow-key-secret=sec0"
> > +
> > +QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT
> 
> While I agree that it makes sense to have this variable, we
> unfortunately do not have it. Yet. ;-)
> 
> It should be defined somewhere and it should probably actually contain
> all non-format options (such as the cache mode).

Yes, that was what I had originally, but somehow I lost it during a
rebase somewhere...


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|



reply via email to

[Prev in Thread] Current Thread [Next in Thread]