[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v3 4/4] qemu-img: copy *key-secret opts when ope
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-devel] [PATCH v3 4/4] qemu-img: copy *key-secret opts when opening newly created files |
Date: |
Wed, 22 Feb 2017 11:33:21 +0000 |
User-agent: |
Mutt/1.7.1 (2016-10-04) |
On Wed, Feb 22, 2017 at 12:20:36PM +0100, Kevin Wolf wrote:
> Am 20.02.2017 um 16:19 hat Daniel P. Berrange geschrieben:
> > The qemu-img dd/convert commands will create a image file and
> > then try to open it. Historically it has been possible to open
> > new files without passing any options. With encrypted files
> > though, the *key-secret options are mandatory, so we need to
> > provide those options when opening the newly created file.
> >
> > Signed-off-by: Daniel P. Berrange <address@hidden>
> > ---
> > qemu-img.c | 44 ++++++++++++++++++++++++++++++++++++++++++--
> > 1 file changed, 42 insertions(+), 2 deletions(-)
> >
> > diff --git a/qemu-img.c b/qemu-img.c
> > index e48e676..bad19fd 100644
> > --- a/qemu-img.c
> > +++ b/qemu-img.c
> > @@ -317,6 +317,46 @@ static BlockBackend *img_open_file(const char
> > *filename,
> > }
> >
> >
> > +static int img_add_key_secrets(void *opaque,
> > + const char *name, const char *value,
> > + Error **errp)
> > +{
> > + QDict *options = opaque;
> > +
> > + if (g_str_has_suffix(name, "key-secret")) {
> > + qdict_put(options, name, qstring_from_str(value));
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +static BlockBackend *img_open_new_file(const char *filename,
> > + QemuOpts *create_opts,
> > + const char *fmt, int flags,
> > + bool writethrough, bool quiet)
> > +{
> > + BlockBackend *blk;
> > + Error *local_err = NULL;
> > + QDict *options = NULL;
> > +
> > + options = qdict_new();
> > + if (fmt) {
> > + qdict_put(options, "driver", qstring_from_str(fmt));
> > + }
> > +
> > + qemu_opt_foreach(create_opts, img_add_key_secrets, options, NULL);
> > +
> > + blk = blk_new_open(filename, NULL, options, flags, &local_err);
> > + if (!blk) {
> > + error_reportf_err(local_err, "Could not open '%s': ", filename);
> > + return NULL;
> > + }
> > + blk_set_enable_write_cache(blk, !writethrough);
> > +
> > + return blk;
> > +}
>
> Why not make this a small wrapper around img_open_file(), which does
> almost the same except that it can ask for a password? Leaving out the
> img_open_password() call means that simple '-o encryption=on' breaks,
> so it's a bug anyway:
>
> $ ./qemu-img convert -O qcow2 -o encryption ~/images/hd.img /tmp/crypt.qcow2
> qemu-img: block/qcow2.c:1613: qcow2_co_pwritev: Assertion `s->cipher' failed.
I had written this after my conversion of qcow2 to use secrets, but I
presume you just tested this series in isolation. If this series merges
before my qcow2+luks series, then yeah, we'd need to handle the scearnio
you describe.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|