[libvirt] [PATCH v2 00/15] Add support for LUKS encrypted devices

v1: http://www.redhat.com/archives/libvir-list/2016-June/msg00804.html Differences since v1 (beyond those patches already pushed) Patch 1: Adjust via recent comments for patch 8 of previous series Patch 2: Already ACK'd, adjust slightly based on merge conflicts Patch 3: Used to be patch 14 - Use VIR_SECRET_USAGE_TYPE_PASSPHRASE (instead of _KEY) - Use "usage.id" (instead of "usage.key") Patch 4: Used by be patch 11 (wasn't reviewed) Patch 5: Split from patch 13 for separate endian code to read a 16 bit value Patch 6: NEW - based slightly on former patch 12 - No longer use cryptType - Use versionSize instead in order to decode verision data as 16 or 32 bits Patch 7: Former patch 13 with adjustments based on previous patches Patch 8-9: Former patch 15-16 w/ adjustments from review and to keep up with other changes Patch 10: NEW - Reaction to former patch 17 comments with respect to a file name. Need a way to build a path to temporarily save the secret where that path is not in the pool. Chose the "stateDir", but since storage_driver is the only place that knows, added helper API to access. Patch 11: Former patch 17 with adjustments from code review and to handle other changes so far Patches 12-14: NEW - Really a bug fix submitted as a separate patch (although there are a few differences here), but I need it for patch 15 Patch 15: Former patch 19 plus adjustments for hotplug. John Ferlan (15): qemu: Change protocol parameter for secret setup qemu: Remove authdef from secret setup conf: Add new secret type "passphrase" util: Add 'usage' for encryption util: Introduce virReadBufInt16LE and virReadBufInt16BE util: Modify the FileTypeInfo to add a version size util: Add 'luks' to the FileTypeInfo encryption: Add luks parsing for storageencryption encryption: Add <cipher> and <ivgen> to encryption storage: Introduce virStoragePoolObjBuildTempFilePath storage: Add support to create a luks volume qemu: Remove type from qemuBuildSecretInfoProps qemu: Make qemuBuildSecretInfoProps global qemu: Add secinfo for hotplug virtio disk qemu: Add luks support for domain disk docs/aclpolkit.html.in | 4 + docs/formatsecret.html.in | 62 ++++- docs/formatstorageencryption.html.in | 116 ++++++++- docs/schemas/secret.rng | 10 + docs/schemas/storagecommon.rng | 57 ++++- include/libvirt/libvirt-secret.h | 3 +- src/access/viraccessdriverpolkit.c | 13 + src/conf/domain_conf.c | 11 + src/conf/secret_conf.c | 26 +- src/conf/secret_conf.h | 1 + src/conf/virsecretobj.c | 5 + src/libvirt_private.syms | 1 + src/qemu/qemu_command.c | 23 +- src/qemu/qemu_command.h | 4 + src/qemu/qemu_domain.c | 126 +++++----- src/qemu/qemu_hotplug.c | 107 ++++++++- src/qemu/qemu_process.c | 19 +- src/storage/storage_backend.c | 266 +++++++++++++++++++-- src/storage/storage_backend.h | 3 +- src/storage/storage_backend_fs.c | 10 +- src/storage/storage_backend_gluster.c | 2 + src/storage/storage_driver.c | 24 ++ src/storage/storage_driver.h | 6 +- src/util/virendian.h | 24 ++ src/util/virqemu.c | 23 ++ src/util/virqemu.h | 6 + src/util/virstorageencryption.c | 152 ++++++++++-- src/util/virstorageencryption.h | 17 +- src/util/virstoragefile.c | 84 +++++-- src/util/virstoragefile.h | 1 + .../qemuxml2argv-encrypted-disk-usage.args | 24 ++ .../qemuxml2argv-encrypted-disk-usage.xml | 32 +++ .../qemuxml2argv-luks-disk-cipher.args | 36 +++ .../qemuxml2argv-luks-disk-cipher.xml | 41 ++++ .../qemuxml2argvdata/qemuxml2argv-luks-disks.args | 36 +++ tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml | 41 ++++ tests/qemuxml2argvtest.c | 12 +- .../qemuxml2xmlout-encrypted-disk-usage.xml | 36 +++ .../qemuxml2xmlout-luks-disk-cipher.xml | 45 ++++ .../qemuxml2xmlout-luks-disks.xml | 45 ++++ tests/qemuxml2xmltest.c | 3 + tests/secretxml2xmlin/usage-passphrase.xml | 7 + tests/secretxml2xmltest.c | 1 + tests/storagevolxml2argvtest.c | 3 +- tests/storagevolxml2xmlin/vol-luks-cipher.xml | 23 ++ tests/storagevolxml2xmlin/vol-luks.xml | 21 ++ tests/storagevolxml2xmlout/vol-luks-cipher.xml | 23 ++ tests/storagevolxml2xmlout/vol-luks.xml | 21 ++ tests/storagevolxml2xmltest.c | 2 + tests/virendiantest.c | 18 ++ 50 files changed, 1495 insertions(+), 181 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disk-cipher.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disk-cipher.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-encrypted-disk-usage.xml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disk-cipher.xml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml create mode 100644 tests/secretxml2xmlin/usage-passphrase.xml create mode 100644 tests/storagevolxml2xmlin/vol-luks-cipher.xml create mode 100644 tests/storagevolxml2xmlin/vol-luks.xml create mode 100644 tests/storagevolxml2xmlout/vol-luks-cipher.xml create mode 100644 tests/storagevolxml2xmlout/vol-luks.xml -- 2.5.5