Re: [libvirt] [PATCH 2/2] storage: Check qemu-img encryption type capability

https://bugzilla.redhat.com/show_bug.cgi?id=1526382 As of QEMU 2.9, qemu-img has enforced using the "key-secret" for creation of encrypted volumes. That is, LUKS encryption is now required and the old (awful) qcow[2] encryption methodolgy is no longer supported. In order to check for this, we scan the qemu-img -o help options looking for "key-secret" and if set, we enforce during the create volume processing that the about to be encrypted volume doesn't attempt to use the old crufty encryption mechanism. Signed-off-by: John Ferlan <jferlan(a)redhat.com&gt; --- src/storage/storage_util.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index 7df52239c2..d2e02a57ca 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -797,6 +797,7 @@ storagePloopResize(virStorageVolDefPtr vol, enum { QEMU_IMG_BACKING_FORMAT_OPTIONS = 0, QEMU_IMG_BACKING_FORMAT_OPTIONS_COMPAT, + QEMU_IMG_BACKING_FORMAT_OPTIONS_KEY_SECRET, }; static char * @@ -824,6 +825,14 @@ virStorageBackendQemuImgSupportsCompat(const char *output) return strstr(output, "\ncompat "); } + +static bool +virStorageBackendQemuImgRequiresKeySecret(const char *output) +{ + return strstr(output, "key-secret"); +} + +