On 05/31/2018 02:18 AM, Peter Krempa wrote:
On Wed, May 30, 2018 at 16:14:31 -0400, John Ferlan wrote:
On 05/23/2018 10:13 AM, Peter Krempa wrote:
The old qcow/qcow2 encryption format is so broken that qemu decided to drop it completely. This series forbids the use of such images even with qemus prior to this and removes all the cruft necessary to support it.
v2: - fixed check to include the qcow format too - reworded the error message slightly - split second patch into two with proper justification for the user-alias test since checking LUKS there actually makes sense
Peter Krempa (5): tests: qemuxml2argv: Drop disk encryption from 'interface-server' test tests: qemuxml2argv: Verify that disk secret alias is correct with user-aliases tests: qemublock: Switch to qcow2+luks in test files qemu: domain: Forbid storage with old QCOW2 encryption qemu: Remove code for setting up disk passphrases
Why not remove it from storage as well? It's not like anything could or would want to use whatever the storage driver created. There's always the fall back to indicate to use qemu-img for the die hards.
If we've ever supported the use case of converting a qcow2 encrypted volume even into a unencrypted volume, we should keep that for allowing migration from those volumes.
Without (at least parts of) for qemu's 2.9 or later: https://www.redhat.com/archives/libvir-list/2018-May/msg01268.html it won't work anyway because of qemu secret work. I think you probably need to make some documentation updates too. If not removing things, then updating certain pages to indicate as of libvirt 4.X.0 it won't be possible to use for domains (and possibly storage). John