On 05/31/2018 02:18 AM, Peter Krempa wrote:
On Wed, May 30, 2018 at 16:14:31 -0400, John Ferlan wrote:
>
>
> On 05/23/2018 10:13 AM, Peter Krempa wrote:
>> The old qcow/qcow2 encryption format is so broken that qemu decided to
>> drop it completely. This series forbids the use of such images even with
>> qemus prior to this and removes all the cruft necessary to support it.
>>
>> v2:
>> - fixed check to include the qcow format too
>> - reworded the error message slightly
>> - split second patch into two with proper justification for the
>> user-alias test since checking LUKS there actually makes sense
>>
>> Peter Krempa (5):
>> tests: qemuxml2argv: Drop disk encryption from 'interface-server' test
>> tests: qemuxml2argv: Verify that disk secret alias is correct with
>> user-aliases
>> tests: qemublock: Switch to qcow2+luks in test files
>> qemu: domain: Forbid storage with old QCOW2 encryption
>> qemu: Remove code for setting up disk passphrases
>>
>
> Why not remove it from storage as well? It's not like anything could or
> would want to use whatever the storage driver created. There's always
> the fall back to indicate to use qemu-img for the die hards.
If we've ever supported the use case of converting a qcow2 encrypted
volume even into a unencrypted volume, we should keep that for allowing
migration from those volumes.
Without (at least parts of) for qemu's 2.9 or later:
https://www.redhat.com/archives/libvir-list/2018-May/msg01268.html
it won't work anyway because of qemu secret work.
I think you probably need to make some documentation updates too. If not
removing things, then updating certain pages to indicate as of libvirt
4.X.0 it won't be possible to use for domains (and possibly storage).
John