10:17 a.m.
Clean up some code and fix wrong escaping of TLS certificate path.
Peter Krempa (4):
qemu: command: Optimize formatting of 'passwordid' in
qemuBuildTLSx509BackendProps
tests: qemuxml2argv: Test TLS certificate path containing a comma
qemu: command: Fix formatting of TLS backend properties
qemu: command: Remove qemuBuildHasMasterKey
src/qemu/qemu_command.c | 40 +++-------------------
.../disk-drive-network-tlsx509-vxhs.args | 8 ++---
tests/qemuxml2argvtest.c | 2 +-
3 files changed, 10 insertions(+), 40 deletions(-)
--
2.16.2
10:17 a.m.
New subject: [libvirt] [PATCH 1/4] qemu: command: Optimize formatting of 'passwordid' in qemuBuildTLSx509BackendProps
Use the 'S' modifier for create the field optionally rather than calling
another JSON formatter function.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/qemu/qemu_command.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index c4237339bf..173745ee49 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -731,13 +731,10 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
"s:dir", path,
"s:endpoint", (isListen ? "server":
"client"),
"b:verify-peer", (isListen ? verifypeer :
true),
+ "S:passwordid", secalias,
NULL) < 0)
goto cleanup;
- if (secalias &&
- virJSONValueObjectAdd(*propsret, "s:passwordid", secalias, NULL) <
0)
- goto cleanup;
-
ret = 0;
cleanup:
--
2.16.2
10:17 a.m.
New subject: [libvirt] [PATCH 2/4] tests: qemuxml2argv: Test TLS certificate path containing a comma
We have to escape commas when formatting them on the command line. Add a
test case of a TLS path containing a comma.
Note that the output is wrong, this test case is to prove there's a bug.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
tests/qemuxml2argvdata/disk-drive-network-tlsx509-vxhs.args | 8 ++++----
tests/qemuxml2argvtest.c | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/tests/qemuxml2argvdata/disk-drive-network-tlsx509-vxhs.args
b/tests/qemuxml2argvdata/disk-drive-network-tlsx509-vxhs.args
index 2e747392be..a2b4d2bcbd 100644
--- a/tests/qemuxml2argvdata/disk-drive-network-tlsx509-vxhs.args
+++ b/tests/qemuxml2argvdata/disk-drive-network-tlsx509-vxhs.args
@@ -23,16 +23,16 @@ server,nowait \
-no-acpi \
-boot c \
-usb \
--object tls-creds-x509,id=objvirtio-disk0_tls0,dir=/etc/pki/libvirt-vxhs,\
-endpoint=client,verify-peer=yes \
+-object tls-creds-x509,id=objvirtio-disk0_tls0,dir=/etc/pki/libvirt-vxhs/dummy,\
+,,,path,endpoint=client,verify-peer=yes \
-drive file.driver=vxhs,file.tls-creds=objvirtio-disk0_tls0,\
file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc251,\
file.server.host=192.168.0.1,file.server.port=9999,format=raw,if=none,\
id=drive-virtio-disk0,serial=eb90327c-8302-4725-9e1b-4e85ed4dc251,cache=none \
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
id=virtio-disk0 \
--object tls-creds-x509,id=objvirtio-disk1_tls0,dir=/etc/pki/libvirt-vxhs,\
-endpoint=client,verify-peer=yes \
+-object tls-creds-x509,id=objvirtio-disk1_tls0,dir=/etc/pki/libvirt-vxhs/dummy,\
+,,,path,endpoint=client,verify-peer=yes \
-drive file.driver=vxhs,file.tls-creds=objvirtio-disk1_tls0,\
file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc252,\
file.server.host=192.168.0.2,file.server.port=9999,format=raw,if=none,\
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 07e5ba1d13..78454acb1a 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -639,7 +639,7 @@ mymain(void)
if (VIR_STRDUP_QUIET(driver.config->chardevTLSx509certdir,
"/etc/pki/libvirt-chardev") < 0)
return EXIT_FAILURE;
VIR_FREE(driver.config->vxhsTLSx509certdir);
- if (VIR_STRDUP_QUIET(driver.config->vxhsTLSx509certdir,
"/etc/pki/libvirt-vxhs") < 0)
+ if (VIR_STRDUP_QUIET(driver.config->vxhsTLSx509certdir,
"/etc/pki/libvirt-vxhs/dummy,path") < 0)
return EXIT_FAILURE;
VIR_FREE(driver.config->hugetlbfs);
--
2.16.2
10:17 a.m.
New subject: [libvirt] [PATCH 3/4] qemu: command: Fix formatting of TLS backend properties
The JSON property generator should not escape commas as we do on the
command line. The JSON->commandline generator already does that.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/qemu/qemu_command.c | 20 +++-----------------
.../disk-drive-network-tlsx509-vxhs.args | 4 ++--
2 files changed, 5 insertions(+), 19 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 173745ee49..19c7149b5b 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -712,35 +712,21 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
virQEMUCapsPtr qemuCaps,
virJSONValuePtr *propsret)
{
- virBuffer buf = VIR_BUFFER_INITIALIZER;
- char *path = NULL;
- int ret = -1;
-
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("tls-creds-x509 not supported in this QEMU binary"));
return -1;
}
- virQEMUBuildBufferEscapeComma(&buf, tlspath);
- if (virBufferCheckError(&buf) < 0)
- goto cleanup;
- path = virBufferContentAndReset(&buf);
-
if (virJSONValueObjectCreate(propsret,
- "s:dir", path,
+ "s:dir", tlspath,
"s:endpoint", (isListen ? "server":
"client"),
"b:verify-peer", (isListen ? verifypeer :
true),
"S:passwordid", secalias,
NULL) < 0)
- goto cleanup;
-
- ret = 0;
+ return -1;
- cleanup:
- virBufferFreeAndReset(&buf);
- VIR_FREE(path);
- return ret;
+ return 0;
}
diff --git a/tests/qemuxml2argvdata/disk-drive-network-tlsx509-vxhs.args
b/tests/qemuxml2argvdata/disk-drive-network-tlsx509-vxhs.args
index a2b4d2bcbd..91d3a8a70a 100644
--- a/tests/qemuxml2argvdata/disk-drive-network-tlsx509-vxhs.args
+++ b/tests/qemuxml2argvdata/disk-drive-network-tlsx509-vxhs.args
@@ -24,7 +24,7 @@ server,nowait \
-boot c \
-usb \
-object tls-creds-x509,id=objvirtio-disk0_tls0,dir=/etc/pki/libvirt-vxhs/dummy,\
-,,,path,endpoint=client,verify-peer=yes \
+,path,endpoint=client,verify-peer=yes \
-drive file.driver=vxhs,file.tls-creds=objvirtio-disk0_tls0,\
file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc251,\
file.server.host=192.168.0.1,file.server.port=9999,format=raw,if=none,\
@@ -32,7 +32,7 @@
id=drive-virtio-disk0,serial=eb90327c-8302-4725-9e1b-4e85ed4dc251,cache=none \
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
id=virtio-disk0 \
-object tls-creds-x509,id=objvirtio-disk1_tls0,dir=/etc/pki/libvirt-vxhs/dummy,\
-,,,path,endpoint=client,verify-peer=yes \
+,path,endpoint=client,verify-peer=yes \
-drive file.driver=vxhs,file.tls-creds=objvirtio-disk1_tls0,\
file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc252,\
file.server.host=192.168.0.2,file.server.port=9999,format=raw,if=none,\
--
2.16.2
10:17 a.m.
New subject: [libvirt] [PATCH 4/4] qemu: command: Remove qemuBuildHasMasterKey
The thin wrapper is not necessary.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/qemu/qemu_command.c | 15 +--------------
1 file changed, 1 insertion(+), 14 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 19c7149b5b..f3724a766b 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -175,19 +175,6 @@ VIR_ENUM_IMPL(qemuNumaPolicy, VIR_DOMAIN_NUMATUNE_MEM_LAST,
"interleave");
-/**
- * qemuBuildHasMasterKey:
- * @qemuCaps: QEMU binary capabilities
- *
- * Return true if this binary supports the secret -object, false otherwise.
- */
-static bool
-qemuBuildHasMasterKey(virQEMUCapsPtr qemuCaps)
-{
- return virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_SECRET);
-}
-
-
/**
* qemuBuildMasterKeyCommandLine:
* @cmd: the command to modify
@@ -211,7 +198,7 @@ qemuBuildMasterKeyCommandLine(virCommandPtr cmd,
* means the domain won't be able to use a secret master key and is
* not a failure.
*/
- if (!qemuBuildHasMasterKey(priv->qemuCaps)) {
+ if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET)) {
VIR_INFO("secret object is not supported by this QEMU binary");
return 0;
}
--
2.16.2
10:33 a.m.
On Thu, May 17, 2018 at 05:17:31PM +0200, Peter Krempa wrote:
Clean up some code and fix wrong escaping of TLS certificate path.
Peter Krempa (4):
qemu: command: Optimize formatting of 'passwordid' in
qemuBuildTLSx509BackendProps
tests: qemuxml2argv: Test TLS certificate path containing a comma
qemu: command: Fix formatting of TLS backend properties
qemu: command: Remove qemuBuildHasMasterKey
src/qemu/qemu_command.c | 40 +++-------------------
.../disk-drive-network-tlsx509-vxhs.args | 8 ++---
tests/qemuxml2argvtest.c | 2 +-
3 files changed, 10 insertions(+), 40 deletions(-)
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Jano
2424
days inactive
2424
days old
5 comments
2 participants
participants (2)
-
Ján Tomko -
Peter Krempa