From 026114b564dec2a19b4532c20ba5af7f719540db Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Wed, 28 Mar 2018 12:21:31 +0200 Subject: [PATCH] qemu: command: Add support for qcow2 + luks The old qcow2 encryption format was buggy, so the new approach is to use luks inside qcow2. As it turns out, it didn't require that many changes. It was necessary to fix the command line formatter to stop mangling the format when secrets are present and specify the encryption format and secret in correct format. Signed-off-by: Peter Krempa --- src/qemu/qemu_command.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 94a72057c7..be70c22332 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -1525,6 +1525,7 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk, qemuDomainSecretInfoPtr encinfo = NULL; virJSONValuePtr srcprops = NULL; char *source = NULL; + bool rawluks = false; int ret = -1; if (srcpriv) { @@ -1598,14 +1599,21 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk, } virBufferAddLit(buf, ","); - if (encinfo) - virQEMUBuildLuksOpts(buf, &disk->src->encryption->encinfo, - encinfo->s.aes.alias); + if (encinfo) { + if (disk->src->format == VIR_STORAGE_FILE_RAW) { + virBufferAsprintf(buf, "key-secret=%s,", encinfo->s.aes.alias); + rawluks = true; + } else if (disk->src->format == VIR_STORAGE_FILE_QCOW2 && + disk->src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) { + virBufferAddLit(buf, "encrypt.format=luks,"); + virBufferAsprintf(buf, "encrypt.key-secret=%s,", encinfo->s.aes.alias); + } + } if (disk->src->format > 0 && disk->src->type != VIR_STORAGE_TYPE_DIR) { const char *qemuformat = virStorageFileFormatTypeToString(disk->src->format); - if (qemuDomainDiskHasEncryptionSecret(disk->src)) + if (rawluks) qemuformat = "luks"; virBufferAsprintf(buf, "format=%s,", qemuformat); } -- GitLab