Re: [Qemu-devel] [PATCH v8 07/20] block: deprecate "encryption=on" in fa

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v8 07/20] block: deprecate "encryption=on" in fa

From:	Daniel P. Berrange
Subject:	Re: [Qemu-devel] [PATCH v8 07/20] block: deprecate "encryption=on" in favor of "encrypt.format=aes"
Date:	Mon, 19 Jun 2017 14:56:14 +0100
User-agent:	Mutt/1.8.0 (2017-02-23)

On Wed, Jun 07, 2017 at 06:40:32PM +0200, Max Reitz wrote:
> On 2017-06-01 19:27, Daniel P. Berrange wrote:
> > Historically the qcow & qcow2 image formats supported a property
> > "encryption=on" to enable their built-in AES encryption. We'll
> > soon be supporting LUKS for qcow2, so need a more general purpose
> > way to enable encryption, with a choice of formats.
> > 
> > This introduces an "encrypt.format" option, which will later be
> > joined by a number of other "encrypt.XXX" options. The use of
> > a "encrypt." prefix instead of "encrypt-" is done to facilitate
> > mapping to a nested QAPI schema at later date.
> > 
> > e.g. the preferred syntax is now
> > 
> >   qemu-img create -f qcow2 -o encrypt.format=aes demo.qcow2
> > 
> > Reviewed-by: Eric Blake <address@hidden>
> > Reviewed-by: Alberto Garcia <address@hidden>
> > Signed-off-by: Daniel P. Berrange <address@hidden>
> > ---
> >  block/qcow.c               | 30 ++++++++++++++---
> >  block/qcow2.c              | 33 +++++++++++++++----
> >  include/block/block_int.h  |  2 +-
> >  qemu-img.c                 |  4 ++-
> >  tests/qemu-iotests/082.out | 81 
> > ++++++++++++++++++++++++++++++----------------
> >  5 files changed, 110 insertions(+), 40 deletions(-)
> > 
> > diff --git a/block/qcow.c b/block/qcow.c
> > index 6738bc7..42f83b2 100644
> > --- a/block/qcow.c
> > +++ b/block/qcow.c
> 
> [...]
> 
> > @@ -818,8 +818,16 @@ static int qcow_create(const char *filename, QemuOpts 
> > *opts, Error **errp)
> >      }
> >  
> >      backing_file = qemu_opt_get_del(opts, BLOCK_OPT_BACKING_FILE);
> > -    if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) {
> > -        flags |= BLOCK_FLAG_ENCRYPT;
> > +    encryptfmt = qemu_opt_get_del(opts, BLOCK_OPT_ENCRYPT_FORMAT);
> > +    if (encryptfmt) {
> > +        if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) {
> 
> You should probably just use qemu_opt_get_del(opts, BLOCK_OPT_ENCRYPT)
> here, because otherwise you can do this:
> 
> $ ./qemu-img create -f qcow -o encryption=off,encrypt.format=aes \
>     foo.qcow 64M
> Formatting 'foo.qcow', fmt=qcow size=67108864 encryption=off
> encrypt.format=aes

Yes, will fix it as you suggest.


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH v8 00/20] Convert QCow[2] to QCryptoBlock & add LUKS support, Daniel P. Berrange, 2017/06/01
- [Qemu-devel] [PATCH v8 01/20] block: expose crypto option names / defs to other drivers, Daniel P. Berrange, 2017/06/01
- [Qemu-devel] [PATCH v8 02/20] block: add ability to set a prefix for opt names, Daniel P. Berrange, 2017/06/01
- [Qemu-devel] [PATCH v8 03/20] qcow: document another weakness of qcow AES encryption, Daniel P. Berrange, 2017/06/01
- [Qemu-devel] [PATCH v8 04/20] qcow: require image size to be > 1 for new images, Daniel P. Berrange, 2017/06/01
- [Qemu-devel] [PATCH v8 05/20] iotests: skip 042 with qcow which dosn't support zero sized images, Daniel P. Berrange, 2017/06/01
- [Qemu-devel] [PATCH v8 06/20] iotests: skip 048 with qcow which doesn't support resize, Daniel P. Berrange, 2017/06/01
- [Qemu-devel] [PATCH v8 08/20] qcow: make encrypt_sectors encrypt in place, Daniel P. Berrange, 2017/06/01
- [Qemu-devel] [PATCH v8 07/20] block: deprecate "encryption=on" in favor of "encrypt.format=aes", Daniel P. Berrange, 2017/06/01
  - Re: [Qemu-devel] [PATCH v8 07/20] block: deprecate "encryption=on" in favor of "encrypt.format=aes", Max Reitz, 2017/06/07
    - Re: [Qemu-devel] [PATCH v8 07/20] block: deprecate "encryption=on" in favor of "encrypt.format=aes", Daniel P. Berrange <=
- [Qemu-devel] [PATCH v8 09/20] qcow: convert QCow to use QCryptoBlock for encryption, Daniel P. Berrange, 2017/06/01
  - Re: [Qemu-devel] [PATCH v8 09/20] qcow: convert QCow to use QCryptoBlock for encryption, Max Reitz, 2017/06/07
    - Re: [Qemu-devel] [PATCH v8 09/20] qcow: convert QCow to use QCryptoBlock for encryption, Daniel P. Berrange, 2017/06/19
- [Qemu-devel] [PATCH v8 10/20] qcow2: make qcow2_encrypt_sectors encrypt in place, Daniel P. Berrange, 2017/06/01
- [Qemu-devel] [PATCH v8 12/20] qcow2: extend specification to cover LUKS encryption, Daniel P. Berrange, 2017/06/01
  - Re: [Qemu-devel] [PATCH v8 12/20] qcow2: extend specification to cover LUKS encryption, Eric Blake, 2017/06/01
- [Qemu-devel] [PATCH v8 11/20] qcow2: convert QCow2 to use QCryptoBlock for encryption, Daniel P. Berrange, 2017/06/01
- [Qemu-devel] [PATCH v8 15/20] iotests: enable tests 134 and 158 to work with qcow (v1), Daniel P. Berrange, 2017/06/01
- [Qemu-devel] [PATCH v8 14/20] qcow2: add iotests to cover LUKS encryption support, Daniel P. Berrange, 2017/06/01
- [Qemu-devel] [PATCH v8 13/20] qcow2: add support for LUKS encryption format, Daniel P. Berrange, 2017/06/01

Prev by Date: Re: [Qemu-devel] [PATCH 2/4] qapi: Add qobject_is_equal()
Next by Date: Re: [Qemu-devel] [PATCH v3] target-ppc: Enable open-pic timers to count and generate interrupts
Previous by thread: Re: [Qemu-devel] [PATCH v8 07/20] block: deprecate "encryption=on" in favor of "encrypt.format=aes"
Next by thread: [Qemu-devel] [PATCH v8 09/20] qcow: convert QCow to use QCryptoBlock for encryption
Index(es):
- Date
- Thread