qemu: command: Add support for qcow2 + luks

The old qcow2 encryption format was buggy, so the new approach is to use luks inside qcow2. As it turns out, it didn't require that many changes. It was necessary to fix the command line formatter to stop mangling the format when secrets are present and specify the encryption format and secret in correct format. Signed-off-by: Peter Krempa <pkrempa@redhat.com>
2018-03-28 12:21:31 +02:00 · 2018-03-28 12:21:31 +02:00 · 026114b564
parent f849efac72
commit 026114b564
1 changed files with 12 additions and 4 deletions
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@ -1525,6 +1525,7 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk,
    qemuDomainSecretInfoPtr encinfo = NULL;
    virJSONValuePtr srcprops = NULL;
    char *source = NULL;
+    bool rawluks = false;
    int ret = -1;

    if (srcpriv) {
@ -1598,14 +1599,21 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk,
    }
    virBufferAddLit(buf, ",");

-    if (encinfo)
-        virQEMUBuildLuksOpts(buf, &disk->src->encryption->encinfo,
-                             encinfo->s.aes.alias);
+    if (encinfo) {
+        if (disk->src->format == VIR_STORAGE_FILE_RAW) {
+            virBufferAsprintf(buf, "key-secret=%s,", encinfo->s.aes.alias);
+            rawluks = true;
+        } else if (disk->src->format == VIR_STORAGE_FILE_QCOW2 &&
+                   disk->src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
+            virBufferAddLit(buf, "encrypt.format=luks,");
+            virBufferAsprintf(buf, "encrypt.key-secret=%s,", encinfo->s.aes.alias);
+        }
+    }

    if (disk->src->format > 0 &&
        disk->src->type != VIR_STORAGE_TYPE_DIR) {
        const char *qemuformat = virStorageFileFormatTypeToString(disk->src->format);
-        if (qemuDomainDiskHasEncryptionSecret(disk->src))
+        if (rawluks)
            qemuformat = "luks";
        virBufferAsprintf(buf, "format=%s,", qemuformat);
    }