| Message ID | 20170412164445.23039-5-berrange@redhat.com |
|---|---|
| State | New |
| Headers | show |
On 04/12/2017 11:44 AM, Daniel P. Berrange wrote: > The qemu-img dd/convert commands will create a image file and > then try to open it. Historically it has been possible to open > new files without passing any options. With encrypted files > though, the *key-secret options are mandatory, so we need to > provide those options when opening the newly created file. > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com> > --- > qemu-img.c | 41 +++++++++++++++++++++++++++++++++++------ > 1 file changed, 35 insertions(+), 6 deletions(-) Reviewed-by: Eric Blake <eblake@redhat.com> > @@ -332,6 +334,33 @@ static BlockBackend *img_open_file(const char *filename, > } > > > +static int img_add_key_secrets(void *opaque, > + const char *name, const char *value, > + Error **errp) > +{ > + QDict *options = opaque; > + > + if (g_str_has_suffix(name, "key-secret")) { > + qdict_put(options, name, qstring_from_str(value)); If my patch to add qdict_put_str() lands (probably through Markus' qapi-next tree) before yours, you can simplify this line. If yours lands first, we just rerun my Coccinelle script to simplify it as part of my patch.
On 12.04.2017 18:44, Daniel P. Berrange wrote: > The qemu-img dd/convert commands will create a image file and > then try to open it. Historically it has been possible to open > new files without passing any options. With encrypted files > though, the *key-secret options are mandatory, so we need to > provide those options when opening the newly created file. > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com> > --- > qemu-img.c | 41 +++++++++++++++++++++++++++++++++++------ > 1 file changed, 35 insertions(+), 6 deletions(-) Thanks! > diff --git a/qemu-img.c b/qemu-img.c > index 31c4923..3d9e7b3 100644 > --- a/qemu-img.c > +++ b/qemu-img.c [...] > @@ -332,6 +334,33 @@ static BlockBackend *img_open_file(const char *filename, > } > > > +static int img_add_key_secrets(void *opaque, > + const char *name, const char *value, > + Error **errp) > +{ > + QDict *options = opaque; > + > + if (g_str_has_suffix(name, "key-secret")) { > + qdict_put(options, name, qstring_from_str(value)); > + } > + > + return 0; > +} > + > +static BlockBackend *img_open_new_file(const char *filename, > + QemuOpts *create_opts, > + const char *fmt, int flags, > + bool writethrough, bool quiet) > +{ > + QDict *options = NULL; > + > + options = qdict_new(); > + qemu_opt_foreach(create_opts, img_add_key_secrets, options, NULL); I'd prefer &error_abort instead of NULL there. Not a hard requirement, but I don't see a reason not to use it. Max > + > + return img_open_file(filename, options, fmt, flags, writethrough, quiet); > +} > + > + > static BlockBackend *img_open(bool image_opts, > const char *filename, > const char *fmt, int flags, bool writethrough, > @@ -351,7 +380,7 @@ static BlockBackend *img_open(bool image_opts, [...]
diff --git a/qemu-img.c b/qemu-img.c index 31c4923..3d9e7b3 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -305,15 +305,17 @@ static BlockBackend *img_open_opts(const char *optstr, } static BlockBackend *img_open_file(const char *filename, + QDict *options, const char *fmt, int flags, bool writethrough, bool quiet) { BlockBackend *blk; Error *local_err = NULL; - QDict *options = NULL; if (fmt) { - options = qdict_new(); + if (!options) { + options = qdict_new(); + } qdict_put(options, "driver", qstring_from_str(fmt)); } @@ -332,6 +334,33 @@ static BlockBackend *img_open_file(const char *filename, } +static int img_add_key_secrets(void *opaque, + const char *name, const char *value, + Error **errp) +{ + QDict *options = opaque; + + if (g_str_has_suffix(name, "key-secret")) { + qdict_put(options, name, qstring_from_str(value)); + } + + return 0; +} + +static BlockBackend *img_open_new_file(const char *filename, + QemuOpts *create_opts, + const char *fmt, int flags, + bool writethrough, bool quiet) +{ + QDict *options = NULL; + + options = qdict_new(); + qemu_opt_foreach(create_opts, img_add_key_secrets, options, NULL); + + return img_open_file(filename, options, fmt, flags, writethrough, quiet); +} + + static BlockBackend *img_open(bool image_opts, const char *filename, const char *fmt, int flags, bool writethrough, @@ -351,7 +380,7 @@ static BlockBackend *img_open(bool image_opts, } blk = img_open_opts(filename, opts, flags, writethrough, quiet); } else { - blk = img_open_file(filename, fmt, flags, writethrough, quiet); + blk = img_open_file(filename, NULL, fmt, flags, writethrough, quiet); } return blk; } @@ -2301,8 +2330,8 @@ static int img_convert(int argc, char **argv) * That has to wait for bdrv_create to be improved * to allow filenames in option syntax */ - out_blk = img_open_file(out_filename, out_fmt, - flags, writethrough, quiet); + out_blk = img_open_new_file(out_filename, opts, out_fmt, + flags, writethrough, quiet); } if (!out_blk) { ret = -1; @@ -4351,7 +4380,7 @@ static int img_dd(int argc, char **argv) * with the bdrv_create() call above which does not * support image-opts style. */ - blk2 = img_open_file(out.filename, out_fmt, BDRV_O_RDWR, + blk2 = img_open_file(out.filename, NULL, out_fmt, BDRV_O_RDWR, false, false); if (!blk2) {
The qemu-img dd/convert commands will create a image file and then try to open it. Historically it has been possible to open new files without passing any options. With encrypted files though, the *key-secret options are mandatory, so we need to provide those options when opening the newly created file. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- qemu-img.c | 41 +++++++++++++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 6 deletions(-)