libguestfs/SOURCES/0039-options-allow-a-UUID-as-identifier-for-key.patch

314 lines
11 KiB
Diff
Raw Normal View History

From abb0a1dcc6e15130c334713d0716e223e5fc494d Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Fri, 29 Nov 2019 12:07:13 +0100
Subject: [PATCH] options: allow a UUID as identifier for --key
This way it is possible to specify the UUID of the LUKS device instead
of the libguestfs device name to decrypt a device during the inspection.
Make the usage of the new luks_uuid API conditional, so other projects
using the common submodule do not require a libguestfs version bump.
(cherry picked from commit bb4a2dc17a78b53437896d4215ae82df8e11b788
in libguestfs-common)
PT: the documentation was amended manually.
---
cat/virt-cat.pod | 4 ++--
cat/virt-log.pod | 4 ++--
cat/virt-ls.pod | 4 ++--
cat/virt-tail.pod | 4 ++--
common/options/decrypt.c | 8 +++++++-
common/options/keys.c | 4 ++--
common/options/options.h | 6 +++---
customize/virt-customize.pod | 4 ++--
diff/virt-diff.pod | 4 ++--
edit/virt-edit.pod | 4 ++--
fish/guestfish.pod | 4 ++--
fuse/guestmount.pod | 4 ++--
get-kernel/virt-get-kernel.pod | 4 ++--
inspector/virt-inspector.pod | 4 ++--
sparsify/virt-sparsify.pod | 4 ++--
sysprep/virt-sysprep.pod | 4 ++--
v2v/virt-v2v.pod | 4 ++--
17 files changed, 40 insertions(+), 34 deletions(-)
diff --git a/cat/virt-cat.pod b/cat/virt-cat.pod
index b0301d636..2cea291ac 100644
--- a/cat/virt-cat.pod
+++ b/cat/virt-cat.pod
@@ -124,8 +124,8 @@ security problem with malicious guests (CVE-2010-3851).
=item B<--key> SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using
-the inspection. C<ID> must be the libguestfs device name of the LUKS
-device.
+the inspection. C<ID> can be either the libguestfs device name, or
+the UUID of the LUKS device.
=over 4
diff --git a/cat/virt-log.pod b/cat/virt-log.pod
index 0d447b3b5..888108d5f 100644
--- a/cat/virt-log.pod
+++ b/cat/virt-log.pod
@@ -108,8 +108,8 @@ security problem with malicious guests (CVE-2010-3851).
=item B<--key> SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using
-the inspection. C<ID> must be the libguestfs device name of the LUKS
-device.
+the inspection. C<ID> can be either the libguestfs device name, or
+the UUID of the LUKS device.
=over 4
diff --git a/cat/virt-ls.pod b/cat/virt-ls.pod
index de02a473d..307e79395 100644
--- a/cat/virt-ls.pod
+++ b/cat/virt-ls.pod
@@ -355,8 +355,8 @@ L</RECURSIVE LONG LISTING> above.
=item B<--key> SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using
-the inspection. C<ID> must be the libguestfs device name of the LUKS
-device.
+the inspection. C<ID> can be either the libguestfs device name, or
+the UUID of the LUKS device.
=over 4
diff --git a/cat/virt-tail.pod b/cat/virt-tail.pod
index f00384f5d..a804f4cf3 100644
--- a/cat/virt-tail.pod
+++ b/cat/virt-tail.pod
@@ -126,8 +126,8 @@ security problem with malicious guests (CVE-2010-3851).
=item B<--key> SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using
-the inspection. C<ID> must be the libguestfs device name of the LUKS
-device.
+the inspection. C<ID> can be either the libguestfs device name, or
+the UUID of the LUKS device.
=over 4
diff --git a/common/options/decrypt.c b/common/options/decrypt.c
index 3511d9fe9..683cf5ed4 100644
--- a/common/options/decrypt.c
+++ b/common/options/decrypt.c
@@ -86,7 +86,13 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
char mapname[32];
make_mapname (partitions[i], mapname, sizeof mapname);
- CLEANUP_FREE_STRING_LIST char **keys = get_keys (ks, partitions[i]);
+#ifdef GUESTFS_HAVE_LUKS_UUID
+ CLEANUP_FREE char *uuid = guestfs_luks_uuid (g, partitions[i]);
+#else
+ const char *uuid = NULL;
+#endif
+
+ CLEANUP_FREE_STRING_LIST char **keys = get_keys (ks, partitions[i], uuid);
assert (guestfs_int_count_strings (keys) > 0);
/* Try each key in turn. */
diff --git a/common/options/keys.c b/common/options/keys.c
index 7c391acde..798315c2e 100644
--- a/common/options/keys.c
+++ b/common/options/keys.c
@@ -126,7 +126,7 @@ read_first_line_from_file (const char *filename)
* keystore, ask the user.
*/
char **
-get_keys (struct key_store *ks, const char *device)
+get_keys (struct key_store *ks, const char *device, const char *uuid)
{
size_t i, j, len;
char **r;
@@ -148,7 +148,7 @@ get_keys (struct key_store *ks, const char *device)
for (i = 0; i < ks->nr_keys; ++i) {
struct key_store_key *key = &ks->keys[i];
- if (STRNEQ (key->id, device))
+ if (STRNEQ (key->id, device) && (uuid && STRNEQ (key->id, uuid)))
continue;
switch (key->type) {
diff --git a/common/options/options.h b/common/options/options.h
index b83a92b06..9b7830220 100644
--- a/common/options/options.h
+++ b/common/options/options.h
@@ -104,8 +104,8 @@ struct mp {
/* A key in the key store. */
struct key_store_key {
- /* An ID for the device this key refers to. It must be the libguestfs
- * device name.
+ /* An ID for the device this key refers to. It can be either the libguestfs
+ * device name, or the UUID.
*
* There may be multiple matching devices in the list.
*/
@@ -150,7 +150,7 @@ extern void print_inspect_prompt (void);
/* in key.c */
extern char *read_key (const char *param);
-extern char **get_keys (struct key_store *ks, const char *device);
+extern char **get_keys (struct key_store *ks, const char *device, const char *uuid);
extern struct key_store *key_store_add_from_selector (struct key_store *ks, const char *selector);
extern struct key_store *key_store_import_key (struct key_store *ks, const struct key_store_key *key);
extern void free_key_store (struct key_store *ks);
diff --git a/customize/virt-customize.pod b/customize/virt-customize.pod
index 491606591..5d92486a2 100644
--- a/customize/virt-customize.pod
+++ b/customize/virt-customize.pod
@@ -141,8 +141,8 @@ security problem with malicious guests (CVE-2010-3851).
=item B<--key> SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using
-the inspection. C<ID> must be the libguestfs device name of the LUKS
-device.
+the inspection. C<ID> can be either the libguestfs device name, or
+the UUID of the LUKS device.
=over 4
diff --git a/diff/virt-diff.pod b/diff/virt-diff.pod
index 22658072d..e67d09101 100644
--- a/diff/virt-diff.pod
+++ b/diff/virt-diff.pod
@@ -169,8 +169,8 @@ Display file sizes in human-readable format.
=item B<--key> SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using
-the inspection. C<ID> must be the libguestfs device name of the LUKS
-device.
+the inspection. C<ID> can be either the libguestfs device name, or
+the UUID of the LUKS device.
=over 4
diff --git a/edit/virt-edit.pod b/edit/virt-edit.pod
index 5a63cd05f..918fa66f2 100644
--- a/edit/virt-edit.pod
+++ b/edit/virt-edit.pod
@@ -156,8 +156,8 @@ security problem with malicious guests (CVE-2010-3851).
=item B<--key> SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using
-the inspection. C<ID> must be the libguestfs device name of the LUKS
-device.
+the inspection. C<ID> can be either the libguestfs device name, or
+the UUID of the LUKS device.
=over 4
diff --git a/fish/guestfish.pod b/fish/guestfish.pod
index ccb57b159..f1fdf094d 100644
--- a/fish/guestfish.pod
+++ b/fish/guestfish.pod
@@ -283,8 +283,8 @@ were found.
=item B<--key> SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using
-the inspection. C<ID> must be the libguestfs device name of the LUKS
-device.
+the inspection. C<ID> can be either the libguestfs device name, or
+the UUID of the LUKS device.
=over 4
diff --git a/fuse/guestmount.pod b/fuse/guestmount.pod
index d9e957b8b..3a02c087c 100644
--- a/fuse/guestmount.pod
+++ b/fuse/guestmount.pod
@@ -249,8 +249,8 @@ mounted on the real virtual machine.
=item B<--key> SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using
-the inspection. C<ID> must be the libguestfs device name of the LUKS
-device.
+the inspection. C<ID> can be either the libguestfs device name, or
+the UUID of the LUKS device.
=over 4
diff --git a/get-kernel/virt-get-kernel.pod b/get-kernel/virt-get-kernel.pod
index f0ace2d6d..78fe66df4 100644
--- a/get-kernel/virt-get-kernel.pod
+++ b/get-kernel/virt-get-kernel.pod
@@ -92,8 +92,8 @@ security problem with malicious guests (CVE-2010-3851).
=item B<--key> SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using
-the inspection. C<ID> must be the libguestfs device name of the LUKS
-device.
+the inspection. C<ID> can be either the libguestfs device name, or
+the UUID of the LUKS device.
=over 4
diff --git a/inspector/virt-inspector.pod b/inspector/virt-inspector.pod
index eac9dc3cd..625da876c 100644
--- a/inspector/virt-inspector.pod
+++ b/inspector/virt-inspector.pod
@@ -117,8 +117,8 @@ ensure the format is always specified.
=item B<--key> SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using
-the inspection. C<ID> must be the libguestfs device name of the LUKS
-device.
+the inspection. C<ID> can be either the libguestfs device name, or
+the UUID of the LUKS device.
=over 4
diff --git a/sparsify/virt-sparsify.pod b/sparsify/virt-sparsify.pod
index cf7970a5f..0767d07e6 100644
--- a/sparsify/virt-sparsify.pod
+++ b/sparsify/virt-sparsify.pod
@@ -233,8 +233,8 @@ See L</IN-PLACE SPARSIFICATION> below.
=item B<--key> SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using
-the inspection. C<ID> must be the libguestfs device name of the LUKS
-device.
+the inspection. C<ID> can be either the libguestfs device name, or
+the UUID of the LUKS device.
=over 4
diff --git a/sysprep/virt-sysprep.pod b/sysprep/virt-sysprep.pod
index d7ad7ee33..b38c76c70 100644
--- a/sysprep/virt-sysprep.pod
+++ b/sysprep/virt-sysprep.pod
@@ -189,8 +189,8 @@ security problem with malicious guests (CVE-2010-3851).
=item B<--key> SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using
-the inspection. C<ID> must be the libguestfs device name of the LUKS
-device.
+the inspection. C<ID> can be either the libguestfs device name, or
+the UUID of the LUKS device.
=over 4
diff --git a/v2v/virt-v2v.pod b/v2v/virt-v2v.pod
index 8c2867814..25041d0ec 100644
--- a/v2v/virt-v2v.pod
+++ b/v2v/virt-v2v.pod
@@ -337,8 +337,8 @@ through VDDK.
=item B<--key> SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using
-the inspection. C<ID> must be the libguestfs device name of the LUKS
-device.
+the inspection. C<ID> can be either the libguestfs device name, or
+the UUID of the LUKS device.
=over 4
--
2.26.2