2020-06-09 20:48:13 +00:00
|
|
|
From abb0a1dcc6e15130c334713d0716e223e5fc494d Mon Sep 17 00:00:00 2001
|
|
|
|
From: Pino Toscano <ptoscano@redhat.com>
|
|
|
|
Date: Fri, 29 Nov 2019 12:07:13 +0100
|
|
|
|
Subject: [PATCH] options: allow a UUID as identifier for --key
|
|
|
|
|
|
|
|
This way it is possible to specify the UUID of the LUKS device instead
|
|
|
|
of the libguestfs device name to decrypt a device during the inspection.
|
|
|
|
|
|
|
|
Make the usage of the new luks_uuid API conditional, so other projects
|
|
|
|
using the common submodule do not require a libguestfs version bump.
|
|
|
|
|
|
|
|
(cherry picked from commit bb4a2dc17a78b53437896d4215ae82df8e11b788
|
|
|
|
in libguestfs-common)
|
|
|
|
|
|
|
|
PT: the documentation was amended manually.
|
|
|
|
---
|
|
|
|
cat/virt-cat.pod | 4 ++--
|
|
|
|
cat/virt-log.pod | 4 ++--
|
|
|
|
cat/virt-ls.pod | 4 ++--
|
|
|
|
cat/virt-tail.pod | 4 ++--
|
|
|
|
common/options/decrypt.c | 8 +++++++-
|
|
|
|
common/options/keys.c | 4 ++--
|
|
|
|
common/options/options.h | 6 +++---
|
|
|
|
customize/virt-customize.pod | 4 ++--
|
|
|
|
diff/virt-diff.pod | 4 ++--
|
|
|
|
edit/virt-edit.pod | 4 ++--
|
|
|
|
fish/guestfish.pod | 4 ++--
|
|
|
|
fuse/guestmount.pod | 4 ++--
|
|
|
|
get-kernel/virt-get-kernel.pod | 4 ++--
|
|
|
|
inspector/virt-inspector.pod | 4 ++--
|
|
|
|
sparsify/virt-sparsify.pod | 4 ++--
|
|
|
|
sysprep/virt-sysprep.pod | 4 ++--
|
|
|
|
v2v/virt-v2v.pod | 4 ++--
|
|
|
|
17 files changed, 40 insertions(+), 34 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/cat/virt-cat.pod b/cat/virt-cat.pod
|
|
|
|
index b0301d636..2cea291ac 100644
|
|
|
|
--- a/cat/virt-cat.pod
|
|
|
|
+++ b/cat/virt-cat.pod
|
|
|
|
@@ -124,8 +124,8 @@ security problem with malicious guests (CVE-2010-3851).
|
|
|
|
=item B<--key> SELECTOR
|
|
|
|
|
|
|
|
Specify a key for LUKS, to automatically open a LUKS device when using
|
|
|
|
-the inspection. C<ID> must be the libguestfs device name of the LUKS
|
|
|
|
-device.
|
|
|
|
+the inspection. C<ID> can be either the libguestfs device name, or
|
|
|
|
+the UUID of the LUKS device.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
diff --git a/cat/virt-log.pod b/cat/virt-log.pod
|
|
|
|
index 0d447b3b5..888108d5f 100644
|
|
|
|
--- a/cat/virt-log.pod
|
|
|
|
+++ b/cat/virt-log.pod
|
|
|
|
@@ -108,8 +108,8 @@ security problem with malicious guests (CVE-2010-3851).
|
|
|
|
=item B<--key> SELECTOR
|
|
|
|
|
|
|
|
Specify a key for LUKS, to automatically open a LUKS device when using
|
|
|
|
-the inspection. C<ID> must be the libguestfs device name of the LUKS
|
|
|
|
-device.
|
|
|
|
+the inspection. C<ID> can be either the libguestfs device name, or
|
|
|
|
+the UUID of the LUKS device.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
diff --git a/cat/virt-ls.pod b/cat/virt-ls.pod
|
|
|
|
index de02a473d..307e79395 100644
|
|
|
|
--- a/cat/virt-ls.pod
|
|
|
|
+++ b/cat/virt-ls.pod
|
|
|
|
@@ -355,8 +355,8 @@ L</RECURSIVE LONG LISTING> above.
|
|
|
|
=item B<--key> SELECTOR
|
|
|
|
|
|
|
|
Specify a key for LUKS, to automatically open a LUKS device when using
|
|
|
|
-the inspection. C<ID> must be the libguestfs device name of the LUKS
|
|
|
|
-device.
|
|
|
|
+the inspection. C<ID> can be either the libguestfs device name, or
|
|
|
|
+the UUID of the LUKS device.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
diff --git a/cat/virt-tail.pod b/cat/virt-tail.pod
|
|
|
|
index f00384f5d..a804f4cf3 100644
|
|
|
|
--- a/cat/virt-tail.pod
|
|
|
|
+++ b/cat/virt-tail.pod
|
|
|
|
@@ -126,8 +126,8 @@ security problem with malicious guests (CVE-2010-3851).
|
|
|
|
=item B<--key> SELECTOR
|
|
|
|
|
|
|
|
Specify a key for LUKS, to automatically open a LUKS device when using
|
|
|
|
-the inspection. C<ID> must be the libguestfs device name of the LUKS
|
|
|
|
-device.
|
|
|
|
+the inspection. C<ID> can be either the libguestfs device name, or
|
|
|
|
+the UUID of the LUKS device.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
diff --git a/common/options/decrypt.c b/common/options/decrypt.c
|
|
|
|
index 3511d9fe9..683cf5ed4 100644
|
|
|
|
--- a/common/options/decrypt.c
|
|
|
|
+++ b/common/options/decrypt.c
|
|
|
|
@@ -86,7 +86,13 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
|
|
|
|
char mapname[32];
|
|
|
|
make_mapname (partitions[i], mapname, sizeof mapname);
|
|
|
|
|
|
|
|
- CLEANUP_FREE_STRING_LIST char **keys = get_keys (ks, partitions[i]);
|
|
|
|
+#ifdef GUESTFS_HAVE_LUKS_UUID
|
|
|
|
+ CLEANUP_FREE char *uuid = guestfs_luks_uuid (g, partitions[i]);
|
|
|
|
+#else
|
|
|
|
+ const char *uuid = NULL;
|
|
|
|
+#endif
|
|
|
|
+
|
|
|
|
+ CLEANUP_FREE_STRING_LIST char **keys = get_keys (ks, partitions[i], uuid);
|
|
|
|
assert (guestfs_int_count_strings (keys) > 0);
|
|
|
|
|
|
|
|
/* Try each key in turn. */
|
|
|
|
diff --git a/common/options/keys.c b/common/options/keys.c
|
|
|
|
index 7c391acde..798315c2e 100644
|
|
|
|
--- a/common/options/keys.c
|
|
|
|
+++ b/common/options/keys.c
|
|
|
|
@@ -126,7 +126,7 @@ read_first_line_from_file (const char *filename)
|
|
|
|
* keystore, ask the user.
|
|
|
|
*/
|
|
|
|
char **
|
|
|
|
-get_keys (struct key_store *ks, const char *device)
|
|
|
|
+get_keys (struct key_store *ks, const char *device, const char *uuid)
|
|
|
|
{
|
|
|
|
size_t i, j, len;
|
|
|
|
char **r;
|
|
|
|
@@ -148,7 +148,7 @@ get_keys (struct key_store *ks, const char *device)
|
|
|
|
for (i = 0; i < ks->nr_keys; ++i) {
|
|
|
|
struct key_store_key *key = &ks->keys[i];
|
|
|
|
|
|
|
|
- if (STRNEQ (key->id, device))
|
|
|
|
+ if (STRNEQ (key->id, device) && (uuid && STRNEQ (key->id, uuid)))
|
|
|
|
continue;
|
|
|
|
|
|
|
|
switch (key->type) {
|
|
|
|
diff --git a/common/options/options.h b/common/options/options.h
|
|
|
|
index b83a92b06..9b7830220 100644
|
|
|
|
--- a/common/options/options.h
|
|
|
|
+++ b/common/options/options.h
|
|
|
|
@@ -104,8 +104,8 @@ struct mp {
|
|
|
|
|
|
|
|
/* A key in the key store. */
|
|
|
|
struct key_store_key {
|
|
|
|
- /* An ID for the device this key refers to. It must be the libguestfs
|
|
|
|
- * device name.
|
|
|
|
+ /* An ID for the device this key refers to. It can be either the libguestfs
|
|
|
|
+ * device name, or the UUID.
|
|
|
|
*
|
|
|
|
* There may be multiple matching devices in the list.
|
|
|
|
*/
|
|
|
|
@@ -150,7 +150,7 @@ extern void print_inspect_prompt (void);
|
|
|
|
|
|
|
|
/* in key.c */
|
|
|
|
extern char *read_key (const char *param);
|
|
|
|
-extern char **get_keys (struct key_store *ks, const char *device);
|
|
|
|
+extern char **get_keys (struct key_store *ks, const char *device, const char *uuid);
|
|
|
|
extern struct key_store *key_store_add_from_selector (struct key_store *ks, const char *selector);
|
|
|
|
extern struct key_store *key_store_import_key (struct key_store *ks, const struct key_store_key *key);
|
|
|
|
extern void free_key_store (struct key_store *ks);
|
|
|
|
diff --git a/customize/virt-customize.pod b/customize/virt-customize.pod
|
|
|
|
index 491606591..5d92486a2 100644
|
|
|
|
--- a/customize/virt-customize.pod
|
|
|
|
+++ b/customize/virt-customize.pod
|
|
|
|
@@ -141,8 +141,8 @@ security problem with malicious guests (CVE-2010-3851).
|
|
|
|
=item B<--key> SELECTOR
|
|
|
|
|
|
|
|
Specify a key for LUKS, to automatically open a LUKS device when using
|
|
|
|
-the inspection. C<ID> must be the libguestfs device name of the LUKS
|
|
|
|
-device.
|
|
|
|
+the inspection. C<ID> can be either the libguestfs device name, or
|
|
|
|
+the UUID of the LUKS device.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
diff --git a/diff/virt-diff.pod b/diff/virt-diff.pod
|
|
|
|
index 22658072d..e67d09101 100644
|
|
|
|
--- a/diff/virt-diff.pod
|
|
|
|
+++ b/diff/virt-diff.pod
|
|
|
|
@@ -169,8 +169,8 @@ Display file sizes in human-readable format.
|
|
|
|
=item B<--key> SELECTOR
|
|
|
|
|
|
|
|
Specify a key for LUKS, to automatically open a LUKS device when using
|
|
|
|
-the inspection. C<ID> must be the libguestfs device name of the LUKS
|
|
|
|
-device.
|
|
|
|
+the inspection. C<ID> can be either the libguestfs device name, or
|
|
|
|
+the UUID of the LUKS device.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
diff --git a/edit/virt-edit.pod b/edit/virt-edit.pod
|
|
|
|
index 5a63cd05f..918fa66f2 100644
|
|
|
|
--- a/edit/virt-edit.pod
|
|
|
|
+++ b/edit/virt-edit.pod
|
|
|
|
@@ -156,8 +156,8 @@ security problem with malicious guests (CVE-2010-3851).
|
|
|
|
=item B<--key> SELECTOR
|
|
|
|
|
|
|
|
Specify a key for LUKS, to automatically open a LUKS device when using
|
|
|
|
-the inspection. C<ID> must be the libguestfs device name of the LUKS
|
|
|
|
-device.
|
|
|
|
+the inspection. C<ID> can be either the libguestfs device name, or
|
|
|
|
+the UUID of the LUKS device.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
diff --git a/fish/guestfish.pod b/fish/guestfish.pod
|
|
|
|
index ccb57b159..f1fdf094d 100644
|
|
|
|
--- a/fish/guestfish.pod
|
|
|
|
+++ b/fish/guestfish.pod
|
|
|
|
@@ -283,8 +283,8 @@ were found.
|
|
|
|
=item B<--key> SELECTOR
|
|
|
|
|
|
|
|
Specify a key for LUKS, to automatically open a LUKS device when using
|
|
|
|
-the inspection. C<ID> must be the libguestfs device name of the LUKS
|
|
|
|
-device.
|
|
|
|
+the inspection. C<ID> can be either the libguestfs device name, or
|
|
|
|
+the UUID of the LUKS device.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
diff --git a/fuse/guestmount.pod b/fuse/guestmount.pod
|
|
|
|
index d9e957b8b..3a02c087c 100644
|
|
|
|
--- a/fuse/guestmount.pod
|
|
|
|
+++ b/fuse/guestmount.pod
|
|
|
|
@@ -249,8 +249,8 @@ mounted on the real virtual machine.
|
|
|
|
=item B<--key> SELECTOR
|
|
|
|
|
|
|
|
Specify a key for LUKS, to automatically open a LUKS device when using
|
|
|
|
-the inspection. C<ID> must be the libguestfs device name of the LUKS
|
|
|
|
-device.
|
|
|
|
+the inspection. C<ID> can be either the libguestfs device name, or
|
|
|
|
+the UUID of the LUKS device.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
diff --git a/get-kernel/virt-get-kernel.pod b/get-kernel/virt-get-kernel.pod
|
|
|
|
index f0ace2d6d..78fe66df4 100644
|
|
|
|
--- a/get-kernel/virt-get-kernel.pod
|
|
|
|
+++ b/get-kernel/virt-get-kernel.pod
|
|
|
|
@@ -92,8 +92,8 @@ security problem with malicious guests (CVE-2010-3851).
|
|
|
|
=item B<--key> SELECTOR
|
|
|
|
|
|
|
|
Specify a key for LUKS, to automatically open a LUKS device when using
|
|
|
|
-the inspection. C<ID> must be the libguestfs device name of the LUKS
|
|
|
|
-device.
|
|
|
|
+the inspection. C<ID> can be either the libguestfs device name, or
|
|
|
|
+the UUID of the LUKS device.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
diff --git a/inspector/virt-inspector.pod b/inspector/virt-inspector.pod
|
|
|
|
index eac9dc3cd..625da876c 100644
|
|
|
|
--- a/inspector/virt-inspector.pod
|
|
|
|
+++ b/inspector/virt-inspector.pod
|
|
|
|
@@ -117,8 +117,8 @@ ensure the format is always specified.
|
|
|
|
=item B<--key> SELECTOR
|
|
|
|
|
|
|
|
Specify a key for LUKS, to automatically open a LUKS device when using
|
|
|
|
-the inspection. C<ID> must be the libguestfs device name of the LUKS
|
|
|
|
-device.
|
|
|
|
+the inspection. C<ID> can be either the libguestfs device name, or
|
|
|
|
+the UUID of the LUKS device.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
diff --git a/sparsify/virt-sparsify.pod b/sparsify/virt-sparsify.pod
|
|
|
|
index cf7970a5f..0767d07e6 100644
|
|
|
|
--- a/sparsify/virt-sparsify.pod
|
|
|
|
+++ b/sparsify/virt-sparsify.pod
|
|
|
|
@@ -233,8 +233,8 @@ See L</IN-PLACE SPARSIFICATION> below.
|
|
|
|
=item B<--key> SELECTOR
|
|
|
|
|
|
|
|
Specify a key for LUKS, to automatically open a LUKS device when using
|
|
|
|
-the inspection. C<ID> must be the libguestfs device name of the LUKS
|
|
|
|
-device.
|
|
|
|
+the inspection. C<ID> can be either the libguestfs device name, or
|
|
|
|
+the UUID of the LUKS device.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
diff --git a/sysprep/virt-sysprep.pod b/sysprep/virt-sysprep.pod
|
|
|
|
index d7ad7ee33..b38c76c70 100644
|
|
|
|
--- a/sysprep/virt-sysprep.pod
|
|
|
|
+++ b/sysprep/virt-sysprep.pod
|
|
|
|
@@ -189,8 +189,8 @@ security problem with malicious guests (CVE-2010-3851).
|
|
|
|
=item B<--key> SELECTOR
|
|
|
|
|
|
|
|
Specify a key for LUKS, to automatically open a LUKS device when using
|
|
|
|
-the inspection. C<ID> must be the libguestfs device name of the LUKS
|
|
|
|
-device.
|
|
|
|
+the inspection. C<ID> can be either the libguestfs device name, or
|
|
|
|
+the UUID of the LUKS device.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
diff --git a/v2v/virt-v2v.pod b/v2v/virt-v2v.pod
|
|
|
|
index 8c2867814..25041d0ec 100644
|
|
|
|
--- a/v2v/virt-v2v.pod
|
|
|
|
+++ b/v2v/virt-v2v.pod
|
|
|
|
@@ -337,8 +337,8 @@ through VDDK.
|
|
|
|
=item B<--key> SELECTOR
|
|
|
|
|
|
|
|
Specify a key for LUKS, to automatically open a LUKS device when using
|
|
|
|
-the inspection. C<ID> must be the libguestfs device name of the LUKS
|
|
|
|
-device.
|
|
|
|
+the inspection. C<ID> can be either the libguestfs device name, or
|
|
|
|
+the UUID of the LUKS device.
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
--
|
2020-08-19 12:07:53 +00:00
|
|
|
2.26.2
|
2020-06-09 20:48:13 +00:00
|
|
|
|