rpms
/
libguestfs
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Rebase to new stable branch version 1.48.4 

resolves: rhbz#2059285
This commit is contained in:
Richard W.M. Jones 2022-07-06 17:33:07 +01:00
parent 3fd2f945f8
commit 8a4b914681
22 changed files with 97 additions and 761 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
0001-New-API-guestfs_device_name-returning-the-drive-name.patch
View File

@ -1,4 +1,4 @@
From 18472273bb58eff008a0c1aacfe7c21dec6705a1 Mon Sep 17 00:00:00 2001
From e3ebd50abde3b05db86c8965868c866152cd3287 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 28 Apr 2022 13:16:54 +0100
Subject: [PATCH] New API: guestfs_device_name returning the drive name

2
0002-guestfs_readdir-rewrite-with-FileOut-transfer-to-lif.patch
View File

@ -1,4 +1,4 @@
From e77853fd91466181e9963392fbc97d0bf97b8492 Mon Sep 17 00:00:00 2001
From b97b90779d5ea261d5e737f073bb4ec5dc546511 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 2 May 2022 10:56:00 +0200
Subject: [PATCH] guestfs_readdir(): rewrite with FileOut transfer, to lift

2
0003-guestfs_readdir-minimize-the-number-of-send_file_wri.patch
View File

@ -1,4 +1,4 @@
From ba6c7a9a609d650c07d26ee4777f18a6730f4028 Mon Sep 17 00:00:00 2001
From 62cd6c9d2dd62dd24cc04b16437bfb816a6f4357 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 2 May 2022 10:56:01 +0200
Subject: [PATCH] guestfs_readdir(): minimize the number of send_file_write()

2
0004-lib-launch-direct-ignore-drive-iface-parameter.patch
View File

@ -1,4 +1,4 @@
From 0279a052dcb859f0c421d2efb92cf3b3d549dcd7 Mon Sep 17 00:00:00 2001
From e4901a4e83f0ab59a525095d2fe1c7f1a38c0aac Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 4 May 2022 15:41:52 +0200
Subject: [PATCH] lib: launch-direct: ignore drive "iface" parameter

2
0005-lib-drive_create_data-drive-remove-field-iface.patch
View File

@ -1,4 +1,4 @@
From 3db215d52abd929364fe65da74e2f393ee196818 Mon Sep 17 00:00:00 2001
From f13297315495144775f6249e9e24dc5f18f6f902 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 4 May 2022 15:41:53 +0200
Subject: [PATCH] lib: drive_create_data, drive: remove field "iface"

2
0006-lib-rename-VALID_FORMAT_IFACE-to-VALID_FORMAT.patch
View File

@ -1,4 +1,4 @@
From 2fba4170207b5fef8887ef7003725f7f2deea85b Mon Sep 17 00:00:00 2001
From f408b24d8d8f5b5f4e1a25c1046c3a18107c8d80 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 4 May 2022 15:41:54 +0200
Subject: [PATCH] lib: rename VALID_FORMAT_IFACE to VALID_FORMAT

2
0007-tests-regressions-remove-iface-based-restrictions.patch
View File

@ -1,4 +1,4 @@
From 052163a725b8eb430b1f56ee86825cf35c5012d7 Mon Sep 17 00:00:00 2001
From 431ca828e9f7d7a6c7e315b410f381304986ba44 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 4 May 2022 15:41:55 +0200
Subject: [PATCH] tests/regressions: remove "iface"-based restrictions

2
0008-generator-customize-invert-SELinux-relabeling-defaul.patch
View File

@ -1,4 +1,4 @@
From decf2b497b47e8a49b2384144b198979df2be8eb Mon Sep 17 00:00:00 2001
From 8f800b369ada05ea690cebb0bb5e0fed0ba1c548 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 10 May 2022 12:27:57 +0200
Subject: [PATCH] generator/customize: invert SELinux relabeling default

2
0010-generator-customize-reintroduce-selinux-relabel-as-a.patch → 0009-generator-customize-reintroduce-selinux-relabel-as-a.patch
View File

@ -1,4 +1,4 @@
From d09099b1da8da93c11aaf51c94e7e456256d6fe9 Mon Sep 17 00:00:00 2001
From 4cfba19fa2b087c4b2c5a1b67aa70eb16e9d5a59 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 25 May 2022 09:19:58 +0200
Subject: [PATCH] generator/customize: reintroduce "--selinux-relabel" as a

46
0009-update-common-submodule.patch
View File

@ -1,46 +0,0 @@
From ec3fcb5bf880ce25dc98047903e9d0a090c151f0 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 11 May 2022 05:26:48 +0200
Subject: [PATCH] update common submodule
Laszlo Ersek (2):
mlcustomize: refresh generated files
remove non-generated "--selinux-relabel" options
Richard W.M. Jones (2):
options/uri.c: Fix missing word in error message
options/uri.c: Free variable on error path
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1554735
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2075718
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 08c4ac90f5a3c08b48444e2faf3d0f58d6ddc206)
---
common | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Submodule common 0a231b3e6..48527b876:
diff --git a/common/options/uri.c b/common/options/uri.c
index 6b696fc2d..84d393c1e 100644
--- a/common/options/uri.c
+++ b/common/options/uri.c
@@ -135,7 +135,7 @@ parse (const char *arg, char **path_ret, char **protocol_ret,
socket = query_get (uri, "socket");
if (uri->server && STRNEQ (uri->server, "") && socket) {
- fprintf (stderr, _("%s: %s: cannot both a server name and a socket query parameter\n"),
+ fprintf (stderr, _("%s: %s: cannot have both a server name and a socket query parameter\n"),
getprogname (), arg);
return -1;
}
@@ -347,6 +347,7 @@ make_server (xmlURIPtr uri, const char *socket, char ***ret)
*ret = malloc (sizeof (char *) * 2);
if (*ret == NULL) {
perror ("malloc");
+ free (server);
return -1;
}
(*ret)[0] = server;
--
2.31.1

2
0012-RHEL-Disable-unsupported-remote-drive-protocols-RHBZ.patch → 0010-RHEL-Disable-unsupported-remote-drive-protocols-RHBZ.patch
View File

@ -1,4 +1,4 @@
From 0bba553b311f448c50ba6b3dd934b88387302d01 Mon Sep 17 00:00:00 2001
From 010cd5ff441166c01125fc588398a1fb8367a852 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 29 Jul 2013 14:47:56 +0100
Subject: [PATCH] RHEL: Disable unsupported remote drive protocols

2
0013-RHEL-Reject-use-of-libguestfs-winsupport-features-ex.patch → 0011-RHEL-Reject-use-of-libguestfs-winsupport-features-ex.patch
View File

@ -1,4 +1,4 @@
From 046e64463e958fb0d2abb6ef6330a6757803a759 Mon Sep 17 00:00:00 2001
From d59942a7a3d1ca2248a94099d28f7555378d7993 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 7 Jul 2015 09:28:03 -0400
Subject: [PATCH] RHEL: Reject use of libguestfs-winsupport features except for

4
0014-RHEL-Create-etc-crypto-policies-back-ends-opensslcnf.patch → 0012-RHEL-Create-etc-crypto-policies-back-ends-opensslcnf.patch
View File

@ -1,4 +1,4 @@
From 0598660ad71cce8c55e6af3b6f0c9afda6d70bcb Mon Sep 17 00:00:00 2001
From c1ff450bcee1465f0eaca00a4d6c8c731f175488 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 29 Jun 2021 15:29:11 +0100
Subject: [PATCH] RHEL: Create /etc/crypto-policies/back-ends/opensslcnf.config
@ -9,7 +9,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1977214#c13
1 file changed, 8 insertions(+)
diff --git a/appliance/init b/appliance/init
index 7076821d2..fe6497b4d 100755
index 19aa151b7..e67d88280 100755
--- a/appliance/init
+++ b/appliance/init
@@ -76,6 +76,14 @@ if ! test -e /etc/mtab; then

2
0017-php-add-arginfo-to-php-bindings.patch → 0013-php-add-arginfo-to-php-bindings.patch
View File

@ -1,4 +1,4 @@
From 7f5b5b3ac884fbe215267c32a88e3740bd9f0117 Mon Sep 17 00:00:00 2001
From d451e0e42c75429279426e9eb5a7701cd4681d07 Mon Sep 17 00:00:00 2001
From: Geoff Amey <gamey@datto.com>
Date: Wed, 15 Jun 2022 17:06:56 -0400
Subject: [PATCH] php: add arginfo to php bindings

2
0019-introduce-the-clevis_luks_unlock-API.patch → 0014-introduce-the-clevis_luks_unlock-API.patch
View File

@ -1,4 +1,4 @@
From 17eb49e3373e46f92768bdca0733e811603bcc80 Mon Sep 17 00:00:00 2001
From 51ea2e3af9caa434e847ca74a86f5de5ade6058f Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 30 Jun 2022 14:20:47 +0200
Subject: [PATCH] introduce the "clevis_luks_unlock" API

42
0015-build-Pick-first-field-in-ID_LIKE.patch
View File

@ -1,42 +0,0 @@
From ad24b9f4d6950dd681e65ea9d1de334119ec9ec7 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 26 May 2022 14:02:58 +0100
Subject: [PATCH] build: Pick first field in ID_LIKE
CentOS Stream has:
ID_LIKE="rhel fedora"
which confused the existing script. If there are multiple "likes"
arbitrarily pick the first one in the list.
Fixes: commit 63b722b6c094f3a35a5e72f0ae3236a58ddda110
(cherry picked from commit 7afbf5ee4415f6fa2553898d3af238e794062096)
---
m4/guestfs-appliance.m4 | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/m4/guestfs-appliance.m4 b/m4/guestfs-appliance.m4
index 4e63ef435..19db4fc7e 100644
--- a/m4/guestfs-appliance.m4
+++ b/m4/guestfs-appliance.m4
@@ -106,11 +106,11 @@ AC_ARG_WITH([distro],
cat /etc/os-release >&AS_MESSAGE_LOG_FD
DISTRO="$(
. /etc/os-release
- if test -n "$ID_LIKE"; then
- echo $ID_LIKE | tr '@<:@:lower:@:>@' '@<:@:upper:@:>@'
- else
- echo $ID | tr '@<:@:lower:@:>@' '@<:@:upper:@:>@'
- fi
+ ( if test -n "$ID_LIKE"; then
+ echo $ID_LIKE | $AWK '{print $1}'
+ else
+ echo $ID
+ fi ) | tr '@<:@:lower:@:>@' '@<:@:upper:@:>@'
)"
AS_CASE([$DISTRO],
[FEDORA | RHEL | CENTOS | ALMALINUX | CLOUDLINUX | ROCKY],
--
2.31.1

69
0015-guestfish-guestmount-enable-networking-for-key-ID-cl.patch Normal file
View File

@ -0,0 +1,69 @@
From 5ae97d7d83d8cdb6e8428774282167dd774aaf70 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 30 Jun 2022 14:20:48 +0200
Subject: [PATCH] guestfish, guestmount: enable networking for "--key
ID:clevis"
Call the C-language helper key_store_requires_network() in guestfish and
guestmount.
(Short log for the "common" submodule, commit range
35467027f657..af6cb55bc58a:
Laszlo Ersek (12):
options: fix UUID comparison logic bug in get_keys()
mltools/tools_utils: remove unused function "key_store_to_cli"
mltools/tools_utils: allow multiple "--key" options for OCaml tools too
options: replace NULL-termination with number-of-elements in get_keys()
options: wrap each passphrase from get_keys() into a struct
options: add back-end for LUKS decryption with Clevis+Tang
options: introduce selector type "key_clevis"
options: generalize "--key" selector parsing for C-language utilities
mltools/tools_utils-c: handle internal type error with abort()
mltools/tools_utils: generalize "--key" selector parsing for OCaml utils
options, mltools/tools_utils: parse "--key ID:clevis" options
options, mltools/tools_utils: add helper for network dependency
).
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Message-Id: <20220630122048.19335-4-lersek@redhat.com>
(cherry picked from commit 6a5b44f538065a9f661510234a4235bf38348213)
---
fish/fish.c | 3 +++
fuse/guestmount.c | 4 ++++
2 files changed, 7 insertions(+)
diff --git a/fish/fish.c b/fish/fish.c
index 23d9bb94f..19e3d2799 100644
--- a/fish/fish.c
+++ b/fish/fish.c
@@ -476,6 +476,9 @@ main (int argc, char *argv[])
/* If we've got drives to add, add them now. */
add_drives (drvs);
+ if (key_store_requires_network (ks) && guestfs_set_network (g, 1) == -1)
+ exit (EXIT_FAILURE);
+
/* If we've got mountpoints or prepared drives or -i option, we must
* launch the guest and mount them.
*/
diff --git a/fuse/guestmount.c b/fuse/guestmount.c
index 77c534828..3c6d57bde 100644
--- a/fuse/guestmount.c
+++ b/fuse/guestmount.c
@@ -348,6 +348,10 @@ main (int argc, char *argv[])
/* Do the guest drives and mountpoints. */
add_drives (drvs);
+
+ if (key_store_requires_network (ks) && guestfs_set_network (g, 1) == -1)
+ exit (EXIT_FAILURE);
+
if (guestfs_launch (g) == -1)
exit (EXIT_FAILURE);
if (inspector)
--
2.31.1

119
0016-appliance-daemon-disable-lvm2-devicesfile.patch
View File

@ -1,119 +0,0 @@
From 20eb220c0b1c8a7aaaadcc26fe5fdeae681341b4 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 30 May 2022 16:10:27 +0200
Subject: [PATCH] appliance, daemon: disable lvm2 devicesfile
In guestfs-tools commit 4fe8a03cd2d3 ('sysprep: remove lvm2's default
"system.devices" file', 2022-04-11), we disabled the use of LVM2's new
"devicesfile" feature, which could interfere with the cloning of virtual
machines.
We suspected in
https://bugzilla.redhat.com/show_bug.cgi?id=2072493#c6
that the same lvm2 feature could affect the libguestfs appliance itself,
but decided in
https://bugzilla.redhat.com/show_bug.cgi?id=2072493#c8
https://bugzilla.redhat.com/show_bug.cgi?id=2072493#c10
that this would not be the case, because "appliance/init" already
constructed a pristine LVM_SYSTEM_DIR.
Unfortunately, that's not enough: due to the "use_devicesfile=1" default
(on RHEL9 anyway), some "lvm" invocation, possibly inside the
lvm-set-filter API, *creates* "$LVM_SYSTEM_DIR/devices/system.devices".
And then we get (minimally) warnings such as
> Please remove the lvm.conf global_filter, it is ignored with the devices
> file.
> Please remove the lvm.conf filter, it is ignored with the devices file.
when using the lvm-set-filter API.
Explicitly disable the "devices file" in "appliance/init", and also
whenever we rewrite "lvm.conf" -- that is, in set_filter()
[daemon/lvm-filter.c]. In the former, check for the feature by locating
the devicesfile-related utilities "lvmdevices" and "vgimportdevices". In
the C code, invoke the utilities with the "--help" option instead. (In
"appliance/init", I thought it was best not to call any lvm2 utilities
even with "--help", with our lvm2.conf still under construction there.) If
either utility is available, set "use_devicesfile = 0".
Cc: David Teigland <teigland@redhat.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1965941
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220530141027.16167-1-lersek@redhat.com>
Acked-by: Richard W.M. Jones <rjones@redhat.com>
[lersek@redhat.com: style fix: break "devicesfile_feature" in the function
definition to a new line]
(cherry picked from commit 8fc4d167153a23ab91befafb2f7083db2d312ef8)
---
appliance/init | 11 +++++++++++
daemon/lvm-filter.c | 20 ++++++++++++++++++++
2 files changed, 31 insertions(+)
diff --git a/appliance/init b/appliance/init
index fe6497b4d..e67d88280 100755
--- a/appliance/init
+++ b/appliance/init
@@ -142,6 +142,17 @@ mdadm -As --auto=yes --no-degraded
# Empty LVM configuration file means "all defaults".
mkdir -p /tmp/lvm
touch /tmp/lvm/lvm.conf
+
+# If lvm2 supports a "devices file", we need to disable its use
+# (RHBZ#1965941).
+if command -v lvmdevices || command -v vgimportdevices; then
+ {
+ printf 'devices {\n'
+ printf '\tuse_devicesfile = 0\n'
+ printf '}\n'
+ } >> /tmp/lvm/lvm.conf
+fi
+
LVM_SYSTEM_DIR=/tmp/lvm
export LVM_SYSTEM_DIR
lvmetad
diff --git a/daemon/lvm-filter.c b/daemon/lvm-filter.c
index c6dd35156..00b36f826 100644
--- a/daemon/lvm-filter.c
+++ b/daemon/lvm-filter.c
@@ -68,6 +68,19 @@ free_lvm_system_dir (void)
free (lvm_system_dir);
}
+static bool
+devicesfile_feature (void)
+{
+ static bool checked, available;
+
+ if (!checked) {
+ checked = true;
+ available = command (NULL, NULL, "lvmdevices", "--help", NULL) == 0 ||
+ command (NULL, NULL, "vgimportdevices", "--help", NULL) == 0;
+ }
+ return available;
+}
+
/* Rewrite the 'filter = [ ... ]' line in lvm.conf. */
static int
set_filter (char *const *filters)
@@ -88,6 +101,13 @@ set_filter (char *const *filters)
}
fprintf (fp, "devices {\n");
+
+ /* If lvm2 supports a "devices file", we need to disable its use
+ * (RHBZ#1965941).
+ */
+ if (devicesfile_feature ())
+ fprintf (fp, " use_devicesfile = 0\n");
+
for (j = 0; filter_types[j] != NULL; ++j) {
fprintf (fp, " %s = [\n", filter_types[j]);
fprintf (fp, " ");
--
2.31.1

99
0018-docs-guestfs-security-document-CVE-2022-2211.patch
View File

@ -1,99 +0,0 @@
From fc0fd56abc2778a8473e9d421c73c9099dade4c4 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 28 Jun 2022 13:54:16 +0200
Subject: [PATCH] docs/guestfs-security: document CVE-2022-2211
Short log for the common submodule, commit range
f8de5508fe75..35467027f657:
Laszlo Ersek (2):
mlcustomize: factor out pkg install/update/uninstall from guestfs-tools
options: fix buffer overflow in get_keys() [CVE-2022-2211]
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100862
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220628115418.5376-2-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 99844660b48ed809e37378262c65d63df6ce4a53)
---
common | 2 +-
docs/guestfs-security.pod | 28 ++++++++++++++++++++++++++++
2 files changed, 29 insertions(+), 1 deletion(-)
Submodule common f8de5508f..35467027f:
diff --git a/common/options/keys.c b/common/options/keys.c
index 798315c2e..d27a7123e 100644
--- a/common/options/keys.c
+++ b/common/options/keys.c
@@ -128,17 +128,23 @@ read_first_line_from_file (const char *filename)
char **
get_keys (struct key_store *ks, const char *device, const char *uuid)
{
- size_t i, j, len;
+ size_t i, j, nmemb;
char **r;
char *s;
/* We know the returned list must have at least one element and not
* more than ks->nr_keys.
*/
- len = 1;
- if (ks)
- len = MIN (1, ks->nr_keys);
- r = calloc (len+1, sizeof (char *));
+ nmemb = 1;
+ if (ks && ks->nr_keys > nmemb)
+ nmemb = ks->nr_keys;
+
+ /* make room for the terminating NULL */
+ if (nmemb == (size_t)-1)
+ error (EXIT_FAILURE, 0, _("size_t overflow"));
+ nmemb++;
+
+ r = calloc (nmemb, sizeof (char *));
if (r == NULL)
error (EXIT_FAILURE, errno, "calloc");
diff --git a/docs/guestfs-security.pod b/docs/guestfs-security.pod
index 9ceef5623..efa35b29d 100644
--- a/docs/guestfs-security.pod
+++ b/docs/guestfs-security.pod
@@ -406,6 +406,34 @@ The libvirt backend is not affected.
The solution is to update qemu to a version containing the fix (see
L<https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html>).
+=head2 CVE-2022-2211
+
+L<https://bugzilla.redhat.com/CVE-2022-2211>
+
+The C<get_keys> function in F<libguestfs-common/options/keys.c> collects
+those I<--key> options from the command line into a new array that match
+a particular block device that's being decrypted for inspection. The
+function intends to size the result array such that potentially all
+I<--key> options, plus a terminating C<NULL> element, fit into it. The
+code mistakenly uses the C<MIN> macro instead of C<MAX>, and therefore
+only one element is allocated before the C<NULL> terminator.
+
+Passing precisely two I<--key ID:...> options on the command line for
+the encrypted block device C<ID> causes C<get_keys> to overwrite the
+terminating C<NULL>, leading to an out-of-bounds read in
+C<decrypt_mountables>, file F<libguestfs-common/options/decrypt.c>.
+
+Passing more than two I<--key ID:...> options on the command line for
+the encrypted block device C<ID> causes C<get_keys> itself to perform
+out-of-bounds writes. The most common symptom is a crash with C<SIGSEGV>
+later on.
+
+This issue affects -- broadly speaking -- all libguestfs-based utilities
+that accept I<--key>, namely: C<guestfish>, C<guestmount>, C<virt-cat>,
+C<virt-customize>, C<virt-diff>, C<virt-edit>, C<virt-get-kernel>,
+C<virt-inspector>, C<virt-log>, C<virt-ls>, C<virt-sparsify>,
+C<virt-sysprep>, C<virt-tail>, C<virt-v2v>.
+
=head1 SEE ALSO
L<guestfs(3)>,
--
2.31.1

414
0020-guestfish-guestmount-enable-networking-for-key-ID-cl.patch
View File

@ -1,414 +0,0 @@
From 212708dee7c5c483dd0ce76889f7e20abba7f859 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 30 Jun 2022 14:20:48 +0200
Subject: [PATCH] guestfish, guestmount: enable networking for "--key
ID:clevis"
Call the C-language helper key_store_requires_network() in guestfish and
guestmount.
(Short log for the "common" submodule, commit range
35467027f657..af6cb55bc58a:
Laszlo Ersek (12):
options: fix UUID comparison logic bug in get_keys()
mltools/tools_utils: remove unused function "key_store_to_cli"
mltools/tools_utils: allow multiple "--key" options for OCaml tools too
options: replace NULL-termination with number-of-elements in get_keys()
options: wrap each passphrase from get_keys() into a struct
options: add back-end for LUKS decryption with Clevis+Tang
options: introduce selector type "key_clevis"
options: generalize "--key" selector parsing for C-language utilities
mltools/tools_utils-c: handle internal type error with abort()
mltools/tools_utils: generalize "--key" selector parsing for OCaml utils
options, mltools/tools_utils: parse "--key ID:clevis" options
options, mltools/tools_utils: add helper for network dependency
).
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Message-Id: <20220630122048.19335-4-lersek@redhat.com>
(cherry picked from commit 6a5b44f538065a9f661510234a4235bf38348213)
---
common | 2 +-
fish/fish.c | 3 +++
fuse/guestmount.c | 4 ++++
3 files changed, 8 insertions(+), 1 deletion(-)
Submodule common 35467027f..af6cb55bc:
diff --git a/common/options/decrypt.c b/common/options/decrypt.c
index 1cd7b627e..97c8b88d1 100644
--- a/common/options/decrypt.c
+++ b/common/options/decrypt.c
@@ -124,10 +124,10 @@ decrypt_mountables (guestfs_h *g, const char * const *mountables,
while ((mountable = *mnt_scan++) != NULL) {
CLEANUP_FREE char *type = NULL;
CLEANUP_FREE char *uuid = NULL;
- CLEANUP_FREE_STRING_LIST char **keys = NULL;
+ struct matching_key *keys;
+ size_t nr_matches;
CLEANUP_FREE char *mapname = NULL;
- const char * const *key_scan;
- const char *key;
+ size_t scan;
type = guestfs_vfs_type (g, mountable);
if (type == NULL)
@@ -144,33 +144,45 @@ decrypt_mountables (guestfs_h *g, const char * const *mountables,
/* Grab the keys that we should try with this device, based on device name,
* or UUID (if any).
*/
- keys = get_keys (ks, mountable, uuid);
- assert (keys[0] != NULL);
+ keys = get_keys (ks, mountable, uuid, &nr_matches);
+ assert (nr_matches > 0);
/* Generate a node name for the plaintext (decrypted) device node. */
if (uuid == NULL || asprintf (&mapname, "luks-%s", uuid) == -1)
mapname = make_mapname (mountable);
/* Try each key in turn. */
- key_scan = (const char * const *)keys;
- while ((key = *key_scan++) != NULL) {
+ for (scan = 0; scan < nr_matches; ++scan) {
+ struct matching_key *key = keys + scan;
int r;
guestfs_push_error_handler (g, NULL, NULL);
- r = guestfs_cryptsetup_open (g, mountable, key, mapname, -1);
+ assert (key->clevis == (key->passphrase == NULL));
+ if (key->clevis)
+#ifdef GUESTFS_HAVE_CLEVIS_LUKS_UNLOCK
+ r = guestfs_clevis_luks_unlock (g, mountable, mapname);
+#else
+ error (EXIT_FAILURE, 0,
+ _("'clevis_luks_unlock', needed for decrypting %s, is "
+ "unavailable in this libguestfs version"), mountable);
+#endif
+ else
+ r = guestfs_cryptsetup_open (g, mountable, key->passphrase, mapname,
+ -1);
guestfs_pop_error_handler (g);
if (r == 0)
break;
}
- if (key == NULL)
+ if (scan == nr_matches)
error (EXIT_FAILURE, 0,
_("could not find key to open LUKS encrypted %s.\n\n"
"Try using --key on the command line.\n\n"
"Original error: %s (%d)"),
mountable, guestfs_last_error (g), guestfs_last_errno (g));
+ free_keys (keys, nr_matches);
decrypted_some = true;
}
diff --git a/common/options/key-option.pod b/common/options/key-option.pod
index 90a3b15c5..6bc04df17 100644
--- a/common/options/key-option.pod
+++ b/common/options/key-option.pod
@@ -14,4 +14,13 @@ Use the specified C<KEY_STRING> as passphrase.
Read the passphrase from F<FILENAME>.
+=item B<--key> C<ID>:clevis
+
+Attempt passphrase-less unlocking for C<ID> with Clevis, over the
+network. Please refer to L<guestfs(3)/ENCRYPTED DISKS> for more
+information on network-bound disk encryption (NBDE).
+
+Note that if any such option is present on the command line, QEMU user
+networking will be automatically enabled for the libguestfs appliance.
+
=back
diff --git a/common/options/keys.c b/common/options/keys.c
index d27a7123e..d987ae561 100644
--- a/common/options/keys.c
+++ b/common/options/keys.c
@@ -125,11 +125,12 @@ read_first_line_from_file (const char *filename)
* keystore. There may be multiple. If none are read from the
* keystore, ask the user.
*/
-char **
-get_keys (struct key_store *ks, const char *device, const char *uuid)
+struct matching_key *
+get_keys (struct key_store *ks, const char *device, const char *uuid,
+ size_t *nr_matches)
{
- size_t i, j, nmemb;
- char **r;
+ size_t i, nmemb;
+ struct matching_key *r, *match;
char *s;
/* We know the returned list must have at least one element and not
@@ -139,22 +140,20 @@ get_keys (struct key_store *ks, const char *device, const char *uuid)
if (ks && ks->nr_keys > nmemb)
nmemb = ks->nr_keys;
- /* make room for the terminating NULL */
- if (nmemb == (size_t)-1)
+ if (nmemb > (size_t)-1 / sizeof *r)
error (EXIT_FAILURE, 0, _("size_t overflow"));
- nmemb++;
- r = calloc (nmemb, sizeof (char *));
+ r = malloc (nmemb * sizeof *r);
if (r == NULL)
- error (EXIT_FAILURE, errno, "calloc");
+ error (EXIT_FAILURE, errno, "malloc");
- j = 0;
+ match = r;
if (ks) {
for (i = 0; i < ks->nr_keys; ++i) {
struct key_store_key *key = &ks->keys[i];
- if (STRNEQ (key->id, device) && (uuid && STRNEQ (key->id, uuid)))
+ if (STRNEQ (key->id, device) && (!uuid || STRNEQ (key->id, uuid)))
continue;
switch (key->type) {
@@ -162,68 +161,101 @@ get_keys (struct key_store *ks, const char *device, const char *uuid)
s = strdup (key->string.s);
if (!s)
error (EXIT_FAILURE, errno, "strdup");
- r[j++] = s;
+ match->clevis = false;
+ match->passphrase = s;
+ ++match;
break;
case key_file:
s = read_first_line_from_file (key->file.name);
- r[j++] = s;
+ match->clevis = false;
+ match->passphrase = s;
+ ++match;
+ break;
+ case key_clevis:
+ match->clevis = true;
+ match->passphrase = NULL;
+ ++match;
break;
}
}
}
- if (j == 0) {
+ if (match == r) {
/* Key not found in the key store, ask the user for it. */
s = read_key (device);
if (!s)
error (EXIT_FAILURE, 0, _("could not read key from user"));
- r[0] = s;
+ match->clevis = false;
+ match->passphrase = s;
+ ++match;
}
+ *nr_matches = (size_t)(match - r);
return r;
}
+void
+free_keys (struct matching_key *keys, size_t nr_matches)
+{
+ size_t i;
+
+ for (i = 0; i < nr_matches; ++i) {
+ struct matching_key *key = keys + i;
+
+ assert (key->clevis == (key->passphrase == NULL));
+ if (!key->clevis)
+ free (key->passphrase);
+ }
+ free (keys);
+}
+
struct key_store *
key_store_add_from_selector (struct key_store *ks, const char *selector)
{
- CLEANUP_FREE_STRING_LIST char **fields =
- guestfs_int_split_string (':', selector);
+ CLEANUP_FREE_STRING_LIST char **fields = NULL;
+ size_t field_count;
struct key_store_key key;
+ fields = guestfs_int_split_string (':', selector);
if (!fields)
error (EXIT_FAILURE, errno, "guestfs_int_split_string");
+ field_count = guestfs_int_count_strings (fields);
- if (guestfs_int_count_strings (fields) != 3) {
- invalid_selector:
- error (EXIT_FAILURE, 0, "invalid selector for --key: %s", selector);
- }
-
- /* 1: device */
+ /* field#0: ID */
+ if (field_count < 1)
+ error (EXIT_FAILURE, 0, _("selector '%s': missing ID"), selector);
key.id = strdup (fields[0]);
if (!key.id)
error (EXIT_FAILURE, errno, "strdup");
- /* 2: key type */
- if (STREQ (fields[1], "key"))
+ /* field#1...: TYPE, and TYPE-specific properties */
+ if (field_count < 2)
+ error (EXIT_FAILURE, 0, _("selector '%s': missing TYPE"), selector);
+
+ if (STREQ (fields[1], "key")) {
key.type = key_string;
- else if (STREQ (fields[1], "file"))
- key.type = key_file;
- else
- goto invalid_selector;
-
- /* 3: actual key */
- switch (key.type) {
- case key_string:
+ if (field_count != 3)
+ error (EXIT_FAILURE, 0,
+ _("selector '%s': missing KEY_STRING, or too many fields"),
+ selector);
key.string.s = strdup (fields[2]);
if (!key.string.s)
error (EXIT_FAILURE, errno, "strdup");
- break;
- case key_file:
+ } else if (STREQ (fields[1], "file")) {
+ key.type = key_file;
+ if (field_count != 3)
+ error (EXIT_FAILURE, 0,
+ _("selector '%s': missing FILENAME, or too many fields"),
+ selector);
key.file.name = strdup (fields[2]);
if (!key.file.name)
error (EXIT_FAILURE, errno, "strdup");
- break;
- }
+ } else if (STREQ (fields[1], "clevis")) {
+ key.type = key_clevis;
+ if (field_count != 2)
+ error (EXIT_FAILURE, 0, _("selector '%s': too many fields"), selector);
+ } else
+ error (EXIT_FAILURE, 0, _("selector '%s': invalid TYPE"), selector);
return key_store_import_key (ks, &key);
}
@@ -252,6 +284,21 @@ key_store_import_key (struct key_store *ks, const struct key_store_key *key)
return ks;
}
+bool
+key_store_requires_network (const struct key_store *ks)
+{
+ size_t i;
+
+ if (ks == NULL)
+ return false;
+
+ for (i = 0; i < ks->nr_keys; ++i)
+ if (ks->keys[i].type == key_clevis)
+ return true;
+
+ return false;
+}
+
void
free_key_store (struct key_store *ks)
{
@@ -270,6 +317,9 @@ free_key_store (struct key_store *ks)
case key_file:
free (key->file.name);
break;
+ case key_clevis:
+ /* nothing */
+ break;
}
free (key->id);
}
diff --git a/common/options/options.h b/common/options/options.h
index 80df91a85..60d5d8064 100644
--- a/common/options/options.h
+++ b/common/options/options.h
@@ -115,6 +115,7 @@ struct key_store_key {
enum {
key_string, /* key specified as string */
key_file, /* key stored in a file */
+ key_clevis, /* key reconstructed with Clevis+Tang */
} type;
union {
struct {
@@ -134,6 +135,19 @@ struct key_store {
size_t nr_keys;
};
+/* A key matching a particular ID (pathname of the libguestfs device node that
+ * stands for the encrypted block device, or LUKS UUID).
+ */
+struct matching_key {
+ /* True iff the passphrase should be reconstructed using Clevis, talking to
+ * Tang servers over the network.
+ */
+ bool clevis;
+
+ /* Explicit passphrase, otherwise. */
+ char *passphrase;
+};
+
/* in config.c */
extern void parse_config (void);
@@ -151,9 +165,12 @@ extern void print_inspect_prompt (void);
/* in key.c */
extern char *read_key (const char *param);
-extern char **get_keys (struct key_store *ks, const char *device, const char *uuid);
+extern struct matching_key *get_keys (struct key_store *ks, const char *device,
+ const char *uuid, size_t *nr_matches);
+extern void free_keys (struct matching_key *keys, size_t nr_matches);
extern struct key_store *key_store_add_from_selector (struct key_store *ks, const char *selector);
extern struct key_store *key_store_import_key (struct key_store *ks, const struct key_store_key *key);
+extern bool key_store_requires_network (const struct key_store *ks);
extern void free_key_store (struct key_store *ks);
/* in options.c */
diff --git a/fish/fish.c b/fish/fish.c
index 23d9bb94f..19e3d2799 100644
--- a/fish/fish.c
+++ b/fish/fish.c
@@ -476,6 +476,9 @@ main (int argc, char *argv[])
/* If we've got drives to add, add them now. */
add_drives (drvs);
+ if (key_store_requires_network (ks) && guestfs_set_network (g, 1) == -1)
+ exit (EXIT_FAILURE);
+
/* If we've got mountpoints or prepared drives or -i option, we must
* launch the guest and mount them.
*/
diff --git a/fuse/guestmount.c b/fuse/guestmount.c
index 77c534828..3c6d57bde 100644
--- a/fuse/guestmount.c
+++ b/fuse/guestmount.c
@@ -348,6 +348,10 @@ main (int argc, char *argv[])
/* Do the guest drives and mountpoints. */
add_drives (drvs);
+
+ if (key_store_requires_network (ks) && guestfs_set_network (g, 1) == -1)
+ exit (EXIT_FAILURE);
+
if (guestfs_launch (g) == -1)
exit (EXIT_FAILURE);
if (inspector)
--
2.31.1

35
libguestfs.spec
View File

@ -47,8 +47,8 @@
Summary: Access and modify virtual machine disk images
Name: libguestfs
Epoch: 1
Version: 1.48.3
Release: 5%{?dist}
Version: 1.48.4
Release: 1%{?dist}
License: LGPLv2+
# Build only for architectures that have a kernel
@ -94,26 +94,13 @@ Patch0005: 0005-lib-drive_create_data-drive-remove-field-iface.patch
Patch0006: 0006-lib-rename-VALID_FORMAT_IFACE-to-VALID_FORMAT.patch
Patch0007: 0007-tests-regressions-remove-iface-based-restrictions.patch
Patch0008: 0008-generator-customize-invert-SELinux-relabeling-defaul.patch
# *NB* I modified this patch by hand to remove references to any
# files in common/mlcustomize. This directory is not included
# in the libguestfs tarball.
Patch0009: 0009-update-common-submodule.patch
Patch0010: 0010-generator-customize-reintroduce-selinux-relabel-as-a.patch
# *NB* This patch only references common/mlcustomize, so it is removed.
#Patch0011: 0011-update-common-submodule.patch
Patch0012: 0012-RHEL-Disable-unsupported-remote-drive-protocols-RHBZ.patch
Patch0013: 0013-RHEL-Reject-use-of-libguestfs-winsupport-features-ex.patch
Patch0014: 0014-RHEL-Create-etc-crypto-policies-back-ends-opensslcnf.patch
Patch0015: 0015-build-Pick-first-field-in-ID_LIKE.patch
Patch0016: 0016-appliance-daemon-disable-lvm2-devicesfile.patch
Patch0017: 0017-php-add-arginfo-to-php-bindings.patch
# *NB* I modified this patch by hand to remove references to any
# files in common/mlcustomize.
Patch0018: 0018-docs-guestfs-security-document-CVE-2022-2211.patch
Patch0019: 0019-introduce-the-clevis_luks_unlock-API.patch
# *NB* I modified this patch by hand to remove references to any
# files in common/mltools.
Patch0020: 0020-guestfish-guestmount-enable-networking-for-key-ID-cl.patch
Patch0009: 0009-generator-customize-reintroduce-selinux-relabel-as-a.patch
Patch0010: 0010-RHEL-Disable-unsupported-remote-drive-protocols-RHBZ.patch
Patch0011: 0011-RHEL-Reject-use-of-libguestfs-winsupport-features-ex.patch
Patch0012: 0012-RHEL-Create-etc-crypto-policies-back-ends-opensslcnf.patch
Patch0013: 0013-php-add-arginfo-to-php-bindings.patch
Patch0014: 0014-introduce-the-clevis_luks_unlock-API.patch
Patch0015: 0015-guestfish-guestmount-enable-networking-for-key-ID-cl.patch
%if 0%{patches_touch_autotools}
BuildRequires: autoconf, automake, libtool, gettext-devel
@ -1149,8 +1136,8 @@ rm ocaml/html/.gitignore
%changelog
* Mon Jul 04 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.48.3-5
- Rebase to new stable branch version 1.48.3
* Wed Jul 06 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.48.4-1
- Rebase to new stable branch version 1.48.4
resolves: rhbz#2059285
- Disable 5-level page tables when using -cpu max
resolves: rhbz#2084568

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (libguestfs-1.48.3.tar.gz) = d88b7869e6098af1f7748dc2e8163b245ea251fcdf962a71e3735f5a1748c9e87a17be259802da3e0bb13569d7f7233b2c5a554b20a2a7758e1974a30a70b786
SHA512 (libguestfs-1.48.3.tar.gz.sig) = f372cddfb661727c7e33505b9f038828e8341a229098c089b0b9f2167fc6308045e402cbfea653dfc0bd5343e2c9f9e2757af7923515615ac38430c132620de7
SHA512 (libguestfs-1.48.4.tar.gz) = 76b942de88fa6fb48db667054a2c4fc23dd17b0a6083cddd51f1a77fdac24c0c7acd6be5234ada955b4afa94b0d8023aab50aa152465a6bc65f0e21d4195d50c
SHA512 (libguestfs-1.48.4.tar.gz.sig) = 4c8e1a58e60214b1189501a96c20349d1ab8ccb9be5d75389342ca40b35a561812889b363edaccb8df5b999d0d337c3572eff59a086a21ea3c77b601a600efe2