From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: qemu-block@nongnu.org, Max Reitz <mreitz@redhat.com>,
Kevin Wolf <kwolf@redhat.com>,
"Daniel P. Berrange" <berrange@redhat.com>
Subject: [Qemu-devel] [PATCH v8 2/3] block: add support for encryption secrets in block I/O tests
Date: Mon, 18 Apr 2016 13:21:46 +0100 [thread overview]
Message-ID: <1460982107-4649-3-git-send-email-berrange@redhat.com> (raw)
In-Reply-To: <1460982107-4649-1-git-send-email-berrange@redhat.com>
The LUKS block driver tests will require the ability to specify
encryption secrets with block devices. This requires using the
--object argument to qemu-img/qemu-io to create a 'secret'
object.
When the IMGKEYSECRET env variable is set, it provides the
password to be associated with a secret called 'keysec0'
The _qemu_img_wrapper function isn't modified as that needs
to cope with differing syntax for subcommands, so can't be
made to use the image opts syntax unconditionally.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
tests/qemu-iotests/common | 1 +
tests/qemu-iotests/common.config | 6 ++++++
tests/qemu-iotests/common.filter | 3 ++-
tests/qemu-iotests/common.rc | 16 +++++++++++++---
4 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/tests/qemu-iotests/common b/tests/qemu-iotests/common
index fe3b1a0..e87287c 100644
--- a/tests/qemu-iotests/common
+++ b/tests/qemu-iotests/common
@@ -53,6 +53,7 @@ export QEMU_IO_OPTIONS=""
export CACHEMODE_IS_DEFAULT=true
export QEMU_OPTIONS="-nodefaults"
export VALGRIND_QEMU=
+export IMGKEYSECRET=
export IMGOPTSSYNTAX=false
for r
diff --git a/tests/qemu-iotests/common.config b/tests/qemu-iotests/common.config
index ea698da..f6384fb 100644
--- a/tests/qemu-iotests/common.config
+++ b/tests/qemu-iotests/common.config
@@ -126,6 +126,9 @@ _qemu_io_wrapper()
local QEMU_IO_ARGS="$QEMU_IO_OPTIONS"
if [ "$IMGOPTSSYNTAX" = "true" ]; then
QEMU_IO_ARGS="--image-opts $QEMU_IO_ARGS"
+ if [ -n "$IMGKEYSECRET" ]; then
+ QEMU_IO_ARGS="--object secret,id=keysec0,data=$IMGKEYSECRET $QEMU_IO_ARGS"
+ fi
fi
local RETVAL
(
@@ -161,6 +164,9 @@ export QEMU_NBD=_qemu_nbd_wrapper
QEMU_IMG_EXTRA_ARGS=
if [ "$IMGOPTSSYNTAX" = "true" ]; then
QEMU_IMG_EXTRA_ARGS="--image-opts $QEMU_IMG_EXTRA_ARGS"
+ if [ -n "$IMGKEYSECRET" ]; then
+ QEMU_IMG_EXTRA_ARGS="--object secret,id=keysec0,data=$IMGKEYSECRET $QEMU_IMG_EXTRA_ARGS"
+ fi
fi
export QEMU_IMG_EXTRA_ARGS
diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.filter
index 8a6e1b5..d8188a5 100644
--- a/tests/qemu-iotests/common.filter
+++ b/tests/qemu-iotests/common.filter
@@ -97,7 +97,8 @@ _filter_img_create()
-e "s# block_state_zero=\\(on\\|off\\)##g" \
-e "s# log_size=[0-9]\\+##g" \
-e "s/archipelago:a/TEST_DIR\//g" \
- -e "s# refcount_bits=[0-9]\\+##g"
+ -e "s# refcount_bits=[0-9]\\+##g" \
+ -e "s# key-secret=[a-zA-Z0-9]\\+##g"
}
_filter_img_info()
diff --git a/tests/qemu-iotests/common.rc b/tests/qemu-iotests/common.rc
index b702653..c72bdb3 100644
--- a/tests/qemu-iotests/common.rc
+++ b/tests/qemu-iotests/common.rc
@@ -129,6 +129,7 @@ _make_test_img()
local img_name=""
local use_backing=0
local backing_file=""
+ local object_options=""
if [ -n "$TEST_IMG_FILE" ]; then
img_name=$TEST_IMG_FILE
@@ -139,6 +140,10 @@ _make_test_img()
if [ -n "$IMGOPTS" ]; then
optstr=$(_optstr_add "$optstr" "$IMGOPTS")
fi
+ if [ -n "$IMGKEYSECRET" ]; then
+ object_options="--object secret,id=keysec0,data=$IMGKEYSECRET"
+ optstr=$(_optstr_add "$optstr" "key-secret=keysec0")
+ fi
if [ "$1" = "-b" ]; then
use_backing=1
@@ -156,9 +161,9 @@ _make_test_img()
# XXX(hch): have global image options?
(
if [ $use_backing = 1 ]; then
- $QEMU_IMG create -f $IMGFMT $extra_img_options -b "$backing_file" "$img_name" $image_size 2>&1
+ $QEMU_IMG create $object_options -f $IMGFMT $extra_img_options -b "$backing_file" "$img_name" $image_size 2>&1
else
- $QEMU_IMG create -f $IMGFMT $extra_img_options "$img_name" $image_size 2>&1
+ $QEMU_IMG create $object_options -f $IMGFMT $extra_img_options "$img_name" $image_size 2>&1
fi
) | _filter_img_create
@@ -222,7 +227,12 @@ _check_test_img()
{
(
if [ "$IMGOPTSSYNTAX" = "true" ]; then
- $QEMU_IMG check --image-opts "$@" "$TEST_IMG" 2>&1
+ object_options=
+ if [ -n "$IMGKEYSECRET" ]; then
+ object_options="--object secret,id=keysec0,data=$IMGKEYSECRET"
+ fi
+
+ $QEMU_IMG check $object_options --image-opts "$@" "$TEST_IMG" 2>&1
else
$QEMU_IMG check "$@" -f $IMGFMT "$TEST_IMG" 2>&1
fi
--
2.5.5
next prev parent reply other threads:[~2016-04-18 12:22 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-18 12:21 [Qemu-devel] [PATCH v8 0/3] Tests for LUKS driver Daniel P. Berrange
2016-04-18 12:21 ` [Qemu-devel] [PATCH v8 1/3] block: add support for --image-opts in block I/O tests Daniel P. Berrange
2016-05-06 13:20 ` Max Reitz
2016-04-18 12:21 ` Daniel P. Berrange [this message]
2016-05-06 13:26 ` [Qemu-devel] [PATCH v8 2/3] block: add support for encryption secrets " Max Reitz
2016-04-18 12:21 ` [Qemu-devel] [PATCH v8 3/3] block: enable testing of LUKS driver with " Daniel P. Berrange
2016-05-06 13:32 ` Max Reitz
2016-05-09 16:45 ` Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1460982107-4649-3-git-send-email-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.