qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>, Fam Zheng <famz@redhat.com>,
	qemu-block@nongnu.org
Subject: [Qemu-devel] [PATCH v6 09/11] block: add support for encryption secrets in block I/O tests
Date: Mon, 21 Mar 2016 14:11:50 +0000	[thread overview]
Message-ID: <1458569512-22970-10-git-send-email-berrange@redhat.com> (raw)
In-Reply-To: <1458569512-22970-1-git-send-email-berrange@redhat.com>

The LUKS block driver tests will require the ability to specify
encryption secrets with block devices. This requires using the
--object argument to qemu-img/qemu-io to create a 'secret'
object.

When the IMGKEYSECRET env variable is set, it provides the
password to be associated with a secret called 'keysec0'

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 tests/qemu-iotests/common        |  1 +
 tests/qemu-iotests/common.config |  6 ++++++
 tests/qemu-iotests/common.filter |  3 ++-
 tests/qemu-iotests/common.rc     | 16 +++++++++++++---
 4 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/tests/qemu-iotests/common b/tests/qemu-iotests/common
index 05c9df2..75ca4a7 100644
--- a/tests/qemu-iotests/common
+++ b/tests/qemu-iotests/common
@@ -53,6 +53,7 @@ export QEMU_IO_OPTIONS=""
 export CACHEMODE_IS_DEFAULT=true
 export QEMU_OPTIONS="-nodefaults"
 export VALGRIND_QEMU=
+export IMGKEYSECRET=
 export IMGOPTSSYNTAX=false
 
 for r
diff --git a/tests/qemu-iotests/common.config b/tests/qemu-iotests/common.config
index 6d4c829..5ec40d3 100644
--- a/tests/qemu-iotests/common.config
+++ b/tests/qemu-iotests/common.config
@@ -126,6 +126,9 @@ _qemu_io_wrapper()
     local QEMU_IO_ARGS="$QEMU_IO_OPTIONS"
     if [ "$IMGOPTSSYNTAX" = "true" ]; then
         QEMU_IO_ARGS="--image-opts $QEMU_IO_ARGS"
+        if [ -n "$IMGKEYSECRET" ]; then
+            QEMU_IO_ARGS="--object secret,id=keysec0,data=$IMGKEYSECRET $QEMU_IO_ARGS"
+        fi
     fi
     local RETVAL
     (
@@ -161,6 +164,9 @@ export QEMU_NBD=_qemu_nbd_wrapper
 QEMU_IMG_EXTRA_ARGS=
 if [ "$IMGOPTSSYNTAX" = "true" ]; then
     QEMU_IMG_EXTRA_ARGS="--image-opts $QEMU_IMG_EXTRA_ARGS"
+    if [ -n "$IMGKEYSECRET" ]; then
+        QEMU_IMG_EXTRA_ARGS="--object secret,id=keysec0,data=$IMGKEYSECRET $QEMU_IMG_EXTRA_ARGS"
+    fi
 fi
 export QEMU_IMG_EXTRA_ARGS
 
diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.filter
index 84b7434..cbd3607 100644
--- a/tests/qemu-iotests/common.filter
+++ b/tests/qemu-iotests/common.filter
@@ -198,7 +198,8 @@ _filter_img_create()
         -e "s# block_state_zero=\\(on\\|off\\)##g" \
         -e "s# log_size=[0-9]\\+##g" \
         -e "s/archipelago:a/TEST_DIR\//g" \
-        -e "s# refcount_bits=[0-9]\\+##g"
+        -e "s# refcount_bits=[0-9]\\+##g" \
+        -e "s# key-secret=[a-zA-Z0-9]\\+##g"
 }
 
 _filter_img_info()
diff --git a/tests/qemu-iotests/common.rc b/tests/qemu-iotests/common.rc
index 5eb654b..9c0602e 100644
--- a/tests/qemu-iotests/common.rc
+++ b/tests/qemu-iotests/common.rc
@@ -130,6 +130,7 @@ _make_test_img()
     local img_name=""
     local use_backing=0
     local backing_file=""
+    local object_options=""
 
     if [ -n "$TEST_IMG_FILE" ]; then
         img_name=$TEST_IMG_FILE
@@ -140,6 +141,10 @@ _make_test_img()
     if [ -n "$IMGOPTS" ]; then
         optstr=$(_optstr_add "$optstr" "$IMGOPTS")
     fi
+    if [ -n "$IMGKEYSECRET" ]; then
+        object_options="--object secret,id=keysec0,data=$IMGKEYSECRET"
+        optstr=$(_optstr_add "$optstr" "key-secret=keysec0")
+    fi
 
     if [ "$1" = "-b" ]; then
         use_backing=1
@@ -157,9 +162,9 @@ _make_test_img()
     # XXX(hch): have global image options?
     (
      if [ $use_backing = 1 ]; then
-        $QEMU_IMG create -f $IMGFMT $extra_img_options -b "$backing_file" "$img_name" $image_size 2>&1
+        $QEMU_IMG create $object_options -f $IMGFMT $extra_img_options -b "$backing_file" "$img_name" $image_size 2>&1
      else
-        $QEMU_IMG create -f $IMGFMT $extra_img_options "$img_name" $image_size 2>&1
+        $QEMU_IMG create $object_options -f $IMGFMT $extra_img_options "$img_name" $image_size 2>&1
      fi
     ) | _filter_img_create
 
@@ -223,7 +228,12 @@ _check_test_img()
 {
     (
         if [ "$IMGOPTSSYNTAX" = "true" ]; then
-            $QEMU_IMG check --image-opts "$@" "$TEST_IMG" 2>&1
+            object_options=
+            if [ -n "$IMGKEYSECRET" ]; then
+                object_options="--object secret,id=keysec0,data=$IMGKEYSECRET"
+            fi
+
+            $QEMU_IMG check $object_options --image-opts "$@" "$TEST_IMG" 2>&1
         else
             $QEMU_IMG check "$@" -f $IMGFMT "$TEST_IMG" 2>&1
         fi
-- 
2.5.0

  parent reply	other threads:[~2016-03-21 14:12 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-21 14:11 [Qemu-devel] [PATCH v6 00/11] Add new LUKS block driver (for 2.6) Daniel P. Berrange
2016-03-21 14:11 ` [Qemu-devel] [PATCH v6 01/11] block: add flag to indicate that no I/O will be performed Daniel P. Berrange
2016-03-21 14:11 ` [Qemu-devel] [PATCH v6 02/11] qemu-img/qemu-io: don't prompt for passwords if not required Daniel P. Berrange
2016-03-21 14:11 ` [Qemu-devel] [PATCH v6 03/11] tests: redirect stderr to stdout for iotests Daniel P. Berrange
2016-03-21 14:11 ` [Qemu-devel] [PATCH v6 04/11] tests: refactor python I/O tests helper main method Daniel P. Berrange
2016-03-21 14:11 ` [Qemu-devel] [PATCH v6 05/11] tests: add output filter to python I/O tests helper Daniel P. Berrange
2016-03-21 14:11 ` [Qemu-devel] [PATCH v6 06/11] block: add generic full disk encryption driver Daniel P. Berrange
2016-03-21 14:11 ` [Qemu-devel] [PATCH v6 07/11] block: move encryption deprecation warning into qcow code Daniel P. Berrange
2016-03-21 20:04   ` Eric Blake
2016-03-21 14:11 ` [Qemu-devel] [PATCH v6 08/11] block: add support for --image-opts in block I/O tests Daniel P. Berrange
2016-03-21 20:08   ` Eric Blake
2016-03-22 10:36     ` Daniel P. Berrange
2016-03-24 21:59   ` [Qemu-devel] [Qemu-block] " Max Reitz
2016-03-21 14:11 ` Daniel P. Berrange [this message]
2016-03-21 20:13   ` [Qemu-devel] [PATCH v6 09/11] block: add support for encryption secrets " Eric Blake
2016-03-21 14:11 ` [Qemu-devel] [PATCH v6 10/11] block: enable testing of LUKS driver with " Daniel P. Berrange
2016-03-21 14:11 ` [Qemu-devel] [PATCH v6 11/11] block: an interoperability test for luks vs dm-crypt/cryptsetup Daniel P. Berrange
2016-03-21 16:50 ` [Qemu-devel] [PATCH v6 00/11] Add new LUKS block driver (for 2.6) Kevin Wolf
2016-03-21 16:53   ` Daniel P. Berrange
2016-03-23 13:53 ` Kevin Wolf
2016-03-29  9:13   ` [Qemu-devel] [Qemu-block] " Kevin Wolf
2016-03-29  9:15     ` Daniel P. Berrange

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1458569512-22970-10-git-send-email-berrange@redhat.com \
    --to=berrange@redhat.com \
    --cc=famz@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).