From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52738) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1agtMG-0006qd-Bn for qemu-devel@nongnu.org; Fri, 18 Mar 2016 08:18:25 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1agtMF-0004i0-99 for qemu-devel@nongnu.org; Fri, 18 Mar 2016 08:18:24 -0400 Date: Fri, 18 Mar 2016 12:18:12 +0000 From: "Daniel P. Berrange" Message-ID: <20160318121812.GG17895@redhat.com> References: <1458237102-16204-1-git-send-email-berrange@redhat.com> <1458237102-16204-8-git-send-email-berrange@redhat.com> <20160318121127.GC5515@noname.redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20160318121127.GC5515@noname.redhat.com> Subject: Re: [Qemu-devel] [PATCH v5 7/7] block: drop support for using qcow[2] encryption with system emulators Reply-To: "Daniel P. Berrange" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Kevin Wolf Cc: Fam Zheng , qemu-devel@nongnu.org, qemu-block@nongnu.org On Fri, Mar 18, 2016 at 01:11:27PM +0100, Kevin Wolf wrote: > Am 17.03.2016 um 18:51 hat Daniel P. Berrange geschrieben: > > For a couple of releases we have been warning > > > > Encrypted images are deprecated > > Support for them will be removed in a future release. > > You can use 'qemu-img convert' to convert your image to an unencrypted one. > > > > This warning was issued by system emulators, qemu-img, qemu-nbd > > and qemu-io. Such a broad warning was issued because the original > > intention was to rip out all the code for dealing with encryption > > inside the QEMU block layer APIs. > > > > The new block encryption framework used for the LUKS driver does > > not rely on the unloved block layer API for encryption keys, > > instead using the QOM 'secret' object type. It is thus no longer > > appropriate to warn about encryption unconditionally. > > > > When the qcow/qcow2 drivers are converted to use the new encryption > > framework too, it will be practical to keep AES-CBC support present > > for use in qemu-img, qemu-io & qemu-nbd to allow for interoperability > > with older QEMU versions and liberation of data from existing encrypted > > qcow2 files. > > > > Thus this change, removes the deprecation warning, in its place adding > > a fatal error preventing use of qcow[2] built-in encryption inside the > > system emulators. Use of qcow[2] encryption in qemu-img, qemu-io, qemu-nbd > > no longer triggers any warning message, since that support is now expected > > to remain available long term, given the maint burden has been eliminated. > > > > Signed-off-by: Daniel P. Berrange > > Let's do this only after the qcow2 LUKS support has been merged so that > users have an alternative to switch to. Ok, I'll need to respin this to just move the deprecation warning then Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|