From: Thomas Huth <thuth@redhat.com>
To: Kevin Wolf <kwolf@redhat.com>
Cc: qemu-block@nongnu.org, "Alex Bennée" <alex.bennee@linaro.org>,
"Hanna Reitz" <hreitz@redhat.com>,
qemu-devel@nongnu.org
Subject: Re: [PATCH] tests/qemu-iotests: Check for a functional "secret" object before using it
Date: Mon, 8 Dec 2025 09:15:38 +0100 [thread overview]
Message-ID: <6333f8d4-3feb-43c7-8d11-98a7c3cbe0c4@redhat.com> (raw)
In-Reply-To: <aTMUQXOjJO0EiK8b@redhat.com>
On 05/12/2025 18.20, Kevin Wolf wrote:
> Am 05.12.2025 um 14:00 hat Thomas Huth geschrieben:
>> From: Thomas Huth <thuth@redhat.com>
>>
>> QEMU iotests 049, 134 and 158 are currently failing if you compiled
>> QEMU without the crypto libraries. Thus make sure that the "secret"
>> object is really usable and skip the tests otherwise.
>>
>> Reported-by: Alex Bennée <alex.bennee@linaro.org>
>> Signed-off-by: Thomas Huth <thuth@redhat.com>
>
>> diff --git a/tests/qemu-iotests/common.rc b/tests/qemu-iotests/common.rc
>> index e977cb4eb61..10d83d8361b 100644
>> --- a/tests/qemu-iotests/common.rc
>> +++ b/tests/qemu-iotests/common.rc
>> @@ -1053,6 +1053,20 @@ _require_one_device_of()
>> _notrun "$* not available"
>> }
>>
>> +_require_secret()
>> +{
>> + if [ -e "$TEST_IMG" ]; then
>> + echo "unwilling to overwrite existing file"
>> + exit 1
>> + fi
>> + if $QEMU_IMG create -f $IMGFMT --object secret,id=sec0,data=123 \
>> + -o encryption=on,encrypt.key-secret=sec0 "$TEST_IMG" 1M 2>&1 \
>> + | grep "Unsupported cipher" ; then
>> + _notrun "missing cipher support"
>> + fi
>
> What is the thing that you're checking here? If it's really the secret,
> then just running 'qemu-io --object secret,data=123,id=sec0 -c ""' would
> be enough. If it's not the secret, but encryption support, then the
> function is a misnomer.
The "qemu-io" statement seems to work fine in that case, so you're right,
it's apparently not the "secret" object, but rather the "encryption" part
that is failing.
So shall I rename it to "_require_encryption" ?
> _require_working_luks() looks pretty similar, though it requires
> specifically a working luks driver. Could something be unified? (The
> answer might be no, but it would be good to explicitly say it.)
While it looks a little bit similar, at least for me it still looks too
distinct for unification - or is "-o key-secret=sec0" doing exactly the same
as "-o encryption=on,encrypt.key-secret=sec0" ? ... I lack the deeper
understanding of the parameters here to judge on that topic.
Thomas
next prev parent reply other threads:[~2025-12-08 8:16 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-05 13:00 [PATCH] tests/qemu-iotests: Check for a functional "secret" object before using it Thomas Huth
2025-12-05 15:19 ` Alex Bennée
2025-12-05 17:20 ` Kevin Wolf
2025-12-08 8:15 ` Thomas Huth [this message]
2025-12-08 9:18 ` Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6333f8d4-3feb-43c7-8d11-98a7c3cbe0c4@redhat.com \
--to=thuth@redhat.com \
--cc=alex.bennee@linaro.org \
--cc=hreitz@redhat.com \
--cc=kwolf@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).