[libvirt] [PATCH v4 00/14] Add native TLS encrypted chardev TCP support

John Ferlan jferlan at redhat.com
Thu Jun 23 18:06:25 UTC 2016


v3: http://www.redhat.com/archives/libvir-list/2016-June/msg01094.html

Yes, I know another long series, but there are some duplicates with the
LUKS series:

http://www.redhat.com/archives/libvir-list/2016-June/msg01691.html

In particular:

Patches 1-3 match the LUKS patches 1-3
Patches 4-6 match the LUKS patches 12-14

They are needed for "parts" for this series. 

Changes since v3: 
Patches 7-10 are patches 1-4 of the v3 series with perhaps a few adjustments
these were reviewed and had partial ACK's see the v3 series cover for details

Patches 11->14 are NEW.  

Patch 11 needs the "passphrase" secret from LUKS in order to allow the
addition of a <secret> for a <serial type='tcp'...> to provide the passphrase
for the TLS environment.

Patch 12 provides the means (like Disk and Hostdev) to store the secinfo
required to generate an AES secret

Patch 13 adds the secret for the command line startup

Patch 14 could be combined w/ 13, but I just kept it a separate way to
add the secret for the hotplug (and unplug)

John Ferlan (14):
  qemu: Change protocol parameter for secret setup
  qemu: Remove authdef from secret setup
  conf: Add new secret type "passphrase"
  qemu: Remove type from qemuBuildSecretInfoProps
  qemu: Make qemuBuildSecretInfoProps global
  qemu: Add secinfo for hotplug virtio disk
  conf: Add new default TLS X.509 certificate default directory
  conf: Introduce chartcp_tls_x509_cert_dir
  qemu: Add support for TLS X.509 path to TCP chardev backend
  qemu: Add the ability to hotplug the TLS X.509 environment
  conf: Add new secret element for tcp chardev
  qemu: Introduce qemuDomainChardevPrivatePtr
  qemu: Add a secret object to/for a chardev tcp with secret
  qemu: Add the ability to hotplug a secret object for TCP chardev TLS

 docs/aclpolkit.html.in                             |   4 +
 docs/formatdomain.html.in                          |  29 +++
 docs/formatsecret.html.in                          |  57 +++++-
 docs/schemas/domaincommon.rng                      |  21 +++
 docs/schemas/secret.rng                            |  10 +
 include/libvirt/libvirt-secret.h                   |   3 +-
 src/access/viraccessdriverpolkit.c                 |  13 ++
 src/conf/domain_conf.c                             |  62 ++++++-
 src/conf/domain_conf.h                             |   8 +-
 src/conf/secret_conf.c                             |  26 ++-
 src/conf/secret_conf.h                             |   1 +
 src/conf/virsecretobj.c                            |   5 +
 src/libxl/libxl_domain.c                           |   2 +-
 src/lxc/lxc_native.c                               |   2 +-
 src/qemu/libvirtd_qemu.aug                         |  11 +-
 src/qemu/qemu.conf                                 |  83 +++++++--
 src/qemu/qemu_command.c                            | 148 ++++++++++++++-
 src/qemu/qemu_command.h                            |  13 ++
 src/qemu/qemu_conf.c                               |  59 +++++-
 src/qemu/qemu_conf.h                               |   7 +
 src/qemu/qemu_domain.c                             | 202 +++++++++++++++------
 src/qemu/qemu_domain.h                             |  22 +++
 src/qemu/qemu_driver.c                             |   2 +-
 src/qemu/qemu_hotplug.c                            | 141 ++++++++++++--
 src/qemu/qemu_hotplug.h                            |   3 +-
 src/qemu/qemu_monitor_json.c                       |   9 +
 src/qemu/qemu_parse_command.c                      |   4 +-
 src/qemu/qemu_process.c                            |   2 +-
 src/qemu/test_libvirtd_qemu.aug.in                 |   5 +
 src/vz/vz_sdk.c                                    |   2 +-
 src/xenconfig/xen_sxpr.c                           |   2 +-
 tests/qemuhotplugtest.c                            |   2 +-
 .../qemuxml2argv-serial-tcp-tlsx509-chardev.args   |  33 ++++
 .../qemuxml2argv-serial-tcp-tlsx509-chardev.xml    |  41 +++++
 ...xml2argv-serial-tcp-tlsx509-secret-chardev.args |  38 ++++
 ...uxml2argv-serial-tcp-tlsx509-secret-chardev.xml |  42 +++++
 tests/qemuxml2argvtest.c                           |  14 ++
 .../qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml  |  50 +++++
 ...ml2xmlout-serial-tcp-tlsx509-secret-chardev.xml |  51 ++++++
 tests/qemuxml2xmltest.c                            |   2 +
 tests/secretxml2xmlin/usage-passphrase.xml         |   7 +
 tests/secretxml2xmltest.c                          |   1 +
 42 files changed, 1116 insertions(+), 123 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.xml
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.xml
 create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml
 create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-secret-chardev.xml
 create mode 100644 tests/secretxml2xmlin/usage-passphrase.xml

-- 
2.5.5




More information about the libvir-list mailing list