Libguestfs - Sep 2016 - [PATCH 2/3] mllib: expose disk decrypt functionalities

Hi,

this series refactors some guestfish code (not much), and exposes it
via Common_utils, so it is possible to decrypt LUKS partitions when
using virt-customize, virt-get-kernel, virt-sparsify, and virt-sysprep.
This brings them closer in features with C tools.

Most probably a couple more of other OCaml-based tools (virt-v2v to
convert encrypted guests, and virt-builder to use encrypted templates),
but that is left for implementation at a later time.

Thanks,


Pino Toscano (3):
  fish: move disk decryption helpers in own file
  mllib: expose disk decrypt functionalities
  OCaml tools: add crypto support (RHBZ#1362649)

 align/Makefile.am              |   1 +
 cat/Makefile.am                |   1 +
 customize/customize_main.ml    |   5 +-
 customize/virt-customize.pod   |  12 +++++
 df/Makefile.am                 |   1 +
 diff/Makefile.am               |   1 +
 edit/Makefile.am               |   1 +
 fish/Makefile.am               |   1 +
 fish/decrypt.c                 | 102 +++++++++++++++++++++++++++++++++++++++++
 fish/inspect.c                 |  68 ---------------------------
 fish/options.h                 |   4 +-
 format/Makefile.am             |   1 +
 fuse/Makefile.am               |   1 +
 get-kernel/get_kernel.ml       |   5 +-
 get-kernel/virt-get-kernel.pod |  12 +++++
 inspector/Makefile.am          |   1 +
 mllib/Makefile.am              |   3 ++
 mllib/common_utils-c.c         |  75 ++++++++++++++++++++++++++++++
 mllib/common_utils.ml          |  22 ++++++++-
 mllib/common_utils.mli         |  10 +++-
 rescue/Makefile.am             |   1 +
 sparsify/cmdline.ml            |   2 +-
 sparsify/copying.ml            |   3 ++
 sparsify/in_place.ml           |   3 ++
 sparsify/virt-sparsify.pod     |  12 +++++
 sysprep/main.ml                |   5 +-
 sysprep/virt-sysprep.pod       |  12 +++++
 27 files changed, 290 insertions(+), 75 deletions(-)
 create mode 100644 fish/decrypt.c
 create mode 100644 mllib/common_utils-c.c

-- 
2.7.4

This way it is easier to use them outside the rest of the code in
guestfish for inspection & mount.

Just code motion, no behaviour changes.
---
 align/Makefile.am     |   1 +
 cat/Makefile.am       |   1 +
 df/Makefile.am        |   1 +
 diff/Makefile.am      |   1 +
 edit/Makefile.am      |   1 +
 fish/Makefile.am      |   1 +
 fish/decrypt.c        | 102 ++++++++++++++++++++++++++++++++++++++++++++++++++
 fish/inspect.c        |  68 ---------------------------------
 fish/options.h        |   4 +-
 format/Makefile.am    |   1 +
 fuse/Makefile.am      |   1 +
 inspector/Makefile.am |   1 +
 rescue/Makefile.am    |   1 +
 13 files changed, 115 insertions(+), 69 deletions(-)
 create mode 100644 fish/decrypt.c

diff --git a/align/Makefile.am b/align/Makefile.am
index 1eccf28..eb44263 100644
--- a/align/Makefile.am
+++ b/align/Makefile.am
@@ -33,6 +33,7 @@ SHARED_SOURCE_FILES = \
 	../df/parallel.c \
 	../df/parallel.h \
 	../fish/config.c \
+	../fish/decrypt.c \
 	../fish/display-options.h \
 	../fish/display-options.c \
 	../fish/domain.c \
diff --git a/cat/Makefile.am b/cat/Makefile.am
index 38faa94..5e55742 100644
--- a/cat/Makefile.am
+++ b/cat/Makefile.am
@@ -31,6 +31,7 @@ EXTRA_DIST = \
 bin_PROGRAMS = virt-cat virt-filesystems virt-log virt-ls
 
 SHARED_SOURCE_FILES = \
+	../fish/decrypt.c \
 	../fish/display-options.h \
 	../fish/display-options.c \
 	../fish/domain.c \
diff --git a/df/Makefile.am b/df/Makefile.am
index ce1686a..6efc1dc 100644
--- a/df/Makefile.am
+++ b/df/Makefile.am
@@ -28,6 +28,7 @@ bin_PROGRAMS = virt-df
 
 SHARED_SOURCE_FILES = \
 	../fish/config.c \
+	../fish/decrypt.c \
 	../fish/display-options.h \
 	../fish/display-options.c \
 	../fish/domain.c \
diff --git a/diff/Makefile.am b/diff/Makefile.am
index cdbe05c..7dfe2cd 100644
--- a/diff/Makefile.am
+++ b/diff/Makefile.am
@@ -27,6 +27,7 @@ bin_PROGRAMS = virt-diff
 SHARED_SOURCE_FILES = \
 	../cat/visit.h \
 	../cat/visit.c \
+	../fish/decrypt.c \
 	../fish/display-options.h \
 	../fish/display-options.c \
 	../fish/domain.c \
diff --git a/edit/Makefile.am b/edit/Makefile.am
index 4ac4f08..dc9fbb0 100644
--- a/edit/Makefile.am
+++ b/edit/Makefile.am
@@ -26,6 +26,7 @@ bin_PROGRAMS = virt-edit
 
 SHARED_SOURCE_FILES = \
 	../fish/config.c \
+	../fish/decrypt.c \
 	../fish/display-options.h \
 	../fish/display-options.c \
 	../fish/domain.c \
diff --git a/fish/Makefile.am b/fish/Makefile.am
index e1bc210..8fdcd27 100644
--- a/fish/Makefile.am
+++ b/fish/Makefile.am
@@ -73,6 +73,7 @@ EXTRA_DIST = \
 # files must not include other guestfish files.
 SHARED_SOURCE_FILES = \
 	config.c \
+	decrypt.c \
 	display-options.h \
 	display-options.c \
 	domain.c \
diff --git a/fish/decrypt.c b/fish/decrypt.c
new file mode 100644
index 0000000..d6e041d
--- /dev/null
+++ b/fish/decrypt.c
@@ -0,0 +1,102 @@
+/* libguestfs - shared disk decryption
+ * Copyright (C) 2010 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
USA.
+ */
+
+/**
+ * This file implements the decryption of disk images, usually done
+ * before mounting their partitions.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "c-ctype.h"
+
+#include "guestfs.h"
+
+#include "options.h"
+
+/**
+ * Make a LUKS map name from the partition name,
+ * eg. C<"/dev/vda2" =E<gt> "luksvda2">
+ */
+static void
+make_mapname (const char *device, char *mapname, size_t len)
+{
+  size_t i = 0;
+
+  if (len < 5)
+    abort ();
+  strcpy (mapname, "luks");
+  mapname += 4;
+  len -= 4;
+
+  if (STRPREFIX (device, "/dev/"))
+    i = 5;
+
+  for (; device[i] != '\0' && len >= 1; ++i) {
+    if (c_isalnum (device[i])) {
+      *mapname++ = device[i];
+      len--;
+    }
+  }
+
+  *mapname = '\0';
+}
+
+/**
+ * Simple implementation of decryption: look for any C<crypto_LUKS>
+ * partitions and decrypt them, then rescan for VGs.  This only works
+ * for Fedora whole-disk encryption.  WIP to make this work for other
+ * encryption schemes.
+ */
+void
+inspect_do_decrypt (guestfs_h *g)
+{
+  CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions (g);
+  if (partitions == NULL)
+    exit (EXIT_FAILURE);
+
+  int need_rescan = 0;
+  size_t i;
+  for (i = 0; partitions[i] != NULL; ++i) {
+    CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
+    if (type && STREQ (type, "crypto_LUKS")) {
+      char mapname[32];
+      make_mapname (partitions[i], mapname, sizeof mapname);
+
+      CLEANUP_FREE char *key = read_key (partitions[i]);
+      /* XXX Should we call guestfs_luks_open_ro if readonly flag
+       * is set?  This might break 'mount_ro'.
+       */
+      if (guestfs_luks_open (g, partitions[i], key, mapname) == -1)
+        exit (EXIT_FAILURE);
+
+      need_rescan = 1;
+    }
+  }
+
+  if (need_rescan) {
+    if (guestfs_vgscan (g) == -1)
+      exit (EXIT_FAILURE);
+    if (guestfs_vg_activate_all (g, 1) == -1)
+      exit (EXIT_FAILURE);
+  }
+}
diff --git a/fish/inspect.c b/fish/inspect.c
index 952d4f7..4a5b3c3 100644
--- a/fish/inspect.c
+++ b/fish/inspect.c
@@ -202,71 +202,3 @@ print_inspect_prompt (void)
             dev ? dev : mountpoints[i+1], mountpoints[i]);
   }
 }
-
-/**
- * Make a LUKS map name from the partition name,
- * eg. C<"/dev/vda2" =E<gt> "luksvda2">
- */
-static void
-make_mapname (const char *device, char *mapname, size_t len)
-{
-  size_t i = 0;
-
-  if (len < 5)
-    abort ();
-  strcpy (mapname, "luks");
-  mapname += 4;
-  len -= 4;
-
-  if (STRPREFIX (device, "/dev/"))
-    i = 5;
-
-  for (; device[i] != '\0' && len >= 1; ++i) {
-    if (c_isalnum (device[i])) {
-      *mapname++ = device[i];
-      len--;
-    }
-  }
-
-  *mapname = '\0';
-}
-
-/**
- * Simple implementation of decryption: look for any C<crypto_LUKS>
- * partitions and decrypt them, then rescan for VGs.  This only works
- * for Fedora whole-disk encryption.  WIP to make this work for other
- * encryption schemes.
- */
-void
-inspect_do_decrypt (guestfs_h *g)
-{
-  CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions (g);
-  if (partitions == NULL)
-    exit (EXIT_FAILURE);
-
-  int need_rescan = 0;
-  size_t i;
-  for (i = 0; partitions[i] != NULL; ++i) {
-    CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
-    if (type && STREQ (type, "crypto_LUKS")) {
-      char mapname[32];
-      make_mapname (partitions[i], mapname, sizeof mapname);
-
-      CLEANUP_FREE char *key = read_key (partitions[i]);
-      /* XXX Should we call guestfs_luks_open_ro if readonly flag
-       * is set?  This might break 'mount_ro'.
-       */
-      if (guestfs_luks_open (g, partitions[i], key, mapname) == -1)
-        exit (EXIT_FAILURE);
-
-      need_rescan = 1;
-    }
-  }
-
-  if (need_rescan) {
-    if (guestfs_vgscan (g) == -1)
-      exit (EXIT_FAILURE);
-    if (guestfs_vg_activate_all (g, 1) == -1)
-      exit (EXIT_FAILURE);
-  }
-}
diff --git a/fish/options.h b/fish/options.h
index 061b41f..e8a4ebc 100644
--- a/fish/options.h
+++ b/fish/options.h
@@ -111,6 +111,9 @@ struct mp {
 /* in config.c */
 extern void parse_config (void);
 
+/* in decrypt.c */
+extern void inspect_do_decrypt (guestfs_h *g);
+
 /* in domain.c */
 extern int add_libvirt_drives (guestfs_h *g, const char *guest);
 
@@ -124,7 +127,6 @@ extern void print_inspect_prompt (void);
 
 #if COMPILING_VIRT_INSPECTOR
 /* (low-level inspection functions, used by virt-inspector only) */
-extern void inspect_do_decrypt (guestfs_h *g);
 extern void inspect_mount_root (guestfs_h *g, const char *root);
 #endif
 
diff --git a/format/Makefile.am b/format/Makefile.am
index d196910..0e881a5 100644
--- a/format/Makefile.am
+++ b/format/Makefile.am
@@ -26,6 +26,7 @@ bin_PROGRAMS = virt-format
 
 SHARED_SOURCE_FILES = \
 	../fish/config.c \
+	../fish/decrypt.c \
 	../fish/display-options.h \
 	../fish/display-options.c \
 	../fish/domain.c \
diff --git a/fuse/Makefile.am b/fuse/Makefile.am
index d766479..b8f5ad6 100644
--- a/fuse/Makefile.am
+++ b/fuse/Makefile.am
@@ -34,6 +34,7 @@ bin_PROGRAMS = \
 # between guestfish and guestmount.
 SHARED_SOURCE_FILES = \
 	../fish/config.c \
+	../fish/decrypt.c \
 	../fish/display-options.h \
 	../fish/display-options.c \
 	../fish/domain.c \
diff --git a/inspector/Makefile.am b/inspector/Makefile.am
index 00ca5d5..760e810 100644
--- a/inspector/Makefile.am
+++ b/inspector/Makefile.am
@@ -54,6 +54,7 @@ bin_PROGRAMS = virt-inspector
 
 SHARED_SOURCE_FILES = \
 	../fish/config.c \
+	../fish/decrypt.c \
 	../fish/display-options.h \
 	../fish/display-options.c \
 	../fish/domain.c \
diff --git a/rescue/Makefile.am b/rescue/Makefile.am
index c2545bd..f2a3c39 100644
--- a/rescue/Makefile.am
+++ b/rescue/Makefile.am
@@ -27,6 +27,7 @@ bin_PROGRAMS = virt-rescue
 
 SHARED_SOURCE_FILES = \
 	../fish/config.c \
+	../fish/decrypt.c \
 	../fish/display-options.h \
 	../fish/display-options.c \
 	../fish/domain.c \
-- 
2.7.4

Expose via Common_utils the C functions & variables (part of guestfish)
that handle decryption of LUKS partitions, and the additional command
line arguments to tune the way they work.  This way it will be easy to
provide (basic) crypto support also in OCaml-based tools.

Related to: RHBZ#1362649
---
 mllib/Makefile.am      |  3 ++
 mllib/common_utils-c.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++
 mllib/common_utils.ml  | 22 ++++++++++++++-
 mllib/common_utils.mli | 10 ++++++-
 4 files changed, 108 insertions(+), 2 deletions(-)
 create mode 100644 mllib/common_utils-c.c

diff --git a/mllib/Makefile.am b/mllib/Makefile.am
index e93771e..489529a 100644
--- a/mllib/Makefile.am
+++ b/mllib/Makefile.am
@@ -63,8 +63,11 @@ SOURCES_ML = \
 	exit.ml
 
 SOURCES_C = \
+	../fish/decrypt.c \
+	../fish/keys.c \
 	../fish/progress.c \
 	../fish/uri.c \
+	common_utils-c.c \
 	dev_t-c.c \
 	exit-c.c \
 	fsync-c.c \
diff --git a/mllib/common_utils-c.c b/mllib/common_utils-c.c
new file mode 100644
index 0000000..d674377
--- /dev/null
+++ b/mllib/common_utils-c.c
@@ -0,0 +1,75 @@
+/* libguestfs OCaml tools common code
+ * Copyright (C) 2016 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
USA.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <caml/alloc.h>
+#include <caml/fail.h>
+#include <caml/memory.h>
+#include <caml/mlvalues.h>
+
+#ifdef HAVE_CAML_UNIXSUPPORT_H
+#include <caml/unixsupport.h>
+#else
+#define Nothing ((value) 0)
+extern void unix_error (int errcode, char * cmdname, value arg) Noreturn;
+#endif
+
+#include <guestfs.h>
+
+#include "options.h"
+
+extern value guestfs_int_mllib_inspect_decrypt (value gv, value gpv);
+extern value guestfs_int_mllib_set_echo_keys (value unitv);
+extern value guestfs_int_mllib_set_keys_from_stdin (value unitv);
+
+/* Interface with the guestfish inspection and decryption code. */
+int echo_keys = 0;
+int keys_from_stdin = 0;
+
+value
+guestfs_int_mllib_inspect_decrypt (value gv, value gpv)
+{
+  CAMLparam2 (gv, gpv);
+  guestfs_h *g = (guestfs_h *) (intptr_t) Int64_val (gpv);
+
+  inspect_do_decrypt (g);
+
+  CAMLreturn (Val_unit);
+}
+
+/* NB: This is a "noalloc" call. */
+value
+guestfs_int_mllib_set_echo_keys (value unitv)
+{
+  echo_keys = 1;
+  return Val_unit;
+}
+
+/* NB: This is a "noalloc" call. */
+value
+guestfs_int_mllib_set_keys_from_stdin (value unitv)
+{
+  keys_from_stdin = 1;
+  return Val_unit;
+}
diff --git a/mllib/common_utils.ml b/mllib/common_utils.ml
index 4e36d50..7cb8198 100644
--- a/mllib/common_utils.ml
+++ b/mllib/common_utils.ml
@@ -21,6 +21,10 @@ open Printf
 open Common_gettext.Gettext
 open Getopt.OptionName
 
+external c_inspect_decrypt : Guestfs.t -> int64 -> unit =
"guestfs_int_mllib_inspect_decrypt"
+external c_set_echo_keys : unit -> unit =
"guestfs_int_mllib_set_echo_keys" "noalloc"
+external c_set_keys_from_stdin : unit -> unit =
"guestfs_int_mllib_set_keys_from_stdin" "noalloc"
+
 module Char = struct
     include Char
 
@@ -591,7 +595,7 @@ let human_size i      )
   )
 
-let create_standard_options argspec ?anon_fun usage_msg +let
create_standard_options argspec ?anon_fun ?(key_opts = false) usage_msg    (**
Install an exit hook to check gc consistency for --debug-gc *)
   let set_debug_gc ()      at_exit (fun () -> Gc.compact()) in
@@ -604,6 +608,14 @@ let create_standard_options argspec ?anon_fun usage_msg    
[ L"color"; L"colors";
       L"colour"; L"colours" ], Getopt.Unit set_colours,
s_"Use ANSI colour sequences even if not tty";
   ] @ argspec in
+  let argspec +    argspec @
+      (if key_opts then
+      [
+        [ L"echo-keys" ],       Getopt.Unit c_set_echo_keys,      
s_"Don't turn off echo for passphrases";
+        [ L"keys-from-stdin" ], Getopt.Unit c_set_keys_from_stdin,
s_"Read passphrases from stdin";
+      ]
+      else []) in
   Getopt.create argspec ?anon_fun usage_msg
 
 (* Compare two version strings intelligently. *)
@@ -998,3 +1010,11 @@ let is_btrfs_subvolume g fs    with Guestfs.Error msg as
exn ->
     if g#last_errno () = Guestfs.Errno.errno_EINVAL then false
     else raise exn
+
+let inspect_decrypt g +  (* Note we pass original 'g' even though it is
not used by the
+   * callee.  This is so that 'g' is kept as a root on the stack, and
+   * so cannot be garbage collected while we are in the c_edit_file
+   * function.
+   *)
+  c_inspect_decrypt g#ocaml_handle (Guestfs.c_pointer g#ocaml_handle)
diff --git a/mllib/common_utils.mli b/mllib/common_utils.mli
index de95f9d..68c0d54 100644
--- a/mllib/common_utils.mli
+++ b/mllib/common_utils.mli
@@ -260,10 +260,13 @@ val parse_resize : int64 -> string -> int64
 val human_size : int64 -> string
 (** Converts a size in bytes to a human-readable string. *)
 
-val create_standard_options : Getopt.speclist -> ?anon_fun:Getopt.anon_fun
-> Getopt.usage_msg -> Getopt.t
+val create_standard_options : Getopt.speclist -> ?anon_fun:Getopt.anon_fun
-> ?key_opts:bool -> Getopt.usage_msg -> Getopt.t
 (** Adds the standard libguestfs command line options to the specified ones,
     sorting them, and setting [long_options] to them.
 
+    [key_opts] specifies whether add the standard options related to
+    keys management, i.e. [--echo-keys] and [--keys-from-stdin].
+
     Returns a new [Getopt.t] handle. *)
 
 val compare_version : string -> string -> int
@@ -390,3 +393,8 @@ val which : string -> string
 (** Return the full path of the specified executable from [$PATH].
 
     Throw [Executable_not_found] if not available. *)
+
+val inspect_decrypt : Guestfs.guestfs -> unit
+(** Simple implementation of decryption: look for any [crypto_LUKS]
+    partitions and decrypt them, then rescan for VGs.  This only works
+    for Fedora whole-disk encryption. *)
-- 
2.7.4

Make use of the additional command line arguments, and API needed to
decrypt LUKS partitions.

This affects only virt-customize, virt-get-kernel, virt-sparsify, and
virt-sysprep, as they are the main OCaml tools interacting with
user-provided images.
---
 customize/customize_main.ml    |  5 ++++-
 customize/virt-customize.pod   | 12 ++++++++++++
 get-kernel/get_kernel.ml       |  5 ++++-
 get-kernel/virt-get-kernel.pod | 12 ++++++++++++
 sparsify/cmdline.ml            |  2 +-
 sparsify/copying.ml            |  3 +++
 sparsify/in_place.ml           |  3 +++
 sparsify/virt-sparsify.pod     | 12 ++++++++++++
 sysprep/main.ml                |  5 ++++-
 sysprep/virt-sysprep.pod       | 12 ++++++++++++
 10 files changed, 67 insertions(+), 4 deletions(-)

diff --git a/customize/customize_main.ml b/customize/customize_main.ml
index 07fd790..5613277 100644
--- a/customize/customize_main.ml
+++ b/customize/customize_main.ml
@@ -102,7 +102,7 @@ A short summary of the options is given below.  For detailed
help please
 read the man page virt-customize(1).
 ")
       prog in
-  let opthandle = create_standard_options argspec usage_msg in
+  let opthandle = create_standard_options argspec ~key_opts:true usage_msg in
   Getopt.parse opthandle;
 
   if not !format_consumed then
@@ -175,6 +175,9 @@ read the man page virt-customize(1).
     g#launch ();
     g in
 
+  (* Decrypt the disks. *)
+  inspect_decrypt g;
+
   (* Inspection. *)
   (match Array.to_list (g#inspect_os ()) with
   | [] ->
diff --git a/customize/virt-customize.pod b/customize/virt-customize.pod
index e594f61..a0ca9c9 100644
--- a/customize/virt-customize.pod
+++ b/customize/virt-customize.pod
@@ -107,6 +107,13 @@ used instead of names.
 Perform a read-only "dry run" on the guest.  This runs the sysprep
 operation, but throws away any changes to the disk at the end.
 
+=item B<--echo-keys>
+
+When prompting for keys and passphrases, virt-customize normally turns
+echoing off so you cannot see what you are typing.  If you are not
+worried about Tempest attacks and there is no one else in the room
+you can specify this flag to see what you are typing.
+
 =item B<--format> raw|qcow2|..
 
 =item B<--format> auto
@@ -131,6 +138,11 @@ If you have untrusted raw-format guest disk images, you
should use
 this option to specify the disk format.  This avoids a possible
 security problem with malicious guests (CVE-2010-3851).
 
+=item B<--keys-from-stdin>
+
+Read key or passphrase parameters from stdin.  The default is
+to try to read passphrases from the user by opening F</dev/tty>.
+
 =item B<-m> MB
 
 =item B<--memsize> MB
diff --git a/get-kernel/get_kernel.ml b/get-kernel/get_kernel.ml
index f83a940..adf9649 100644
--- a/get-kernel/get_kernel.ml
+++ b/get-kernel/get_kernel.ml
@@ -70,7 +70,7 @@ A short summary of the options is given below.  For detailed
help please
 read the man page virt-get-kernel(1).
 ")
       prog in
-  let opthandle = create_standard_options argspec usage_msg in
+  let opthandle = create_standard_options argspec ~key_opts:true usage_msg in
   Getopt.parse opthandle;
 
   (* Machine-readable mode?  Print out some facts about what
@@ -174,6 +174,9 @@ let main ()    add g;
   g#launch ();
 
+  (* Decrypt the disks. *)
+  inspect_decrypt g;
+
   let roots = g#inspect_os () in
   if Array.length roots = 0 then
     error (f_"no operating system found");
diff --git a/get-kernel/virt-get-kernel.pod b/get-kernel/virt-get-kernel.pod
index 97a159c..8298fe5 100644
--- a/get-kernel/virt-get-kernel.pod
+++ b/get-kernel/virt-get-kernel.pod
@@ -70,6 +70,13 @@ not used at all.
 Add all the disks from the named libvirt guest.  Domain UUIDs can be
 used instead of names.
 
+=item B<--echo-keys>
+
+When prompting for keys and passphrases, virt-get-kernel normally turns
+echoing off so you cannot see what you are typing.  If you are not
+worried about Tempest attacks and there is no one else in the room
+you can specify this flag to see what you are typing.
+
 =item B<--format> raw|qcow2|..
 
 =item B<--format> auto
@@ -82,6 +89,11 @@ If you have untrusted raw-format guest disk images, you
should use
 this option to specify the disk format.  This avoids a possible
 security problem with malicious guests (CVE-2010-3851).
 
+=item B<--keys-from-stdin>
+
+Read key or passphrase parameters from stdin.  The default is
+to try to read passphrases from the user by opening F</dev/tty>.
+
 =item B<--machine-readable>
 
 This option is used to make the output more machine friendly
diff --git a/sparsify/cmdline.ml b/sparsify/cmdline.ml
index 523d612..2a9dd48 100644
--- a/sparsify/cmdline.ml
+++ b/sparsify/cmdline.ml
@@ -90,7 +90,7 @@ A short summary of the options is given below.  For detailed
help please
 read the man page virt-sparsify(1).
 ")
       prog in
-  let opthandle = create_standard_options argspec ~anon_fun usage_msg in
+  let opthandle = create_standard_options argspec ~anon_fun ~key_opts:true
usage_msg in
   Getopt.parse opthandle;
 
   (* Dereference the rest of the args. *)
diff --git a/sparsify/copying.ml b/sparsify/copying.ml
index 003dbf8..9c66428 100644
--- a/sparsify/copying.ml
+++ b/sparsify/copying.ml
@@ -182,6 +182,9 @@ You can ignore this warning or change it to a hard failure
using the
 
     g in
 
+  (* Decrypt the disks. *)
+  inspect_decrypt g;
+
   (* Modify SIGINT handler (set first above) to cancel the handle. *)
   let do_sigint _      g#user_cancel ();
diff --git a/sparsify/in_place.ml b/sparsify/in_place.ml
index e2ee9d9..5411892 100644
--- a/sparsify/in_place.ml
+++ b/sparsify/in_place.ml
@@ -57,6 +57,9 @@ let run disk format ignores machine_readable zeroes    if not
(g#feature_available [|"fstrim"|]) then
     error ~exit_code:3 (f_"discard/trim is not supported");
 
+  (* Decrypt the disks. *)
+  inspect_decrypt g;
+
   (* Discard non-ignored filesystems that we are able to mount, and
    * selected swap partitions.
    *)
diff --git a/sparsify/virt-sparsify.pod b/sparsify/virt-sparsify.pod
index 177cd03..fa72c23 100644
--- a/sparsify/virt-sparsify.pod
+++ b/sparsify/virt-sparsify.pod
@@ -192,6 +192,13 @@ For fine-tuning the output format, see:
I<--compress>, I<-o>.
 
 You cannot use this option and I<--in-place> together.
 
+=item B<--echo-keys>
+
+When prompting for keys and passphrases, virt-sparsify normally turns
+echoing off so you cannot see what you are typing.  If you are not
+worried about Tempest attacks and there is no one else in the room
+you can specify this flag to see what you are typing.
+
 =item B<--format> raw
 
 =item B<--format> qcow2
@@ -223,6 +230,11 @@ You can give this option multiple times.
 Do in-place sparsification instead of copying sparsification.
 See L</IN-PLACE SPARSIFICATION> below.
 
+=item B<--keys-from-stdin>
+
+Read key or passphrase parameters from stdin.  The default is
+to try to read passphrases from the user by opening F</dev/tty>.
+
 =item B<--machine-readable>
 
 This option is used to make the output more machine friendly
diff --git a/sysprep/main.ml b/sysprep/main.ml
index 01ea590..2fa416f 100644
--- a/sysprep/main.ml
+++ b/sysprep/main.ml
@@ -147,7 +147,7 @@ A short summary of the options is given below.  For detailed
help please
 read the man page virt-sysprep(1).
 ")
         prog in
-    let opthandle = create_standard_options args usage_msg in
+    let opthandle = create_standard_options args ~key_opts:true usage_msg in
     Getopt.parse opthandle;
 
     if not !format_consumed then
@@ -216,6 +216,9 @@ read the man page virt-sysprep(1).
 
     operations, g, mount_opts in
 
+  (* Decrypt the disks. *)
+  inspect_decrypt g;
+
   (* Inspection. *)
   (match Array.to_list (g#inspect_os ()) with
   | [] ->
diff --git a/sysprep/virt-sysprep.pod b/sysprep/virt-sysprep.pod
index bdb4580..0e59b4c 100644
--- a/sysprep/virt-sysprep.pod
+++ b/sysprep/virt-sysprep.pod
@@ -155,6 +155,13 @@ version of virt-sysprep.
 See L</OPERATIONS> below for a list and an explanation of each
 operation.
 
+=item B<--echo-keys>
+
+When prompting for keys and passphrases, virt-sysprep normally turns
+echoing off so you cannot see what you are typing.  If you are not
+worried about Tempest attacks and there is no one else in the room
+you can specify this flag to see what you are typing.
+
 =item B<--format> raw|qcow2|..
 
 =item B<--format> auto
@@ -179,6 +186,11 @@ If you have untrusted raw-format guest disk images, you
should use
 this option to specify the disk format.  This avoids a possible
 security problem with malicious guests (CVE-2010-3851).
 
+=item B<--keys-from-stdin>
+
+Read key or passphrase parameters from stdin.  The default is
+to try to read passphrases from the user by opening F</dev/tty>.
+
 =item B<--list-operations>
 
 List the operations supported by the virt-sysprep program.
-- 
2.7.4

On Mon, Sep 19, 2016 at 07:12:44PM +0200, Pino Toscano
wrote:
> This way it is easier to use them outside the rest of the code in
> guestfish for inspection & mount.
> 
> Just code motion, no behaviour changes.
> ---
>  align/Makefile.am     |   1 +
>  cat/Makefile.am       |   1 +
>  df/Makefile.am        |   1 +
>  diff/Makefile.am      |   1 +
>  edit/Makefile.am      |   1 +
>  fish/Makefile.am      |   1 +
>  fish/decrypt.c        | 102
++++++++++++++++++++++++++++++++++++++++++++++++++
>  fish/inspect.c        |  68 ---------------------------------
>  fish/options.h        |   4 +-
>  format/Makefile.am    |   1 +
>  fuse/Makefile.am      |   1 +
>  inspector/Makefile.am |   1 +
>  rescue/Makefile.am    |   1 +
>  13 files changed, 115 insertions(+), 69 deletions(-)
>  create mode 100644 fish/decrypt.c
> 
> diff --git a/align/Makefile.am b/align/Makefile.am
> index 1eccf28..eb44263 100644
> --- a/align/Makefile.am
> +++ b/align/Makefile.am
> @@ -33,6 +33,7 @@ SHARED_SOURCE_FILES = \
>  	../df/parallel.c \
>  	../df/parallel.h \
>  	../fish/config.c \
> +	../fish/decrypt.c \
>  	../fish/display-options.h \
>  	../fish/display-options.c \
>  	../fish/domain.c \
> diff --git a/cat/Makefile.am b/cat/Makefile.am
> index 38faa94..5e55742 100644
> --- a/cat/Makefile.am
> +++ b/cat/Makefile.am
> @@ -31,6 +31,7 @@ EXTRA_DIST = \
>  bin_PROGRAMS = virt-cat virt-filesystems virt-log virt-ls
>  
>  SHARED_SOURCE_FILES = \
> +	../fish/decrypt.c \
>  	../fish/display-options.h \
>  	../fish/display-options.c \
>  	../fish/domain.c \
> diff --git a/df/Makefile.am b/df/Makefile.am
> index ce1686a..6efc1dc 100644
> --- a/df/Makefile.am
> +++ b/df/Makefile.am
> @@ -28,6 +28,7 @@ bin_PROGRAMS = virt-df
>  
>  SHARED_SOURCE_FILES = \
>  	../fish/config.c \
> +	../fish/decrypt.c \
>  	../fish/display-options.h \
>  	../fish/display-options.c \
>  	../fish/domain.c \
> diff --git a/diff/Makefile.am b/diff/Makefile.am
> index cdbe05c..7dfe2cd 100644
> --- a/diff/Makefile.am
> +++ b/diff/Makefile.am
> @@ -27,6 +27,7 @@ bin_PROGRAMS = virt-diff
>  SHARED_SOURCE_FILES = \
>  	../cat/visit.h \
>  	../cat/visit.c \
> +	../fish/decrypt.c \
>  	../fish/display-options.h \
>  	../fish/display-options.c \
>  	../fish/domain.c \
> diff --git a/edit/Makefile.am b/edit/Makefile.am
> index 4ac4f08..dc9fbb0 100644
> --- a/edit/Makefile.am
> +++ b/edit/Makefile.am
> @@ -26,6 +26,7 @@ bin_PROGRAMS = virt-edit
>  
>  SHARED_SOURCE_FILES = \
>  	../fish/config.c \
> +	../fish/decrypt.c \
>  	../fish/display-options.h \
>  	../fish/display-options.c \
>  	../fish/domain.c \
> diff --git a/fish/Makefile.am b/fish/Makefile.am
> index e1bc210..8fdcd27 100644
> --- a/fish/Makefile.am
> +++ b/fish/Makefile.am
> @@ -73,6 +73,7 @@ EXTRA_DIST = \
>  # files must not include other guestfish files.
>  SHARED_SOURCE_FILES = \
>  	config.c \
> +	decrypt.c \
>  	display-options.h \
>  	display-options.c \
>  	domain.c \
> diff --git a/fish/decrypt.c b/fish/decrypt.c
> new file mode 100644
> index 0000000..d6e041d
> --- /dev/null
> +++ b/fish/decrypt.c
> @@ -0,0 +1,102 @@
> +/* libguestfs - shared disk decryption
> + * Copyright (C) 2010 Red Hat Inc.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, write to the Free Software
> + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
> + */
> +
> +/**
> + * This file implements the decryption of disk images, usually done
> + * before mounting their partitions.
> + */
> +
> +#include <config.h>
> +
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +
> +#include "c-ctype.h"
> +
> +#include "guestfs.h"
> +
> +#include "options.h"
> +
> +/**
> + * Make a LUKS map name from the partition name,
> + * eg. C<"/dev/vda2" =E<gt> "luksvda2">
> + */
> +static void
> +make_mapname (const char *device, char *mapname, size_t len)
> +{
> +  size_t i = 0;
> +
> +  if (len < 5)
> +    abort ();
> +  strcpy (mapname, "luks");
> +  mapname += 4;
> +  len -= 4;
> +
> +  if (STRPREFIX (device, "/dev/"))
> +    i = 5;
> +
> +  for (; device[i] != '\0' && len >= 1; ++i) {
> +    if (c_isalnum (device[i])) {
> +      *mapname++ = device[i];
> +      len--;
> +    }
> +  }
> +
> +  *mapname = '\0';
> +}
> +
> +/**
> + * Simple implementation of decryption: look for any C<crypto_LUKS>
> + * partitions and decrypt them, then rescan for VGs.  This only works
> + * for Fedora whole-disk encryption.  WIP to make this work for other
> + * encryption schemes.
> + */
> +void
> +inspect_do_decrypt (guestfs_h *g)
> +{
> +  CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions
(g);
> +  if (partitions == NULL)
> +    exit (EXIT_FAILURE);
> +
> +  int need_rescan = 0;
> +  size_t i;
> +  for (i = 0; partitions[i] != NULL; ++i) {
> +    CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
> +    if (type && STREQ (type, "crypto_LUKS")) {
> +      char mapname[32];
> +      make_mapname (partitions[i], mapname, sizeof mapname);
> +
> +      CLEANUP_FREE char *key = read_key (partitions[i]);
> +      /* XXX Should we call guestfs_luks_open_ro if readonly flag
> +       * is set?  This might break 'mount_ro'.
> +       */
> +      if (guestfs_luks_open (g, partitions[i], key, mapname) == -1)
> +        exit (EXIT_FAILURE);
> +
> +      need_rescan = 1;
> +    }
> +  }
> +
> +  if (need_rescan) {
> +    if (guestfs_vgscan (g) == -1)
> +      exit (EXIT_FAILURE);
> +    if (guestfs_vg_activate_all (g, 1) == -1)
> +      exit (EXIT_FAILURE);
> +  }
> +}
> diff --git a/fish/inspect.c b/fish/inspect.c
> index 952d4f7..4a5b3c3 100644
> --- a/fish/inspect.c
> +++ b/fish/inspect.c
> @@ -202,71 +202,3 @@ print_inspect_prompt (void)
>              dev ? dev : mountpoints[i+1], mountpoints[i]);
>    }
>  }
> -
> -/**
> - * Make a LUKS map name from the partition name,
> - * eg. C<"/dev/vda2" =E<gt> "luksvda2">
> - */
> -static void
> -make_mapname (const char *device, char *mapname, size_t len)
> -{
> -  size_t i = 0;
> -
> -  if (len < 5)
> -    abort ();
> -  strcpy (mapname, "luks");
> -  mapname += 4;
> -  len -= 4;
> -
> -  if (STRPREFIX (device, "/dev/"))
> -    i = 5;
> -
> -  for (; device[i] != '\0' && len >= 1; ++i) {
> -    if (c_isalnum (device[i])) {
> -      *mapname++ = device[i];
> -      len--;
> -    }
> -  }
> -
> -  *mapname = '\0';
> -}
> -
> -/**
> - * Simple implementation of decryption: look for any C<crypto_LUKS>
> - * partitions and decrypt them, then rescan for VGs.  This only works
> - * for Fedora whole-disk encryption.  WIP to make this work for other
> - * encryption schemes.
> - */
> -void
> -inspect_do_decrypt (guestfs_h *g)
> -{
> -  CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions
(g);
> -  if (partitions == NULL)
> -    exit (EXIT_FAILURE);
> -
> -  int need_rescan = 0;
> -  size_t i;
> -  for (i = 0; partitions[i] != NULL; ++i) {
> -    CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
> -    if (type && STREQ (type, "crypto_LUKS")) {
> -      char mapname[32];
> -      make_mapname (partitions[i], mapname, sizeof mapname);
> -
> -      CLEANUP_FREE char *key = read_key (partitions[i]);
> -      /* XXX Should we call guestfs_luks_open_ro if readonly flag
> -       * is set?  This might break 'mount_ro'.
> -       */
> -      if (guestfs_luks_open (g, partitions[i], key, mapname) == -1)
> -        exit (EXIT_FAILURE);
> -
> -      need_rescan = 1;
> -    }
> -  }
> -
> -  if (need_rescan) {
> -    if (guestfs_vgscan (g) == -1)
> -      exit (EXIT_FAILURE);
> -    if (guestfs_vg_activate_all (g, 1) == -1)
> -      exit (EXIT_FAILURE);
> -  }
> -}
> diff --git a/fish/options.h b/fish/options.h
> index 061b41f..e8a4ebc 100644
> --- a/fish/options.h
> +++ b/fish/options.h
> @@ -111,6 +111,9 @@ struct mp {
>  /* in config.c */
>  extern void parse_config (void);
>  
> +/* in decrypt.c */
> +extern void inspect_do_decrypt (guestfs_h *g);
> +
>  /* in domain.c */
>  extern int add_libvirt_drives (guestfs_h *g, const char *guest);
>  
> @@ -124,7 +127,6 @@ extern void print_inspect_prompt (void);
>  
>  #if COMPILING_VIRT_INSPECTOR
>  /* (low-level inspection functions, used by virt-inspector only) */
> -extern void inspect_do_decrypt (guestfs_h *g);
>  extern void inspect_mount_root (guestfs_h *g, const char *root);
>  #endif
>  
> diff --git a/format/Makefile.am b/format/Makefile.am
> index d196910..0e881a5 100644
> --- a/format/Makefile.am
> +++ b/format/Makefile.am
> @@ -26,6 +26,7 @@ bin_PROGRAMS = virt-format
>  
>  SHARED_SOURCE_FILES = \
>  	../fish/config.c \
> +	../fish/decrypt.c \
>  	../fish/display-options.h \
>  	../fish/display-options.c \
>  	../fish/domain.c \
> diff --git a/fuse/Makefile.am b/fuse/Makefile.am
> index d766479..b8f5ad6 100644
> --- a/fuse/Makefile.am
> +++ b/fuse/Makefile.am
> @@ -34,6 +34,7 @@ bin_PROGRAMS = \
>  # between guestfish and guestmount.
>  SHARED_SOURCE_FILES = \
>  	../fish/config.c \
> +	../fish/decrypt.c \
>  	../fish/display-options.h \
>  	../fish/display-options.c \
>  	../fish/domain.c \
> diff --git a/inspector/Makefile.am b/inspector/Makefile.am
> index 00ca5d5..760e810 100644
> --- a/inspector/Makefile.am
> +++ b/inspector/Makefile.am
> @@ -54,6 +54,7 @@ bin_PROGRAMS = virt-inspector
>  
>  SHARED_SOURCE_FILES = \
>  	../fish/config.c \
> +	../fish/decrypt.c \
>  	../fish/display-options.h \
>  	../fish/display-options.c \
>  	../fish/domain.c \
> diff --git a/rescue/Makefile.am b/rescue/Makefile.am
> index c2545bd..f2a3c39 100644
> --- a/rescue/Makefile.am
> +++ b/rescue/Makefile.am
> @@ -27,6 +27,7 @@ bin_PROGRAMS = virt-rescue
>  
>  SHARED_SOURCE_FILES = \
>  	../fish/config.c \
> +	../fish/decrypt.c \
>  	../fish/display-options.h \
>  	../fish/display-options.c \
>  	../fish/domain.c \
> -- 
> 2.7.4
This appears to be straight code motion, so ACK.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/

On Mon, Sep 19, 2016 at 07:12:45PM +0200, Pino Toscano
wrote:
> +let inspect_decrypt g > +  (* Note we pass original 'g' even
though it is not used by the
> +   * callee.  This is so that 'g' is kept as a root on the stack,
and
> +   * so cannot be garbage collected while we are in the c_edit_file
I'm guessing you mean "the c_inspect_decrypt function."
> +   * function.
> +   *)
> +  c_inspect_decrypt g#ocaml_handle (Guestfs.c_pointer g#ocaml_handle)
ACK with that small comment fix.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW

On Mon, Sep 19, 2016 at 07:12:46PM +0200, Pino Toscano
wrote:
> Make use of the additional command line arguments, and API needed to
> decrypt LUKS partitions.
> 
> This affects only virt-customize, virt-get-kernel, virt-sparsify, and
> virt-sysprep, as they are the main OCaml tools interacting with
> user-provided images.
> ---
>  customize/customize_main.ml    |  5 ++++-
>  customize/virt-customize.pod   | 12 ++++++++++++
>  get-kernel/get_kernel.ml       |  5 ++++-
>  get-kernel/virt-get-kernel.pod | 12 ++++++++++++
>  sparsify/cmdline.ml            |  2 +-
>  sparsify/copying.ml            |  3 +++
>  sparsify/in_place.ml           |  3 +++
>  sparsify/virt-sparsify.pod     | 12 ++++++++++++
>  sysprep/main.ml                |  5 ++++-
>  sysprep/virt-sysprep.pod       | 12 ++++++++++++
>  10 files changed, 67 insertions(+), 4 deletions(-)
> 
> diff --git a/customize/customize_main.ml b/customize/customize_main.ml
> index 07fd790..5613277 100644
> --- a/customize/customize_main.ml
> +++ b/customize/customize_main.ml
> @@ -102,7 +102,7 @@ A short summary of the options is given below.  For
detailed help please
>  read the man page virt-customize(1).
>  ")
>        prog in
> -  let opthandle = create_standard_options argspec usage_msg in
> +  let opthandle = create_standard_options argspec ~key_opts:true usage_msg
in
>    Getopt.parse opthandle;
>  
>    if not !format_consumed then
> @@ -175,6 +175,9 @@ read the man page virt-customize(1).
>      g#launch ();
>      g in
>  
> +  (* Decrypt the disks. *)
> +  inspect_decrypt g;
> +
>    (* Inspection. *)
>    (match Array.to_list (g#inspect_os ()) with
>    | [] ->
> diff --git a/customize/virt-customize.pod b/customize/virt-customize.pod
> index e594f61..a0ca9c9 100644
> --- a/customize/virt-customize.pod
> +++ b/customize/virt-customize.pod
> @@ -107,6 +107,13 @@ used instead of names.
>  Perform a read-only "dry run" on the guest.  This runs the
sysprep
>  operation, but throws away any changes to the disk at the end.
>  
> +=item B<--echo-keys>
> +
> +When prompting for keys and passphrases, virt-customize normally turns
> +echoing off so you cannot see what you are typing.  If you are not
> +worried about Tempest attacks and there is no one else in the room
> +you can specify this flag to see what you are typing.
> +
>  =item B<--format> raw|qcow2|..
>  
>  =item B<--format> auto
> @@ -131,6 +138,11 @@ If you have untrusted raw-format guest disk images,
you should use
>  this option to specify the disk format.  This avoids a possible
>  security problem with malicious guests (CVE-2010-3851).
>  
> +=item B<--keys-from-stdin>
> +
> +Read key or passphrase parameters from stdin.  The default is
> +to try to read passphrases from the user by opening F</dev/tty>.
> +
>  =item B<-m> MB
>  
>  =item B<--memsize> MB
> diff --git a/get-kernel/get_kernel.ml b/get-kernel/get_kernel.ml
> index f83a940..adf9649 100644
> --- a/get-kernel/get_kernel.ml
> +++ b/get-kernel/get_kernel.ml
> @@ -70,7 +70,7 @@ A short summary of the options is given below.  For
detailed help please
>  read the man page virt-get-kernel(1).
>  ")
>        prog in
> -  let opthandle = create_standard_options argspec usage_msg in
> +  let opthandle = create_standard_options argspec ~key_opts:true usage_msg
in
>    Getopt.parse opthandle;
>  
>    (* Machine-readable mode?  Print out some facts about what
> @@ -174,6 +174,9 @@ let main () >    add g;
>    g#launch ();
>  
> +  (* Decrypt the disks. *)
> +  inspect_decrypt g;
> +
>    let roots = g#inspect_os () in
>    if Array.length roots = 0 then
>      error (f_"no operating system found");
> diff --git a/get-kernel/virt-get-kernel.pod
b/get-kernel/virt-get-kernel.pod
> index 97a159c..8298fe5 100644
> --- a/get-kernel/virt-get-kernel.pod
> +++ b/get-kernel/virt-get-kernel.pod
> @@ -70,6 +70,13 @@ not used at all.
>  Add all the disks from the named libvirt guest.  Domain UUIDs can be
>  used instead of names.
>  
> +=item B<--echo-keys>
> +
> +When prompting for keys and passphrases, virt-get-kernel normally turns
> +echoing off so you cannot see what you are typing.  If you are not
> +worried about Tempest attacks and there is no one else in the room
> +you can specify this flag to see what you are typing.
> +
>  =item B<--format> raw|qcow2|..
>  
>  =item B<--format> auto
> @@ -82,6 +89,11 @@ If you have untrusted raw-format guest disk images, you
should use
>  this option to specify the disk format.  This avoids a possible
>  security problem with malicious guests (CVE-2010-3851).
>  
> +=item B<--keys-from-stdin>
> +
> +Read key or passphrase parameters from stdin.  The default is
> +to try to read passphrases from the user by opening F</dev/tty>.
> +
>  =item B<--machine-readable>
>  
>  This option is used to make the output more machine friendly
> diff --git a/sparsify/cmdline.ml b/sparsify/cmdline.ml
> index 523d612..2a9dd48 100644
> --- a/sparsify/cmdline.ml
> +++ b/sparsify/cmdline.ml
> @@ -90,7 +90,7 @@ A short summary of the options is given below.  For
detailed help please
>  read the man page virt-sparsify(1).
>  ")
>        prog in
> -  let opthandle = create_standard_options argspec ~anon_fun usage_msg in
> +  let opthandle = create_standard_options argspec ~anon_fun ~key_opts:true
usage_msg in
>    Getopt.parse opthandle;
>  
>    (* Dereference the rest of the args. *)
> diff --git a/sparsify/copying.ml b/sparsify/copying.ml
> index 003dbf8..9c66428 100644
> --- a/sparsify/copying.ml
> +++ b/sparsify/copying.ml
> @@ -182,6 +182,9 @@ You can ignore this warning or change it to a hard
failure using the
>  
>      g in
>  
> +  (* Decrypt the disks. *)
> +  inspect_decrypt g;
> +
>    (* Modify SIGINT handler (set first above) to cancel the handle. *)
>    let do_sigint _ >      g#user_cancel ();
> diff --git a/sparsify/in_place.ml b/sparsify/in_place.ml
> index e2ee9d9..5411892 100644
> --- a/sparsify/in_place.ml
> +++ b/sparsify/in_place.ml
> @@ -57,6 +57,9 @@ let run disk format ignores machine_readable zeroes > 
if not (g#feature_available [|"fstrim"|]) then
>      error ~exit_code:3 (f_"discard/trim is not supported");
>  
> +  (* Decrypt the disks. *)
> +  inspect_decrypt g;
> +
>    (* Discard non-ignored filesystems that we are able to mount, and
>     * selected swap partitions.
>     *)
> diff --git a/sparsify/virt-sparsify.pod b/sparsify/virt-sparsify.pod
> index 177cd03..fa72c23 100644
> --- a/sparsify/virt-sparsify.pod
> +++ b/sparsify/virt-sparsify.pod
> @@ -192,6 +192,13 @@ For fine-tuning the output format, see:
I<--compress>, I<-o>.
>  
>  You cannot use this option and I<--in-place> together.
>  
> +=item B<--echo-keys>
> +
> +When prompting for keys and passphrases, virt-sparsify normally turns
> +echoing off so you cannot see what you are typing.  If you are not
> +worried about Tempest attacks and there is no one else in the room
> +you can specify this flag to see what you are typing.
> +
>  =item B<--format> raw
>  
>  =item B<--format> qcow2
> @@ -223,6 +230,11 @@ You can give this option multiple times.
>  Do in-place sparsification instead of copying sparsification.
>  See L</IN-PLACE SPARSIFICATION> below.
>  
> +=item B<--keys-from-stdin>
> +
> +Read key or passphrase parameters from stdin.  The default is
> +to try to read passphrases from the user by opening F</dev/tty>.
> +
>  =item B<--machine-readable>
>  
>  This option is used to make the output more machine friendly
> diff --git a/sysprep/main.ml b/sysprep/main.ml
> index 01ea590..2fa416f 100644
> --- a/sysprep/main.ml
> +++ b/sysprep/main.ml
> @@ -147,7 +147,7 @@ A short summary of the options is given below.  For
detailed help please
>  read the man page virt-sysprep(1).
>  ")
>          prog in
> -    let opthandle = create_standard_options args usage_msg in
> +    let opthandle = create_standard_options args ~key_opts:true usage_msg
in
>      Getopt.parse opthandle;
>  
>      if not !format_consumed then
> @@ -216,6 +216,9 @@ read the man page virt-sysprep(1).
>  
>      operations, g, mount_opts in
>  
> +  (* Decrypt the disks. *)
> +  inspect_decrypt g;
> +
>    (* Inspection. *)
>    (match Array.to_list (g#inspect_os ()) with
>    | [] ->
> diff --git a/sysprep/virt-sysprep.pod b/sysprep/virt-sysprep.pod
> index bdb4580..0e59b4c 100644
> --- a/sysprep/virt-sysprep.pod
> +++ b/sysprep/virt-sysprep.pod
> @@ -155,6 +155,13 @@ version of virt-sysprep.
>  See L</OPERATIONS> below for a list and an explanation of each
>  operation.
>  
> +=item B<--echo-keys>
> +
> +When prompting for keys and passphrases, virt-sysprep normally turns
> +echoing off so you cannot see what you are typing.  If you are not
> +worried about Tempest attacks and there is no one else in the room
> +you can specify this flag to see what you are typing.
> +
>  =item B<--format> raw|qcow2|..
>  
>  =item B<--format> auto
> @@ -179,6 +186,11 @@ If you have untrusted raw-format guest disk images,
you should use
>  this option to specify the disk format.  This avoids a possible
>  security problem with malicious guests (CVE-2010-3851).
>  
> +=item B<--keys-from-stdin>
> +
> +Read key or passphrase parameters from stdin.  The default is
> +to try to read passphrases from the user by opening F</dev/tty>.
> +
>  =item B<--list-operations>
>  
>  List the operations supported by the virt-sysprep program.
Looks good, ACK.

Thanks,

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top