Libguestfs - Jun 2022 - [libguestfs-common PATCH 08/12] options: introduce selector tpe "key_clevis"

From an earlier patch in this series, we can now represent LUKS decryption
with Clevis+Tang in those matching keys that we distill for a particular
guestfs device or LUKS UUID. Now extend the keystore (composed from
command line options), i.e. the store that is filtered into matching keys,
with a selector type that stands for Clevis+Tang.

Again, this patch introduces no change in observable behavior; there is
still no user interface for placing a selector of the new type into the
keystore.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
---
 options/options.h | 1 +
 options/keys.c    | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/options/options.h b/options/options.h
index 61a385da13ae..e7a0364cc926 100644
--- a/options/options.h
+++ b/options/options.h
@@ -113,10 +113,11 @@ struct key_store_key {
   char *id;
 
   enum {
     key_string,             /* key specified as string */
     key_file,               /* key stored in a file */
+    key_clevis,             /* key reconstructed with Clevis+Tang */
   } type;
   union {
     struct {
       char *s;              /* string of the key */
     } string;
diff --git a/options/keys.c b/options/keys.c
index 75c659561c52..7729fe79c99b 100644
--- a/options/keys.c
+++ b/options/keys.c
@@ -169,10 +169,15 @@ get_keys (struct key_store *ks, const char *device, const
char *uuid,
         s = read_first_line_from_file (key->file.name);
         match->clevis = false;
         match->passphrase = s;
         ++match;
         break;
+      case key_clevis:
+        match->clevis = true;
+        match->passphrase = NULL;
+        ++match;
+        break;
       }
     }
   }
 
   if (match == r) {
@@ -289,9 +294,12 @@ free_key_store (struct key_store *ks)
       free (key->string.s);
       break;
     case key_file:
       free (key->file.name);
       break;
+    case key_clevis:
+      /* nothing */
+      break;
     }
     free (key->id);
   }
 }
-- 
2.19.1.3.g30247aa5d201

On Tue, Jun 28, 2022 at 01:49:11PM +0200, Laszlo Ersek
wrote:
> >From an earlier patch in this series, we can now represent LUKS
decryption
> with Clevis+Tang in those matching keys that we distill for a particular
> guestfs device or LUKS UUID. Now extend the keystore (composed from
> command line options), i.e. the store that is filtered into matching keys,
> with a selector type that stands for Clevis+Tang.
> 
> Again, this patch introduces no change in observable behavior; there is
> still no user interface for placing a selector of the new type into the
> keystore.
> 
> Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
> Signed-off-by: Laszlo Ersek <lersek at redhat.com>
> ---
>  options/options.h | 1 +
>  options/keys.c    | 8 ++++++++
>  2 files changed, 9 insertions(+)
> 
> diff --git a/options/options.h b/options/options.h
> index 61a385da13ae..e7a0364cc926 100644
> --- a/options/options.h
> +++ b/options/options.h
> @@ -113,10 +113,11 @@ struct key_store_key {
>    char *id;
>  
>    enum {
>      key_string,             /* key specified as string */
>      key_file,               /* key stored in a file */
> +    key_clevis,             /* key reconstructed with Clevis+Tang */
>    } type;
>    union {
>      struct {
>        char *s;              /* string of the key */
>      } string;
> diff --git a/options/keys.c b/options/keys.c
> index 75c659561c52..7729fe79c99b 100644
> --- a/options/keys.c
> +++ b/options/keys.c
> @@ -169,10 +169,15 @@ get_keys (struct key_store *ks, const char *device,
const char *uuid,
>          s = read_first_line_from_file (key->file.name);
>          match->clevis = false;
>          match->passphrase = s;
>          ++match;
>          break;
> +      case key_clevis:
> +        match->clevis = true;
> +        match->passphrase = NULL;
> +        ++match;
> +        break;
>        }
>      }
>    }
>  
>    if (match == r) {
> @@ -289,9 +294,12 @@ free_key_store (struct key_store *ks)
>        free (key->string.s);
>        break;
>      case key_file:
>        free (key->file.name);
>        break;
> +    case key_clevis:
> +      /* nothing */
> +      break;
>      }
>      free (key->id);
>    }
Reviewed-by: Richard W.M. Jones <rjones at redhat.com>


-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html