thr3ads.net - Libguestfs - [Libguestfs] [v2v PATCH] convert: document networking dependency of "--key ID:clevis" [Jul 2022]

If this information is useful, please help other people find it:
Share via:

Laszlo Ersek

2022-Jun-28 11:58 UTC

[Libguestfs] [v2v PATCH] convert: document networking dependency of "--key ID:clevis"

Virt-v2v enables appliance networking already, for the sake of
"unconfigure_vmware". We now have a second use case for networking:
"--key
ID:clevis". Update the comment in the code.

(Short log for libguestfs-common commit range 9e990f3e4530..0399dea30e63:

Laszlo Ersek (12):
      options: fix buffer overflow in get_keys() [CVE-2022-2211]
      options: fix UUID comparison logic bug in get_keys()
      mltools/tools_utils: remove unused function "key_store_to_cli"
      mltools/tools_utils: allow multiple "--key" options for OCaml
tools too
      options: replace NULL-termination with number-of-elements in get_keys()
      options: wrap each passphrase from get_keys() into a struct
      options: add back-end for LUKS decryption with Clevis+Tang
      options: introduce selector tpe "key_clevis"
      options: generalize "--key" selector parsing for C-language
utilities
      mltools/tools_utils: generalize "--key" selector parsing for
OCaml utils
      options, mltools/tools_utils: parse "--key ID:clevis" options
      options, mltools/tools_utils: add helper for network dependency
).

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
---

Notes:
    The submodule commit range 9e990f3e4530..0399dea30e63 needs to be
    refreshed in both the commit message and the "common" hunk, once
the
    libguestfs-common series is upstream.

 convert/convert.ml | 3 ++-
 common             | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/convert/convert.ml b/convert/convert.ml
index 87fca7252ba3..17a75e3fad32 100644
--- a/convert/convert.ml
+++ b/convert/convert.ml
@@ -54,11 +54,12 @@ let rec convert dir options source    g#set_memsize
(g#get_memsize () * 2);
   (* Setting the number of vCPUs allows parallel mkinitrd, but make
    * sure this is not too large because each vCPU consumes guest RAM.
    *)
   g#set_smp (min 8 (Sysconf.nr_processors_online ()));
-  (* The network is only used by the unconfigure_vmware () function. *)
+  (* The network is used by the unconfigure_vmware () function, and the
"--key
+   * ID:clevis" command line options (if any). *)
   g#set_network true;
   List.iter (
     fun { s_disk_id = i } ->
       (* NB: Old virt-v2v used copyonread here, when it was using a
        * qcow2 file as overlay.  We MUST NOT use copyonread!  It
diff --git a/common b/common
index 9e990f3e4530..0399dea30e63 160000
--- a/common
+++ b/common
@@ -1 +1 @@
-Subproject commit 9e990f3e4530df3708d176bc50e0bc68cf07d3ff
+Subproject commit 0399dea30e6353870183a07a82d05b4ec8f20ca0
-- 
2.19.1.3.g30247aa5d201

Richard W.M. Jones

2022-Jun-28 14:59 UTC

head link

[Libguestfs] [v2v PATCH] convert: document networking dependency of "--key ID:clevis"

On Tue, Jun 28, 2022 at 01:58:56PM +0200, Laszlo Ersek
wrote:> Virt-v2v enables appliance networking already, for the sake of
> "unconfigure_vmware". We now have a second use case for
networking: "--key
> ID:clevis". Update the comment in the code.
> 
> (Short log for libguestfs-common commit range 9e990f3e4530..0399dea30e63:
> 
> Laszlo Ersek (12):
>       options: fix buffer overflow in get_keys() [CVE-2022-2211]
>       options: fix UUID comparison logic bug in get_keys()
>       mltools/tools_utils: remove unused function
"key_store_to_cli"
>       mltools/tools_utils: allow multiple "--key" options for
OCaml tools too
>       options: replace NULL-termination with number-of-elements in
get_keys()
>       options: wrap each passphrase from get_keys() into a struct
>       options: add back-end for LUKS decryption with Clevis+Tang
>       options: introduce selector tpe "key_clevis"
>       options: generalize "--key" selector parsing for C-language
utilities
>       mltools/tools_utils: generalize "--key" selector parsing
for OCaml utils
>       options, mltools/tools_utils: parse "--key ID:clevis"
options
>       options, mltools/tools_utils: add helper for network dependency
> ).
> 
> Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
> Signed-off-by: Laszlo Ersek <lersek at redhat.com>
> ---
> 
> Notes:
>     The submodule commit range 9e990f3e4530..0399dea30e63 needs to be
>     refreshed in both the commit message and the "common" hunk,
once the
>     libguestfs-common series is upstream.
> 
>  convert/convert.ml | 3 ++-
>  common             | 2 +-
>  2 files changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/convert/convert.ml b/convert/convert.ml
> index 87fca7252ba3..17a75e3fad32 100644
> --- a/convert/convert.ml
> +++ b/convert/convert.ml
> @@ -54,11 +54,12 @@ let rec convert dir options source >   
g#set_memsize (g#get_memsize () * 2);
>    (* Setting the number of vCPUs allows parallel mkinitrd, but make
>     * sure this is not too large because each vCPU consumes guest RAM.
>     *)
>    g#set_smp (min 8 (Sysconf.nr_processors_online ()));
> -  (* The network is only used by the unconfigure_vmware () function. *)
> +  (* The network is used by the unconfigure_vmware () function, and the
"--key
> +   * ID:clevis" command line options (if any). *)
>    g#set_network true;
>    List.iter (
>      fun { s_disk_id = i } ->
>        (* NB: Old virt-v2v used copyonread here, when it was using a
>         * qcow2 file as overlay.  We MUST NOT use copyonread!  It
> diff --git a/common b/common
> index 9e990f3e4530..0399dea30e63 160000
> --- a/common
> +++ b/common
> @@ -1 +1 @@
> -Subproject commit 9e990f3e4530df3708d176bc50e0bc68cf07d3ff
> +Subproject commit 0399dea30e6353870183a07a82d05b4ec8f20ca0
Reviewed-by: Richard W.M. Jones <rjones at redhat.com>

Phew, thanks!

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v

Laszlo Ersek

2022-Jul-01 13:35 UTC

head link

[Libguestfs] [v2v PATCH] convert: document networking dependency of "--key ID:clevis"

On 06/28/22 16:59, Richard W.M. Jones wrote:> On Tue, Jun 28, 2022 at 01:58:56PM +0200, Laszlo Ersek wrote:
>> Virt-v2v enables appliance networking already, for the sake of
>> "unconfigure_vmware". We now have a second use case for
networking: "--key
>> ID:clevis". Update the comment in the code.
>>
>> (Short log for libguestfs-common commit range
9e990f3e4530..0399dea30e63:
>>
>> Laszlo Ersek (12):
>>       options: fix buffer overflow in get_keys() [CVE-2022-2211]
>>       options: fix UUID comparison logic bug in get_keys()
>>       mltools/tools_utils: remove unused function
"key_store_to_cli"
>>       mltools/tools_utils: allow multiple "--key" options for
OCaml tools too
>>       options: replace NULL-termination with number-of-elements in
get_keys()
>>       options: wrap each passphrase from get_keys() into a struct
>>       options: add back-end for LUKS decryption with Clevis+Tang
>>       options: introduce selector tpe "key_clevis"
>>       options: generalize "--key" selector parsing for
C-language utilities
>>       mltools/tools_utils: generalize "--key" selector
parsing for OCaml utils
>>       options, mltools/tools_utils: parse "--key ID:clevis"
options
>>       options, mltools/tools_utils: add helper for network dependency
>> ).
>>
>> Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
>> Signed-off-by: Laszlo Ersek <lersek at redhat.com>
>> ---
>>
>> Notes:
>>     The submodule commit range 9e990f3e4530..0399dea30e63 needs to be
>>     refreshed in both the commit message and the "common"
hunk, once the
>>     libguestfs-common series is upstream.
>>
>>  convert/convert.ml | 3 ++-
>>  common             | 2 +-
>>  2 files changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/convert/convert.ml b/convert/convert.ml
>> index 87fca7252ba3..17a75e3fad32 100644
>> --- a/convert/convert.ml
>> +++ b/convert/convert.ml
>> @@ -54,11 +54,12 @@ let rec convert dir options source >>   
g#set_memsize (g#get_memsize () * 2);
>>    (* Setting the number of vCPUs allows parallel mkinitrd, but make
>>     * sure this is not too large because each vCPU consumes guest RAM.
>>     *)
>>    g#set_smp (min 8 (Sysconf.nr_processors_online ()));
>> -  (* The network is only used by the unconfigure_vmware () function.
*)
>> +  (* The network is used by the unconfigure_vmware () function, and
the "--key
>> +   * ID:clevis" command line options (if any). *)
>>    g#set_network true;
>>    List.iter (
>>      fun { s_disk_id = i } ->
>>        (* NB: Old virt-v2v used copyonread here, when it was using a
>>         * qcow2 file as overlay.  We MUST NOT use copyonread!  It
>> diff --git a/common b/common
>> index 9e990f3e4530..0399dea30e63 160000
>> --- a/common
>> +++ b/common
>> @@ -1 +1 @@
>> -Subproject commit 9e990f3e4530df3708d176bc50e0bc68cf07d3ff
>> +Subproject commit 0399dea30e6353870183a07a82d05b4ec8f20ca0
> 
> Reviewed-by: Richard W.M. Jones <rjones at redhat.com>
Commit 98fa5ab26853.

Thanks! :)
Laszlo
> 
> Phew, thanks!
> 
> Rich.
>

Libguestfs - Jul 2022 - [v2v PATCH] convert: document networking dependency of "--key ID:clevis"

[Libguestfs] [v2v PATCH] convert: document networking dependency of "--key ID:clevis"

[Libguestfs] [v2v PATCH] convert: document networking dependency of "--key ID:clevis"

[Libguestfs] [v2v PATCH] convert: document networking dependency of "--key ID:clevis"