search for: 0o600

...g#chmod 0o700 ssh_dir + g#chmod 0o700 ssh_dir; + g#chown uid gid ssh_dir; ); (* Create ~user/.ssh/authorized_keys if it doesn't exist. *) let auth_keys = sprintf "%s/authorized_keys" ssh_dir in if not (g#exists auth_keys) then ( g#touch auth_keys; - g#chmod 0o600 auth_keys + g#chmod 0o600 auth_keys; + g#chown uid gid auth_keys; ); (* Append the key. *) -- 2.5.5

Turn the snippet reading user information from /etc/passwd in a slightly more generic function, so there is no need to copy&paste for other details. Mostly code motion. --- customize/ssh_key.ml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/customize/ssh_key.ml b/customize/ssh_key.ml index a4e4a51..7c482e7 100644 --- a/customize/ssh_key.ml +++

...v2v/input_libvirt_vddk.ml +++ b/v2v/input_libvirt_vddk.ml @@ -240,10 +240,11 @@ object "password=-" | Some password -> let password_file = tmpdir // "password" in - let chan = open_out password_file in - chmod password_file 0o600; - output_string chan password; - close_out chan; + with_open_out password_file ( + fun chan -> + chmod password_file 0o600; + output_string chan password + ); (* nbdkit reads the password from the file *...

...g#chmod 0o755 ssh_dir + g#chmod 0o700 ssh_dir ); (* Create ~user/.ssh/authorized_keys if it doesn't exist. *) let auth_keys = sprintf "%s/authorized_keys" ssh_dir in if not (g#exists auth_keys) then ( g#touch auth_keys; - g#chmod 0o644 auth_keys + g#chmod 0o600 auth_keys ); (* Append the key. *) diff --git a/src/guestfs.pod b/src/guestfs.pod index 75afa9d..366d6f5 100644 --- a/src/guestfs.pod +++ b/src/guestfs.pod @@ -2244,6 +2244,23 @@ allowed a malformed filesystem to take over the appliance. If you use sVirt to confine qemu, that would thwar...

v4: - Same as v3, but depends on and uses new --machine-readable work. Rich.

v5: - Normal output modified approx as suggested in previous email. - Machine readable output uses JSON.

...ion. Also, unrelated to this patch: IMHO it would be a good idea to explicitly note this limitation in the API docs. > + (* Write the key to a temporary file. *) > + let keyfile, chan = Filename.open_temp_file "crypt" ".key" in > + fchmod (descr_of_out_channel chan) 0o600; This fchmod is not needed, as temporary files are already 600 by default. > + (* Make sure we always remove the temporary file. *) > + protect ~f:( > + fun () -> > + let args = ref [] in > + List.push_back_list args ["-d"; keyfile]; > + if reado...

My stab v3 at fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=1789279 It took me quite some time to go through the whole rfc 4122 just to realize we do not need to do anything with the versions. v3: - Do the check in precheck - Fix for Lazy evaluation of regexp UUID v2: - https://www.redhat.com/archives/libguestfs/2020-January/msg00221.html - Use EEXIST instead of EINVAL - Put the

...sh_back_list cmd ["-O"; "qcow2"]; + List.push_back cmd "--output=json"; + List.push_back cmd filename; + + let json = Filename.temp_file "v2vmeasure" ".json" in + unlink_on_exit json; + + let fd = Unix.openfile json [O_WRONLY; O_CREAT; O_TRUNC] 0o600 in + if run_command ~stdout_fd:fd !cmd <> 0 then + error (f_"qemu-img measure failed, see earlier errors"); + (* Note that run_command closes fd. *) + + let json = read_whole_file json in + debug "qemu-img measure output: %s" json; + let json = json_parser_tree_par...

...sh_back_list cmd ["-O"; "qcow2"]; + List.push_back cmd "--output=json"; + List.push_back cmd filename; + + let json = Filename.temp_file "v2vmeasure" ".json" in + unlink_on_exit json; + + let fd = Unix.openfile json [O_WRONLY; O_CREAT; O_TRUNC] 0o600 in + if run_command ~stdout_fd:fd !cmd <> 0 then + error (f_"qemu-img measure failed, see earlier errors"); + (* Note that run_command closes fd. *) + + let json = read_whole_file json in + let tree = json_parser_tree_parse json in + + (* We're expecting the tree to cont...

...sh_back_list cmd ["-O"; "qcow2"]; + List.push_back cmd "--output=json"; + List.push_back cmd filename; + + let json = Filename.temp_file "v2vmeasure" ".json" in + unlink_on_exit json; + + let fd = Unix.openfile json [O_WRONLY; O_CREAT; O_TRUNC] 0o600 in + if run_command ~stdout_fd:fd !cmd <> 0 then + error (f_"qemu-img measure failed, see earlier errors"); + (* Note that run_command closes fd. *) + + let json = read_whole_file json in + debug "qemu-img measure output: %s" json; + let json = json_parser_tree_par...

Original version linked from here: https://bugzilla.redhat.com/show_bug.cgi?id=1808977#c8 There is no change in the code in this series, but feedback from the original series was we shouldn't lose the error message in patch 7. When I tested this just now in fact we don't lose the error if debugging is enabled, but I have updated the commit message to note what the error message is in the

These commits, along with the associated changes to common: https://www.redhat.com/archives/libguestfs/2020-March/msg00286.html support the transparent decryption and inspection of Windows guests encrypted with BitLocker encryption. To do the BitLocker decryption requires cryptsetup 2.3.0 (although cryptsetup 2.3 is not required for existing LUKS use). It also requires a new-ish Linux kernel, I

...;BitLocker" -> "bitlk" + | _ -> + failwithf "%s: unknown encrypted device type" t in + + (* Write the key to a temporary file. *) + let keyfile, chan = Filename.open_temp_file "crypt" ".key" in + fchmod (descr_of_out_channel chan) 0o600; + output_string chan key; + close_out chan; + + (* Make sure we always remove the temporary file. *) + protect ~f:( + fun () -> + let args = ref [] in + List.push_back_list args ["-d"; keyfile]; + if readonly then List.push_back args "--readonly"; +...

...;BitLocker" -> "bitlk" + | _ -> + failwithf "%s: unknown encrypted device type" t in + + (* Write the key to a temporary file. *) + let keyfile, chan = Filename.open_temp_file "crypt" ".key" in + fchmod (descr_of_out_channel chan) 0o600; + output_string chan key; + close_out chan; + + (* Make sure we always remove the temporary file. *) + protect ~f:( + fun () -> + let args = ref [] in + List.push_back_list args ["-d"; keyfile]; + if readonly then List.push_back args "--readonly"; +...

I rethought this again, as I think that it's a dangerous assumption to bake qemu-img measure output into our API. This patch series runs qemu-img measure behind the scenes, but then parses the output and sums it to a single number which we print. Doing that required a bit of reworking, moving the Jansson [JSON parser] bindings from virt-builder into the common directory and a couple of other

Use -ip instead of --password-file, and various refactorings. It strikes me that we should probably deprecate and eventually remove virt-v2v-copy-to-local. With the introduction of the new SSH and VDDK transports, and with RHEL 5 Xen becoming more irrelevant, it's no longer needed. Rich.

This patch series fixes various issues in the rhv-upload output mode: - properly find and use RHV resources - cleanup orphan disks, and possibly the current disk transfer on failure In reality, the first 4 patches deal with resources, and the other 4 with cleanups. The latter block can be theoretically sent alone -- I just happened to start working on it as part of my "let's fix

There's not going to be an easy way to present this patch. It's huge and interconnected. Anyway, what it does is lay the groundwork for a new tool which I'm calling 'virt-customize'. virt-customize is virt-builder, but without the part where it downloads a template from a respository. Just the part where it customizes the template, that is, installing packages, editing