search for: inspect_decrypt

...| 2 +- 6 files changed, 13 insertions(+), 12 deletions(-) diff --git a/mltools/tools_utils-c.c b/mltools/tools_utils-c.c index 6c43b8d..1dcebc4 100644 --- a/mltools/tools_utils-c.c +++ b/mltools/tools_utils-c.c @@ -36,7 +36,7 @@ #include "options.h" -extern value guestfs_int_mllib_inspect_decrypt (value gv, value gpv, value keysv); +extern value guestfs_int_mllib_inspect_decrypt (value gv, value gpv, value keysv, value allowdiscards); extern value guestfs_int_mllib_set_echo_keys (value unitv); extern value guestfs_int_mllib_set_keys_from_stdin (value unitv); extern value guestfs_int_mlli...

...| 2 +- 6 files changed, 18 insertions(+), 13 deletions(-) diff --git a/mltools/tools_utils-c.c b/mltools/tools_utils-c.c index 6c43b8d..1dcebc4 100644 --- a/mltools/tools_utils-c.c +++ b/mltools/tools_utils-c.c @@ -36,7 +36,7 @@ #include "options.h" -extern value guestfs_int_mllib_inspect_decrypt (value gv, value gpv, value keysv); +extern value guestfs_int_mllib_inspect_decrypt (value gv, value gpv, value keysv, value allowdiscards); extern value guestfs_int_mllib_set_echo_keys (value unitv); extern value guestfs_int_mllib_set_keys_from_stdin (value unitv); extern value guestfs_int_mlli...

On Wed, Jan 22, 2020 at 10:14:38AM +0100, Jan Synacek wrote: > -val inspect_decrypt : Guestfs.guestfs -> key_store -> unit > +val inspect_decrypt : Guestfs.guestfs -> ?allow_discards:bool -> key_store -> unit > > (** Simple implementation of decryption: look for any [crypto_LUKS] > partitions and decrypt them, then rescan for VGs. This only works...

The following patch attempts to implement sparsification of LUKS-encrypted partitions. It uses lsblk to pair the underlying LUKS block device with its mapped name. Also, --allow-discards was added by default to luks_open(). There are several potential issues that I can think of: 1) If and entire device is encrypted (not just one of more partitions), the lsblk trick might not work. 2) The

...ate_standard_options argspec usage_msg in + let opthandle = create_standard_options argspec ~key_opts:true usage_msg in Getopt.parse opthandle; if not !format_consumed then @@ -175,6 +175,9 @@ read the man page virt-customize(1). g#launch (); g in + (* Decrypt the disks. *) + inspect_decrypt g; + (* Inspection. *) (match Array.to_list (g#inspect_os ()) with | [] -> diff --git a/customize/virt-customize.pod b/customize/virt-customize.pod index e594f61..a0ca9c9 100644 --- a/customize/virt-customize.pod +++ b/customize/virt-customize.pod @@ -107,6 +107,13 @@ used instead of na...

...on/mltools/tools_utils-c.c @@ -22,6 +22,7 @@ #include <stdlib.h> #include <unistd.h> #include <errno.h> +#include <error.h> #include <caml/alloc.h> #include <caml/fail.h> @@ -33,7 +34,7 @@ #include "options.h" -extern value guestfs_int_mllib_inspect_decrypt (value gv, value gpv); +extern value guestfs_int_mllib_inspect_decrypt (value gv, value gpv, value keysv); extern value guestfs_int_mllib_set_echo_keys (value unitv); extern value guestfs_int_mllib_set_keys_from_stdin (value unitv); @@ -42,12 +43,47 @@ int echo_keys = 0; int keys_from_stdin =...

Hi, this series refactors some guestfish code (not much), and exposes it via Common_utils, so it is possible to decrypt LUKS partitions when using virt-customize, virt-get-kernel, virt-sparsify, and virt-sysprep. This brings them closer in features with C tools. Most probably a couple more of other OCaml-based tools (virt-v2v to convert encrypted guests, and virt-builder to use encrypted

Hi, the following series adds a --key option in the majority of tools: this makes it possible to pass LUKS credentials programmatically, avoid the need to manually input them, or unsafely pass them via stdin. Thanks, Pino Toscano (2): mltools: create a cmdline_options struct Introduce a --key option in tools that accept keys builder/cmdline.ml | 2 +-

...String.length str > 0 && str.[String.length str - 1] <> '\n' then str ^ "\n" else str diff --git a/mllib/common_utils.ml b/mllib/common_utils.ml index e1d63292e..945728b5e 100644 --- a/mllib/common_utils.ml +++ b/mllib/common_utils.ml @@ -1167,3 +1167,8 @@ let inspect_decrypt g = * function. *) c_inspect_decrypt g#ocaml_handle (Guestfs.c_pointer g#ocaml_handle) + +let do_cp src destdir = + let cmd = [ "cp"; "-t"; destdir; "-a"; src ] in + if run_command cmd <> 0 then + error (f_"copy of %s to %s failed") src...

...String.length str > 0 && str.[String.length str - 1] <> '\n' then str ^ "\n" else str diff --git a/mllib/common_utils.ml b/mllib/common_utils.ml index e1d63292e..945728b5e 100644 --- a/mllib/common_utils.ml +++ b/mllib/common_utils.ml @@ -1167,3 +1167,8 @@ let inspect_decrypt g = * function. *) c_inspect_decrypt g#ocaml_handle (Guestfs.c_pointer g#ocaml_handle) + +let do_cp src destdir = + let cmd = [ "cp"; "-t"; destdir; "-a"; src ] in + if run_command cmd <> 0 then + error (f_"copy of %s to %s failed") src...

...String.length str > 0 && str.[String.length str - 1] <> '\n' then str ^ "\n" else str diff --git a/mllib/common_utils.ml b/mllib/common_utils.ml index 63d8dd92e..ceac57711 100644 --- a/mllib/common_utils.ml +++ b/mllib/common_utils.ml @@ -1186,3 +1186,8 @@ let inspect_decrypt g = * function. *) c_inspect_decrypt g#ocaml_handle (Guestfs.c_pointer g#ocaml_handle) + +let do_cp src destdir = + let cmd = [ "cp"; "-t"; destdir; "-a"; src ] in + if run_command cmd <> 0 then + error (f_"copy of %s to %s failed") src...

--- mllib/common_utils.ml | 6 ++++++ mllib/common_utils.mli | 3 +++ 2 files changed, 9 insertions(+) diff --git a/mllib/common_utils.ml b/mllib/common_utils.ml index 597128967..1126f233b 100644 --- a/mllib/common_utils.ml +++ b/mllib/common_utils.ml @@ -561,3 +561,9 @@ let inspect_decrypt g = * function. *) c_inspect_decrypt g#ocaml_handle (Guestfs.c_pointer g#ocaml_handle) + +let do_mv src dest = + let cmd = [ "mv"; src; dest ] in + let r = run_command cmd in + if r <> 0 then + error (f_"moving file '%s' to '%s' failed") sr...

On Wed, Jan 22, 2020 at 10:50 AM Richard W.M. Jones <rjones@redhat.com> wrote: > On Wed, Jan 22, 2020 at 10:14:38AM +0100, Jan Synacek wrote: > > -val inspect_decrypt : Guestfs.guestfs -> key_store -> unit > > +val inspect_decrypt : Guestfs.guestfs -> ?allow_discards:bool -> > key_store -> unit > > > > (** Simple implementation of decryption: look for any [crypto_LUKS] > > partitions and decrypt them, then rescan f...

...if the keystore changes had been broken out from the tools changes. On Wed, Sep 19, 2018 at 12:37:01PM +0200, Pino Toscano wrote: > @@ -599,13 +621,21 @@ let is_btrfs_subvolume g fs = > if g#last_errno () = Guestfs.Errno.errno_EINVAL then false > else raise exn > > -let inspect_decrypt g = > +let inspect_decrypt g ks = > + (* Turn the keys in the key_store into a simpler struct, so it is possible > + * to read it using the C API. > + *) > + let keys_as_list = Hashtbl.fold ( > + fun k v acc -> > + (k, v) :: acc > + ) ks.keys [] in >...

...git a/sparsify/in_place.ml b/sparsify/in_place.ml index 7da83dafd..ade3c6843 100644 --- a/sparsify/in_place.ml +++ b/sparsify/in_place.ml @@ -62,7 +62,7 @@ let run disk format ignores zeroes ks = error ~exit_code:3 (f_"discard/trim is not supported"); (* Decrypt the disks. *) - inspect_decrypt g ks; + inspect_decrypt g ~allow_discards:true ks; (* Discard non-ignored filesystems that we are able to mount, and * selected swap partitions. -- 2.24.1

...alues.h> + +#ifdef HAVE_CAML_UNIXSUPPORT_H +#include <caml/unixsupport.h> +#else +#define Nothing ((value) 0) +extern void unix_error (int errcode, char * cmdname, value arg) Noreturn; +#endif + +#include <guestfs.h> + +#include "options.h" + +extern value guestfs_int_mllib_inspect_decrypt (value gv, value gpv); +extern value guestfs_int_mllib_set_echo_keys (value unitv); +extern value guestfs_int_mllib_set_keys_from_stdin (value unitv); + +/* Interface with the guestfish inspection and decryption code. */ +int echo_keys = 0; +int keys_from_stdin = 0; + +value +guestfs_int_mllib_insp...

...argspec ~anon_fun ~key_opts:true usage_msg in Getopt.parse opthandle; (* Dereference the arguments. *) diff --git a/v2v/v2v.ml b/v2v/v2v.ml index 8cf1fad..59f5ef1 100644 --- a/v2v/v2v.ml +++ b/v2v/v2v.ml @@ -86,6 +86,9 @@ let rec main () = g#launch (); + (* Decrypt the disks. *) + inspect_decrypt g; + (* Inspection - this also mounts up the filesystems. *) (match conversion_mode with | Copying _ -> message (f_"Inspecting the overlay") diff --git a/v2v/virt-v2v.pod b/v2v/virt-v2v.pod index f6d196f..c255c0d 100644 --- a/v2v/virt-v2v.pod +++ b/v2v/virt-v2v.pod @@ -302,6...

...git a/sparsify/in_place.ml b/sparsify/in_place.ml index 7da83dafd..ade3c6843 100644 --- a/sparsify/in_place.ml +++ b/sparsify/in_place.ml @@ -62,7 +62,7 @@ let run disk format ignores zeroes ks = error ~exit_code:3 (f_"discard/trim is not supported"); (* Decrypt the disks. *) - inspect_decrypt g ks; + inspect_decrypt g ~allow_discards:true ks; (* Discard non-ignored filesystems that we are able to mount, and * selected swap partitions. -- 2.24.1

...command cmd in + if r <> 0 then + error (f_"moving file '%s' to '%s' failed") src dest diff --git a/mllib/common_utils.mli b/mllib/common_utils.mli index 5c376fcb3..33d576b5e 100644 --- a/mllib/common_utils.mli +++ b/mllib/common_utils.mli @@ -494,4 +494,7 @@ val inspect_decrypt : Guestfs.guestfs -> unit for Fedora whole-disk encryption. *) val do_cp : string -> string -> unit -(** Run the cp command, and exit with an error if it failed *) +(** Run the cp command and exit with an error if it failed *) + +val do_mv : string -> string -> unit +(** Run...

...command cmd in + if r <> 0 then + error (f_"moving file '%s' to '%s' failed") src dest diff --git a/mllib/common_utils.mli b/mllib/common_utils.mli index 5c376fcb3..a98daad03 100644 --- a/mllib/common_utils.mli +++ b/mllib/common_utils.mli @@ -495,3 +495,6 @@ val inspect_decrypt : Guestfs.guestfs -> unit val do_cp : string -> string -> unit (** Run the cp command, and exit with an error if it failed *) + +val do_mv : string -> string -> unit +(** Run the mv command, and exit with an error if it failed *) -- 2.12.0