Re: [Qemu-devel] [PATCH v8 07/20] block: deprecate "encryption=on" in favor of "encrypt.format=aes"

Mon, 19 Jun 2017 06:57:06 -0700 

On Wed, Jun 07, 2017 at 06:40:32PM +0200, Max Reitz wrote:
> On 2017-06-01 19:27, Daniel P. Berrange wrote:
> > Historically the qcow & qcow2 image formats supported a property
> > "encryption=on" to enable their built-in AES encryption. We'll
> > soon be supporting LUKS for qcow2, so need a more general purpose
> > way to enable encryption, with a choice of formats.
> > 
> > This introduces an "encrypt.format" option, which will later be
> > joined by a number of other "encrypt.XXX" options. The use of
> > a "encrypt." prefix instead of "encrypt-" is done to facilitate
> > mapping to a nested QAPI schema at later date.
> > 
> > e.g. the preferred syntax is now
> > 
> >   qemu-img create -f qcow2 -o encrypt.format=aes demo.qcow2
> > 
> > Reviewed-by: Eric Blake <ebl...@redhat.com>
> > Reviewed-by: Alberto Garcia <be...@igalia.com>
> > Signed-off-by: Daniel P. Berrange <berra...@redhat.com>
> > ---
> >  block/qcow.c               | 30 ++++++++++++++---
> >  block/qcow2.c              | 33 +++++++++++++++----
> >  include/block/block_int.h  |  2 +-
> >  qemu-img.c                 |  4 ++-
> >  tests/qemu-iotests/082.out | 81 
> > ++++++++++++++++++++++++++++++----------------
> >  5 files changed, 110 insertions(+), 40 deletions(-)
> > 
> > diff --git a/block/qcow.c b/block/qcow.c
> > index 6738bc7..42f83b2 100644
> > --- a/block/qcow.c
> > +++ b/block/qcow.c
> 
> [...]
> 
> > @@ -818,8 +818,16 @@ static int qcow_create(const char *filename, QemuOpts 
> > *opts, Error **errp)
> >      }
> >  
> >      backing_file = qemu_opt_get_del(opts, BLOCK_OPT_BACKING_FILE);
> > -    if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) {
> > -        flags |= BLOCK_FLAG_ENCRYPT;
> > +    encryptfmt = qemu_opt_get_del(opts, BLOCK_OPT_ENCRYPT_FORMAT);
> > +    if (encryptfmt) {
> > +        if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) {
> 
> You should probably just use qemu_opt_get_del(opts, BLOCK_OPT_ENCRYPT)
> here, because otherwise you can do this:
> 
> $ ./qemu-img create -f qcow -o encryption=off,encrypt.format=aes \
>     foo.qcow 64M
> Formatting 'foo.qcow', fmt=qcow size=67108864 encryption=off
> encrypt.format=aes

Yes, will fix it as you suggest.


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Reply via email to