On Mon, May 25, 2020 at 02:19:12PM +0300, Alexey Krasikov wrote:
> Add the ability for the secret object to obtain secret data from the
> Linux in-kernel key managment and retention facility, as an extra option
> to the existing ones: reading from a file or passing directly as a
> string.
>
> The secret is identified by the key serial number. The upper layers
> need to instantiate the key and make sure the QEMU process has access
> permissions to read it.
>
> Signed-off-by: Alexey Krasikov <alex-krasi...@yandex-team.ru>
> Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>
> ---
> configure | 38 ++++++++
> crypto/Makefile.objs | 1 +
> crypto/secret_keyring.c | 148 ++++++++++++++++++++++++++++++++
> include/crypto/secret_keyring.h | 52 +++++++++++
> 4 files changed, 239 insertions(+)
> create mode 100644 crypto/secret_keyring.c
> create mode 100644 include/crypto/secret_keyring.h
> diff --git a/crypto/secret_keyring.c b/crypto/secret_keyring.c
> new file mode 100644
> index 0000000000..aa29004639
> --- /dev/null
> +++ b/crypto/secret_keyring.c
> +static void
> +qcrypto_secret_keyring_class_init(ObjectClass *oc, void *data)
> +{
> + QCryptoSecretCommonClass *sic = QCRYPTO_SECRET_COMMON_CLASS(oc);
> + sic->load_data = qcrypto_secret_keyring_load_data;
> +
> + UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
> + ucc->complete = qcrypto_secret_keyring_complete;
> +
> + object_class_property_add(oc, "serial", "int32_t",
> + qcrypto_secret_prop_get_key,
> + qcrypto_secret_prop_set_key,
> + NULL, NULL, NULL);
This doesn't compile because of the extra arg, so not sure how
you tested this.
Since this is the only mistake, I'll fix it myself when quueing
these patches.
Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
