This implementation stores the secrets in an unencrypted text file,
for simplicity in implementation and debugging.
(Symmetric encryption, e.g. using gpgme, will not be difficult to add.
Because the TLS private key used by libvirtd is stored unencrypted,
encrypting the secrets file does not currently provide much additional
security.)
* include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New
error number.
* po/POTFILES.in, src/Makefile.am: Add secret_driver.
* bootstrap: Use gnulib's base64 module.
* src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms:
Add local secret driver.
* qemud/qemud.c (qemudInitialize): Use the local secret driver.
Add a <secret> XML handling API, separate from the local driver, to
avoid manually generating XML in other parts of libvirt.
* src/secret_conf.c, src/secret_conf.h: New files.
* po/POTFILES.in, src/Makefile.am: Add secret_conf.
* configure.in src/Makefile.am src/storage_backend.[ch]
src/storage_conf.[ch] src/storage_backend_mpath.[ch] po/POTFILES.in:
add a new module for storage multipath, it requires device-mapper
Define an <encryption> tag specifying volume encryption format and
format-depenedent parameters (e.g. passphrase, cipher name, key
length, key).
Currently the only defined parameter is a reference to a "secret"
(passphrase/key) managed using the virSecret* API.
Only the qcow/qcow2 encryption format, and a "default" format used to
let libvirt choose the format during volume creation, is currently
supported.
This patch does not add any users; the <encryption> tag is added in
the following patches to both volumes (to support encrypted volume
creation) and domains.
* docs/*.html: Re-generate
* docs/formatstorageencryption.html.in, docs/sitemap.html.in:
Add page describing storage encryption data format
* docs/schemas/Makefile.am, docs/schemas/storageencryption.rng:
Add RNG schema for storage encryption format
* po/POTFILES.in: Add src/storage_encryption_conf.c
* src/libvirt_private.syms: Export virStorageEncryption* functions
* src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal
helper APIs for dealing with storage encryption format
* libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng
RNG schema
* src/libvirt.c src/logging.c: Don't convert high priority levels to the
debug level. Don't parse LIBVIRT_LOG_FILTERS and LIBVIRT_LOG_OUTPUTS
when they're set to the empty string. Warn when the user specifies an
invalid value (empty string remains a noop).
* po/POTFILES.in: src/logging.c now include translatable strings
* src/libvirt.c: activate the interface drivers
* po/POTFILES.in: add the netcf driver as a source of localization strings
* src/interface_driver.c: NETCF_ENOMEM -> VIR_ERR_NO_MEMORY mapping was
breaking syntax checking
* src/interface_conf.c src/interface_conf.h: the import and export
routines and the internal APIs
* src/Makefile.am: hook the new file in the makefiles
* src/libvirt_private.syms: export a few private symbols internally
* po/POTFILES.in: the new file contains translatable strings
This makes it so we record (via a git submodule)
a snapshot of whatever version of gnulib we're using,
and none of gnulib sources are in the libvirt repository.
The result is that we have as much reproducibility as when
we version-controlled imported copies of the gnulib sources,
but without the hassle of the manual process we used when
syncing with upstream.
Note that when you clone libvirt, you get only the libvirt
repository, but when you first run ./bootstrap, it clones
gnulib (at the SHA1 recorded via the submodule), creating
the .gnulib/ hierarchy. Then, the bootstrap script runs
gnulib-tool to populate gnulib/ with the files that make
up the selected modules.
Put the following in your ~/.gitconfig file.
[alias]
syncsub = submodule foreach git pull origin master
The update procedure is simple:
git syncsub
...build & test...
git commit -m 'gnulib: sync submodule to latest' .gnulib
* .gitmodules: New file.
* .gnulib: Initialize.
* bootstrap: Set up to use the new submodule.
Stop using --no-vc-files.
Don't remove .gitignore files.
Don't use or create .cvsignore.
Diagnose an invalid --gnulib-srcdir=DIR argument.
* build-aux/vc-list-files: Delete file, now pulled from gnulib.
* build-aux/useless-if-before-free: Likewise.
* po/POTFILES.in: Remove gnulib/lib/gai_strerror.c, since
it no longer contains translatable strings.
* gnulib/*: Remove gnulib/ hierarchy.
* src/libvirt.c src/virterror.c: fix some missing comments in public
modules.
* docs/libvirt-api.xml docs/libvirt-refs.xml
docs/devhelp/libvirt-libvirt.html docs/html/libvirt-libvirt.html:
regenerated documentation
* po/*: updated the polish localization and regenerated
Daniel
* src/Makefile.am src/node_device.[ch] src/node_device_conf.[ch]
src/node_device_hal.[ch] src/node_device_hal_linux.c
src/qemu_driver.c src/remote_internal.c src/storage_backend.c
src/virsh.c src/xen_unified.c tests/nodedevxml2xmltest.c
po/POTFILES.in: implementation for node device create and destroy
in NPIV support, patch by David Allan
Daniel
* configure.in po/POTFILES.in src/Makefile.am src/libvirt_private.syms
src/pci.c src/pci.h: Add implementations of dettach, reattach and
reset for PCI devices, patch by Mark McLoughlin
Daniel
docs/devhelp/libvirt-virterror.html docs/html/libvirt-virterror.html:
regenerated the APIs and documentation.
* po/*: updated the polish translation, regenerated.
daniel