On Tue, Dec 02, 2025 at 19:16:31 +0530, Arun Menon wrote: > Hi Peter, > Thanks for the review. > > On Thu, Nov 27, 2025 at 04:09:07PM +0100, Peter Krempa wrote: > > On Thu, Nov 27, 2025 at 12:52:30 +0530, Arun Menon via Devel wrote: > > > A new configuration file called secrets.conf is introduced to > > > let the user configure the path to the secrets encryption key. > > > This key will be used to encrypt/decrypt the secrets in libvirt. > > > > > > By default the path is set to the runtime directory > > > /run/libvirt/secrets, and it is commented in the config file. > > > After parsing the file, the virtsecretd driver checks if an > > > encryption key is present in the path and is valid. > > > > > > By default, if no encryption key is present in the path, then > > > the service will by default use the encryption key stored in the > > > CREDENTIALS_DIRECTORY. > > > > > > Add logic to parse the encryption key file and store the key. > > > It also checks for the encrypt_data attribute in the config file. > > > The encryption and decryption logic will be added in the subsequent > > > patches. > > > > > > Signed-off-by: Arun Menon <[email protected]> > > > --- > > > libvirt.spec.in | 3 + > > > po/POTFILES | 1 + > > > src/conf/meson.build | 1 + > > > src/conf/secret_config.c | 177 +++++++++++++++++++++++++ > > > src/conf/secret_config.h | 38 ++++++ > > > src/libvirt_private.syms | 2 + > > > src/secret/libvirt_secrets.aug | 40 ++++++ > > > src/secret/meson.build | 18 +++ > > > src/secret/secrets.conf.in | 12 ++ > > > src/secret/test_libvirt_secrets.aug.in | 6 + > > > 10 files changed, 298 insertions(+) > > > create mode 100644 src/conf/secret_config.c > > > create mode 100644 src/conf/secret_config.h > > > create mode 100644 src/secret/libvirt_secrets.aug > > > create mode 100644 src/secret/secrets.conf.in > > > create mode 100644 src/secret/test_libvirt_secrets.aug.in > > > > [...] > > > > > > > > > diff --git a/src/conf/secret_config.c b/src/conf/secret_config.c > > > new file mode 100644 > > > index 0000000000..5bc0b24380 > > > --- /dev/null > > > +++ b/src/conf/secret_config.c > > > > src/conf/ is meant for common XML infra. This is the config of the > > secret driver so it ought to be in src/secret/secret_conf.c > > The functions in secret_config.c are used by the src/conf/virsecretobj.c code.
Which ones? This patch puts the follwing functions into secret_config.h: virSecretDaemonConfigFilePath virSecretDaemonConfigNew virSecretDaemonConfigLoadFile None of those have anything to do with the XML or config of the object itself. > If I add it in src/secret/ dir, I will not be able to include > secret/secret_conf.c > inside src/conf/ because that would be like calling higher level code from > lower level > code. Please guide. Per the list above there's nothing which should actually be needed for the secret object to access, everything is the configuration of the secrets driver. If you need to access data inside _virSecretDaemonConfig you can extract it and pass it separately.
