Currently, you can give no encryption format for a qcow2 file while still passing a key-secret. That does not conform to the schema, so this patch changes the schema to allow it.
Signed-off-by: Max Reitz <mre...@redhat.com> --- qapi/block-core.json | 44 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/qapi/block-core.json b/qapi/block-core.json index 71c9ab8538..092a1aba2d 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -43,6 +43,19 @@ { 'struct': 'ImageInfoSpecificQCow2EncryptionBase', 'data': { 'format': 'BlockdevQcow2EncryptionFormat'}} +## +# @ImageInfoSpecificQCow2EncryptionNoInfo: +# +# Only used for the qcow2 encryption format "from-image" in which the +# actual encryption format is determined from the image header. +# Therefore, this encryption format will never be reported in +# ImageInfoSpecificQCow2Encryption. +# +# Since: 2.13 +## +{ 'struct': 'ImageInfoSpecificQCow2EncryptionNoInfo', + 'data': { } } + ## # @ImageInfoSpecificQCow2Encryption: # @@ -52,7 +65,8 @@ 'base': 'ImageInfoSpecificQCow2EncryptionBase', 'discriminator': 'format', 'data': { 'aes': 'QCryptoBlockInfoQCow', - 'luks': 'QCryptoBlockInfoLUKS' } } + 'luks': 'QCryptoBlockInfoLUKS', + 'from-image': 'ImageInfoSpecificQCow2EncryptionNoInfo' } } ## # @ImageInfoSpecificQCow2: @@ -2739,10 +2753,30 @@ # @BlockdevQcow2EncryptionFormat: # @aes: AES-CBC with plain64 initialization venctors # +# @from-image: Determine the encryption format from the image +# header. This only allows the use of the +# key-secret option. (Since: 2.13) +# # Since: 2.10 ## { 'enum': 'BlockdevQcow2EncryptionFormat', - 'data': [ 'aes', 'luks' ] } + 'data': [ 'aes', 'luks', 'from-image' ] } + +## +# @BlockdevQcow2EncryptionSecret: +# +# Allows specifying a key-secret without specifying the exact +# encryption format, which is determined automatically from the image +# header. +# +# @key-secret: The ID of a QCryptoSecret object providing the +# decryption key. Mandatory except when probing +# image for metadata only. +# +# Since: 2.13 +## +{ 'struct': 'BlockdevQcow2EncryptionSecret', + 'data': { '*key-secret': 'str' } } ## # @BlockdevQcow2Encryption: @@ -2750,10 +2784,12 @@ # Since: 2.10 ## { 'union': 'BlockdevQcow2Encryption', - 'base': { 'format': 'BlockdevQcow2EncryptionFormat' }, + 'base': { '*format': 'BlockdevQcow2EncryptionFormat' }, 'discriminator': 'format', + 'default-variant': 'from-image', 'data': { 'aes': 'QCryptoBlockOptionsQCow', - 'luks': 'QCryptoBlockOptionsLUKS'} } + 'luks': 'QCryptoBlockOptionsLUKS', + 'from-image': 'BlockdevQcow2EncryptionSecret' } } ## # @BlockdevOptionsQcow2: -- 2.14.3