On Mon, Sep 19, 2016 at 07:12:46PM +0200, Pino Toscano wrote: > Make use of the additional command line arguments, and API needed to > decrypt LUKS partitions. > > This affects only virt-customize, virt-get-kernel, virt-sparsify, and > virt-sysprep, as they are the main OCaml tools interacting with > user-provided images. > --- > customize/customize_main.ml | 5 ++++- > customize/virt-customize.pod | 12 ++++++++++++ > get-kernel/get_kernel.ml | 5 ++++- > get-kernel/virt-get-kernel.pod | 12 ++++++++++++ > sparsify/cmdline.ml | 2 +- > sparsify/copying.ml | 3 +++ > sparsify/in_place.ml | 3 +++ > sparsify/virt-sparsify.pod | 12 ++++++++++++ > sysprep/main.ml | 5 ++++- > sysprep/virt-sysprep.pod | 12 ++++++++++++ > 10 files changed, 67 insertions(+), 4 deletions(-) > > diff --git a/customize/customize_main.ml b/customize/customize_main.ml > index 07fd790..5613277 100644 > --- a/customize/customize_main.ml > +++ b/customize/customize_main.ml > @@ -102,7 +102,7 @@ A short summary of the options is given below. For > detailed help please > read the man page virt-customize(1). > ") > prog in > - let opthandle = create_standard_options argspec usage_msg in > + let opthandle = create_standard_options argspec ~key_opts:true usage_msg in > Getopt.parse opthandle; > > if not !format_consumed then > @@ -175,6 +175,9 @@ read the man page virt-customize(1). > g#launch (); > g in > > + (* Decrypt the disks. *) > + inspect_decrypt g; > + > (* Inspection. *) > (match Array.to_list (g#inspect_os ()) with > | [] -> > diff --git a/customize/virt-customize.pod b/customize/virt-customize.pod > index e594f61..a0ca9c9 100644 > --- a/customize/virt-customize.pod > +++ b/customize/virt-customize.pod > @@ -107,6 +107,13 @@ used instead of names. > Perform a read-only "dry run" on the guest. This runs the sysprep > operation, but throws away any changes to the disk at the end. > > +=item B<--echo-keys> > + > +When prompting for keys and passphrases, virt-customize normally turns > +echoing off so you cannot see what you are typing. If you are not > +worried about Tempest attacks and there is no one else in the room > +you can specify this flag to see what you are typing. > + > =item B<--format> raw|qcow2|.. > > =item B<--format> auto > @@ -131,6 +138,11 @@ If you have untrusted raw-format guest disk images, you > should use > this option to specify the disk format. This avoids a possible > security problem with malicious guests (CVE-2010-3851). > > +=item B<--keys-from-stdin> > + > +Read key or passphrase parameters from stdin. The default is > +to try to read passphrases from the user by opening F</dev/tty>. > + > =item B<-m> MB > > =item B<--memsize> MB > diff --git a/get-kernel/get_kernel.ml b/get-kernel/get_kernel.ml > index f83a940..adf9649 100644 > --- a/get-kernel/get_kernel.ml > +++ b/get-kernel/get_kernel.ml > @@ -70,7 +70,7 @@ A short summary of the options is given below. For > detailed help please > read the man page virt-get-kernel(1). > ") > prog in > - let opthandle = create_standard_options argspec usage_msg in > + let opthandle = create_standard_options argspec ~key_opts:true usage_msg in > Getopt.parse opthandle; > > (* Machine-readable mode? Print out some facts about what > @@ -174,6 +174,9 @@ let main () = > add g; > g#launch (); > > + (* Decrypt the disks. *) > + inspect_decrypt g; > + > let roots = g#inspect_os () in > if Array.length roots = 0 then > error (f_"no operating system found"); > diff --git a/get-kernel/virt-get-kernel.pod b/get-kernel/virt-get-kernel.pod > index 97a159c..8298fe5 100644 > --- a/get-kernel/virt-get-kernel.pod > +++ b/get-kernel/virt-get-kernel.pod > @@ -70,6 +70,13 @@ not used at all. > Add all the disks from the named libvirt guest. Domain UUIDs can be > used instead of names. > > +=item B<--echo-keys> > + > +When prompting for keys and passphrases, virt-get-kernel normally turns > +echoing off so you cannot see what you are typing. If you are not > +worried about Tempest attacks and there is no one else in the room > +you can specify this flag to see what you are typing. > + > =item B<--format> raw|qcow2|.. > > =item B<--format> auto > @@ -82,6 +89,11 @@ If you have untrusted raw-format guest disk images, you > should use > this option to specify the disk format. This avoids a possible > security problem with malicious guests (CVE-2010-3851). > > +=item B<--keys-from-stdin> > + > +Read key or passphrase parameters from stdin. The default is > +to try to read passphrases from the user by opening F</dev/tty>. > + > =item B<--machine-readable> > > This option is used to make the output more machine friendly > diff --git a/sparsify/cmdline.ml b/sparsify/cmdline.ml > index 523d612..2a9dd48 100644 > --- a/sparsify/cmdline.ml > +++ b/sparsify/cmdline.ml > @@ -90,7 +90,7 @@ A short summary of the options is given below. For > detailed help please > read the man page virt-sparsify(1). > ") > prog in > - let opthandle = create_standard_options argspec ~anon_fun usage_msg in > + let opthandle = create_standard_options argspec ~anon_fun ~key_opts:true > usage_msg in > Getopt.parse opthandle; > > (* Dereference the rest of the args. *) > diff --git a/sparsify/copying.ml b/sparsify/copying.ml > index 003dbf8..9c66428 100644 > --- a/sparsify/copying.ml > +++ b/sparsify/copying.ml > @@ -182,6 +182,9 @@ You can ignore this warning or change it to a hard > failure using the > > g in > > + (* Decrypt the disks. *) > + inspect_decrypt g; > + > (* Modify SIGINT handler (set first above) to cancel the handle. *) > let do_sigint _ = > g#user_cancel (); > diff --git a/sparsify/in_place.ml b/sparsify/in_place.ml > index e2ee9d9..5411892 100644 > --- a/sparsify/in_place.ml > +++ b/sparsify/in_place.ml > @@ -57,6 +57,9 @@ let run disk format ignores machine_readable zeroes = > if not (g#feature_available [|"fstrim"|]) then > error ~exit_code:3 (f_"discard/trim is not supported"); > > + (* Decrypt the disks. *) > + inspect_decrypt g; > + > (* Discard non-ignored filesystems that we are able to mount, and > * selected swap partitions. > *) > diff --git a/sparsify/virt-sparsify.pod b/sparsify/virt-sparsify.pod > index 177cd03..fa72c23 100644 > --- a/sparsify/virt-sparsify.pod > +++ b/sparsify/virt-sparsify.pod > @@ -192,6 +192,13 @@ For fine-tuning the output format, see: I<--compress>, > I<-o>. > > You cannot use this option and I<--in-place> together. > > +=item B<--echo-keys> > + > +When prompting for keys and passphrases, virt-sparsify normally turns > +echoing off so you cannot see what you are typing. If you are not > +worried about Tempest attacks and there is no one else in the room > +you can specify this flag to see what you are typing. > + > =item B<--format> raw > > =item B<--format> qcow2 > @@ -223,6 +230,11 @@ You can give this option multiple times. > Do in-place sparsification instead of copying sparsification. > See L</IN-PLACE SPARSIFICATION> below. > > +=item B<--keys-from-stdin> > + > +Read key or passphrase parameters from stdin. The default is > +to try to read passphrases from the user by opening F</dev/tty>. > + > =item B<--machine-readable> > > This option is used to make the output more machine friendly > diff --git a/sysprep/main.ml b/sysprep/main.ml > index 01ea590..2fa416f 100644 > --- a/sysprep/main.ml > +++ b/sysprep/main.ml > @@ -147,7 +147,7 @@ A short summary of the options is given below. For > detailed help please > read the man page virt-sysprep(1). > ") > prog in > - let opthandle = create_standard_options args usage_msg in > + let opthandle = create_standard_options args ~key_opts:true usage_msg in > Getopt.parse opthandle; > > if not !format_consumed then > @@ -216,6 +216,9 @@ read the man page virt-sysprep(1). > > operations, g, mount_opts in > > + (* Decrypt the disks. *) > + inspect_decrypt g; > + > (* Inspection. *) > (match Array.to_list (g#inspect_os ()) with > | [] -> > diff --git a/sysprep/virt-sysprep.pod b/sysprep/virt-sysprep.pod > index bdb4580..0e59b4c 100644 > --- a/sysprep/virt-sysprep.pod > +++ b/sysprep/virt-sysprep.pod > @@ -155,6 +155,13 @@ version of virt-sysprep. > See L</OPERATIONS> below for a list and an explanation of each > operation. > > +=item B<--echo-keys> > + > +When prompting for keys and passphrases, virt-sysprep normally turns > +echoing off so you cannot see what you are typing. If you are not > +worried about Tempest attacks and there is no one else in the room > +you can specify this flag to see what you are typing. > + > =item B<--format> raw|qcow2|.. > > =item B<--format> auto > @@ -179,6 +186,11 @@ If you have untrusted raw-format guest disk images, you > should use > this option to specify the disk format. This avoids a possible > security problem with malicious guests (CVE-2010-3851). > > +=item B<--keys-from-stdin> > + > +Read key or passphrase parameters from stdin. The default is > +to try to read passphrases from the user by opening F</dev/tty>. > + > =item B<--list-operations> > > List the operations supported by the virt-sysprep program.
Looks good, ACK. Thanks, Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top _______________________________________________ Libguestfs mailing list Libguestfs@redhat.com https://www.redhat.com/mailman/listinfo/libguestfs