A couple of things to note about the failing code path. The error message "luks encryption requires encrypted secrets to be supported" is coming from qemuDomainSecretDiskPrepare() in src/qemu/qemu_domain.c: https://paste.ubuntu.com/26444342/
The call to qemuDomainSecretSetup() appears to be returning 0 (zero). Whether that means virCryptoHaveCipher() is returning True or False is hard to tell but based on gnutls being included in the build log I'd have to assume HAVE_GNUTLS_CIPHER_ENCRYPT is true. What about the other checks in the first if statement in qemuDomainSecretSetup()? https://paste.ubuntu.com/26444411/ Pasting here as well. It seems as if one of these checks in the first if is failing and we don't get to the qemuDomainSecretAESSetup() call, but instead take the else path. static int qemuDomainSecretSetup(virConnectPtr conn, qemuDomainObjPrivatePtr priv, qemuDomainSecretInfoPtr secinfo, const char *srcalias, virSecretUsageType secretUsageType, const char *username, virSecretLookupTypeDefPtr seclookupdef, bool isLuks) { if (virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) && virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) && (secretUsageType == VIR_SECRET_USAGE_TYPE_CEPH || secretUsageType == VIR_SECRET_USAGE_TYPE_VOLUME || secretUsageType == VIR_SECRET_USAGE_TYPE_TLS)) { if (qemuDomainSecretAESSetup(conn, priv, secinfo, srcalias, secretUsageType, username, seclookupdef, isLuks) < 0) return -1; } else { if (qemuDomainSecretPlainSetup(conn, secinfo, secretUsageType, username, seclookupdef) < 0) return -1; } return 0; } -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1744758 Title: libvirt 2.5.0-3ubuntu5.6~cloud0 appears to be compiled without gnutls To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1744758/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
