From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <f.gruenbichler@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 3333F68B97
 for <pve-devel@lists.proxmox.com>; Wed, 10 Feb 2021 13:52:36 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 2C3389012
 for <pve-devel@lists.proxmox.com>; Wed, 10 Feb 2021 13:52:36 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [212.186.127.180])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 748F38FFF
 for <pve-devel@lists.proxmox.com>; Wed, 10 Feb 2021 13:52:35 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 3AF1646200
 for <pve-devel@lists.proxmox.com>; Wed, 10 Feb 2021 13:52:35 +0100 (CET)
Date: Wed, 10 Feb 2021 13:52:20 +0100
From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= <f.gruenbichler@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
 Stefan Reiter <s.reiter@proxmox.com>
References: <20210208130835.2512356-1-f.gruenbichler@proxmox.com>
 <20210208130835.2512356-3-f.gruenbichler@proxmox.com>
 <789a02a5-d5c4-b9d1-b8e8-e99569d0639b@proxmox.com>
In-Reply-To: <789a02a5-d5c4-b9d1-b8e8-e99569d0639b@proxmox.com>
MIME-Version: 1.0
User-Agent: astroid/0.15.0 (https://github.com/astroidmail/astroid)
Message-Id: <1612961453.pt5yfbqfko.astroid@nora.none>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.374 Adjusted score from AWL reputation of From: address
 KAM_ASCII_DIVIDERS        0.8 Spam that uses ascii formatting tricks
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_DNSWL_MED        -2.3 Sender listed at https://www.dnswl.org/,
 medium trust
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [PATCH qemu] pbs: add master key support
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Wed, 10 Feb 2021 12:52:36 -0000

On February 10, 2021 12:05 pm, Stefan Reiter wrote:
> Patch looks good in general, but the added file does not follow our=20
> formatting for the other patches. I'd prefer to keep them the same, or=20
> at least applicable with 'git am'.
>=20
> Since one of us is going to have to rebase anyway, I can also send along=20
> a fixed up version with v2 of my 5.2 series if you want.

no objections from my side. sorry for not converting before sending (I=20
used quilt to apply all patches)

>=20
> On 08/02/2021 14:08, Fabian Gr=C3=BCnbichler wrote:
>> this requires a new enough libproxmox-backup-qemu0, and allows querying
>> from the PVE side to avoid QMP calls with unsupported parameters.
>>=20
>> Signed-off-by: Fabian Gr=C3=BCnbichler <f.gruenbichler@proxmox.com>
>> ---
>>=20
>> Notes:
>>      requires versioned build and runtime dep on libproxmox-backup-qemu =
with changed API for masterkey support
>>=20
>>   .../pve/0059-pbs-backup-add-masterkey.patch   | 96 +++++++++++++++++++
>>   debian/patches/series                         |  1 +
>>   2 files changed, 97 insertions(+)
>>   create mode 100644 debian/patches/pve/0059-pbs-backup-add-masterkey.pa=
tch
>>=20
>> diff --git a/debian/patches/pve/0059-pbs-backup-add-masterkey.patch b/de=
bian/patches/pve/0059-pbs-backup-add-masterkey.patch
>> new file mode 100644
>> index 0000000..12fce05
>> --- /dev/null
>> +++ b/debian/patches/pve/0059-pbs-backup-add-masterkey.patch
>> @@ -0,0 +1,96 @@
>> +Index: qemu/pve-backup.c
>> +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>> +--- qemu.orig/pve-backup.c
>> ++++ qemu/pve-backup.c
>> +@@ -539,6 +539,8 @@ typedef struct QmpBackupTask {
>> +     const char *keyfile;
>> +     bool has_key_password;
>> +     const char *key_password;
>> ++    bool has_master_keyfile;
>> ++    const char *master_keyfile;
>> +     bool has_backup_id;
>> +     const char *backup_id;
>> +     bool has_backup_time;
>> +@@ -710,6 +712,7 @@ static void coroutine_fn pvebackup_co_pr
>> +             task->has_password ? task->password : NULL,
>> +             task->has_keyfile ? task->keyfile : NULL,
>> +             task->has_key_password ? task->key_password : NULL,
>> ++            task->has_master_keyfile ? task->master_keyfile : NULL,
>> +             task->has_compress ? task->compress : true,
>> +             task->has_encrypt ? task->encrypt : task->has_keyfile,
>> +             task->has_fingerprint ? task->fingerprint : NULL,
>> +@@ -989,6 +992,7 @@ UuidInfo *qmp_backup(
>> +     bool has_password, const char *password,
>> +     bool has_keyfile, const char *keyfile,
>> +     bool has_key_password, const char *key_password,
>> ++    bool has_master_keyfile, const char *master_keyfile,
>> +     bool has_fingerprint, const char *fingerprint,
>> +     bool has_backup_id, const char *backup_id,
>> +     bool has_backup_time, int64_t backup_time,
>> +@@ -1009,6 +1013,8 @@ UuidInfo *qmp_backup(
>> +         .keyfile =3D keyfile,
>> +         .has_key_password =3D has_key_password,
>> +         .key_password =3D key_password,
>> ++        .has_master_keyfile =3D has_master_keyfile,
>> ++        .master_keyfile =3D master_keyfile,
>> +         .has_fingerprint =3D has_fingerprint,
>> +         .fingerprint =3D fingerprint,
>> +         .has_backup_id =3D has_backup_id,
>> +@@ -1131,5 +1137,6 @@ ProxmoxSupportStatus *qmp_query_proxmox_
>> +     ret->pbs_dirty_bitmap =3D true;
>> +     ret->query_bitmap_info =3D true;
>> +     ret->pbs_dirty_bitmap_migration =3D true;
>> ++    ret->pbs_masterkey =3D true;
>> +     return ret;
>> + }
>> +Index: qemu/block/monitor/block-hmp-cmds.c
>> +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>> +--- qemu.orig/block/monitor/block-hmp-cmds.c
>> ++++ qemu/block/monitor/block-hmp-cmds.c
>> +@@ -1035,6 +1035,7 @@ void hmp_backup(Monitor *mon, const QDic
>> +         false, NULL, // PBS password
>> +         false, NULL, // PBS keyfile
>> +         false, NULL, // PBS key_password
>> ++        false, NULL, // PBS master_keyfile
>> +         false, NULL, // PBS fingerprint
>> +         false, NULL, // PBS backup-id
>> +         false, 0, // PBS backup-time
>> +Index: qemu/qapi/block-core.json
>> +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>> +--- qemu.orig/qapi/block-core.json
>> ++++ qemu/qapi/block-core.json
>> +@@ -827,6 +827,8 @@
>> + #
>> + # @key-password: password for keyfile (optional for format 'pbs')
>> + #
>> ++# @master_keyfile: PEM-formatted master public keyfile (optional for f=
ormat 'pbs')
>> ++#
>=20
> please use master-keyfile with a dash
>=20
>> + # @fingerprint: server cert fingerprint (optional for format 'pbs')
>> + #
>> + # @backup-id: backup ID (required for format 'pbs')
>> +@@ -846,6 +848,7 @@
>> +                                     '*password': 'str',
>> +                                     '*keyfile': 'str',
>> +                                     '*key-password': 'str',
>> ++                                    '*master_keyfile': 'str',
>=20
> here too
>=20
> Upstream seems to use _ in some places, but at least keep it consistent=20
> in our code ;)
>=20
>> +                                     '*fingerprint': 'str',
>> +                                     '*backup-id': 'str',
>> +                                     '*backup-time': 'int',
>> +@@ -895,6 +898,9 @@
>> + #                              migration cap if this is false/unset ma=
y lead
>> + #                              to crashes on migration!
>> + #
>> ++# @pbs-masterkey: True if the QMP backup call supports the 'master_key=
file'
>> ++#                 parameter.
>> ++#
>> + # @pbs-library-version: Running version of libproxmox-backup-qemu0 lib=
rary.
>> + #
>> + ##
>> +@@ -902,6 +908,7 @@
>> +   'data': { 'pbs-dirty-bitmap': 'bool',
>> +             'query-bitmap-info': 'bool',
>> +             'pbs-dirty-bitmap-migration': 'bool',
>> ++            'pbs-masterkey': 'bool',
>> +             'pbs-library-version': 'str' } }
>> +
>> + ##
>> diff --git a/debian/patches/series b/debian/patches/series
>> index 1ef7185..433efda 100644
>> --- a/debian/patches/series
>> +++ b/debian/patches/series
>> @@ -59,3 +59,4 @@ pve/0055-PVE-Migrate-dirty-bitmap-state-via-savevm.pat=
ch
>>   pve/0056-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch
>>   pve/0057-PVE-fix-aborting-multiple-CREATED-jobs-in-sequential.patch
>>   pve/0058-PVE-fall-back-to-open-iscsi-initiatorname.patch
>> +pve/0059-pbs-backup-add-masterkey.patch
>>=20
>=20
=