From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <s.reiter@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 7465D69201
 for <pve-devel@lists.proxmox.com>; Thu, 11 Feb 2021 17:11:33 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 58F7E1E663
 for <pve-devel@lists.proxmox.com>; Thu, 11 Feb 2021 17:11:33 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [212.186.127.180])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 15B2B1E61E
 for <pve-devel@lists.proxmox.com>; Thu, 11 Feb 2021 17:11:32 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id D33874624B
 for <pve-devel@lists.proxmox.com>; Thu, 11 Feb 2021 17:11:31 +0100 (CET)
From: Stefan Reiter <s.reiter@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Thu, 11 Feb 2021 17:11:12 +0100
Message-Id: <20210211161115.15209-2-s.reiter@proxmox.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20210211161115.15209-1-s.reiter@proxmox.com>
References: <20210211161115.15209-1-s.reiter@proxmox.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.031 Adjusted score from AWL reputation of From: address
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_DNSWL_MED        -2.3 Sender listed at https://www.dnswl.org/,
 medium trust
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pve-devel] [PATCH v2 pve-qemu 2/5] add PBS master key support
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2021 16:11:33 -0000

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
---

Rebased from Fabian's series. Thus of course also needs the updated version of
libproxmox-backup-qemu to build and run.

See: https://lists.proxmox.com/pipermail/pve-devel/2021-February/046945.html

 .../pve/0059-PBS-add-master-key-support.patch | 97 +++++++++++++++++++
 debian/patches/series                         |  1 +
 2 files changed, 98 insertions(+)
 create mode 100644 debian/patches/pve/0059-PBS-add-master-key-support.patch

diff --git a/debian/patches/pve/0059-PBS-add-master-key-support.patch b/debian/patches/pve/0059-PBS-add-master-key-support.patch
new file mode 100644
index 0000000..52e600c
--- /dev/null
+++ b/debian/patches/pve/0059-PBS-add-master-key-support.patch
@@ -0,0 +1,97 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Stefan Reiter <s.reiter@proxmox.com>
+Date: Wed, 10 Feb 2021 11:07:06 +0100
+Subject: [PATCH] PBS: add master key support
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+this requires a new enough libproxmox-backup-qemu0, and allows querying
+from the PVE side to avoid QMP calls with unsupported parameters.
+
+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
+---
+ block/monitor/block-hmp-cmds.c | 1 +
+ pve-backup.c                   | 3 +++
+ qapi/block-core.json           | 7 +++++++
+ 3 files changed, 11 insertions(+)
+
+diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
+index 11c84d5508..0932deb28c 100644
+--- a/block/monitor/block-hmp-cmds.c
++++ b/block/monitor/block-hmp-cmds.c
+@@ -1036,6 +1036,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict)
+         false, NULL, // PBS password
+         false, NULL, // PBS keyfile
+         false, NULL, // PBS key_password
++        false, NULL, // PBS master_keyfile
+         false, NULL, // PBS fingerprint
+         false, NULL, // PBS backup-id
+         false, 0, // PBS backup-time
+diff --git a/pve-backup.c b/pve-backup.c
+index f7597ae55c..0ecadf6ce6 100644
+--- a/pve-backup.c
++++ b/pve-backup.c
+@@ -531,6 +531,7 @@ UuidInfo coroutine_fn *qmp_backup(
+     bool has_password, const char *password,
+     bool has_keyfile, const char *keyfile,
+     bool has_key_password, const char *key_password,
++    bool has_master_keyfile, const char *master_keyfile,
+     bool has_fingerprint, const char *fingerprint,
+     bool has_backup_id, const char *backup_id,
+     bool has_backup_time, int64_t backup_time,
+@@ -679,6 +680,7 @@ UuidInfo coroutine_fn *qmp_backup(
+             has_password ? password : NULL,
+             has_keyfile ? keyfile : NULL,
+             has_key_password ? key_password : NULL,
++            has_master_keyfile ? master_keyfile : NULL,
+             has_compress ? compress : true,
+             has_encrypt ? encrypt : has_keyfile,
+             has_fingerprint ? fingerprint : NULL,
+@@ -1041,5 +1043,6 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp)
+     ret->pbs_dirty_bitmap = true;
+     ret->query_bitmap_info = true;
+     ret->pbs_dirty_bitmap_migration = true;
++    ret->pbs_masterkey = true;
+     return ret;
+ }
+diff --git a/qapi/block-core.json b/qapi/block-core.json
+index 82133e2bee..be3d6a0d37 100644
+--- a/qapi/block-core.json
++++ b/qapi/block-core.json
+@@ -818,6 +818,8 @@
+ #
+ # @key-password: password for keyfile (optional for format 'pbs')
+ #
++# @master-keyfile: PEM-formatted master public keyfile (optional for format 'pbs')
++#
+ # @fingerprint: server cert fingerprint (optional for format 'pbs')
+ #
+ # @backup-id: backup ID (required for format 'pbs')
+@@ -837,6 +839,7 @@
+                                     '*password': 'str',
+                                     '*keyfile': 'str',
+                                     '*key-password': 'str',
++                                    '*master-keyfile': 'str',
+                                     '*fingerprint': 'str',
+                                     '*backup-id': 'str',
+                                     '*backup-time': 'int',
+@@ -886,6 +889,9 @@
+ #                              migration cap if this is false/unset may lead
+ #                              to crashes on migration!
+ #
++# @pbs-masterkey: True if the QMP backup call supports the 'master_keyfile'
++#                 parameter.
++#
+ # @pbs-library-version: Running version of libproxmox-backup-qemu0 library.
+ #
+ ##
+@@ -893,6 +899,7 @@
+   'data': { 'pbs-dirty-bitmap': 'bool',
+             'query-bitmap-info': 'bool',
+             'pbs-dirty-bitmap-migration': 'bool',
++            'pbs-masterkey': 'bool',
+             'pbs-library-version': 'str' } }
+ 
+ ##
diff --git a/debian/patches/series b/debian/patches/series
index 40bef93..60567e8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -59,3 +59,4 @@ pve/0055-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch
 pve/0056-PVE-fix-aborting-multiple-CREATED-jobs-in-sequential.patch
 pve/0057-PVE-fall-back-to-open-iscsi-initiatorname.patch
 pve/0058-PVE-Use-coroutine-QMP-for-backup-cancel_backup.patch
+pve/0059-PBS-add-master-key-support.patch
-- 
2.20.1