[pve-qemu.git] / debian / patches / pve / 0044-PBS-add-master-key-support.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Stefan Reiter <s.reiter@proxmox.com>
Date: Wed, 10 Feb 2021 11:07:06 +0100
Subject: [PATCH] PBS: add master key support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

this requires a new enough libproxmox-backup-qemu0, and allows querying
from the PVE side to avoid QMP calls with unsupported parameters.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 block/monitor/block-hmp-cmds.c | 1 +
 pve-backup.c                   | 3 +++
 qapi/block-core.json           | 7 +++++++
 3 files changed, 11 insertions(+)

diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
index ef45552e3b..4c799f00d9 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1039,6 +1039,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict)
         false, NULL, // PBS password
         false, NULL, // PBS keyfile
         false, NULL, // PBS key_password
+        false, NULL, // PBS master_keyfile
         false, NULL, // PBS fingerprint
         false, NULL, // PBS backup-id
         false, 0, // PBS backup-time
diff --git a/pve-backup.c b/pve-backup.c
index 323014744c..9f6c04a512 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -533,6 +533,7 @@ UuidInfo coroutine_fn *qmp_backup(
     bool has_password, const char *password,
     bool has_keyfile, const char *keyfile,
     bool has_key_password, const char *key_password,
+    bool has_master_keyfile, const char *master_keyfile,
     bool has_fingerprint, const char *fingerprint,
     bool has_backup_id, const char *backup_id,
     bool has_backup_time, int64_t backup_time,
@@ -681,6 +682,7 @@ UuidInfo coroutine_fn *qmp_backup(
             has_password ? password : NULL,
             has_keyfile ? keyfile : NULL,
             has_key_password ? key_password : NULL,
+            has_master_keyfile ? master_keyfile : NULL,
             has_compress ? compress : true,
             has_encrypt ? encrypt : has_keyfile,
             has_fingerprint ? fingerprint : NULL,
@@ -1044,5 +1046,6 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp)
     ret->pbs_dirty_bitmap_savevm = true;
     ret->pbs_dirty_bitmap_migration = true;
     ret->query_bitmap_info = true;
+    ret->pbs_masterkey = true;
     return ret;
 }
diff --git a/qapi/block-core.json b/qapi/block-core.json
index ca1966f54b..fc8a125451 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -813,6 +813,8 @@
 #
 # @key-password: password for keyfile (optional for format 'pbs')
 #
+# @master-keyfile: PEM-formatted master public keyfile (optional for format 'pbs')
+#
 # @fingerprint: server cert fingerprint (optional for format 'pbs')
 #
 # @backup-id: backup ID (required for format 'pbs')
@@ -832,6 +834,7 @@
                                     '*password': 'str',
                                     '*keyfile': 'str',
                                     '*key-password': 'str',
+                                    '*master-keyfile': 'str',
                                     '*fingerprint': 'str',
                                     '*backup-id': 'str',
                                     '*backup-time': 'int',
@@ -884,6 +887,9 @@
 #                              migration cap if this is false/unset may lead
 #                              to crashes on migration!
 #
+# @pbs-masterkey: True if the QMP backup call supports the 'master_keyfile'
+#                 parameter.
+#
 # @pbs-library-version: Running version of libproxmox-backup-qemu0 library.
 #
 ##
@@ -892,6 +898,7 @@
             'query-bitmap-info': 'bool',
             'pbs-dirty-bitmap-savevm': 'bool',
             'pbs-dirty-bitmap-migration': 'bool',
+            'pbs-masterkey': 'bool',
             'pbs-library-version': 'str' } }
 
 ##
Commit	Line	Data
0b8da688 SR	1	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
	2	From: Stefan Reiter <s.reiter@proxmox.com>
	3	Date: Wed, 10 Feb 2021 11:07:06 +0100
	4	Subject: [PATCH] PBS: add master key support
	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	this requires a new enough libproxmox-backup-qemu0, and allows querying
	10	from the PVE side to avoid QMP calls with unsupported parameters.
	11
	12	Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
	13	Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
ddbf7a87	14	Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
0b8da688 SR	15	---
	16	block/monitor/block-hmp-cmds.c \| 1 +
	17	pve-backup.c \| 3 +++
	18	qapi/block-core.json \| 7 +++++++
	19	3 files changed, 11 insertions(+)
	20
	21	diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
dc9827a6	22	index ef45552e3b..4c799f00d9 100644
0b8da688 SR	23	--- a/block/monitor/block-hmp-cmds.c
0b8da688 SR	24	+++ b/block/monitor/block-hmp-cmds.c
f376b2b9	25	@@ -1039,6 +1039,7 @@ void coroutine_fn hmp_backup(Monitor mon, const QDict qdict)
0b8da688 SR	26	false, NULL, // PBS password
	27	false, NULL, // PBS keyfile
	28	false, NULL, // PBS key_password
	29	+ false, NULL, // PBS master_keyfile
	30	false, NULL, // PBS fingerprint
	31	false, NULL, // PBS backup-id
	32	false, 0, // PBS backup-time
	33	diff --git a/pve-backup.c b/pve-backup.c
4567474e	34	index 323014744c..9f6c04a512 100644
0b8da688 SR	35	--- a/pve-backup.c
0b8da688 SR	36	+++ b/pve-backup.c
8dca018b	37	@@ -533,6 +533,7 @@ UuidInfo coroutine_fn *qmp_backup(
0b8da688 SR	38	bool has_password, const char *password,
	39	bool has_keyfile, const char *keyfile,
	40	bool has_key_password, const char *key_password,
	41	+ bool has_master_keyfile, const char *master_keyfile,
	42	bool has_fingerprint, const char *fingerprint,
	43	bool has_backup_id, const char *backup_id,
	44	bool has_backup_time, int64_t backup_time,
8dca018b	45	@@ -681,6 +682,7 @@ UuidInfo coroutine_fn *qmp_backup(
0b8da688 SR	46	has_password ? password : NULL,
	47	has_keyfile ? keyfile : NULL,
	48	has_key_password ? key_password : NULL,
	49	+ has_master_keyfile ? master_keyfile : NULL,
	50	has_compress ? compress : true,
	51	has_encrypt ? encrypt : has_keyfile,
	52	has_fingerprint ? fingerprint : NULL,
8dca018b	53	@@ -1044,5 +1046,6 @@ ProxmoxSupportStatus qmp_query_proxmox_support(Error *errp)
e9b36665	54	ret->pbs_dirty_bitmap_savevm = true;
0b8da688	55	ret->pbs_dirty_bitmap_migration = true;
e9b36665	56	ret->query_bitmap_info = true;
0b8da688 SR	57	+ ret->pbs_masterkey = true;
	58	return ret;
	59	}
	60	diff --git a/qapi/block-core.json b/qapi/block-core.json
5b15e2ec	61	index ca1966f54b..fc8a125451 100644
0b8da688 SR	62	--- a/qapi/block-core.json
0b8da688 SR	63	+++ b/qapi/block-core.json
5b15e2ec	64	@@ -813,6 +813,8 @@
0b8da688 SR	65	#
	66	# @key-password: password for keyfile (optional for format 'pbs')
	67	#
	68	+# @master-keyfile: PEM-formatted master public keyfile (optional for format 'pbs')
	69	+#
	70	# @fingerprint: server cert fingerprint (optional for format 'pbs')
	71	#
	72	# @backup-id: backup ID (required for format 'pbs')
5b15e2ec	73	@@ -832,6 +834,7 @@
0b8da688 SR	74	'*password': 'str',
	75	'*keyfile': 'str',
	76	'*key-password': 'str',
	77	+ '*master-keyfile': 'str',
	78	'*fingerprint': 'str',
	79	'*backup-id': 'str',
	80	'*backup-time': 'int',
5b15e2ec	81	@@ -884,6 +887,9 @@
0b8da688 SR	82	# migration cap if this is false/unset may lead
	83	# to crashes on migration!
	84	#
	85	+# @pbs-masterkey: True if the QMP backup call supports the 'master_keyfile'
	86	+# parameter.
	87	+#
	88	# @pbs-library-version: Running version of libproxmox-backup-qemu0 library.
	89	#
	90	##
5b15e2ec	91	@@ -892,6 +898,7 @@
0b8da688	92	'query-bitmap-info': 'bool',
e9b36665	93	'pbs-dirty-bitmap-savevm': 'bool',
0b8da688 SR	94	'pbs-dirty-bitmap-migration': 'bool',
	95	+ 'pbs-masterkey': 'bool',
	96	'pbs-library-version': 'str' } }
	97
	98	##