1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2 From: Stefan Reiter <s.reiter@proxmox.com>
3 Date: Wed, 10 Feb 2021 11:07:06 +0100
4 Subject: [PATCH] PBS: add master key support
6 Content-Type: text/plain; charset=UTF-8
7 Content-Transfer-Encoding: 8bit
9 this requires a new enough libproxmox-backup-qemu0, and allows querying
10 from the PVE side to avoid QMP calls with unsupported parameters.
12 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
13 Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
14 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
16 block/monitor/block-hmp-cmds.c | 1 +
18 qapi/block-core.json | 7 +++++++
19 3 files changed, 11 insertions(+)
21 diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
22 index c9849a5b29..52ddbf95ad 100644
23 --- a/block/monitor/block-hmp-cmds.c
24 +++ b/block/monitor/block-hmp-cmds.c
25 @@ -1039,6 +1039,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict)
26 false, NULL, // PBS password
27 false, NULL, // PBS keyfile
28 false, NULL, // PBS key_password
29 + false, NULL, // PBS master_keyfile
30 false, NULL, // PBS fingerprint
31 false, NULL, // PBS backup-id
32 false, 0, // PBS backup-time
33 diff --git a/pve-backup.c b/pve-backup.c
34 index 323014744c..9f6c04a512 100644
37 @@ -533,6 +533,7 @@ UuidInfo coroutine_fn *qmp_backup(
38 bool has_password, const char *password,
39 bool has_keyfile, const char *keyfile,
40 bool has_key_password, const char *key_password,
41 + bool has_master_keyfile, const char *master_keyfile,
42 bool has_fingerprint, const char *fingerprint,
43 bool has_backup_id, const char *backup_id,
44 bool has_backup_time, int64_t backup_time,
45 @@ -681,6 +682,7 @@ UuidInfo coroutine_fn *qmp_backup(
46 has_password ? password : NULL,
47 has_keyfile ? keyfile : NULL,
48 has_key_password ? key_password : NULL,
49 + has_master_keyfile ? master_keyfile : NULL,
50 has_compress ? compress : true,
51 has_encrypt ? encrypt : has_keyfile,
52 has_fingerprint ? fingerprint : NULL,
53 @@ -1044,5 +1046,6 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp)
54 ret->pbs_dirty_bitmap_savevm = true;
55 ret->pbs_dirty_bitmap_migration = true;
56 ret->query_bitmap_info = true;
57 + ret->pbs_masterkey = true;
60 diff --git a/qapi/block-core.json b/qapi/block-core.json
61 index f216035d3c..c5023710f5 100644
62 --- a/qapi/block-core.json
63 +++ b/qapi/block-core.json
66 # @key-password: password for keyfile (optional for format 'pbs')
68 +# @master-keyfile: PEM-formatted master public keyfile (optional for format 'pbs')
70 # @fingerprint: server cert fingerprint (optional for format 'pbs')
72 # @backup-id: backup ID (required for format 'pbs')
76 '*key-password': 'str',
77 + '*master-keyfile': 'str',
78 '*fingerprint': 'str',
80 '*backup-time': 'int',
82 # migration cap if this is false/unset may lead
83 # to crashes on migration!
85 +# @pbs-masterkey: True if the QMP backup call supports the 'master_keyfile'
88 # @pbs-library-version: Running version of libproxmox-backup-qemu0 library.
92 'query-bitmap-info': 'bool',
93 'pbs-dirty-bitmap-savevm': 'bool',
94 'pbs-dirty-bitmap-migration': 'bool',
95 + 'pbs-masterkey': 'bool',
96 'pbs-library-version': 'str' } }