From 2087e7cc862c3ef3fd8c867c059b70351f1f6af4 Mon Sep 17 00:00:00 2001 From: Christian Limpach Date: Tue, 8 Dec 2009 20:04:45 +0000 Subject: [PATCH] Fix vhd crypt support: - use full path to cryptsetup - actually use the crypt dev after setting it up - use the specified key-file name instead of the empty string --- xenvm/vmact.ml | 6 +++--- xenvm/vmconfig.ml | 17 +++++------------ 2 files changed, 8 insertions(+), 15 deletions(-) diff --git a/xenvm/vmact.ml b/xenvm/vmact.ml index 7331156..8ca4e21 100644 --- a/xenvm/vmact.ml +++ b/xenvm/vmact.ml @@ -109,7 +109,7 @@ let cryptsetup_create name device cipher keysize keyfile = "--key-file"; keyfile ] in let _ = - try Forkhelpers.execute_command_get_output ~withpath:false "cryptsetup" opts + try Forkhelpers.execute_command_get_output ~withpath:true "/sbin/cryptsetup" opts with Forkhelpers.Spawn_internal_error (log, output, status) -> let s = sprintf "output=%S status=%s" output (string_of_unix_process status) in raise (Cryptsetup_failure ("create", name, s)) @@ -119,7 +119,7 @@ let cryptsetup_create name device cipher keysize keyfile = let cryptsetup_remove name = let opts = [ "remove"; name ] in let _ = - try Forkhelpers.execute_command_get_output ~withpath:false "cryptsetup" opts + try Forkhelpers.execute_command_get_output ~withpath:true "/sbin/cryptsetup" opts with Forkhelpers.Spawn_internal_error (log, output, status) -> let s = sprintf "output=%S status=%s" output (string_of_unix_process status) in raise (Cryptsetup_failure ("remove", name, s)) @@ -138,7 +138,7 @@ let add_disk_to_vm ~xs state disk = dc.disk_crypt_key_file ) disk.disk_crypt in state.vm_tap2_disks <- (disk, tap2dev, cryptdev) :: state.vm_tap2_disks; - tap2dev, Device.Vbd.Phys + (default tap2dev (may (fun x -> "/dev/mapper/" ^ x) cryptdev)), Device.Vbd.Phys | _ -> disk.disk_physpath, disk.disk_physty in diff --git a/xenvm/vmconfig.ml b/xenvm/vmconfig.ml index af905e8..f04188c 100644 --- a/xenvm/vmconfig.ml +++ b/xenvm/vmconfig.ml @@ -347,20 +347,13 @@ let config_disk_of_string s = | _ -> failwith "need at least 5 arguments for disk" in - let crypt_cipher, crypt_key_size, crypt_key_file = - (try Some (List.assoc "cipher" kvs) with Not_found -> None), - (try Some (List.assoc "key-size" kvs) with Not_found -> None), - (try Some (List.assoc "key-file" kvs) with Not_found -> None) - in let dc = - if crypt_cipher = None && crypt_key_size = None && crypt_key_file = None then - None - else - Some { - disk_crypt_cipher = (match crypt_cipher with None -> "aes-xts-plain" | Some c -> c); - disk_crypt_key_size = (match crypt_key_size with None -> 256 | Some i -> int_of_string i); - disk_crypt_key_file = ""; + try Some { + disk_crypt_key_file = (List.assoc "key-file" kvs); + disk_crypt_cipher = (try (List.assoc "cipher" kvs) with Not_found -> "aes-xts-plain"); + disk_crypt_key_size = (try int_of_string (List.assoc "key-size" kvs) with Not_found -> 256); } + with Not_found -> None in { disk_physpath = physpath; -- 2.39.5