diff options
| author | Richard Jones <rjones@redhat.com> | 2010-07-22 11:00:59 +0100 |
|---|---|---|
| committer | Richard Jones <rjones@redhat.com> | 2010-07-22 16:51:56 +0100 |
| commit | 945e569db64ab2608b21feba0aa94044c9835ac3 (patch) | |
| tree | 26f47a5537c954fd9bb69ff1311c56fa46c20fc1 /src/generator.ml | |
| parent | 2fd8c259d3daa88b0cdf98090bb57f3dbd178432 (diff) | |
| download | libguestfs-945e569db64ab2608b21feba0aa94044c9835ac3.tar.gz libguestfs-945e569db64ab2608b21feba0aa94044c9835ac3.tar.xz libguestfs-945e569db64ab2608b21feba0aa94044c9835ac3.zip | |
New APIs: Support for creating LUKS and managing keys.
This commit adds four APIs for creating new LUKS devices
and key management. These are:
luks_format Format a LUKS device with the default cipher.
luks_format_cipher Format with a chosen cipher.
luks_add_key Add another key to an existing device.
luks_kill_slot Delete a key from an existing device.
This enables all the significant functionality of the
cryptsetup luks* commands.
Note that you can obtain the UUID of a LUKS device already
by using vfs-uuid.
This also includes a regression test covering all the LUKS
functions.
Diffstat (limited to 'src/generator.ml')
| -rwxr-xr-x | src/generator.ml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/src/generator.ml b/src/generator.ml index 372d01e6..ccbc13d3 100755 --- a/src/generator.ml +++ b/src/generator.ml @@ -4916,6 +4916,43 @@ C<device> parameter must be the name of the LUKS mapping device (ie. C</dev/mapper/mapname>) and I<not> the name of the underlying block device."); + ("luks_format", (RErr, [Device "device"; Key "key"; Int "keyslot"]), 260, [Optional "luks"; DangerWillRobinson], + [], + "format a block device as a LUKS encrypted device", + "\ +This command erases existing data on C<device> and formats +the device as a LUKS encrypted device. C<key> is the +initial key, which is added to key slot C<slot>. (LUKS +supports 8 key slots, numbered 0-7)."); + + ("luks_format_cipher", (RErr, [Device "device"; Key "key"; Int "keyslot"; String "cipher"]), 261, [Optional "luks"; DangerWillRobinson], + [], + "format a block device as a LUKS encrypted device", + "\ +This command is the same as C<guestfs_luks_format> but +it also allows you to set the C<cipher> used."); + + ("luks_add_key", (RErr, [Device "device"; Key "key"; Key "newkey"; Int "keyslot"]), 262, [Optional "luks"], + [], + "add a key on a LUKS encrypted device", + "\ +This command adds a new key on LUKS device C<device>. +C<key> is any existing key, and is used to access the device. +C<newkey> is the new key to add. C<keyslot> is the key slot +that will be replaced. + +Note that if C<keyslot> already contains a key, then this +command will fail. You have to use C<guestfs_luks_kill_slot> +first to remove that key."); + + ("luks_kill_slot", (RErr, [Device "device"; Key "key"; Int "keyslot"]), 263, [Optional "luks"], + [], + "remove a key from a LUKS encrypted device", + "\ +This command deletes the key in key slot C<keyslot> from the +encrypted LUKS device C<device>. C<key> must be one of the +I<other> keys."); + ] let all_functions = non_daemon_functions @ daemon_functions |