mirrors/libguestfs
1
0
Fork 0
mirror of https://github.com/libguestfs/libguestfs.git synced 2026-03-21 22:53:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4b1e5b0c3f900b0f197885e85f8c917caff3c339
libguestfs/get-kernel/virt-get-kernel.pod
Pino Toscano 4b1e5b0c3f Introduce a --key option in tools that accept keys 
The majority of the tools have already options (--echo-keys &
--keys-from-stdin) to deal with LUKS credentials, although there is no
way to automatically provide credentials.  --keys-from-stdin is
suboptimal, because it is a usable solution only when there is just one
device to open, and no other input passed via stdin to the tool (like
the commands for guestfish).

To overcome this limitation, introduce a new --key option in tools:
* --key /dev/device:file:/filename/with/key
* --key /dev/device:string:the-actual-key
this way it is possible to pass all the credentials needed for the
specific devices to open, with no risk of conflict with stdin, and also
in a secure way (when using the "file" way).

On the technical side: this adds a new "key_store" API for the C tools,
making sure it is used only when needed.  Partially mirror it also for
the OCaml tools, although there will be a conversion to the C API
because the decryption helpers used are in the common C parts.
2018-09-21 10:30:05 +02:00

220 lines
5.2 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
=head1 NAME
virt-get-kernel - Extract kernel and ramdisk from guests
=head1 SYNOPSIS
virt-get-kernel [--options] -d domname
virt-get-kernel [--options] -a disk.img
=head1 DESCRIPTION
This option extracts the kernel and initramfs from a guest.
The format of the disk image is automatically detected unless you
specify it by using the I<--format> option.
In the case where the guest contains multiple kernels, the one with
the highest version number is chosen. To extract arbitrary kernels
from the disk image, see L<guestfish(1)>. To extract the entire
C</boot> directory of a guest, see L<virt-copy-out(1)>.
=head1 OPTIONS
=over 4
=item B<--help>
Display help.
=item B<-a> file
=item B<--add> file
Add I<file> which should be a disk image from a virtual machine.
The format of the disk image is auto-detected. To override this and
force a particular format use the I<--format> option.
=item B<-a> URI
=item B<--add> URI
Add a remote disk. The URI format is compatible with guestfish.
See L<guestfish(1)/ADDING REMOTE STORAGE>.
=item B<--colors>
=item B<--colours>
Use ANSI colour sequences to colourize messages. This is the default
when the output is a tty. If the output of the program is redirected
to a file, ANSI colour sequences are disabled unless you use this
option.
=item B<-c> URI
=item B<--connect> URI
If using libvirt, connect to the given I<URI>. If omitted, then we
connect to the default libvirt hypervisor.
If you specify guest block devices directly (I<-a>), then libvirt is
not used at all.
=item B<-d> guest
=item B<--domain> guest
Add all the disks from the named libvirt guest. Domain UUIDs can be
used instead of names.
=item B<--echo-keys>
When prompting for keys and passphrases, virt-get-kernel normally turns
echoing off so you cannot see what you are typing. If you are not
worried about Tempest attacks and there is no one else in the room
you can specify this flag to see what you are typing.
=item B<--format> raw|qcow2|..
=item B<--format> auto
The default for the I<-a> option is to auto-detect the format of the
disk image. Using this forces the disk format for the I<-a> option
on the command line.
If you have untrusted raw-format guest disk images, you should use
this option to specify the disk format. This avoids a possible
security problem with malicious guests (CVE-2010-3851).
=item B<--key> SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using
the inspection. C<SELECTOR> can be in one of the following formats:
=over 4
=item B<--key> C<DEVICE>:key:KEY_STRING
Use the specified C<KEY_STRING> as passphrase.
=item B<--key> C<DEVICE>:file:FILENAME
Read the passphrase from F<FILENAME>.
=back
=item B<--keys-from-stdin>
Read key or passphrase parameters from stdin. The default is
to try to read passphrases from the user by opening F</dev/tty>.
=item B<--machine-readable>
=item B<--machine-readable>=format
This option is used to make the output more machine friendly
when being parsed by other programs. See
L</MACHINE READABLE OUTPUT> below.
=item B<-o> directory
=item B<--output> directory
This option specifies the output directory where kernel and initramfs
from the guest are written.
If not specified, the default output is the current directory.
=item B<--prefix> prefix
This option specifies a prefix for the extracted files.
If a prefix is specified, then there will be a dash (C<->) after the
prefix and before the rest of the file name; for example, a kernel
in the guest like C<vmlinuz-3.19.0-20-generic> is saved as
C<mydistro-vmlinuz-3.19.0-20-generic> when the prefix is C<mydistro>.
See also I<--unversioned-names>.
=item B<-q>
=item B<--quiet>
Dont print ordinary progress messages.
=item B<--unversioned-names>
This option affects the destination file name of extracted files.
If enabled, files will be saved locally just with the base name;
for example, kernel and ramdisk in the guest like
C<vmlinuz-3.19.0-20-generic> and C<initrd.img-3.19.0-20-generic>
are saved respectively as C<vmlinuz> and C<initrd.img>.
See also I<--prefix>.
=item B<-v>
=item B<--verbose>
Enable verbose messages for debugging.
=item B<-V>
=item B<--version>
Display version number and exit.
=item B<-x>
Enable tracing of libguestfs API calls.
=back
=head1 MACHINE READABLE OUTPUT
The I<--machine-readable> option can be used to make the output more
machine friendly, which is useful when calling virt-get-kernel from
other programs, GUIs etc.
Use the option on its own to query the capabilities of the
virt-get-kernel binary. Typical output looks like this:
$ virt-get-kernel --machine-readable
virt-get-kernel
A list of features is printed, one per line, and the program exits
with status 0.
It is possible to specify a format string for controlling the output;
see L<guestfs(3)/ADVANCED MACHINE READABLE OUTPUT>.
=head1 ENVIRONMENT VARIABLES
For other environment variables which affect all libguestfs programs,
see L<guestfs(3)/ENVIRONMENT VARIABLES>.
=head1 EXIT STATUS
This program returns 0 if successful, or non-zero if there was an
error.
=head1 SEE ALSO
L<guestfs(3)>,
L<guestfish(1)>,
L<guestmount(1)>,
L<virt-copy-out(1)>,
L<http://libguestfs.org/>.
=head1 AUTHOR
Richard W.M. Jones L<http://people.redhat.com/~rjones/>
=head1 COPYRIGHT
Copyright (C) 2013-2018 Red Hat Inc.
Reference in New Issue View Git Blame Copy Permalink