mirror of
https://github.com/libguestfs/libguestfs.git
synced 2026-03-22 07:03:38 +00:00
51ea2e3af9
Introduce a new guestfs API called "clevis_luks_unlock". At the libguestfs
level, it is quite simple; it wraps the "clevis luks unlock" guest command
(implemented by the "clevis-luks-unlock" executable, which is in fact a
shell script).
The complexity is instead in the network-based disk encryption
(Clevis/Tang) scheme. Useful documentation:
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/security_hardening/index#configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening
- https://github.com/latchset/clevis#clevis
- https://github.com/latchset/tang#tang
The package providing "clevis-luks-unlock" is usually called
"clevis-luks", occasionally "clevis". Some distros don't package clevis at
all. Add the new API under a new option group (which may not be available)
called "clevisluks".
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220630122048.19335-3-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 9a3e9a6c03)
Libguestfs is tools and a library for accessing and modifying guest disk images. For more information see the home page: http://libguestfs.org/ For discussion, development, patches, etc. please use the mailing list: http://www.redhat.com/mailman/listinfo/libguestfs To find out how to build libguestfs from source, read: docs/guestfs-building.pod http://libguestfs.org/guestfs-building.1.html man docs/guestfs-building.1 Copyright (C) 2009-2020 Red Hat Inc. The library is distributed under the LGPLv2+. The programs are distributed under the GPLv2+. Please see the files COPYING and COPYING.LIB for full license information. The examples are under a very liberal license.