mirrors/libguestfs
1
0
Fork 0
mirror of https://github.com/libguestfs/libguestfs.git synced 2026-03-22 07:03:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b38e4eff2bec46de7976581ad0c73cf2fb6e73be
libguestfs/diff/virt-diff.pod
Pino Toscano 4b1e5b0c3f Introduce a --key option in tools that accept keys 
The majority of the tools have already options (--echo-keys &
--keys-from-stdin) to deal with LUKS credentials, although there is no
way to automatically provide credentials.  --keys-from-stdin is
suboptimal, because it is a usable solution only when there is just one
device to open, and no other input passed via stdin to the tool (like
the commands for guestfish).

To overcome this limitation, introduce a new --key option in tools:
* --key /dev/device:file:/filename/with/key
* --key /dev/device:string:the-actual-key
this way it is possible to pass all the credentials needed for the
specific devices to open, with no risk of conflict with stdin, and also
in a secure way (when using the "file" way).

On the technical side: this adds a new "key_store" API for the C tools,
making sure it is used only when needed.  Partially mirror it also for
the OCaml tools, although there will be a conversion to the C API
because the decryption helpers used are in the common C parts.
2018-09-21 10:30:05 +02:00

282 lines
6.8 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
=head1 NAME
virt-diff - Differences between files in two virtual machines
=head1 SYNOPSIS
virt-diff [--options] -d domain1 -D domain2
virt-diff [--options] -a disk1.img [-a ...] -A disk2.img [-A ...]
=head1 DESCRIPTION
C<virt-diff> lists the differences between files in two virtual
machines or disk images. The usual use case is to show the
changes in a VM after it has been running for a while, by taking
a snapshot, running the VM, and then using this tool to show
what changed between the new VM state and the old snapshot.
This tool will find differences in filenames, file sizes, checksums,
extended attributes, file content and more from a virtual machine or
disk image. However it B<does not> look at the boot loader, unused
space between partitions or within filesystems, "hidden" sectors and
so on. In other words, it is not a security or forensics tool.
To specify two guests, you have to use the I<-a> or I<-d> option(s)
for the first guest, and the I<-A> or I<-D> option(s) for the second
guest. The common case is:
virt-diff -a old.img -A new.img
or using names known to libvirt:
virt-diff -d oldguest -D newguest
=head1 OPTIONS
=over 4
=item B<--help>
Display brief help.
=item B<-a> file
=item B<--add> file
Add I<file> which should be a disk image from the first virtual
machine. If the virtual machine has multiple block devices, you must
supply all of them with separate I<-a> options.
The format of the disk image is auto-detected. To override this and
force a particular format use the I<--format=..> option.
=item B<-a> URI
=item B<--add> URI
Add a remote disk. See L<guestfish(1)/ADDING REMOTE STORAGE>.
=item B<--all>
Same as I<--extra-stats> I<--times> I<--uids> I<--xattrs>.
=item B<--atime>
The default is to ignore changes in file access times, since those are
unlikely to be interesting. Using this flag shows atime differences
as well.
=item B<-A> file
=item B<-A> URI
Add a disk image from the second virtual machine.
=item B<--checksum>
=item B<--checksum=crc|md5|sha1|sha224|sha256|sha384|sha512>
Use a checksum over file contents to detect when regular files have
changed content.
With no argument, this defaults to using I<md5>. Using an argument,
you can select the checksum type to use. If the flag is omitted then
file times and size are used to determine if a file has changed.
=item B<-c> URI
=item B<--connect> URI
If using libvirt, connect to the given I<URI>. If omitted, then we
connect to the default libvirt hypervisor.
If you specify guest block devices directly (I<-a>), then libvirt is
not used at all.
=item B<--csv>
Write out the results in CSV format (comma-separated values). This
format can be imported easily into databases and spreadsheets, but
read L</NOTE ABOUT CSV FORMAT> below.
=item B<--dir-links>
The default is to ignore changes in the number of links in directory
entries, since those are unlikely to be interesting. Using this flag
shows changes to the nlink field of directories.
=item B<--dir-times>
The default is to ignore changed times on directory entries, since
those are unlikely to be interesting. Using this flag shows changes
to the time fields of directories.
=item B<-d> guest
=item B<--domain> guest
Add all the disks from the named libvirt guest, as the first guest.
Domain UUIDs can be used instead of names.
=item B<-D> guest
Add all the disks from the named libvirt guest, as the second guest.
Domain UUIDs can be used instead of names.
=item B<--echo-keys>
When prompting for keys and passphrases, virt-diff normally turns
echoing off so you cannot see what you are typing. If you are not
worried about Tempest attacks and there is no one else in the room you
can specify this flag to see what you are typing.
=item B<--extra-stats>
Display extra stats.
=item B<--format=raw|qcow2|..>
=item B<--format>
The default for the I<-a>/I<-A> option is to auto-detect the format of
the disk image. Using this forces the disk format for I<-a>/I<-A>
options which follow on the command line. Using I<--format> with no
argument switches back to auto-detection for subsequent I<-a>/I<-A>
options.
For example:
virt-diff --format=raw -a disk.img [...]
forces raw format (no auto-detection) for F<disk.img>.
virt-diff --format=raw -a disk.img --format -a another.img [...]
forces raw format (no auto-detection) for F<disk.img> and reverts to
auto-detection for F<another.img>.
If you have untrusted raw-format guest disk images, you should use
this option to specify the disk format. This avoids a possible
security problem with malicious guests (CVE-2010-3851).
=item B<-h>
=item B<--human-readable>
Display file sizes in human-readable format.
=item B<--key> SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using
the inspection. C<SELECTOR> can be in one of the following formats:
=over 4
=item B<--key> C<DEVICE>:key:KEY_STRING
Use the specified C<KEY_STRING> as passphrase.
=item B<--key> C<DEVICE>:file:FILENAME
Read the passphrase from F<FILENAME>.
=back
=item B<--keys-from-stdin>
Read key or passphrase parameters from stdin. The default is
to try to read passphrases from the user by opening F</dev/tty>.
=item B<--times>
Display time fields.
=item B<--time-days>
Display time fields as days before now (negative if in the future).
Note that C<0> in output means "up to 1 day before now", or that the
age of the file is between 0 and 86399 seconds.
=item B<--time-relative>
Display time fields as seconds before now (negative if in the future).
=item B<--time-t>
Display time fields as seconds since the Unix epoch.
=item B<--uids>
Display UID and GID fields.
=item B<-v>
=item B<--verbose>
Enable verbose messages for debugging.
=item B<-V>
=item B<--version>
Display version number and exit.
=item B<-x>
Enable tracing of libguestfs API calls.
=item B<--xattrs>
Display extended attributes.
=back
=head1 NOTE ABOUT CSV FORMAT
Comma-separated values (CSV) is a deceptive format. It I<seems> like
it should be easy to parse, but it is definitely not easy to parse.
Myth: Just split fields at commas. Reality: This does I<not> work
reliably. This example has two columns:
"foo,bar",baz
Myth: Read the file one line at a time. Reality: This does I<not>
work reliably. This example has one row:
"foo
bar",baz
For shell scripts, use C<csvtool> (L<https://github.com/Chris00/ocaml-csv>
also packaged in major Linux distributions).
For other languages, use a CSV processing library (eg. C<Text::CSV>
for Perl or Pythons built-in csv library).
Most spreadsheets and databases can import CSV directly.
=head1 EXIT STATUS
This program returns 0 if successful, or non-zero if there was an
error.
=head1 SEE ALSO
L<guestfs(3)>,
L<guestfish(1)>,
L<virt-cat(1)>,
L<virt-copy-out(1)>,
L<virt-ls(1)>,
L<virt-tar-out(1)>,
L<http://libguestfs.org/>.
=head1 AUTHOR
Richard W.M. Jones L<http://people.redhat.com/~rjones/>
=head1 COPYRIGHT
Copyright (C) 2009-2018 Red Hat Inc.
Reference in New Issue View Git Blame Copy Permalink