From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Stefan Reiter <s.reiter@proxmox.com>
Date: Wed, 10 Feb 2021 11:07:06 +0100
Subject: [PATCH] PBS: add master key support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

this requires a new enough libproxmox-backup-qemu0, and allows querying
from the PVE side to avoid QMP calls with unsupported parameters.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
[FE: adapt to QAPI change dropping redundant has_*]
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
 block/monitor/block-hmp-cmds.c | 1 +
 pve-backup.c                   | 3 +++
 qapi/block-core.json           | 7 +++++++
 3 files changed, 11 insertions(+)

diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
index 56f39b14d4..f852c70611 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1053,6 +1053,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict)
         NULL, // PBS password
         NULL, // PBS keyfile
         NULL, // PBS key_password
+        NULL, // PBS master_keyfile
         NULL, // PBS fingerprint
         NULL, // PBS backup-id
         false, 0, // PBS backup-time
diff --git a/pve-backup.c b/pve-backup.c
index 4536650b24..0d8bf1c332 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -531,6 +531,7 @@ UuidInfo coroutine_fn *qmp_backup(
     const char *password,
     const char *keyfile,
     const char *key_password,
+    const char *master_keyfile,
     const char *fingerprint,
     const char *backup_id,
     bool has_backup_time, int64_t backup_time,
@@ -679,6 +680,7 @@ UuidInfo coroutine_fn *qmp_backup(
             password,
             keyfile,
             key_password,
+            master_keyfile,
             has_compress ? compress : true,
             has_encrypt ? encrypt : !!keyfile,
             fingerprint,
@@ -1038,5 +1040,6 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp)
     ret->pbs_dirty_bitmap_savevm = true;
     ret->pbs_dirty_bitmap_migration = true;
     ret->query_bitmap_info = true;
+    ret->pbs_masterkey = true;
     return ret;
 }
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 93d924ef79..568feb63ad 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -908,6 +908,8 @@
 #
 # @key-password: password for keyfile (optional for format 'pbs')
 #
+# @master-keyfile: PEM-formatted master public keyfile (optional for format 'pbs')
+#
 # @fingerprint: server cert fingerprint (optional for format 'pbs')
 #
 # @backup-id: backup ID (required for format 'pbs')
@@ -927,6 +929,7 @@
                                     '*password': 'str',
                                     '*keyfile': 'str',
                                     '*key-password': 'str',
+                                    '*master-keyfile': 'str',
                                     '*fingerprint': 'str',
                                     '*backup-id': 'str',
                                     '*backup-time': 'int',
@@ -979,6 +982,9 @@
 #                              migration cap if this is false/unset may lead
 #                              to crashes on migration!
 #
+# @pbs-masterkey: True if the QMP backup call supports the 'master_keyfile'
+#                 parameter.
+#
 # @pbs-library-version: Running version of libproxmox-backup-qemu0 library.
 #
 ##
@@ -987,6 +993,7 @@
             'query-bitmap-info': 'bool',
             'pbs-dirty-bitmap-savevm': 'bool',
             'pbs-dirty-bitmap-migration': 'bool',
+            'pbs-masterkey': 'bool',
             'pbs-library-version': 'str' } }
 
 ##