[pve-devel] [PATCH storage 1/1] import: allow upload of qcow2 files into import storage

Dominik Csapak d.csapak at proxmox.com
Thu Mar 13 12:17:53 CET 2025 

so users can upload qcow2 files directly in the ui

Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
 src/PVE/API2/Storage/Status.pm | 17 ++++++++++++++++-
 src/PVE/Storage.pm             |  2 +-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/PVE/API2/Storage/Status.pm b/src/PVE/API2/Storage/Status.pm
index c854b53..b253392 100644
--- a/src/PVE/API2/Storage/Status.pm
+++ b/src/PVE/API2/Storage/Status.pm
@@ -456,6 +456,7 @@ __PACKAGE__->register_method ({
 
 	my $path;
 	my $isOva = 0;
+	my $isQcow2 = 0;
 
 	if ($content eq 'iso') {
 	    if ($filename !~ m![^/]+$PVE::Storage::ISO_EXT_RE_0$!) {
@@ -472,7 +473,12 @@ __PACKAGE__->register_method ({
 		raise_param_exc({ filename => "invalid filename or wrong extension" });
 	    }
 
-	    $isOva = 1;
+	    if ($filename =~ m/\.ova$/) {
+		$isOva = 1;
+	    } elsif ($filename =~ m/\.qcow2$/) {
+		$isQcow2 = 1;
+	    }
+
 	    $path = PVE::Storage::get_import_dir($cfg, $storage);
 	} else {
 	    raise_param_exc({ content => "upload content type '$content' not allowed" });
@@ -543,6 +549,9 @@ __PACKAGE__->register_method ({
 
 		if ($isOva) {
 		    assert_ova_contents($tmpfilename);
+		} elsif ($isQcow2) {
+		    # checks untrusted image
+		    PVE::Storage::file_size_info($tmpfilename, 10, 'qcow2', 1);
 		}
 	    };
 	    if (my $err = $@) {
@@ -667,6 +676,7 @@ __PACKAGE__->register_method({
 
 	my $path;
 	my $isOva = 0;
+	my $isQcow2 = 0;
 
 	if ($content eq 'iso') {
 	    if ($filename !~ m![^/]+$PVE::Storage::ISO_EXT_RE_0$!) {
@@ -685,6 +695,8 @@ __PACKAGE__->register_method({
 
 	    if ($filename =~ m/\.ova$/) {
 		$isOva = 1;
+	    } elsif ($filename =~ m/\.qcow2$/) {
+		$isQcow2 = 1;
 	    }
 
 	    $path = PVE::Storage::get_import_dir($cfg, $storage);
@@ -717,6 +729,9 @@ __PACKAGE__->register_method({
 
 	    if ($isOva) {
 		assert_ova_contents($tmp_path);
+	    } elsif ($isQcow2) {
+		# checks untrusted image
+		PVE::Storage::file_size_info($tmp_path, 10, 'qcow2', 1);
 	    }
 	};
 
diff --git a/src/PVE/Storage.pm b/src/PVE/Storage.pm
index 3b4f041..deed73f 100755
--- a/src/PVE/Storage.pm
+++ b/src/PVE/Storage.pm
@@ -116,7 +116,7 @@ our $BACKUP_EXT_RE_2 = qr/\.(tgz|(?:tar|vma)(?:\.(${\PVE::Storage::Plugin::COMPR
 
 our $IMPORT_EXT_RE_1 = qr/\.(ova|ovf|qcow2|raw|vmdk)/;
 
-our $UPLOAD_IMPORT_EXT_RE_1 = qr/\.(ova)/;
+our $UPLOAD_IMPORT_EXT_RE_1 = qr/\.(ova|qcow2)/;
 
 our $SAFE_CHAR_CLASS_RE = qr/[a-zA-Z0-9\-\.\+\=\_]/;
 our $SAFE_CHAR_WITH_WHITESPACE_CLASS_RE = qr/[ a-zA-Z0-9\-\.\+\=\_]/;
-- 
2.39.5

More information about the pve-devel mailing list