| Message ID | 20210603195812.50838-1-ebiggers@kernel.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | Add option to write Merkle tree to a file | expand |
Reviewed-by: Victor Hsieh <victorhsieh@google.com> Thanks Eric! On Thu, Jun 3, 2021 at 1:00 PM Eric Biggers <ebiggers@kernel.org> wrote: > > Make 'fsverity digest' and 'fsverity sign' support writing the Merkle > tree and fs-verity descriptor to files, using new options > '--out-merkle-tree=FILE' and '--out-descriptor=FILE'. > > Normally these new options aren't useful, but they can be needed in > cases where the fs-verity metadata needs to be consumed by something > other than one of the native Linux kernel implementations of fs-verity. > > This is different from 'fsverity dump_metadata' in that > 'fsverity dump_metadata' only works on a file with fs-verity enabled, > whereas these new options are for the userspace file digest computation. > > Supporting this required adding some optional callbacks to > libfsverity_compute_digest(). > > Eric Biggers (4): > lib/compute_digest: add callbacks for getting the verity metadata > programs/test_compute_digest: test the metadata callbacks > programs/utils: add full_pwrite() and preallocate_file() > programs/fsverity: add --out-merkle-tree and --out-descriptor options > > include/libfsverity.h | 46 +++++++++++- > lib/compute_digest.c | 130 +++++++++++++++++++++++++++----- > programs/cmd_digest.c | 7 +- > programs/cmd_sign.c | 17 +++-- > programs/fsverity.c | 88 +++++++++++++++++++++- > programs/fsverity.h | 4 +- > programs/test_compute_digest.c | 133 +++++++++++++++++++++++++++++++++ > programs/utils.c | 59 +++++++++++++++ > programs/utils.h | 3 + > 9 files changed, 458 insertions(+), 29 deletions(-) > > > base-commit: cf8fa5e5a7ac5b3b2dbfcc87e5dbd5f984c2d83a > -- > 2.31.1 >
On Thu, Jun 03, 2021 at 12:58:08PM -0700, Eric Biggers wrote: > Make 'fsverity digest' and 'fsverity sign' support writing the Merkle > tree and fs-verity descriptor to files, using new options > '--out-merkle-tree=FILE' and '--out-descriptor=FILE'. > > Normally these new options aren't useful, but they can be needed in > cases where the fs-verity metadata needs to be consumed by something > other than one of the native Linux kernel implementations of fs-verity. > > This is different from 'fsverity dump_metadata' in that > 'fsverity dump_metadata' only works on a file with fs-verity enabled, > whereas these new options are for the userspace file digest computation. > > Supporting this required adding some optional callbacks to > libfsverity_compute_digest(). > > Eric Biggers (4): > lib/compute_digest: add callbacks for getting the verity metadata > programs/test_compute_digest: test the metadata callbacks > programs/utils: add full_pwrite() and preallocate_file() > programs/fsverity: add --out-merkle-tree and --out-descriptor options > > include/libfsverity.h | 46 +++++++++++- > lib/compute_digest.c | 130 +++++++++++++++++++++++++++----- > programs/cmd_digest.c | 7 +- > programs/cmd_sign.c | 17 +++-- > programs/fsverity.c | 88 +++++++++++++++++++++- > programs/fsverity.h | 4 +- > programs/test_compute_digest.c | 133 +++++++++++++++++++++++++++++++++ > programs/utils.c | 59 +++++++++++++++ > programs/utils.h | 3 + > 9 files changed, 458 insertions(+), 29 deletions(-) > > > base-commit: cf8fa5e5a7ac5b3b2dbfcc87e5dbd5f984c2d83a All applied. - Eric