On Wed Sep 25, 2024 at 3:57 PM EEST, Serge E. Hallyn wrote: > On Wed, Sep 25, 2024 at 12:05:59PM +0300, Jarkko Sakkinen wrote: > > On Wed Sep 25, 2024 at 11:03 AM EEST, Milan Broz wrote: > > > >> Doesn't dm-verity have a maintainer? > > > > > > (This reminds me of a nice comment from Neil about "little walled > > > gardens" between MD & DM. Apparently it applies to other subsystems > > > as well. Sorry, I couldn't resist to mention it :-) > > > > Np, it's just that last and only time I've ever read anything about > > dm-verity was 2011 article :-) > > > > I will rephrase question: does dm-verity have a user? ;-) > > It gets used for integrity guarantees in certain containers, where > the layers of tarballs are replaced by layers of squashfs, with the > dmverity root hash for each layer listed in the signed manifest, e.g. > > github.com/project-stacker/stacker > github.com/project-machine/atomfs > > This is used of course to verify container integrity, and also gets used by > some projects and products to create an RFS from such images during initrd > > github.com/project-machine/mos OK got it! I did some studying and query and to put short it is a merkle tree for rootfs for devices like phones and tablets for instance. I.e. when you modify only on "system update". So... let's check the mainatainers list: ❯ scripts/get_maintainer.pl drivers/md/dm-verity-verify-sig.c Alasdair Kergon <agk@xxxxxxxxxx> (maintainer:DEVICE-MAPPER (LVM)) Mike Snitzer <snitzer@xxxxxxxxxx> (maintainer:DEVICE-MAPPER (LVM)) Mikulas Patocka <mpatocka@xxxxxxxxxx> (maintainer:DEVICE-MAPPER (LVM)) dm-devel@xxxxxxxxxxxxxxx (open list:DEVICE-MAPPER (LVM)) linux-kernel@xxxxxxxxxxxxxxx (open list) Mikulas, I guess you take care of this if I just ack the return value? If that holds, and given that I actually know what verify_pkcs7_signature() does, I think the code patch makes sense to me, and thus: Acked-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx> I.e. I think it uses API correctly. > > -serge BR, Jarkko
