From: Jes Sorensen <jsorensen@xxxxxx> Hi, I am looking at what it will take to add support for fsverity signatures to rpm, similar to how rpm supports IMA signatures. In order to do so, it makes sense to split the fsverity util into a shared library and the command line tool, so the core functions can be used from other applciations. Alternatively I will have to copy over a good chunk of the code into rpm, which makes it nasty to support long term. This is a first stab at doing that, and I'd like to get some feedback on the approach. I basically split it into four functions: fsverity_cmd_gen_digest(): Build the digest, but do not sign it fsverity_cmd_sign(): Sign the digest structure fsverity_cmd_measure(): Measure a file, basically 'fsverity measure' fsverity_cmd_enable(): Enable verity on a file, basically 'fsverity enable' If we can agree on the approach, then I am happy to deal with the full libtoolification etc. Jes Jes Sorensen (7): Build basic shared library Restructure fsverity_cmd_sign for shared libraries Make fsverity_cmd_measure() a library function Make fsverity_cmd_enable a library call() Rename commands.h to fsverity.h Move cmdline helper functions to fsverity.c cmd_sign: fsverity_cmd_sign() into two functions Makefile | 18 ++- cmd_enable.c | 133 +------------------ cmd_measure.c | 51 ++------ cmd_sign.c | 168 ++++++------------------ commands.h | 24 ---- fsverity.c | 345 +++++++++++++++++++++++++++++++++++++++++++++++--- fsverity.h | 38 ++++++ util.c | 13 ++ 8 files changed, 446 insertions(+), 344 deletions(-) delete mode 100644 commands.h create mode 100644 fsverity.h -- 2.24.1
|