From: Jes Sorensen <jsorensen@xxxxxx>
Hi,
This is an updated version of my patches to split fsverity-utils into
a shared library. This version addresses most of the comments I
received in the last version:
1) Document the API
2) Verified ran xfstest against the build
3) Make struct fsverity_descriptor private
4) Reviewed (and documented) error codes
5) Improved validation of input parameters, and return error if any
reserved field is not zero.
I left struct fsverity_hash_alg in the public API, because it adds
useful information to the user, in particular providing the digest
size, and allows the caller to walk the list to obtain the supported
algorithms. The alternative is to introduce a
libverity_get_digest_size() call.
I still need to add some self-tests to the build and deal with the
soname stuff.
Next up is rpm support.
Cheers,
Jes
Jes Sorensen (9):
Build basic shared library framework
Change compute_file_measurement() to take a file descriptor as
argument
Move fsverity_descriptor definition to libfsverity.h
Move hash algorithm code to shared library
Create libfsverity_compute_digest() and adapt cmd_sign to use it
Introduce libfsverity_sign_digest()
Validate input arguments to libfsverity_compute_digest()
Validate input parameters for libfsverity_sign_digest()
Document API of libfsverity
Makefile | 18 +-
cmd_enable.c | 11 +-
cmd_measure.c | 4 +-
cmd_sign.c | 526 +++------------------------------------
fsverity.c | 16 +-
hash_algs.c | 26 +-
hash_algs.h | 27 --
libfsverity.h | 127 ++++++++++
libfsverity_private.h | 33 +++
libverity.c | 559 ++++++++++++++++++++++++++++++++++++++++++
util.h | 2 +
11 files changed, 801 insertions(+), 548 deletions(-)
create mode 100644 libfsverity.h
create mode 100644 libfsverity_private.h
create mode 100644 libverity.c
--
2.24.1
|