On 4/21/20 12:16 PM, Eric Biggers wrote: > On Tue, Apr 21, 2020 at 12:07:07PM -0400, Jes Sorensen wrote: >> On 3/22/20 12:57 AM, Eric Biggers wrote: >>> I thought there was no need for this to be part of the library API? >> >> Hi Eric, >> >> Been busy working on RPM support, but looking at this again now. Given >> that the fsverity signature is a hash of the descriptor, I don't see how >> we can avoid this? >> > > struct fsverity_descriptor isn't signed directly; it's hashed as an intermediate > step in libfsverity_compute_digest(). So why would the library user need the > definition of 'struct fsverity_descriptor'? Hi Eric, You're right, I actually moved it to libfsverity_private.h already, but it's in the new patches I am working on. I pushed it all to git.kernel.org, but I still need to address some of the issues you responded about. I'll post an update to this when I have worked through your list of comments. Most noticeable is that I had to rework the read API to make it work with RPM, but you can find my current tree here (libfsverity branch): https://git.kernel.org/pub/scm/linux/kernel/git/jes/fsverity-utils.git/ Current RPM work is here: https://github.com/jessorensen/rpm/tree/rpm-fsverity Cheers, Jes
|