From: Jes Sorensen <jsorensen@xxxxxx>
Hi
This is an update to the libfsverity patches I posted about a month
ago, which I believe address all the issues in the feedback I received.
I have a version of rpm that requires this library which is able to
sign files and a plugin which will install fsverity signatures when
the rpm is installed. The code for rpm can be found on github - note
that I do rebase the repo as I fix bugs:
https://github.com/jessorensen/rpm/tree/rpm-fsverity
A git tree with these patches can also be found here:
https://git.kernel.org/pub/scm/linux/kernel/git/jes/fsverity-utils.git
This update changes a number of issues:
- Change the API for libfsverity_compute_digest() to take a callback
read function, which is needed to deal with the internal cpio
processing of rpm.
- Provides the option to build fsverity linked statically against
libfsverity
- Makefile support to install libfsverity.so, libfsverity.h and sets
the soname
- Make struct fsverity_descriptor and struct fsverity_hash_alg
internal to the library
- Improved documentation of the API in libfsverity.h
I have a .spec file for it that packages this into an rpm for Fedora,
as well as a packaged version of rpm with fsverity support in it,
which I am happy to share.
Let me know what you think!
Thanks,
Jes
Jes Sorensen (20):
Build basic shared library framework
Change compute_file_measurement() to take a file descriptor as
argument
Move fsverity_descriptor definition to libfsverity.h
Move hash algorithm code to shared library
Create libfsverity_compute_digest() and adapt cmd_sign to use it
Introduce libfsverity_sign_digest()
Validate input arguments to libfsverity_compute_digest()
Validate input parameters for libfsverity_sign_digest()
Document API of libfsverity
Change libfsverity_compute_digest() to take a read function
Make full_{read,write}() return proper error codes instead of bool
libfsverity: Remove dependencies on util.c
Update Makefile to install libfsverity and fsverity.h
Change libfsverity_find_hash_alg_by_name() to return the alg number
Make libfsverity_find_hash_alg_by_name() private to the shared library
libfsverity_sign_digest() use ARRAY_SIZE()
fsverity_cmd_sign() use sizeof() input argument instead of struct
fsverity_cmd_sign() don't exit on error without closing file
descriptor
Improve documentation of libfsverity.h API
Fixup Makefile
Makefile | 49 +++-
cmd_enable.c | 19 +-
cmd_measure.c | 19 +-
cmd_sign.c | 565 +++++------------------------------------
fsverity.c | 17 +-
hash_algs.c | 95 ++++---
hash_algs.h | 36 +--
helpers.h | 43 ++++
libfsverity.h | 138 ++++++++++
libfsverity_private.h | 52 ++++
libverity.c | 572 ++++++++++++++++++++++++++++++++++++++++++
util.c | 15 +-
util.h | 62 +----
13 files changed, 1029 insertions(+), 653 deletions(-)
create mode 100644 helpers.h
create mode 100644 libfsverity.h
create mode 100644 libfsverity_private.h
create mode 100644 libverity.c
--
2.25.3
|