On 4/24/20 4:54 PM, Jes Sorensen wrote:
> From: Jes Sorensen <jsorensen@xxxxxx>
>
> Hi
>
> This is an update to the libfsverity patches I posted about a month
> ago, which I believe address all the issues in the feedback I received.
Hi Eric,
Wanted to check in and hear if you had a chance to look at this?
Thanks,
Jes
> I have a version of rpm that requires this library which is able to
> sign files and a plugin which will install fsverity signatures when
> the rpm is installed. The code for rpm can be found on github - note
> that I do rebase the repo as I fix bugs:
> https://github.com/jessorensen/rpm/tree/rpm-fsverity
>
> A git tree with these patches can also be found here:
> https://git.kernel.org/pub/scm/linux/kernel/git/jes/fsverity-utils.git
>
> This update changes a number of issues:
> - Change the API for libfsverity_compute_digest() to take a callback
> read function, which is needed to deal with the internal cpio
> processing of rpm.
> - Provides the option to build fsverity linked statically against
> libfsverity
> - Makefile support to install libfsverity.so, libfsverity.h and sets
> the soname
> - Make struct fsverity_descriptor and struct fsverity_hash_alg
> internal to the library
> - Improved documentation of the API in libfsverity.h
>
> I have a .spec file for it that packages this into an rpm for Fedora,
> as well as a packaged version of rpm with fsverity support in it,
> which I am happy to share.
>
> Let me know what you think!
>
> Thanks,
> Jes
>
>
> Jes Sorensen (20):
> Build basic shared library framework
> Change compute_file_measurement() to take a file descriptor as
> argument
> Move fsverity_descriptor definition to libfsverity.h
> Move hash algorithm code to shared library
> Create libfsverity_compute_digest() and adapt cmd_sign to use it
> Introduce libfsverity_sign_digest()
> Validate input arguments to libfsverity_compute_digest()
> Validate input parameters for libfsverity_sign_digest()
> Document API of libfsverity
> Change libfsverity_compute_digest() to take a read function
> Make full_{read,write}() return proper error codes instead of bool
> libfsverity: Remove dependencies on util.c
> Update Makefile to install libfsverity and fsverity.h
> Change libfsverity_find_hash_alg_by_name() to return the alg number
> Make libfsverity_find_hash_alg_by_name() private to the shared library
> libfsverity_sign_digest() use ARRAY_SIZE()
> fsverity_cmd_sign() use sizeof() input argument instead of struct
> fsverity_cmd_sign() don't exit on error without closing file
> descriptor
> Improve documentation of libfsverity.h API
> Fixup Makefile
>
> Makefile | 49 +++-
> cmd_enable.c | 19 +-
> cmd_measure.c | 19 +-
> cmd_sign.c | 565 +++++------------------------------------
> fsverity.c | 17 +-
> hash_algs.c | 95 ++++---
> hash_algs.h | 36 +--
> helpers.h | 43 ++++
> libfsverity.h | 138 ++++++++++
> libfsverity_private.h | 52 ++++
> libverity.c | 572 ++++++++++++++++++++++++++++++++++++++++++
> util.c | 15 +-
> util.h | 62 +----
> 13 files changed, 1029 insertions(+), 653 deletions(-)
> create mode 100644 helpers.h
> create mode 100644 libfsverity.h
> create mode 100644 libfsverity_private.h
> create mode 100644 libverity.c
>
|