Hi, I am working on adding fsverity support to RPM and I am hitting a tricky problem. I am see this with RPM, but it really isn't specific to RPM, and will apply to any method for distribution signatures. fsverity is currently hard-wiring the Merkle tree block size to PAGE_SIZE. This is problematic for a number of reasons, in particular on architectures that can be configured with different page sizes, such as ARM, as well as the case where someone generates a shared 'common' package to be used cross architectures (noarch package in RPM terms). For a package manager to be able to create a generic package with signatures, it basically has to build a signature for every supported page size of the target architecture. Chris Mason is working on adding fsverity support to btrfs, and I understand he is supporting 4K as the default Merkle tree block size, independent of the PAGE_SIZE. Would it be feasible to make ext4 and other file systems support 4K for non 4K page sized systems and make that a general recommendation going forward? Thoughts? Thanks, Jes
|