On Sun, Jan 17, 2021 at 09:20:32AM -0500, Colin Walters wrote: > There's been a good amount of changes since the last libfsverity release. I'm primarily interested in > https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/fsverity-utils.git/commit/?id=f76d01b8ce8ce13538bac89afa8acfea9e2bdd57 > > I have some work in progress to update the ostree fsverity support to use it: > https://github.com/ostreedev/ostree/pull/2269 > > Anything blocking a release? Not really. > > While I'm here, some feedback on the new library APIs: > > - ostree is multi-threaded, and a process global error callback is problematic for that. I think a GLib-style "GError" type which is really just a pair of error code and string is better. It would be annoying for all library functions to dynamically allocate an extended error structure on failure, because callers will forget to free it. So that's not a very good solution either. Couldn't you allocate a per-thread variable (e.g. with pthread_setspecific()) that contains a pointer to your context or message buffer or whatever you need, and use it from the error callback function? Anyway, I can't change the API because it is stable now, and other people are already using libfsverity. > - Supporting passing the keys via file descriptor or byte array would be nice; or perhaps even better than that we should just expose the openssl types and allow passing pre-parsed key+certificate? It sounds like you're interested in using the in-kernel signature verification support. Can you elaborate on why you want to use it (as opposed to e.g. doing the signature verification in userspace), and what security properties you are aiming to achieve with it, and how you would be achieving them? Keep in mind that userspace still needs to verify which files have fs-verity enabled. - Eric
|