Make 'fsverity digest' and 'fsverity sign' support writing the Merkle tree and fs-verity descriptor to files, using new options '--out-merkle-tree=FILE' and '--out-descriptor=FILE'. Normally these new options aren't useful, but they can be needed in cases where the fs-verity metadata needs to be consumed by something other than one of the native Linux kernel implementations of fs-verity. This is different from 'fsverity dump_metadata' in that 'fsverity dump_metadata' only works on a file with fs-verity enabled, whereas these new options are for the userspace file digest computation. Supporting this required adding some optional callbacks to libfsverity_compute_digest(). Eric Biggers (4): lib/compute_digest: add callbacks for getting the verity metadata programs/test_compute_digest: test the metadata callbacks programs/utils: add full_pwrite() and preallocate_file() programs/fsverity: add --out-merkle-tree and --out-descriptor options include/libfsverity.h | 46 +++++++++++- lib/compute_digest.c | 130 +++++++++++++++++++++++++++----- programs/cmd_digest.c | 7 +- programs/cmd_sign.c | 17 +++-- programs/fsverity.c | 88 +++++++++++++++++++++- programs/fsverity.h | 4 +- programs/test_compute_digest.c | 133 +++++++++++++++++++++++++++++++++ programs/utils.c | 59 +++++++++++++++ programs/utils.h | 3 + 9 files changed, 458 insertions(+), 29 deletions(-) base-commit: cf8fa5e5a7ac5b3b2dbfcc87e5dbd5f984c2d83a -- 2.31.1
|