| Message ID | 20200424205504.2586682-1-Jes.Sorensen@gmail.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Split fsverity-utils into a shared library | expand |
On 4/24/20 4:54 PM, Jes Sorensen wrote: > From: Jes Sorensen <jsorensen@fb.com> > > Hi > > This is an update to the libfsverity patches I posted about a month > ago, which I believe address all the issues in the feedback I received. Hi Eric, Wanted to check in and hear if you had a chance to look at this? Thanks, Jes > I have a version of rpm that requires this library which is able to > sign files and a plugin which will install fsverity signatures when > the rpm is installed. The code for rpm can be found on github - note > that I do rebase the repo as I fix bugs: > https://github.com/jessorensen/rpm/tree/rpm-fsverity > > A git tree with these patches can also be found here: > https://git.kernel.org/pub/scm/linux/kernel/git/jes/fsverity-utils.git > > This update changes a number of issues: > - Change the API for libfsverity_compute_digest() to take a callback > read function, which is needed to deal with the internal cpio > processing of rpm. > - Provides the option to build fsverity linked statically against > libfsverity > - Makefile support to install libfsverity.so, libfsverity.h and sets > the soname > - Make struct fsverity_descriptor and struct fsverity_hash_alg > internal to the library > - Improved documentation of the API in libfsverity.h > > I have a .spec file for it that packages this into an rpm for Fedora, > as well as a packaged version of rpm with fsverity support in it, > which I am happy to share. > > Let me know what you think! > > Thanks, > Jes > > > Jes Sorensen (20): > Build basic shared library framework > Change compute_file_measurement() to take a file descriptor as > argument > Move fsverity_descriptor definition to libfsverity.h > Move hash algorithm code to shared library > Create libfsverity_compute_digest() and adapt cmd_sign to use it > Introduce libfsverity_sign_digest() > Validate input arguments to libfsverity_compute_digest() > Validate input parameters for libfsverity_sign_digest() > Document API of libfsverity > Change libfsverity_compute_digest() to take a read function > Make full_{read,write}() return proper error codes instead of bool > libfsverity: Remove dependencies on util.c > Update Makefile to install libfsverity and fsverity.h > Change libfsverity_find_hash_alg_by_name() to return the alg number > Make libfsverity_find_hash_alg_by_name() private to the shared library > libfsverity_sign_digest() use ARRAY_SIZE() > fsverity_cmd_sign() use sizeof() input argument instead of struct > fsverity_cmd_sign() don't exit on error without closing file > descriptor > Improve documentation of libfsverity.h API > Fixup Makefile > > Makefile | 49 +++- > cmd_enable.c | 19 +- > cmd_measure.c | 19 +- > cmd_sign.c | 565 +++++------------------------------------ > fsverity.c | 17 +- > hash_algs.c | 95 ++++--- > hash_algs.h | 36 +-- > helpers.h | 43 ++++ > libfsverity.h | 138 ++++++++++ > libfsverity_private.h | 52 ++++ > libverity.c | 572 ++++++++++++++++++++++++++++++++++++++++++ > util.c | 15 +- > util.h | 62 +---- > 13 files changed, 1029 insertions(+), 653 deletions(-) > create mode 100644 helpers.h > create mode 100644 libfsverity.h > create mode 100644 libfsverity_private.h > create mode 100644 libverity.c >
On Thu, May 07, 2020 at 10:03:47AM -0400, Jes Sorensen wrote: > On 4/24/20 4:54 PM, Jes Sorensen wrote: > > From: Jes Sorensen <jsorensen@fb.com> > > > > Hi > > > > This is an update to the libfsverity patches I posted about a month > > ago, which I believe address all the issues in the feedback I received. > > Hi Eric, > > Wanted to check in and hear if you had a chance to look at this? > > Thanks, > Jes > No, it's on my list of things to review though. - Eric
From: Jes Sorensen <jsorensen@fb.com> Hi This is an update to the libfsverity patches I posted about a month ago, which I believe address all the issues in the feedback I received. I have a version of rpm that requires this library which is able to sign files and a plugin which will install fsverity signatures when the rpm is installed. The code for rpm can be found on github - note that I do rebase the repo as I fix bugs: https://github.com/jessorensen/rpm/tree/rpm-fsverity A git tree with these patches can also be found here: https://git.kernel.org/pub/scm/linux/kernel/git/jes/fsverity-utils.git This update changes a number of issues: - Change the API for libfsverity_compute_digest() to take a callback read function, which is needed to deal with the internal cpio processing of rpm. - Provides the option to build fsverity linked statically against libfsverity - Makefile support to install libfsverity.so, libfsverity.h and sets the soname - Make struct fsverity_descriptor and struct fsverity_hash_alg internal to the library - Improved documentation of the API in libfsverity.h I have a .spec file for it that packages this into an rpm for Fedora, as well as a packaged version of rpm with fsverity support in it, which I am happy to share. Let me know what you think! Thanks, Jes Jes Sorensen (20): Build basic shared library framework Change compute_file_measurement() to take a file descriptor as argument Move fsverity_descriptor definition to libfsverity.h Move hash algorithm code to shared library Create libfsverity_compute_digest() and adapt cmd_sign to use it Introduce libfsverity_sign_digest() Validate input arguments to libfsverity_compute_digest() Validate input parameters for libfsverity_sign_digest() Document API of libfsverity Change libfsverity_compute_digest() to take a read function Make full_{read,write}() return proper error codes instead of bool libfsverity: Remove dependencies on util.c Update Makefile to install libfsverity and fsverity.h Change libfsverity_find_hash_alg_by_name() to return the alg number Make libfsverity_find_hash_alg_by_name() private to the shared library libfsverity_sign_digest() use ARRAY_SIZE() fsverity_cmd_sign() use sizeof() input argument instead of struct fsverity_cmd_sign() don't exit on error without closing file descriptor Improve documentation of libfsverity.h API Fixup Makefile Makefile | 49 +++- cmd_enable.c | 19 +- cmd_measure.c | 19 +- cmd_sign.c | 565 +++++------------------------------------ fsverity.c | 17 +- hash_algs.c | 95 ++++--- hash_algs.h | 36 +-- helpers.h | 43 ++++ libfsverity.h | 138 ++++++++++ libfsverity_private.h | 52 ++++ libverity.c | 572 ++++++++++++++++++++++++++++++++++++++++++ util.c | 15 +- util.h | 62 +---- 13 files changed, 1029 insertions(+), 653 deletions(-) create mode 100644 helpers.h create mode 100644 libfsverity.h create mode 100644 libfsverity_private.h create mode 100644 libverity.c