| Message ID | 171444688070.962488.15915265664424203708.stgit@frogsfrogsfrogs (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [1/6] common/verity: enable fsverity for XFS | expand |
On 2024-04-29 20:42:21, Darrick J. Wong wrote: > From: Darrick J. Wong <djwong@kernel.org> > > If verity is enabled on a filesystem, we should create some sample > verity files. > > Signed-off-by: Darrick J. Wong <djwong@kernel.org> > --- > common/populate | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > > > diff --git a/common/populate b/common/populate > index 35071f4210..ab9495e739 100644 > --- a/common/populate > +++ b/common/populate > @@ -520,6 +520,30 @@ _scratch_xfs_populate() { > done > fi > > + # verity merkle trees > + is_verity="$(_xfs_has_feature "$SCRATCH_MNT" verity -v)" > + if [ $is_verity -gt 0 ]; then > + echo "+ fsverity" > + > + # Create a biggish file with all zeroes, because metadump > + # won't preserve data blocks and we don't want the hashes to > + # stop working for our sample fs. Hashes of the data blocks in the merkle tree? All zeros to use .zero_digest in fs-verity? Not sure if got this comment right > + for ((pos = 0, i = 88; pos < 23456789; pos += 234567, i++)); do > + $XFS_IO_PROG -f -c "pwrite -S 0 $pos 234567" "$SCRATCH_MNT/verity" > + done > + > + fsverity enable "$SCRATCH_MNT/verity" > + > + # Create a sparse file > + $XFS_IO_PROG -f -c "pwrite -S 0 0 3" -c "pwrite -S 0 23456789 3" "$SCRATCH_MNT/sparse_verity" > + fsverity enable "$SCRATCH_MNT/sparse_verity" > + > + # Create a salted sparse file > + $XFS_IO_PROG -f -c "pwrite -S 0 0 3" -c "pwrite -S 0 23456789 3" "$SCRATCH_MNT/salted_verity" > + local salt="5846532066696e616c6c7920686173206461746120636865636b73756d732121" # XFS finally has data checksums!! > + fsverity enable --salt="$salt" "$SCRATCH_MNT/salted_verity" > + fi > + > # Copy some real files (xfs tests, I guess...) > echo "+ real files" > test $fill -ne 0 && __populate_fill_fs "${SCRATCH_MNT}" 5 >
On Tue, Apr 30, 2024 at 03:22:50PM +0200, Andrey Albershteyn wrote: > On 2024-04-29 20:42:21, Darrick J. Wong wrote: > > From: Darrick J. Wong <djwong@kernel.org> > > > > If verity is enabled on a filesystem, we should create some sample > > verity files. > > > > Signed-off-by: Darrick J. Wong <djwong@kernel.org> > > --- > > common/populate | 24 ++++++++++++++++++++++++ > > 1 file changed, 24 insertions(+) > > > > > > diff --git a/common/populate b/common/populate > > index 35071f4210..ab9495e739 100644 > > --- a/common/populate > > +++ b/common/populate > > @@ -520,6 +520,30 @@ _scratch_xfs_populate() { > > done > > fi > > > > + # verity merkle trees > > + is_verity="$(_xfs_has_feature "$SCRATCH_MNT" verity -v)" > > + if [ $is_verity -gt 0 ]; then > > + echo "+ fsverity" > > + > > + # Create a biggish file with all zeroes, because metadump > > + # won't preserve data blocks and we don't want the hashes to > > + # stop working for our sample fs. > > Hashes of the data blocks in the merkle tree? All zeros to use > .zero_digest in fs-verity? Not sure if got this comment right Oooh, yeah, I need to go check that. The block elision code might be neutralizing this. --D > > + for ((pos = 0, i = 88; pos < 23456789; pos += 234567, i++)); do > > + $XFS_IO_PROG -f -c "pwrite -S 0 $pos 234567" "$SCRATCH_MNT/verity" > > + done > > + > > + fsverity enable "$SCRATCH_MNT/verity" > > + > > + # Create a sparse file > > + $XFS_IO_PROG -f -c "pwrite -S 0 0 3" -c "pwrite -S 0 23456789 3" "$SCRATCH_MNT/sparse_verity" > > + fsverity enable "$SCRATCH_MNT/sparse_verity" > > + > > + # Create a salted sparse file > > + $XFS_IO_PROG -f -c "pwrite -S 0 0 3" -c "pwrite -S 0 23456789 3" "$SCRATCH_MNT/salted_verity" > > + local salt="5846532066696e616c6c7920686173206461746120636865636b73756d732121" # XFS finally has data checksums!! > > + fsverity enable --salt="$salt" "$SCRATCH_MNT/salted_verity" > > + fi > > + > > # Copy some real files (xfs tests, I guess...) > > echo "+ real files" > > test $fill -ne 0 && __populate_fill_fs "${SCRATCH_MNT}" 5 > > > > -- > - Andrey > >
diff --git a/common/populate b/common/populate index 35071f4210..ab9495e739 100644 --- a/common/populate +++ b/common/populate @@ -520,6 +520,30 @@ _scratch_xfs_populate() { done fi + # verity merkle trees + is_verity="$(_xfs_has_feature "$SCRATCH_MNT" verity -v)" + if [ $is_verity -gt 0 ]; then + echo "+ fsverity" + + # Create a biggish file with all zeroes, because metadump + # won't preserve data blocks and we don't want the hashes to + # stop working for our sample fs. + for ((pos = 0, i = 88; pos < 23456789; pos += 234567, i++)); do + $XFS_IO_PROG -f -c "pwrite -S 0 $pos 234567" "$SCRATCH_MNT/verity" + done + + fsverity enable "$SCRATCH_MNT/verity" + + # Create a sparse file + $XFS_IO_PROG -f -c "pwrite -S 0 0 3" -c "pwrite -S 0 23456789 3" "$SCRATCH_MNT/sparse_verity" + fsverity enable "$SCRATCH_MNT/sparse_verity" + + # Create a salted sparse file + $XFS_IO_PROG -f -c "pwrite -S 0 0 3" -c "pwrite -S 0 23456789 3" "$SCRATCH_MNT/salted_verity" + local salt="5846532066696e616c6c7920686173206461746120636865636b73756d732121" # XFS finally has data checksums!! + fsverity enable --salt="$salt" "$SCRATCH_MNT/salted_verity" + fi + # Copy some real files (xfs tests, I guess...) echo "+ real files" test $fill -ne 0 && __populate_fill_fs "${SCRATCH_MNT}" 5