From: Jes Sorensen <jes.sorensen@gmail.com>
To: linux-fscrypt@vger.kernel.org
Cc: kernel-team@fb.com, Jes Sorensen <jsorensen@fb.com>
Subject: [PATCH 0/7] Split fsverity-utils into a shared library
Date: Mon, 10 Feb 2020 19:00:30 -0500 [thread overview]
Message-ID: <20200211000037.189180-1-Jes.Sorensen@gmail.com> (raw)
From: Jes Sorensen <jsorensen@fb.com>
Hi,
I am looking at what it will take to add support for fsverity
signatures to rpm, similar to how rpm supports IMA signatures.
In order to do so, it makes sense to split the fsverity util into a
shared library and the command line tool, so the core functions can be
used from other applciations. Alternatively I will have to copy over a
good chunk of the code into rpm, which makes it nasty to support long
term.
This is a first stab at doing that, and I'd like to get some feedback
on the approach.
I basically split it into four functions:
fsverity_cmd_gen_digest(): Build the digest, but do not sign it
fsverity_cmd_sign(): Sign the digest structure
fsverity_cmd_measure(): Measure a file, basically 'fsverity measure'
fsverity_cmd_enable(): Enable verity on a file, basically 'fsverity enable'
If we can agree on the approach, then I am happy to deal with the full
libtoolification etc.
Jes
Jes Sorensen (7):
Build basic shared library
Restructure fsverity_cmd_sign for shared libraries
Make fsverity_cmd_measure() a library function
Make fsverity_cmd_enable a library call()
Rename commands.h to fsverity.h
Move cmdline helper functions to fsverity.c
cmd_sign: fsverity_cmd_sign() into two functions
Makefile | 18 ++-
cmd_enable.c | 133 +------------------
cmd_measure.c | 51 ++------
cmd_sign.c | 168 ++++++------------------
commands.h | 24 ----
fsverity.c | 345 +++++++++++++++++++++++++++++++++++++++++++++++---
fsverity.h | 38 ++++++
util.c | 13 ++
8 files changed, 446 insertions(+), 344 deletions(-)
delete mode 100644 commands.h
create mode 100644 fsverity.h
--
2.24.1
next reply other threads:[~2020-02-11 0:00 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-11 0:00 Jes Sorensen [this message]
2020-02-11 0:00 ` [PATCH 1/7] Build basic shared library Jes Sorensen
2020-02-11 0:00 ` [PATCH 2/7] Restructure fsverity_cmd_sign for shared libraries Jes Sorensen
2020-02-11 0:00 ` [PATCH 3/7] Make fsverity_cmd_measure() a library function Jes Sorensen
2020-02-11 0:00 ` [PATCH 4/7] Make fsverity_cmd_enable a library call() Jes Sorensen
2020-02-11 0:00 ` [PATCH 5/7] Rename commands.h to fsverity.h Jes Sorensen
2020-02-11 0:00 ` [PATCH 6/7] Move cmdline helper functions to fsverity.c Jes Sorensen
2020-02-11 0:00 ` [PATCH 7/7] cmd_sign: fsverity_cmd_sign() into two functions Jes Sorensen
2020-02-11 19:22 ` [PATCH 0/7] Split fsverity-utils into a shared library Eric Biggers
2020-02-11 22:09 ` Jes Sorensen
2020-02-11 23:14 ` Eric Biggers
2020-02-11 23:35 ` Jes Sorensen
2020-02-14 20:35 ` Eric Biggers
2020-02-19 23:49 ` Jes Sorensen
2020-07-30 17:52 ` Eric Biggers
2020-07-31 17:40 ` Jes Sorensen
2020-07-31 17:47 ` Chris Mason
2020-07-31 19:14 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200211000037.189180-1-Jes.Sorensen@gmail.com \
--to=jes.sorensen@gmail.com \
--cc=jsorensen@fb.com \
--cc=kernel-team@fb.com \
--cc=linux-fscrypt@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).