From: Jes Sorensen <jes.sorensen@gmail.com>
To: Eric Biggers <ebiggers@kernel.org>, linux-fscrypt@vger.kernel.org
Cc: jsorensen@fb.com, kernel-team@fb.com
Subject: Re: [PATCH v2 0/3] fsverity-utils: introduce libfsverity
Date: Tue, 26 May 2020 18:25:22 -0400 [thread overview]
Message-ID: <4d485877-9506-b15a-f2f9-c087f1a5d8a2@gmail.com> (raw)
In-Reply-To: <20200525205432.310304-1-ebiggers@kernel.org>
On 5/25/20 4:54 PM, Eric Biggers wrote:
> From the 'fsverity' program, split out a library 'libfsverity'.
> Currently it supports computing file measurements ("digests"), and
> signing those file measurements for use with the fs-verity builtin
> signature verification feature.
>
> Rewritten from patches by Jes Sorensen <jsorensen@fb.com>.
> I made a lot of improvements; see patch 2 for details.
>
> This patchset can also be found at branch "libfsverity" of
> https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/fsverity-utils.git/
>
> Changes v1 => v2:
> - Fold in the Makefile fixes from Jes
> - Rename libfsverity_digest_size() and libfsverity_hash_name()
> - Improve the documentation slightly
> - If a memory allocation fails, print the allocation size
> - Use EBADMSG for invalid cert or keyfile, not EINVAL
> - Make libfsverity_find_hash_alg_by_name() handle NULL
> - Avoid introducing compiler warnings with AOSP's default cflags
> - Don't assume that BIO_new_file() sets errno
> - Other small cleanups
>
> Eric Biggers (3):
> Split up cmd_sign.c
> Introduce libfsverity
> Add some basic test programs for libfsverity
Hi Eric,
Assuming you didn't make any big changes since the previous rev. I have
tested this here, and I can build an fsverity-utils RPM from it, and
build my RPM support with this version, so looks all good from my side.
One feature I would like to have, and this is what I confused in my
previous comments. In addition to a get_digset_size() function, it would
be really useful to also have a get_signature_size() function. This
would be really useful when trying to pre-allocate space for an array of
signatures, or is there no way to get that info from openssl without
creating an actual signature?
Cheers,
Jes
next prev parent reply other threads:[~2020-05-26 22:25 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-25 20:54 [PATCH v2 0/3] fsverity-utils: introduce libfsverity Eric Biggers
2020-05-25 20:54 ` [PATCH v2 1/3] Split up cmd_sign.c Eric Biggers
2020-05-25 20:54 ` [PATCH v2 2/3] Introduce libfsverity Eric Biggers
2020-05-25 20:54 ` [PATCH v2 3/3] Add some basic test programs for libfsverity Eric Biggers
2020-05-26 22:25 ` Jes Sorensen [this message]
2020-05-26 22:43 ` [PATCH v2 0/3] fsverity-utils: introduce libfsverity Eric Biggers
2020-05-27 21:15 ` Eric Biggers
2020-05-28 13:22 ` Jes Sorensen
2020-06-05 16:44 ` Jes Sorensen
2020-06-06 0:46 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4d485877-9506-b15a-f2f9-c087f1a5d8a2@gmail.com \
--to=jes.sorensen@gmail.com \
--cc=ebiggers@kernel.org \
--cc=jsorensen@fb.com \
--cc=kernel-team@fb.com \
--cc=linux-fscrypt@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).