Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

snap/integrity: new API #14872

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

snap/integrity: new API #14872

wants to merge 10 commits into from
+303 −376

Conversation

sespiros
Copy link
Contributor

This is rebased on top of #14871.

Jira: https://warthogs.atlassian.net/browse/FR-9881

@sespiros
s/i/dmverity: refactor getRootHashFromOutput
b0332b6
@sespiros
s/i/dmverity/veritysetup: add ability to pass options to veritysetup …
27a30c9 
…format

also dmverity.Format will simply return the root hash instead of the old
Info struct since the new design doesn't have a need for a separate header.
@sespiros
s/i/dmverity/veritysetup: add superblock parsing functionality
93aac4a 
adding helpers for retrieving and parsing a dm-verity superblock from a
dm-verity hash device/file. This will be first consumed by the snap
integrity API which will need to detect the salt that was used for the
dm-verity data generation. Moreover callers to dmverity.Format will
need to have a way to retrieve the parameters used by veritysetup if
no parameters are passed (and veritysetup chooses default values).
@sespiros
s/i/dmverity: add default dmverity format version
acc2b8a
This was referenced Dec 17, 2024
Open
Draft
@sespiros sespiros mentioned this pull request Jan 8, 2025
Open
@sespiros sespiros changed the title Snap integrity new api snap/integrity: new API Jan 8, 2025
@sespiros sespiros force-pushed the snap-integrity-new-api branch from a646fa8 to e3c1658 Compare January 10, 2025 00:58
@sespiros
s/integrity: rework snap integrity API
137945b 
the new design simplifies how snap dm-verity data for a corresponding
snap are generated and used by having them as a separate file (i.e
located next to the snap file) instead of attaching them at the end of
their snap file by default.

The extra integrity data header is removed as all the information
needed to mount a snap with its verity data (root hash, salt, other
parameters) will be retrieved from a new integrity stanza in
snap-revision assertions.
@sespiros sespiros force-pushed the snap-integrity-new-api branch from e3c1658 to 137945b Compare January 10, 2025 01:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alfonsosanchezbeato alfonsosanchezbeato Awaiting requested review from alfonsosanchezbeato

@pedronis pedronis Awaiting requested review from pedronis

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@sespiros