The composefs code will need this.
if (!_ostree_repo_ensure_loose_objdir_at (dest_dfd, tmpbuf, cancellable, error))
return FALSE;
- if (!_ostree_tmpf_fsverity (self, tmpf, error))
+ if (!_ostree_tmpf_fsverity (self, tmpf, NULL, error))
return FALSE;
if (!glnx_link_tmpfile_at (tmpf, GLNX_LINK_TMPFILE_NOREPLACE_IGNORE_EXIST, dest_dfd, tmpbuf,
gboolean _ostree_repo_parse_fsverity_config (OstreeRepo *self, GError **error);
gboolean _ostree_tmpf_fsverity_core (GLnxTmpfile *tmpf, _OstreeFeatureSupport fsverity_requested,
- gboolean *supported, GError **error);
+ GBytes *signature, gboolean *supported, GError **error);
-gboolean _ostree_tmpf_fsverity (OstreeRepo *self, GLnxTmpfile *tmpf, GError **error);
+gboolean _ostree_tmpf_fsverity (OstreeRepo *self, GLnxTmpfile *tmpf, GBytes *signature,
+ GError **error);
gboolean _ostree_fsverity_sign (const char *certfile, const char *keyfile,
const guchar *fsverity_digest, GBytes **data_out,
GCancellable *cancellable, GError **error);
* */
gboolean
_ostree_tmpf_fsverity_core (GLnxTmpfile *tmpf, _OstreeFeatureSupport fsverity_requested,
- gboolean *supported, GError **error)
+ GBytes *signature, gboolean *supported, GError **error)
{
/* Set this by default to simplify the code below */
if (supported)
arg.block_size = 4096; /* FIXME query */
arg.salt_size = 0; /* TODO store salt in ostree repo config */
arg.salt_ptr = 0;
- arg.sig_size = 0; /* We don't currently expect use of in-kernel signature verification */
- arg.sig_ptr = 0;
+ arg.sig_size = signature ? g_bytes_get_size (signature) : 0;
+ arg.sig_ptr = signature ? (guint64)g_bytes_get_data (signature, NULL) : 0;
if (ioctl (tmpf->fd, FS_IOC_ENABLE_VERITY, &arg) < 0)
{
* as well as to support "opportunistic" use (requested and if filesystem supports).
* */
gboolean
-_ostree_tmpf_fsverity (OstreeRepo *self, GLnxTmpfile *tmpf, GError **error)
+_ostree_tmpf_fsverity (OstreeRepo *self, GLnxTmpfile *tmpf, GBytes *signature, GError **error)
{
#ifdef HAVE_LINUX_FSVERITY_H
g_mutex_lock (&self->txn_lock);
}
gboolean supported = FALSE;
- if (!_ostree_tmpf_fsverity_core (tmpf, fsverity_wanted, &supported, error))
+ if (!_ostree_tmpf_fsverity_core (tmpf, fsverity_wanted, signature, &supported, error))
return FALSE;
if (!supported)
_OstreeFeatureSupport boot_verity = _OSTREE_FEATURE_NO;
if (repo->fs_verity_wanted != _OSTREE_FEATURE_NO)
boot_verity = _OSTREE_FEATURE_MAYBE;
- if (!_ostree_tmpf_fsverity_core (&tmp_dest, boot_verity, NULL, error))
+ if (!_ostree_tmpf_fsverity_core (&tmp_dest, boot_verity, NULL, NULL, error))
return FALSE;
if (!glnx_link_tmpfile_at (&tmp_dest, GLNX_LINK_TMPFILE_NOREPLACE, dest_dfd, dest_subpath, error))
projects / ostree.git / commitdiff