diff options
| author | Colin Walters <walters@verbum.org> | 2019-10-25 22:07:44 +0000 |
|---|---|---|
| committer | Colin Walters <walters@verbum.org> | 2020-01-27 15:44:16 +0000 |
| commit | 58fa579b1be19104025b1f71b4e52a255cc2a50b (patch) | |
| tree | 5d82a00c10cb4858e496317612c8d3c9af33e23d /src/libostree/ostree-repo-private.h | |
| parent | 570de2989c4685943b4907512939de7b3f24132c (diff) | |
| download | ostree-58fa579b1be19104025b1f71b4e52a255cc2a50b.tar.gz | |
Initial fs-verity support
Using fs-verity is natural for OSTree because it's file-based,
as opposed to block based (like dm-verity). This only covers
files - not symlinks or directories. And we clearly need to
have integrity for the deployment directories at least.
Also, what we likely need is an API that supports signing files
as they're committed.
So making this truly secure would need a lot more work. Nevertheless,
I think it's time to start experimenting with it. Among other things,
it does *finally* add an API that makes files immutable, which will
help against some accidental damage.
This is basic enablement work that is being driven by
Fedora CoreOS; see also https://github.com/coreos/coreos-assembler/pull/876
Diffstat (limited to 'src/libostree/ostree-repo-private.h')
| -rw-r--r-- | src/libostree/ostree-repo-private.h | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/src/libostree/ostree-repo-private.h b/src/libostree/ostree-repo-private.h index b57ad799..3b629913 100644 --- a/src/libostree/ostree-repo-private.h +++ b/src/libostree/ostree-repo-private.h @@ -22,6 +22,7 @@ #pragma once #include <sys/statvfs.h> +#include "config.h" #include "otutil.h" #include "ostree-ref.h" #include "ostree-repo.h" @@ -97,6 +98,12 @@ typedef struct { fsblkcnt_t max_blocks; } OstreeRepoTxn; +typedef enum { + _OSTREE_FEATURE_NO, + _OSTREE_FEATURE_MAYBE, + _OSTREE_FEATURE_YES, +} _OstreeFeatureSupport; + /** * OstreeRepo: * @@ -127,6 +134,8 @@ struct OstreeRepo { GMutex txn_lock; OstreeRepoTxn txn; gboolean txn_locked; + _OstreeFeatureSupport fs_verity_wanted; + _OstreeFeatureSupport fs_verity_supported; GMutex cache_lock; guint dirmeta_cache_refcount; @@ -471,4 +480,15 @@ OstreeRepoAutoLock * _ostree_repo_auto_lock_push (OstreeRepo *self, void _ostree_repo_auto_lock_cleanup (OstreeRepoAutoLock *lock); G_DEFINE_AUTOPTR_CLEANUP_FUNC (OstreeRepoAutoLock, _ostree_repo_auto_lock_cleanup) +gboolean +_ostree_tmpf_fsverity_core (GLnxTmpfile *tmpf, + _OstreeFeatureSupport fsverity_requested, + gboolean *supported, + GError **error); + +gboolean +_ostree_tmpf_fsverity (OstreeRepo *self, + GLnxTmpfile *tmpf, + GError **error); + G_END_DECLS |