rpmsignverity: Add verity signature headers to the package

This adds the array of verity signatures, and a signature length header. We use 4K block for the Merkle tree, and rely on the kernel doing the right thing. Signed-off-by: Jes Sorensen <jsorensen@fb.com>
author: Jes Sorensen <jsorensen@fb.com> 2020-04-09 12:58:17 -0400
committer: Panu Matilainen <pmatilai@redhat.com> 2020-09-04 13:22:38 +0300
commit: 9644bbd5b33c5efdf58898cb8a04ecd39b208be4 (patch)
tree: 4719c0cfb1f4b148b30a2b37f3b07a5a25446a44 /sign/rpmsignverity.h
parent: 37d90512585375ffd3085fa9607ffa92d4ecf2a2 (diff)
download: rpm-9644bbd5b33c5efdf58898cb8a04ecd39b208be4.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/sign/rpmsignverity.h b/sign/rpmsignverity.h
index f3ad3bb18..69bbaf7f7 100644
--- a/sign/rpmsignverity.h
+++ b/sign/rpmsignverity.h
@@ -8,6 +8,13 @@
 extern "C" {
 #endif
 
+/*
+ * Block size used to generate the Merkle tree for fsverity. For now
+ * we only support 4K blocks, if we ever decide to support different
+ * block sizes, we will need a tag to indicate this.
+ */
+#define RPM_FSVERITY_BLKSZ	4096
+
 /**
  * Sign file digests in header into signature header
  * @param fd		file descriptor of RPM
author	Jes Sorensen <jsorensen@fb.com>	2020-04-09 12:58:17 -0400
committer	Panu Matilainen <pmatilai@redhat.com>	2020-09-04 13:22:38 +0300
commit	9644bbd5b33c5efdf58898cb8a04ecd39b208be4 (patch)
tree	4719c0cfb1f4b148b30a2b37f3b07a5a25446a44 /sign/rpmsignverity.h
parent	37d90512585375ffd3085fa9607ffa92d4ecf2a2 (diff)
download	rpm-9644bbd5b33c5efdf58898cb8a04ecd39b208be4.tar.gz