Re: [fsverity-utils PATCH v2 0/4] Add libfsverity_enable() and default params

[Luca Boccassi <Luca.Boccassi@microsoft.com>]

[-- Attachment #1: Type: text/plain, Size: 1611 bytes --]

On Mon, 2020-11-16 at 12:56 -0800, Eric Biggers wrote:
> This patchset adds wrappers around FS_IOC_ENABLE_VERITY to libfsverity,
> makes libfsverity (rather than just the fsverity program) default to
> SHA-256 and 4096-byte blocks, and makes the fsverity commands share code
> to parse the libfsverity_merkle_tree_params.
> 
> This is my proposed alternative to Luca's patch
> https://lkml.kernel.org/linux-fscrypt/20201113143527.1097499-1-luca.boccassi@gmail.com
> 
> Changed since v1:
>   - Moved the default hash algorithm and block size handling into
>     libfsverity.
> 
> Eric Biggers (4):
>   programs/fsverity: change default block size from PAGE_SIZE to 4096
>   lib/compute_digest: add default hash_algorithm and block_size
>   lib: add libfsverity_enable() and libfsverity_enable_with_sig()
>   programs/fsverity: share code to parse tree parameters
> 
>  include/libfsverity.h          | 83 +++++++++++++++++++++++++++++-----
>  lib/compute_digest.c           | 27 ++++++-----
>  lib/enable.c                   | 47 +++++++++++++++++++
>  lib/lib_private.h              |  6 +++
>  programs/cmd_digest.c          | 31 ++-----------
>  programs/cmd_enable.c          | 34 +++-----------
>  programs/cmd_sign.c            | 32 ++-----------
>  programs/fsverity.c            | 35 ++++++++------
>  programs/fsverity.h            | 21 ++++++---
>  programs/test_compute_digest.c | 18 +++++---
>  10 files changed, 201 insertions(+), 133 deletions(-)
>  create mode 100644 lib/enable.c

Tried on my machine, looks great, thank you!

-- 
Kind regards,
Luca Boccassi

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 488 bytes --]