From: David Sterba <dsterba@suse.cz>
To: Boris Burkov <boris@bur.io>
Cc: linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org,
kernel-team@fb.com
Subject: Re: [PATCH v2] btrfs-progs: receive: add support for fs-verity
Date: Tue, 2 Aug 2022 16:52:04 +0200 [thread overview]
Message-ID: <20220802145204.GO13489@twin.jikos.cz> (raw)
In-Reply-To: <e4789647b76c8b45c95256deed1cba583993b8b1.1659031931.git.boris@bur.io>
On Thu, Jul 28, 2022 at 11:14:35AM -0700, Boris Burkov wrote:
> Process an enable_verity cmd by running the enable verity ioctl on the
> file. Since enabling verity denies write access to the file, it is
> important that we don't have any open write file descriptors.
>
> This also revs the send stream format to version 3 with no format
> changes besides the new commands and attributes.
>
> Signed-off-by: Boris Burkov <boris@bur.io>
> --
> Changes for v2:
> - remove verity.h copy, use UAPI
> ---
> cmds/receive-dump.c | 10 +++++++++
> cmds/receive.c | 51 ++++++++++++++++++++++++++++++++++++++++++++
> common/send-stream.c | 16 ++++++++++++++
> common/send-stream.h | 3 +++
> kernel-shared/send.h | 13 +++++++++--
> 5 files changed, 91 insertions(+), 2 deletions(-)
>
> diff --git a/cmds/receive-dump.c b/cmds/receive-dump.c
> index 92e0a4c9a..5d68ecbca 100644
> --- a/cmds/receive-dump.c
> +++ b/cmds/receive-dump.c
> @@ -344,6 +344,15 @@ static int print_fileattr(const char *path, u64 attr, void *user)
> return PRINT_DUMP(user, path, "fileattr", "fileattr=0x%llu", attr);
> }
>
> +static int print_enable_verity (const char *path, u8 algorithm, u32 block_size,
> + int salt_len, char *salt,
> + int sig_len, char *sig, void *user)
> +{
> + return PRINT_DUMP(user, path, "enable_verity",
> + "algorithm=%u block_size=%u salt_len=%d sig_len=%d",
> + algorithm, block_size, salt_len, sig_len);
> +}
> +
> struct btrfs_send_ops btrfs_print_send_ops = {
> .subvol = print_subvol,
> .snapshot = print_snapshot,
> @@ -369,4 +378,5 @@ struct btrfs_send_ops btrfs_print_send_ops = {
> .encoded_write = print_encoded_write,
> .fallocate = print_fallocate,
> .fileattr = print_fileattr,
> + .enable_verity = print_enable_verity,
> };
> diff --git a/cmds/receive.c b/cmds/receive.c
> index aec324587..c4778d6c0 100644
> --- a/cmds/receive.c
> +++ b/cmds/receive.c
> @@ -39,6 +39,7 @@
> #include <sys/uio.h>
> #include <sys/xattr.h>
> #include <linux/fs.h>
> +#include <linux/fsverity.h>
This fails on Centos 7 that is used as base for build support. As
mentioned before, we can either ship local header to make it compile or
ifdef it out and skip verity records on receive side. We already have
conditional compresion support for receive, but mostly it's by user
choice not because of lack of support.
You can test if it builds with docker and ci/ci-build-centos7 .
next prev parent reply other threads:[~2022-08-02 14:57 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-28 18:14 [PATCH v2] btrfs-progs: receive: add support for fs-verity Boris Burkov
2022-08-02 14:52 ` David Sterba [this message]
2022-08-02 20:41 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220802145204.GO13489@twin.jikos.cz \
--to=dsterba@suse.cz \
--cc=boris@bur.io \
--cc=kernel-team@fb.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).