From: Eric Biggers <ebiggers@kernel.org>
To: Allison Karlitskaya <allison.karlitskaya@redhat.com>
Cc: "Theodore Y . Ts'o" <tytso@mit.edu>,
linux-btrfs@vger.kernel.org, fsverity@lists.linux.dev
Subject: Re: [PATCH] btrfs: add FS_IOC_READ_VERITY_METADATA ioctl
Date: Tue, 26 Nov 2024 02:33:13 +0000 [thread overview]
Message-ID: <20241126023313.GA3095319@google.com> (raw)
In-Reply-To: <CAOYeF9W0BUAkrAf0LTpKiD_Au5W8OUdeBZAdDOYxu=HLbC=jHQ@mail.gmail.com>
On Mon, Nov 25, 2024 at 09:06:25PM +0100, Allison Karlitskaya wrote:
> hi Eric,
>
> Thanks for the reply.
>
> On Mon, 25 Nov 2024 at 19:11, Eric Biggers <ebiggers@kernel.org> wrote:
> > At the time, btrfs did not support fs-verity.
>
> Oops. I missed that detail. :) I wonder why they did the
> implementation without the metadata ioctl, then...
>
> Would you like me to change the commit message? (or feel free to do
> it yourself...)
Please go ahead and update it. Thanks!
BTW, I recommend that this be taken through the btrfs tree.
> > This ioctl isn't too useful, but I suppose adding it to btrfs can't hurt.
>
> I ran into the missing implementation because I'm trying to use it here:
> https://github.com/tytso/e2fsprogs/pull/203
> for the ultimate purpose of this:
> https://github.com/containers/composefs-rs/blob/main/examples/uki/build
>
> tl;dr: I'm trying to build filesystem images in user-space with
> fs-verity-enabled files inside of them, by copying the metadata up
> from the host filesystem. I have btrfs on my work machine, so for me
> this ioctl is definitely very useful at the moment. :)
Hmm, interesting. I guess that makes sense, though this wasn't an anticipated
use case for this ioctl. Maybe the documentation for
FS_IOC_READ_VERITY_METADATA in Documentation/filesystems/fsverity.rst could use
an update to mention this use case.
> I guess it's not particularly relevant to verity the functioning of
> this API, though.
>
> In its place, I've included some manual tests for querying the
> merkle_tree (both for a file that gets directly hashed into the
> descriptor, and also for one that requires a tree layer) plus the
> descriptors for those. I'd really prefer if I didn't have to build
> another kernel: my laptop isn't so beefy and this one already took
> most of my work day...
>
> Please let me know if you need any extra information.
Thanks for testing it! It should be enough for now, but in the future for
kernel patches I'm afraid you need to get used to building kernels.
- Eric
next prev parent reply other threads:[~2024-11-26 2:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-25 8:41 [PATCH] btrfs: add FS_IOC_READ_VERITY_METADATA ioctl Allison Karlitskaya
2024-11-25 18:11 ` Eric Biggers
2024-11-25 20:06 ` Allison Karlitskaya
2024-11-26 2:33 ` Eric Biggers [this message]
2024-11-26 15:11 ` David Sterba
2024-11-26 15:23 ` Allison Karlitskaya
2024-11-26 16:23 ` David Sterba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241126023313.GA3095319@google.com \
--to=ebiggers@kernel.org \
--cc=allison.karlitskaya@redhat.com \
--cc=fsverity@lists.linux.dev \
--cc=linux-btrfs@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox