atomfs: verify root hash for existing devices #259
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Let's get rid of the FIXME's and make re-use of existing devices actually safe. We can access the existing root-hash through device-mapper directly (there does not seem to be any way through cryptsetup). Of course, there is no static-build-able version of libdevmapper bindings anywhere (the only real bindings are in moby/docker, and they disabled static builds some time ago). So, let's just write our own tiny bit of cgo for the stuff we want to extract. Note that there is already a test case for the happy path: the third test case in test/atomfs.bats relies on pre-existing verity devices, so we only add a negative test case here. Signed-off-by: Tycho Andersen <tycho@tycho.pizza>
We choose the AllowMissing double negative because that allows for a default to false so that things are secure-by-default. Signed-off-by: Tycho Andersen <tycho@tycho.pizza>
tych0
force-pushed
the
add-devmapper-calls
branch
from
af72448 to
3602f83
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Let's get rid of the FIXME's and make re-use of existing devices actually
safe. We can access the existing root-hash through device-mapper directly
(there does not seem to be any way through cryptsetup). Of course, there is
no static-build-able version of libdevmapper bindings anywhere (the only
real bindings are in moby/docker, and they disabled static builds some time
ago). So, let's just write our own tiny bit of cgo for the stuff we want to
extract.
Note that there is already a test case for the happy path: the third test
case in test/atomfs.bats relies on pre-existing verity devices, so we only
add a negative test case here.
Signed-off-by: Tycho Andersen tycho@tycho.pizza