> Ok, good. For now I think we need to concentrate on the fundamental problem 
> of architecture dependency. While most architectures today use 4K pages, 
> being common doesn't make it arch independent, and then there even are 
> architectures where this is configurable (eg aarch64). A noarch package 
> cannot have content that is only valid on some architectures.
> How are we supposed to deal with this?

I have been thinking a fair bit about this and I see a couple of options:
1) We could in principle generate signatures for every supported page size. 
This would require adding more tags, ie. one for each page size.
2) Do not install signatures if the page size doesn't match the expected page 
size of the signature.
3) Work with the kernel to support 4K Merkle tree block size independent of the 
page size.

Right now fsverity is only supported on ext4 and f2fs, both of these currently 
only work with block size == PAGE__SIZE, which is suboptimal. I raised this 
issue on the linux-fscrypt list already.

We are actively working on adding fsverity support to btrfs, and the design 
here is to support 4K Merkle tree blocks independently of the page size.

I think 2) and 3) are the most reasonable approach. The changes to support 4K 
blocks in btrfs should handle the generic kernel code that assumes block size 
== page size, so it should be doable to fix the other file systems to support 
this too.

Thoughts ?

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Rpm-maint mailing list

Reply via email to