> All my concerns seem to have been addressed, thanks for your patience and all
> the work on this!
Thanks Panu!
Really appreciate your help with this!
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm
@jessorensen commented on this pull request.
> @@ -14,6 +14,7 @@ DISTCHECK_CONFIGURE_FLAGS = \
--with-audit \
--with-selinux \
--with-imaevm \
+ --with-fsverity \
Hi Panu,
No worries, hope you had a good break! I have been swamped with another project
the l
> > RPM doesn't actually need the fsverity utility to be present, but it does
> > need libfsverity
>
> Yup, the library is what I meant by my comment, not the utility. Thanks for
> adding the check.
>
> I'll need to take closer look at the updated version but overall I think its
> in fair shap
fsverity-utils-1.1 which includes fsverity-utils-devel is now available in
rawhide and Fedora 32, so it should be possible to build this now. Let me know
if you hit any issues.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
> > RPM doesn't actually need the fsverity utility to be present, but it does
> > need libfsverity
>
> Yup, the library is what I meant by my comment, not the utility. Thanks for
> adding the check.
>
> I'll need to take closer look at the updated version but overall I think its
> in fair shap
I have pushed a fix for the configure issue, and configure should fail is one
specifies --with-fsverity and it isn't available.
Apologies if I messed something up, autoconf/automake and I do not get along.
--
You are receiving this because you are subscribed to this thread.
Reply to this email
> Oh, sorry, I've forgot to update "status" here.
>
> We can't merge a patch that fails the CI tests - this fails because fsverity
> is enabled in the CI but the library doesn't exist in Fedora 32. Hardly
> surprising as the library version isn't even released upstream AFAICS. That
> can be wor
I rebased the branch to make sure it applies cleanly to master. I also added an
additional patch, introducing the --verity-algo argument to rpmsign, allowing
the user to specify the algorithm to use for the verity signatures.
Is there anything else you would like me to address at this point?
--
I have pushed the update - let me know if there's anything else that needs
addressing.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1203#issuecomment-638332707_
@jessorensen commented on this pull request.
> @@ -15,6 +15,7 @@
#include
#include
+#include
Nevermind, doing a git reset --hard, cleared some local changes to
preinstall.am, which fixed it. Sorry for the noise.
--
You are receiving this because you are subscribed to this thr
@jessorensen commented on this pull request.
> @@ -15,6 +15,7 @@
#include
#include
+#include
This change breaks the build for me here:
```
libtool: compile: gcc -DHAVE_CONFIG_H -I.. -I.. -I../include/ -I../misc
-DRPMCONFIGDIR=\"/usr/lib/rpm\" -DLOCALSTATEDIR=\"
> Okay, this sounds like its headed to the right direction then, I agree this
> seems like something where the kernel needs to deal with it because it's the
> only thing that can.
>
> I see block size is an argument passed to the ioctl() that enables this
> fsverity for a file, but what does th
> I have been thinking a fair bit about this and I see a couple of options:
>
> 1. We could in principle generate signatures for every supported page size.
> This would require adding more tags, ie. one for each page size.
> 2. Do not install signatures if the page size doesn't match the expected
> Ok, good. For now I think we need to concentrate on the fundamental problem
> of architecture dependency. While most architectures today use 4K pages,
> being common doesn't make it arch independent, and then there even are
> architectures where this is configurable (eg aarch64). A noarch pack
I have pushed an updated patchset into the repo. I think it addresses
everything we discussed, including getting rid of the LENGTH and BLKSZ tags,
adding the --delfilesign option to rpmsign, and switches to base64 encoding.
Let me know if you find anything else that needs addressing or if I mess
@jessorensen commented on this pull request.
> + rpmlog(RPMLOG_DEBUG, "fsverity not supported by file system for
> %s\n",
+ path);
+ break;
+ case EOPNOTSUPP:
+ rpmlog(RPMLOG_DEBUG, "fsverity not enabled on
@jessorensen commented on this pull request.
> @@ -430,6 +438,10 @@ typedef enum rpmSigTag_e {
RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER,
RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18,
RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE +
@jessorensen commented on this pull request.
> @@ -3,7 +3,8 @@
include $(top_srcdir)/rpm.am
AM_CFLAGS = @RPMCFLAGS@
-AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/
+AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/ \
+
@jessorensen commented on this pull request.
> + rpmlog(RPMLOG_DEBUG, "fsverity not supported by file system for
> %s\n",
+ path);
+ break;
+ case EOPNOTSUPP:
+ rpmlog(RPMLOG_DEBUG, "fsverity not enabled on
@jessorensen commented on this pull request.
> if (deleting) { /* Nuke all the signature tags. */
deleteSigs(sigh);
+ deleteFileSigs(sigh);
> The IMA signatures originally were covered by package signature, but that
> breaks some fundamental rpm rules so it was c
@jessorensen commented on this pull request.
> +}
+
+rpmlog(RPMLOG_DEBUG, _("key: %s\n"), key);
+rpmlog(RPMLOG_DEBUG, _("cert: %s\n"), cert);
+
+compr = headerGetString(h, RPMTAG_PAYLOADCOMPRESSOR);
+rpmio_flags = rstrscat(NULL, "r.&qu
@jessorensen commented on this pull request.
> @@ -430,6 +438,10 @@ typedef enum rpmSigTag_e {
RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER,
RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18,
RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE +
@jessorensen commented on this pull request.
> @@ -430,6 +438,10 @@ typedef enum rpmSigTag_e {
RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER,
RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18,
RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE +
@jessorensen commented on this pull request.
> +digest_hex = pgpHexStr(digest->digest, digest->digest_size);
+rpmlog(RPMLOG_DEBUG, _("file(size %li): %s: digest(%i): %s, idx %i\n"),
+ file_size, rpmfiFN(fi), digest->digest_size, digest_hex,
+ rpm
@jessorensen commented on this pull request.
> @@ -166,8 +184,9 @@ int main(int argc, char *argv[])
argerror(_("no arguments given"));
}
-#ifdef WITH_IMAEVM
-if (fileSigningKey && !(sargs.signflags & RPMSIGN_FLAG_IMA)) {
+#if defined(WITH_IMAEVM)
@jessorensen commented on this pull request.
> @@ -494,6 +505,36 @@ static rpmRC includeFileSignatures(Header *sigp, Header
> *hdrp)
#endif
}
+static rpmRC includeVeritySignatures(FD_t fd, Header *sigp, Header *hdrp)
+{
+#ifdef WITH_FSVERITY
+rpmRC rc;
+char *key = rpm
@jessorensen commented on this pull request.
> @@ -3,7 +3,8 @@
include $(top_srcdir)/rpm.am
AM_CFLAGS = @RPMCFLAGS@
-AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/
+AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/ \
+
@jessorensen commented on this pull request.
> + rpmlog(RPMLOG_DEBUG, "fsverity not supported by file system for
> %s\n",
+ path);
+ break;
+ case EOPNOTSUPP:
+ rpmlog(RPMLOG_DEBUG, "fsverity not enabled on
@jessorensen commented on this pull request.
> +}
+
+static char *rpmVeritySignFile(rpmfi fi, size_t *sig_size, char *key,
+ char *keypass, char *cert, uint16_t algo,
+ uint32_t block_size)
+{
+struct libfsverity_merkle_tree_par
@jessorensen commented on this pull request.
> + * Copyright (C) 2020 Facebook
+ *
+ * Author: Jes Sorensen
+ */
+
+#include "system.h"
+
+#include /* RPMSIGTAG & related */
+#include /* rpmlog */
+#include
+#include /
@jessorensen commented on this pull request.
> if (deleting) { /* Nuke all the signature tags. */
deleteSigs(sigh);
+ deleteFileSigs(sigh);
>From my understanding, the package signature covers the file signatures, so we
>cannot remove them without invalidating th
@jessorensen commented on this pull request.
> @@ -71,6 +71,18 @@ void headerMergeLegacySigs(Header h, Header sigh)
case RPMSIGTAG_FILESIGNATURELENGTH:
td.tag = RPMTAG_FILESIGNATURELENGTH;
break;
+ case RPMSIGTAG_VERITYSIGNATURES:
+ td.
@jessorensen commented on this pull request.
> @@ -396,6 +397,16 @@ static void deleteSigs(Header sigh)
headerDel(sigh, RPMSIGTAG_PGP5);
}
+static void deleteFileSigs(Header sigh)
+{
+headerDel(sigh, RPMSIGTAG_FILESIGNATURELENGTH);
+headerDel(sigh, RPMSIGTAG_FILESIGNATU
@jessorensen commented on this pull request.
> @@ -116,8 +116,12 @@ struct rpmfiles_s {
int digestalgo;/*!< File digest algorithm */
int signaturelength; /*!< File signature length */
+int veritysiglength; /*!< Verity signature length */
+
@jessorensen commented on this pull request.
> +}
+
+rpmlog(RPMLOG_DEBUG, _("key: %s\n"), key);
+rpmlog(RPMLOG_DEBUG, _("cert: %s\n"), cert);
+
+compr = headerGetString(h, RPMTAG_PAYLOADCOMPRESSOR);
+rpmio_flags = rstrscat(NULL, "r.&qu
@jessorensen commented on this pull request.
> @@ -430,6 +438,10 @@ typedef enum rpmSigTag_e {
RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER,
RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18,
RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE +
This patchset changes to enable fsverity support natively in RPM. It requires
libfsverity to build, which I have submitted patches for to the fsverity-utils
maintainer.
I have done my best to not break anything with this patchset, but please let me
know if I got something wrong. Further details
adding fsverity support to rpm:
https://github.com/jessorensen/rpm/tree/rpm-fsverity
2: Original fsverity git repo:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/fsverity-utils.git
3: fsverity refactoring providing libfsverity:
* https://www.spinics.net/lists/linux-fscrypt/msg03278.html
> Care to explain to the uninitiated layman such as myself why would we
> want/need this in rpm, since there already is IMA?
Certainly!
IMA and fs-verity operate very differently, in particular IMA is a lot more
complex and and has substantially higher system overhead when reading signed
files
I am currently working on splitting fsverity-utils into a shared library which
will provide the needed functionality for computing digests and signing.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-s
fsverity is a new integrity feature in the kernel, which in combination with
fsverity-utils allows for validating integrity of binaries when data blocks are
read from disk.
This request is to add native rpm support for fsverity signatures, similar to
what is already available in RPM for IMA sig
41 matches
Mail list logo
