34 Commits

Author SHA1 Message Date
zfeixiang 9c09b74788 upgrade to v1.7 and update owner information
Signed-off-by: zfeixiang <zhangfeixiang9@h-partners.com>
2026-03-27 10:30:44 +08:00
fundavid 786fce4e10 upgrade to v1.6 ee7d74d75a727463046bf380b3de9e602a6e2b40
Signed-off-by: fundavid <fangjiawei8@huawei.com>
2025-03-04 11:03:27 +08:00
Eric Biggers bdf3675192 Makefile: fix a typo
Signed-off-by: Eric Biggers <ebiggers@google.com>
2022-01-18 14:38:50 -08:00
Eric Biggers 84854db9b6 Support automatically building BoringSSL for testing
Signed-off-by: Eric Biggers <ebiggers@google.com>
2021-12-23 12:59:35 -06:00
Eric Biggers ddc6bc9dae Makefile: use -Wno-deprecated-declarations to avoid OpenSSL 3.0 warnings
Signed-off-by: Eric Biggers <ebiggers@google.com>
2021-09-22 11:55:11 -07:00
Eric Biggers a1243f21c7 Add man page for fsverity
Add a manual page for the fsverity utility, documenting all subcommands
and options.

The page is written in Markdown and is translated to groff using pandoc.
It can be installed by 'make install-man'.

Link: https://lore.kernel.org/r/20210610072056.35190-1-ebiggers@kernel.org
Acked-by: Luca Boccassi <bluca@debian.org>
Reviewed-by: Victor Hsieh <victorhsieh@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
2021-06-10 19:29:33 -07:00
Eric Biggers cf8fa5e5a7 programs/fsverity: Add dump_metadata subcommand
Add a 'fsverity dump_metadata' subcommand which calls
FS_IOC_READ_VERITY_METADATA on a file and prints the returned metadata
to stdout.  There are three subsubcommands, one for each type of
metadata that can be read using the ioctl:

	fsverity dump_metadata merkle_tree FILE
	fsverity dump_metadata descriptor FILE
	fsverity dump_metadata signature FILE

By default the whole metadata item is dumped.  --length and --offset can
be specified to dump only a particular range of the item.

This subcommand will be used by xfstests to test the
FS_IOC_READ_VERITY_METADATA ioctl.

Link: https://lore.kernel.org/r/20210115182402.35691-3-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
2021-02-24 13:32:36 -08:00
Luca Boccassi 160bff5fa2 Allow to build and run sign/digest on Windows
Add some minimal compat type defs, and omit the enable/measure
sources. Also add a way to handle the fact that mingw adds a
.exe extension automatically in the Makefile install rules.

Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201222001033.302274-3-bluca@debian.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-12-22 00:10:39 -08:00
Luca Boccassi b4ece2a612 Wrap ./fsverity in TEST_WRAPPER_PROG too
Allows make check to run fsverity under the desired tool

Signed-off-by: Luca Boccassi <bluca@debian.org>
Link: https://lore.kernel.org/r/20201222001033.302274-2-bluca@debian.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-12-22 00:10:39 -08:00
Luca Boccassi 5b957280e2 Move -D_GNU_SOURCE to CPPFLAGS
Use _GNU_SOURCE consistently in every file rather than just one file.
This is needed for the Windows build in order to consistently get the MinGW
version of printf.

Signed-off-by: Luca Boccassi <bluca@debian.org>
Link: https://lore.kernel.org/r/20201222001033.302274-1-bluca@debian.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-12-22 00:10:39 -08:00
Luca Boccassi 7370b163e7 Restore installation of public header via make install
Fixes: 5ca4c55e33 ("Makefile: generate libfsverity.pc during 'make install'")
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201029091828.3680106-1-luca.boccassi@gmail.com
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-10-29 08:43:01 -07:00
Eric Biggers b561e4a28c Makefile: adjust CFLAGS overriding
Make any user-specified CFLAGS only replace flags that affect the
resulting binary.  Currently that means just "-O2".  Always add the
warning flags, although they can still be disabled by -Wno-*.  This
seems to be closer to what people want; see the discussion at
https://lkml.kernel.org/linux-fscrypt/20201026204831.3337360-1-luca.boccassi@gmail.com/T/#u

Also fix up scripts/run-tests.sh to use appropriate CFLAGS.  That is,
don't specify -Wall since the Makefile now adds it, always specify
-Werror, and usually specify an optimization level too.

Acked-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-10-28 11:59:06 -07:00
Eric Biggers 5ca4c55e33 Makefile: generate libfsverity.pc during 'make install'
The current approach doesn't really work as expected because 'make &&
make PREFIX=/usr install' causes a rebuild due to PREFIX changing.
Avoid this for now by generating libfsverity.pc during 'make install'.

Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-10-28 11:59:06 -07:00
Luca Boccassi 97bc1aa377 programs/fsverity: Add digest subcommand
Add a 'fsverity digest' subcommand that prints the hex-encoded digest of
the specified file(s), ready to be signed offline.  By default the
output is like 'fsverity measure', but if the --for-builtin-sig option
is given, the output is the hex-encoded "struct fsverity_signed_digest"
that the kernel expects to be signed for builtin signatures.

This subcommand is useful in case the integrated signing mechanism with
local cert/key cannot be used.

Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201026191839.3329948-1-luca.boccassi@gmail.com
[EB: commit message, comment, and whitespace tweaks]
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-10-26 13:30:11 -07:00
Eric Biggers 28c86c20a8 Makefile: add LDLIBS to .build-config
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-10-26 10:28:58 -07:00
Eric Biggers b471ad4c25 Makefile: avoid long line in .build-config
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-10-26 10:28:58 -07:00
Luca Boccassi 06632f74ce Generate and install libfsverity.pc
pkg-config is commonly used by libraries to convey information about
compiler flags and dependencies.
As packagers, we heavily rely on it so that all our tools do the right
thing by default regardless of the environment.

Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201026111506.3215328-2-luca.boccassi@gmail.com
[EB: added leading slash to .gitignore entry]
[EB: added dependency on .build-config]
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-10-26 10:28:55 -07:00
Luca Boccassi a06a9eba5c Use pkg-config to get libcrypto build flags
Especially when cross-compiling or other such cases, it might be necessary
to pass additional compiler flags. This is commonly done via pkg-config,
so use it if available, and fall back to the hardcoded -lcrypto if not.

Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201026111506.3215328-1-luca.boccassi@gmail.com
[EB: updated comment at top of file]
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-10-26 10:18:48 -07:00
Luca Boccassi 50d51d8618 Makefile check: use LD_LIBRARY_PATH with USE_SHARED_LIB
When USE_SHARED_LIB is set, the fsverity binary is dynamically linked,
so the check rule fails. Set LD_LIBRARY_PATH to the working directory.

Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Link: https://lore.kernel.org/r/20201020171110.2718640-1-luca.boccassi@gmail.com
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-10-21 11:12:34 -07:00
Eric Biggers a00024e8d7 Move libfsverity.h to its own directory
libfsverity.h is the public API, but the other headers in common/ are
private headers for fsverity-utils.  Move libfsverity.h to its own
directory to make this clear.  This is also needed for Android's build
system in order to restrict the exported headers to libfsverity.h.

This doesn't affect users who are using 'make install', since
'make install' still installs libfsverity.h to the same place,
and it doesn't install any private headers.

Link: https://lore.kernel.org/r/20200923202328.16310-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-09-24 10:36:35 -07:00
Po-Hsu Lin 59fee35c68 Makefile: improve the cc-option compatibility
The build on Ubuntu Xenial with GCC 5.4.0 will fail with:
    cc: error: unrecognized command line option ‘-Wimplicit-fallthrough’

This unsupported flag is not skipped as expected.

It is because of the /bin/sh shell on Ubuntu, DASH, which does not
support this &> redirection. Use 2>&1 to solve this problem.

Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
Link: https://lore.kernel.org/r/20200803030736.6364-1-po-hsu.lin@canonical.com
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-08-03 09:29:58 -07:00
Eric Biggers ab794fd565 Switch to MIT license
This allows libfsverity to be used by software with other common
licenses, e.g. LGPL, MIT, BSD, and Apache 2.0.  It also avoids the
incompatibility that some people perceive between OpenSSL and the GPL.

See discussion at
https://lkml.kernel.org/linux-fscrypt/20200211000037.189180-1-Jes.Sorensen@gmail.com/T/#u

Link: https://lkml.kernel.org/linux-fscrypt/20200731191156.22602-1-ebiggers@kernel.org
Acked-by: Chris Mason <clm@fb.com> # FB copyrighted material
Acked-by: Jes Sorensen <jsorensen@fb.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-08-01 09:59:46 -07:00
Eric Biggers f55528289a Makefile: pass $(CFLAGS) when linking
This makes it easier to use flags that need to be specified for both
compiling and linking.

Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-06-14 23:18:44 -07:00
Eric Biggers 5bd48e9b65 Makefile: make 'make help' show the special targets
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-06-14 23:18:44 -07:00
Eric Biggers 566c7dc17a scripts: add run-tests.sh
Add a script that automatically runs 'make check' in lots of
configurations, runs static analysis, and does a few other tests.

Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-06-05 16:51:47 -07:00
Eric Biggers f8072c6f49 Makefile: improve the 'check' target
- Support $(TEST_WRAPPER_PROG), for valgrind.

- Run a few 'fsverity' commands that don't require kernel support.

Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-06-05 16:51:47 -07:00
Eric Biggers 5cd90ca608 Introduce libfsverity
From the 'fsverity' program, split out a library 'libfsverity'.
Currently it supports computing file measurements ("digests"), and
signing those file measurements for use with the fs-verity builtin
signature verification feature.

Rewritten from patches by Jes Sorensen <jsorensen@fb.com>.
I made a lot of improvements, e.g.:

- Separated library and program source into different directories.
- Drastically improved the Makefile.
- Added 'make check' target and rules to build test programs.
- In the shared lib, only export the functions intended to be public.
- Prefixed global functions with "libfsverity_" so that they don't cause
  conflicts when the library is built as a static library.
- Made library error messages be sent to a user-specified callback
  rather than always be printed to stderr.
- Keep showing OpenSSL error messages.
- Stopped abort()ing in library code, when possible.
- Made libfsverity_digest use native endianness.
- Moved file_size into the merkle_tree_params.
- Made libfsverity_get_hash_name() just return the static strings.
- Made some variables in the API uint32_t instead of uint16_t.
- Shared parse_hash_alg_option() between cmd_enable and cmd_sign.
- Lots of other fixes.

(Folded in a couple Makefile fixes from Jes.)

Reviewed-by: Jes Sorensen <jsorensen@fb.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-05-25 13:45:31 -07:00
Eric Biggers 64b919b111 Split up cmd_sign.c
In preparation for moving most of the functionality of 'fsverity sign'
into a shared library, split up cmd_sign.c into three files:

- cmd_sign.c: the actual command
- compute_digest.c: compute the file measurement
- sign_digest.c: sign the file measurement

No "real" changes; this is just moving code around.

Reviewed-by: Jes Sorensen <jsorensen@fb.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-05-25 13:45:31 -07:00
Eric Biggers 25b594522a Update to match latest kernel changes
- Root hash is now stored in authenticated extensions
- Magic number is now at the very end of the file too
- 'set_measurement' is replaced with 'measure'
- UAPI header now declares on-disk format
- log_tree_blocksize is stored instead of log_arity
- CRC-32 is changed to CRC-32C
- SHA-512 is now supported too

Signed-off-by: Eric Biggers <ebiggers@google.com>
2018-07-27 10:47:02 -07:00
Eric Biggers 75488a2548 Remove old scripts
Signed-off-by: Eric Biggers <ebiggers@google.com>
2018-07-27 10:47:02 -07:00
Eric Biggers 431c67bd2e Rewrite fsveritysetup in C
Make fsveritysetup a subcommand 'setup' of the 'fsverity' program which
previously had just the 'enable' and 'set_measurement' commands.

When signing the file measurement, use libcrypto directly instead of
invoking the 'openssl' binary.

Similarly, build the Merkle tree in C code (using libcrypto for SHA-256,
or zlib for CRC-32) rather than invoking the 'veritysetup' binary.

Other improvements over the original Python script are included as well.

Signed-off-by: Eric Biggers <ebiggers@google.com>
2018-06-27 15:01:06 -07:00
Eric Biggers 8365a29469 Add debian packaging files
Signed-off-by: Eric Biggers <ebiggers@google.com>
2018-04-02 10:18:44 -07:00
Eric Biggers 1e64b3d34e Update for API changes
Signed-off-by: Eric Biggers <ebiggers@google.com>
2018-03-21 17:53:20 -07:00
Eric Biggers 419072235f Add a Makefile which builds the binaries
Signed-off-by: Eric Biggers <ebiggers@google.com>
2018-03-13 11:57:29 -07:00