On 2025/8/1 16:37, Gao Xiang wrote:
Hi Hongbo,
On 2025/8/1 16:31, Hongbo Li wrote:
...
+#ifdef HAVE_S3
HAVE_S3 is a bit odd, how about using
S3_ENABLED (like LZ4_ENABLED?)
+ " --s3=X generate an index-only image from
s3-compatible object store backend\n"
+ " [,passwd_file=Y] X=endpoint, Y=s3 credentials file\n"
What's s3 credentials file? Is it documented
somewhere? Why is it named as passwd_file?
Can we have an option to pass in accesskey
too?
This follows the format of s3fs-fuse. Storing the ak/sk in a file is
for security purposes. The file permission is set to 600 to prevent
non-root users from accessing the ak/sk.
Understood, I wonder if the format is documented in
the AWS website or somewhere?
AFAIK, the user should download the file which records ak/sk at the
first time when access the target console page. The ak/sk may be saved
in the csv format file. And the AWS website only shows the way to help
user to obtain the ak/sk, such as [1]?
[1]
https://docs.aws.amazon.com/IAM/latest/UserGuide/access-key-self-managed.html
Thanks,
Hongbo
If it's only an implementation in s3fs-fuse, we might
need to document the format in the mkfs.erofs manpage
for example. (Although it's not needed in this patch,
maybe a follow-up patch.)
Also even I agree it's useful for security purposes,
it's still useful to have an _alternative_ way to
pass in plain ak/sk if possible.
`passwd_file` makes sense to me now since s3fs-fuse
uses this name too!
Thanks,
Gao Xiang
[1] https://github.com/s3fs-fuse/s3fs-fuse
Thanks,
Hongbo
