Re: [dm-devel] [PATCH v2 2/2] dm: verity support data device offset (Linux 3.4.7)
On Aug 8, 2012, at 11:35 PM, Milan Broz wrote: > On 08/09/2012 02:40 AM, Wesley Miaw wrote: >> >> >> This isn't as polished because I pretty much just added support to do >> what I needed. I'm not sure if the LKML is the right place to post, >> so let me know if I should send this somewhere else. > > This is libcryptsetup userspace so better list for this is dmcrypt > mailing list (and/or cc me, I will handle these changes anyway). I will continue this thread on the dm-crypt mailing list. Thanks, -- Wesley Miaw signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [dm-devel] [PATCH v2 2/2] dm: verity support data device offset (Linux 3.4.7)
On 08/09/2012 02:40 AM, Wesley Miaw wrote: > On Aug 8, 2012, at 1:56 PM, Milan Broz wrote: > >> On 08/08/2012 10:46 PM, Wesley Miaw wrote: >> >>> I did modify veritysetup on my own so the format and verify >>> commands will work with regular files on disk instead of having >>> to mount through loop devices. >> >> Which veritysetup? In upstream (cryptsetup repository) it allocates >> loop automatically. (And for userspace verification it doesn't need >> loop at all.) >> >> Anyway, please send a patch for userspace as well then ;-) > > This isn't as polished because I pretty much just added support to do > what I needed. I'm not sure if the LKML is the right place to post, > so let me know if I should send this somewhere else. This is libcryptsetup userspace so better list for this is dmcrypt mailing list (and/or cc me, I will handle these changes anyway). The allocated crypto "file" context cannot be later used for some kind of operations. I do not like this approach musch... You cannot use file argument for dm-target directly, so your patch is useful only for your use case but not for anything else. Anyway, I am sure there is better way how to solve it I just need to understand what the problem is. What's wrong if code allocates loop devices (if argument is file)? Performance? Loop not available? Need root access? Please explain what's the problem first. (btw that patch is mangled by a mailer but not a problem now). > Your previous email implied that veritysetup would need a way to > determine if the data offset option is supported; I did not modify > veritysetup to support this idea as I didn't need it. Once kernel get this option (if you convince upstream:) then I will the option to userspace. We have to handle many dm-crypt extensions so not a big problem for dm-verity as well. Milan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [dm-devel] [PATCH v2 2/2] dm: verity support data device offset (Linux 3.4.7)
On 08/09/2012 02:40 AM, Wesley Miaw wrote: On Aug 8, 2012, at 1:56 PM, Milan Broz wrote: On 08/08/2012 10:46 PM, Wesley Miaw wrote: I did modify veritysetup on my own so the format and verify commands will work with regular files on disk instead of having to mount through loop devices. Which veritysetup? In upstream (cryptsetup repository) it allocates loop automatically. (And for userspace verification it doesn't need loop at all.) Anyway, please send a patch for userspace as well then ;-) This isn't as polished because I pretty much just added support to do what I needed. I'm not sure if the LKML is the right place to post, so let me know if I should send this somewhere else. This is libcryptsetup userspace so better list for this is dmcrypt mailing list (and/or cc me, I will handle these changes anyway). The allocated crypto file context cannot be later used for some kind of operations. I do not like this approach musch... You cannot use file argument for dm-target directly, so your patch is useful only for your use case but not for anything else. Anyway, I am sure there is better way how to solve it I just need to understand what the problem is. What's wrong if code allocates loop devices (if argument is file)? Performance? Loop not available? Need root access? Please explain what's the problem first. (btw that patch is mangled by a mailer but not a problem now). Your previous email implied that veritysetup would need a way to determine if the data offset option is supported; I did not modify veritysetup to support this idea as I didn't need it. Once kernel get this option (if you convince upstream:) then I will the option to userspace. We have to handle many dm-crypt extensions so not a big problem for dm-verity as well. Milan -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [dm-devel] [PATCH v2 2/2] dm: verity support data device offset (Linux 3.4.7)
On Aug 8, 2012, at 11:35 PM, Milan Broz wrote: On 08/09/2012 02:40 AM, Wesley Miaw wrote: This isn't as polished because I pretty much just added support to do what I needed. I'm not sure if the LKML is the right place to post, so let me know if I should send this somewhere else. This is libcryptsetup userspace so better list for this is dmcrypt mailing list (and/or cc me, I will handle these changes anyway). I will continue this thread on the dm-crypt mailing list. Thanks, -- Wesley Miaw signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [dm-devel] [PATCH v2 2/2] dm: verity support data device offset (Linux 3.4.7)
On Thu, Aug 09, 2012 at 12:40:23AM +, Wesley Miaw wrote: > This isn't as polished because I pretty much just added support to do what I > needed. I'm not sure if the LKML is the right place to post, so let me know if > I should send this somewhere else. cryptsetup patches are best sent to the mailing list mentioned at the bottom of the project page http://code.google.com/p/cryptsetup/ viz. dm-cr...@saout.de. Alasdair -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [dm-devel] [PATCH v2 2/2] dm: verity support data device offset (Linux 3.4.7)
On Aug 8, 2012, at 1:56 PM, Milan Broz wrote:
> On 08/08/2012 10:46 PM, Wesley Miaw wrote:
>
>> I did modify veritysetup on my own so the format and verify commands will
>> work with regular files on disk instead of having to mount through loop
>> devices.
>
> Which veritysetup? In upstream (cryptsetup repository) it allocates loop
> automatically.
> (And for userspace verification it doesn't need loop at all.)
>
> Anyway, please send a patch for userspace as well then ;-)
This isn't as polished because I pretty much just added support to do what I
needed. I'm not sure if the LKML is the right place to post, so let me know if
I should send this somewhere else.
Your previous email implied that veritysetup would need a way to determine if
the data offset option is supported; I did not modify veritysetup to support
this idea as I didn't need it.
Thanks.
From: Wesley Miaw
Allow veritysetup format and verify commands to directly operate on regular
files instead of requiring mounts through loop devices.
Signed-off-by: Wesley Miaw
---
cryptsetup/lib/internal.h|1
cryptsetup/lib/libcryptsetup.h | 22
cryptsetup/lib/libcryptsetup.sym |2
cryptsetup/lib/setup.c | 133 -
cryptsetup/lib/utils.c | 12 ++
cryptsetup/src/veritysetup.c | 23 +++--
6 files changed, 183 insertions(+), 10 deletions(-)
--- a/cryptsetup/lib/internal.h 2012-08-08 17:11:20.366392301 -0700
+++ b/cryptsetup/lib/internal.h 2012-08-06 16:17:35.154719491 -0700
@@ -76,6 +76,7 @@ ssize_t read_blockwise(int fd, void *_bu
ssize_t write_lseek_blockwise(int fd, char *buf, size_t count, off_t offset);
int device_ready(struct crypt_device *cd, const char *device, int mode);
int device_size(const char *device, uint64_t *size);
+int file_size(const char *filename, uint64_t *size);
unsigned crypt_getpagesize(void);
--- a/cryptsetup/lib/libcryptsetup.h2012-08-08 17:11:20.375392929 -0700
+++ b/cryptsetup/lib/libcryptsetup.h2012-08-06 16:17:35.159720699 -0700
@@ -56,6 +57,19 @@ struct crypt_device; /* crypt device han
int crypt_init(struct crypt_device **cd, const char *device);
/**
+ * Initial crypt device handle from a file and check if provided file exists.
+ *
+ * @param cd Returns pointer to crypt device handle.
+ * @param filename Path to the backing file.
+ *
+ * @return @e 0 on success or negative errno value otherwise.
+ *
+ * @note Note that logging is not initialized here, possible messages uses
+ * default log function.
+ */
+int crypt_initfile(struct crypt_device **cd, const char *filename);
+
+/**
* Initialize crypt device handle from provided active device name,
* and, optionally, from separate metadata (header) device
* and check if provided device exists.
@@ -237,6 +251,15 @@ void crypt_set_password_verify(struct cr
int crypt_set_data_device(struct crypt_device *cd, const char *device);
/**
+ * Set data file
+ * For VERITY it is data file when hash device is separated.
+ *
+ * @param cd crypt device handle
+ * @param filename path to data file
+ */
+int crypt_set_data_file(struct crypt_device *cd, const char *device);
+
+/**
* @defgroup rng "Cryptsetup RNG"
*
* @addtogroup rng
--- a/cryptsetup/lib/libcryptsetup.sym 2012-08-08 17:11:20.375392930 -0700
+++ b/cryptsetup/lib/libcryptsetup.sym 2012-08-06 16:17:35.160720941 -0700
@@ -1,6 +1,7 @@
CRYPTSETUP_1.0 {
global:
crypt_init;
+ crypt_initfile;
crypt_init_by_name;
crypt_init_by_name_and_header;
crypt_set_log_callback;
@@ -13,6 +14,7 @@ CRYPTSETUP_1.0 {
crypt_set_password_verify;
crypt_set_uuid;
crypt_set_data_device;
+ crypt_set_data_file;
crypt_memory_lock;
crypt_format;
--- a/cryptsetup/lib/setup.c2012-08-08 17:11:20.428396640 -0700
+++ b/cryptsetup/lib/setup.c2012-08-06 16:17:35.192728669 -0700
@@ -25,6 +25,8 @@
#include
#include
#include
+#include
+#include
#include "libcryptsetup.h"
#include "luks.h"
@@ -585,6 +587,56 @@ bad:
return r;
}
+int crypt_initfile(struct crypt_device **cd, const char *filename)
+{
+ struct crypt_device *h = NULL;
+ int fd;
+ struct stat st;
+ int r;
+
+ if (!cd)
+ return -EINVAL;
+
+ if (stat(filename, ) < 0) {
+ log_err(NULL, _("File %s doesn't exist or access denied.\n"),
filename);
+ return -EINVAL;
+ }
+
+ log_dbg("Trying to open and write file %s.", filename);
+ fd = open(filename, O_RDWR);
+ if (fd < 0) {
+ log_err(NULL, _("Cannot open file %s for writeable access.\n"),
filename);
+ return -EINVAL;
+ }
+ close(fd);
+
+ log_dbg("Allocating crypt device %s context.", filename);
+
+ if (!(h = malloc(sizeof(struct crypt_device
+ return
Re: [dm-devel] [PATCH v2 2/2] dm: verity support data device offset (Linux 3.4.7)
On Aug 8, 2012, at 1:56 PM, Milan Broz wrote:
On 08/08/2012 10:46 PM, Wesley Miaw wrote:
I did modify veritysetup on my own so the format and verify commands will
work with regular files on disk instead of having to mount through loop
devices.
Which veritysetup? In upstream (cryptsetup repository) it allocates loop
automatically.
(And for userspace verification it doesn't need loop at all.)
Anyway, please send a patch for userspace as well then ;-)
This isn't as polished because I pretty much just added support to do what I
needed. I'm not sure if the LKML is the right place to post, so let me know if
I should send this somewhere else.
Your previous email implied that veritysetup would need a way to determine if
the data offset option is supported; I did not modify veritysetup to support
this idea as I didn't need it.
Thanks.
From: Wesley Miaw wm...@netflix.com
Allow veritysetup format and verify commands to directly operate on regular
files instead of requiring mounts through loop devices.
Signed-off-by: Wesley Miaw wm...@netflix.com
---
cryptsetup/lib/internal.h|1
cryptsetup/lib/libcryptsetup.h | 22
cryptsetup/lib/libcryptsetup.sym |2
cryptsetup/lib/setup.c | 133 -
cryptsetup/lib/utils.c | 12 ++
cryptsetup/src/veritysetup.c | 23 +++--
6 files changed, 183 insertions(+), 10 deletions(-)
--- a/cryptsetup/lib/internal.h 2012-08-08 17:11:20.366392301 -0700
+++ b/cryptsetup/lib/internal.h 2012-08-06 16:17:35.154719491 -0700
@@ -76,6 +76,7 @@ ssize_t read_blockwise(int fd, void *_bu
ssize_t write_lseek_blockwise(int fd, char *buf, size_t count, off_t offset);
int device_ready(struct crypt_device *cd, const char *device, int mode);
int device_size(const char *device, uint64_t *size);
+int file_size(const char *filename, uint64_t *size);
unsigned crypt_getpagesize(void);
--- a/cryptsetup/lib/libcryptsetup.h2012-08-08 17:11:20.375392929 -0700
+++ b/cryptsetup/lib/libcryptsetup.h2012-08-06 16:17:35.159720699 -0700
@@ -56,6 +57,19 @@ struct crypt_device; /* crypt device han
int crypt_init(struct crypt_device **cd, const char *device);
/**
+ * Initial crypt device handle from a file and check if provided file exists.
+ *
+ * @param cd Returns pointer to crypt device handle.
+ * @param filename Path to the backing file.
+ *
+ * @return @e 0 on success or negative errno value otherwise.
+ *
+ * @note Note that logging is not initialized here, possible messages uses
+ * default log function.
+ */
+int crypt_initfile(struct crypt_device **cd, const char *filename);
+
+/**
* Initialize crypt device handle from provided active device name,
* and, optionally, from separate metadata (header) device
* and check if provided device exists.
@@ -237,6 +251,15 @@ void crypt_set_password_verify(struct cr
int crypt_set_data_device(struct crypt_device *cd, const char *device);
/**
+ * Set data file
+ * For VERITY it is data file when hash device is separated.
+ *
+ * @param cd crypt device handle
+ * @param filename path to data file
+ */
+int crypt_set_data_file(struct crypt_device *cd, const char *device);
+
+/**
* @defgroup rng Cryptsetup RNG
*
* @addtogroup rng
--- a/cryptsetup/lib/libcryptsetup.sym 2012-08-08 17:11:20.375392930 -0700
+++ b/cryptsetup/lib/libcryptsetup.sym 2012-08-06 16:17:35.160720941 -0700
@@ -1,6 +1,7 @@
CRYPTSETUP_1.0 {
global:
crypt_init;
+ crypt_initfile;
crypt_init_by_name;
crypt_init_by_name_and_header;
crypt_set_log_callback;
@@ -13,6 +14,7 @@ CRYPTSETUP_1.0 {
crypt_set_password_verify;
crypt_set_uuid;
crypt_set_data_device;
+ crypt_set_data_file;
crypt_memory_lock;
crypt_format;
--- a/cryptsetup/lib/setup.c2012-08-08 17:11:20.428396640 -0700
+++ b/cryptsetup/lib/setup.c2012-08-06 16:17:35.192728669 -0700
@@ -25,6 +25,8 @@
#include stdarg.h
#include fcntl.h
#include errno.h
+#include sys/types.h
+#include sys/stat.h
#include libcryptsetup.h
#include luks.h
@@ -585,6 +587,56 @@ bad:
return r;
}
+int crypt_initfile(struct crypt_device **cd, const char *filename)
+{
+ struct crypt_device *h = NULL;
+ int fd;
+ struct stat st;
+ int r;
+
+ if (!cd)
+ return -EINVAL;
+
+ if (stat(filename, st) 0) {
+ log_err(NULL, _(File %s doesn't exist or access denied.\n),
filename);
+ return -EINVAL;
+ }
+
+ log_dbg(Trying to open and write file %s., filename);
+ fd = open(filename, O_RDWR);
+ if (fd 0) {
+ log_err(NULL, _(Cannot open file %s for writeable access.\n),
filename);
+ return -EINVAL;
+ }
+ close(fd);
+
+ log_dbg(Allocating crypt device %s context., filename);
+
+ if (!(h =
Re: [dm-devel] [PATCH v2 2/2] dm: verity support data device offset (Linux 3.4.7)
On Thu, Aug 09, 2012 at 12:40:23AM +, Wesley Miaw wrote: This isn't as polished because I pretty much just added support to do what I needed. I'm not sure if the LKML is the right place to post, so let me know if I should send this somewhere else. cryptsetup patches are best sent to the mailing list mentioned at the bottom of the project page http://code.google.com/p/cryptsetup/ viz. dm-cr...@saout.de. Alasdair -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
