Add verity digests for exported block device #1176
Conversation
jiangliu
requested review from
bergwolf,
luodw and
adamqqqplay
and removed request for
a team
|
@jiangliu , a new test job has been submitted. Please wait in patience. The test job url: https://tone.openanolis.cn/ws/nrh4nnio/test_result/61944 |
jiangliu
force-pushed
the
export-block-verity
branch
from
6809123
to
74123f3
Compare
|
@jiangliu , the code has been updated, so a new test job has been submitted. Please wait in patience. The test job url: https://tone.openanolis.cn/ws/nrh4nnio/test_result/61945 |
jiangliu
force-pushed
the
export-block-verity
branch
from
74123f3
to
665f6a4
Compare
|
@jiangliu , the code has been updated, so a new test job has been submitted. Please wait in patience. The test job url: https://tone.openanolis.cn/ws/nrh4nnio/test_result/61969 |
jiangliu
force-pushed
the
export-block-verity
branch
from
665f6a4
to
f96abb0
Compare
|
@jiangliu , the code has been updated, so a new test job has been submitted. Please wait in patience. The test job url: https://tone.openanolis.cn/ws/nrh4nnio/test_result/61979 |
|
@jiangliu , the title has been updated, so a new test job has been submitted. Please wait in patience. The test job url: https://tone.openanolis.cn/ws/nrh4nnio/test_result/61982 |
jiangliu
force-pushed
the
export-block-verity
branch
from
f96abb0
to
8c891f1
Compare
|
@jiangliu , The CI test is completed, please check result:
Congratulations, your test job passed! |
||||||||||||||||||||||||
|
@jiangliu , The CI test is completed, please check result:
Congratulations, your test job passed! |
||||||||||||||||||||||||
Introduce mechanism to generate Merkle tree for verity. Signed-off-by: Jiang Liu <[email protected]>
jiangliu
force-pushed
the
export-block-verity
branch
from
ec78d62
to
be27787
Compare
|
@jiangliu , the code has been updated, so a new test job has been submitted. Please wait in patience. The test job url: https://tone.openanolis.cn/ws/nrh4nnio/test_result/62763 |
|
@jiangliu , The CI test is completed, please check result:
Congratulations, your test job passed! |
||||||||||||||||||||||||
jiangliu
force-pushed
the
export-block-verity
branch
from
be27787
to
7c6d996
Compare
|
@jiangliu , the code has been updated, so a new test job has been submitted. Please wait in patience. The test job url: https://tone.openanolis.cn/ws/nrh4nnio/test_result/62866 |
jiangliu
force-pushed
the
export-block-verity
branch
from
7c6d996
to
7c5a594
Compare
|
@jiangliu , the code has been updated, so a new test job has been submitted. Please wait in patience. The test job url: https://tone.openanolis.cn/ws/nrh4nnio/test_result/62870 |
Add `--verity` option to `nydus-image export --block` to generate dm-verity data for block devices. ``` [root@iZ0jl3vazmhc81dur3xnm3Z image-service]# tar -cvf src.tar src [root@iZ0jl3vazmhc81dur3xnm3Z image-service]# sha256sum src.tar 0e2dbe8b6e0f55f42c75034ed9dfc582ad0a94098cfc248c968522e7ef02e00a src.tar [root@iZ0jl3vazmhc81dur3xnm3Z image-service]# cp src.tar images/0e2dbe8b6e0f55f42c75034ed9dfc582ad0a94098cfc248c968522e7ef02e00a [root@iZ0jl3vazmhc81dur3xnm3Z image-service]# target/debug/nydus-image create -t tar-tarfs -D images/ images/0e2dbe8b6e0f55f42c75034ed9dfc582ad0a94098cfc248c968522e7ef02e00a [2023-03-27 16:32:00.068730 +08:00] INFO successfully built RAFS filesystem: meta blob path: images/90f0e6e7e0ff822d4acddf30c36ac77fe06f549fe58f89a818fa824b19f70d47 data blob size: 0x3c000 data blobs: ["0e2dbe8b6e0f55f42c75034ed9dfc582ad0a94098cfc248c968522e7ef02e00a"] [root@iZ0jl3vazmhc81dur3xnm3Z image-service]# target/debug/nydus-image export --block --verity -D images/ -B images/90f0e6e7e0ff822d4acddf30c36ac77fe06f549fe58f89a818fa824b19f70d47 [2023-03-27 23:49:14.450762 +08:00] INFO RAFS features: COMPRESSION_NONE | HASH_SHA256 | EXPLICIT_UID_GID | TARTFS_MODE dm-verity options: --no-superblock --format=1 -s "" --hash=sha256 --data-block-size=4096 --hash-block-size=4096 --data-blocks 572 --hash-offset 2342912 ab7b417fc284c3b58a72044a996ec55e2c68a8b9dcf10bc469f4e640e5d98e6a losetup -r /dev/loop1 images/90f0e6e7e0ff822d4acddf30c36ac77fe06f549fe58f89a818fa824b19f70d47.disk [root@iZ0jl3vazmhc81dur3xnm3Z image-service]# veritysetup open -v --no-superblock --format=1 -s "" --hash=sha256 --data-block-size=4096 --hash-block-size=4096 --data-blocks 572 --hash-offset 2342912 /dev/loop1 verity /dev/loop1 ab7b417fc284c3b58a72044a996ec55e2c68a8b9dcf10bc469f4e640e5d98e6a [root@iZ0jl3vazmhc81dur3xnm3Z image-service]# veritysetup status verity /dev/mapper/verity is active. type: VERITY status: verified hash type: 1 data block: 4096 hash block: 4096 hash name: sha256 salt: - data device: /dev/loop1 data loop: /root/image-service/images/90f0e6e7e0ff822d4acddf30c36ac77fe06f549fe58f89a818fa824b19f70d47.disk size: 4576 sectors mode: readonly hash device: /dev/loop1 hash loop: /root/image-service/images/90f0e6e7e0ff822d4acddf30c36ac77fe06f549fe58f89a818fa824b19f70d47.disk hash offset: 4576 sectors root hash: ab7b417fc284c3b58a72044a996ec55e2c68a8b9dcf10bc469f4e640e5d98e6a ``` Signed-off-by: Jiang Liu <[email protected]>
jiangliu
force-pushed
the
export-block-verity
branch
from
7c5a594
to
01e59a6
Compare
|
@jiangliu , the code has been updated, so a new test job has been submitted. Please wait in patience. The test job url: https://tone.openanolis.cn/ws/nrh4nnio/test_result/62874 |
|
@jiangliu , The CI test is completed, please check result:
Congratulations, your test job passed! |
||||||||||||||||||||||||
|
@jiangliu , The CI test is completed, please check result:
Congratulations, your test job passed! |
||||||||||||||||||||||||
|
@jiangliu , The CI test is completed, please check result:
Congratulations, your test job passed! |
||||||||||||||||||||||||
| &buf[offset..offset + block_size], | ||
| digest::Algorithm::Sha256, | ||
| ); | ||
| let mut guard = generator.lock().unwrap(); |
There was a problem hiding this comment.
Do we need to put generator.lock.unwrap() out of the while loop?
|
Can we add the usage in the docs? |
Add
--verityoption tonydus-image export --blockto generatedm-verity data for block devices.