libmount: add support for verity devices via libcryptsetup
The following new options are added: verity.hashdevice verity.roothash verity.hashoffset The source path will be used as a dm-verity object, and will be opened using libcryptsetup APIs. A new --with-cryptsetup build-time option is added, which adds a dependency on libcryptsetup. To ease bootstrapping, given libcryptsetup build-depends on util-linux for libuuid, if --with-cryptsetup=yes but libcryptsetup is not installed only a warning will be printed at configure time rather than an error. This way stage0/first stage/ring0 builds can use the same configure options but avoid installing cryptsetup to get a working base set, and then rebuild util-linux in the next step of the boostrapping process. If verity options are selected but cannot be fullfilled due to lack of dependencies, mounting a volume will fail even if using a loop device would work as a fallback, to avoid silently skipping integrity checks.
This commit is contained in:
Luca Boccassi
parent
21c97651f4
commit
e6a498877c
14 changed files with 380 additions and 3 deletions
|
|
@ -251,6 +251,9 @@ PyMODINIT_FUNC initpylibmount(void)
|
|||
PyModule_AddIntConstant(m, "MNT_MS_USER", MNT_MS_USER);
|
||||
PyModule_AddIntConstant(m, "MNT_MS_USERS", MNT_MS_USERS);
|
||||
PyModule_AddIntConstant(m, "MNT_MS_XCOMMENT", MNT_MS_XCOMMENT);
|
||||
PyModule_AddIntConstant(m, "MNT_MS_HASH_DEVICE", MNT_MS_HASH_DEVICE);
|
||||
PyModule_AddIntConstant(m, "MNT_MS_ROOT_HASH", MNT_MS_ROOT_HASH);
|
||||
PyModule_AddIntConstant(m, "MNT_MS_HASH_OFFSET", MNT_MS_HASH_OFFSET);
|
||||
|
||||
/*
|
||||
* mount(2) MS_* masks (MNT_MAP_LINUX map)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue