verity: add new verity.roothashfile option

Allow users to point mount to a file to read the roothash, in addition
to passing it inline.
Allows a volume managed by a systemd mount unit to be updated without
changing the mount unit content itself, for easier and more user friendly
servicing.

diff --git a/libmount/docs/libmount-sections.txt b/libmount/docs/libmount-sections.txt
index 27b474fd9d96aba7d7b9f08686132a6e9bb16a72..82cbedd88691624c9348330767930de993d266dd 100644 (file)
--- a/libmount/docs/libmount-sections.txt
+++ b/libmount/docs/libmount-sections.txt
@@ -160,6 +160,7 @@ MNT_MS_XFSTABCOMM
 MNT_MS_HASH_DEVICE
 MNT_MS_ROOT_HASH
 MNT_MS_HASH_OFFSET
+MNT_MS_ROOT_HASH_FILE
 <SUBSECTION>
 MS_BIND
 MS_DIRSYNC

diff --git a/libmount/python/pylibmount.c b/libmount/python/pylibmount.c
index e724edd14993d9c95fa2f61f40d8b0d59886b478..a572c68e4bcb1838646e27016c167596e72d85cd 100644 (file)
--- a/libmount/python/pylibmount.c
+++ b/libmount/python/pylibmount.c
@@ -254,6 +254,7 @@ PyMODINIT_FUNC initpylibmount(void)
        PyModule_AddIntConstant(m, "MNT_MS_HASH_DEVICE", MNT_MS_HASH_DEVICE);
        PyModule_AddIntConstant(m, "MNT_MS_ROOT_HASH", MNT_MS_ROOT_HASH);
        PyModule_AddIntConstant(m, "MNT_MS_HASH_OFFSET", MNT_MS_HASH_OFFSET);
+       PyModule_AddIntConstant(m, "MNT_MS_ROOT_HASH_FILE", MNT_MS_ROOT_HASH_FILE);
 
        /*
         * mount(2) MS_* masks (MNT_MAP_LINUX map)

diff --git a/libmount/src/context_veritydev.c b/libmount/src/context_veritydev.c
index fb5adde211bff375610d2f8838c87131c4b49401..42745068f622846e90241128084c67e8492d6552 100644 (file)
--- a/libmount/src/context_veritydev.c
+++ b/libmount/src/context_veritydev.c
@@ -15,6 +15,7 @@
 #if defined(HAVE_CRYPTSETUP)
 
 #include <libcryptsetup.h>
+#include "path.h"
 
 /* Taken from https://gitlab.com/cryptsetup/cryptsetup/blob/master/lib/utils_crypt.c#L225 */
 static size_t crypt_hex_to_bytes(const char *hex, char **result)
@@ -49,7 +50,7 @@ int mnt_context_setup_veritydev(struct libmnt_context *cxt)
        const char *backing_file, *optstr;
        char *val = NULL, *key = NULL, *root_hash_binary = NULL, *mapper_device = NULL,
                *mapper_device_full = NULL, *backing_file_basename = NULL, *root_hash = NULL,
-               *hash_device = NULL;
+               *hash_device = NULL, *root_hash_file = NULL;
        size_t len, hash_size, keysize = 0;
        struct crypt_params_verity crypt_params = {};
        struct crypt_device *crypt_dev = NULL;
@@ -109,6 +110,23 @@ int mnt_context_setup_veritydev(struct libmnt_context *cxt)
                }
        }
 
+       /*
+        * verity.roothashfile=
+        */
+       if (rc == 0 && (cxt->user_mountflags & MNT_MS_ROOT_HASH_FILE) &&
+           mnt_optstr_get_option(optstr, "verity.roothashfile", &val, &len) == 0 && val) {
+               root_hash_file = strndup(val, len);
+               rc = root_hash_file ? 0 : -ENOMEM;
+       }
+
+       if (root_hash && root_hash_file) {
+               DBG(VERITY, ul_debugobj(cxt, "verity.roothash and verity.roothashfile are mutually exclusive"));
+               rc = -EINVAL;
+       } else if (root_hash_file) {
+               rc = ul_path_read_string(NULL, &root_hash, root_hash_file);
+               rc = rc < 1 ? rc : 0;
+       }
+
        if (rc)
                goto done;
 
@@ -198,6 +216,7 @@ done:
        free(mapper_device);
        free(hash_device);
        free(root_hash);
+       free(root_hash_file);
        free(key);
        return rc;
 }

diff --git a/libmount/src/libmount.h.in b/libmount/src/libmount.h.in
index 2c210b8119e1faa402f2006eff7dc142f344f70c..704da082696aaa93c3963a07b1b6774829de2d1e 100644 (file)
--- a/libmount/src/libmount.h.in
+++ b/libmount/src/libmount.h.in
@@ -908,6 +908,7 @@ extern int mnt_context_set_syscall_status(struct libmnt_context *cxt, int status
 #define MNT_MS_HASH_DEVICE (1 << 18)
 #define MNT_MS_ROOT_HASH (1 << 19)
 #define MNT_MS_HASH_OFFSET (1 << 20)
+#define MNT_MS_ROOT_HASH_FILE (1 << 21)
 
 /*
  * mount(2) MS_* masks (MNT_MAP_LINUX map)

diff --git a/libmount/src/optmap.c b/libmount/src/optmap.c
index a8a6d7793d431fbb211176cb59acb694b99dee8b..4d4e77707229dec87cc2396c7ea6253c8cfdc0a8 100644 (file)
--- a/libmount/src/optmap.c
+++ b/libmount/src/optmap.c
@@ -182,6 +182,7 @@ static const struct libmnt_optmap userspace_opts_map[] =
    { "verity.hashdevice=", MNT_MS_HASH_DEVICE, MNT_NOHLPS | MNT_NOMTAB },     /* mount a verity device */
    { "verity.roothash=",   MNT_MS_ROOT_HASH, MNT_NOHLPS | MNT_NOMTAB },                   /* verity device root hash */
    { "verity.hashoffset=", MNT_MS_HASH_OFFSET, MNT_NOHLPS | MNT_NOMTAB },         /* verity device hash offset */
+   { "verity.roothashfile=", MNT_MS_ROOT_HASH_FILE, MNT_NOHLPS | MNT_NOMTAB },/* verity device root hash (read from file) */
 
    { NULL, 0, 0 }
 };

diff --git a/sys-utils/mount.8 b/sys-utils/mount.8
index 5965eaac0be4a5417d3279e105d24d2a2136bffa..2969570011a855c65b1ff876e95fc59f45e55010 100644 (file)
--- a/sys-utils/mount.8
+++ b/sys-utils/mount.8
@@ -2388,6 +2388,14 @@ Path to the hash tree device associated with the source volume to pass to dm-ver
 \fBverity.roothash=\fP\,\fIhex\fP
 Hex-encoded hash of the root of
 .I verity.hashdevice
+Mutually exclusive with
+.I verity.roothashfile.
+.TP
+\fBverity.roothashfile=\fP\,\fIpath\fP
+Path to file containing the hex-encoded hash of the root of
+.I verity.hashdevice.
+Mutually exclusive with
+.I verity.roothash.
 .TP
 \fBverity.hashoffset=\fP\,\fIoffset\fP
 If the hash tree device is embedded in the source volume,