IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Avoid having two copies of a regular expression for parsing
the `ostree=` kernel argument. Because the `ostree-system-generator`
binary already has access to the internals because it's implemented
in the shared library, expose the sysroot version internally
and use that.
Motivated by an attempt to change one of these copies but not
the other.
The semantics of this function now keep the key assigned
even if we fail to validate it, which is ugly. Only assign
the key after verifying its length.
Add a helper to compare lengths which includes the found
and expected values. Use it consistently.
The error message "Incorrect" is misleading; one might think
one had the *wrong* key. "Ill-formed" makes it clearer that
we're not parsing it at all.
Given the kernel argument androidboot.slot_suffix= is required in
Android AB updates [1] there is no need to check for ostree= or ostree=aboot
at all in the aboot case. This also ensures if the dependancy on ostree=
is removed, the android-boot technique will work regardless.
[1]: https://source.android.com/docs/core/ota/ab/ab_implement
Passing the private key via a direct command line argument
is just a bad idea because it's highly likely to get logged
or appear in `ps`.
Spotted in review of work for composefs signatures.
- Convert the current enum into a struct, using `OtTristate` and
two member variables (expected signature and digest)
- Factor out a helper function to parse this config
- Clean up the logging by consistently using `composefs:` as a prefix
- Add more assertions to more strictly verify our runtime state
since this is security relevant
There's no additional dependencies, and it's a small amount
of new code.
The riskiest thing is the changes to ostree-prepare-root, but
I believe that things are in a good state now there.
Again, this just enables it at *build time* - it's still
off at runtime by default.
I think this was only ever used in the "static pid1" path which
is now split out into a separate file.
We always expect that e.g. systemd does the switchroot in
the initramfs, so drop this dead code.
Since we now have a generalized more structured way of serializing
state in the initramfs instead of "stamp files", use it for
passing the composefs state.
Particularly for the signature case, having this metadata
acts as a reliable "proof of execution" of the signature verification
code (as opposed to parsing a log file or so).
Besides that, this is also just a stronger check for "we're using
composefs" instead of checking for "overlayfs on /".
Now that we link to libotutil (and glib) we don't need separate
handling for conditionalizing on the presence of systemd.
Further, there's no value in `sd_journal_send(MESSAGE=)` over
just printing to stdout.
As of lately it emits a ton of errors from `grep` about having `*`
at the start of a line, but more generally it's only generally
found papercut-style issues that aren't worth carrying a distinct
checking system for.
If requested, by specifying ot-composefs=signed=/path/to/pub.key then
the commit object is validated against the specified ed25519 public
key, and if valid, the composefs digest from the commit object is used
to ensure we boot the right digest.
This will contain logic shared between ostree-prepare-root
and libostree-1.so. It will just link to libgio.so, so as
to avoid pulling in e.g. libcurl and other things.
In other words, `ostree-prepare-root` will not link to `libostree-1.so`,
but will pull in just what it needs from this library.
There's no reason to have these distinct really. If we're using
libsodium, we want it in the same places we're using openssl.
Prep for further refactoring.
The checksum utils uses the crypto lib, but we're not explicitly linking
to it. I think this is why the CI got this error when using openssl
on debian, during ostree binary linking:
/usr/bin/ld: ./.libs/libotutil.a(libotutil_la-ot-checksum-utils.o): undefined reference to symbol 'EVP_DigestInit_ex@@OPENSSL_3.0.0'
/usr/bin/ld: /lib/x86_64-linux-gnu/libcrypto.so.3: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
This adds some defines for ed25519 key sizes and drops uses
of the libsodium defines for these, as well as replacing sodium_bin2hex
use with ot_bin2hex. Some code that wes optionally built before are now
always built.
The goal for this is to support both libsodium and openssl.
Also fixes return value of _load_pk_from_stream(). It used
to always return FALSE.
- Was using the wrong metadata key
- We were missing setting the canonical commit args which assigns
e.g. owner uid 0, which is important for reproducibility
- Use the new --print-hex to make things easier to read
