36 Commits

Author SHA1 Message Date
191b580440 refactor verity module to work on images without removing header first 2019-01-30 14:05:11 -05:00
e7e75061a1 Everything optional except 'image-type' now. Also removed a couple fields.
When a RealmFS image is not sealed it has a very simple header and
doesn't use most of the metainfo fields.
2019-01-29 13:53:22 -05:00
d23e488aaa method to write header to a path 2019-01-29 13:42:17 -05:00
322fa97f6a add 'realmfs-name' as a potential metainfo field 2019-01-29 13:41:50 -05:00
c13fb5fb61 method to clear signature field 2019-01-29 13:39:30 -05:00
0299d2814f function added to also find mounts by target path 2019-01-29 11:56:56 -05:00
41708c870e Added option to enable sealed realmfs images from kernel command line 2019-01-29 11:51:24 -05:00
e4665f3f5c function to test for valid names of things 2019-01-29 11:42:27 -05:00
f5bf92f488 function for piping section of a file to a command
This makes it possible to calculate sha256sum in place on an image file
which has both a header and an appended dm-verity tree. Before this
required a message process of extracting the body into a temporary file.
2019-01-29 11:40:20 -05:00
ff115e6005 Put everything into a single workspace 2019-01-17 11:03:37 -05:00
c864e58f6d external crate declarations no longer needed 2019-01-17 09:39:06 -05:00
b258604fd0 Updated everything for Rust 2018 with cargo fix --edition 2019-01-17 09:25:24 -05:00
8f8cbab72f refactor partition signature verification 2019-01-17 09:05:53 -05:00
72b7af4f2d Separate errors for no public key and signature verify failure 2019-01-17 09:04:35 -05:00
ad29d58413 Split signature verification into two steps: get pubkey, verify 2019-01-17 09:02:57 -05:00
851da8a98c sort partitions by path 2019-01-15 16:53:39 -05:00
6e5ec2ec1b Update ring dependency to latest 13.x version 2019-01-15 09:22:57 -05:00
26cdaed973 Don't use /etc/citadel-channel anymore 2019-01-15 09:22:22 -05:00
bda6410d7b Use new timestamp metainfo field to compare images with same version. 2019-01-07 19:00:02 -05:00
da0922c29d Add mandatory timestamp field to image metainfo 2019-01-07 18:59:21 -05:00
8e341d6005 Mount tmpfs overlay over rootfs if citadel.overlay is set 2019-01-06 18:15:44 -05:00
db820aff68 Rename modules image to kernel image and add some extra metadata 2019-01-06 18:05:05 -05:00
c580d784ff calculate image shasum 2019-01-05 20:39:17 -05:00
dc9a49fd8a Clean up keys api 2019-01-05 20:38:57 -05:00
b59188311d Don't pass config file around, it's a lazy_static now 2019-01-05 20:34:22 -05:00
849c746415 config file refactored to parse /etc/os-release
No need for separate config file, just add a few variables to os-release
2019-01-05 20:24:52 -05:00
d1ca341f9a parse citadel.channel command line option
Option takes a string argument which identifies the channel which should
be expected when mounting images. The channel name can optionally be
followed by a colon and a hex encoded public key for the channel.
2019-01-05 20:22:36 -05:00
2bab6a438f When generating initial hashtree, use $PATH to find veritysetup
The initial hashtree is generated during the yocto build, so we
want to use veritysetup from the path (to use cryptsetup-native)
rather than try to find veritysetup on the build host.
2019-01-05 20:15:37 -05:00
b7b27b039c If command not absolute path, confirm it exists by searching $PATH 2019-01-05 20:13:45 -05:00
9f6ba7e619 an exec_cmdline function which suppresses all output 2019-01-03 10:49:42 -05:00
140257208a No need to use a loop device here 2019-01-03 10:49:09 -05:00
58a58e234f Search for images in a directory by metainfo rather than filename. 2019-01-02 13:30:27 -05:00
011a4b80ea add kernel-version field to metainfo 2019-01-02 13:30:27 -05:00
27758b9a1a Add missing argument to error message 2019-01-02 13:30:27 -05:00
4099f19f4b Big refactor for citadel installer 2018-12-31 18:27:17 -05:00
109f007e33 migrate other citadel-tools to external repository 2018-12-14 10:10:15 -05:00