dbdf0d4035
added bless and install commands
2019-01-30 14:27:50 -05:00
e7151f8de2
Initial implementation of RealmFS
2019-01-30 14:26:46 -05:00
884d056420
refactor for realmfs implementation
2019-01-30 14:21:54 -05:00
e5d0b7f6f2
installer refactored to support RealmFS
2019-01-30 14:15:44 -05:00
a0d39431e8
bless method added to mark partition which has booted successfully
2019-01-30 14:13:24 -05:00
c00e11ee8f
rootfs symlink is created when realm is started so remove this check
2019-01-30 14:12:37 -05:00
55b08fb683
decompress images in parallel by spawning a thread for each one
2019-01-30 14:11:30 -05:00
0b2480f849
Refactor to chain realm specific config to global config
...
Now if a variable is not set in a realm config file (or the file does
not exist), the 'global' config file will also be searched in the
parent directory (ie: /storage/realms/config). If the variable is
still not found, the value from the default instance is returned.
2019-01-30 14:09:34 -05:00
6215b58167
realmfs-owner is name of realm that can write to unsealed realm
2019-01-30 14:06:18 -05:00
191b580440
refactor verity module to work on images without removing header first
2019-01-30 14:05:11 -05:00
e7e75061a1
Everything optional except 'image-type' now. Also removed a couple fields.
...
When a RealmFS image is not sealed it has a very simple header and
doesn't use most of the metainfo fields.
2019-01-29 13:53:22 -05:00
d23e488aaa
method to write header to a path
2019-01-29 13:42:17 -05:00
322fa97f6a
add 'realmfs-name' as a potential metainfo field
2019-01-29 13:41:50 -05:00
c13fb5fb61
method to clear signature field
2019-01-29 13:39:30 -05:00
0299d2814f
function added to also find mounts by target path
2019-01-29 11:56:56 -05:00
41708c870e
Added option to enable sealed realmfs images from kernel command line
2019-01-29 11:51:24 -05:00
3782668514
Refactor how images are built to support realmfs images
...
Main change in building images is that an empty 4096 byte block is
prepended to raw image before compression so that upon decompression
the header can be written without having to shuffle around decompressed
image.
2019-01-29 11:50:10 -05:00
e4665f3f5c
function to test for valid names of things
2019-01-29 11:42:27 -05:00
f5bf92f488
function for piping section of a file to a command
...
This makes it possible to calculate sha256sum in place on an image file
which has both a header and an appended dm-verity tree. Before this
required a message process of extracting the body into a temporary file.
2019-01-29 11:40:20 -05:00
ff115e6005
Put everything into a single workspace
2019-01-17 11:03:37 -05:00
c864e58f6d
external crate declarations no longer needed
2019-01-17 09:39:06 -05:00
b258604fd0
Updated everything for Rust 2018 with cargo fix --edition
2019-01-17 09:25:24 -05:00
928e8cc41c
pass arguments when installing rootfs to partitions
2019-01-17 09:11:50 -05:00
29f487a16e
set PREFER_BOOT flag by default when installing a rootfs partition
2019-01-17 09:11:18 -05:00
d244c07483
refactor boot selection algorithm
2019-01-17 09:10:28 -05:00
8f8cbab72f
refactor partition signature verification
2019-01-17 09:05:53 -05:00
72b7af4f2d
Separate errors for no public key and signature verify failure
2019-01-17 09:04:35 -05:00
ad29d58413
Split signature verification into two steps: get pubkey, verify
2019-01-17 09:02:57 -05:00
0f4b319ea1
added a couple of information messages
2019-01-15 16:59:12 -05:00
4f603cf4d4
add two flags to install-rootfs, --just-choose and --skip-sha
...
--just-choose will print information about which partition would be
chosen to install a rootfs image.
--skip-sha will avoid checking the sha256 sum of the image file. This
is mainly meant for use by the installer since the sum has already
been confirmed
2019-01-15 16:56:03 -05:00
851da8a98c
sort partitions by path
2019-01-15 16:53:39 -05:00
91530279cf
Rename target to image_data, make compression optional
2019-01-15 09:38:42 -05:00
41179a720d
Add an option to choose to build a compressed image or not
2019-01-15 09:37:40 -05:00
6e5ec2ec1b
Update ring dependency to latest 13.x version
2019-01-15 09:22:57 -05:00
26cdaed973
Don't use /etc/citadel-channel anymore
2019-01-15 09:22:22 -05:00
bda6410d7b
Use new timestamp metainfo field to compare images with same version.
2019-01-07 19:00:02 -05:00
da0922c29d
Add mandatory timestamp field to image metainfo
2019-01-07 18:59:21 -05:00
8e341d6005
Mount tmpfs overlay over rootfs if citadel.overlay is set
2019-01-06 18:15:44 -05:00
96429ed4c7
remove old comment information
2019-01-06 18:06:42 -05:00
db820aff68
Rename modules image to kernel image and add some extra metadata
2019-01-06 18:05:05 -05:00
c992b32946
Use $PATH lookup for xz and sha256sum when building image
2019-01-05 20:40:07 -05:00
c580d784ff
calculate image shasum
2019-01-05 20:39:17 -05:00
dc9a49fd8a
Clean up keys api
2019-01-05 20:38:57 -05:00
b59188311d
Don't pass config file around, it's a lazy_static now
2019-01-05 20:34:22 -05:00
434c19433e
enable signature verification by default
2019-01-05 20:25:28 -05:00
849c746415
config file refactored to parse /etc/os-release
...
No need for separate config file, just add a few variables to os-release
2019-01-05 20:24:52 -05:00
d1ca341f9a
parse citadel.channel command line option
...
Option takes a string argument which identifies the channel which should
be expected when mounting images. The channel name can optionally be
followed by a colon and a hex encoded public key for the channel.
2019-01-05 20:22:36 -05:00
2bab6a438f
When generating initial hashtree, use $PATH to find veritysetup
...
The initial hashtree is generated during the yocto build, so we
want to use veritysetup from the path (to use cryptsetup-native)
rather than try to find veritysetup on the build host.
2019-01-05 20:15:37 -05:00
b7b27b039c
If command not absolute path, confirm it exists by searching $PATH
2019-01-05 20:13:45 -05:00
9f6ba7e619
an exec_cmdline function which suppresses all output
2019-01-03 10:49:42 -05:00