6215b58167
realmfs-owner is name of realm that can write to unsealed realm
2019-01-30 14:06:18 -05:00
191b580440
refactor verity module to work on images without removing header first
2019-01-30 14:05:11 -05:00
e7e75061a1
Everything optional except 'image-type' now. Also removed a couple fields.
...
When a RealmFS image is not sealed it has a very simple header and
doesn't use most of the metainfo fields.
2019-01-29 13:53:22 -05:00
d23e488aaa
method to write header to a path
2019-01-29 13:42:17 -05:00
322fa97f6a
add 'realmfs-name' as a potential metainfo field
2019-01-29 13:41:50 -05:00
c13fb5fb61
method to clear signature field
2019-01-29 13:39:30 -05:00
0299d2814f
function added to also find mounts by target path
2019-01-29 11:56:56 -05:00
41708c870e
Added option to enable sealed realmfs images from kernel command line
2019-01-29 11:51:24 -05:00
e4665f3f5c
function to test for valid names of things
2019-01-29 11:42:27 -05:00
f5bf92f488
function for piping section of a file to a command
...
This makes it possible to calculate sha256sum in place on an image file
which has both a header and an appended dm-verity tree. Before this
required a message process of extracting the body into a temporary file.
2019-01-29 11:40:20 -05:00
c864e58f6d
external crate declarations no longer needed
2019-01-17 09:39:06 -05:00
b258604fd0
Updated everything for Rust 2018 with cargo fix --edition
2019-01-17 09:25:24 -05:00
8f8cbab72f
refactor partition signature verification
2019-01-17 09:05:53 -05:00
72b7af4f2d
Separate errors for no public key and signature verify failure
2019-01-17 09:04:35 -05:00
ad29d58413
Split signature verification into two steps: get pubkey, verify
2019-01-17 09:02:57 -05:00
851da8a98c
sort partitions by path
2019-01-15 16:53:39 -05:00
26cdaed973
Don't use /etc/citadel-channel anymore
2019-01-15 09:22:22 -05:00
bda6410d7b
Use new timestamp metainfo field to compare images with same version.
2019-01-07 19:00:02 -05:00
da0922c29d
Add mandatory timestamp field to image metainfo
2019-01-07 18:59:21 -05:00
8e341d6005
Mount tmpfs overlay over rootfs if citadel.overlay is set
2019-01-06 18:15:44 -05:00
db820aff68
Rename modules image to kernel image and add some extra metadata
2019-01-06 18:05:05 -05:00
c580d784ff
calculate image shasum
2019-01-05 20:39:17 -05:00
dc9a49fd8a
Clean up keys api
2019-01-05 20:38:57 -05:00
b59188311d
Don't pass config file around, it's a lazy_static now
2019-01-05 20:34:22 -05:00
849c746415
config file refactored to parse /etc/os-release
...
No need for separate config file, just add a few variables to os-release
2019-01-05 20:24:52 -05:00
d1ca341f9a
parse citadel.channel command line option
...
Option takes a string argument which identifies the channel which should
be expected when mounting images. The channel name can optionally be
followed by a colon and a hex encoded public key for the channel.
2019-01-05 20:22:36 -05:00
2bab6a438f
When generating initial hashtree, use $PATH to find veritysetup
...
The initial hashtree is generated during the yocto build, so we
want to use veritysetup from the path (to use cryptsetup-native)
rather than try to find veritysetup on the build host.
2019-01-05 20:15:37 -05:00
b7b27b039c
If command not absolute path, confirm it exists by searching $PATH
2019-01-05 20:13:45 -05:00
9f6ba7e619
an exec_cmdline function which suppresses all output
2019-01-03 10:49:42 -05:00
140257208a
No need to use a loop device here
2019-01-03 10:49:09 -05:00
58a58e234f
Search for images in a directory by metainfo rather than filename.
2019-01-02 13:30:27 -05:00
011a4b80ea
add kernel-version field to metainfo
2019-01-02 13:30:27 -05:00
27758b9a1a
Add missing argument to error message
2019-01-02 13:30:27 -05:00
4099f19f4b
Big refactor for citadel installer
2018-12-31 18:27:17 -05:00
109f007e33
migrate other citadel-tools to external repository
2018-12-14 10:10:15 -05:00