Keyring is an encrypted file to store secrets. The encryption key is
derived from the disk decryption passphrase so that the file can be
automatically decrypted and processed during boot.
The keys contained in the keyring file are loaded into the kernel key
store so that they can later be retrieved by other components.
Currenly during installation a signing key is generated and stored in
the keyring so that the system can transparently sign RealmFS images
when the user modifies or updates them.
citadel-tool now installed with a hardlink for each binary tool and
dispatches on the exe path to the tool implementation. This makes
the build faster, uses less disk space, and makes it easier to
create new small tools.
Now if a variable is not set in a realm config file (or the file does
not exist), the 'global' config file will also be searched in the
parent directory (ie: /storage/realms/config). If the variable is
still not found, the value from the default instance is returned.
Main change in building images is that an empty 4096 byte block is
prepended to raw image before compression so that upon decompression
the header can be written without having to shuffle around decompressed
image.
This makes it possible to calculate sha256sum in place on an image file
which has both a header and an appended dm-verity tree. Before this
required a message process of extracting the body into a temporary file.