vcswatch reports that
this package seems to have a new changelog entry (version
1.4-1, distribution
UNRELEASED) and new commits
in its VCS. You should consider whether it's time to make
an upload.
Here are the relevant commit messages:
commit 1030404fdcb2a5ba027447fbc5536c202d90c3ab
Author: Romain Perier <romain.perier@gmail.com>
Date: Thu Jun 24 14:15:22 2021 +0200
Fix package revision
commit d877c82b302a87e8019c811b3702cccc46c9e9a1
Author: Romain Perier <romain.perier@gmail.com>
Date: Wed Jun 23 15:23:01 2021 +0200
New package version 1.4-1
This commit bumps package to new upstream version 1.4. A new man
page for the fsverity tool is now available via the fsverity package.
Also add pandoc as build dependency, as required for building the
manpage.
commit 2f415a6743b36f61dd5f8d138b0bbaaacb453a76
Merge: 1319a55 9e08289
Author: Romain Perier <romain.perier@gmail.com>
Date: Wed Jun 23 15:18:21 2021 +0200
Update upstream source from tag 'upstream/1.4'
Update to upstream version '1.4'
with Debian dir 3a0c0f8961d914490dbe6b72b7bff3599273f17a
commit 9e082897d61a2449657651aa5a0931aca31428fd
Author: Eric Biggers <ebiggers@google.com>
Date: Mon Jun 14 16:14:52 2021 -0700
v1.4
Signed-off-by: Eric Biggers <ebiggers@google.com>
commit a1243f21c7c268c32de326ab717a6648107f7112
Author: Eric Biggers <ebiggers@google.com>
Date: Thu Jun 10 00:20:56 2021 -0700
Add man page for fsverity
Add a manual page for the fsverity utility, documenting all subcommands
and options.
The page is written in Markdown and is translated to groff using pandoc.
It can be installed by 'make install-man'.
Link: https://lore.kernel.org/r/20210610072056.35190-1-ebiggers@kernel.org
Acked-by: Luca Boccassi <bluca@debian.org>
Reviewed-by: Victor Hsieh <victorhsieh@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
commit 811f6d328c23a8ba284abcb30e9e3aba50f124b2
Author: Eric Biggers <ebiggers@google.com>
Date: Thu Jun 10 00:09:19 2021 -0700
Add *.exe to gitignore
Ignore .exe files produced by the Windows build. The test programs were
already matched by another pattern, but fsverity.exe wasn't.
Signed-off-by: Eric Biggers <ebiggers@google.com>
commit 6f64dde651fbd91205b58e484518dcb3a0aa9e8f
Author: Eric Biggers <ebiggers@google.com>
Date: Thu Jun 3 12:58:12 2021 -0700
programs/fsverity: add --out-merkle-tree and --out-descriptor options
Make 'fsverity digest' and 'fsverity sign' support writing the Merkle
tree and fs-verity descriptor to files, using new options
'--out-merkle-tree=FILE' and '--out-descriptor=FILE'.
Normally these new options aren't useful, but they can be needed in
cases where the fs-verity metadata needs to be consumed by something
other than one of the native Linux kernel implementations of fs-verity.
This is different from 'fsverity dump_metadata' in that
'fsverity dump_metadata' only works on a file with fs-verity enabled,
whereas these new options are for the userspace file digest computation.
Link: https://lore.kernel.org/r/20210603195812.50838-5-ebiggers@kernel.org
Reviewed-by: Victor Hsieh <victorhsieh@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
commit 1690cc2c74e13031451b0aa617ed221477baba1b
Author: Eric Biggers <ebiggers@google.com>
Date: Thu Jun 3 12:58:11 2021 -0700
programs/utils: add full_pwrite() and preallocate_file()
These helper functions will be used by the implementation of the
--out-merkle-tree option for 'fsverity digest' and 'fsverity sign'.
Link: https://lore.kernel.org/r/20210603195812.50838-4-ebiggers@kernel.org
Reviewed-by: Victor Hsieh <victorhsieh@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
commit 3b7ac7d54a75cc17a4272cf3b3346561f00af68d
Author: Eric Biggers <ebiggers@google.com>
Date: Thu Jun 3 12:58:10 2021 -0700
programs/test_compute_digest: test the metadata callbacks
Test that the libfsverity_metadata_callbacks support seems to be working
correctly.
Link: https://lore.kernel.org/r/20210603195812.50838-3-ebiggers@kernel.org
Reviewed-by: Victor Hsieh <victorhsieh@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
commit cf9001d76141be5f8e216fc4b15224b4db535dff
Author: Eric Biggers <ebiggers@google.com>
Date: Thu Jun 3 12:58:09 2021 -0700
lib/compute_digest: add callbacks for getting the verity metadata
Allow callers of libfsverity_compute_digest() to provide callback
functions which get passed the Merkle tree and fs-verity descriptor
after they are calculated.
This will allow adding options to 'fsverity digest' and 'fsverity sign'
which cause this metadata to be dumped to files. Normally this isn't
useful, but this can be needed in cases where the fs-verity metadata
needs to be consumed by something other than one of the native Linux
kernel implementations of fs-verity.
Link: https://lore.kernel.org/r/20210603195812.50838-2-ebiggers@kernel.org
Reviewed-by: Victor Hsieh <victorhsieh@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
commit cf8fa5e5a7ac5b3b2dbfcc87e5dbd5f984c2d83a
Author: Eric Biggers <ebiggers@google.com>
Date: Fri Jan 15 10:24:02 2021 -0800
programs/fsverity: Add dump_metadata subcommand
Add a 'fsverity dump_metadata' subcommand which calls
FS_IOC_READ_VERITY_METADATA on a file and prints the returned metadata
to stdout. There are three subsubcommands, one for each type of
metadata that can be read using the ioctl:
fsverity dump_metadata merkle_tree FILE
fsverity dump_metadata descriptor FILE
fsverity dump_metadata signature FILE
By default the whole metadata item is dumped. --length and --offset can
be specified to dump only a particular range of the item.
This subcommand will be used by xfstests to test the
FS_IOC_READ_VERITY_METADATA ioctl.
Link: https://lore.kernel.org/r/20210115182402.35691-3-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
commit 1a7bc44a0b536de901f682337add379c1ebbf218
Author: Eric Biggers <ebiggers@google.com>
Date: Fri Jan 15 10:24:01 2021 -0800
Upgrade to latest fsverity_uapi.h
Add the FS_IOC_READ_VERITY_METADATA ioctl.
Link: https://lore.kernel.org/r/20210115182402.35691-2-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
![[bug history graph]](https://qa.debian.org/data/bts/graphs/f/fsverity-utils.png){kind=link}