| Age | Commit message (Collapse) | Author |
|---|
|
AES-128-CBC should only being used when 256-XTS is too slow
on low end hardware.
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
...if none is given. To be compatible with fscryptctl.
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
...and make valgrind memcheck happy
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
fscrypto is using the max key lenth (64), so we cannot use the
AES-128-ECB len.
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
since names are no longer strings, we need to know the length.
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
...and set UBIFS format version
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
...maybe we should add them to crypto.c?
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
most of them should be UAPI, therefore check using #ifndef
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
The nlink value of a xattr node must always be one, it has nothing to do
with the nlink value of the inode the attribute belongs to.
The bug can be observed when mounting a mkfs.ubifs generated image which
contains xattrs on directories or files with hardlinks to them. When
mounting such an image with chk_fs = 1 it fails with:
UBIFS error (ubi0:0 pid 1833): dbg_check_filesystem: inode 3308 nlink is 3, but calculated nlink is 1
Another bug that can be triggered is an assertion in
ubifs_xattr_remove() which assures that the xattr i_nlink count should
be one when the xattr is removed.
Fixes: 50044ef ("mkfs.ubifs: Add extended attribute support")
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Fix warnings abot PRIdoff_t in libmtd.c, in mtd_read (and mtd_write):
In file included from ../git/lib/libmtd.c:40:0:
../git/lib/libmtd.c: In function 'mtd_read':
../git/include/common.h:110:18: warning: format '%ld' expects argument of
type 'long int', but argument 5 has type 'off_t {aka long long int}'
[-Wformat=]
../git/include/common.h:120:2: note: in expansion of macro 'errmsg'
errmsg(fmt, ##__VA_ARGS__); \
^~~~~~
../git/lib/libmtd.c:1082:10: note: in expansion of macro 'sys_errmsg'
return sys_errmsg("cannot seek mtd%d to offset %"PRIdoff_t,
^~~~~~~~~~
/usr/lib/klibc/include/inttypes.h:28:17: note: format string is defined here
#define PRId32 "d"
Signed-off-by: Thorsten Glaser <tg@mirbsd.org>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
This implements/adds selinux labelling support to mkfs.ubifs
utility. It adds an extra option in configure to enable
selinux labelling support and then finally in mkfs.ubifs adds
an extra option to pass the file_contexts which is looked up
for filesystem file labels.
- Default behavior is kept without selinux so as to not break existing
support where selinux library/headers may not be present.
- If this is configured with --with-selinux then XATTR from the
file_contexts(passed with --selinux option while mkfs.ubifs)
will be taken and not from the host file's xattr.
This is done to avoid the problem where the host OS may have
selinux enabled and hence same xattr names will be present in both
host filesystem files and from the --selinux=file passed.
So the existing behavior is kept mutually exclusive and preference
is given to selinux xattrs (if configured with --with-selinux).
Signed-off-by: Ritesh Harjani <riteshh@codeaurora.org>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
add_xattr adds the xattr to the ubifs image and has nothing
to do with host XATTR support.
Now that we are adding support where selinux interfaces
may use this API even when host OS(where ubi/ubifs image
is being created) does not support XATTR -so remove it
from WITHOUT_XATTR #ifdef.
Signed-off-by: Ritesh Harjani <riteshh@codeaurora.org>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Fixes: 1d04b4d5361a ("fix build when WITHOUT_LZO is set")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
When using a local root folder the permissions, user and group settings
are taken from the local folder. These permissions might be incorrect if
the folder has been created for the local user. Creating an UBIFS image
on my local system resulted in the following output on the target:
drwx------ 17 1000 1000 1264 Jan 1 00:00 .
drwx------ 17 1000 1000 1264 Jan 1 00:00 ..
drwxr-xr-x 2 root root 9104 May 30 2017 bin
drwxr-xr-x 7 root root 2760 Jan 1 00:00 dev
...
mkfs.ubifs aborts with an error message when the device table contains
a root entry. This patch allows setting the root folder permissions,
user and group to overwrite local configurations.
Signed-off-by: David Engraf <david.engraf@sysgo.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Systems that don't support extended attributes should still be able to
create ubifs images.
Signed-off-by: Pavel Roskin <plroskin@gmail.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The root node of the file system needs to be handled as a special case
when removing the owner information from the input.
Signed-off-by: Romain Izard <romain.izard.pro@gmail.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The tools in question will quit with an exit code 0 if the command
line option was not recognized. By returning an error code a calling
script has the possibility to distinguish between a real success and
an invalid invocation.
We need to return -1 instead of EXIT_FAILURE to be consistent with the
other exit code places.
Signed-off-by: Daniel Wagner <daniel.wagner@siemens.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
To be consistent with mkfs.jffs2, and to get this to build on my
machine, it looks like we should use <sys/xattr.h>, not <attr/xattr.h>.
Fixes this error, seen on an Ubuntu 14.04 build system:
ubifs-utils/mkfs.ubifs/mkfs.ubifs.c:30:24: fatal error: attr/xattr.h: No such file or directory
#include <attr/xattr.h>
^
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Cc: Sascha Hauer <s.hauer@pengutronix.de>
Cc: Marc Kleine-Budde <mkl@pengutronix.de>
Reviewed-by: Richard Weinberger <richard@nod.at>
|
|
If the devtable is used then the tool uses uid twice and doesn't
consider gid at all. This changes it to use gid & uid.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
|
|
Make mkfs.ubifs honor the WITHOUT_LZO flag, too.
Fixes this build error:
mkfs.ubifs/compr.c:27:23: lzo/lzo1x.h: No such file or directory
mkfs.ubifs/compr.c: In function `lzo_compress':
mkfs.ubifs/compr.c:92: error: `lzo_uint' undeclared (first use in this function)
mkfs.ubifs/compr.c:92: error: (Each undeclared identifier is reported only once
mkfs.ubifs/compr.c:92: error: for each function it appears in.)
mkfs.ubifs/compr.c:92: error: syntax error before "len"
mkfs.ubifs/compr.c:95: error: `len' undeclared (first use in this function)
mkfs.ubifs/compr.c:96: warning: implicit declaration of function `lzo1x_999_compress'
mkfs.ubifs/compr.c:99: error: `LZO_E_OK' undeclared (first use in this function)
mkfs.ubifs/compr.c: In function `init_compression':
mkfs.ubifs/compr.c:201: error: `LZO1X_999_MEM_COMPRESS' undeclared (first use in this function)
Signed-off-by: Rolf Eike Beer <eb@emlix.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
This is done to allow creating images suitable for IMA directory
appraisal. IMA creates a hash for directories and attaches this
hash to the directory itself as an extended attribute. Among other
things the inode numbers of the files are hashed. So, to create
a valid hash in the UBIFS image the evmctl tool needs to know
the inode numbers which the files in the UBIFS image will have.
evmctl will read the inode numbers from the user.image-inode-number
extended attribute. Since extended attributes are inodes themselves
the inode numbers for the generated image will change when the
extended attributes change, so to generate a correctly hashed
UBIFS image, both evmctl and mkfs.ubifs must be run twice:
1) execute evmctl to iterate over the directory tree. This will
create the security.ima and security.evm extended attributes.
The existence of the attributes makes sure that subsequent
calls to mkfs.ubifs will use the same inode numbers. evmctl
will use the inode numbers from the host filesystem in this
step which makes the resulting image unusable
2) execute mkfs.ubifs -a. This will create the user.image-inode-number
extended attributes on files/directories added to the image.
3) execture evmctl again. This time evmctl will pick the inode
numbers from the user.image-inode-number extended attribute
instead of the ones from the host filesystem
4) execute mkfs.ubifs again. This will create the correct image.
The now existing user.image-inode-number extended attributes
are ignored and not added to the image.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
This adds extended attribute support to mkfs.ubifs. When creating
an image from a directory tree the existing extended attributes are
added to the UBIFS image.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Reviewed-by: Daniel Walter <dwalter@sigma-star.at>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Reviewed-by: Daniel Walter <dwalter@sigma-star.at>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
A 'non_existing' argument which is only used with !non_existing
is just too confusing. Change this to positive logic.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Reviewed-by: Daniel Walter <dwalter@sigma-star.at>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
* There is no code modification in this commit, only moving
* the files to proper place.
The user tools looks a little messy as we place almost
the all tools in the root directory of mtd-utils. To make
it more clear, I propose to introduce the following structure
for our source code.
mtd-utils/
|-- lib
|-- include
|-- misc-utils
|-- jffsX-utils
|-- nand-utils
|-- nor-utils
|-- ubi-utils
|-- ubifs-utils
`-- tests
Signed-off-by: Dongsheng Yang <yangds.fnst@cn.fujitsu.com>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
|
