aboutsummaryrefslogtreecommitdiff
path: root/ubifs-utils
AgeCommit message (Collapse)Author
2015-11-12mkfs.ubifs: Optionally create extended attribute with inode numberSascha Hauer
This is done to allow creating images suitable for IMA directory appraisal. IMA creates a hash for directories and attaches this hash to the directory itself as an extended attribute. Among other things the inode numbers of the files are hashed. So, to create a valid hash in the UBIFS image the evmctl tool needs to know the inode numbers which the files in the UBIFS image will have. evmctl will read the inode numbers from the user.image-inode-number extended attribute. Since extended attributes are inodes themselves the inode numbers for the generated image will change when the extended attributes change, so to generate a correctly hashed UBIFS image, both evmctl and mkfs.ubifs must be run twice: 1) execute evmctl to iterate over the directory tree. This will create the security.ima and security.evm extended attributes. The existence of the attributes makes sure that subsequent calls to mkfs.ubifs will use the same inode numbers. evmctl will use the inode numbers from the host filesystem in this step which makes the resulting image unusable 2) execute mkfs.ubifs -a. This will create the user.image-inode-number extended attributes on files/directories added to the image. 3) execture evmctl again. This time evmctl will pick the inode numbers from the user.image-inode-number extended attribute instead of the ones from the host filesystem 4) execute mkfs.ubifs again. This will create the correct image. The now existing user.image-inode-number extended attributes are ignored and not added to the image. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
2015-11-12mkfs.ubifs: Add extended attribute supportSascha Hauer
This adds extended attribute support to mkfs.ubifs. When creating an image from a directory tree the existing extended attributes are added to the UBIFS image. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
2015-11-12mkfs.ubifs: simplify make_path with xasprintfSascha Hauer
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Reviewed-by: Daniel Walter <dwalter@sigma-star.at> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
2015-11-12mkfs.ubifs: use xmalloc/xzalloc for allocating memorySascha Hauer
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Reviewed-by: Daniel Walter <dwalter@sigma-star.at> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
2015-11-12mkfs.ubifs: change add_directory argument to 'existing'Sascha Hauer
A 'non_existing' argument which is only used with !non_existing is just too confusing. Change this to positive logic. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Reviewed-by: Daniel Walter <dwalter@sigma-star.at> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
2015-11-11mtd-utils: Restructure the mtd-utils source.Dongsheng Yang
* There is no code modification in this commit, only moving * the files to proper place. The user tools looks a little messy as we place almost the all tools in the root directory of mtd-utils. To make it more clear, I propose to introduce the following structure for our source code. mtd-utils/ |-- lib |-- include |-- misc-utils |-- jffsX-utils |-- nand-utils |-- nor-utils |-- ubi-utils |-- ubifs-utils `-- tests Signed-off-by: Dongsheng Yang <yangds.fnst@cn.fujitsu.com> Signed-off-by: Brian Norris <computersforpeace@gmail.com>