Authenticate file w/ fs-verity digest in hex An input directory is configured by a build manifest file. With this change, authfs starts to use the fs-verity digest in the manifest to authenticate the corresponding file. Although we're not using it, this change also makes it possible to specify a known fs-verity digest to a remote file from the command line (and deprecate the fake support of signature verification by the given certificate). Since we no longer derive fs-verity digest from the first chunk of a Merkle tree, some relevant functions are deleted. Bug: 206869687 Test: atest AuthFsHostTest ComposHostTestCases Test: atest authfs_device_test_src_lib Change-Id: Ibb5c246fb0d29aeafde187555f8d72c0282a65c7

commit: 5deba526ba97083d9ce78317dfce0e8d67ee7579 [log] [tgz]
author: Victor Hsieh <victorhsieh@google.com> Mon Jan 10 17:18:40 2022 -0800
committer: Victor Hsieh <victorhsieh@google.com> Fri Jan 14 08:36:24 2022 -0800
tree: 6edd1b00918c6f40c1d7c5a9a3f826d5c1516571
parent: 35dfa1eb1b94ae61da2d3a185abe1fa3718fa515 [diff] [blame]
diff --git a/authfs/src/fsverity/common.rs b/authfs/src/fsverity/common.rs
index 83e8ae4..eba379d 100644
--- a/authfs/src/fsverity/common.rs
+++ b/authfs/src/fsverity/common.rs

@@ -24,8 +24,8 @@
 
 #[derive(Error, Debug)]
 pub enum FsverityError {
-    #[error("Cannot verify a signature")]
-    BadSignature,
+    #[error("Invalid digest")]
+    InvalidDigest,
     #[error("Insufficient data, only got {0}")]
     InsufficientData(usize),
     #[error("Cannot verify a block")]
commit	5deba526ba97083d9ce78317dfce0e8d67ee7579	[log] [tgz]
author	Victor Hsieh <victorhsieh@google.com>	Mon Jan 10 17:18:40 2022 -0800
committer	Victor Hsieh <victorhsieh@google.com>	Fri Jan 14 08:36:24 2022 -0800
tree	6edd1b00918c6f40c1d7c5a9a3f826d5c1516571
parent	35dfa1eb1b94ae61da2d3a185abe1fa3718fa515 [diff] [blame]