authfs: FUSE to serve file with fs-verity verification
The filesystem can currently serve local files specified via command
line flags, with verification using manually specified Merkle tree dump.
It also allows regular read without verification.
The change currently only supports local files for debug only. We will
need to add new configuration for remote file access with our own server
and protocol.
See tools/test.sh for the example setup.
BYPASS_INCLUSIVE_LANGUAGE_REASON=man page
Bug: 173507504
Test: atest --host authfs_host_test_src_lib
Test: tools/test.sh (on workstation)
Change-Id: I0ec14559fe8b4df2bd6fe5888018c12963958dc2
diff --git a/authfs/Android.bp b/authfs/Android.bp
index 3c5849b..fe85cff 100644
--- a/authfs/Android.bp
+++ b/authfs/Android.bp
@@ -2,18 +2,25 @@
name: "authfs_defaults",
crate_name: "authfs",
srcs: [
- "src/lib.rs",
+ "src/main.rs",
],
edition: "2018",
rustlibs: [
"libanyhow",
"libauthfs_crypto_bindgen",
+ "libcfg_if",
+ "libfuse_rust",
"liblibc",
+ "libstructopt",
"libthiserror",
],
host_supported: true,
shared_libs: ["libcrypto"],
clippy_lints: "android",
+
+ // libfuse_rust currently has only the 64-bit variant (or more broadly speaking, the whole
+ // crosvm projects). Limit the build to 64 bits since we won't need 32 bits anyway.
+ compile_multilib: "64",
}
// TODO(b/172687320): remove once there is a canonical bindgen.
@@ -30,8 +37,8 @@
host_supported: true,
}
-rust_library {
- name: "libauthfs",
+rust_binary {
+ name: "authfs",
defaults: ["authfs_defaults"],
}