ericonr
/
util-linux
mirror of https://github.com/ericonr/util-linux.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

mount: fix roothash signature extension in manpage 

The PKCS7 RFC recommends to use .p7s for detached signatures file extensions,
so use that in the example.

https://datatracker.ietf.org/doc/html/rfc5751#section-3.2.1
This commit is contained in:
Luca Boccassi 2021-07-03 12:15:53 +01:00 committed by Karel Zak
parent 71b98c36d4
commit 6a7194ea23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys-utils/mount.8.adoc
View File

@ -1414,9 +1414,9 @@ mksquashfs /etc /tmp/etc.squashfs
dd if=/dev/zero of=/tmp/etc.hash bs=1M count=10
veritysetup format /tmp/etc.squashfs /tmp/etc.hash
openssl smime -sign -in <hash> -nocerts -inkey private.key \
-signer private.crt -noattr -binary -outform der -out /tmp/etc.p7
-signer private.crt -noattr -binary -outform der -out /tmp/etc.roothash.p7s
mount -o verity.hashdevice=/tmp/etc.hash,verity.roothash=<hash>,\
verity.roothashsig=/tmp/etc.p7 /tmp/etc.squashfs /mnt
verity.roothashsig=/tmp/etc.roothash.p7s /tmp/etc.squashfs /mnt
....
create squashfs image from _/etc_ directory, verity hash device and mount verified filesystem image to _/mnt_. The kernel will verify that the root hash is signed by a key from the kernel keyring if roothashsig is used.