MCPcopy
hub / github.com/containerd/containerd / Open

Function Open

internal/dmverity/dmverity_linux.go:126–188  ·  view source on GitHub ↗

Open creates a read-only device-mapper target for transparent integrity verification. It supports both superblock and no-superblock modes: - Superblock mode (opts == nil or opts.NoSuperblock == false): Reads dm-verity parameters from the superblock at the specified hashOffset. Only rootHash needs t

(dataDevice string, name string, hashDevice string, rootHash string, hashOffset uint64, opts *DmverityOptions)

Source from the content-addressed store, hash-verified

124// Uses explicitly provided parameters from opts. All dm-verity parameters must be
125// supplied programmatically since there's no superblock to read from.
126func Open(dataDevice string, name string, hashDevice string, rootHash string, hashOffset uint64, opts *DmverityOptions) (string, error) {
127 if rootHash == "" {
128 return "", fmt.Errorf("rootHash cannot be empty")
129 }
130
131 rootDigest, err := utils.ParseRootHash(rootHash)
132 if err != nil {
133 return "", fmt.Errorf("invalid root hash: %w", err)
134 }
135
136 var params verity.Params
137
138 if opts != nil && opts.NoSuperblock {
139 params, err = convertToVerityParams(opts)
140 if err != nil {
141 return "", fmt.Errorf("failed to convert options: %w", err)
142 }
143 } else {
144 params = verity.DefaultParams()
145 params.HashAreaOffset = hashOffset
146 }
147
148 loopParams := mount.LoopParams{
149 Readonly: true,
150 Autoclear: true,
151 }
152
153 dataLoop, err := mount.SetupLoop(dataDevice, loopParams)
154 if err != nil {
155 return "", fmt.Errorf("failed to setup loop device for data: %w", err)
156 }
157 dataLoopDevice := dataLoop.Name()
158
159 var hashLoop *os.File
160 var hashLoopDevice string
161 if hashDevice != dataDevice {
162 hashLoop, err = mount.SetupLoop(hashDevice, loopParams)
163 if err != nil {
164 dataLoop.Close()
165 return "", fmt.Errorf("failed to setup loop device for hash: %w", err)
166 }
167 hashLoopDevice = hashLoop.Name()
168 } else {
169 hashLoopDevice = dataLoopDevice
170 }
171
172 devicePath, err := verity.Open(&params, name, dataLoopDevice, hashLoopDevice, rootDigest, "", nil)
173 if err != nil {
174 dataLoop.Close()
175 if hashLoop != nil {
176 hashLoop.Close()
177 }
178 return "", fmt.Errorf("failed to open dm-verity device: %w", err)
179 }
180
181 // Close file handles now that dm-verity holds a kernel reference to the loop devices.
182 dataLoop.Close()
183 if hashLoop != nil {

Callers

nothing calls this directly

Calls 5

SetupLoopFunction · 0.92
convertToVerityParamsFunction · 0.85
NameMethod · 0.65
CloseMethod · 0.65
OpenMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…