wip

cgwalters · Nov 11, 2024 · 21bf315 · 21bf315
1 parent 2079517
commit 21bf315
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 11 deletions.
diff --git a/lib/src/cli.rs b/lib/src/cli.rs
@@ -303,8 +303,9 @@ pub(crate) enum InternalsOpts {
     FixupEtcFstab,
     /// Should only be used by `make update-generated`
     PrintJsonSchema,
-    /// Perform consistency checking.
-    Fsck,
+    /// Operate on the global storage
+    #[clap(subcommand)]
+    Storage(StorageOpts),
     /// Perform cleanup actions
     Cleanup,
     /// Proxy frontend for the `ostree-ext` CLI.
@@ -319,6 +320,18 @@ pub(crate) enum InternalsOpts {
     },
 }
 
+#[derive(Debug, clap::Subcommand, PartialEq, Eq)]
+pub(crate) enum StorageOpts {
+    /// Perform consistency checking
+    Fsck,
+    /// Output state of verity or dynamically enable it
+    Verity {
+        /// Change fsverity state to enabled.
+        #[clap(long)]
+        enable: bool,
+    },
+}
+
 #[derive(Debug, clap::Subcommand, PartialEq, Eq)]
 pub(crate) enum StateOpts {
     /// Remove all ostree deployments from this system
@@ -964,16 +977,23 @@ async fn run_from_opt(opt: Opt) -> Result<()> {
                 )
                 .await
             }
-            InternalsOpts::Fsck => {
+            InternalsOpts::Storage(opts) => {
                 let storage = get_storage().await?;
-                let r = crate::fsck::fsck(&storage).await?;
-                match r.errors.as_slice() {
-                    [] => {}
-                    errs => {
-                        for err in errs {
-                            eprintln!("error: {err}");
+                match opts {
+                    StorageOpts::Fsck => {
+                        let r = crate::fsck::fsck(&storage).await?;
+                        match r.errors.as_slice() {
+                            [] => {}
+                            errs => {
+                                for err in errs {
+                                    eprintln!("error: {err}");
+                                }
+                                anyhow::bail!("fsck found errors");
+                            }
                         }
-                        anyhow::bail!("fsck found errors");
+                    }
+                    StorageOpts::Verity { enable } => {
+
                     }
                 }
                 Ok(())

diff --git a/lib/src/install/config.rs b/lib/src/install/config.rs
@@ -601,7 +601,7 @@ fsverity = "enabled"
     assert_eq!(install.fsverity.as_ref().unwrap(), &Tristate::Enabled);
     let o: InstallConfigurationToplevel = toml::from_str(
         r##"[install]
-fsverity = "optional"
+fsverity = "maybe"
 "##,
     )
     .unwrap();

diff --git a/lib/src/store/mod.rs b/lib/src/store/mod.rs
@@ -15,6 +15,7 @@ use crate::spec::ImageStatus;
 
 mod ostree_container;
 
+/// The configuration option for fsverity
 pub(crate) const REPO_VERITY_CONFIG: &str = "ex-integrity.fsverity";
 
 pub(crate) struct Storage {