mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2026-01-23 01:11:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

build_image: read files for IMA measurement

Browse Source 
Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
This commit is contained in:
Vincent Batts 2020-07-07 17:57:01 -04:00
parent bc11ee282d
commit 84de552972
No known key found for this signature in database
GPG Key ID: 10937E57733F1362
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
build_library/build_image_util.sh
View File

@ -613,6 +613,15 @@ EOF
write_contents "${root_fs_dir}" "${BUILD_DIR}/${image_contents}"
# read the contents of all regular files so that the IMA xattr are written
# for each file
if [ -d /sys/module/ima ] ; then
echo "IMA present. Measuring files of image."
sudo find "${root_fs_dir}" -type f -exec dd if="{}" of=/dev/null count=0 status=none \; ||:
else
echo "WARN: IMA not present. Not measuring files of image."
fi
# Zero all fs free space to make it more compressible so auto-update
# payloads become smaller, not fatal since it won't work on linux < 3.2
sudo fstrim "${root_fs_dir}" || true