-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
verity: check after activation for any corruption #18
verity: check after activation for any corruption #18
Conversation
Testing notes: I had a stacker-built OCI image with two layers, I modified a little bit of one of them:
Then with the current main branch, I just attempt to mount the image (note- need to be sure that the underlying dm devices are you will see the warning about corruption detection but the image still mounts without error:
|
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #18 +/- ##
==========================================
- Coverage 16.52% 16.15% -0.37%
==========================================
Files 6 6
Lines 932 953 +21
==========================================
Hits 154 154
- Misses 757 778 +21
Partials 21 21 ☔ View full report in Codecov by Sentry. |
converted to draft because I just realized that the new (edit, fixed) |
ActivateByVolumeKey does check for corruption via the dm_status task after activation, but if it finds that it was corrupted, it only logs that to stderr and returns 0 anyway. For cases where corruption can be detected immediately, we want to fail the mounting, so we add a second check of the same task after activating the device (or after checking the hash on an existing device), and fail early. Signed-off-by: Michael McCracken <[email protected]>
If we are mounting a mol where one of the atoms already been mounted, then we should check the already-mounted devices for any corruption reported by devicemapper as well, and at least fail to mount the new image using them. Signed-off-by: Michael McCracken <[email protected]>
abbd1a8
to
4837f40
Compare
ActivateByVolumeKey does check for corruption via the dm_status task after activation, but if it finds that it was corrupted, it only logs that to stderr and returns 0 anyway.
For cases where corruption can be detected immediately, we want to fail the mounting, so we add a second check of the same task after activating the device (or after checking the hash on an existing device), and fail early.