feat: nydus support encrypted images #1333
Conversation
taoohong
requested review from
jiangliu,
changweige and
adamqqqplay
and removed request for
a team
|
@taoohong , a new test job has been submitted. Please wait in patience. The test job url: https://tone.openanolis.cn/ws/nrh4nnio/test_result/79505 |
Codecov Report
@@ Coverage Diff @@
## master #1333 +/- ##
========================================
Coverage 45.70% 45.71%
========================================
Files 123 122 -1
Lines 37287 37681 +394
Branches 37287 37681 +394
========================================
+ Hits 17043 17224 +181
- Misses 19347 19546 +199
- Partials 897 911 +14
|
|
@taoohong , the title has been updated, so a new test job has been submitted. Please wait in patience. The test job url: https://tone.openanolis.cn/ws/nrh4nnio/test_result/79511 |
taoohong
force-pushed
the
encryption-nydus
branch
from
833cbe9
to
c74b4a0
Compare
|
@taoohong , the code has been updated, so a new test job has been submitted. Please wait in patience. The test job url: https://tone.openanolis.cn/ws/nrh4nnio/test_result/79673 |
|
@taoohong , The CI test is completed, please check result:
Congratulations, your test job passed! |
||||||||||||||||||||||||
taoohong
force-pushed
the
encryption-nydus
branch
from
c74b4a0
to
bfbdbda
Compare
|
@taoohong , The CI test is completed, please check result:
Sorry, your test job failed. Please get the details in the link. |
||||||||||||||||||||||||
What is |
The IV is used to ensure that the same plaintext block encrypted with the same data encryption key produces a different ciphertext block each time. It's usually suggested to be provided when using AES in xts mode. |
taoohong
force-pushed
the
encryption-nydus
branch
from
ad64e56
to
22ad0e2
Compare
|
@taoohong , the code has been updated, so a new test job has been submitted. Please wait in patience. The test job url: https://tone.openanolis.cn/ws/nrh4nnio/test_result/82310 |
|
@taoohong , The CI test is completed, please check result:
Sorry, your test job failed. Please get the details in the link. |
||||||||||||||||||||||||
bergwolf
dismissed
their stale review
just found out that there's no tests for this.
|
@taoohong The implementation looks good. Could you add some integration tests (in the |
I'd like to. THX for your review 👍 |
Extend native nydus v6 to support handling encrypted containers images: * An encrypted nydus image is composed of encrypted bootstrap and chunk-level encrypted data blobs. The bootstrap is encrypted by the Ocicrypt and the data blobs are encrypted by aes-128-xts with randomly generated key and iv at chunk-level. * For every data blob, all the chunk data, conpression context. table and compression context table header are encrypted. * The chunk encryption key and iv are stored in the blob info reusing some items of the structure to save reserved space. * Encrypted chunk data will be decrypted and then be decompressed while be fetched by the storage backend. * Encrypted or unencrypted blobs can be merged together. Signed-off-by: taohong <[email protected]>
taoohong
force-pushed
the
encryption-nydus
branch
from
22ad0e2
to
220542d
Compare
|
@taoohong , the code has been updated, so a new test job has been submitted. Please wait in patience. The test job url: https://tone.openanolis.cn/ws/nrh4nnio/test_result/82345 |
Add image encryption test integration case to Smoke test. Signed-off-by: taohong <[email protected]>
taoohong
force-pushed
the
encryption-nydus
branch
from
220542d
to
0314971
Compare
|
@taoohong , the code has been updated, so a new test job has been submitted. Please wait in patience. The test job url: https://tone.openanolis.cn/ws/nrh4nnio/test_result/82346 |
|
@taoohong , The CI test is completed, please check result:
Congratulations, your test job passed! |
||||||||||||||||||||||||
|
@taoohong , The CI test is completed, please check result:
Congratulations, your test job passed! |
||||||||||||||||||||||||
Extend native nydus v6 to support handling encrypted containers images:
Related issue