Davide Cavalca via devel wrote:
To clarify: RPM does support files validation, but fs-verity is more
than just that. With RPM, the validation only happens on install time,
and when one runs rpm -V manually. With fs-verity, the validation
happens on-demand whenever a block of a file that originated from an
RPM is accessed. This means, for example, that if an attacker replaces
/bin/ls on disk with a compromised one, the next time it's read from
disk (e.g. because you ran it) you will see a validation failure and
the syscall will be blocked, preventing the compromised code from being
executed.
This means that there is a performance cost in addition to the disk space
cost (because something has to compute those checksums each time the file is
acessed). It also means that it is harder for users to exercise their right
to modify the Free Software (because replacing or patching RPM-installed
binaries will lead to them failing to execute).
About filesystem usage: unless you install rpm-plugin-fsverity
(which
is not and will not be installed by default), there is no disk space
increase for verity-signed RPM packages. If you do install rpm-plugin-
fsverity, some disk space will be used for the Merkle tree as described
in the Change.
Since the change also adds to the metadata in the RPM, that means that it
also increases the size of the RPMs. With keepcache=1, this also translates
to increased disk space use. But even if the user does not keep cached RPMs,
the download sizes will increase, which can cost time and for some users
even money.
Kevin Kofler