On Thu, 27 Mar 2025 at 18:14, Amir Goldstein <amir73il@xxxxxxxxx> wrote: > origin xattr only checks from upper to uppermost lower layer IIRC, > do definitely not all the way to lowerdata inode. Makes sense. > > so as long as the user is unable to change the origin integrity should > > be guaranteed. IOW, what we need is just to always check origin on > > metacopy regardless of the index option. > > > > But I'm not even sure this is used at all, since the verity code was > > added for the composefs use case, which does not use this path AFAICS. > > Alex, can you clarify? > > I am not sure how composefs lowerdata layer is being deployed, > but but I am pretty sure that the composefs erofs layers are > designed to be migratable to any fs where the lowerdata repo > exists, so I think hard coding the lowerdata inode is undesired. Yeah, I understand the basic composefs architecture, and storing the digest in the metadata inode makes perfect sense. What I'm not sure is what is being used outside of that. Anyway, I don't see any issue with the current architecture, just trying to understand what this is useful for and possible simplifications based on that. For example the copy-up code is apparently unused, and could be removed. OTOH it could be useful for the idmapping case from Guiseppe. Thanks, Miklos Thanks, Miklos
