1# dmverity-vhd
2
3Takes an OCI image locator and an output directory and converts the layers that
4make up the image into a series of VHDs in the output directory. One VHD will
5be created per image layer.
6
7VHDs are named with the name of the layer SHA.
8
9Each layer contains
10[dm-verity](https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html)
11information that can be used to ensure the integrity of the created ext4
12filesystem. All VHDs have a layout of:
13
14- ext4 filesystem
15- dm-verity superblock
16- dm-verity merkle tree
17- VHD footer
18
19The output is deterministic except for the UUIDs embedded in the VHD footer and
20the dm-verity superblock. Both UUIDs are currently seeded using a random number
21generator.
22
23## Example usage
24
25Create VHDs:
26
27```bash
28dmverity-vhd create -i alpine:3.12 -o alpine_3_12_layers
29```
30
31Compute root hashes:
32
33```bash
34dmverity-vhd --docker roothash -i alpine:3.12
35```
36
37Compute root hashes with tarball:
38
39```bash
40dmverity-vhd --tarball /path/to/tarball.tar roothash -i alpine:3.12
41```
View as plain text