[PATCH v2 3/4] erofs-utils: mkfs: introduce `--s3=...` option

Hongbo Li lihongbo22 at huawei.com
Fri Aug 1 18:31:58 AEST 2025 


On 2025/8/1 15:46, Gao Xiang wrote:
> 
> 
> On 2025/8/1 15:30, Yifan Zhao wrote:
>> From: zhaoyifan <zhaoyifan28 at huawei.com>
>>
>> This patch introduces configuration options for the upcoming 
>> experimental S3
>> support, including configuration parsing and passwd_file reading logic.
>>
>> User could specify the following options:
>> - S3 service endpoint (Compulsory)
>> - S3 credentials file, in the format of "$ak:%sk" (Optional)
>> - S3 API calling style (Optional)
>> - S3 API signature version, only sigV2 supported yet (Optional)
>>
>> Signed-off-by: Yifan Zhao <zhaoyifan28 at huawei.com>
>> ---
>> change since v1:
>> - rename: include/erofs/s3.h => lib/liberofs_s3.h
>> - add liberofs_s3.h in this patch rather than previous one
>>
>>   lib/liberofs_s3.h |  40 +++++++++
>>   lib/remotes/s3.c  |   3 +-
>>   mkfs/main.c       | 220 ++++++++++++++++++++++++++++++++++++++++------
>>   3 files changed, 233 insertions(+), 30 deletions(-)
>>   create mode 100644 lib/liberofs_s3.h
>>
>> diff --git a/lib/liberofs_s3.h b/lib/liberofs_s3.h
>> new file mode 100644
>> index 0000000..16a06c9
>> --- /dev/null
>> +++ b/lib/liberofs_s3.h
>> @@ -0,0 +1,40 @@
>> +/* SPDX-License-Identifier: GPL-2.0+ OR Apache-2.0 */
>> +/*
>> + * Copyright (C) 2025 HUAWEI, Inc.
>> + *             http://www.huawei.com/
>> + * Created by Yifan Zhao <zhaoyifan28 at huawei.com>
>> + */
>> +#ifndef __EROFS_S3_H
>> +#define __EROFS_S3_H
>> +
>> +#ifdef __cplusplus
>> +extern "C" {
>> +#endif
>> +
>> +enum s3erofs_url_style {
>> +    S3EROFS_URL_STYLE_PATH,          // Path style: 
>> https://s3.amazonaws.com/bucket/object
>> +    S3EROFS_URL_STYLE_VIRTUAL_HOST,  // Virtual host style: 
>> https://bucket.s3.amazonaws.com/object
>> +};
>> +
>> +enum s3erofs_signature_version {
>> +    S3EROFS_SIGNATURE_VERSION_2,
>> +    S3EROFS_SIGNATURE_VERSION_4,
>> +};
>> +
>> +#define S3_ACCESS_KEY_LEN 256
>> +#define S3_SECRET_KEY_LEN 256
>> +
>> +struct erofs_s3 {
>> +    const char *endpoint, *bucket;
>> +    char access_key[S3_ACCESS_KEY_LEN + 1];
>> +    char secret_key[S3_SECRET_KEY_LEN + 1];
>> +
>> +    enum s3erofs_url_style url_style;
>> +    enum s3erofs_signature_version sig;
>> +};
>> +
>> +#ifdef __cplusplus
>> +}
>> +#endif
>> +
>> +#endif
>> \ No newline at end of file
>> diff --git a/lib/remotes/s3.c b/lib/remotes/s3.c
>> index ed2b023..358ee91 100644
>> --- a/lib/remotes/s3.c
>> +++ b/lib/remotes/s3.c
>> @@ -3,4 +3,5 @@
>>    * Copyright (C) 2025 HUAWEI, Inc.
>>    *             http://www.huawei.com/
>>    * Created by Yifan Zhao <zhaoyifan28 at huawei.com>
>> - */
>> \ No newline at end of file
>> + */
>> +#include "liberofs_s3.h"
>> \ No newline at end of file
>> diff --git a/mkfs/main.c b/mkfs/main.c
>> index 3aa1421..f524f45 100644
>> --- a/mkfs/main.c
>> +++ b/mkfs/main.c
>> @@ -31,6 +31,7 @@
>>   #include "../lib/liberofs_private.h"
>>   #include "../lib/liberofs_uuid.h"
>>   #include "../lib/liberofs_metabox.h"
>> +#include "../lib/liberofs_s3.h"
>>   #include "../lib/compressor.h"
>>   static struct option long_options[] = {
>> @@ -59,6 +60,9 @@ static struct option long_options[] = {
>>       {"gid-offset", required_argument, NULL, 17},
>>       {"tar", optional_argument, NULL, 20},
>>       {"aufs", no_argument, NULL, 21},
>> +#ifdef HAVE_S3
>> +    {"s3", required_argument, NULL, 22},
>> +#endif
>>       {"mount-point", required_argument, NULL, 512},
>>       {"xattr-prefix", required_argument, NULL, 19},
>>   #ifdef WITH_ANDROID
>> @@ -197,6 +201,12 @@ static void usage(int argc, char **argv)
>>           " --root-xattr-isize=#  ensure the inline xattr size of the 
>> root directory is # bytes at least\n"
>>           " --aufs                replace aufs special files with 
>> overlayfs metadata\n"
>>           " --sort=<path,none>    data sorting order for tarballs as 
>> input (default: path)\n"
>> +#ifdef HAVE_S3
> 
> HAVE_S3 is a bit odd, how about using
> S3_ENABLED (like LZ4_ENABLED?)
> 
> 
>> +        " --s3=X                generate an index-only image from 
>> s3-compatible object store backend\n"
>> +        "   [,passwd_file=Y]    X=endpoint, Y=s3 credentials file\n"
> 
> What's s3 credentials file? Is it documented
> somewhere? Why is it named as passwd_file?
> 
> Can we have an option to pass in accesskey
> too?

This follows the format of s3fs-fuse. Storing the ak/sk in a file is for 
security purposes. The file permission is set to 600 to prevent non-root 
users from accessing the ak/sk.

[1] https://github.com/s3fs-fuse/s3fs-fuse

Thanks,
Hongbo

> 
> 
>> +        "   [,style=Z]          S3 API calling style (Z = vhost|path) 
>> (default: vhost)\n"
>> +        "   [,sig=<2,4>]        S3 API signature version (default: 2)\n"
>> +#endif
>>           " --tar=X               generate a full or index-only image 
>> from a tarball(-ish) source\n"
>>           "                       (X = f|i|headerball; f=full mode, 
>> i=index mode,\n"
>>           "                                            headerball=file 
>> data is omited in the source stream)\n"
>> @@ -247,6 +257,10 @@ static struct erofs_tarfile erofstar = {
>>   static bool incremental_mode;
>>   static u8 metabox_algorithmid;
>> +#ifdef HAVE_S3
>> +static struct erofs_s3 s3cfg;
>> +#endif
>> +
>>   enum {
>>       EROFS_MKFS_DATA_IMPORT_DEFAULT,
>>       EROFS_MKFS_DATA_IMPORT_FULLDATA,
>> @@ -257,6 +271,9 @@ enum {
>>   enum {
>>       EROFS_MKFS_SOURCE_DEFAULT,
> 
> EROFS_MKFS_SOURCE_LOCALDIR,
> 
> Thanks,
> Gao Xiang

More information about the Linux-erofs mailing list