[PATCH v2 3/4] erofs-utils: mkfs: introduce `--s3=...` option

Gao Xiang hsiangkao at linux.alibaba.com
Fri Aug 1 18:37:43 AEST 2025


Hi Hongbo,

On 2025/8/1 16:31, Hongbo Li wrote:

...

>>> +#ifdef HAVE_S3
>>
>> HAVE_S3 is a bit odd, how about using
>> S3_ENABLED (like LZ4_ENABLED?)
>>
>>
>>> +        " --s3=X                generate an index-only image from s3-compatible object store backend\n"
>>> +        "   [,passwd_file=Y]    X=endpoint, Y=s3 credentials file\n"
>>
>> What's s3 credentials file? Is it documented
>> somewhere? Why is it named as passwd_file?
>>
>> Can we have an option to pass in accesskey
>> too?
> 
> This follows the format of s3fs-fuse. Storing the ak/sk in a file is for security purposes. The file permission is set to 600 to prevent non-root users from accessing the ak/sk.

Understood, I wonder if the format is documented in
the AWS website or somewhere?

If it's only an implementation in s3fs-fuse, we might
need to document the format in the mkfs.erofs manpage
for example. (Although it's not needed in this patch,
maybe a follow-up patch.)

Also even I agree it's useful for security purposes,
it's still useful to have an _alternative_ way to
pass in plain ak/sk if possible.

`passwd_file` makes sense to me now since s3fs-fuse
uses this name too!

Thanks,
Gao Xiang

> 
> [1] https://github.com/s3fs-fuse/s3fs-fuse
> 
> Thanks,
> Hongbo
> 


More information about the Linux-erofs mailing list