[PATCH v2 3/4] erofs-utils: mkfs: introduce `--s3=...` option
Gao Xiang
hsiangkao at linux.alibaba.com
Fri Aug 1 18:37:43 AEST 2025
Hi Hongbo,
On 2025/8/1 16:31, Hongbo Li wrote:
...
>>> +#ifdef HAVE_S3
>>
>> HAVE_S3 is a bit odd, how about using
>> S3_ENABLED (like LZ4_ENABLED?)
>>
>>
>>> + " --s3=X generate an index-only image from s3-compatible object store backend\n"
>>> + " [,passwd_file=Y] X=endpoint, Y=s3 credentials file\n"
>>
>> What's s3 credentials file? Is it documented
>> somewhere? Why is it named as passwd_file?
>>
>> Can we have an option to pass in accesskey
>> too?
>
> This follows the format of s3fs-fuse. Storing the ak/sk in a file is for security purposes. The file permission is set to 600 to prevent non-root users from accessing the ak/sk.
Understood, I wonder if the format is documented in
the AWS website or somewhere?
If it's only an implementation in s3fs-fuse, we might
need to document the format in the mkfs.erofs manpage
for example. (Although it's not needed in this patch,
maybe a follow-up patch.)
Also even I agree it's useful for security purposes,
it's still useful to have an _alternative_ way to
pass in plain ak/sk if possible.
`passwd_file` makes sense to me now since s3fs-fuse
uses this name too!
Thanks,
Gao Xiang
>
> [1] https://github.com/s3fs-fuse/s3fs-fuse
>
> Thanks,
> Hongbo
>
More information about the Linux-erofs
mailing list