pub fn ensure_verity_equal(
fd: impl AsFd,
expected: &impl FsVerityHashValue,
) -> Result<(), CompareVerityError>Expand description
Compare the fs-verity digest of the file versus the expected digest.
This calls measure_verity() and verifies that the result is equal to the expected value.
If this function returns successfully then the values match. In this case, the kernel guarantees that the file content cannot possibly change for as long as the file descriptor exists.
If the file doesn’t have fs-verity enabled, the hash value doesn’t match, or if a different hash algorithm is in use, the comparison will fail.