pub fn seal<ObjectID: FsVerityHashValue>(
repo: &Arc<Repository<ObjectID>>,
config_name: &str,
config_verity: Option<&ObjectID>,
) -> Result<(String, ObjectID)>Expand description
Seals a container by computing its filesystem fs-verity hash and adding it to the config.
Creates the complete filesystem from all layers, computes its fs-verity hash, and stores this hash in the container config labels under “containers.composefs.fsverity”. This allows the container to be mounted with integrity protection.
Returns a tuple of (sha256 content hash, fs-verity hash value) for the updated configuration.