containerd · ChengyuZhu6 · Dec 3, 2025 · Dec 3, 2025 · Dec 3, 2025
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -16,8 +16,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
-        with:
-          path: src/github.com/containerd/go-dmverity
+
       - name: Setup Go
         uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00  # v6.0.0
         with:
@@ -45,6 +44,9 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        with:
+          fetch-depth: 25
+          path: src/github.com/containerd/go-dmverity
 
       - name: Setup Go
         uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00  # v6.0.0
@@ -54,7 +56,7 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
         with:
-          version: v1.60.3
+          version: v1.64.8
           args: --timeout=5m
           skip-cache: true
           working-directory: src/github.com/containerd/go-dmverity
@@ -66,7 +68,7 @@ jobs:
 
     steps:
       - name: Checkout
-      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           path: src/github.com/containerd/go-dmverity
           fetch-depth: 25

diff --git a/cmd/go-dmverity/close.go b/cmd/go-dmverity/close.go
@@ -39,7 +39,7 @@ func parseCloseArgs(args []string) (string, error) {
 }
 
 func runClose(name string) error {
-	if err := verity.VerityClose(name); err != nil {
+	if err := verity.Close(name); err != nil {
 		return err
 	}
 

diff --git a/cmd/go-dmverity/dump_linux_test.go b/cmd/go-dmverity/dump_linux_test.go
@@ -85,15 +85,15 @@ func TestDump_NoSuperblock(t *testing.T) {
 	defer os.Remove(data)
 	defer os.Remove(hash)
 
-	params := verity.DefaultVerityParams()
+	params := verity.DefaultParams()
 	params.NoSuperblock = true
 	params.DataBlocks = 16
 	params.DataBlockSize = 4096
 	params.HashBlockSize = 4096
 
-	_, err := verity.VerityCreate(&params, data, hash)
+	_, err := verity.Create(&params, data, hash)
 	if err != nil {
-		t.Fatalf("VerityCreate failed: %v", err)
+		t.Fatalf("Create failed: %v", err)
 	}
 
 	err = runDump(hash)

diff --git a/cmd/go-dmverity/flags.go b/cmd/go-dmverity/flags.go
@@ -53,7 +53,7 @@ func defaultFlags(fs *flag.FlagSet) *CommonFlags {
 	}
 }
 
-func validateAndApplyBlockSizes(p *verity.VerityParams, flags *CommonFlags) error {
+func validateAndApplyBlockSizes(p *verity.Params, flags *CommonFlags) error {
 	if *flags.NoSuper {
 		if p.DataBlockSize == 0 {
 			p.DataBlockSize = 4096
@@ -80,7 +80,7 @@ func validateAndApplyBlockSizes(p *verity.VerityParams, flags *CommonFlags) erro
 	return nil
 }
 
-func applyFlags(p *verity.VerityParams, flags *CommonFlags) {
+func applyFlags(p *verity.Params, flags *CommonFlags) {
 	p.HashType = uint32(*flags.FormatType)
 	p.NoSuperblock = *flags.NoSuper
 	p.HashAreaOffset = *flags.HashOffset

diff --git a/cmd/go-dmverity/format.go b/cmd/go-dmverity/format.go
@@ -30,9 +30,9 @@ import (
 	verity "github.com/containerd/go-dmverity/pkg/verity"
 )
 
-func runFormat(p *verity.VerityParams, dataPath, hashPath string) error {
+func runFormat(p *verity.Params, dataPath, hashPath string) error {
 	if !p.NoSuperblock && p.HashAreaOffset == 0 {
-		p.HashAreaOffset = utils.AlignUp(uint64(verity.VeritySuperblockSize), uint64(p.HashBlockSize))
+		p.HashAreaOffset = utils.AlignUp(uint64(verity.SuperblockSize), uint64(p.HashBlockSize))
 	}
 
 	if _, err := os.Stat(hashPath); errors.Is(err, os.ErrNotExist) {
@@ -45,7 +45,7 @@ func runFormat(p *verity.VerityParams, dataPath, hashPath string) error {
 		return fmt.Errorf("stat hash path %s: %w", hashPath, err)
 	}
 
-	rootHash, err := verity.VerityCreate(p, dataPath, hashPath)
+	rootHash, err := verity.Create(p, dataPath, hashPath)
 	if err != nil {
 		return err
 	}
@@ -69,7 +69,7 @@ func runFormat(p *verity.VerityParams, dataPath, hashPath string) error {
 
 	hashDeviceSize := totalHashBlocks * uint64(p.HashBlockSize)
 	if !p.NoSuperblock {
-		hashDeviceSize += utils.AlignUp(uint64(verity.VeritySuperblockSize), uint64(p.HashBlockSize))
+		hashDeviceSize += utils.AlignUp(uint64(verity.SuperblockSize), uint64(p.HashBlockSize))
 	}
 
 	var uuidStr string
@@ -96,7 +96,7 @@ func runFormat(p *verity.VerityParams, dataPath, hashPath string) error {
 	return nil
 }
 
-func parseFormatArgs(args []string) (*verity.VerityParams, string, string, error) {
+func parseFormatArgs(args []string) (*verity.Params, string, string, error) {
 	fs := flag.NewFlagSet("format", flag.ContinueOnError)
 	fs.SetOutput(os.Stderr)
 
@@ -117,7 +117,7 @@ func parseFormatArgs(args []string) (*verity.VerityParams, string, string, error
 	dataPath := rest[0]
 	hashPath := rest[1]
 
-	p := verity.DefaultVerityParams()
+	p := verity.DefaultParams()
 
 	applyFlags(&p, flags)
 

diff --git a/cmd/go-dmverity/open.go b/cmd/go-dmverity/open.go
@@ -28,7 +28,7 @@ import (
 	verity "github.com/containerd/go-dmverity/pkg/verity"
 )
 
-func parseOpenArgs(args []string) (*verity.VerityParams, string, string, string, []byte, []string, string, error) {
+func parseOpenArgs(args []string) (*verity.Params, string, string, string, []byte, []string, string, error) {
 	fs := flag.NewFlagSet("open", flag.ContinueOnError)
 	fs.SetOutput(os.Stderr)
 
@@ -57,7 +57,7 @@ func parseOpenArgs(args []string) (*verity.VerityParams, string, string, string,
 		return nil, "", "", "", nil, nil, "", fmt.Errorf("device name too long (max %d characters)", dm.DMNameLen-1)
 	}
 
-	p := verity.DefaultVerityParams()
+	p := verity.DefaultParams()
 
 	applyFlags(&p, flags)
 
@@ -100,7 +100,7 @@ func parseOpenArgs(args []string) (*verity.VerityParams, string, string, string,
 	return &p, dataDev, name, hashDev, rootBytes, dmFlags, signatureFile, nil
 }
 
-func runOpen(p *verity.VerityParams, dataDev, name, hashDev string, rootDigest []byte, flags []string, signatureFile string) error {
+func runOpen(p *verity.Params, dataDev, name, hashDev string, rootDigest []byte, flags []string, signatureFile string) error {
 	if p == nil {
 		return fmt.Errorf("verity params is nil")
 	}
@@ -131,7 +131,7 @@ func runOpen(p *verity.VerityParams, dataDev, name, hashDev string, rootDigest [
 		}
 	}()
 
-	devPath, err := verity.VerityOpen(p, name, dataLoop, hashLoop, rootDigest, signatureFile, flags)
+	devPath, err := verity.Open(p, name, dataLoop, hashLoop, rootDigest, signatureFile, flags)
 	if err != nil {
 		return err
 	}

diff --git a/cmd/go-dmverity/verify.go b/cmd/go-dmverity/verify.go
@@ -28,7 +28,7 @@ import (
 	verity "github.com/containerd/go-dmverity/pkg/verity"
 )
 
-func parseVerifyArgs(args []string) (*verity.VerityParams, string, string, []byte, error) {
+func parseVerifyArgs(args []string) (*verity.Params, string, string, []byte, error) {
 	fs := flag.NewFlagSet("verify", flag.ContinueOnError)
 	fs.SetOutput(os.Stderr)
 
@@ -45,7 +45,7 @@ func parseVerifyArgs(args []string) (*verity.VerityParams, string, string, []byt
 	dataPath := rest[0]
 	hashPath := rest[1]
 
-	p := verity.DefaultVerityParams()
+	p := verity.DefaultParams()
 
 	applyFlags(&p, flags)
 
@@ -96,14 +96,14 @@ func parseVerifyArgs(args []string) (*verity.VerityParams, string, string, []byt
 	return &p, dataPath, hashPath, rootBytes, nil
 }
 
-func runVerify(p *verity.VerityParams, dataPath, hashPath string, rootDigest []byte) error {
+func runVerify(p *verity.Params, dataPath, hashPath string, rootDigest []byte) error {
 	if p.HashName != "" {
 		if err := utils.ValidateRootHashSize(rootDigest, p.HashName); err != nil {
 			return err
 		}
 	}
 
-	if err := verity.VerityVerify(p, dataPath, hashPath, rootDigest); err != nil {
+	if err := verity.Verify(p, dataPath, hashPath, rootDigest); err != nil {
 		return fmt.Errorf("verification failed: %w", err)
 	}
 

diff --git a/docs/getting-started.md b/docs/getting-started.md
@@ -38,7 +38,7 @@ import (
 
 func main() {
     // Create hash tree
-    params := verity.DefaultVerityParams()
+    params := verity.DefaultParams()
     params.HashName = "sha256"
 
     size, err := utils.GetBlockOrFileSize("data.img")
@@ -47,14 +47,14 @@ func main() {
     }
     params.DataBlocks = uint64(size / int64(params.DataBlockSize))
 
-    rootHash, err := verity.VerityCreate(&params, "data.img", "hash.img")
+    rootHash, err := verity.Create(&params, "data.img", "hash.img")
     if err != nil {
         log.Fatal(err)
     }
     fmt.Printf("Root hash: %x\n", rootHash)
 
     // Verify data
-    err = verity.VerityVerify(&params, "data.img", "hash.img", rootHash)
+    err = verity.Verify(&params, "data.img", "hash.img", rootHash)
     if err != nil {
         log.Fatal(err)
     }

diff --git a/pkg/dm/dm_linux.go b/pkg/dm/dm_linux.go
@@ -151,7 +151,7 @@ var ioctlSyscall = func(fd, req, arg uintptr) (uintptr, uintptr, unix.Errno) {
 }
 
 func dmReq(nr uintptr) uintptr {
-	return iowr(DMIOCTLType, nr, uintptr(unsafe.Sizeof(dmIoctl{})))
+	return iowr(DMIOCTLType, nr, unsafe.Sizeof(dmIoctl{}))
 }
 
 func (c *Control) rawIoctl(nr uintptr, buf unsafe.Pointer) error {
@@ -177,7 +177,7 @@ func makeBaseIoctl(name, uuid string, totalDataSize int) dmIoctl {
 func (c *Control) CreateDevice(name string) (uint64, error) {
 	buf := make([]byte, unsafe.Sizeof(dmIoctl{}))
 	io := (*dmIoctl)(unsafe.Pointer(&buf[0]))
-	*io = makeBaseIoctl(name, "", int(len(buf)))
+	*io = makeBaseIoctl(name, "", len(buf))
 	if err := c.rawIoctl(DMDevCreateCMD, unsafe.Pointer(io)); err != nil {
 		return 0, fmt.Errorf("dm create '%s': %w", name, err)
 	}
@@ -187,7 +187,7 @@ func (c *Control) CreateDevice(name string) (uint64, error) {
 func (c *Control) RemoveDevice(name string) error {
 	buf := make([]byte, unsafe.Sizeof(dmIoctl{}))
 	io := (*dmIoctl)(unsafe.Pointer(&buf[0]))
-	*io = makeBaseIoctl(name, "", int(len(buf)))
+	*io = makeBaseIoctl(name, "", len(buf))
 	if err := c.rawIoctl(DMDevRemoveCMD, unsafe.Pointer(io)); err != nil {
 		return fmt.Errorf("dm remove '%s': %w", name, err)
 	}
@@ -197,7 +197,7 @@ func (c *Control) RemoveDevice(name string) error {
 func (c *Control) SuspendDevice(name string, suspend bool) error {
 	buf := make([]byte, unsafe.Sizeof(dmIoctl{}))
 	io := (*dmIoctl)(unsafe.Pointer(&buf[0]))
-	*io = makeBaseIoctl(name, "", int(len(buf)))
+	*io = makeBaseIoctl(name, "", len(buf))
 	if suspend {
 		io.Flags |= DMSuspendFlag
 	}
@@ -253,7 +253,7 @@ func (c *Control) LoadTable(name string, targets []Target) error {
 func (c *Control) ClearTable(name string) error {
 	buf := make([]byte, unsafe.Sizeof(dmIoctl{}))
 	io := (*dmIoctl)(unsafe.Pointer(&buf[0]))
-	*io = makeBaseIoctl(name, "", int(len(buf)))
+	*io = makeBaseIoctl(name, "", len(buf))
 	if err := c.rawIoctl(DMTableClearCMD, unsafe.Pointer(io)); err != nil {
 		if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.ENXIO) {
 			return nil
@@ -266,7 +266,7 @@ func (c *Control) ClearTable(name string) error {
 func (c *Control) DeviceStatus(name string) (DeviceStatus, error) {
 	buf := make([]byte, unsafe.Sizeof(dmIoctl{}))
 	io := (*dmIoctl)(unsafe.Pointer(&buf[0]))
-	*io = makeBaseIoctl(name, "", int(len(buf)))
+	*io = makeBaseIoctl(name, "", len(buf))
 	if err := c.rawIoctl(DMDevStatusCMD, unsafe.Pointer(io)); err != nil {
 		return DeviceStatus{}, fmt.Errorf("dm dev status '%s': %w", name, err)
 	}
@@ -279,15 +279,15 @@ func (c *Control) DeviceStatus(name string) (DeviceStatus, error) {
 		ulen++
 	}
 	maj := unix.Major(io.Dev)
-	min := unix.Minor(io.Dev)
+	minor := unix.Minor(io.Dev)
 	return DeviceStatus{
 		OpenCount:       io.OpenCount,
 		TargetCount:     io.TargetCount,
 		EventNr:         io.EventNr,
 		Flags:           io.Flags,
 		Dev:             io.Dev,
 		Major:           maj,
-		Minor:           min,
+		Minor:           minor,
 		Name:            string(io.Name[:nlen]),
 		UUID:            string(io.UUID[:ulen]),
 		ActivePresent:   (io.Flags & DMActivePresentFlag) != 0,

diff --git a/pkg/utils/losetup.go b/pkg/utils/losetup.go
@@ -13,7 +13,6 @@
    See the License for the specific language governing permissions and
    limitations under the License.
 */
-// Adapted from github.com/containerd/containerd/v2/core/mount/losetup_linux.go
 
 package utils
 
@@ -28,6 +27,8 @@ import (
 	"golang.org/x/sys/unix"
 )
 
+// Adapted from github.com/containerd/containerd/v2/core/mount/losetup_linux.go
+
 const (
 	loopControlPath = "/dev/loop-control"
 	loopDevFormat   = "/dev/loop%d"

diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
@@ -18,9 +18,9 @@ package utils
 
 import (
 	"crypto"
-	_ "crypto/sha1"
-	_ "crypto/sha256"
-	_ "crypto/sha512"
+	_ "crypto/sha1"   // register SHA1 for crypto.Hash
+	_ "crypto/sha256" // register SHA256 for crypto.Hash
+	_ "crypto/sha512" // register SHA512 for crypto.Hash
 	"encoding/hex"
 	"fmt"
 	"os"