Back to API reference

File system storage

To keep files on client's host there's a storage of file systems (called repositories) in user's home directory. Access to repository is granted through RSA public key authentication.

Here's the procedure for network mode:

  1. Client-side script requests for repository: storage.request_for_repository (public_key_data)
  2. The function returns <repository_request> and encrypted (by given public key) test message (as a string)
  3. Client-side script sends encrypted message to server using system.send_message () or system.send_channeled_message ()
  4. Server decrypts test message with private key and sends it back
  5. Client-side script gives decrypted message to <repository_request> for verification: <repository_request>.verify (decrypted_message)
  6. The function returns <repository> object (or nil, error_message pair in case of failure)

Things are different for standalone mode. Since there's no access to private key all the data stored in container is signed by private key. But not all at once. Instead data is separated into blocks. This helps to avoid delay of preverification (which would be noticable for big containers). Anyway, programmer only need to request opening it: storage.open_local_repository ().

Standalone mode introduces read-only repository (packed inside container) in addition to repositories stored at user's home directory: use storage.get_standalone_repository () to get it (is gets opened before execution of initial container scripts)

Each repository is a light-weight file system. There are files and directories but no notion of current directory, hard links and inode types other than regular files and directoryes. Files and directories have no time stamps, permissions or attributes. There's to special value for names of . and ... Each inode name (treated as C string, so embedded '\0' terminates string) passed to function is canonized first: all heading, trailing and duplicate slashes are removed. Canonized name must not exceed 255 bytes. Files can be opened in read-only and read-write modes.

See the module reference:

Back to API reference