dissect-image: refuse external verity data in partitioned mode

Our code doesn't support setting up verity with an external verity data
file unless we operate in non-partitioned mode. Let's refuse this
clearly and early if attempted anyway.

diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index 4f398316ae3b4e61a9d9f98e3891955335af192e..480e4a22847af34d1484c18e964344e4bd26b294 100644 (file)
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -839,6 +839,10 @@ int dissect_image(
         if (!is_gpt && ((flags & DISSECT_IMAGE_GPT_ONLY) || !is_mbr))
                 return -ENOPKG;
 
+        /* We support external verity data partitions only if the image has no partition table */
+        if (verity && verity->data_path)
+                return -EBADR;
+
         /* Safety check: refuse block devices that carry a partition table but for which the kernel doesn't
          * do partition scanning. */
         r = blockdev_partscan_enabled(fd);