]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c578345)
repart: Extend check for read-only verity partitions
authorDaan De Meyer <daan.j.demeyer@gmail.com>
Mon, 7 Aug 2023 13:23:49 +0000 (15:23 +0200)
committerDaan De Meyer <daan.j.demeyer@gmail.com>
Mon, 7 Aug 2023 14:54:40 +0000 (16:54 +0200)
Let's check for verity signature partitions as well. Let's also
check the configured verity mode, which is another way to indicate
verity partitions aside from the type UUID.

src/partition/repart.c patch | blob | blame | history

diff --git a/src/partition/repart.c b/src/partition/repart.c
index 4a40a05ee85772e16c36dce0c69370704890db48..829d80ddf0de6c48d8f06ad2015721fc4eb86a4a 100644 (file)
--- a/src/partition/repart.c
+++ b/src/partition/repart.c
@@ -1749,7 +1749,11 @@ static int partition_read_definition(Partition *p, const char *path, const char
                                   verity_mode_to_string(p->verity));
 
         /* Verity partitions are read only, let's imply the RO flag hence, unless explicitly configured otherwise. */
-        if (IN_SET(p->type.designator, PARTITION_ROOT_VERITY, PARTITION_USR_VERITY) && p->read_only < 0)
+        if ((IN_SET(p->type.designator,
+                    PARTITION_ROOT_VERITY,
+                    PARTITION_ROOT_VERITY_SIG,
+                    PARTITION_USR_VERITY,
+                    PARTITION_USR_VERITY_SIG) || p->verity != VERITY_OFF) && p->read_only < 0)
                 p->read_only = true;
 
         /* Default to "growfs" on, unless read-only */
Unnamed repository; edit this file 'description' to name the repository.