}
static int mount_images(const MountEntry *m) {
- _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
- _cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL;
- _cleanup_(dissected_image_unrefp) DissectedImage *dissected_image = NULL;
- _cleanup_(verity_settings_done) VeritySettings verity = VERITY_SETTINGS_DEFAULT;
- DissectImageFlags dissect_image_flags;
int r;
assert(m);
- r = verity_settings_load(&verity, mount_entry_source(m), NULL, NULL);
- if (r < 0)
- return log_debug_errno(r, "Failed to load root hash: %m");
-
- dissect_image_flags =
- (m->read_only ? DISSECT_IMAGE_READ_ONLY : 0) |
- (verity.data_path ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0);
-
- r = loop_device_make_by_path(
- mount_entry_source(m),
- m->read_only ? O_RDONLY : -1 /* < 0 means writable if possible, read-only as fallback */,
- verity.data_path ? 0 : LO_FLAGS_PARTSCAN,
- &loop_device);
- if (r < 0)
- return log_debug_errno(r, "Failed to create loop device for image: %m");
-
- r = dissect_image(
- loop_device->fd,
- &verity,
- m->image_options,
- dissect_image_flags,
- &dissected_image);
- /* No partition table? Might be a single-filesystem image, try again */
- if (!verity.data_path && r == -ENOPKG)
- r = dissect_image(
- loop_device->fd,
- &verity,
- m->image_options,
- dissect_image_flags|DISSECT_IMAGE_NO_PARTITION_TABLE,
- &dissected_image);
- if (r < 0)
- return log_debug_errno(r, "Failed to dissect image: %m");
-
- r = dissected_image_decrypt(
- dissected_image,
- NULL,
- &verity,
- dissect_image_flags,
- &decrypted_image);
- if (r < 0)
- return log_debug_errno(r, "Failed to decrypt dissected image: %m");
-
- r = mkdir_p_label(mount_entry_path(m), 0755);
- if (r < 0)
- return log_debug_errno(r, "Failed to create destination directory %s: %m", mount_entry_path(m));
- r = umount_recursive(mount_entry_path(m), 0);
- if (r < 0)
- return log_debug_errno(r, "Failed to umount under destination directory %s: %m", mount_entry_path(m));
-
- r = dissected_image_mount(dissected_image, mount_entry_path(m), UID_INVALID, dissect_image_flags);
+ r = verity_dissect_and_mount(mount_entry_source(m), mount_entry_path(m), m->image_options);
if (r < 0)
- return log_debug_errno(r, "Failed to mount image: %m");
-
- if (decrypted_image) {
- r = decrypted_image_relinquish(decrypted_image);
- if (r < 0)
- return log_debug_errno(r, "Failed to relinquish decrypted image: %m");
- }
-
- loop_device_relinquish(loop_device);
+ return log_debug_errno(r, "Failed to mount image %s on %s: %m", mount_entry_source(m), mount_entry_path(m));
return 1;
}
[PARTITION_VAR] = "var",
};
+int verity_dissect_and_mount(const char *src, const char *dest, const MountOptions *options) {
+ _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
+ _cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL;
+ _cleanup_(dissected_image_unrefp) DissectedImage *dissected_image = NULL;
+ _cleanup_(verity_settings_done) VeritySettings verity = VERITY_SETTINGS_DEFAULT;
+ DissectImageFlags dissect_image_flags;
+ int r;
+
+ assert(src);
+ assert(dest);
+
+ r = verity_settings_load(&verity, src, NULL, NULL);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to load root hash: %m");
+
+ dissect_image_flags = verity.data_path ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0;
+
+ r = loop_device_make_by_path(
+ src,
+ -1,
+ verity.data_path ? 0 : LO_FLAGS_PARTSCAN,
+ &loop_device);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to create loop device for image: %m");
+
+ r = dissect_image(
+ loop_device->fd,
+ &verity,
+ options,
+ dissect_image_flags,
+ &dissected_image);
+ /* No partition table? Might be a single-filesystem image, try again */
+ if (!verity.data_path && r == -ENOPKG)
+ r = dissect_image(
+ loop_device->fd,
+ &verity,
+ options,
+ dissect_image_flags|DISSECT_IMAGE_NO_PARTITION_TABLE,
+ &dissected_image);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to dissect image: %m");
+
+ r = dissected_image_decrypt(
+ dissected_image,
+ NULL,
+ &verity,
+ dissect_image_flags,
+ &decrypted_image);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to decrypt dissected image: %m");
+
+ r = mkdir_p_label(dest, 0755);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to create destination directory %s: %m", dest);
+ r = umount_recursive(dest, 0);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to umount under destination directory %s: %m", dest);
+
+ r = dissected_image_mount(dissected_image, dest, UID_INVALID, dissect_image_flags);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to mount image: %m");
+
+ if (decrypted_image) {
+ r = decrypted_image_relinquish(decrypted_image);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to relinquish decrypted image: %m");
+ }
+
+ loop_device_relinquish(loop_device);
+
+ return 0;
+}
+
DEFINE_STRING_TABLE_LOOKUP(partition_designator, PartitionDesignator);
bool dissected_image_has_verity(const DissectedImage *image, PartitionDesignator d);
int mount_image_privately_interactively(const char *path, DissectImageFlags flags, char **ret_directory, LoopDevice **ret_loop_device, DecryptedImage **ret_decrypted_image);
+
+int verity_dissect_and_mount(const char *src, const char *dest, const MountOptions *options);
projects / thirdparty / systemd.git / commitdiff
