dissect: load verity metadata earlier

That way we can turn off kernel partition scanning if verity data is
available (as we don't support verity for full GPT images, only for
simple file system images).

diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c
index f1f323b131716f06a8dd9457ff3f70d62428cd26..f44c8b37839330e189f1d5af89c9dab79e54aba2 100644 (file)
--- a/src/dissect/dissect.c
+++ b/src/dissect/dissect.c
@@ -327,18 +327,37 @@ static int run(int argc, char *argv[]) {
         if (r <= 0)
                 return r;
 
-        r = loop_device_make_by_path(arg_image, (arg_flags & DISSECT_IMAGE_READ_ONLY) ? O_RDONLY : O_RDWR, LO_FLAGS_PARTSCAN, &d);
+        r = verity_metadata_load(
+                        arg_image, NULL,
+                        arg_root_hash ? NULL : &arg_root_hash,
+                        &arg_root_hash_size,
+                        arg_verity_data ? NULL : &arg_verity_data,
+                        arg_root_hash_sig_path || arg_root_hash_sig ? NULL : &arg_root_hash_sig_path);
         if (r < 0)
-                return log_error_errno(r, "Failed to set up loopback device: %m");
+                return log_error_errno(r, "Failed to read verity artifacts for %s: %m", arg_image);
 
-        r = verity_metadata_load(arg_image, NULL, arg_root_hash ? NULL : &arg_root_hash, &arg_root_hash_size,
-                           arg_verity_data ? NULL : &arg_verity_data,
-                           arg_root_hash_sig_path || arg_root_hash_sig ? NULL : &arg_root_hash_sig_path);
+        r = loop_device_make_by_path(
+                        arg_image,
+                        (arg_flags & DISSECT_IMAGE_READ_ONLY) ? O_RDONLY : O_RDWR,
+                        arg_verity_data ? 0 : LO_FLAGS_PARTSCAN,
+                        &d);
         if (r < 0)
-                return log_error_errno(r, "Failed to read verity artefacts for %s: %m", arg_image);
-        arg_flags |= arg_verity_data ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0;
+                return log_error_errno(r, "Failed to set up loopback device: %m");
 
-        r = dissect_image_and_warn(d->fd, arg_image, arg_root_hash, arg_root_hash_size, arg_verity_data, NULL, arg_flags, &m);
+        if (arg_verity_data)
+                arg_flags |= DISSECT_IMAGE_NO_PARTITION_TABLE; /* We only support Verity per file system,
+                                                                * hence if there's external Verity data
+                                                                * available we turn off partition table
+                                                                * support */
+        r = dissect_image_and_warn(
+                        d->fd,
+                        arg_image,
+                        arg_root_hash,
+                        arg_root_hash_size,
+                        arg_verity_data,
+                        NULL,
+                        arg_flags,
+                        &m);
         if (r < 0)
                 return r;