gpt-auto-generator: Pass verity settings to dissect_loop_device()
The image policy might be configured to enforce verity protection on the
root or usr partitions. Currently, we get around that by ignoring the root
and usr partitions, given that by the time this code runs in the rootfs these
will have already been mounted.
However, we can't actually ignore the root partition, as we will enable
growfs and/or remounting the root partition rw based on the root partition
we find in the image.
Instead, let's just read any roothash= or usrhash= from the kernel command line
and pass in a populated verity settings struct into dissect_loop_device()
instead of NULL. If NULL is passed, any verity partitions in the image are
ignored. If we pass the default verity settings, the wrong verity partitions might
potentially be picked up, so we make sure to pass a fully populated instance. This
should be sufficient to satisfy any configured image policy verity protection checks.
Reverts
6d6538fb3f46b01dded23cc7eef5ed5ffe8b38e9
Fixes #38788
projects / thirdparty / systemd.git / commit
