git.ipfire.org Git - thirdparty/systemd.git/commit

author	Lennart Poettering <lennart@poettering.net>
	Fri, 19 Sep 2025 16:12:55 +0000 (18:12 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Mon, 13 Oct 2025 20:26:34 +0000 (22:26 +0200)
commit	d20dff2814c26fad2e568758aa7e5e437908fb0f
tree	a40cfb52a15123565449d920e38c27a26451fccb	tree \| snapshot
parent	57d1ceffb3d98f69c2da511ed59a420a1cfa7e40	commit \| diff

dissect-image: take policy into consideration when unlocking verity, too

Previously, we'd take the image policy only into consideration when
dissecting the mage, but for the unlock/verity step we'd go via best
effort. Change that. This means we can now enforce policies such as
activating by root hash only even if a signature exists and similar.

Also, introduce a separate error code if we try to unlock a Verity
volume but have no root hash. Previously we'd return ENOKEY for that,
exactly like we do for encrypted volumes where we have no passparse. The
interctive unlock loop dissected_image_decrypt_interactively() is
otherwise very confused and will ask for a root hash, which makes no
sense. Hence use two distinct errors for this.

src/core/namespace.c		diff \| blob \| blame \| history
src/dissect/dissect.c		diff \| blob \| blame \| history
src/mountfsd/mountwork.c		diff \| blob \| blame \| history
src/nspawn/nspawn.c		diff \| blob \| blame \| history
src/shared/dissect-image.c		diff \| blob \| blame \| history
src/shared/dissect-image.h		diff \| blob \| blame \| history
src/sysext/sysext.c		diff \| blob \| blame \| history
test/units/TEST-50-DISSECT.mountfsd.sh		diff \| blob \| blame \| history