repart: set r/o GPT flag on verity sig partition too

The default image policy for the verity sig partition expects
the r/o flag to be set, but repart so far did not add it by
default if unset, like it does for the verity partition

diff --git a/src/repart/repart.c b/src/repart/repart.c
index c91f21ae75da562461f8bdad74e1aa394e915d9f..ac6cccbcba259976a1d720c4c17a29e80973f186 100644 (file)
--- a/src/repart/repart.c
+++ b/src/repart/repart.c
@@ -3007,7 +3007,9 @@ static int partition_read_definition(
         }
 
         /* Verity partitions are read only, let's imply the RO flag hence, unless explicitly configured otherwise. */
-        if ((partition_designator_is_verity_hash(p->type.designator) || p->verity == VERITY_DATA) && p->read_only < 0)
+        if ((partition_designator_is_verity_hash(p->type.designator) ||
+             partition_designator_is_verity_sig(p->type.designator) ||
+             IN_SET(p->verity, VERITY_DATA, VERITY_SIG)) && p->read_only < 0)
                 p->read_only = true;
 
         /* Default to "growfs" on, unless read-only */

diff --git a/src/shared/gpt.c b/src/shared/gpt.c
index b9b967e806ff2af898428548e5bcda3f2469d386..9308159ebe9f0a41d4cd2ca61c7a8e56ee307757 100644 (file)
--- a/src/shared/gpt.c
+++ b/src/shared/gpt.c
@@ -325,6 +325,8 @@ bool gpt_partition_type_knows_read_only(GptPartitionType type) {
                       /* pretty much implied, but let's set the bit to make things really clear */
                       PARTITION_ROOT_VERITY,
                       PARTITION_USR_VERITY,
+                      PARTITION_ROOT_VERITY_SIG,
+                      PARTITION_USR_VERITY_SIG,
                       PARTITION_HOME,
                       PARTITION_SRV,
                       PARTITION_VAR,