]> git.ipfire.org Git - thirdparty/ipxe.git/commitdiff
projects / thirdparty / ipxe.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 191f882)
[image] Propagate trust flag to extracted archive images
authorMichael Brown <mcb30@ipxe.org>
Wed, 12 May 2021 13:13:01 +0000 (14:13 +0100)
committerMichael Brown <mcb30@ipxe.org>
Wed, 12 May 2021 13:14:52 +0000 (14:14 +0100)
An extracted image is wholly derived from the original archive image.
If the original archive image has been verified and marked as trusted,
then this trust logically extends to any image extracted from it.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
src/core/archive.c patch | blob | blame | history

diff --git a/src/core/archive.c b/src/core/archive.c
index 7ef86bd9a528d2373dbb2b037ae8414305e80359..bb62c7e4783c27a8f5e1cafcc5ef5d9763744129 100644 (file)
--- a/src/core/archive.c
+++ b/src/core/archive.c
@@ -82,6 +82,10 @@ int image_extract ( struct image *image, const char *name,
        if ( ( rc = register_image ( *extracted ) ) != 0 )
                goto err_register;
 
+       /* Propagate trust flag */
+       if ( image->flags & IMAGE_TRUSTED )
+               image_trust ( *extracted );
+
        /* Drop local reference to image */
        image_put ( *extracted );
 
Mirror of https://github.com/ipxe/ipxe.git