From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 7 Aug 2023 13:23:49 +0000 (+0200)
Subject: repart: Extend check for read-only verity partitions
X-Git-Tag: v255-rc1~803
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2208d49263eb6b0be60fd8d937208388568d8a02;p=thirdparty%2Fsystemd.git

repart: Extend check for read-only verity partitions

Let's check for verity signature partitions as well. Let's also
check the configured verity mode, which is another way to indicate
verity partitions aside from the type UUID.
---

diff --git a/src/partition/repart.c b/src/partition/repart.c
index 4a40a05ee85..829d80ddf0d 100644
--- a/src/partition/repart.c
+++ b/src/partition/repart.c
@@ -1749,7 +1749,11 @@ static int partition_read_definition(Partition *p, const char *path, const char
                                   verity_mode_to_string(p->verity));
 
         /* Verity partitions are read only, let's imply the RO flag hence, unless explicitly configured otherwise. */
-        if (IN_SET(p->type.designator, PARTITION_ROOT_VERITY, PARTITION_USR_VERITY) && p->read_only < 0)
+        if ((IN_SET(p->type.designator,
+                    PARTITION_ROOT_VERITY,
+                    PARTITION_ROOT_VERITY_SIG,
+                    PARTITION_USR_VERITY,
+                    PARTITION_USR_VERITY_SIG) || p->verity != VERITY_OFF) && p->read_only < 0)
                 p->read_only = true;
 
         /* Default to "growfs" on, unless read-only */