From: Kai Lueke Date: Thu, 20 Nov 2025 14:43:55 +0000 (+0900) Subject: sysext: Use correct image name for extension release checks X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2ab3a2b44c582dc4aeb90cb0bc3c19b6b68db5a1;p=thirdparty%2Fsystemd.git sysext: Use correct image name for extension release checks For the extension release check the image name is needed and was derived from the backing file of the loop device. However, this can have a different name when symlinks were resolved. The surprising behavior was that it worked when the target name started with the extension name and _ because that's what's supported to chop off version suffixes. However, we should not have such strict requirements for the target name and also allow - as version separator and entirely different names/prefixes, the same way as we also do for directories instead of raw images. Do not use the image name derived from the backing file of the loop device but directly the extension name we have at hand. --- diff --git a/src/shared/discover-image.c b/src/shared/discover-image.c index 9a7cef5a7c1..92229f603a8 100644 --- a/src/shared/discover-image.c +++ b/src/shared/discover-image.c @@ -2136,6 +2136,11 @@ int image_read_metadata(Image *i, const char *root, const ImagePolicy *image_pol if (r < 0) return log_debug_errno(r, "Failed to decrypt image '%s': %m", i->path); + /* Do not use the image name derived from the backing file of the loop device */ + r = free_and_strdup(&m->image_name, i->name); + if (r < 0) + return r; + r = dissected_image_acquire_metadata( m, /* userns_fd= */ -EBADF, diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c index 072181ea46f..c88a6435e43 100644 --- a/src/sysext/sysext.c +++ b/src/sysext/sysext.c @@ -1910,6 +1910,11 @@ static int merge_subprocess( if (r < 0) return r; + /* Do not use the image name derived from the backing file of the loop device */ + r = free_and_strdup(&m->image_name, img->name); + if (r < 0) + return r; + r = dissected_image_load_verity_sig_partition( m, d->fd,