From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 25 Jan 2023 14:56:30 +0000 (+0100)
Subject: repart: Add roothash to output of all verity siblings
X-Git-Tag: v253-rc2~65
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2ecc7a5bca1b3dedfbef1ef44ec0d4b3fe0a5112;p=thirdparty%2Fsystemd.git

repart: Add roothash to output of all verity siblings

This can be used to match verity partitions together using the repart
JSON output.
---

diff --git a/src/partition/repart.c b/src/partition/repart.c
index c95b1d601df..920b442316a 100644
--- a/src/partition/repart.c
+++ b/src/partition/repart.c
@@ -2471,8 +2471,10 @@ static int context_dump_partitions(Context *context) {
                 if (p->new_padding != UINT64_MAX)
                         sum_padding += p->new_padding;
 
-                if (p->verity == VERITY_HASH) {
-                        rh = p->roothash ? hexmem(p->roothash, p->roothash_size) : strdup("TBD");
+                if (p->verity != VERITY_OFF) {
+                        Partition *hp = p->verity == VERITY_HASH ? p : p->siblings[VERITY_HASH];
+
+                        rh = hp->roothash ? hexmem(hp->roothash, hp->roothash_size) : strdup("TBD");
                         if (!rh)
                                 return log_oom();
                 }
diff --git a/test/units/testsuite-58.sh b/test/units/testsuite-58.sh
index e83df97067a..8b52a435e6d 100755
--- a/test/units/testsuite-58.sh
+++ b/test/units/testsuite-58.sh
@@ -819,7 +819,12 @@ EOF
                                            --certificate="$defs/verity.crt" \
                                            "$imgs/verity")
 
-    roothash=$(jq -r ".[] | select(.type == \"root-${architecture}-verity\") | .roothash" <<< "$output")
+    drh=$(jq -r ".[] | select(.type == \"root-${architecture}\") | .roothash" <<< "$output")
+    hrh=$(jq -r ".[] | select(.type == \"root-${architecture}-verity\") | .roothash" <<< "$output")
+    srh=$(jq -r ".[] | select(.type == \"root-${architecture}-verity-sig\") | .roothash" <<< "$output")
+
+    assert_eq "$drh" "$hrh"
+    assert_eq "$hrh" "$srh"
 
     # Check that we can dissect, mount and unmount a repart verity image. (and that the image UUID is deterministic)
 
@@ -828,9 +833,9 @@ EOF
         return
     fi
 
-    systemd-dissect "$imgs/verity" --root-hash "$roothash"
-    systemd-dissect "$imgs/verity" --root-hash "$roothash" --json=short | grep -q '"imageUuid":"1d2ce291-7cce-4f7d-bc83-fdb49ad74ebd"'
-    systemd-dissect "$imgs/verity" --root-hash "$roothash" -M "$imgs/mnt"
+    systemd-dissect "$imgs/verity" --root-hash "$drh"
+    systemd-dissect "$imgs/verity" --root-hash "$drh" --json=short | grep -q '"imageUuid":"1d2ce291-7cce-4f7d-bc83-fdb49ad74ebd"'
+    systemd-dissect "$imgs/verity" --root-hash "$drh" -M "$imgs/mnt"
     systemd-dissect -U "$imgs/mnt"
 }