dissect-image: rename dissected_image_has_verity()/_can_do_verity()

Let's also pick more precise names for these helpers that are used for
the tabular output: one checks whether a partition is candidate for
verity at all, and the other checks if it is ready to be used for it.
Let's make this clearer in the name.

diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c
index a42b138a8044ff61a759275296c062070d4ab767..3f464f8dadef078f6077947761fd11762e9381f8 100644 (file)
--- a/src/dissect/dissect.c
+++ b/src/dissect/dissect.c
@@ -514,8 +514,8 @@ static int action_dissect(DissectedImage *m, LoopDevice *d) {
 
                 if (arg_verity_settings.data_path)
                         r = table_add_cell(t, NULL, TABLE_STRING, "external");
-                else if (dissected_image_can_do_verity(m, i))
-                        r = table_add_cell(t, NULL, TABLE_STRING, yes_no(dissected_image_has_verity(m, i)));
+                else if (dissected_image_verity_candidate(m, i))
+                        r = table_add_cell(t, NULL, TABLE_STRING, yes_no(dissected_image_verity_ready(m, i)));
                 else
                         r = table_add_cell(t, NULL, TABLE_EMPTY, NULL);
                 if (r < 0)

diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index 6b73c650e215a802b91c153535563fc63f5d9437..20eade5a2a286ea50f3de6c8786ac98785d5af9d 100644 (file)
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -2840,18 +2840,35 @@ int dissect_image_and_warn(
         }
 }
 
-bool dissected_image_can_do_verity(const DissectedImage *image, PartitionDesignator partition_designator) {
+bool dissected_image_verity_candidate(const DissectedImage *image, PartitionDesignator partition_designator) {
+        assert(image);
+
+        /* Checks if this partition could theoretically do Verity. For non-partitioned images this only works
+         * if there's an external verity file supplied, for which we can consult .has_verity. For partitioned
+         * images we only check the partition type.
+         *
+         * This call is used to decide whether to suppress or show a verity column in tabular output of the
+         * image. */
+
         if (image->single_file_system)
                 return partition_designator == PARTITION_ROOT && image->has_verity;
 
         return PARTITION_VERITY_OF(partition_designator) >= 0;
 }
 
-bool dissected_image_has_verity(const DissectedImage *image, PartitionDesignator partition_designator) {
-        int k;
+bool dissected_image_verity_ready(const DissectedImage *image, PartitionDesignator partition_designator) {
+        PartitionDesignator k;
+
+        assert(image);
+
+        /* Checks if this partition has verity data available that we can activate. For non-partitioned this
+         * works for the root partition, for others only if the associated verity partition was found. */
+
+        if (!image->verity_ready)
+                return false;
 
         if (image->single_file_system)
-                return partition_designator == PARTITION_ROOT && image->verity_ready;
+                return partition_designator == PARTITION_ROOT;
 
         k = PARTITION_VERITY_OF(partition_designator);
         return k >= 0 && image->partitions[k].found;

diff --git a/src/shared/dissect-image.h b/src/shared/dissect-image.h
index fe364474aa4264543548156abe34753581a80982..55c8f29c2834ea97f4ea17f5013e20df4816354b 100644 (file)
--- a/src/shared/dissect-image.h
+++ b/src/shared/dissect-image.h
@@ -186,8 +186,8 @@ PartitionDesignator partition_designator_from_string(const char *name) _pure_;
 int verity_settings_load(VeritySettings *verity, const char *image, const char *root_hash_path, const char *root_hash_sig_path);
 void verity_settings_done(VeritySettings *verity);
 
-bool dissected_image_can_do_verity(const DissectedImage *image, PartitionDesignator d);
-bool dissected_image_has_verity(const DissectedImage *image, PartitionDesignator d);
+bool dissected_image_verity_candidate(const DissectedImage *image, PartitionDesignator d);
+bool dissected_image_verity_ready(const DissectedImage *image, PartitionDesignator d);
 
 int mount_image_privately_interactively(const char *path, DissectImageFlags flags, char **ret_directory, LoopDevice **ret_loop_device, DecryptedImage **ret_decrypted_image);