}
static int append_mount_images(MountList *ml, const MountImage *mount_images, size_t n) {
+ int r;
+
assert(ml);
assert(mount_images || n == 0);
FOREACH_ARRAY(m, mount_images, n) {
+ _cleanup_(verity_settings_done) VeritySettings verity = VERITY_SETTINGS_DEFAULT;
MountEntry *me = mount_list_extend(ml);
if (!me)
return log_oom_debug();
+ r = verity_settings_load(&verity, m->source, /* root_hash_path= */ NULL, /* root_hash_sig_path= */ NULL);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to check verity root hash of %s: %m", m->source);
+
*me = (MountEntry) {
.path_const = m->destination,
.mode = MOUNT_IMAGE,
.source_const = m->source,
.image_options_const = m->mount_options,
.ignore = m->ignore_enoent,
+ .verity = TAKE_GENERIC(verity, VeritySettings, VERITY_SETTINGS_DEFAULT),
};
}
-p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
-p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \
cat /run/img2/usr/lib/os-release | grep -q -F "MARKER=1"
+systemd-run -P \
+ -p MountImages="$MINIMAL_IMAGE.raw:/run/img2" \
+ veritysetup status "${MINIMAL_IMAGE_ROOTHASH}-verity" | grep -q "${MINIMAL_IMAGE_ROOTHASH}"
cat >/run/systemd/system/testservice-50c.service <<EOF
[Service]
MountAPIVFS=yes
projects / thirdparty / systemd.git / commitdiff
