portable: reject root directories without an ID field in os-release

We always require at least ID to be set in os-release, reject
and propagate error to the caller instead of asserting later

diff --git a/src/portable/portable.c b/src/portable/portable.c
index 2191d6c65370bbdfe408c76001b4538da7de412c..c4f42f95007088393d3914199125dad2aa2a2a95 100644 (file)
--- a/src/portable/portable.c
+++ b/src/portable/portable.c
@@ -582,6 +582,8 @@ static int extract_image_and_extensions(
                                    "PORTABLE_PREFIXES", &prefixes);
                 if (r < 0)
                         return r;
+                if (isempty(id))
+                        return sd_bus_error_set_errnof(error, SYNTHETIC_ERRNO(ESTALE), "Image %s os-release metadata lacks the ID field", name_or_path);
 
                 if (prefixes) {
                         valid_prefixes = strv_split(prefixes, WHITESPACE);

diff --git a/test/units/testsuite-29.sh b/test/units/testsuite-29.sh
index 47fd31b9b3a69042ca9f27ffdf8e2e6acb4743f2..2a2aa957990c023ae04b6b99c38385d63618cfad 100755 (executable)
--- a/test/units/testsuite-29.sh
+++ b/test/units/testsuite-29.sh
@@ -152,6 +152,16 @@ umount /tmp/rootdir
 umount /tmp/app0
 umount /tmp/app1
 
+# Lack of ID field in os-release should be rejected, but it caused a crash in the past instead
+mkdir -p /tmp/emptyroot/usr/lib
+mkdir -p /tmp/emptyext/usr/lib/extension-release.d
+touch /tmp/emptyroot/usr/lib/os-release
+touch /tmp/emptyext/usr/lib/extension-release.d/extension-release.emptyext
+
+# Remote peer disconnected -> portabled crashed
+res="$(! portablectl attach --extension /tmp/emptyext /tmp/emptyroot 2> >(grep "Remote peer disconnected"))"
+test -z "${res}"
+
 echo OK >/testok
 
 exit 0