repart: do not fail if no key/cert provided and verity-sig is deferred

diff --git a/src/repart/repart.c b/src/repart/repart.c
index 1a5b485d5a1a59578e408a6128e339eb62332aec..fe98893f39731cbf41d1d7771968ac2b3253147c 100644 (file)
--- a/src/repart/repart.c
+++ b/src/repart/repart.c
@@ -2487,11 +2487,11 @@ static int partition_read_definition(Partition *p, const char *path, const char
                 return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL),
                                   "Encrypting verity hash/data partitions is not supported.");
 
-        if (p->verity == VERITY_SIG && !arg_private_key)
+        if (p->verity == VERITY_SIG && !arg_private_key && !partition_type_defer(&p->type))
                 return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL),
                                   "Verity signature partition requested but no private key provided (--private-key=).");
 
-        if (p->verity == VERITY_SIG && !arg_certificate)
+        if (p->verity == VERITY_SIG && !arg_certificate && !partition_type_defer(&p->type))
                 return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL),
                                   "Verity signature partition requested but no PEM certificate provided (--certificate=).");