From: Luca Boccassi Date: Sun, 10 Jan 2021 13:34:56 +0000 (+0000) Subject: sysext: add verity boilerplate X-Git-Tag: v248-rc1~298^2~7 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=44bb7b09562a66caee6e8767ea74ded437f8e334;p=thirdparty%2Fsystemd.git sysext: add verity boilerplate --- diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c index ea307dc1d69..c12f40c160d 100644 --- a/src/sysext/sysext.c +++ b/src/sysext/sysext.c @@ -470,8 +470,16 @@ static int merge_subprocess(Hashmap *images, const char *workspace) { _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL; _cleanup_(loop_device_unrefp) LoopDevice *d = NULL; _cleanup_(decrypted_image_unrefp) DecryptedImage *di = NULL; + _cleanup_(verity_settings_done) VeritySettings verity_settings = VERITY_SETTINGS_DEFAULT; DissectImageFlags flags = DISSECT_IMAGE_READ_ONLY|DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_MOUNT_ROOT_ONLY; + r = verity_settings_load(&verity_settings, img->path, NULL, NULL); + if (r < 0) + return log_error_errno(r, "Failed to read verity artifacts for %s: %m", img->path); + + if (verity_settings.data_path) + flags |= DISSECT_IMAGE_NO_PARTITION_TABLE; + r = loop_device_make_by_path(img->path, O_RDONLY, 0, &d); if (r < 0) return log_error_errno(r, "Failed to set up loopback device: %m"); @@ -479,7 +487,7 @@ static int merge_subprocess(Hashmap *images, const char *workspace) { r = dissect_image_and_warn( d->fd, img->path, - NULL, + &verity_settings, NULL, flags, &m); @@ -488,7 +496,7 @@ static int merge_subprocess(Hashmap *images, const char *workspace) { r = dissected_image_decrypt_interactively( m, NULL, - NULL, + &verity_settings, flags, &di); if (r < 0)