From: Lennart Poettering Date: Wed, 8 Sep 2021 15:26:32 +0000 (+0200) Subject: dissect-image: rename dissected_image_has_verity()/_can_do_verity() X-Git-Tag: v250-rc1~701^2~10 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=495367666b6742cdb8834f195b2578bf5029a33b;p=thirdparty%2Fsystemd.git dissect-image: rename dissected_image_has_verity()/_can_do_verity() Let's also pick more precise names for these helpers that are used for the tabular output: one checks whether a partition is candidate for verity at all, and the other checks if it is ready to be used for it. Let's make this clearer in the name. --- diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c index a42b138a804..3f464f8dade 100644 --- a/src/dissect/dissect.c +++ b/src/dissect/dissect.c @@ -514,8 +514,8 @@ static int action_dissect(DissectedImage *m, LoopDevice *d) { if (arg_verity_settings.data_path) r = table_add_cell(t, NULL, TABLE_STRING, "external"); - else if (dissected_image_can_do_verity(m, i)) - r = table_add_cell(t, NULL, TABLE_STRING, yes_no(dissected_image_has_verity(m, i))); + else if (dissected_image_verity_candidate(m, i)) + r = table_add_cell(t, NULL, TABLE_STRING, yes_no(dissected_image_verity_ready(m, i))); else r = table_add_cell(t, NULL, TABLE_EMPTY, NULL); if (r < 0) diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 6b73c650e21..20eade5a2a2 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -2840,18 +2840,35 @@ int dissect_image_and_warn( } } -bool dissected_image_can_do_verity(const DissectedImage *image, PartitionDesignator partition_designator) { +bool dissected_image_verity_candidate(const DissectedImage *image, PartitionDesignator partition_designator) { + assert(image); + + /* Checks if this partition could theoretically do Verity. For non-partitioned images this only works + * if there's an external verity file supplied, for which we can consult .has_verity. For partitioned + * images we only check the partition type. + * + * This call is used to decide whether to suppress or show a verity column in tabular output of the + * image. */ + if (image->single_file_system) return partition_designator == PARTITION_ROOT && image->has_verity; return PARTITION_VERITY_OF(partition_designator) >= 0; } -bool dissected_image_has_verity(const DissectedImage *image, PartitionDesignator partition_designator) { - int k; +bool dissected_image_verity_ready(const DissectedImage *image, PartitionDesignator partition_designator) { + PartitionDesignator k; + + assert(image); + + /* Checks if this partition has verity data available that we can activate. For non-partitioned this + * works for the root partition, for others only if the associated verity partition was found. */ + + if (!image->verity_ready) + return false; if (image->single_file_system) - return partition_designator == PARTITION_ROOT && image->verity_ready; + return partition_designator == PARTITION_ROOT; k = PARTITION_VERITY_OF(partition_designator); return k >= 0 && image->partitions[k].found; diff --git a/src/shared/dissect-image.h b/src/shared/dissect-image.h index fe364474aa4..55c8f29c283 100644 --- a/src/shared/dissect-image.h +++ b/src/shared/dissect-image.h @@ -186,8 +186,8 @@ PartitionDesignator partition_designator_from_string(const char *name) _pure_; int verity_settings_load(VeritySettings *verity, const char *image, const char *root_hash_path, const char *root_hash_sig_path); void verity_settings_done(VeritySettings *verity); -bool dissected_image_can_do_verity(const DissectedImage *image, PartitionDesignator d); -bool dissected_image_has_verity(const DissectedImage *image, PartitionDesignator d); +bool dissected_image_verity_candidate(const DissectedImage *image, PartitionDesignator d); +bool dissected_image_verity_ready(const DissectedImage *image, PartitionDesignator d); int mount_image_privately_interactively(const char *path, DissectImageFlags flags, char **ret_directory, LoopDevice **ret_loop_device, DecryptedImage **ret_decrypted_image);