From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Mon, 3 Feb 2025 09:38:00 +0000 (+0100)
Subject: repart: do not fail if no key/cert provided and verity-sig is deferred
X-Git-Tag: v258-rc1~1385
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=92d22065342e322ba0c34cdd9c8047a58bc69a18;p=thirdparty%2Fsystemd.git

repart: do not fail if no key/cert provided and verity-sig is deferred
---

diff --git a/src/repart/repart.c b/src/repart/repart.c
index 1a5b485d5a1..fe98893f397 100644
--- a/src/repart/repart.c
+++ b/src/repart/repart.c
@@ -2487,11 +2487,11 @@ static int partition_read_definition(Partition *p, const char *path, const char
                 return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL),
                                   "Encrypting verity hash/data partitions is not supported.");
 
-        if (p->verity == VERITY_SIG && !arg_private_key)
+        if (p->verity == VERITY_SIG && !arg_private_key && !partition_type_defer(&p->type))
                 return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL),
                                   "Verity signature partition requested but no private key provided (--private-key=).");
 
-        if (p->verity == VERITY_SIG && !arg_certificate)
+        if (p->verity == VERITY_SIG && !arg_certificate && !partition_type_defer(&p->type))
                 return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL),
                                   "Verity signature partition requested but no PEM certificate provided (--certificate=).");