From: Daan De Meyer Date: Thu, 16 Mar 2023 21:11:31 +0000 (+0100) Subject: repart: Zero full verity signature partition size X-Git-Tag: v254-rc1~991^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d28c6ce62c4915ec5f7e10dc49be5e51c2356dad;p=thirdparty%2Fsystemd.git repart: Zero full verity signature partition size systemd-dissect requires the entirety of the partition following the signature to be zeroed, so let's do just that. --- diff --git a/src/partition/repart.c b/src/partition/repart.c index e6314649984..c53bf98fb2b 100644 --- a/src/partition/repart.c +++ b/src/partition/repart.c @@ -3656,7 +3656,7 @@ static int partition_format_verity_sig(Context *context, Partition *p) { _cleanup_free_ char *text = NULL; Partition *hp; uint8_t fp[X509_FINGERPRINT_SIZE]; - size_t sigsz = 0, padsz; /* avoid false maybe-uninitialized warning */ + size_t sigsz = 0; /* avoid false maybe-uninitialized warning */ int whole_fd, r; assert(p->verity == VERITY_SIG); @@ -3702,17 +3702,14 @@ static int partition_format_verity_sig(Context *context, Partition *p) { if (r < 0) return log_error_errno(r, "Failed to format JSON object: %m"); - padsz = round_up_size(strlen(text), 4096); - assert_se(padsz <= p->new_size); - - r = strgrowpad0(&text, padsz); + r = strgrowpad0(&text, p->new_size); if (r < 0) - return log_error_errno(r, "Failed to pad string to %s", FORMAT_BYTES(padsz)); + return log_error_errno(r, "Failed to pad string to %s", FORMAT_BYTES(p->new_size)); if (lseek(whole_fd, p->offset, SEEK_SET) == (off_t) -1) return log_error_errno(errno, "Failed to seek to partition offset: %m"); - r = loop_write(whole_fd, text, padsz, /*do_poll=*/ false); + r = loop_write(whole_fd, text, p->new_size, /*do_poll=*/ false); if (r < 0) return log_error_errno(r, "Failed to write verity signature to partition: %m");