From 92d22065342e322ba0c34cdd9c8047a58bc69a18 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Mon, 3 Feb 2025 10:38:00 +0100
Subject: [PATCH] repart: do not fail if no key/cert provided and verity-sig is
 deferred

---
 src/repart/repart.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/repart/repart.c b/src/repart/repart.c
index 1a5b485d5a1..fe98893f397 100644
--- a/src/repart/repart.c
+++ b/src/repart/repart.c
@@ -2487,11 +2487,11 @@ static int partition_read_definition(Partition *p, const char *path, const char
                 return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL),
                                   "Encrypting verity hash/data partitions is not supported.");
 
-        if (p->verity == VERITY_SIG && !arg_private_key)
+        if (p->verity == VERITY_SIG && !arg_private_key && !partition_type_defer(&p->type))
                 return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL),
                                   "Verity signature partition requested but no private key provided (--private-key=).");
 
-        if (p->verity == VERITY_SIG && !arg_certificate)
+        if (p->verity == VERITY_SIG && !arg_certificate && !partition_type_defer(&p->type))
                 return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL),
                                   "Verity signature partition requested but no PEM certificate provided (--certificate=).");
 
-- 
2.47.3