morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-15 17:06:39 +09:00
Code Issues Packages Projects Releases Wiki Activity

sysext: add verity boilerplate

Browse Source
This commit is contained in:
Luca Boccassi
2021-01-10 13:34:56 +00:00
committed by Lennart Poettering
parent d577d4a432
commit 44bb7b0956
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/sysext/sysext.c
View File

@@ -470,8 +470,16 @@ static int merge_subprocess(Hashmap *images, const char *workspace) {
_cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
_cleanup_(loop_device_unrefp) LoopDevice *d = NULL;
_cleanup_(decrypted_image_unrefp) DecryptedImage *di = NULL;
_cleanup_(verity_settings_done) VeritySettings verity_settings = VERITY_SETTINGS_DEFAULT;
DissectImageFlags flags = DISSECT_IMAGE_READ_ONLY|DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_MOUNT_ROOT_ONLY;
r = verity_settings_load(&verity_settings, img->path, NULL, NULL);
if (r < 0)
return log_error_errno(r, "Failed to read verity artifacts for %s: %m", img->path);
if (verity_settings.data_path)
flags |= DISSECT_IMAGE_NO_PARTITION_TABLE;
r = loop_device_make_by_path(img->path, O_RDONLY, 0, &d);
if (r < 0)
return log_error_errno(r, "Failed to set up loopback device: %m");
@@ -479,7 +487,7 @@ static int merge_subprocess(Hashmap *images, const char *workspace) {
r = dissect_image_and_warn(
d->fd,
img->path,
NULL,
&verity_settings,
NULL,
flags,
&m);
@@ -488,7 +496,7 @@ static int merge_subprocess(Hashmap *images, const char *workspace) {
r = dissected_image_decrypt_interactively(
m, NULL,
NULL,
&verity_settings,
flags,
&di);
if (r < 0)