morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 08:25:20 +09:00
Code Issues Packages Projects Releases Wiki Activity

dissect-image: move extension release arguments of verity_dissect_and_mount() into a structure

Browse Source
This commit is contained in:
Lennart Poettering
2025-03-18 22:24:00 +01:00
parent a05b344330
commit bcd904d471
4 changed files with 48 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
src/core/namespace.c
View File

@@ -1476,9 +1476,8 @@ static int mount_image(
const char *root_directory,
const ImagePolicy *image_policy) {
_cleanup_free_ char *host_os_release_id = NULL, *host_os_release_version_id = NULL,
*host_os_release_sysext_level = NULL, *host_os_release_confext_level = NULL,
*extension_name = NULL;
_cleanup_(extension_release_data_done) ExtensionReleaseData rdata = {};
_cleanup_free_ char *extension_name = NULL;
int r;
assert(m);
@@ -1490,14 +1489,14 @@ static int mount_image(
if (m->mode == MOUNT_EXTENSION_IMAGE) {
r = parse_os_release(
empty_to_root(root_directory),
"ID", &host_os_release_id,
"VERSION_ID", &host_os_release_version_id,
image_class_info[IMAGE_SYSEXT].level_env, &host_os_release_sysext_level,
image_class_info[IMAGE_CONFEXT].level_env, &host_os_release_confext_level,
"ID", &rdata.os_release_id,
"VERSION_ID", &rdata.os_release_version_id,
image_class_info[IMAGE_SYSEXT].level_env, &rdata.os_release_sysext_level,
image_class_info[IMAGE_CONFEXT].level_env, &rdata.os_release_confext_level,
NULL);
if (r < 0)
return log_debug_errno(r, "Failed to acquire 'os-release' data of OS tree '%s': %m", empty_to_root(root_directory));
if (isempty(host_os_release_id))
if (isempty(rdata.os_release_id))
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "'ID' field not found or empty in 'os-release' data of OS tree '%s'.", empty_to_root(root_directory));
}
@@ -1508,26 +1507,22 @@ static int mount_image(
m->image_options_const,
image_policy,
/* image_filter= */ NULL,
host_os_release_id,
host_os_release_version_id,
host_os_release_sysext_level,
host_os_release_confext_level,
/* required_sysext_scope= */ NULL,
&rdata,
&m->verity,
/* ret_image= */ NULL);
if (r == -ENOENT && m->ignore)
return 0;
if (r == -ESTALE && host_os_release_id)
if (r == -ESTALE && rdata.os_release_id)
return log_error_errno(r, // FIXME: this should not be logged ad LOG_ERR, as it will result in duplicate logging.
"Failed to mount image %s, extension-release metadata does not match the lower layer's: ID=%s%s%s%s%s%s%s",
mount_entry_source(m),
host_os_release_id,
host_os_release_version_id ? " VERSION_ID=" : "",
strempty(host_os_release_version_id),
host_os_release_sysext_level ? image_class_info[IMAGE_SYSEXT].level_env_print : "",
strempty(host_os_release_sysext_level),
host_os_release_confext_level ? image_class_info[IMAGE_CONFEXT].level_env_print : "",
strempty(host_os_release_confext_level));
rdata.os_release_id,
rdata.os_release_version_id ? " VERSION_ID=" : "",
strempty(rdata.os_release_version_id),
rdata.os_release_sysext_level ? image_class_info[IMAGE_SYSEXT].level_env_print : "",
strempty(rdata.os_release_sysext_level),
rdata.os_release_confext_level ? image_class_info[IMAGE_CONFEXT].level_env_print : "",
strempty(rdata.os_release_confext_level));
if (r < 0)
return log_debug_errno(r, "Failed to mount image %s on %s: %m", mount_entry_source(m), mount_entry_path(m));

30
src/shared/dissect-image.c
View File

@@ -4286,11 +4286,7 @@ int verity_dissect_and_mount(
const MountOptions *options,
const ImagePolicy *image_policy,
const ImageFilter *image_filter,
const char *required_host_os_release_id,
const char *required_host_os_release_version_id,
const char *required_host_os_release_sysext_level,
const char *required_host_os_release_confext_level,
const char *required_sysext_scope,
const ExtensionReleaseData *extension_release_data,
VeritySettings *verity,
DissectedImage **ret_image) {
@@ -4304,7 +4300,7 @@ int verity_dissect_and_mount(
assert(src);
/* Verifying release metadata requires mounted image for now, so ensure the check is skipped when
* opening an image without mounting it immediately (i.e.: 'dest' is NULL). */
assert(!required_host_os_release_id || dest);
assert(!extension_release_data || dest);
relax_extension_release_check = mount_options_relax_extension_release_checks(options);
@@ -4403,11 +4399,11 @@ int verity_dissect_and_mount(
* First, check the distro ID. If that matches, then check the new SYSEXT_LEVEL value if
* available, or else fallback to VERSION_ID. If neither is present (eg: rolling release),
* then a simple match on the ID will be performed. */
if (required_host_os_release_id) {
if (extension_release_data && extension_release_data->os_release_id) {
_cleanup_strv_free_ char **extension_release = NULL;
ImageClass class = IMAGE_SYSEXT;
assert(!isempty(required_host_os_release_id));
assert(!isempty(extension_release_data->os_release_id));
r = load_extension_release_pairs(dest, IMAGE_SYSEXT, dissected_image->image_name, relax_extension_release_check, &extension_release);
if (r == -ENOENT) {
@@ -4420,10 +4416,10 @@ int verity_dissect_and_mount(
r = extension_release_validate(
dissected_image->image_name,
required_host_os_release_id,
required_host_os_release_version_id,
class == IMAGE_SYSEXT ? required_host_os_release_sysext_level : required_host_os_release_confext_level,
required_sysext_scope,
extension_release_data->os_release_id,
extension_release_data->os_release_version_id,
class == IMAGE_SYSEXT ? extension_release_data->os_release_sysext_level : extension_release_data->os_release_confext_level,
extension_release_data->os_release_extension_scope,
extension_release,
class);
if (r == 0)
@@ -4442,6 +4438,16 @@ int verity_dissect_and_mount(
return 0;
}
void extension_release_data_done(ExtensionReleaseData *data) {
assert(data);
data->os_release_id = mfree(data->os_release_id);
data->os_release_version_id = mfree(data->os_release_version_id);
data->os_release_sysext_level = mfree(data->os_release_sysext_level);
data->os_release_confext_level = mfree(data->os_release_confext_level);
data->os_release_extension_scope = mfree(data->os_release_extension_scope);
}
int get_common_dissect_directory(char **ret) {
_cleanup_free_ char *t = NULL;
int r;

13
src/shared/dissect-image.h
View File

@@ -20,6 +20,7 @@ typedef struct DecryptedImage DecryptedImage;
typedef struct MountOptions MountOptions;
typedef struct VeritySettings VeritySettings;
typedef struct ImageFilter ImageFilter;
typedef struct ExtensionReleaseData ExtensionReleaseData;
struct DissectedPartition {
bool found:1;
@@ -154,6 +155,14 @@ struct ImageFilter {
char *pattern[_PARTITION_DESIGNATOR_MAX];
};
struct ExtensionReleaseData {
char *os_release_id;
char *os_release_version_id;
char *os_release_sysext_level;
char *os_release_confext_level;
char *os_release_extension_scope;
};
/* We include image-policy.h down here, since ImagePolicy wants a complete definition of PartitionDesignator first. */
#include "image-policy.h"
@@ -248,7 +257,7 @@ bool dissected_image_verity_sig_ready(const DissectedImage *image, PartitionDesi
int mount_image_privately_interactively(const char *path, const ImagePolicy *image_policy, DissectImageFlags flags, char **ret_directory, int *ret_dir_fd, LoopDevice **ret_loop_device);
int verity_dissect_and_mount(int src_fd, const char *src, const char *dest, const MountOptions *options, const ImagePolicy *image_policy, const ImageFilter *image_filter, const char *required_host_os_release_id, const char *required_host_os_release_version_id, const char *required_host_os_release_sysext_level, const char *required_host_os_release_confext_level, const char *required_sysext_scope, VeritySettings *verity, DissectedImage **ret_image);
int verity_dissect_and_mount(int src_fd, const char *src, const char *dest, const MountOptions *options, const ImagePolicy *image_policy, const ImageFilter *image_filter, const ExtensionReleaseData *required_release_data, VeritySettings *verity, DissectedImage **ret_image);
int dissect_fstype_ok(const char *fstype);
@@ -257,6 +266,8 @@ int probe_sector_size_prefer_ioctl(int fd, uint32_t *ret);
int partition_pick_mount_options(PartitionDesignator d, const char *fstype, bool rw, bool discard, char **ret_options, unsigned long *ret_ms_flags);
void extension_release_data_done(ExtensionReleaseData *data);
static inline const char* dissected_partition_fstype(const DissectedPartition *m) {
assert(m);

12
src/shared/mount-util.c
View File

@@ -970,11 +970,7 @@ static int mount_in_namespace_legacy(
options,
image_policy,
/* image_filter= */ NULL,
/* required_host_os_release_id= */ NULL,
/* required_host_os_release_version_id= */ NULL,
/* required_host_os_release_sysext_level= */ NULL,
/* required_host_os_release_confext_level= */ NULL,
/* required_sysext_scope= */ NULL,
/* extension_release_data= */ NULL,
/* verity= */ NULL,
/* ret_image= */ NULL);
else
@@ -1195,11 +1191,7 @@ static int mount_in_namespace(
options,
image_policy,
/* image_filter= */ NULL,
/* required_host_os_release_id= */ NULL,
/* required_host_os_release_version_id= */ NULL,
/* required_host_os_release_sysext_level= */ NULL,
/* required_host_os_release_confext_level= */ NULL,
/* required_sysext_scope= */ NULL,
/* extension_release_data= */ NULL,
/* verity= */ NULL,
&img);
if (r < 0)