morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 00:14:32 +09:00
Code Issues Packages Projects Releases Wiki Activity

discover-image: support reading metadata from verity enabled DDI images, too

Browse Source
This commit is contained in:
Lennart Poettering
2025-11-12 16:48:26 +01:00
committed by Yu Watanabe
parent 7e8f6ece84
commit d3c6a172a0
1 changed files with 27 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/shared/discover-image.c
View File

@@ -1997,6 +1997,7 @@ int image_read_metadata(Image *i, const ImagePolicy *image_policy, RuntimeScope
case IMAGE_RAW:
case IMAGE_BLOCK: {
_cleanup_(verity_settings_done) VeritySettings verity = VERITY_SETTINGS_DEFAULT;
_cleanup_(loop_device_unrefp) LoopDevice *d = NULL;
_cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
DissectImageFlags flags =
@@ -2019,25 +2020,47 @@ int image_read_metadata(Image *i, const ImagePolicy *image_policy, RuntimeScope
LOCK_SH,
&d);
if (r < 0)
return r;
return log_debug_errno(r, "Failed to create loopback device of '%s': %m", i->path);
r = dissect_loop_device(
d,
/* verity= */ NULL,
&verity,
/* mount_options= */ NULL,
image_policy,
/* image_filter= */ NULL,
flags,
&m);
if (r < 0)
return r;
return log_debug_errno(r, "Failed to dissect image '%s': %m", i->path);
r = dissected_image_load_verity_sig_partition(
m,
d->fd,
&verity);
if (r < 0)
return log_debug_errno(r, "Failed to load Verity signature partition of '%s': %m", i->path);
r = dissected_image_guess_verity_roothash(
m,
&verity);
if (r < 0)
return log_debug_errno(r, "Failed to guess Verity root hash of '%s': %m", i->path);
r = dissected_image_decrypt(
m,
/* passphrase= */ NULL,
&verity,
image_policy,
flags);
if (r < 0)
return log_debug_errno(r, "Failed to decrypt image '%s': %m", i->path);
r = dissected_image_acquire_metadata(
m,
/* userns_fd= */ -EBADF,
flags);
if (r < 0)
return r;
return log_debug_errno(r, "Failed to acquire medata from image '%s': %m", i->path);
free_and_replace(i->hostname, m->hostname);
i->machine_id = m->machine_id;
@@ -2045,7 +2068,6 @@ int image_read_metadata(Image *i, const ImagePolicy *image_policy, RuntimeScope
strv_free_and_replace(i->os_release, m->os_release);
strv_free_and_replace(i->sysext_release, m->sysext_release);
strv_free_and_replace(i->confext_release, m->confext_release);
break;
}