diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-12-23 17:10:42 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2017-02-07 12:21:28 +0100 |
commit | 78ebe98061eb527f17691929f470f262a7ab2c8f (patch) | |
tree | 59683606cfb85012fb77d4416a95ffa4144c0acd /src/shared | |
parent | 915e6d1676cf73c4f927f3bbfa21ee82640b1832 (diff) |
core,nspawn,dissect: make nspawn's .roothash file search reusable
This makes nspawn's logic of automatically discovering the root hash of
an image file generic, and then reuses it in systemd-dissect and in
PID1's RootImage= logic, so that verity is automatically set up whenever
we can.
Diffstat (limited to 'src/shared')
-rw-r--r-- | src/shared/dissect-image.c | 51 | ||||
-rw-r--r-- | src/shared/dissect-image.h | 2 |
2 files changed, 53 insertions, 0 deletions
diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 5fc2ce25f0..f3cd663602 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -28,8 +28,10 @@ #include "blkid-util.h" #include "dissect-image.h" #include "fd-util.h" +#include "fileio.h" #include "fs-util.h" #include "gpt.h" +#include "hexdecoct.h" #include "mount-util.h" #include "path-util.h" #include "stat-util.h" @@ -1087,6 +1089,55 @@ int decrypted_image_relinquish(DecryptedImage *d) { return 0; } +int root_hash_load(const char *image, void **ret, size_t *ret_size) { + _cleanup_free_ char *text = NULL; + _cleanup_free_ void *k = NULL; + char *fn, *e, *n; + size_t l; + int r; + + assert(image); + assert(ret); + assert(ret_size); + + if (is_device_path(image)) { + /* If we are asked to load the root hash for a device node, exit early */ + *ret = NULL; + *ret_size = 0; + return 0; + } + + fn = newa(char, strlen(image) + strlen(".roothash") + 1); + n = stpcpy(fn, image); + e = endswith(fn, ".raw"); + if (e) + n = e; + + strcpy(n, ".roothash"); + + r = read_one_line_file(fn, &text); + if (r == -ENOENT) { + *ret = NULL; + *ret_size = 0; + return 0; + } + if (r < 0) + return r; + + r = unhexmem(text, strlen(text), &k, &l); + if (r < 0) + return r; + if (l < sizeof(sd_id128_t)) + return -EINVAL; + + *ret = k; + *ret_size = l; + + k = NULL; + + return 1; +} + static const char *const partition_designator_table[] = { [PARTITION_ROOT] = "root", [PARTITION_ROOT_SECONDARY] = "root-secondary", diff --git a/src/shared/dissect-image.h b/src/shared/dissect-image.h index 26319bd8e7..cdb083be6f 100644 --- a/src/shared/dissect-image.h +++ b/src/shared/dissect-image.h @@ -94,3 +94,5 @@ int decrypted_image_relinquish(DecryptedImage *d); const char* partition_designator_to_string(int i) _const_; int partition_designator_from_string(const char *name) _pure_; + +int root_hash_load(const char *image, void **ret, size_t *ret_size); |