diff options
Diffstat (limited to 'src/dissect/dissect.c')
| -rw-r--r-- | src/dissect/dissect.c | 61 |
1 files changed, 36 insertions, 25 deletions
diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c index e1418419f7..9ae632f226 100644 --- a/src/dissect/dissect.c +++ b/src/dissect/dissect.c @@ -12,6 +12,7 @@ #include "loop-util.h" #include "main-func.h" #include "parse-util.h" +#include "path-util.h" #include "string-util.h" #include "strv.h" #include "user-util.h" @@ -25,21 +26,25 @@ static const char *arg_image = NULL; static const char *arg_path = NULL; static DissectImageFlags arg_flags = DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_DISCARD_ON_LOOP|DISSECT_IMAGE_RELAX_VAR_CHECK|DISSECT_IMAGE_FSCK; static void *arg_root_hash = NULL; +static char *arg_verity_data = NULL; static size_t arg_root_hash_size = 0; STATIC_DESTRUCTOR_REGISTER(arg_root_hash, freep); +STATIC_DESTRUCTOR_REGISTER(arg_verity_data, freep); static void help(void) { printf("%s [OPTIONS...] IMAGE\n" "%s [OPTIONS...] --mount IMAGE PATH\n" "Dissect a file system OS image.\n\n" - " -h --help Show this help\n" - " --version Show package version\n" - " -m --mount Mount the image to the specified directory\n" - " -r --read-only Mount read-only\n" - " --fsck=BOOL Run fsck before mounting\n" - " --discard=MODE Choose 'discard' mode (disabled, loop, all, crypto)\n" - " --root-hash=HASH Specify root hash for verity\n", + " -h --help Show this help\n" + " --version Show package version\n" + " -m --mount Mount the image to the specified directory\n" + " -r --read-only Mount read-only\n" + " --fsck=BOOL Run fsck before mounting\n" + " --discard=MODE Choose 'discard' mode (disabled, loop, all, crypto)\n" + " --root-hash=HASH Specify root hash for verity\n" + " --verity-data=PATH Specify data file with hash tree for verity if it is\n" + " not embedded in IMAGE\n", program_invocation_short_name, program_invocation_short_name); } @@ -51,16 +56,18 @@ static int parse_argv(int argc, char *argv[]) { ARG_DISCARD, ARG_ROOT_HASH, ARG_FSCK, + ARG_VERITY_DATA, }; static const struct option options[] = { - { "help", no_argument, NULL, 'h' }, - { "version", no_argument, NULL, ARG_VERSION }, - { "mount", no_argument, NULL, 'm' }, - { "read-only", no_argument, NULL, 'r' }, - { "discard", required_argument, NULL, ARG_DISCARD }, - { "root-hash", required_argument, NULL, ARG_ROOT_HASH }, - { "fsck", required_argument, NULL, ARG_FSCK }, + { "help", no_argument, NULL, 'h' }, + { "version", no_argument, NULL, ARG_VERSION }, + { "mount", no_argument, NULL, 'm' }, + { "read-only", no_argument, NULL, 'r' }, + { "discard", required_argument, NULL, ARG_DISCARD }, + { "root-hash", required_argument, NULL, ARG_ROOT_HASH }, + { "fsck", required_argument, NULL, ARG_FSCK }, + { "verity-data", required_argument, NULL, ARG_VERITY_DATA }, {} }; @@ -127,6 +134,12 @@ static int parse_argv(int argc, char *argv[]) { break; } + case ARG_VERITY_DATA: + r = parse_path_argument_and_warn(optarg, false, &arg_verity_data); + if (r < 0) + return r; + break; + case ARG_FSCK: r = parse_boolean(optarg); if (r < 0) @@ -188,13 +201,13 @@ static int run(int argc, char *argv[]) { if (r < 0) return log_error_errno(r, "Failed to set up loopback device: %m"); - if (!arg_root_hash) { - r = root_hash_load(arg_image, &arg_root_hash, &arg_root_hash_size); - if (r < 0) - return log_error_errno(r, "Failed to read root hash file for %s: %m", arg_image); - } + r = verity_metadata_load(arg_image, arg_root_hash ? NULL : &arg_root_hash, &arg_root_hash_size, + arg_verity_data ? NULL : &arg_verity_data); + if (r < 0) + return log_error_errno(r, "Failed to read verity artefacts for %s: %m", arg_image); + arg_flags |= arg_verity_data ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0; - r = dissect_image_and_warn(d->fd, arg_image, arg_root_hash, arg_root_hash_size, arg_flags, &m); + r = dissect_image_and_warn(d->fd, arg_image, arg_root_hash, arg_root_hash_size, arg_verity_data, arg_flags, &m); if (r < 0) return r; @@ -205,7 +218,6 @@ static int run(int argc, char *argv[]) { for (i = 0; i < _PARTITION_DESIGNATOR_MAX; i++) { DissectedPartition *p = m->partitions + i; - int k; if (!p->found) continue; @@ -223,9 +235,8 @@ static int run(int argc, char *argv[]) { if (p->architecture != _ARCHITECTURE_INVALID) printf(" for %s", architecture_to_string(p->architecture)); - k = PARTITION_VERITY_OF(i); - if (k >= 0) - printf(" %s verity", m->partitions[k].found ? "with" : "without"); + if (dissected_image_can_do_verity(m, i)) + printf(" %s verity", dissected_image_has_verity(m, i) ? "with" : "without"); if (p->partno >= 0) printf(" on partition #%i", p->partno); @@ -268,7 +279,7 @@ static int run(int argc, char *argv[]) { } case ACTION_MOUNT: - r = dissected_image_decrypt_interactively(m, NULL, arg_root_hash, arg_root_hash_size, arg_flags, &di); + r = dissected_image_decrypt_interactively(m, NULL, arg_root_hash, arg_root_hash_size, arg_verity_data, arg_flags, &di); if (r < 0) return r; |