diff options
Diffstat (limited to 'src/shared/dissect-image.c')
| -rw-r--r-- | src/shared/dissect-image.c | 37 |
1 files changed, 22 insertions, 15 deletions
diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 2c8a5d85bf..e576518c6b 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -1421,7 +1421,7 @@ int decrypted_image_relinquish(DecryptedImage *d) { return 0; } -int verity_metadata_load(const char *image, void **ret_roothash, size_t *ret_roothash_size, char **ret_verity_data) { +int verity_metadata_load(const char *image, const char *root_hash_path, void **ret_roothash, size_t *ret_roothash_size, char **ret_verity_data) { _cleanup_free_ char *verity_filename = NULL; _cleanup_free_ void *roothash_decoded = NULL; size_t roothash_decoded_size = 0; @@ -1465,24 +1465,31 @@ int verity_metadata_load(const char *image, void **ret_roothash, size_t *ret_roo _cleanup_free_ char *text = NULL; assert(ret_roothash_size); - r = getxattr_malloc(image, "user.verity.roothash", &text, true); - if (r < 0) { - char *fn, *e, *n; - - if (!IN_SET(r, -ENODATA, -EOPNOTSUPP, -ENOENT)) + if (root_hash_path) { + /* We have the path to a roothash to load and decode, eg: RootHash=/foo/bar.roothash */ + r = read_one_line_file(root_hash_path, &text); + if (r < 0) return r; + } else { + r = getxattr_malloc(image, "user.verity.roothash", &text, true); + if (r < 0) { + char *fn, *e, *n; + + if (!IN_SET(r, -ENODATA, -EOPNOTSUPP, -ENOENT)) + return r; - fn = newa(char, strlen(image) + STRLEN(".roothash") + 1); - n = stpcpy(fn, image); - e = endswith(fn, ".raw"); - if (e) - n = e; + fn = newa(char, strlen(image) + STRLEN(".roothash") + 1); + n = stpcpy(fn, image); + e = endswith(fn, ".raw"); + if (e) + n = e; - strcpy(n, ".roothash"); + strcpy(n, ".roothash"); - r = read_one_line_file(fn, &text); - if (r < 0 && r != -ENOENT) - return r; + r = read_one_line_file(fn, &text); + if (r < 0 && r != -ENOENT) + return r; + } } if (text) { |