shaba/ostree
1
0
Fork 0
mirror of https://github.com/ostreedev/ostree.git synced 2025-02-07 05:57:58 +03:00
Code Issues Projects Releases Wiki Activity

_ostree_ensure_fsverity: Properly check for errors

Browse Source 
If fs_verity_wanted == _OSTREE_FEATURE_YES we should fail if
!suported, but we were checking !supported where supported is a
pointer, not a boolean. This caused us to miss errors when the kernel
didn't support fs-verity that lead to lots of debugging.
This commit is contained in:
Alexander Larsson 2024-04-08 17:05:23 +02:00
parent d05c48b746
commit 374fb05d0e
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/libostree/ostree-repo-verity.c
View File

@ -224,9 +224,10 @@ _ostree_tmpf_fsverity (OstreeRepo *self, GLnxTmpfile *tmpf, GBytes *signature, G
gboolean
_ostree_ensure_fsverity (OstreeRepo *self, gboolean allow_enoent, int dirfd, const char *path,
gboolean *supported, GError **error)
gboolean *supported_out, GError **error)
{
struct stat buf;
gboolean supported;
if (fstatat (dirfd, path, &buf, AT_SYMLINK_NOFOLLOW) != 0)
{
@ -243,11 +244,14 @@ _ostree_ensure_fsverity (OstreeRepo *self, gboolean allow_enoent, int dirfd, con
if (fd < 0)
return glnx_throw_errno_prefix (error, "openat(%s)", path);
if (!_ostree_fsverity_enable (fd, TRUE, supported, NULL, error))
if (!_ostree_fsverity_enable (fd, TRUE, &supported, NULL, error))
return FALSE;
if (!supported && self->fs_verity_wanted == _OSTREE_FEATURE_YES)
return glnx_throw (error, "fsverity required but filesystem does not support it");
if (supported_out)
*supported_out = supported;
return TRUE;
}