Compare commits
10 Commits
73d657162d
...
29e9d4e039
Author | SHA1 | Date |
---|---|---|
Luca Boccassi | 29e9d4e039 | |
Luca Boccassi | b7eefa1996 | |
Luca Boccassi | 2e5b0412f9 | |
Martin Srebotnjak | 69af4849aa | |
Jiri Grönroos | 18d4e0be89 | |
Dmytro Markevych | 7d7b89a015 | |
Léane GRASSER | 8a92365f79 | |
Yu Watanabe | 2b397d43ab | |
Yu Watanabe | 9ad294efd0 | |
Luca Boccassi | 33319701ca |
|
@ -217,7 +217,10 @@ This is based on crypttab(5).
|
||||||
|
|
||||||
<listitem><para>A base64 string encoding the root hash signature prefixed by <literal>base64:</literal> or a
|
<listitem><para>A base64 string encoding the root hash signature prefixed by <literal>base64:</literal> or a
|
||||||
path to roothash signature file used to verify the root hash (in kernel). This feature requires Linux kernel
|
path to roothash signature file used to verify the root hash (in kernel). This feature requires Linux kernel
|
||||||
version 5.4 or more recent.</para>
|
version 5.4 or more recent. Since version 257, if not specified and the data device is in a GPT image with a
|
||||||
|
<ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">
|
||||||
|
Discoverable Partitions Specification</ulink> compliant matching signature partition, it will be
|
||||||
|
automatically loaded and used.</para>
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
18
po/fi.po
18
po/fi.po
|
@ -3,12 +3,13 @@
|
||||||
# Finnish translation of systemd.
|
# Finnish translation of systemd.
|
||||||
# Jan Kuparinen <copper_fin@hotmail.com>, 2021, 2022, 2023.
|
# Jan Kuparinen <copper_fin@hotmail.com>, 2021, 2022, 2023.
|
||||||
# Ricky Tigg <ricky.tigg@gmail.com>, 2022, 2024.
|
# Ricky Tigg <ricky.tigg@gmail.com>, 2022, 2024.
|
||||||
|
# Jiri Grönroos <jiri.gronroos@iki.fi>, 2024.
|
||||||
msgid ""
|
msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||||
"PO-Revision-Date: 2024-09-12 13:43+0000\n"
|
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
|
||||||
"Last-Translator: Ricky Tigg <ricky.tigg@gmail.com>\n"
|
"Last-Translator: Jiri Grönroos <jiri.gronroos@iki.fi>\n"
|
||||||
"Language-Team: Finnish <https://translate.fedoraproject.org/projects/systemd/"
|
"Language-Team: Finnish <https://translate.fedoraproject.org/projects/systemd/"
|
||||||
"main/fi/>\n"
|
"main/fi/>\n"
|
||||||
"Language: fi\n"
|
"Language: fi\n"
|
||||||
|
@ -16,7 +17,7 @@ msgstr ""
|
||||||
"Content-Type: text/plain; charset=UTF-8\n"
|
"Content-Type: text/plain; charset=UTF-8\n"
|
||||||
"Content-Transfer-Encoding: 8bit\n"
|
"Content-Transfer-Encoding: 8bit\n"
|
||||||
"Plural-Forms: nplurals=2; plural=n != 1;\n"
|
"Plural-Forms: nplurals=2; plural=n != 1;\n"
|
||||||
"X-Generator: Weblate 5.7.2\n"
|
"X-Generator: Weblate 5.8.2\n"
|
||||||
|
|
||||||
#: src/core/org.freedesktop.systemd1.policy.in:22
|
#: src/core/org.freedesktop.systemd1.policy.in:22
|
||||||
msgid "Send passphrase back to system"
|
msgid "Send passphrase back to system"
|
||||||
|
@ -112,14 +113,12 @@ msgid "Authentication is required to update a user's home area."
|
||||||
msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi."
|
msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi."
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:53
|
#: src/home/org.freedesktop.home1.policy:53
|
||||||
#, fuzzy
|
|
||||||
msgid "Update your home area"
|
msgid "Update your home area"
|
||||||
msgstr "Päivitä kotialue"
|
msgstr "Päivitä kotialue"
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:54
|
#: src/home/org.freedesktop.home1.policy:54
|
||||||
#, fuzzy
|
|
||||||
msgid "Authentication is required to update your home area."
|
msgid "Authentication is required to update your home area."
|
||||||
msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi."
|
msgstr "Todennus vaaditaan kotialueen päivittämiseksi."
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:63
|
#: src/home/org.freedesktop.home1.policy:63
|
||||||
msgid "Resize a home area"
|
msgid "Resize a home area"
|
||||||
|
@ -1174,14 +1173,11 @@ msgstr "Todennus vaaditaan vanhojen järjestelmäpäivitysten puhdistamiseen."
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
||||||
msgid "Manage optional features"
|
msgid "Manage optional features"
|
||||||
msgstr ""
|
msgstr "Hallitse valinnaisia ominaisuuksia"
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
||||||
#, fuzzy
|
|
||||||
msgid "Authentication is required to manage optional features"
|
msgid "Authentication is required to manage optional features"
|
||||||
msgstr ""
|
msgstr "Todennus vaaditaan valinnaisten ominaisuuksien hallintaan"
|
||||||
"Todennus vaaditaan aktiivisten istuntojen, käyttäjien ja paikkojen "
|
|
||||||
"hallintaan."
|
|
||||||
|
|
||||||
#: src/timedate/org.freedesktop.timedate1.policy:22
|
#: src/timedate/org.freedesktop.timedate1.policy:22
|
||||||
msgid "Set system time"
|
msgid "Set system time"
|
||||||
|
|
6
po/fr.po
6
po/fr.po
|
@ -12,7 +12,7 @@ msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||||
"PO-Revision-Date: 2024-11-07 09:30+0000\n"
|
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
|
||||||
"Last-Translator: Léane GRASSER <leane.grasser@proton.me>\n"
|
"Last-Translator: Léane GRASSER <leane.grasser@proton.me>\n"
|
||||||
"Language-Team: French <https://translate.fedoraproject.org/projects/systemd/"
|
"Language-Team: French <https://translate.fedoraproject.org/projects/systemd/"
|
||||||
"main/fr/>\n"
|
"main/fr/>\n"
|
||||||
|
@ -360,8 +360,8 @@ msgid ""
|
||||||
"Authentication is required to set the statically configured local hostname, "
|
"Authentication is required to set the statically configured local hostname, "
|
||||||
"as well as the pretty hostname."
|
"as well as the pretty hostname."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Une authentification est requise pour définir le nom d'hôte local de manière "
|
"Une authentification est requise pour définir le nom d'hôte local configuré "
|
||||||
"statique, ainsi que le nom d'hôte familier."
|
"de manière statique, ainsi que le nom d'hôte convivial."
|
||||||
|
|
||||||
#: src/hostname/org.freedesktop.hostname1.policy:41
|
#: src/hostname/org.freedesktop.hostname1.policy:41
|
||||||
msgid "Set machine information"
|
msgid "Set machine information"
|
||||||
|
|
15
po/sl.po
15
po/sl.po
|
@ -7,7 +7,7 @@ msgstr ""
|
||||||
"Project-Id-Version: systemd\n"
|
"Project-Id-Version: systemd\n"
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||||
"PO-Revision-Date: 2024-08-26 19:38+0000\n"
|
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
|
||||||
"Last-Translator: Martin Srebotnjak <miles@filmsi.net>\n"
|
"Last-Translator: Martin Srebotnjak <miles@filmsi.net>\n"
|
||||||
"Language-Team: Slovenian <https://translate.fedoraproject.org/projects/"
|
"Language-Team: Slovenian <https://translate.fedoraproject.org/projects/"
|
||||||
"systemd/main/sl/>\n"
|
"systemd/main/sl/>\n"
|
||||||
|
@ -17,7 +17,7 @@ msgstr ""
|
||||||
"Content-Transfer-Encoding: 8bit\n"
|
"Content-Transfer-Encoding: 8bit\n"
|
||||||
"Plural-Forms: nplurals=4; plural=n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || "
|
"Plural-Forms: nplurals=4; plural=n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || "
|
||||||
"n%100==4 ? 2 : 3;\n"
|
"n%100==4 ? 2 : 3;\n"
|
||||||
"X-Generator: Weblate 5.7\n"
|
"X-Generator: Weblate 5.8.2\n"
|
||||||
|
|
||||||
#: src/core/org.freedesktop.systemd1.policy.in:22
|
#: src/core/org.freedesktop.systemd1.policy.in:22
|
||||||
msgid "Send passphrase back to system"
|
msgid "Send passphrase back to system"
|
||||||
|
@ -125,16 +125,13 @@ msgstr ""
|
||||||
"območja."
|
"območja."
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:53
|
#: src/home/org.freedesktop.home1.policy:53
|
||||||
#, fuzzy
|
|
||||||
msgid "Update your home area"
|
msgid "Update your home area"
|
||||||
msgstr "Posodobite domače območje"
|
msgstr "Posodobite domače območje"
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:54
|
#: src/home/org.freedesktop.home1.policy:54
|
||||||
#, fuzzy
|
|
||||||
msgid "Authentication is required to update your home area."
|
msgid "Authentication is required to update your home area."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Preverjanje pristnosti je potrebno za posodobitev uporabnikovega domačega "
|
"Preverjanje pristnosti je potrebno za posodobitev vašega domačega območja."
|
||||||
"območja."
|
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:63
|
#: src/home/org.freedesktop.home1.policy:63
|
||||||
msgid "Resize a home area"
|
msgid "Resize a home area"
|
||||||
|
@ -1234,14 +1231,12 @@ msgstr ""
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
||||||
msgid "Manage optional features"
|
msgid "Manage optional features"
|
||||||
msgstr ""
|
msgstr "Upravljaj dodatne funkcionalnosti"
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
||||||
#, fuzzy
|
|
||||||
msgid "Authentication is required to manage optional features"
|
msgid "Authentication is required to manage optional features"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Preverjanje pristnosti je potrebno za upravljanje aktivnih sej, uporabnikov "
|
"Preverjanje pristnosti je potrebno za upravljanje dodatnih funkcionalnosti."
|
||||||
"in delovišč."
|
|
||||||
|
|
||||||
#: src/timedate/org.freedesktop.timedate1.policy:22
|
#: src/timedate/org.freedesktop.timedate1.policy:22
|
||||||
msgid "Set system time"
|
msgid "Set system time"
|
||||||
|
|
20
po/uk.po
20
po/uk.po
|
@ -4,12 +4,13 @@
|
||||||
# Eugene Melnik <jeka7js@gmail.com>, 2014.
|
# Eugene Melnik <jeka7js@gmail.com>, 2014.
|
||||||
# Daniel Korostil <ted.korostiled@gmail.com>, 2014, 2016, 2018.
|
# Daniel Korostil <ted.korostiled@gmail.com>, 2014, 2016, 2018.
|
||||||
# Yuri Chornoivan <yurchor@ukr.net>, 2019, 2020, 2021, 2022, 2023, 2024.
|
# Yuri Chornoivan <yurchor@ukr.net>, 2019, 2020, 2021, 2022, 2023, 2024.
|
||||||
|
# Dmytro Markevych <hotr1pak@gmail.com>, 2024.
|
||||||
msgid ""
|
msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||||
"PO-Revision-Date: 2024-08-24 10:36+0000\n"
|
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
|
||||||
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
|
"Last-Translator: Dmytro Markevych <hotr1pak@gmail.com>\n"
|
||||||
"Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
|
"Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
|
||||||
"systemd/main/uk/>\n"
|
"systemd/main/uk/>\n"
|
||||||
"Language: uk\n"
|
"Language: uk\n"
|
||||||
|
@ -18,7 +19,7 @@ msgstr ""
|
||||||
"Content-Transfer-Encoding: 8bit\n"
|
"Content-Transfer-Encoding: 8bit\n"
|
||||||
"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
|
"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
|
||||||
"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
|
"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
|
||||||
"X-Generator: Weblate 5.7\n"
|
"X-Generator: Weblate 5.8.2\n"
|
||||||
|
|
||||||
#: src/core/org.freedesktop.systemd1.policy.in:22
|
#: src/core/org.freedesktop.systemd1.policy.in:22
|
||||||
msgid "Send passphrase back to system"
|
msgid "Send passphrase back to system"
|
||||||
|
@ -118,14 +119,12 @@ msgid "Authentication is required to update a user's home area."
|
||||||
msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання."
|
msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання."
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:53
|
#: src/home/org.freedesktop.home1.policy:53
|
||||||
#, fuzzy
|
|
||||||
msgid "Update your home area"
|
msgid "Update your home area"
|
||||||
msgstr "Оновлення домашньої теки"
|
msgstr "Оновіть свій домашній простір"
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:54
|
#: src/home/org.freedesktop.home1.policy:54
|
||||||
#, fuzzy
|
|
||||||
msgid "Authentication is required to update your home area."
|
msgid "Authentication is required to update your home area."
|
||||||
msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання."
|
msgstr "Для оновлення домашньої області потрібна автентифікація."
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:63
|
#: src/home/org.freedesktop.home1.policy:63
|
||||||
msgid "Resize a home area"
|
msgid "Resize a home area"
|
||||||
|
@ -1212,14 +1211,11 @@ msgstr "Для вилучення застарілих оновлень сист
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
||||||
msgid "Manage optional features"
|
msgid "Manage optional features"
|
||||||
msgstr ""
|
msgstr "Керування додатковими функціями"
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
||||||
#, fuzzy
|
|
||||||
msgid "Authentication is required to manage optional features"
|
msgid "Authentication is required to manage optional features"
|
||||||
msgstr ""
|
msgstr "Для керування додатковими функціями потрібна автентифікація"
|
||||||
"Для того, щоб керувати сеансами, користувачами і робочими місцями, слід "
|
|
||||||
"пройти розпізнавання."
|
|
||||||
|
|
||||||
#: src/timedate/org.freedesktop.timedate1.policy:22
|
#: src/timedate/org.freedesktop.timedate1.policy:22
|
||||||
msgid "Set system time"
|
msgid "Set system time"
|
||||||
|
|
|
@ -799,7 +799,7 @@ int cg_pid_get_path(const char *controller, pid_t pid, char **ret_path) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
char *path = strdup(e + 1);
|
_cleanup_free_ char *path = strdup(e + 1);
|
||||||
if (!path)
|
if (!path)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
|
@ -812,7 +812,7 @@ int cg_pid_get_path(const char *controller, pid_t pid, char **ret_path) {
|
||||||
if (e)
|
if (e)
|
||||||
*e = 0;
|
*e = 0;
|
||||||
|
|
||||||
*ret_path = path;
|
*ret_path = TAKE_PTR(path);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1443,6 +1443,7 @@ int link_reconfigure_impl(Link *link, LinkReconfigurationFlag flags) {
|
||||||
}
|
}
|
||||||
|
|
||||||
typedef struct LinkReconfigurationData {
|
typedef struct LinkReconfigurationData {
|
||||||
|
Manager *manager;
|
||||||
Link *link;
|
Link *link;
|
||||||
LinkReconfigurationFlag flags;
|
LinkReconfigurationFlag flags;
|
||||||
sd_bus_message *message;
|
sd_bus_message *message;
|
||||||
|
@ -1473,6 +1474,12 @@ static void link_reconfiguration_data_destroy_callback(LinkReconfigurationData *
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!data->counter || *data->counter <= 0) {
|
if (!data->counter || *data->counter <= 0) {
|
||||||
|
/* Update the state files before replying the bus method. Otherwise,
|
||||||
|
* systemd-networkd-wait-online following networkctl reload/reconfigure may read an
|
||||||
|
* outdated state file and wrongly handle an interface is already in the configured
|
||||||
|
* state. */
|
||||||
|
(void) manager_clean_all(data->manager);
|
||||||
|
|
||||||
r = sd_bus_reply_method_return(data->message, NULL);
|
r = sd_bus_reply_method_return(data->message, NULL);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_warning_errno(r, "Failed to reply for DBus method, ignoring: %m");
|
log_warning_errno(r, "Failed to reply for DBus method, ignoring: %m");
|
||||||
|
@ -1521,6 +1528,7 @@ int link_reconfigure_full(Link *link, LinkReconfigurationFlag flags, sd_bus_mess
|
||||||
}
|
}
|
||||||
|
|
||||||
*data = (LinkReconfigurationData) {
|
*data = (LinkReconfigurationData) {
|
||||||
|
.manager = link->manager,
|
||||||
.link = link_ref(link),
|
.link = link_ref(link),
|
||||||
.flags = flags,
|
.flags = flags,
|
||||||
.message = sd_bus_message_ref(message), /* message may be NULL, but _ref() works fine. */
|
.message = sd_bus_message_ref(message), /* message may be NULL, but _ref() works fine. */
|
||||||
|
|
|
@ -5,12 +5,16 @@
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
|
|
||||||
#include "alloc-util.h"
|
#include "alloc-util.h"
|
||||||
|
#include "blockdev-util.h"
|
||||||
#include "cryptsetup-util.h"
|
#include "cryptsetup-util.h"
|
||||||
|
#include "dissect-image.h"
|
||||||
#include "fileio.h"
|
#include "fileio.h"
|
||||||
#include "fstab-util.h"
|
#include "fstab-util.h"
|
||||||
#include "hexdecoct.h"
|
#include "hexdecoct.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
|
#include "loop-util.h"
|
||||||
#include "main-func.h"
|
#include "main-func.h"
|
||||||
|
#include "missing_loop.h"
|
||||||
#include "parse-util.h"
|
#include "parse-util.h"
|
||||||
#include "path-util.h"
|
#include "path-util.h"
|
||||||
#include "pretty-print.h"
|
#include "pretty-print.h"
|
||||||
|
@ -274,6 +278,79 @@ static int parse_options(const char *options) {
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int find_dps_signature(
|
||||||
|
const char *data_device,
|
||||||
|
void *root_hash,
|
||||||
|
size_t root_hash_size,
|
||||||
|
char **ret_root_hash_signature) {
|
||||||
|
|
||||||
|
_cleanup_(verity_settings_done) VeritySettings verity = VERITY_SETTINGS_DEFAULT;
|
||||||
|
_cleanup_free_ char *base64_signature = NULL, *string_signature = NULL;
|
||||||
|
_cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
|
||||||
|
_cleanup_(dissected_image_unrefp) DissectedImage *dissected_image = NULL;
|
||||||
|
_cleanup_(sd_device_unrefp) sd_device *device = NULL;
|
||||||
|
DissectImageFlags dissect_image_flags =
|
||||||
|
DISSECT_IMAGE_GPT_ONLY |
|
||||||
|
DISSECT_IMAGE_USR_NO_ROOT |
|
||||||
|
DISSECT_IMAGE_ADD_PARTITION_DEVICES |
|
||||||
|
DISSECT_IMAGE_DEVICE_READ_ONLY;
|
||||||
|
ssize_t len;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
assert(data_device);
|
||||||
|
assert(root_hash);
|
||||||
|
assert(root_hash_size > 0);
|
||||||
|
assert(ret_root_hash_signature);
|
||||||
|
|
||||||
|
if (!startswith(data_device, "/dev/"))
|
||||||
|
return -EINVAL;
|
||||||
|
|
||||||
|
verity.root_hash_size = root_hash_size;
|
||||||
|
verity.root_hash = malloc(root_hash_size);
|
||||||
|
if (!verity.root_hash)
|
||||||
|
return log_oom_debug();
|
||||||
|
memcpy(verity.root_hash, root_hash, root_hash_size);
|
||||||
|
|
||||||
|
r = block_device_new_from_path(data_device, BLOCK_DEVICE_LOOKUP_WHOLE_DISK, &device);
|
||||||
|
if (r < 0)
|
||||||
|
return log_debug_errno(r, "Failed to get udev device for data device: %m");
|
||||||
|
|
||||||
|
r = loop_device_open(device, O_RDONLY, LOCK_SH, &loop_device);
|
||||||
|
if (r < 0)
|
||||||
|
return log_debug_errno(r, "Failed to create loop device for root image: %m");
|
||||||
|
|
||||||
|
r = dissect_loop_device(
|
||||||
|
loop_device,
|
||||||
|
&verity,
|
||||||
|
/* mount_options= */ NULL,
|
||||||
|
/* image_policy= */ NULL,
|
||||||
|
dissect_image_flags,
|
||||||
|
&dissected_image);
|
||||||
|
if (r < 0)
|
||||||
|
return log_debug_errno(r, "Failed to dissect image: %m");
|
||||||
|
|
||||||
|
r = dissected_image_load_verity_sig_partition(
|
||||||
|
dissected_image,
|
||||||
|
loop_device->fd,
|
||||||
|
&verity);
|
||||||
|
if (r < 0)
|
||||||
|
return log_debug_errno(r, "Failed to load verity signature partition: %m");
|
||||||
|
if (r == 0)
|
||||||
|
return -ENOENT;
|
||||||
|
|
||||||
|
len = base64mem(verity.root_hash_sig, verity.root_hash_sig_size, &base64_signature);
|
||||||
|
if (len < 0)
|
||||||
|
return log_debug_errno(len, "Failed to encode root hash signature: %m");
|
||||||
|
|
||||||
|
string_signature = strjoin("base64:", base64_signature);
|
||||||
|
if (!string_signature)
|
||||||
|
return log_oom_debug();
|
||||||
|
|
||||||
|
*ret_root_hash_signature = TAKE_PTR(string_signature);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
static int run(int argc, char *argv[]) {
|
static int run(int argc, char *argv[]) {
|
||||||
_cleanup_(crypt_freep) struct crypt_device *cd = NULL;
|
_cleanup_(crypt_freep) struct crypt_device *cd = NULL;
|
||||||
const char *verb;
|
const char *verb;
|
||||||
|
@ -371,6 +448,13 @@ static int run(int argc, char *argv[]) {
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to configure data device: %m");
|
return log_error_errno(r, "Failed to configure data device: %m");
|
||||||
|
|
||||||
|
#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
|
||||||
|
/* If we can support signature checks but we weren't given one, try to find it following the
|
||||||
|
* DPS on the same GPT device */
|
||||||
|
if (!arg_root_hash_signature)
|
||||||
|
(void) find_dps_signature(data_device, m, l, &arg_root_hash_signature);
|
||||||
|
#endif
|
||||||
|
|
||||||
if (arg_root_hash_signature) {
|
if (arg_root_hash_signature) {
|
||||||
#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
|
#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
|
||||||
_cleanup_free_ char *hash_sig = NULL;
|
_cleanup_free_ char *hash_sig = NULL;
|
||||||
|
|
|
@ -6406,11 +6406,11 @@ class NetworkdRATests(unittest.TestCase, Utilities):
|
||||||
|
|
||||||
for i in [100, 200, 300, 512, 1024, 2048]:
|
for i in [100, 200, 300, 512, 1024, 2048]:
|
||||||
if i not in [metric_1, metric_2]:
|
if i not in [metric_1, metric_2]:
|
||||||
self.assertNotIn(f'{i}', output)
|
self.assertNotIn(f'metric {i} ', output)
|
||||||
|
|
||||||
for i in ['low', 'medium', 'high']:
|
for i in ['low', 'medium', 'high']:
|
||||||
if i not in [preference_1, preference_2]:
|
if i not in [preference_1, preference_2]:
|
||||||
self.assertNotIn(f'{i}', output)
|
self.assertNotIn(f'pref {i}', output)
|
||||||
|
|
||||||
def test_router_preference(self):
|
def test_router_preference(self):
|
||||||
copy_network_unit('25-veth-client.netdev',
|
copy_network_unit('25-veth-client.netdev',
|
||||||
|
|
Loading…
Reference in New Issue