system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-03 08:29:25 +00:00
Code Issues Projects Releases Wiki Activity

core: add SYSTEMD_VERITY_SHARING env var for local development

Browse Source 
When running an image that cannot be mounted (e.g.: key missing intentionally
for development purposes), there's a retry loop that takes some time
and slows development down. Add an env var to disable it.
This commit is contained in:
Luca Boccassi 2024-01-23 16:01:31 +00:00 committed by Luca Boccassi
parent 20eeec72ed
commit 343e35b36d
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/ENVIRONMENT.md
View File

@ -126,6 +126,9 @@ All tools:
* `$SYSTEMD_NETLINK_DEFAULT_TIMEOUT` — specifies the default timeout of waiting
replies for netlink messages from the kernel. Defaults to 25 seconds.
* `$SYSTEMD_VERITY_SHARING=0` — if set, sharing dm-verity devices by
using a stable `<ROOTHASH>-verity` device mapper name will be disabled.
`systemctl`:
* `$SYSTEMCTL_FORCE_BUS=1` — if set, do not connect to PID 1's private D-Bus

8
src/shared/dissect-image.c
View File

@ -2794,7 +2794,9 @@ static int verity_partition(
* https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/96 */
if (r == -EINVAL && FLAGS_SET(flags, DISSECT_IMAGE_VERITY_SHARE))
break;
if (r == -ENODEV) /* Volume is being opened but not ready, crypt_init_by_name would fail, try to open again */
/* Volume is being opened but not ready, crypt_init_by_name would fail, try to open again if
* sharing is enabled. */
if (r == -ENODEV && FLAGS_SET(flags, DISSECT_IMAGE_VERITY_SHARE))
goto try_again;
if (!IN_SET(r,
-EEXIST, /* Volume has already been opened and ready to be used. */
@ -2940,7 +2942,9 @@ int dissected_image_decrypt(
k = partition_verity_of(i);
if (k >= 0) {
r = verity_partition(i, p, m->partitions + k, verity, flags | DISSECT_IMAGE_VERITY_SHARE, d);
flags |= getenv_bool("SYSTEMD_VERITY_SHARING") != 0 ? DISSECT_IMAGE_VERITY_SHARE : 0;
r = verity_partition(i, p, m->partitions + k, verity, flags, d);
if (r < 0)
return r;
}