mirror of
https://github.com/systemd/systemd
synced 2024-07-08 20:15:55 +00:00
os-util: add a new confext image type and the ability to parse their release files
Adds a new image type called IMAGE_CONFEXT which is similar to IMAGE_SYSEXT but works for the /etc/ directory instead of /usr/ and /opt/. This commit also adds the ability to parse the release file that is present with the confext image in /etc/confext-release.d/ directory.
This commit is contained in:
parent
7393530f22
commit
b60e0f5777
24
TODO
24
TODO
|
@ -521,13 +521,13 @@ Features:
|
|||
* add support for asymmetric LUKS2 TPM based encryption. i.e. allow preparing
|
||||
an encrypted image on some host given a public key belonging to a specific
|
||||
other host, so that only hosts possessing the private key in the TPM2 chip
|
||||
can decrypt the volume key and activate the volume. Usecase: systemd-syscfg
|
||||
for a central orchestrator to generate syscfg images securely that can only
|
||||
can decrypt the volume key and activate the volume. Usecase: systemd-confext
|
||||
for a central orchestrator to generate confext images securely that can only
|
||||
be activated on one specific host (which can be used for installing a bunch
|
||||
of creds in /etc/credstore/ for example). Extending on this: allow binding
|
||||
LUKS2 TPM based encryption also to the TPM2 internal clock. Net result:
|
||||
prepare a syscfg image that can only be activated on a specific host that
|
||||
runs a specific software in a specific time window. syscfg would be
|
||||
prepare a confext image that can only be activated on a specific host that
|
||||
runs a specific software in a specific time window. confext would be
|
||||
automatically invalidated outside of it.
|
||||
|
||||
* maybe add a "systemd-report" tool, that generates a TPM2-backed "report" of
|
||||
|
@ -538,17 +538,17 @@ Features:
|
|||
this: have the report tool upload these reports every 3min somewhere. Then
|
||||
have the orchestrator collect these reports centrally over a 3min time
|
||||
window, and use them to determine what which node should now start/stop what,
|
||||
and generate a small syscfg for each node, that uses Uphold= to pin services
|
||||
on each node. The syscfg would be encrypted using the asymmetric encryption
|
||||
and generate a small confext for each node, that uses Uphold= to pin services
|
||||
on each node. The confext would be encrypted using the asymmetric encryption
|
||||
proposed above, so that it can only be activated on the specific host, if the
|
||||
software is in a good state, and within a specific time frame. Then run a
|
||||
loop on each node that sends report to orchestrator and then sysupdate to
|
||||
update syscfg. Orchestrator would be stateless, i.e. operate on desired
|
||||
update confext. Orchestrator would be stateless, i.e. operate on desired
|
||||
config and collected reports in the last 3min time window only, and thus can
|
||||
be trivially scaled up since all instances of the orchestrator should come to
|
||||
the same conclusions given the same inputs of reports/desired workload info.
|
||||
Could also be used to deliver Wireguard secrets and thus to clients, thus
|
||||
permitting zero-trust networking: secrets are rolled over via syscfg updates,
|
||||
permitting zero-trust networking: secrets are rolled over via confext updates,
|
||||
and via the time window TPM logic invalidated if node doesn't keep itself
|
||||
updated, or becomes corrupted in some way.
|
||||
|
||||
|
@ -597,7 +597,7 @@ Features:
|
|||
keyring, so that the kernel does this validation for us for verity and kernel
|
||||
modules
|
||||
|
||||
* for systemd-syscfg: add a tool that can generate suitable DDIs with verity +
|
||||
* for systemd-confext: add a tool that can generate suitable DDIs with verity +
|
||||
sig using squashfs-tools-ng's library. Maybe just systemd-repart called under
|
||||
a new name with a built-in config?
|
||||
|
||||
|
@ -914,12 +914,6 @@ Features:
|
|||
|
||||
* sysext: measure all activated sysext into a TPM PCR
|
||||
|
||||
* maybe add a "syscfg" concept, that is almost entirely identical to "sysext",
|
||||
but operates on /etc/ instead of /usr/ and /opt/. Use case would be: trusted,
|
||||
authenticated, atomic, additive configuration management primitive: drop in a
|
||||
configuration bundle, and activate it, so that it is instantly visible,
|
||||
comprehensively.
|
||||
|
||||
* systemd-dissect: show available versions inside of a disk image, i.e. if
|
||||
multiple versions are around of the same resource, show which ones. (in other
|
||||
words: show partition labels).
|
||||
|
|
|
@ -19,6 +19,21 @@
|
|||
#include "utf8.h"
|
||||
#include "xattr-util.h"
|
||||
|
||||
/* Helper struct for naming simplicity and reusability */
|
||||
static const struct {
|
||||
const char *release_file_directory;
|
||||
const char *release_file_path_prefix;
|
||||
} image_class_release_info[_IMAGE_CLASS_MAX] = {
|
||||
[IMAGE_SYSEXT] = {
|
||||
.release_file_directory = "/usr/lib/extension-release.d/",
|
||||
.release_file_path_prefix = "/usr/lib/extension-release.d/extension-release.",
|
||||
},
|
||||
[IMAGE_CONFEXT] = {
|
||||
.release_file_directory = "/etc/extension-release.d/",
|
||||
.release_file_path_prefix = "/etc/extension-release.d/extension-release.",
|
||||
}
|
||||
};
|
||||
|
||||
bool image_name_is_valid(const char *s) {
|
||||
if (!filename_is_valid(s))
|
||||
return false;
|
||||
|
@ -36,10 +51,12 @@ bool image_name_is_valid(const char *s) {
|
|||
return true;
|
||||
}
|
||||
|
||||
int path_is_extension_tree(const char *path, const char *extension, bool relax_extension_release_check) {
|
||||
int path_is_extension_tree(ImageClass image_class, const char *path, const char *extension, bool relax_extension_release_check) {
|
||||
int r;
|
||||
|
||||
assert(path);
|
||||
assert(image_class >= 0);
|
||||
assert(image_class < _IMAGE_CLASS_MAX);
|
||||
|
||||
/* Does the path exist at all? If not, generate an error immediately. This is useful so that a missing root dir
|
||||
* always results in -ENOENT, and we can properly distinguish the case where the whole root doesn't exist from
|
||||
|
@ -48,8 +65,9 @@ int path_is_extension_tree(const char *path, const char *extension, bool relax_e
|
|||
return -errno;
|
||||
|
||||
/* We use /usr/lib/extension-release.d/extension-release[.NAME] as flag for something being a system extension,
|
||||
* /etc/extension-release.d/extension-release[.NAME] as flag for something being a system configuration, and finally,
|
||||
* and {/etc|/usr/lib}/os-release as a flag for something being an OS (when not an extension). */
|
||||
r = open_extension_release(path, extension, relax_extension_release_check, NULL, NULL);
|
||||
r = open_extension_release(path, image_class, extension, relax_extension_release_check, NULL, NULL);
|
||||
if (r == -ENOENT) /* We got nothing */
|
||||
return 0;
|
||||
if (r < 0)
|
||||
|
@ -96,18 +114,21 @@ static int extension_release_strict_xattr_value(int extension_release_fd, const
|
|||
return false;
|
||||
}
|
||||
|
||||
int open_extension_release(const char *root, const char *extension, bool relax_extension_release_check, char **ret_path, int *ret_fd) {
|
||||
int open_extension_release(const char *root, ImageClass image_class, const char *extension, bool relax_extension_release_check, char **ret_path, int *ret_fd) {
|
||||
_cleanup_free_ char *q = NULL;
|
||||
int r, fd;
|
||||
|
||||
if (extension) {
|
||||
assert(image_class >= 0);
|
||||
assert(image_class < _IMAGE_CLASS_MAX);
|
||||
|
||||
const char *extension_full_path;
|
||||
|
||||
if (!image_name_is_valid(extension))
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"The extension name %s is invalid.", extension);
|
||||
|
||||
extension_full_path = strjoina("/usr/lib/extension-release.d/extension-release.", extension);
|
||||
extension_full_path = strjoina(image_class_release_info[image_class].release_file_path_prefix, extension);
|
||||
r = chase(extension_full_path, root, CHASE_PREFIX_ROOT, ret_path ? &q : NULL, ret_fd ? &fd : NULL);
|
||||
log_full_errno_zerook(LOG_DEBUG, MIN(r, 0), "Checking for %s: %m", extension_full_path);
|
||||
|
||||
|
@ -120,10 +141,10 @@ int open_extension_release(const char *root, const char *extension, bool relax_e
|
|||
_cleanup_free_ char *extension_release_dir_path = NULL;
|
||||
_cleanup_closedir_ DIR *extension_release_dir = NULL;
|
||||
|
||||
r = chase_and_opendir("/usr/lib/extension-release.d/", root, CHASE_PREFIX_ROOT,
|
||||
r = chase_and_opendir(image_class_release_info[image_class].release_file_directory, root, CHASE_PREFIX_ROOT,
|
||||
&extension_release_dir_path, &extension_release_dir);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Cannot open %s/usr/lib/extension-release.d/, ignoring: %m", root);
|
||||
return log_debug_errno(r, "Cannot open %s%s, ignoring: %m", root, image_class_release_info[image_class].release_file_directory);
|
||||
|
||||
r = -ENOENT;
|
||||
FOREACH_DIRENT(de, extension_release_dir, return -errno) {
|
||||
|
@ -137,7 +158,7 @@ int open_extension_release(const char *root, const char *extension, bool relax_e
|
|||
continue;
|
||||
|
||||
if (!image_name_is_valid(image_name)) {
|
||||
log_debug("%s/%s is not a valid extension-release file name, ignoring.",
|
||||
log_debug("%s/%s is not a valid release file name, ignoring.",
|
||||
extension_release_dir_path, de->d_name);
|
||||
continue;
|
||||
}
|
||||
|
@ -149,7 +170,7 @@ int open_extension_release(const char *root, const char *extension, bool relax_e
|
|||
O_PATH|O_CLOEXEC|O_NOFOLLOW);
|
||||
if (extension_release_fd < 0)
|
||||
return log_debug_errno(errno,
|
||||
"Failed to open extension-release file %s/%s: %m",
|
||||
"Failed to open release file %s/%s: %m",
|
||||
extension_release_dir_path,
|
||||
de->d_name);
|
||||
|
||||
|
@ -219,16 +240,16 @@ int open_extension_release(const char *root, const char *extension, bool relax_e
|
|||
return 0;
|
||||
}
|
||||
|
||||
int fopen_extension_release(const char *root, const char *extension, bool relax_extension_release_check, char **ret_path, FILE **ret_file) {
|
||||
int fopen_extension_release(const char *root, ImageClass image_class, const char *extension, bool relax_extension_release_check, char **ret_path, FILE **ret_file) {
|
||||
_cleanup_free_ char *p = NULL;
|
||||
_cleanup_close_ int fd = -EBADF;
|
||||
FILE *f;
|
||||
int r;
|
||||
|
||||
if (!ret_file)
|
||||
return open_extension_release(root, extension, relax_extension_release_check, ret_path, NULL);
|
||||
return open_extension_release(root, image_class, extension, relax_extension_release_check, ret_path, NULL);
|
||||
|
||||
r = open_extension_release(root, extension, relax_extension_release_check, ret_path ? &p : NULL, &fd);
|
||||
r = open_extension_release(root, image_class, extension, relax_extension_release_check, ret_path ? &p : NULL, &fd);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -243,24 +264,27 @@ int fopen_extension_release(const char *root, const char *extension, bool relax_
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int parse_release_internal(const char *root, bool relax_extension_release_check, const char *extension, va_list ap) {
|
||||
static int parse_release_internal(const char *root, ImageClass image_class, bool relax_extension_release_check, const char *extension, va_list ap) {
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
_cleanup_free_ char *p = NULL;
|
||||
int r;
|
||||
|
||||
r = fopen_extension_release(root, extension, relax_extension_release_check, &p, &f);
|
||||
r = fopen_extension_release(root, image_class, extension, relax_extension_release_check, &p, &f);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
return parse_env_filev(f, p, ap);
|
||||
}
|
||||
|
||||
int _parse_extension_release(const char *root, bool relax_extension_release_check, const char *extension, ...) {
|
||||
int _parse_extension_release(const char *root, ImageClass image_class, bool relax_extension_release_check, const char *extension, ...) {
|
||||
va_list ap;
|
||||
int r;
|
||||
|
||||
assert(image_class >= 0);
|
||||
assert(image_class < _IMAGE_CLASS_MAX);
|
||||
|
||||
va_start(ap, extension);
|
||||
r = parse_release_internal(root, relax_extension_release_check, extension, ap);
|
||||
r = parse_release_internal(root, image_class, relax_extension_release_check, extension, ap);
|
||||
va_end(ap);
|
||||
|
||||
return r;
|
||||
|
@ -271,7 +295,7 @@ int _parse_os_release(const char *root, ...) {
|
|||
int r;
|
||||
|
||||
va_start(ap, root);
|
||||
r = parse_release_internal(root, /* relax_extension_release_check= */ false, NULL, ap);
|
||||
r = parse_release_internal(root, -1, /* relax_extension_release_check= */ false, NULL, ap);
|
||||
va_end(ap);
|
||||
|
||||
return r;
|
||||
|
@ -318,12 +342,15 @@ int load_os_release_pairs_with_prefix(const char *root, const char *prefix, char
|
|||
return 0;
|
||||
}
|
||||
|
||||
int load_extension_release_pairs(const char *root, const char *extension, bool relax_extension_release_check, char ***ret) {
|
||||
int load_extension_release_pairs(const char *root, ImageClass image_class, const char *extension, bool relax_extension_release_check, char ***ret) {
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
_cleanup_free_ char *p = NULL;
|
||||
int r;
|
||||
|
||||
r = fopen_extension_release(root, extension, relax_extension_release_check, &p, &f);
|
||||
assert(image_class >= 0);
|
||||
assert(image_class < _IMAGE_CLASS_MAX);
|
||||
|
||||
r = fopen_extension_release(root, image_class, extension, relax_extension_release_check, &p, &f);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
|
@ -5,33 +5,44 @@
|
|||
#include <stdio.h>
|
||||
|
||||
#include "time-util.h"
|
||||
typedef enum ImageClass {
|
||||
IMAGE_MACHINE,
|
||||
IMAGE_PORTABLE,
|
||||
IMAGE_SYSEXT,
|
||||
IMAGE_CONFEXT,
|
||||
_IMAGE_CLASS_MAX,
|
||||
_IMAGE_CLASS_INVALID = -EINVAL,
|
||||
} ImageClass;
|
||||
|
||||
const char* image_class_to_string(ImageClass cl) _const_;
|
||||
ImageClass image_class_from_string(const char *s) _pure_;
|
||||
|
||||
/* The *_extension_release flavours will look for /usr/lib/extension-release/extension-release.NAME
|
||||
* in accordance with the OS extension specification, rather than for /usr/lib/ or /etc/os-release. */
|
||||
|
||||
bool image_name_is_valid(const char *s) _pure_;
|
||||
|
||||
int path_is_extension_tree(const char *path, const char *extension, bool relax_extension_release_check);
|
||||
int path_is_extension_tree(ImageClass image_class, const char *path, const char *extension, bool relax_extension_release_check);
|
||||
static inline int path_is_os_tree(const char *path) {
|
||||
return path_is_extension_tree(path, NULL, false);
|
||||
return path_is_extension_tree(IMAGE_SYSEXT, path, NULL, false);
|
||||
}
|
||||
|
||||
int open_extension_release(const char *root, const char *extension, bool relax_extension_release_check, char **ret_path, int *ret_fd);
|
||||
int open_extension_release(const char *root, ImageClass image_class, const char *extension, bool relax_extension_release_check, char **ret_path, int *ret_fd);
|
||||
static inline int open_os_release(const char *root, char **ret_path, int *ret_fd) {
|
||||
return open_extension_release(root, NULL, false, ret_path, ret_fd);
|
||||
return open_extension_release(root, IMAGE_SYSEXT, NULL, false, ret_path, ret_fd);
|
||||
}
|
||||
|
||||
int fopen_extension_release(const char *root, const char *extension, bool relax_extension_release_check, char **ret_path, FILE **ret_file);
|
||||
int fopen_extension_release(const char *root, ImageClass image_class, const char *extension, bool relax_extension_release_check, char **ret_path, FILE **ret_file);
|
||||
static inline int fopen_os_release(const char *root, char **ret_path, FILE **ret_file) {
|
||||
return fopen_extension_release(root, NULL, false, ret_path, ret_file);
|
||||
return fopen_extension_release(root, IMAGE_SYSEXT, NULL, false, ret_path, ret_file);
|
||||
}
|
||||
|
||||
int _parse_extension_release(const char *root, bool relax_extension_release_check, const char *extension, ...) _sentinel_;
|
||||
int _parse_extension_release(const char *root, ImageClass image_class, bool relax_extension_release_check, const char *extension, ...) _sentinel_;
|
||||
int _parse_os_release(const char *root, ...) _sentinel_;
|
||||
#define parse_extension_release(root, relax_extension_release_check, extension, ...) _parse_extension_release(root, relax_extension_release_check, extension, __VA_ARGS__, NULL)
|
||||
#define parse_extension_release(root, image_class, relax_extension_release_check, extension, ...) _parse_extension_release(root, image_class, relax_extension_release_check, extension, __VA_ARGS__, NULL)
|
||||
#define parse_os_release(root, ...) _parse_os_release(root, __VA_ARGS__, NULL)
|
||||
|
||||
int load_extension_release_pairs(const char *root, const char *extension, bool relax_extension_release_check, char ***ret);
|
||||
int load_extension_release_pairs(const char *root, ImageClass image_class, const char *extension, bool relax_extension_release_check, char ***ret);
|
||||
int load_os_release_pairs(const char *root, char ***ret);
|
||||
int load_os_release_pairs_with_prefix(const char *root, const char *prefix, char ***ret);
|
||||
|
||||
|
|
|
@ -1423,7 +1423,7 @@ static int apply_one_mount(
|
|||
if (isempty(host_os_release_id))
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "'ID' field not found or empty in 'os-release' data of OS tree '%s': %m", empty_to_root(root_directory));
|
||||
|
||||
r = load_extension_release_pairs(mount_entry_source(m), extension_name, /* relax_extension_release_check= */ false, &extension_release);
|
||||
r = load_extension_release_pairs(mount_entry_source(m), IMAGE_SYSEXT, extension_name, /* relax_extension_release_check= */ false, &extension_release);
|
||||
if (r == -ENOENT && m->ignore)
|
||||
return 0;
|
||||
if (r < 0)
|
||||
|
|
|
@ -198,7 +198,7 @@ static int extract_now(
|
|||
/* First, find os-release/extension-release and send it upstream (or just save it). */
|
||||
if (path_is_extension) {
|
||||
os_release_id = strjoina("/usr/lib/extension-release.d/extension-release.", image_name);
|
||||
r = open_extension_release(where, image_name, relax_extension_release_check, &os_release_path, &os_release_fd);
|
||||
r = open_extension_release(where, IMAGE_SYSEXT, image_name, relax_extension_release_check, &os_release_path, &os_release_fd);
|
||||
} else {
|
||||
os_release_id = "/etc/os-release";
|
||||
r = open_os_release(where, &os_release_path, &os_release_fd);
|
||||
|
@ -948,17 +948,17 @@ static int append_release_log_fields(
|
|||
|
||||
static const char *const field_versions[_IMAGE_CLASS_MAX][4]= {
|
||||
[IMAGE_PORTABLE] = { "IMAGE_VERSION", "VERSION_ID", "BUILD_ID", NULL },
|
||||
[IMAGE_EXTENSION] = { "SYSEXT_IMAGE_VERSION", "SYSEXT_VERSION_ID", "SYSEXT_BUILD_ID", NULL },
|
||||
[IMAGE_SYSEXT] = { "SYSEXT_IMAGE_VERSION", "SYSEXT_VERSION_ID", "SYSEXT_BUILD_ID", NULL },
|
||||
};
|
||||
static const char *const field_ids[_IMAGE_CLASS_MAX][3]= {
|
||||
[IMAGE_PORTABLE] = { "IMAGE_ID", "ID", NULL },
|
||||
[IMAGE_EXTENSION] = { "SYSEXT_IMAGE_ID", "SYSEXT_ID", NULL },
|
||||
[IMAGE_SYSEXT] = { "SYSEXT_IMAGE_ID", "SYSEXT_ID", NULL },
|
||||
};
|
||||
_cleanup_strv_free_ char **fields = NULL;
|
||||
const char *id = NULL, *version = NULL;
|
||||
int r;
|
||||
|
||||
assert(IN_SET(type, IMAGE_PORTABLE, IMAGE_EXTENSION));
|
||||
assert(IN_SET(type, IMAGE_PORTABLE, IMAGE_SYSEXT));
|
||||
assert(!strv_isempty((char *const *)field_ids[type]));
|
||||
assert(!strv_isempty((char *const *)field_versions[type]));
|
||||
assert(field_name);
|
||||
|
@ -1106,7 +1106,7 @@ static int install_chroot_dropin(
|
|||
* still be able to identify what applies to what. */
|
||||
r = append_release_log_fields(&text,
|
||||
ordered_hashmap_get(extension_releases, ext->name),
|
||||
IMAGE_EXTENSION,
|
||||
IMAGE_SYSEXT,
|
||||
"PORTABLE_EXTENSION_NAME_AND_VERSION");
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
|
|
@ -63,9 +63,14 @@ static const char* const image_search_path[_IMAGE_CLASS_MAX] = {
|
|||
* because extension images are supposed to extend /usr/, so you get into recursive races, especially
|
||||
* with directory-based extensions, as the kernel's OverlayFS explicitly checks for this and errors
|
||||
* out with -ELOOP if it finds that a lowerdir= is a child of another lowerdir=. */
|
||||
[IMAGE_EXTENSION] = "/etc/extensions\0" /* only place symlinks here */
|
||||
"/run/extensions\0" /* and here too */
|
||||
"/var/lib/extensions\0", /* the main place for images */
|
||||
[IMAGE_SYSEXT] = "/etc/extensions\0" /* only place symlinks here */
|
||||
"/run/extensions\0" /* and here too */
|
||||
"/var/lib/extensions\0", /* the main place for images */
|
||||
|
||||
[IMAGE_CONFEXT] = "/run/confexts\0" /* only place symlinks here */
|
||||
"/var/lib/confexts\0" /* the main place for images */
|
||||
"/usr/local/lib/confexts\0"
|
||||
"/usr/lib/confexts\0",
|
||||
};
|
||||
|
||||
static Image *image_free(Image *i) {
|
||||
|
@ -1152,7 +1157,7 @@ int image_read_metadata(Image *i) {
|
|||
_cleanup_free_ char *hostname = NULL;
|
||||
_cleanup_free_ char *path = NULL;
|
||||
|
||||
if (i->class == IMAGE_EXTENSION) {
|
||||
if (i->class == IMAGE_SYSEXT) {
|
||||
r = extension_has_forbidden_content(i->path);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
@ -1190,7 +1195,7 @@ int image_read_metadata(Image *i) {
|
|||
if (r < 0)
|
||||
log_debug_errno(r, "Failed to read os-release in image, ignoring: %m");
|
||||
|
||||
r = load_extension_release_pairs(i->path, i->name, /* relax_extension_release_check= */ false, &extension_release);
|
||||
r = load_extension_release_pairs(i->path, i->class, i->name, /* relax_extension_release_check= */ false, &extension_release);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed to read extension-release in image, ignoring: %m");
|
||||
|
||||
|
@ -1325,7 +1330,8 @@ DEFINE_STRING_TABLE_LOOKUP(image_type, ImageType);
|
|||
static const char* const image_class_table[_IMAGE_CLASS_MAX] = {
|
||||
[IMAGE_MACHINE] = "machine",
|
||||
[IMAGE_PORTABLE] = "portable",
|
||||
[IMAGE_EXTENSION] = "extension",
|
||||
[IMAGE_SYSEXT] = "extension",
|
||||
[IMAGE_CONFEXT] = "confext"
|
||||
};
|
||||
|
||||
DEFINE_STRING_TABLE_LOOKUP(image_class, ImageClass);
|
||||
|
|
|
@ -9,18 +9,11 @@
|
|||
#include "hashmap.h"
|
||||
#include "lock-util.h"
|
||||
#include "macro.h"
|
||||
#include "os-util.h"
|
||||
#include "path-util.h"
|
||||
#include "string-util.h"
|
||||
#include "time-util.h"
|
||||
|
||||
typedef enum ImageClass {
|
||||
IMAGE_MACHINE,
|
||||
IMAGE_PORTABLE,
|
||||
IMAGE_EXTENSION,
|
||||
_IMAGE_CLASS_MAX,
|
||||
_IMAGE_CLASS_INVALID = -EINVAL,
|
||||
} ImageClass;
|
||||
|
||||
typedef enum ImageType {
|
||||
IMAGE_DIRECTORY,
|
||||
IMAGE_SUBVOLUME,
|
||||
|
@ -77,9 +70,6 @@ int image_read_only(Image *i, bool b);
|
|||
const char* image_type_to_string(ImageType t) _const_;
|
||||
ImageType image_type_from_string(const char *s) _pure_;
|
||||
|
||||
const char* image_class_to_string(ImageClass cl) _const_;
|
||||
ImageClass image_class_from_string(const char *s) _pure_;
|
||||
|
||||
int image_path_lock(const char *path, int operation, LockFile *global, LockFile *local);
|
||||
int image_name_lock(const char *name, int operation, LockFile *ret);
|
||||
|
||||
|
|
|
@ -1791,7 +1791,7 @@ int dissected_image_mount(
|
|||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0) {
|
||||
r = path_is_extension_tree(where, m->image_name, FLAGS_SET(flags, DISSECT_IMAGE_RELAX_SYSEXT_CHECK));
|
||||
r = path_is_extension_tree(IMAGE_SYSEXT, where, m->image_name, FLAGS_SET(flags, DISSECT_IMAGE_RELAX_SYSEXT_CHECK));
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r > 0)
|
||||
|
@ -3054,7 +3054,7 @@ int dissected_image_acquire_metadata(DissectedImage *m, DissectImageFlags extra_
|
|||
* we allow a fallback that matches on the first extension-release
|
||||
* file found in the directory, if one named after the image cannot
|
||||
* be found first. */
|
||||
r = open_extension_release(t, m->image_name, /* relax_extension_release_check= */ false, NULL, &fd);
|
||||
r = open_extension_release(t, IMAGE_SYSEXT, m->image_name, /* relax_extension_release_check= */ false, NULL, &fd);
|
||||
if (r < 0)
|
||||
fd = r; /* Propagate the error. */
|
||||
break;
|
||||
|
@ -3606,7 +3606,7 @@ int verity_dissect_and_mount(
|
|||
|
||||
assert(!isempty(required_host_os_release_id));
|
||||
|
||||
r = load_extension_release_pairs(dest, dissected_image->image_name, relax_extension_release_check, &extension_release);
|
||||
r = load_extension_release_pairs(dest, IMAGE_SYSEXT, dissected_image->image_name, relax_extension_release_check, &extension_release);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to parse image %s extension-release metadata: %m", dissected_image->image_name);
|
||||
|
||||
|
|
|
@ -729,7 +729,7 @@ static int image_discover_and_read_metadata(Hashmap **ret_images) {
|
|||
if (!images)
|
||||
return log_oom();
|
||||
|
||||
r = image_discover(IMAGE_EXTENSION, arg_root, images);
|
||||
r = image_discover(IMAGE_SYSEXT, arg_root, images);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to discover extension images: %m");
|
||||
|
||||
|
@ -832,7 +832,7 @@ static int verb_list(int argc, char **argv, void *userdata) {
|
|||
if (!images)
|
||||
return log_oom();
|
||||
|
||||
r = image_discover(IMAGE_EXTENSION, arg_root, images);
|
||||
r = image_discover(IMAGE_SYSEXT, arg_root, images);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to discover extension images: %m");
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user