From 374fb05d0eab6f889460f9517d47f1f9b4207bfa Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Mon, 8 Apr 2024 17:05:23 +0200 Subject: [PATCH] _ostree_ensure_fsverity: Properly check for errors If fs_verity_wanted == _OSTREE_FEATURE_YES we should fail if !suported, but we were checking !supported where supported is a pointer, not a boolean. This caused us to miss errors when the kernel didn't support fs-verity that lead to lots of debugging. --- src/libostree/ostree-repo-verity.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/libostree/ostree-repo-verity.c b/src/libostree/ostree-repo-verity.c index 53dba68a53..196cf46a36 100644 --- a/src/libostree/ostree-repo-verity.c +++ b/src/libostree/ostree-repo-verity.c @@ -224,9 +224,10 @@ _ostree_tmpf_fsverity (OstreeRepo *self, GLnxTmpfile *tmpf, GBytes *signature, G gboolean _ostree_ensure_fsverity (OstreeRepo *self, gboolean allow_enoent, int dirfd, const char *path, - gboolean *supported, GError **error) + gboolean *supported_out, GError **error) { struct stat buf; + gboolean supported; if (fstatat (dirfd, path, &buf, AT_SYMLINK_NOFOLLOW) != 0) { @@ -243,11 +244,14 @@ _ostree_ensure_fsverity (OstreeRepo *self, gboolean allow_enoent, int dirfd, con if (fd < 0) return glnx_throw_errno_prefix (error, "openat(%s)", path); - if (!_ostree_fsverity_enable (fd, TRUE, supported, NULL, error)) + if (!_ostree_fsverity_enable (fd, TRUE, &supported, NULL, error)) return FALSE; if (!supported && self->fs_verity_wanted == _OSTREE_FEATURE_YES) return glnx_throw (error, "fsverity required but filesystem does not support it"); + if (supported_out) + *supported_out = supported; + return TRUE; }