Message ID | 20221103191420.390048-2-aalbersh@redhat.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | generic/577: fix hash check and add metadata cleaning | expand |
diff --git a/common/verity b/common/verity index 897a7f0b..aad6728f 100644 --- a/common/verity +++ b/common/verity @@ -254,10 +254,13 @@ _fsv_have_hash_algorithm() rm -f $test_file head -c 4096 /dev/zero > $test_file + _disable_fsverity_signatures if ! _fsv_enable --hash-alg=$hash_alg $test_file &>> $seqres.full; then + _restore_fsverity_signatures # no kernel support return 1 fi + _restore_fsverity_signatures rm -f $test_file return 0 }
When the fs.verity.require_signatures is set to 1 the file with fsverity enabled need to be signed. The generic/577 needs require_signatures enabled as it test signing. The _fsv_have_hash_algorithm tries to enable verity on a file without signing it. Temporarily disable require_signatures for the check and restore it to previous state afterwards. Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com> --- common/verity | 3 +++ 1 file changed, 3 insertions(+)