composefs: Hard error except on ENOENT even in "optional" case

Since we enabled composefs at build time, the default (non-composefs) case now always prints `composefs: Optional support failed: No such file or directory` But that's normal and expected. Rework things here so that in the very special case where we are in "maybe/optional" mode and we get ENOENT, then we output a much more normal-looking message that doesn't include the string "failed". Now on the flip side - if I have explicitly enabled signature checking, I think we *do* want to make that fatal even if composefs is in "maybe" mode. (This part is more debatable; perhaps we should just disallow the case of "maybe" + signatures at all; but I think this is an improvement in that direction)
ostreedev · Aug 21, 2023 · 304e290 · 304e290
1 parent f745c02
commit 304e290
Showing 1 changed file with 22 additions and 19 deletions.
diff --git a/src/switchroot/ostree-prepare-root.c b/src/switchroot/ostree-prepare-root.c
@@ -359,6 +359,24 @@ load_composefs_config (GKeyFile *config, GError **error)
   return g_steal_pointer (&ret);
 }
 
+// Output a friendly message based on an errno for common cases
+static const char *
+composefs_error_message (int errsv)
+{
+  const char *errmsg;
+  switch (errsv)
+    {
+    case ENOVERITY:
+      return "fsverity not enabled on composefs image";
+    case EWRONGVERITY:
+      return "Wrong fsverity digest in composefs image";
+    case ENOSIGNATURE:
+      return "Missing signature for fsverity in composefs image";
+    default:
+      return strerror (errno);
+    }
+}
+
 int
 main (int argc, char *argv[])
 {
@@ -515,29 +533,14 @@ main (int argc, char *argv[])
       else
         {
           int errsv = errno;
-          const char *errmsg;
-          switch (errsv)
-            {
-            case ENOVERITY:
-              errmsg = "fsverity not enabled on composefs image";
-              break;
-            case EWRONGVERITY:
-              errmsg = "Wrong fsverity digest in composefs image";
-              break;
-            case ENOSIGNATURE:
-              errmsg = "Missing signature for fsverity in composefs image";
-              break;
-            default:
-              errmsg = strerror (errno);
-              break;
-            }
-          if (composefs_config->enabled == OT_TRISTATE_MAYBE)
+          g_assert (composefs_config->enabled != OT_TRISTATE_NO);
+          if (composefs_config->enabled == OT_TRISTATE_MAYBE && errsv == ENOENT)
             {
-              g_print ("composefs: optional support failed: %s\n", errmsg);
+              g_print ("composefs: No image present\n");
             }
           else
             {
-              g_assert (composefs_config->enabled == OT_TRISTATE_YES);
+              const char *errmsg = composefs_error_message (errsv);
               errx (EXIT_FAILURE, "composefs: failed to mount: %s", errmsg);
             }
         }