Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor composefs warnings #2994

Merged
merged 4 commits into from
Aug 28, 2023
Merged

Refactor composefs warnings #2994

merged 4 commits into from
Aug 28, 2023

Commits on Aug 25, 2023

  1. prepare-root: Drop redundant print about signature/digest 

    We print if we're doing a signature+digest verification; its absence is
sufficient in the other case.  The goal here is to avoid polluting
the logs when signatures are not enabled.
    @cgwalters
    cgwalters committed Aug 25, 2023
    Configuration menu
    Copy the full SHA
    aa9b7c3 View commit details
    Browse the repository at this point in the history

  2. prepare-root: Init composefs options earlier 

    Prep for a later patch.
    @cgwalters
    cgwalters committed Aug 25, 2023
    Configuration menu
    Copy the full SHA
    1d316e3 View commit details
    Browse the repository at this point in the history

  3. prepare-root: Fold together composefs signature cases 

    Now that we don't support digest-but-not-signature verification
for composefs, the logic here was unnecessarily complicated.
With a prior prep patch that moved the composefs option
initialization up, we can just have everything related to signature
verification in a single conditonal.
    @cgwalters
    cgwalters committed Aug 25, 2023
    Configuration menu
    Copy the full SHA
    e952b1b View commit details
    Browse the repository at this point in the history

  4. composefs: Hard error except on ENOENT even in "optional" case 

    Since we enabled composefs at build time, the default (non-composefs)
case now always prints
`composefs: Optional support failed: No such file or directory`
But that's normal and expected.

Rework things here so that in the very special case where
we are in "maybe/optional" mode and we get ENOENT, then we
output a much more normal-looking message that doesn't include
the string "failed".

Now on the flip side - if I have explicitly enabled signature
checking, I think we *do* want to make that fatal even if
composefs is in "maybe" mode.

(This part is more debatable; perhaps we should just disallow
 the case of "maybe" + signatures at all; but I think this is
 an improvement in that direction)
    @cgwalters
    cgwalters committed Aug 25, 2023
    Configuration menu
    Copy the full SHA
    38880bf View commit details
    Browse the repository at this point in the history