creds-util: add common helper for determinign global boot credentials path

It's very useful being able to determine the directory where to write global boot credentials to, that are picked up by all kernels.
author: Lennart Poettering <lennart@poettering.net> 2024-06-06 12:14:35 +0200
committer: Luca Boccassi <luca.boccassi@gmail.com> 2024-06-15 00:52:35 +0200
commit: 7d9a8cc4acabb1ebd957c2879971d0c7a01387f1 (patch)
tree: a4286e3b1f3cf2e8a602dbb397677fc592e4ba33 /src/pcrlock
parent: fs-util: add simple open_mkdir() wrapper (diff)
download: systemd-7d9a8cc4acabb1ebd957c2879971d0c7a01387f1.tar.xz
systemd-7d9a8cc4acabb1ebd957c2879971d0c7a01387f1.zip
1 files changed, 7 insertions, 29 deletions
diff --git a/src/pcrlock/pcrlock.c b/src/pcrlock/pcrlock.c
index 997ace5d3c..935d60d3db 100644
--- a/src/pcrlock/pcrlock.c
+++ b/src/pcrlock/pcrlock.c
@@ -4293,34 +4293,12 @@ static int determine_boot_policy_file(char **ret) {
 
         assert(ret);
 
-        r = find_xbootldr_and_warn(
-                        /* root= */ NULL,
-                        /* path= */ NULL,
-                        /* unprivileged_mode= */ false,
-                        &path,
-                        /* ret_uuid= */ NULL,
-                        /* ret_devid= */ NULL);
-        if (r < 0) {
-                if (r != -ENOKEY)
-                        return log_error_errno(r, "Failed to find XBOOTLDR partition: %m");
-
-                r = find_esp_and_warn(
-                                /* root= */ NULL,
-                                /* path= */ NULL,
-                                /* unprivileged_mode= */ false,
-                                &path,
-                                /* ret_part= */ NULL,
-                                /* ret_pstart= */ NULL,
-                                /* ret_psize= */ NULL,
-                                /* ret_uuid= */ NULL,
-                                /* ret_devid= */ NULL);
-                if (r < 0) {
-                        if (r != -ENOKEY)
-                                return log_error_errno(r, "Failed to find ESP partition: %m");
-
-                        *ret = NULL;
-                        return 0; /* not found! */
-                }
+        r = get_global_boot_credentials_path(&path);
+        if (r < 0)
+                return r;
+        if (r == 0) {
+                *ret = NULL;
+                return 0; /* not found! */
         }
 
         r = sd_id128_get_machine(&machine_id);
@@ -4344,7 +4322,7 @@ static int determine_boot_policy_file(char **ret) {
         if (!filename_is_valid(fn))
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Credential name '%s' would not be a valid file name, refusing.", fn);
 
-        joined = path_join(path, "loader/credentials", fn);
+        joined = path_join(path, fn);
         if (!joined)
                 return log_oom();
author	Lennart Poettering <lennart@poettering.net>	2024-06-06 12:14:35 +0200
committer	Luca Boccassi <luca.boccassi@gmail.com>	2024-06-15 00:52:35 +0200
commit	7d9a8cc4acabb1ebd957c2879971d0c7a01387f1 (patch)
tree	a4286e3b1f3cf2e8a602dbb397677fc592e4ba33 /src/pcrlock
parent	fs-util: add simple open_mkdir() wrapper (diff)
download	systemd-7d9a8cc4acabb1ebd957c2879971d0c7a01387f1.tar.xz systemd-7d9a8cc4acabb1ebd957c2879971d0c7a01387f1.zip