min
/
lanzaboote
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tool: correctly sort generation links 

To correctly overwrite existing initrd with newer secrets (from newer
generations), the links need to be sorted from oldest generation to
newest.
This commit is contained in:
nikstur 2023-02-20 00:41:53 +01:00
parent 3f0669607d
commit 75a19cd818
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
rust/tool/src/install.rs
View File

@ -61,16 +61,22 @@ impl Installer {
.map(GenerationLink::from_path) .map(GenerationLink::from_path)
.collect::<Result<Vec<GenerationLink>>>()?; .collect::<Result<Vec<GenerationLink>>>()?;
// A configuration limit of 0 means there is no limit. // Sort the links by version. The links need to always be sorted to ensure the secrets of
if self.configuration_limit > 0 { // the latest generation are appended to the initrd when multiple generations point to the
// Sort the links by version. // same initrd.
links.sort_by_key(|l| l.version); links.sort_by_key(|l| l.version);
// Only install the number of generations configured. // A configuration limit of 0 means there is no limit.
if self.configuration_limit > 0 {
// Only install the number of generations configured. Reverse the list to only take the
// latest generations and then, after taking them, reverse the list again so that the
// generations are installed from oldest to newest, i.e. from smallest to largest
// generation version.
links = links links = links
.into_iter() .into_iter()
.rev() .rev()
.take(self.configuration_limit) .take(self.configuration_limit)
.rev()
.collect() .collect()
}; };
self.install_generations_from_links(&links)?; self.install_generations_from_links(&links)?;