min
/
lanzaboote
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tool: correctly sort generation links 

To correctly overwrite existing initrd with newer secrets (from newer
generations), the links need to be sorted from oldest generation to
newest.
This commit is contained in:
nikstur 2023-02-20 00:41:53 +01:00
parent 3f0669607d
commit 75a19cd818
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
rust/tool/src/install.rs
View File

@ -61,16 +61,22 @@ impl Installer {
.map(GenerationLink::from_path) .map(GenerationLink::from_path)
.collect::<Result<Vec<GenerationLink>>>()?; .collect::<Result<Vec<GenerationLink>>>()?;
// Sort the links by version. The links need to always be sorted to ensure the secrets of
// the latest generation are appended to the initrd when multiple generations point to the
// same initrd.
links.sort_by_key(|l| l.version);
// A configuration limit of 0 means there is no limit. // A configuration limit of 0 means there is no limit.
if self.configuration_limit > 0 { if self.configuration_limit > 0 {
// Sort the links by version. // Only install the number of generations configured. Reverse the list to only take the
links.sort_by_key(|l| l.version); // latest generations and then, after taking them, reverse the list again so that the
// generations are installed from oldest to newest, i.e. from smallest to largest
// Only install the number of generations configured. // generation version.
links = links links = links
.into_iter() .into_iter()
.rev() .rev()
.take(self.configuration_limit) .take(self.configuration_limit)
.rev()
.collect() .collect()
}; };
self.install_generations_from_links(&links)?; self.install_generations_from_links(&links)?;