diff --git a/src/libostree/ostree-sysroot-deploy.c b/src/libostree/ostree-sysroot-deploy.c index 2ed1d2148d..df1254df7e 100644 --- a/src/libostree/ostree-sysroot-deploy.c +++ b/src/libostree/ostree-sysroot-deploy.c @@ -683,8 +683,10 @@ checkout_deployment_tree (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeploy return glnx_prefix_error (error, "Parsing prepare-root config"); // We always parse the composefs config, because we want to detect and error // out if it's enabled, but not supported at compile time. + // However, we don't load the keys here, because they may not exist, such + // as in the initial deploy g_autoptr (ComposefsConfig) composefs_config - = otcore_load_composefs_config (prepare_root_config, error); + = otcore_load_composefs_config (prepare_root_config, FALSE, error); if (!composefs_config) return glnx_prefix_error (error, "Reading composefs config"); diff --git a/src/libotcore/otcore-prepare-root.c b/src/libotcore/otcore-prepare-root.c index 42f92c9124..bb7cf4bec2 100644 --- a/src/libotcore/otcore-prepare-root.c +++ b/src/libotcore/otcore-prepare-root.c @@ -154,7 +154,7 @@ otcore_free_composefs_config (ComposefsConfig *config) // Parse the [composefs] section of the prepare-root.conf. ComposefsConfig * -otcore_load_composefs_config (GKeyFile *config, GError **error) +otcore_load_composefs_config (GKeyFile *config, gboolean load_keys, GError **error) { GLNX_AUTO_PREFIX_ERROR ("Loading composefs config", error); @@ -178,7 +178,7 @@ otcore_load_composefs_config (GKeyFile *config, GError **error) &ret->signature_pubkey, error)) return NULL; - if (ret->is_signed) + if (ret->is_signed && load_keys) { ret->pubkeys = g_ptr_array_new_with_free_func ((GDestroyNotify)g_bytes_unref); diff --git a/src/libotcore/otcore.h b/src/libotcore/otcore.h index 5fd24ec9d3..ab22034397 100644 --- a/src/libotcore/otcore.h +++ b/src/libotcore/otcore.h @@ -58,7 +58,8 @@ typedef struct void otcore_free_composefs_config (ComposefsConfig *config); G_DEFINE_AUTOPTR_CLEANUP_FUNC (ComposefsConfig, otcore_free_composefs_config) -ComposefsConfig *otcore_load_composefs_config (GKeyFile *config, GError **error); +ComposefsConfig *otcore_load_composefs_config (GKeyFile *config, gboolean load_keys, + GError **error); // Our directory with transient state (eventually /run/ostree-booted should be a link to // /run/ostree/booted) diff --git a/src/switchroot/ostree-prepare-root.c b/src/switchroot/ostree-prepare-root.c index c4e236d402..15989a49ea 100644 --- a/src/switchroot/ostree-prepare-root.c +++ b/src/switchroot/ostree-prepare-root.c @@ -277,7 +277,8 @@ main (int argc, char *argv[]) // We always parse the composefs config, because we want to detect and error // out if it's enabled, but not supported at compile time. - g_autoptr (ComposefsConfig) composefs_config = otcore_load_composefs_config (config, &error); + g_autoptr (ComposefsConfig) composefs_config + = otcore_load_composefs_config (config, TRUE, &error); if (!composefs_config) errx (EXIT_FAILURE, "%s", error->message);