From 62f732207e7cbd226a11b85581c2c33e1e6be409 Mon Sep 17 00:00:00 2001
From: Michael Brown <mcb30@ipxe.org>
Date: Wed, 12 May 2021 14:13:01 +0100
Subject: [image] Propagate trust flag to extracted archive images

An extracted image is wholly derived from the original archive image.
If the original archive image has been verified and marked as trusted,
then this trust logically extends to any image extracted from it.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/core/archive.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/core')

diff --git a/src/core/archive.c b/src/core/archive.c
index 7ef86bd..bb62c7e 100644
--- a/src/core/archive.c
+++ b/src/core/archive.c
@@ -82,6 +82,10 @@ int image_extract ( struct image *image, const char *name,
 	if ( ( rc = register_image ( *extracted ) ) != 0 )
 		goto err_register;
 
+	/* Propagate trust flag */
+	if ( image->flags & IMAGE_TRUSTED )
+		image_trust ( *extracted );
+
 	/* Drop local reference to image */
 	image_put ( *extracted );
 
-- 
cgit v1.1