From abbd1a8dea25ca6352d3fcc7859fc6eb9584e93c Mon Sep 17 00:00:00 2001
From: Michael McCracken <mikmccra@cisco.com>
Date: Thu, 26 Sep 2024 15:24:03 -0700
Subject: [PATCH] verity: also check corruption in existing mounts

If we are mounting a mol where one of the atoms already been mounted,
then we should check the already-mounted devices for any corruption
reported by devicemapper as well, and at least fail to mount the new
image using them.

Signed-off-by: Michael McCracken <mikmccra@cisco.com>
---
 molecule.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/molecule.go b/molecule.go
index 5ba3497..7da19f2 100644
--- a/molecule.go
+++ b/molecule.go
@@ -61,6 +61,11 @@ func (m Molecule) mountUnderlyingAtoms() error {
 				if err != nil {
 					return err
 				}
+				err = squashfs.ConfirmExistingVerityDeviceCurrentValidity(mountpoint.Source,
+					rootHash)
+				if err != nil {
+					return err
+				}
 			}
 			continue
 		}