This doesn't have any functional change, other than to use the read builtin instead of a cat command in a shell script. However, it does make the code much cleaner and more reusable. For instance, one can easily build just the verity image or just the UKI. This will be used by the Nix code that generates an update package. The update package needs the root filesystem, the verity superblock, and the UKI. It doesn't need the installer or the live image. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> --- Changes in v5: - Rebase - Link to v4: https://spectrum-os.org/lists/archives/spectrum-devel/20251119-refactor-veri... Changes in v4: - Many cleanups. - Respond to suggestions from code review. - Link to v3: https://spectrum-os.org/lists/archives/spectrum-devel/20251111-refactor-veri... Changes in v3: - Rebase on main - Link to v2: https://spectrum-os.org/lists/archives/spectrum-devel/20251107-refactor-veri... Changes in v2: - Do not break interactive rootfs development. - Link to v1: https://spectrum-os.org/lists/archives/spectrum-devel/20251105-refactor-veri... --- Demi Marie Obenour (2): Build verity images in rootfs Nix derivation Move UKI creation to a separate derivation host/efi.nix | 40 +++++++++++++++++++++++++++++++++++++++ host/initramfs/Makefile | 26 +++++-------------------- host/initramfs/default.nix | 1 + host/initramfs/shell.nix | 2 +- host/rootfs/Makefile | 47 ++++++++++++++++++++++------------------------ host/rootfs/default.nix | 6 ++++-- host/rootfs/shell.nix | 2 +- lib/common.mk | 4 ++++ release/live/Makefile | 38 +++++-------------------------------- release/live/default.nix | 27 +++++++++++--------------- release/live/shell.nix | 9 ++++++++- 11 files changed, 102 insertions(+), 100 deletions(-) --- base-commit: f41b4ab1e6dace7ee3c184f3154cda76f34be7db change-id: 20251105-refactor-verity-9c8ca37e021a -- Sincerely, Demi Marie Obenour (she/her/hers)