This doesn't have any functional change, other than to use the read builtin instead of a cat command in a shell script. However, it does make the code much cleaner and more reusable. For instance, one can easily build just the verity image or just the UKI. This will be used by the Nix code that generates an update package. The update package needs the root filesystem, the verity superblock, and the UKI. It doesn't need the installer or the live image. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> --- Demi Marie Obenour (2): Create Nix derivation for building verity images Move UKI creation to a separate derivation host/efi.nix | 46 ++++++++++++++++++++++++++++++++++++++++++++++ host/initramfs/Makefile | 25 +++++-------------------- host/initramfs/shell.nix | 4 +++- host/rootfs/Makefile | 24 +++++------------------- host/rootfs/shell.nix | 3 +++ host/verity.nix | 19 +++++++++++++++++++ lib/common.mk | 1 - pkgs/default.nix | 2 ++ release/live/Makefile | 37 +++++-------------------------------- release/live/default.nix | 22 +++++++--------------- 10 files changed, 95 insertions(+), 88 deletions(-) --- base-commit: 43a8c81c58d73967635f57fdd84734d44120bc39 change-id: 20251105-refactor-verity-9c8ca37e021a -- Sincerely, Demi Marie Obenour (she/her/hers)