No functional change intended. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> --- host/rootfs/Makefile | 15 +-------------- host/rootfs/default.nix | 7 ++++--- lib/verity.mk | 18 ++++++++++++++++++ release/live/Makefile | 17 +---------------- release/live/default.nix | 1 + 5 files changed, 25 insertions(+), 33 deletions(-) diff --git a/host/rootfs/Makefile b/host/rootfs/Makefile index 35adb3d972c1a30705a5b123c65abf837617eb72..4712d9063e9f2e3c9b8b7b4fb2a7e54d119c6840 100644 --- a/host/rootfs/Makefile +++ b/host/rootfs/Makefile @@ -87,20 +87,7 @@ clean: rm -rf build .PHONY: clean -# veritysetup format produces two files, but Make only (portably) -# supports one output per rule, so we combine the two outputs then -# define two more rules to separate them again. -build/rootfs.verity: $(dest) - set -euo pipefail; $(VERITYSETUP) format $(dest) build/rootfs.verity.superblock.tmp \ - | awk -F ':[[:blank:]]*' '$$1 == "Root hash" {print $$2; exit}' \ - > build/rootfs.verity.roothash.tmp - cat build/rootfs.verity.roothash.tmp build/rootfs.verity.superblock.tmp \ - > $@ - rm build/rootfs.verity.roothash.tmp build/rootfs.verity.superblock.tmp -build/rootfs.verity.roothash: build/rootfs.verity - head -n 1 build/rootfs.verity > $@ -build/rootfs.verity.superblock: build/rootfs.verity - { read -r && cat; } < build/rootfs.verity > $@ +include ../../lib/verity.mk build/live.img: $(LIVE_IMAGE_DEPS) $(dest) ../../scripts/make-live-image.sh live $@ $(dest) diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix index 995b9bfd4c53edf9fa060011c128464518d15d6e..cb39f0d77b6640198da3ab840a2c8ca7cc1c91a1 100644 --- a/host/rootfs/default.nix +++ b/host/rootfs/default.nix @@ -8,8 +8,8 @@ import ../../lib/call-package.nix ( }: pkgsStatic.callPackage ( -{ btrfs-progs, busybox, cloud-hypervisor, cryptsetup, dbus, erofs-utils -, execline, inkscape, inotify-tools, iproute2, jq, lib, mdevd, nixos +{ busybox, cloud-hypervisor, cryptsetup, dbus, erofs-utils, execline +, inkscape, inotify-tools, iproute2, jq, lib, mdevd, nixos , runCommand, s6, s6-linux-init, s6-rc, socat, spectrum-host-tools , stdenvNoCC, util-linux, virtiofsd, writeClosure , xdg-desktop-portal-spectrum-host, xorg @@ -82,7 +82,7 @@ let # Packages that should be fully linked into /usr, # (not just their bin/* files). usrPackages = [ - appvm btrfs-progs firmware kernel.modules kmod kmod.lib + appvm firmware kernel.modules kmod kmod.lib netvm mesa dejavu_fonts systemd util-linux westonLite ]; @@ -134,6 +134,7 @@ stdenvNoCC.mkDerivation { ./. ../../lib/common.mk ../../lib/kcmdline-utils.mk + ../../lib/verity.mk ../../scripts/make-erofs.sh ../../version ]); diff --git a/lib/verity.mk b/lib/verity.mk new file mode 100644 index 0000000000000000000000000000000000000000..77945d14f37d62e67274a7356613f8e7f162f809 --- /dev/null +++ b/lib/verity.mk @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: EUPL-1.2+ +# SPDX-FileCopyrightText: 2021-2024 Alyssa Ross <hi@alyssa.is> + +# veritysetup format produces two files, but Make only (portably) +# supports one output per rule, so we combine the two outputs then +# define two more rules to separate them again. +build/rootfs.verity: $(ROOT_FS) + mkdir -p build + $(VERITYSETUP) format $(ROOT_FS) build/rootfs.verity.superblock.tmp \ + | awk -F ':[[:blank:]]*' '$$1 == "Root hash" {print $$2; exit}' \ + > build/rootfs.verity.roothash.tmp + cat build/rootfs.verity.roothash.tmp build/rootfs.verity.superblock.tmp \ + > $@ + rm build/rootfs.verity.roothash.tmp build/rootfs.verity.superblock.tmp +build/rootfs.verity.roothash: build/rootfs.verity + head -n 1 build/rootfs.verity > $@ +build/rootfs.verity.superblock: build/rootfs.verity + { read -r && cat;} < build/rootfs.verity > $@ diff --git a/release/live/Makefile b/release/live/Makefile index 9aa2488a57ba583ff49f0d95af4f91878a0cd5dd..e6e91eee0f418114174e20384531788759a7db09 100644 --- a/release/live/Makefile +++ b/release/live/Makefile @@ -5,6 +5,7 @@ include ../../lib/common.mk include ../../lib/kcmdline-utils.mk +include ../../lib/verity.mk DTBS ?= build/empty @@ -51,22 +52,6 @@ build/boot.fat: $(SYSTEMD_BOOT_EFI) build/spectrum.efi $(MCOPY) -i $@ build/spectrum.efi ::/EFI/Linux $(MCOPY) -i $@ $(SYSTEMD_BOOT_EFI) ::/EFI/BOOT/$(EFINAME) -# veritysetup format produces two files, but Make only (portably) -# supports one output per rule, so we combine the two outputs then -# define two more rules to separate them again. -build/rootfs.verity: $(ROOT_FS) - mkdir -p build - $(VERITYSETUP) format $(ROOT_FS) build/rootfs.verity.superblock.tmp \ - | awk -F ':[[:blank:]]*' '$$1 == "Root hash" {print $$2; exit}' \ - > build/rootfs.verity.roothash.tmp - cat build/rootfs.verity.roothash.tmp build/rootfs.verity.superblock.tmp \ - > $@ - rm build/rootfs.verity.roothash.tmp build/rootfs.verity.superblock.tmp -build/rootfs.verity.roothash: build/rootfs.verity - head -n 1 build/rootfs.verity > $@ -build/rootfs.verity.superblock: build/rootfs.verity - tail -n +2 build/rootfs.verity > $@ - clean: rm -rf build .PHONY: clean diff --git a/release/live/default.nix b/release/live/default.nix index c6dcabd49363e113eb0783ced2a167633a6e19c3..08dc198afc25b6362f2aedabf9e9450dd02eb4ad 100644 --- a/release/live/default.nix +++ b/release/live/default.nix @@ -34,6 +34,7 @@ stdenv.mkDerivation { ./. ../../lib/common.mk ../../lib/kcmdline-utils.mk + ../../lib/verity.mk ../../scripts/format-uuid.awk ../../scripts/format-uuid.sh ../../scripts/make-gpt.bash -- 2.51.2