This step provides versioned release artifacts. Writing a detached OpenPGP signature of SHA256SUMS to SHA256SUMS.gpg is sufficient to create a directory usable by systemd-sysupdate. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> --- host/rootfs/Makefile | 4 ++-- host/rootfs/default.nix | 6 +++--- release/checks/integration/default.nix | 2 +- release/combined/eosimages.nix | 2 +- release/live/Makefile | 14 ++++++++++++++ release/live/default.nix | 5 +---- 6 files changed, 22 insertions(+), 11 deletions(-) diff --git a/host/rootfs/Makefile b/host/rootfs/Makefile index 84f1b385198ecfa5905b69e4901e56150ea1b424..35adb3d972c1a30705a5b123c65abf837617eb72 100644 --- a/host/rootfs/Makefile +++ b/host/rootfs/Makefile @@ -91,7 +91,7 @@ clean: # supports one output per rule, so we combine the two outputs then # define two more rules to separate them again. build/rootfs.verity: $(dest) - $(VERITYSETUP) format $(dest) build/rootfs.verity.superblock.tmp \ + set -euo pipefail; $(VERITYSETUP) format $(dest) build/rootfs.verity.superblock.tmp \ | awk -F ':[[:blank:]]*' '$$1 == "Root hash" {print $$2; exit}' \ > build/rootfs.verity.roothash.tmp cat build/rootfs.verity.roothash.tmp build/rootfs.verity.superblock.tmp \ @@ -100,7 +100,7 @@ build/rootfs.verity: $(dest) build/rootfs.verity.roothash: build/rootfs.verity head -n 1 build/rootfs.verity > $@ build/rootfs.verity.superblock: build/rootfs.verity - tail -n +2 build/rootfs.verity > $@ + { read -r && cat; } < build/rootfs.verity > $@ build/live.img: $(LIVE_IMAGE_DEPS) $(dest) ../../scripts/make-live-image.sh live $@ $(dest) diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix index bc364b930b30e00c55b17b5e4248a303392cf3a0..995b9bfd4c53edf9fa060011c128464518d15d6e 100644 --- a/host/rootfs/default.nix +++ b/host/rootfs/default.nix @@ -8,8 +8,8 @@ import ../../lib/call-package.nix ( }: pkgsStatic.callPackage ( -{ busybox, cloud-hypervisor, cryptsetup, dbus, erofs-utils, execline -, inkscape, inotify-tools, iproute2, jq, lib, mdevd, nixos +{ btrfs-progs, busybox, cloud-hypervisor, cryptsetup, dbus, erofs-utils +, execline, inkscape, inotify-tools, iproute2, jq, lib, mdevd, nixos , runCommand, s6, s6-linux-init, s6-rc, socat, spectrum-host-tools , stdenvNoCC, util-linux, virtiofsd, writeClosure , xdg-desktop-portal-spectrum-host, xorg @@ -82,7 +82,7 @@ let # Packages that should be fully linked into /usr, # (not just their bin/* files). usrPackages = [ - appvm kernel.modules firmware kmod kmod.lib + appvm btrfs-progs firmware kernel.modules kmod kmod.lib netvm mesa dejavu_fonts systemd util-linux westonLite ]; diff --git a/release/checks/integration/default.nix b/release/checks/integration/default.nix index 340fb6e11fed5971caf879d0a8a40baf395a7589..947d9cb8f2a5e1d7e93b6814581d33e342b522fc 100644 --- a/release/checks/integration/default.nix +++ b/release/checks/integration/default.nix @@ -86,7 +86,7 @@ stdenv.mkDerivation (finalAttrs: { env = { QEMU_SYSTEM = "qemu-system-${stdenv.hostPlatform.qemuArch} -nographic"; EFI_PATH = "${qemu_kvm}/share/qemu/edk2-${stdenv.hostPlatform.qemuArch}-code.fd"; - IMG_PATH = live; + IMG_PATH = "${live}/live.img"; USER_DATA_PATH = userData; }; diff --git a/release/combined/eosimages.nix b/release/combined/eosimages.nix index ba44d9cd82d55d491293ed36cc0402db8ebd3ffe..b168dcf61a74f96fed1d52858c0c3ebfc311873c 100644 --- a/release/combined/eosimages.nix +++ b/release/combined/eosimages.nix @@ -7,7 +7,7 @@ import ../../lib/call-package.nix ( runCommand "eosimages.img" { nativeBuildInputs = [ e2fsprogs tar2ext4 ]; imageName = "Spectrum-0.0-x86_64-generic.0.Live.img"; - image = callSpectrumPackage ../live {}; + image = "${callSpectrumPackage ../live {}}/live.img"; __structuredAttrs = true; unsafeDiscardReferences = { out = true; }; dontFixup = true; diff --git a/release/live/Makefile b/release/live/Makefile index 3072d869f13efbf5ea196d191881aeab85726d2e..9aa2488a57ba583ff49f0d95af4f91878a0cd5dd 100644 --- a/release/live/Makefile +++ b/release/live/Makefile @@ -30,6 +30,20 @@ build/spectrum.efi: build/rootfs.verity.roothash $(DTBS) $(KERNEL) $(INITRAMFS) --os-release $$'NAME="Spectrum"\n' \ --cmdline "ro intel_iommu=on x-spectrum-roothash=$$roothash x-spectrum-version=$$VERSION" +install: build/rootfs.verity.superblock $(ROOT_FS) build/spectrum.efi $(dest) + set -euo pipefail; \ + $(READ_ROOTHASH); \ + mkdir -p -- $(DESTDIR) build; \ + cp -- build/rootfs.verity.superblock $(DESTDIR)/"Spectrum_OS_$$VERSION.verity"; \ + cp -- $(ROOT_FS) $(DESTDIR)/"Spectrum_OS_$$VERSION.root"; \ + cp -- build/spectrum.efi $(DESTDIR)/"Spectrum_OS_$$VERSION.efi"; \ + cp $(dest) $(DESTDIR)/live.img; \ + cd $(DESTDIR); \ + sha256sum live.img \ + "Spectrum_OS_$$VERSION.root" \ + "Spectrum_OS_$$VERSION.verity" \ + "Spectrum_OS_$$VERSION.efi" > SHA256SUMS + build/boot.fat: $(SYSTEMD_BOOT_EFI) build/spectrum.efi $(TRUNCATE) -s 440401920 $@ $(MKFS_FAT) $@ diff --git a/release/live/default.nix b/release/live/default.nix index b5c0c8df31d4c6cb7fdd2337e8169f36655dd1a8..c6dcabd49363e113eb0783ced2a167633a6e19c3 100644 --- a/release/live/default.nix +++ b/release/live/default.nix @@ -56,14 +56,11 @@ stdenv.mkDerivation { SYSTEMD_BOOT_EFI = "${systemd}/lib/systemd/boot/efi/systemd-boot${efiArch}.efi"; EFINAME = "BOOT${toUpper efiArch}.EFI"; VERSION = import ../../lib/version.nix; + DESTDIR = "$(out)"; } // lib.optionalAttrs stdenv.hostPlatform.linux-kernel.DTB or false { DTBS = "${rootfs.kernel}/dtbs"; }; - buildFlags = [ "dest=$(out)" ]; - - dontInstall = true; - enableParallelBuilding = true; __structuredAttrs = true; -- 2.51.2