verity: modernize example in manpage

These days it's no longer necessary to create the verity hash device
with dd, and to transcribe the roothash by hand. Update the example,
also using the file extensions that are used by systemd for verity
autodiscovery (e.g.: RootImage=img.raw will automatically use
img.verity and img.roothash from the same directory, if present).

Signed-off-by: Luca Boccassi <bluca@debian.org>

diff --git a/sys-utils/mount.8.adoc b/sys-utils/mount.8.adoc
index 8739628202c58fffd00fe40bcd4b27a4bf79ee48..eadbaf666a1524650f4d17126cfe03afced4c673 100644 (file)
--- a/sys-utils/mount.8.adoc
+++ b/sys-utils/mount.8.adoc
@@ -1542,13 +1542,12 @@ Supported since util-linux v2.35.
 For example commands:
 
 ....
-mksquashfs /etc /tmp/etc.squashfs
-dd if=/dev/zero of=/tmp/etc.hash bs=1M count=10
-veritysetup format /tmp/etc.squashfs /tmp/etc.hash
-openssl smime -sign -in <hash> -nocerts -inkey private.key \
+mksquashfs /etc /tmp/etc.raw
+veritysetup format /tmp/etc.raw /tmp/etc.verity --root-hash-file=/tmp/etc.roothash
+openssl smime -sign -in /tmp/etc.roothash -nocerts -inkey private.key \
 -signer private.crt -noattr -binary -outform der -out /tmp/etc.roothash.p7s
-mount -o verity.hashdevice=/tmp/etc.hash,verity.roothash=<hash>,\
-verity.roothashsig=/tmp/etc.roothash.p7s /tmp/etc.squashfs /mnt
+mount -o verity.hashdevice=/tmp/etc.verity,verity.roothashfile=/tmp/etc.roothash,\
+verity.roothashsig=/tmp/etc.roothash.p7s /tmp/etc.raw /mnt
 ....
 
 create squashfs image from _/etc_ directory, verity hash device and mount verified filesystem image to _/mnt_. The kernel will verify that the root hash is signed by a key from the kernel keyring if roothashsig is used.