if p.split_path:
maybe_compress(context, context.config.compress_output, p.split_path)
+ if ArtifactOutput.roothash in context.config.split_artifacts and (
+ roothash := finalize_roothash(partitions)
+ ):
+ (context.staging / context.config.output_split_roothash).write_text(roothash.partition("=")[2])
+
return partitions
partitions = enum.auto()
tar = enum.auto()
pcrs = enum.auto()
+ roothash = enum.auto()
@staticmethod
def compat_no() -> list["ArtifactOutput"]:
def output_split_pcrs(self) -> str:
return f"{self.output}.pcrs"
+ @property
+ def output_split_roothash(self) -> str:
+ return f"{self.output}.roothash"
+
@property
def output_nspawn_settings(self) -> str:
return f"{self.output}.nspawn"
self.output_split_kernel,
self.output_split_initrd,
self.output_split_pcrs,
+ self.output_split_roothash,
self.output_nspawn_settings,
self.output_checksum,
self.output_signature,
`SplitArtifacts=`, `--split-artifacts`
: The artifact types to split out of the final image. A comma-delimited
- list consisting of `uki`, `kernel`, `initrd`, `prcs`, `partitions` and
- `tar`. When building a bootable image `kernel` and `initrd`
+ list consisting of `uki`, `kernel`, `initrd`, `prcs`, `partitions`,
+ `roothash` and `tar`. When building a bootable image `kernel` and `initrd`
correspond to their artifact found in the image (or in the UKI),
while `uki` copies out the entire UKI. If `pcrs` is specified, a JSON
file containing the pre-calculated TPM2 digests is written out, according
When `tar` is specified, the rootfs is additionally archived as a
tar archive (compressed according to `CompressOutput=`).
+ When `roothash` is specified and a dm-verity disk image is built, the dm-verity
+ roothash is written out as a separate file, which is useful for offline signing.
+
By default `uki`, `kernel` and `initrd` are split out.
`RepartDirectories=`, `--repart-directory=`
projects / thirdparty / mkosi.git / commitdiff
