From: Zbigniew Jędrzejewski-Szmek Date: Wed, 6 Oct 2021 11:06:38 +0000 (+0200) Subject: mkosi: add support for verity also for generated roots X-Git-Tag: v11~32^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b92bc64a90afd958414d01e9a4a09e7f1df87dd6;p=thirdparty%2Fmkosi.git mkosi: add support for verity also for generated roots In a sysext, I have a squashfs partition that I want to do verity for. Before this change, we'd fail with an assertion that the root device partition is not set. The conditional is bit busy, but I couldn't find a shorter form that would make mypy happy. --- diff --git a/mkosi/__init__.py b/mkosi/__init__.py index 9f0028cd5..ef22ed4b7 100644 --- a/mkosi/__init__.py +++ b/mkosi/__init__.py @@ -6745,15 +6745,25 @@ def build_image( make_read_only(args, root, for_cache) generated_root = make_generated_root(args, root, for_cache) - insert_generated_root(args, raw, loopdev, generated_root, for_cache) + generated_root_part = insert_generated_root(args, raw, loopdev, generated_root, for_cache) split_root = ( (generated_root or extract_partition(args, encrypted.root, do_run_build_script, for_cache)) if args.split_artifacts else None ) - verity, root_hash = make_verity(args, encrypted.root, do_run_build_script, for_cache) + if args.verity: + root_for_verity = encrypted.root + if root_for_verity is None and generated_root_part is not None: + assert loopdev is not None + root_for_verity = generated_root_part.blockdev(loopdev) + else: + root_for_verity = None + + verity, root_hash = make_verity(args, root_for_verity, do_run_build_script, for_cache) + patch_root_uuid(args, loopdev, root_hash, for_cache) + insert_verity(args, raw, loopdev, verity, root_hash, for_cache) split_verity = verity if args.split_artifacts else None