From e139ef9c85ede9227544c86528b0d2c36ec9edf1 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Sun, 28 Aug 2022 00:11:13 +0100
Subject: [PATCH] Verity: rename split files to match what systemd expects

foo.raw means systemd searches automatically for foo.verity, foo.roothash/usrhash,
foo.roothash/usrhash.p7s so make the output match these existing
expectations

      Output Split Root FS: /home/luca/git/mkosi/mkosi.output/debian~unstable/image.usr.raw.zstd
       Output Split Verity: /home/luca/git/mkosi/mkosi.output/debian~unstable/image.usr.verity.zstd
  Output Split Verity Sig.: /home/luca/git/mkosi/mkosi.output/debian~unstable/image.usr.usrhash.p7s.zstd
---
 NEWS.md           |  3 +++
 mkosi/__init__.py | 41 +++++++++++++++++++++++------------------
 2 files changed, 26 insertions(+), 18 deletions(-)

diff --git a/NEWS.md b/NEWS.md
index d1ef30df9..943a53aec 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -27,6 +27,9 @@ on which grub can be installed.
 - mkosi now runs apt and dpkg on the host. As such, we now require apt and dpkg to be
 installed on the host along with debootstrap in order to be able to build debian/ubuntu
 images.
+- Split dm-verity artifacts default names have been changed to match what `systemd`
+  and other tools expect: `image.root.raw`, `image.root.verity`, `image.root.roothash`,
+  `image.root.roothash.p7s` (same for `usr` variants).
 
 ## v13
 
diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index db6b2ea5a..fae669ff7 100644
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -528,15 +528,20 @@ def gpt_root_native(arch: Optional[str], usr_only: bool = False) -> GPTRootTypeT
             die(f"Unknown architecture {arch}.")
 
 
-def roothash_suffix(usr_only: bool = False) -> str:
-    if usr_only:
-        return ".usrhash"
+def root_or_usr(args: Union[MkosiArgs, argparse.Namespace]) -> str:
+    return ".usr" if args.usr_only else ".root"
+
 
-    return ".roothash"
+def roothash_suffix(args: Union[MkosiArgs, argparse.Namespace]) -> str:
+    # For compatibility with what systemd and other tools expect, we need to use "foo.raw" with "foo.roothash",
+    # "foo.verity" and "foo.roothash.p7s". Given we name the artifacts differently for "usr" and "root", we need
+    # to duplicate it for the roothash suffix. "foo.root.raw" and "foo.roothash" would not work for autodetection
+    # and usage.
+    return f"{root_or_usr(args)}{root_or_usr(args)}hash"
 
 
-def roothash_p7s_suffix(usr_only: bool = False) -> str:
-    return roothash_suffix(usr_only) + ".p7s"
+def roothash_p7s_suffix(args: Union[MkosiArgs, argparse.Namespace]) -> str:
+    return f"{roothash_suffix(args)}.p7s"
 
 
 def unshare(flags: int) -> None:
@@ -4218,7 +4223,7 @@ def write_root_hash_file(args: MkosiArgs, root_hash: Optional[str]) -> Optional[
 
     assert args.output_root_hash_file is not None
 
-    suffix = roothash_suffix(args.usr_only)
+    suffix = roothash_suffix(args)
     with complete_step(f"Writing {suffix} file…"):
         f: BinaryIO = cast(
             BinaryIO,
@@ -4236,7 +4241,7 @@ def write_root_hash_p7s_file(args: MkosiArgs, root_hash_p7s: Optional[bytes]) ->
 
     assert args.output_root_hash_p7s_file is not None
 
-    suffix = roothash_p7s_suffix(args.usr_only)
+    suffix = roothash_p7s_suffix(args)
     with complete_step(f"Writing {suffix} file…"):
         f: BinaryIO = cast(
             BinaryIO,
@@ -4488,7 +4493,7 @@ def link_output_checksum(args: MkosiArgs, checksum: Optional[SomeIO]) -> None:
 def link_output_root_hash_file(args: MkosiArgs, root_hash_file: Optional[SomeIO]) -> None:
     if root_hash_file:
         assert args.output_root_hash_file
-        suffix = roothash_suffix(args.usr_only)
+        suffix = roothash_suffix(args)
         with complete_step(f"Linking {suffix} file…", f"Linked {path_relative_to_cwd(args.output_root_hash_file)}"):
             _link_output(args, root_hash_file.name, args.output_root_hash_file)
 
@@ -4496,7 +4501,7 @@ def link_output_root_hash_file(args: MkosiArgs, root_hash_file: Optional[SomeIO]
 def link_output_root_hash_p7s_file(args: MkosiArgs, root_hash_p7s_file: Optional[SomeIO]) -> None:
     if root_hash_p7s_file:
         assert args.output_root_hash_p7s_file
-        suffix = roothash_p7s_suffix(args.usr_only)
+        suffix = roothash_p7s_suffix(args)
         with complete_step(
             f"Linking {suffix} file…", f"Linked {path_relative_to_cwd(args.output_root_hash_p7s_file)}"
         ):
@@ -6504,10 +6509,10 @@ def load_args(args: argparse.Namespace) -> MkosiArgs:
 
     if args.verity:
         args.read_only = True
-        args.output_root_hash_file = build_auxiliary_output_path(args, roothash_suffix(args.usr_only))
+        args.output_root_hash_file = build_auxiliary_output_path(args, roothash_suffix(args))
 
         if args.verity == "signed":
-            args.output_root_hash_p7s_file = build_auxiliary_output_path(args, roothash_p7s_suffix(args.usr_only))
+            args.output_root_hash_p7s_file = build_auxiliary_output_path(args, roothash_p7s_suffix(args))
 
     if args.checksum:
         args.output_checksum = args.output.with_name("SHA256SUMS")
@@ -6527,11 +6532,11 @@ def load_args(args: argparse.Namespace) -> MkosiArgs:
         args.output_sshkey = args.output.with_name("id_rsa")
 
     if args.split_artifacts:
-        args.output_split_root = build_auxiliary_output_path(args, ".usr" if args.usr_only else ".root", True)
+        args.output_split_root = build_auxiliary_output_path(args, f"{root_or_usr(args)}.raw", True)
         if args.verity:
-            args.output_split_verity = build_auxiliary_output_path(args, ".verity", True)
+            args.output_split_verity = build_auxiliary_output_path(args, f"{root_or_usr(args)}.verity", True)
             if args.verity == "signed":
-                args.output_split_verity_sig = build_auxiliary_output_path(args, ".p7s", True)
+                args.output_split_verity_sig = build_auxiliary_output_path(args, f"{roothash_suffix(args)}.p7s", True)
         if args.bootable:
             args.output_split_kernel = build_auxiliary_output_path(args, ".efi", True)
 
@@ -7469,9 +7474,9 @@ def build_stuff(args: MkosiArgs) -> Manifest:
         raw = qcow2_output(args, image.raw)
         bmap = calculate_bmap(args, raw)
         raw = compress_output(args, raw)
-        split_root = compress_output(args, image.split_root, ".usr" if args.usr_only else ".root")
-        split_verity = compress_output(args, image.split_verity, ".verity")
-        split_verity_sig = compress_output(args, image.split_verity_sig, ".p7s")
+        split_root = compress_output(args, image.split_root, f"{root_or_usr(args)}.raw")
+        split_verity = compress_output(args, image.split_verity, f"{root_or_usr(args)}.verity")
+        split_verity_sig = compress_output(args, image.split_verity_sig, roothash_p7s_suffix(args))
         split_kernel = compress_output(args, image.split_kernel, ".efi")
         root_hash_file = write_root_hash_file(args, image.root_hash)
         root_hash_p7s_file = write_root_hash_p7s_file(args, image.root_hash_p7s)
-- 
2.47.2