1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
| | # SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: 2021-2024 Alyssa Ross <hi@alyssa.is>
# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com>
import ../lib/call-package.nix (
{ callSpectrumPackage, config, runCommand, stdenv }:
let
efi = import ../host/efi.nix {};
in
runCommand "spectrum-update-directory" {
__structuredAttrs = true;
unsafeDiscardReferences = { out = true; };
dontFixup = true;
env = { VERSION = config.version; };
} ''
# stdenv sets -eo pipefail, but not -u
set -u
mkdir -- "$out"
cd -- "$out"
read -r roothash < ${efi.rootfs}/rootfs.verity.roothash
if ! [[ "$roothash" =~ ^[0-9a-f]{64}$ ]]; then
printf 'Internal error: bad root hash %q\n' "$roothash"
exit 1
fi
cp -- ${efi} "Spectrum_$VERSION.efi"
cp -- ${efi.rootfs}/rootfs.verity.superblock "Spectrum_''${VERSION}_''${roothash:32:32}.verity"
cp -- ${efi.rootfs}/rootfs "Spectrum_''${VERSION}_''${roothash:0:32}.root"
sha256sum -b "Spectrum_$VERSION.efi" \
"Spectrum_''${VERSION}_''${roothash:32:32}.verity" \
"Spectrum_''${VERSION}_''${roothash:0:32}.root" > SHA256SUMS
''
) (_: {})
|