From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 996088125;
	Wed, 29 Oct 2025 10:14:34 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id 490CA80B2; Wed, 29 Oct 2025 10:14:30 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_PASS,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,
	SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=4.0.1
Received: from mail-yw1-x1133.google.com (mail-yw1-x1133.google.com
 [IPv6:2607:f8b0:4864:20::1133])
	by atuin.qyliss.net (Postfix) with ESMTPS id 2FBE5804D
	for <devel@spectrum-os.org>; Wed, 29 Oct 2025 10:14:27 +0000 (UTC)
Received: by mail-yw1-x1133.google.com with SMTP id
 00721157ae682-7847ee5f59dso98067767b3.2
        for <devel@spectrum-os.org>; Wed, 29 Oct 2025 03:14:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1761732866; x=1762337666;
 darn=spectrum-os.org;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=TCSen1TYdvYOIyvRX1TpgsrB/Lw9Ms9PdFW7jd6zSsI=;
        b=B2V2l1PiV6HCL7Wko4zF+j2Sy1YSu1VEOKRI3HqLpEJKowbArB4eho4riqrwWcasjZ
         0UFyBEto2eSFnZQ14b7gkV7nf1ZzCGPdx4yq6NEmX891c62dxY4mhOS3ZhXO34G4HdJU
         7GGNnqs4wIiz0J/Mlo0dlqeBJbhMVXGwIIwpTrMmUtPKlRTESW/3TWMTFEPYIvGp99Z3
         RymU/keN+/Tmf24GmjLyLGyNdFQF25SFh/523benP3Uj4ZJybqyTBqlfZsnk2OswLgzY
         ssMcbvZIfgD6XCMjO3LXg/yphnRiej+m1ijjQM2Mieum7K/zn0Wz0puXyUNqjwObyXoz
         30Uw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1761732866; x=1762337666;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=TCSen1TYdvYOIyvRX1TpgsrB/Lw9Ms9PdFW7jd6zSsI=;
        b=ZhZWP7fVgS7smFQzk10c/J1qp212dZAigp0t4J4BCznzcDFeDsUBTUbajbVpTipYZM
         1MpWVS64ZclQ8QR4ZL1AkPXPNOnDt8guKtl3rJCK6W3H0uWP5NU102G+n7ZGJC3isjCo
         /D81RYZ7vVsRrjqGIKoT6J24ty2LhI3iUj7TLaNmhnimDQAXgmBED6nkD4jobVu8E7OX
         f5N4a4KzGpGYYy1DxRfoQMNcYs/otT3Ief9e9r6t9Qko9LKxKUN8UzzHGPSj3/TCJBe+
         1mYZv34mzcb8qjggmqnNhzLnk8vD67g0fzXhWKSkqPrwseZf5vQYHylCOnWWiL18ZXEU
         7BVQ==
X-Gm-Message-State: AOJu0YymQYQRsmNBAVoyrPCDnmkkWzXcVOtzTBeoyKHPQqUP8IMdywHg
	UEXNn6HRnwT+BpIfWKTaNB5kUaslkTlzp9EKecpVw1bFW9PDNxqU5PbTg8ny9w==
X-Gm-Gg: ASbGncudQ1NThjj885D96utKBDCjiNFOlHBtRabuRYdMXuIOLxdnWQk3HUdSTFpUrya
	H8DS6CAy/kqcZYW060fhYwJci5vVcO7ZsAw1ijzAUp3fl1mnSy6sr3Q5nyjilDwbG2gBmTZZXQK
	LDENNgh1Z+HckGNykY8DGO/vyq2Z4gvK0hRb9j2Tj1Y3EG7hbXuNiE6lsHjSUdbd79vWsB2QUxA
	TtbxRLgB+WhFFs4k7flgbp1JUQqZYPCBeUbc6gnnOxs/ZHJWkqdvukJ6FZxUb0DQH0HmFgM0ZjT
	7z6/jhWQERJl1GEpLxLeLXsncjuJDX1GwvuRSukKnWo6KpjzdEkXS9J5sPzcMg6WSHECagLdWfr
	ygnWJN9Qw6F7pTj0d814bC3mOh6j+/msABL0gKiwCaOF7kJmxFVa8T7yudud6Nl0bzd2a3/gctp
	yPq0pAqUPwXsSs0kK7O6P1dNlWQw3Tu63091O532uUdWeOjBPUmNvkeE3Hd3bw9X6P+GySoYLm0
	XpKtEYRd+S4BSYpl4Kd/QjthJRKs4exJV4=
X-Google-Smtp-Source: 
 AGHT+IGZofAsaLGd5Gqa4m76bLsgfUycskaXnsJ7MpII5c4NCZZC0bLCkoigmYRzYLUK9HPsCo4rRg==
X-Received: by 2002:a05:690c:4808:b0:783:7143:d80c with SMTP id
 00721157ae682-78628e84c7emr23967617b3.13.1761732865916;
        Wed, 29 Oct 2025 03:14:25 -0700 (PDT)
Received: from localhost.localdomain
 (h96-60-249-169.cncrtn.broadband.dynamic.tds.net. [96.60.249.169])
        by smtp.gmail.com with UTF8SMTPSA id
 00721157ae682-785ed17ec62sm35507467b3.19.2025.10.29.03.14.25
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 29 Oct 2025 03:14:25 -0700 (PDT)
From: Demi Marie Obenour <demiobenour@gmail.com>
Date: Wed, 29 Oct 2025 06:12:45 -0400
Subject: [PATCH 6/7] Factor out dm-verity build rules
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <20251029-updates-v1-6-401c1be2a11b@gmail.com>
References: <20251029-updates-v1-0-401c1be2a11b@gmail.com>
In-Reply-To: <20251029-updates-v1-0-401c1be2a11b@gmail.com>
To: Spectrum OS Development <devel@spectrum-os.org>
X-Mailer: b4 0.14.3
X-Developer-Signature: v=1; a=ed25519-sha256; t=1761732759; l=5809;
 i=demiobenour@gmail.com; s=20250729; h=from:subject:message-id;
 bh=R02quY5MB9veLpmIcOaZK3BVpjX0WAB4vd3d9vs/Gkc=;
 b=0vKkJvdx1NwRjta5Y+qKKbDBqaVJlE0yuIcz9HpTcH1LuIYcB1zZEiVuOo4LSqd3h2mPWpd7k
 VPCe3Vt519DASD8TIp8hxbcUR27s15vchAQAHcuC6kW0IjAd3FLGJ1j
X-Developer-Key: i=demiobenour@gmail.com; a=ed25519;
 pk=X57Q4/YQDj9t4SBeKaDwvXYKB6quZJVx/DE2Ly2out0=
Message-ID-Hash: JDGOQPLHX5O4CP5EEA2E3RI4UUOOW7II
X-Message-ID-Hash: JDGOQPLHX5O4CP5EEA2E3RI4UUOOW7II
X-MailFrom: demiobenour@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: Demi Marie Obenour <demiobenour@gmail.com>, Alyssa Ross <hi@alyssa.is>
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/JDGOQPLHX5O4CP5EEA2E3RI4UUOOW7II/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

No functional change intended.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
---
 host/rootfs/Makefile     | 15 +--------------
 host/rootfs/default.nix  |  7 ++++---
 lib/verity.mk            | 18 ++++++++++++++++++
 release/live/Makefile    | 17 +----------------
 release/live/default.nix |  1 +
 5 files changed, 25 insertions(+), 33 deletions(-)

diff --git a/host/rootfs/Makefile b/host/rootfs/Makefile
index 35adb3d972c1a30705a5b123c65abf837617eb72..4712d9063e9f2e3c9b8b7b4fb2a7e54d119c6840 100644
--- a/host/rootfs/Makefile
+++ b/host/rootfs/Makefile
@@ -87,20 +87,7 @@ clean:
 	rm -rf build
 .PHONY: clean
 
-# veritysetup format produces two files, but Make only (portably)
-# supports one output per rule, so we combine the two outputs then
-# define two more rules to separate them again.
-build/rootfs.verity: $(dest)
-	set -euo pipefail; $(VERITYSETUP) format $(dest) build/rootfs.verity.superblock.tmp \
-	    | awk -F ':[[:blank:]]*' '$$1 == "Root hash" {print $$2; exit}' \
-	    > build/rootfs.verity.roothash.tmp
-	cat build/rootfs.verity.roothash.tmp build/rootfs.verity.superblock.tmp \
-	    > $@
-	rm build/rootfs.verity.roothash.tmp build/rootfs.verity.superblock.tmp
-build/rootfs.verity.roothash: build/rootfs.verity
-	head -n 1 build/rootfs.verity > $@
-build/rootfs.verity.superblock: build/rootfs.verity
-	{ read -r && cat; } < build/rootfs.verity > $@
+include ../../lib/verity.mk
 
 build/live.img: $(LIVE_IMAGE_DEPS) $(dest)
 	../../scripts/make-live-image.sh live $@ $(dest)
diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix
index 995b9bfd4c53edf9fa060011c128464518d15d6e..cb39f0d77b6640198da3ab840a2c8ca7cc1c91a1 100644
--- a/host/rootfs/default.nix
+++ b/host/rootfs/default.nix
@@ -8,8 +8,8 @@ import ../../lib/call-package.nix (
 }:
 pkgsStatic.callPackage (
 
-{ btrfs-progs, busybox, cloud-hypervisor, cryptsetup, dbus, erofs-utils
-, execline, inkscape, inotify-tools, iproute2, jq, lib, mdevd, nixos
+{ busybox, cloud-hypervisor, cryptsetup, dbus, erofs-utils, execline
+, inkscape, inotify-tools, iproute2, jq, lib, mdevd, nixos
 , runCommand, s6, s6-linux-init, s6-rc, socat, spectrum-host-tools
 , stdenvNoCC, util-linux, virtiofsd, writeClosure
 , xdg-desktop-portal-spectrum-host, xorg
@@ -82,7 +82,7 @@ let
   # Packages that should be fully linked into /usr,
   # (not just their bin/* files).
   usrPackages = [
-    appvm btrfs-progs firmware kernel.modules kmod kmod.lib
+    appvm firmware kernel.modules kmod kmod.lib
     netvm mesa dejavu_fonts systemd util-linux westonLite
   ];
 
@@ -134,6 +134,7 @@ stdenvNoCC.mkDerivation {
       ./.
       ../../lib/common.mk
       ../../lib/kcmdline-utils.mk
+      ../../lib/verity.mk
       ../../scripts/make-erofs.sh
       ../../version
     ]);
diff --git a/lib/verity.mk b/lib/verity.mk
new file mode 100644
index 0000000000000000000000000000000000000000..77945d14f37d62e67274a7356613f8e7f162f809
--- /dev/null
+++ b/lib/verity.mk
@@ -0,0 +1,18 @@
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2021-2024 Alyssa Ross <hi@alyssa.is>
+
+# veritysetup format produces two files, but Make only (portably)
+# supports one output per rule, so we combine the two outputs then
+# define two more rules to separate them again.
+build/rootfs.verity: $(ROOT_FS)
+	mkdir -p build
+	$(VERITYSETUP) format $(ROOT_FS) build/rootfs.verity.superblock.tmp \
+	    | awk -F ':[[:blank:]]*' '$$1 == "Root hash" {print $$2; exit}' \
+	    > build/rootfs.verity.roothash.tmp
+	cat build/rootfs.verity.roothash.tmp build/rootfs.verity.superblock.tmp \
+	    > $@
+	rm build/rootfs.verity.roothash.tmp build/rootfs.verity.superblock.tmp
+build/rootfs.verity.roothash: build/rootfs.verity
+	head -n 1 build/rootfs.verity > $@
+build/rootfs.verity.superblock: build/rootfs.verity
+	{ read -r && cat;} < build/rootfs.verity > $@
diff --git a/release/live/Makefile b/release/live/Makefile
index 9aa2488a57ba583ff49f0d95af4f91878a0cd5dd..e6e91eee0f418114174e20384531788759a7db09 100644
--- a/release/live/Makefile
+++ b/release/live/Makefile
@@ -5,6 +5,7 @@
 
 include ../../lib/common.mk
 include ../../lib/kcmdline-utils.mk
+include ../../lib/verity.mk
 
 DTBS ?= build/empty
 
@@ -51,22 +52,6 @@ build/boot.fat: $(SYSTEMD_BOOT_EFI) build/spectrum.efi
 	$(MCOPY) -i $@ build/spectrum.efi ::/EFI/Linux
 	$(MCOPY) -i $@ $(SYSTEMD_BOOT_EFI) ::/EFI/BOOT/$(EFINAME)
 
-# veritysetup format produces two files, but Make only (portably)
-# supports one output per rule, so we combine the two outputs then
-# define two more rules to separate them again.
-build/rootfs.verity: $(ROOT_FS)
-	mkdir -p build
-	$(VERITYSETUP) format $(ROOT_FS) build/rootfs.verity.superblock.tmp \
-	    | awk -F ':[[:blank:]]*' '$$1 == "Root hash" {print $$2; exit}' \
-	    > build/rootfs.verity.roothash.tmp
-	cat build/rootfs.verity.roothash.tmp build/rootfs.verity.superblock.tmp \
-	    > $@
-	rm build/rootfs.verity.roothash.tmp build/rootfs.verity.superblock.tmp
-build/rootfs.verity.roothash: build/rootfs.verity
-	head -n 1 build/rootfs.verity > $@
-build/rootfs.verity.superblock: build/rootfs.verity
-	tail -n +2 build/rootfs.verity > $@
-
 clean:
 	rm -rf build
 .PHONY: clean
diff --git a/release/live/default.nix b/release/live/default.nix
index c6dcabd49363e113eb0783ced2a167633a6e19c3..08dc198afc25b6362f2aedabf9e9450dd02eb4ad 100644
--- a/release/live/default.nix
+++ b/release/live/default.nix
@@ -34,6 +34,7 @@ stdenv.mkDerivation {
       ./.
       ../../lib/common.mk
       ../../lib/kcmdline-utils.mk
+      ../../lib/verity.mk
       ../../scripts/format-uuid.awk
       ../../scripts/format-uuid.sh
       ../../scripts/make-gpt.bash

-- 
2.51.2