From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 3701E1B3C9; Wed, 19 Nov 2025 08:16:38 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id DEE0D1B41E; Wed, 19 Nov 2025 08:16:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_PASS,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=4.0.1 Received: from mail-yx1-xb12d.google.com (mail-yx1-xb12d.google.com [IPv6:2607:f8b0:4864:20::b12d]) by atuin.qyliss.net (Postfix) with ESMTPS id 19ADE1B40B for ; Wed, 19 Nov 2025 08:16:33 +0000 (UTC) Received: by mail-yx1-xb12d.google.com with SMTP id 956f58d0204a3-63fc6115d65so6167145d50.0 for ; Wed, 19 Nov 2025 00:16:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763540186; x=1764144986; darn=spectrum-os.org; h=cc:to:references:in-reply-to:content-transfer-encoding:mime-version :message-id:date:subject:from:from:to:cc:subject:date:message-id :reply-to; bh=MKLDwe+yJb3rv2jujXsX+wCVV3NA4xt9kpM2PjidtGs=; b=nnYRecqVxijXXf4CEKMZGpG7Fxk3YD+C1sHNb00tlRUtjNOUCp7U3tLr7GIeOLS11D nlvoLN5LjltRBgBalv7j3xbGoTzWO70YAIBbIau4WrYy1gE8deBoQCY0Ub6jMRTng28k si/KDoDKi1XUqHQ6oHWDd6rXQJR4VM9xk3ztLnaEPZtMkLfJwFUiPHdY8zIAvsYENKGq pMwmrckoAB/rZgmXCIdM+aEcZwPVntpaXxn3ci/rDrp1LIQ/xTTV6QMj8onYIWMhMVp7 tf4lv4NGC0uUitGFbpMtlBXjaD4nN9yFZNsjnN3eDJnfB3dGEAh0hG7+NTpqO9fqL102 DHsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763540186; x=1764144986; h=cc:to:references:in-reply-to:content-transfer-encoding:mime-version :message-id:date:subject:from:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MKLDwe+yJb3rv2jujXsX+wCVV3NA4xt9kpM2PjidtGs=; b=DmsOX504lCfwrbfHgNPOy4jP8/3+SnM1LsHybWMarYr9FMeunLeYadrYYyseyOlEeq zHlZvHVFvUUrEJM00MVSPWdIIxUC5TxX7z7Y3uo8h6GTabQwQpN+t5Ptnjdf280MVs8j mOc3ZK9JU8hzRsL8bEOnr3lKLMJ3Jpc2pV2TRVVa3/CxaIzPTA23bi7Nv+uXa3sceVL8 0Je4roCEVVoynbTbDzrEF+tBXhKlJerVsBBXiiXNpM3ULSDhMJIlMhrB36cqx0h9xnG+ iBj/AbZh4yJtaM43+yYMTq8C+cCfBdy1j/ZPsjBhlLk/jjTszjLwfdHjlfh3C3l3h3l9 jDQA== X-Gm-Message-State: AOJu0Yz13xIjupI4eGaC+ciXbJAM20dIcrVswbS5u2+zoCRzih7dfX8n 2NtLM4RDcq9kpMBj5zHnuqGeDUW1+nZm7EYcRIoqpnTCB8yiIyS5P2zZjnoBog== X-Gm-Gg: ASbGncuXYpej5JFlJgmbnnVDkbLnevwljTs6sp3x5XT5+OKjuqCzPVtOKcMFvWVpNTF CX/CrgtL5lQ5ik5EtZhDZX0DUY+iSvbV+/OHuVoMbw8dfTiEeUmwD0OZ3fWTKzPVVAE0iuetnHs FlKBzw2JProtguk4T6YuyNJl71LkOM2BZW6IKJINrVHYoze11fTktMqMS0aoBQMY+K49v7fBYOi 6rS3UdbykcRDOHoYeF9Fc624V5R5BOpou9MhgoeMwY0h+hUE8qB9h8YlYh3WCF/3u1To9mY/Npm tv0P8wA1sQlFbqMzm9ByD8zmzc+ZwpCOaj7GlPgGbBJa8ZbkAbtzps5bZkOzARVZk4Lqgj51uTU mI6GhUBTOFtHhB8Nvxrbo+uCIuo1tqXMKk+BAD2JfLlbGIWwMrrY8jiEQm7OujBHzf/ru9sCD2F /OD43twVAdZJgzMVUFRUQSLGmVk90gJ3a7vphhHo+Wh7GPj972h0kQeffez2VlkkzY5Tbu2U+IO CeQqace29iBgiQmz5Dx5INgc9P8GYx4XB0= X-Google-Smtp-Source: AGHT+IHCXoKGXzCNhzO0UBfYfGDmpsf3DIdq0XyxMgvpQo7mZdGB7gzuCI/QYSIiWmzLCKD/4NRE9w== X-Received: by 2002:a53:c049:0:20b0:63e:350c:aea4 with SMTP id 956f58d0204a3-641e75e617dmr13121079d50.32.1763540185943; Wed, 19 Nov 2025 00:16:25 -0800 (PST) Received: from localhost.localdomain (h96-60-249-169.cncrtn.broadband.dynamic.tds.net. [96.60.249.169]) by smtp.gmail.com with UTF8SMTPSA id 00721157ae682-7882216723csm60662957b3.50.2025.11.19.00.16.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 19 Nov 2025 00:16:25 -0800 (PST) From: Demi Marie Obenour Subject: [PATCH v4 0/2] Move verity and EFI creation to separate Nix derivations Date: Wed, 19 Nov 2025 03:15:57 -0500 Message-Id: <20251119-refactor-verity-v4-0-9bc56d5216c0@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-B4-Tracking: v=1; b=H4sIAL18HWkC/3XNTQqDMBAF4KtI1k3JjzHaVe9RuhhjooGqJZFQE e/e0ZVUunzD+94sJNrgbSS3bCHBJh/9OGDILxkxHQytpb7BTAQTinOmaLAOzDQGmhBOM61MaUB qywQHguqNBf/ZFx9PzJ2P2J73B4lv1/9biVNG67IGoRvXOFbc2x7862rGnmxbSRy9PnuBXoBTZ c0hh1L/ennwnJ+9RK+00qIoZOUqe/Trun4Bf6kbmS4BAAA= X-Change-ID: 20251105-refactor-verity-9c8ca37e021a In-Reply-To: <20251111-refactor-verity-v3-0-575726639f9e@gmail.com> References: <20251111-refactor-verity-v3-0-575726639f9e@gmail.com> To: Spectrum OS Development X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1763540157; l=2019; i=demiobenour@gmail.com; s=20250729; h=from:subject:message-id; bh=Bc5i2wUdgJXXGC+tDi2KiTXWyk7hiJgonO5CUrdPfDo=; b=v90yl1w+rb7C7mmlTGbyyK9c0Ou0ZIMXoimbbhlg6PtgCz3QrFjM+6aAwZfWfSfHDlBf2j/A8 mDZQtyG0wkRCwOS5I6BsA6I5grRPtKnUvpJGtkK/cdQy9n4I45ZB7gS X-Developer-Key: i=demiobenour@gmail.com; a=ed25519; pk=X57Q4/YQDj9t4SBeKaDwvXYKB6quZJVx/DE2Ly2out0= Message-ID-Hash: 74VPMRX52JPJMPFVT2ICVY7DWSENF6VB X-Message-ID-Hash: 74VPMRX52JPJMPFVT2ICVY7DWSENF6VB X-MailFrom: demiobenour@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Demi Marie Obenour , Alyssa Ross X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This doesn't have any functional change, other than to use the read builtin instead of a cat command in a shell script. However, it does make the code much cleaner and more reusable. For instance, one can easily build just the verity image or just the UKI. This will be used by the Nix code that generates an update package. The update package needs the root filesystem, the verity superblock, and the UKI. It doesn't need the installer or the live image. Signed-off-by: Demi Marie Obenour --- Changes in v4: - Many cleanups. - Respond to suggestions from code review. - Link to v3: https://spectrum-os.org/lists/archives/spectrum-devel/20251111-refactor-verity-v3-0-575726639f9e@gmail.com Changes in v3: - Rebase on main - Link to v2: https://spectrum-os.org/lists/archives/spectrum-devel/20251107-refactor-verity-v2-0-2af58b1a4a87@gmail.com Changes in v2: - Do not break interactive rootfs development. - Link to v1: https://spectrum-os.org/lists/archives/spectrum-devel/20251105-refactor-verity-v1-0-b8ba27dfdf06@gmail.com --- Demi Marie Obenour (2): Build verity images in rootfs Nix derivation Move UKI creation to a separate derivation host/efi.nix | 40 +++++++++++++++++++++++++++++++++++++++ host/initramfs/Makefile | 26 +++++-------------------- host/initramfs/default.nix | 1 + host/initramfs/shell.nix | 2 +- host/rootfs/Makefile | 47 ++++++++++++++++++++++------------------------ host/rootfs/default.nix | 6 ++++-- host/rootfs/shell.nix | 2 +- lib/common.mk | 4 ++++ release/live/Makefile | 38 +++++-------------------------------- release/live/default.nix | 27 +++++++++++--------------- release/live/shell.nix | 9 ++++++++- 11 files changed, 102 insertions(+), 100 deletions(-) --- base-commit: 99f09ab0a69f41eb14795c1cd047d5cd6ee5896e change-id: 20251105-refactor-verity-9c8ca37e021a -- Sincerely, Demi Marie Obenour (she/her/hers)