From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 2558FB991;
	Wed, 26 Nov 2025 19:42:18 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id 8A3A4B7F2; Wed, 26 Nov 2025 19:42:00 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_PASS,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,
	SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=4.0.1
Received: from mail-yx1-xb132.google.com (mail-yx1-xb132.google.com
 [IPv6:2607:f8b0:4864:20::b132])
	by atuin.qyliss.net (Postfix) with ESMTPS id 95440B802
	for <devel@spectrum-os.org>; Wed, 26 Nov 2025 19:41:52 +0000 (UTC)
Received: by mail-yx1-xb132.google.com with SMTP id
 956f58d0204a3-640c857ce02so156920d50.0
        for <devel@spectrum-os.org>; Wed, 26 Nov 2025 11:41:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1764186110; x=1764790910;
 darn=spectrum-os.org;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=L858S5yLLRxYa1Poo/rA6eb+16ACbhvDYPOgzBa4y8k=;
        b=F809Vf56rxy+bfaB+y4alF2PmE4Uu8PWBOurmJT5arWBrl+DlMzBCDxni6E9LoYu7Y
         gokZ7wo+GHmLVEMx4VdFihrLv5UZCxEmKYzTsrHN78V2sUR2cThZnZLxKxcknC6dz7Pb
         5+QFjq77vEwLnZ94oIl438wniJCsAYud5epIJgKaKAyne3TGj+MCgsjwbn4rtxy6e3O2
         9OaGRbRym7kW2y4yO5k/6MTFUquoWGhSjenws+FsM6EhcGed/0ecd1LIJozdnfJY3vdD
         HQTUzbZsJT/g/ntHkM68XLJmsHiOfbwc/dd7fpuc9juw50bd7tXTqKzODWT1UYLIWwmA
         EZFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1764186110; x=1764790910;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=L858S5yLLRxYa1Poo/rA6eb+16ACbhvDYPOgzBa4y8k=;
        b=QDjJcg//oIfePz5bIfLG8UVuzWvWewUsEvjWIhyS8vaQOP6Ooi/Hc+A7BxPZl2IJyr
         DBRJAJiLyIsz53AWJmiWxCXQzgvAzqpztU8MXfHZix0dgOdsBeGBQt2bXAIQ1sVmjEjB
         15z1BneZTzDIxBaw4w8+VDCLE91g7AglE1vFmQAWxfcw4uDexUMtigOAI9vlTeHlCIrR
         A9jL9mHfoyKqXYUTl8HguSYbVh8AoizpRVKiYV6360LbRLob6CU4ZBLrU+2ofogQ3aD3
         eDlBVkl/NQ/Usf5aHJZ53bKbndV23W4h1ErXjp3DCQUsvmKJ7RPqTgWlL1lIU23AI/kR
         9tFQ==
X-Gm-Message-State: AOJu0Yw5HxMihAEeWjNQxGGkrvtZNVZtHbfdLRXv/4RmcnubeDl1QVtF
	O0KhHaKfJFFZO+YFYl6JCDsEBLa3H6K9D8Lk5/eGofgTMDcGeHwPTIw0b5uYiA==
X-Gm-Gg: ASbGncuyyB8Rl8zqU2lHYKKECtZeDF0T5VoLZOJE91P4Ji5EQA0zhOHVR2sGQdrOkNY
	tU1P798qxv/j016mksOLUIYbHh1r+cEX0WOmaMdCGjHpTXzj4v5eps6NO5pH2h4u/z+wM04XMwA
	w0kPRNv4pqJYXRce3GbAVlXcNhJiG+FwNc20T0QgEw5ECEthelzp0XWoGyGY1yjDWIuf60DC9SZ
	ZoRd+tuHFZvmwlOmXYiEw7C8hXHCdrBYmI6HvlhvpcoVnSH1PloHioWDV5uAqeuoMsWhWmWnzJp
	wZq7LNOvI2PAW7/Y53iWWtA7t3mHGahMGZQjJ8FcMngdUPnmp0vaHICtq82YjTxChm4chCV60Hf
	G4YPDnyyjhwuojQ2hJHZog1FMCljQhh0PaL5BxMr1JWwwXTJ/J1edLaDUUD/XjqvlDkoK7Wlmn0
	tb75tE9seR3KrTPcwV2l23f7WlHmPAC6Tdj8KLrKiTJNAoN+1lhmklkg4GOozhgbDOULQObpnAk
	N2VgBCeY91emFmoU5ZJwmviLP1DUC5NVhg=
X-Google-Smtp-Source: 
 AGHT+IEkO4zdKihJ9gvnOqwvQT3FPhMdTt65A8CFe+DvvwNafVWfFiZY93/J0WHsZJiZaUJsgCV6xg==
X-Received: by 2002:a53:acdc:0:20b0:641:f5bc:698b with SMTP id
 956f58d0204a3-64302b1d8acmr13565193d50.71.1764186109982;
        Wed, 26 Nov 2025 11:41:49 -0800 (PST)
Received: from localhost.localdomain
 (h96-60-249-169.cncrtn.broadband.dynamic.tds.net. [96.60.249.169])
        by smtp.gmail.com with UTF8SMTPSA id
 00721157ae682-78a798a5737sm69655427b3.16.2025.11.26.11.41.49
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 26 Nov 2025 11:41:49 -0800 (PST)
From: Demi Marie Obenour <demiobenour@gmail.com>
Date: Wed, 26 Nov 2025 14:40:48 -0500
Subject: [PATCH v5 08/13] Use OS version to set partition labels and UKI
 name
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <20251126-updates-v5-8-fd746748febd@gmail.com>
References: <20251126-updates-v5-0-fd746748febd@gmail.com>
In-Reply-To: <20251126-updates-v5-0-fd746748febd@gmail.com>
To: Spectrum OS Development <devel@spectrum-os.org>
X-Mailer: b4 0.14.3
X-Developer-Signature: v=1; a=ed25519-sha256; t=1764186041; l=8461;
 i=demiobenour@gmail.com; s=20250729; h=from:subject:message-id;
 bh=aLS7Vn0eHdPmExRxSYo54tkFbUWLHOqWIo2eqsSUPo0=;
 b=tcmbAqvL/HP2rY8LUPM5OB7ReZIk+YsUuZPB80WdsYcJb1gRyXO0Va7N6WI+MUSlxVst5YXBR
 YrAKL6RqFtaBetHJxifs0VCdivaxw2NZb0QozVq6EYjaQS+mXvP67HP
X-Developer-Key: i=demiobenour@gmail.com; a=ed25519;
 pk=X57Q4/YQDj9t4SBeKaDwvXYKB6quZJVx/DE2Ly2out0=
Message-ID-Hash: 6ULVDYCP3IWXE6K3H6PWGO3MW6VPHI7B
X-Message-ID-Hash: 6ULVDYCP3IWXE6K3H6PWGO3MW6VPHI7B
X-MailFrom: demiobenour@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: Demi Marie Obenour <demiobenour@gmail.com>, Alyssa Ross <hi@alyssa.is>
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/6ULVDYCP3IWXE6K3H6PWGO3MW6VPHI7B/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

systemd-sysupdate has strict requirements on the partition layout:

- The label of the active partition must match the template in the
  .transfer file.  For instance, the root filesystem of Spectrum 0.0.0
  must be in a partition with label "Spectrum_0.0.0", and the verity
  partition must have the label "Spectrum_0.0.0.verity".

- The label of the inactive partition must be that of the old version of
  Spectrum, or "_empty" for freshly installed systems.

- The partition type UUID must conform to the Discoverable Partition
  Specification.

Also, the UKI must have a name that includes the OS version.  Otherwise,
it will not be deleted during updates.

Since the partition label includes the OS version, add an OS version
number.  Use 0.0.0 to indicate that Spectrum OS is still in very early
development and should not be used.  The version number can be
overridden in the build configuration file.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Reviewed-by: Alyssa Ross <hi@alyssa.is>
---
Changes since v4:
- Rebase and address merge conflicts.
- Add missing "VERSION = config.version" in Nix files.
Changes since v2:
- Split off into separate commit.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
---
 host/initramfs/Makefile  | 4 ++--
 host/initramfs/shell.nix | 2 ++
 host/rootfs/Makefile     | 4 ++--
 host/rootfs/default.nix  | 5 +++--
 host/rootfs/shell.nix    | 2 ++
 lib/config.default.nix   | 1 +
 release/live/Makefile    | 8 ++++----
 release/live/default.nix | 3 +++
 release/live/shell.nix   | 3 ++-
 9 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/host/initramfs/Makefile b/host/initramfs/Makefile
index c3d600ad5a55d81b8ca9c7a3e182ef5f4fd90f4b..a7f7bb22255b2cc3f845da7e85cadd7aab1efdb9 100644
--- a/host/initramfs/Makefile
+++ b/host/initramfs/Makefile
@@ -39,8 +39,8 @@ build/live.img: ../../scripts/format-uuid.awk ../../scripts/make-gpt.sh ../../sc
 	uuids=$$(awk -f ../../scripts/format-uuid.awk < $(ROOT_FS_VERITY_ROOTHASH)) && \
 	set -u -- $$uuids && \
 	bash ../../scripts/make-gpt.sh $@.tmp \
-	    $(ROOT_FS_VERITY):verity:$$2 \
-	    $(ROOT_FS_IMAGE):root:$$1
+	    $(ROOT_FS_VERITY):verity:$$2:Spectrum_'$(VERSION).verity' \
+	    $(ROOT_FS_IMAGE):root:$$1:Spectrum_'$(VERSION)'
 	mv $@.tmp $@
 
 clean:
diff --git a/host/initramfs/shell.nix b/host/initramfs/shell.nix
index 8b47aa53bc19a818ebf563e281f22e82202a8ea5..44d4a985e969c1a57ad42d0666189c704aef9afd 100644
--- a/host/initramfs/shell.nix
+++ b/host/initramfs/shell.nix
@@ -4,6 +4,7 @@
 import ../../lib/call-package.nix (
 { callSpectrumPackage, rootfs, pkgsStatic, stdenv
 , cryptsetup, jq, qemu_kvm, tar2ext4, util-linux
+, config
 }:
 
 let
@@ -18,5 +19,6 @@ initramfs.overrideAttrs ({ nativeBuildInputs ? [], env ? {}, ... }: {
   env = env // {
     KERNEL = "${rootfs.kernel}/${stdenv.hostPlatform.linux-kernel.target}";
     ROOT_FS = rootfs;
+    VERSION = config.version;
   };
 })) (_: {})
diff --git a/host/rootfs/Makefile b/host/rootfs/Makefile
index ab24263c6f327e47cd1d012ca8d729b0ea5eb8f3..a6d9f23e9f5277b7c79a53105eb2dfe1bab1451e 100644
--- a/host/rootfs/Makefile
+++ b/host/rootfs/Makefile
@@ -96,8 +96,8 @@ build/live.img: ../../scripts/format-uuid.awk ../../scripts/make-gpt.sh ../../sc
 	uuids=$$(awk -f ../../scripts/format-uuid.awk < $(ROOT_FS_VERITY_ROOTHASH)) && \
 	set -u -- $$uuids && \
 	bash ../../scripts/make-gpt.sh $@.tmp \
-	    $(ROOT_FS_VERITY):verity:$$2 \
-	    $(ROOT_FS_IMAGE):root:$$1
+	    $(ROOT_FS_VERITY):verity:$$2:Spectrum_'$(VERSION).verity' \
+	    $(ROOT_FS_IMAGE):root:$$1:Spectrum_'$(VERSION)'
 	mv $@.tmp $@
 
 debug:
diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix
index 941c04e619baa7652d1812f4eb50445c607d5884..16a151971715f9a9d987dc92a1d06eb169de1144 100644
--- a/host/rootfs/default.nix
+++ b/host/rootfs/default.nix
@@ -3,8 +3,8 @@
 # SPDX-FileCopyrightText: 2022 Unikie
 
 import ../../lib/call-package.nix (
-{ callSpectrumPackage, spectrum-build-tools, src
-, pkgsMusl, pkgsStatic, linux_latest
+{ callSpectrumPackage, config, spectrum-build-tools
+, src, pkgsMusl, pkgsStatic, linux_latest
 }:
 pkgsStatic.callPackage (
 
@@ -125,6 +125,7 @@ stdenvNoCC.mkDerivation {
       printf "%s\n/\n" ${packagesSysroot} >$out
       sed p ${writeClosure [ packagesSysroot] } >>$out
     '';
+    VERSION = config.version;
   };
 
   # The Makefile uses $(ROOT_FS), not $(dest), so it can share code
diff --git a/host/rootfs/shell.nix b/host/rootfs/shell.nix
index 6df2f575fdfc7cdf8067ccfdb5fecaad9f6ea5e6..27f93e05fce036257d27cf9992fee8c925073f80 100644
--- a/host/rootfs/shell.nix
+++ b/host/rootfs/shell.nix
@@ -5,6 +5,7 @@
 import ../../lib/call-package.nix (
 { callSpectrumPackage, rootfs, pkgsStatic, srcOnly, stdenv
 , btrfs-progs, cryptsetup, jq, netcat, qemu_kvm, reuse, util-linux
+, config
 }:
 
 rootfs.overrideAttrs (
@@ -20,5 +21,6 @@ rootfs.overrideAttrs (
     KERNEL = "${passthru.kernel}/${stdenv.hostPlatform.linux-kernel.target}";
     LINUX_SRC = srcOnly passthru.kernel.configfile;
     VMLINUX = "${passthru.kernel.dev}/vmlinux";
+    VERSION = config.version;
   };
 })) (_: {})
diff --git a/lib/config.default.nix b/lib/config.default.nix
index a8422345cc00f9413bb19ec968fd89c82fed801b..489c231490a8b66aa01f50053b25646060f7f963 100644
--- a/lib/config.default.nix
+++ b/lib/config.default.nix
@@ -4,4 +4,5 @@
 {
   pkgsFun = import ./nixpkgs.default.nix;
   pkgsArgs = {};
+  version = "0.0.0";
 }
diff --git a/release/live/Makefile b/release/live/Makefile
index 5ab93451de109949af0e7ed7f70bf6827fefbf69..46628bdaa5b4a02aca3dd15be4477c3b2c194993 100644
--- a/release/live/Makefile
+++ b/release/live/Makefile
@@ -14,8 +14,8 @@ $(dest): ../../scripts/format-uuid.awk ../../scripts/make-gpt.sh ../../scripts/s
 	set -u -- $$uuids && \
 	bash ../../scripts/make-gpt.sh $@.tmp \
 	    build/boot.fat:c12a7328-f81f-11d2-ba4b-00a0c93ec93b \
-	    $(ROOT_FS_VERITY):verity:$$2 \
-	    $(ROOT_FS_IMAGE):root:$$1
+	    $(ROOT_FS_VERITY):verity:$$2:Spectrum_'$(VERSION).verity' \
+	    $(ROOT_FS_IMAGE):root:$$1:Spectrum_'$(VERSION)'
 	mv $@.tmp $@
 
 build/empty:
@@ -27,8 +27,8 @@ build/boot.fat: $(SYSTEMD_BOOT_EFI) $(EFI_IMAGE) build/empty
 	$(MMD) -i $@ ::/EFI ::/EFI/BOOT ::/EFI/Linux
 # This symlink is necessary.  Copying $(EFI_IMAGE) directly
 # results in an unbootable image.  TODO: figure out why.
-	ln -s $(EFI_IMAGE) build/spectrum.efi
-	$(MCOPY) -i $@ build/spectrum.efi ::/EFI/Linux
+	ln -s $(EFI_IMAGE) 'build/Spectrum_$(VERSION).efi'
+	$(MCOPY) -i $@ 'build/Spectrum_$(VERSION).efi' ::/EFI/Linux
 	$(MCOPY) -i $@ $(SYSTEMD_BOOT_EFI) ::/EFI/BOOT/$(EFINAME)
 
 clean:
diff --git a/release/live/default.nix b/release/live/default.nix
index d1e2422e9f1ba666af7ad7a5cce1c80a242d0777..aa5c5869b9c82ce3722fc39029f6aabd7d8c874d 100644
--- a/release/live/default.nix
+++ b/release/live/default.nix
@@ -1,11 +1,13 @@
 # SPDX-License-Identifier: MIT
 # SPDX-FileCopyrightText: 2021-2023, 2025 Alyssa Ross <hi@alyssa.is>
 # SPDX-FileCopyrightText: 2022 Unikie
+# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com>
 
 import ../../lib/call-package.nix (
 { callSpectrumPackage, spectrum-build-tools, src
 , lib, pkgsStatic, stdenvNoCC
 , cryptsetup, dosfstools, jq, mtools, util-linux
+, config
 }:
 
 let
@@ -46,6 +48,7 @@ stdenv.mkDerivation {
     SYSTEMD_BOOT_EFI = "${systemd}/lib/systemd/boot/efi/systemd-boot${efiArch}.efi";
     EFI_IMAGE = efi;
     EFINAME = "BOOT${toUpper efiArch}.EFI";
+    VERSION = config.version;
   };
 
   buildFlags = [ "dest=$(out)" ];
diff --git a/release/live/shell.nix b/release/live/shell.nix
index b0bf957c085d1581a24d8916925611da0a60ec8b..e542793a66fb972cfde90f6be2204986442b7d4b 100644
--- a/release/live/shell.nix
+++ b/release/live/shell.nix
@@ -2,7 +2,7 @@
 # SPDX-FileCopyrightText: 2021-2024 Alyssa Ross <hi@alyssa.is>
 
 import ../../lib/call-package.nix (
-{ callSpectrumPackage, stdenv, qemu_kvm }:
+{ callSpectrumPackage, config, stdenv, qemu_kvm }:
 
 let
   efi = callSpectrumPackage ../../host/efi.nix {};
@@ -17,6 +17,7 @@ in
       OVMF_CODE = "${qemu_kvm}/share/qemu/edk2-${stdenv.hostPlatform.qemuArch}-code.fd";
       ROOT_FS = efi.rootfs;
       EFI_IMAGE = efi;
+      VERSION = config.version;
     };
   }
 )) (_: {})

-- 
2.52.0