From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 5ED971FF49;
	Thu, 13 Nov 2025 16:04:45 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id DB5EB1FF37; Thu, 13 Nov 2025 16:04:42 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS
	autolearn=unavailable autolearn_force=no version=4.0.1
Received: from fout-a1-smtp.messagingengine.com
 (fout-a1-smtp.messagingengine.com [103.168.172.144])
	by atuin.qyliss.net (Postfix) with ESMTPS id A83651FF35
	for <devel@spectrum-os.org>; Thu, 13 Nov 2025 16:04:41 +0000 (UTC)
Received: from phl-compute-04.internal (phl-compute-04.internal [10.202.2.44])
	by mailfout.phl.internal (Postfix) with ESMTP id 6A8D2EC025C;
	Thu, 13 Nov 2025 11:04:40 -0500 (EST)
Received: from phl-mailfrontend-02 ([10.202.2.163])
  by phl-compute-04.internal (MEProxy); Thu, 13 Nov 2025 11:04:40 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:cc:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:subject
	:subject:to:to; s=fm2; t=1763049880; x=1763136280; bh=Q3RP915nmj
	QK5nWZQ38C4tfyM+a9Svdb23+lw2AFZ8o=; b=MGoWPfCHun5iOGz06DZvVBjWf9
	DzIycyq/UZ/u15WN7TpDdpCR+dyf6Ohtz1p+kji5MN/Je3lvgHjEPms8wrw3qlFk
	vmpp1zTU1kLbCFOlXZW7/98R2zeW/USBHxc/ZfigHOTQ5okWISpzf7MXtQnclc89
	Bd4ov50JJB2z6PEI4zZ1A/79btbSfQCojMgKj2/ptdtz3PpfLxkQ3sTuCp2u3BZF
	hNanwbXAAU8JHp/1dWTIkNKwfyqzHzrjr+2ZuZkjUsSvRahbrBA4BUJNId+9LNN5
	kClCvPFNtaBSwpTPvt/GkpFXqXWtCH2WmgJWyEFUvniZyHhvXv7RoEoFJZsw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=
	1763049880; x=1763136280; bh=Q3RP915nmjQK5nWZQ38C4tfyM+a9Svdb23+
	lw2AFZ8o=; b=EtvMmjTqiHD7UdxWSViTUmnURlEaPxyPxB2t8qH4O1oMM3fw3aG
	YkNWsRXPeNfHRl/DXPlAF5kXT28LS4zaktRhc7OSF5SoDdv4rVoEylh2DiRbS3gu
	+L+rdXOJpXAFb8JFYkyR6E9yYEeWtM3IXDXRCMTN78YdNR8/f7cDyQiQSQ+bMVn5
	C0fSXE2ukDgO+WcxMB/F3kxNx5QX6MtOO9q/9lvOpUFVS8xJHPW8gWYKBBDRP8AY
	q+uFyUgptfLa4+8PeoMLn/yy3CpzXZaOoeRKhcXMM+WHNa0UlURIlLc4k5RNP6qT
	h9lPot7kGqXGoPomLgOFq5M/yhWnzWvV4aA==
X-ME-Sender: <xms:mAEWaXdyBirM0lUWFSXl3fSXqf0VTxHpMDQiHAsUrJ7_DUOfUFJHIw>
    <xme:mAEWaZiT9CjcOkbp0Q5iJGPCQGoTJ1dacbNvLAzajRgHHDALujGaVSPuxd_IDH-CE
    wUApiyuF9b7oAmWiN2ZqqFnpiXa88Zjnx5_ZcpY6Zl0idON2bwHz_8>
X-ME-Received: 
 <xmr:mAEWaTRx3BuGzhimMhl3MsN8xxAQYsuGVF4o3rh-QnmmFk4aPsJFhhFLqZ-FyJY>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggddvtdejfeejucetufdoteggodetrf
    dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu
    rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf
    gurhephffvvefujghffffkgggtsehgtderredttddtnecuhfhrohhmpeetlhihshhsrgcu
    tfhoshhsuceohhhisegrlhihshhsrgdrihhsqeenucggtffrrghtthgvrhhnpeeiudffue
    eilefgtefgtddttdekkeehkefgheekudefveetgeefiefftedvteeuveenucevlhhushht
    vghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehhihesrghlhihsshgrrd
    hishdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohep
    uggvmhhiohgsvghnohhurhesghhmrghilhdrtghomhdprhgtphhtthhopeguvghvvghlse
    hsphgvtghtrhhumhdqohhsrdhorhhg
X-ME-Proxy: <xmx:mAEWaayKFDfhp6AL4qVoZmHJoYKhI48ycBYRZsKWfRFK25J4sMspsw>
    <xmx:mAEWaWeJLhsBVFB42lJAK1YkenfvckTncPchz9KwfalEGqv-WhFTMg>
    <xmx:mAEWaeJTEYf6vyAsyHQuy60FYEFNEHpRpGhqVRVZOQecK-saaPGxWg>
    <xmx:mAEWafFA3E0PERDZRdzrv1dm9RF1vH1byITDpl0y69H5dnJwpSjaFQ>
    <xmx:mAEWabqQFcH8efYeOUqGhBOsvftHJhgoNphmMPj933NzvNljO6VgVkOD>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu,
 13 Nov 2025 11:04:39 -0500 (EST)
Received: by mbp.qyliss.net (Postfix, from userid 1000)
	id 1B476697B97F; Thu, 13 Nov 2025 17:04:39 +0100 (CET)
From: Alyssa Ross <hi@alyssa.is>
To: Demi Marie Obenour <demiobenour@gmail.com>
Subject: Re: [PATCH v2 5/8] release: Create directory with system update
In-Reply-To: <20251112-updates-v2-5-88d96bf81b79@gmail.com>
References: <20251112-updates-v2-0-88d96bf81b79@gmail.com>
 <20251112-updates-v2-5-88d96bf81b79@gmail.com>
Date: Thu, 13 Nov 2025 17:04:38 +0100
Message-ID: <87frahapgp.fsf@alyssa.is>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Message-ID-Hash: I35PUV4VV72XZP2NFGSXNBU52D5BQAHC
X-Message-ID-Hash: I35PUV4VV72XZP2NFGSXNBU52D5BQAHC
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: Spectrum OS Development <devel@spectrum-os.org>
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/I35PUV4VV72XZP2NFGSXNBU52D5BQAHC/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Demi Marie Obenour <demiobenour@gmail.com> writes:

> Whenever a release is made, create a directory with the release files to
> be used for an update.  After its SHA256SSUMS file is signed, the file
> is ready to be uploaded to a webserver for users to update from.
>
> Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
> ---
>  release.nix        |  2 ++
>  release/update.nix | 30 ++++++++++++++++++++++++++++++
>  2 files changed, 32 insertions(+)
>
> diff --git a/release.nix b/release.nix
> index a4fe66ee5925aeee3a1f5f1fac249c595cee0885..704abb39a3d01152eac3dfe31=
3066834c3cd0a66 100644
> --- a/release.nix
> +++ b/release.nix
> @@ -8,5 +8,7 @@ import lib/call-package.nix ({ callSpectrumPackage }: {
>=20=20
>    checks =3D callSpectrumPackage release/checks {};
>=20=20
> +  updates =3D callSpectrumPackage release/update.nix {};
> +

Should this just be called "update" (singular)?

>    combined =3D callSpectrumPackage release/combined/run-vm.nix {};
>  }) (_: {})
> diff --git a/release/update.nix b/release/update.nix
> new file mode 100644
> index 0000000000000000000000000000000000000000..ec51eb12d33030255b7b4a7e7=
4e14416f1f0659d
> --- /dev/null
> +++ b/release/update.nix
> @@ -0,0 +1,30 @@
> +# SPDX-License-Identifier: MIT
> +# SPDX-FileCopyrightText: 2021-2024 Alyssa Ross <hi@alyssa.is>
> +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com>
> +
> +import ../lib/call-package.nix (
> +{ callSpectrumPackage, config, efi
> +, runCommand, stdenv, rootfs
> +}:
> +
> +runCommand "spectrum-update-directory" {
> +  __structuredAttrs =3D true;
> +  unsafeDiscardReferences =3D { out =3D true; };
> +  dontFixup =3D true;
> +  env =3D {
> +    VERSION =3D config.version;
> +    ROOTHASH =3D "${rootfs}/rootfs.verity.roothash";
> +    VERITY =3D "${rootfs}/rootfs.verity.superblock";
> +    ROOT_FS =3D "${rootfs}/rootfs";
> +    EFI =3D efi;
> +  };

I'd just inline these as string interpolations rather than passing them
as environment variables (except maybe VERSION).

> +} ''
> +  read -r roothash < "$ROOTHASH"
> +  mkdir -- "$out"
> +  cp -- "$VERITY" "$out/Spectrum_$VERSION.verity"
> +  cp -- "$ROOT_FS" "$out/Spectrum_$VERSION.root"
> +  cp -- "$EFI" "$out/Spectrum_$VERSION.efi"
> +  cd -- "$out"
> +  sha256sum -b "Spectrum_$VERSION.root" "Spectrum_$VERSION.verity" "Spec=
trum_$VERSION.efi" > SHA256SUMS
> +  ''
> +) (_: {})
>
> --=20
> 2.51.2

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRV/neXydHjZma5XLJbRZGEIw/wogUCaRYBlgAKCRBbRZGEIw/w
omngAP9wW55fw3tZVCoJogBZeAfDk4bPkxUwDKqDl86lRL9JPQEAlAg729+k0mqZ
S6a7JnBKoWBnwMcU54yjCey26BvQ9wM=
=Z4Kp
-----END PGP SIGNATURE-----
--=-=-=--