From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id E41E7408B; Tue, 25 Nov 2025 16:50:54 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 525C64035; Tue, 25 Nov 2025 16:50:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=4.0.1 Received: from fout-a2-smtp.messagingengine.com (fout-a2-smtp.messagingengine.com [103.168.172.145]) by atuin.qyliss.net (Postfix) with ESMTPS id 360DD4032 for ; Tue, 25 Nov 2025 16:50:51 +0000 (UTC) Received: from phl-compute-06.internal (phl-compute-06.internal [10.202.2.46]) by mailfout.phl.internal (Postfix) with ESMTP id 75592EC0259; Tue, 25 Nov 2025 11:50:49 -0500 (EST) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-06.internal (MEProxy); Tue, 25 Nov 2025 11:50:49 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm2; t=1764089449; x=1764175849; bh=K+gNQUEL4O MPtoXugBTil8DS7ONjppTinjjN/5q4Wps=; b=jFucwJ7RJKtgOFAku7F08Mss8V usDCYGs1a8xOdFdo8oG+rVUBOg/WXjRm6vG2xGQ+IQMELLI07MmPrbRc0IihSLfu TR+QB6ZyRI+uJkgxM89Cd2nt2Yb4EiuYaVl37xHf0NLdWTKsFz+dJXIyDeQh8I+s WK3/brVm+10V321vCnmgr1z5u8EbL9CFM2duOO+9iV44GwoKowCcq9ifUINb9zJP VSiV3eF7BfbV28U1aDJ5U6h5QBBGxky9Uwo2GhVUIjGuZcTzDbOD8N6XzXGdhSK+ blkWyzSL5qegBoNOVGd8pwVTZWpdGmsCSM9Mg+ta1HAQhJkmqSFTzC2/OS4Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t= 1764089449; x=1764175849; bh=K+gNQUEL4OMPtoXugBTil8DS7ONjppTinjj N/5q4Wps=; b=z+OkdsUcVEGNNvNJ2V5J3hv5TpjpESHZb/tb8A/Ju6YsFLvRPp7 l8HvMxGYhi2qZ9x4JkQ1F/feT+apNc9wCog6boFhvUP4SIZSPDOTZFVBjX4YiCT1 xlwj2RUjega2dmUl+q/ezTuU3slisITdwXoT3cy9ptP1CGGJYl4XHbAtBBrNEAhX n+7aZRSW86XkgZOLTiv788HkwKnsVT0uZPeZ8emqL5WXRMfhDkFdAESQve1gpGxe LaH4onDouzH8IiUK54nQbKwZwXs6hBx61z60qwJZyY7fbuLtds2vg/VV/pbHE+pl FAHk61tvHg0ZLEV45X61MLmTKh6t4gR8kug== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggddvgeduleelucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf gurhephffvvefujghffffkgggtsehgtderredttddtnecuhfhrohhmpeetlhihshhsrgcu tfhoshhsuceohhhisegrlhihshhsrgdrihhsqeenucggtffrrghtthgvrhhnpeeiudffue eilefgtefgtddttdekkeehkefgheekudefveetgeefiefftedvteeuveenucevlhhushht vghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehhihesrghlhihsshgrrd hishdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohep uggvmhhiohgsvghnohhurhesghhmrghilhdrtghomhdprhgtphhtthhopeguvghvvghlse hsphgvtghtrhhumhdqohhsrdhorhhg X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 25 Nov 2025 11:50:48 -0500 (EST) Received: by fw12.qyliss.net (Postfix, from userid 1000) id B53F525FD90A; Tue, 25 Nov 2025 17:50:37 +0100 (CET) From: Alyssa Ross To: Demi Marie Obenour Subject: Re: [PATCH v4 11/14] release: Create directory with system update In-Reply-To: <20251121-updates-v4-11-d4561c42776e@gmail.com> References: <20251121-updates-v4-0-d4561c42776e@gmail.com> <20251121-updates-v4-11-d4561c42776e@gmail.com> Date: Tue, 25 Nov 2025 17:50:36 +0100 Message-ID: <87qztm12g3.fsf@alyssa.is> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Message-ID-Hash: BQ4PR7YQ2PEPIWD2EE6CIXL5XD7I63EO X-Message-ID-Hash: BQ4PR7YQ2PEPIWD2EE6CIXL5XD7I63EO X-MailFrom: hi@alyssa.is X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Spectrum OS Development X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Demi Marie Obenour writes: > Whenever a release is made, create a directory with the release files to > be used for an update. After its SHA256SSUMS file is signed, the file > is ready to be uploaded to a server for users to update from. > > Signed-off-by: Demi Marie Obenour > --- > Changes since v2: > - Use UUIDs to name the rootfs and verity superblock. > This will allow systemd-sysupdate to set the correct UUIDs on the > rootfs and verity partitions, avoiding the need to use labels to find > these partitions. > --- > release.nix | 2 ++ > release/update.nix | 33 +++++++++++++++++++++++++++++++++ > 2 files changed, 35 insertions(+) Reviewed-by: Alyssa Ross But I think we should be clearer about set, see below. > diff --git a/release.nix b/release.nix > index a4fe66ee5925aeee3a1f5f1fac249c595cee0885..704abb39a3d01152eac3dfe31= 3066834c3cd0a66 100644 > --- a/release.nix > +++ b/release.nix > @@ -8,5 +8,7 @@ import lib/call-package.nix ({ callSpectrumPackage }: { >=20=20 > checks =3D callSpectrumPackage release/checks {}; >=20=20 > + updates =3D callSpectrumPackage release/update.nix {}; > + > combined =3D callSpectrumPackage release/combined/run-vm.nix {}; > }) (_: {}) > diff --git a/release/update.nix b/release/update.nix > new file mode 100644 > index 0000000000000000000000000000000000000000..77eb5fc422baa7d13e8e3ccb8= 23c2fe69d2c39cc > --- /dev/null > +++ b/release/update.nix > @@ -0,0 +1,33 @@ > +# SPDX-License-Identifier: MIT > +# SPDX-FileCopyrightText: 2021-2024 Alyssa Ross > +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour > + > +import ../lib/call-package.nix ( > +{ callSpectrumPackage, config, runCommand, stdenv }: > + > +let > + efi =3D import ../host/efi.nix {}; > +in > +runCommand "spectrum-update-directory" { > + __structuredAttrs =3D true; > + unsafeDiscardReferences =3D { out =3D true; }; > + dontFixup =3D true; > + env =3D { VERSION =3D config.version; }; > +} '' > + # One would expect that this is enabled already but it is not. > + set -euo pipefail I see. stdenv leaves -eo pipefail set, but not -u. In that case, we should just set -u so it's clearer what change is actually intended to be made to the environment. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQQGoGac7QfI+H5ZtFCZddwkt31pFQUCaSXeXAAKCRCZddwkt31p FS1IAP0aCMRH9d23ea4tmhfhEZLGFywlrqqFlNLodPQq/AX8NwEA+Y0t6IpsplXb ExW4PEMyxYNLC6ZgZSg0+dK6coSJ3wU= =B2oK -----END PGP SIGNATURE----- --=-=-=--