diff options
| author | Andrew Cady <d@jerkface.net> | 2020-05-28 10:38:46 -0400 |
|---|---|---|
| committer | Andrew Cady <d@jerkface.net> | 2020-05-28 12:35:03 -0400 |
| commit | 7db5ebece1e1a7e7cfc612b753478845a6f367ee (patch) | |
| tree | 6ecaa096b0c91236edae0662aad118bd12872cb6 | |
| parent | 0452f9de21d89b0e6221ba38a112fd8aeb91f98f (diff) | |
makefile: add VERITY and VERITY_SIGN
| -rw-r--r-- | .gitignore | 5 | ||||
| -rw-r--r-- | Makefile | 13 | ||||
| -rw-r--r-- | build-deps.control | 1 |
3 files changed, 17 insertions, 2 deletions
| @@ -48,3 +48,8 @@ rootfs/samizdat.patch.btrfs | |||
| 48 | rootfs/samizdat.seed.btrfs | 48 | rootfs/samizdat.seed.btrfs |
| 49 | rootfs/seed.iso | 49 | rootfs/seed.iso |
| 50 | apt-get-update-stamp | 50 | apt-get-update-stamp |
| 51 | *.btrfs | ||
| 52 | *.btrfs.verity | ||
| 53 | *.btrfs.verity.log | ||
| 54 | *.btrfs.verity.log.asc | ||
| 55 | *.btrfs.verity.log.sig | ||
| @@ -174,6 +174,14 @@ get_loop_dev="$$(sudo losetup -n -O name -j $@~tmp)" | |||
| 174 | get_backing_file="$$(sudo losetup -n -O back-file -j $@~tmp)" | 174 | get_backing_file="$$(sudo losetup -n -O back-file -j $@~tmp)" |
| 175 | get_min_size="$$(btrfs inspect-internal min-dev-size --id 1 $@.mnt | (read b _; echo $$b))" | 175 | get_min_size="$$(btrfs inspect-internal min-dev-size --id 1 $@.mnt | (read b _; echo $$b))" |
| 176 | 176 | ||
| 177 | %.btrfs.verity: %.btrfs | ||
| 178 | sudo veritysetup format $< $@ > $@.log | ||
| 179 | sudo chmod 644 $@ | ||
| 180 | h=$$(sed -ne 's/^Root hash:[ \t]*//p' $@.log) && [ "$$h" ] | ||
| 181 | |||
| 182 | %.btrfs.verity.log.asc: %.btrfs.verity.log | ||
| 183 | sudo gpg --armor --detach-sign $^ | ||
| 184 | |||
| 177 | rootfs/samizdat.seed.btrfs: rootfs/samizdat.btrfs | 185 | rootfs/samizdat.seed.btrfs: rootfs/samizdat.btrfs |
| 178 | ifneq ($(shell id -u),0) | 186 | ifneq ($(shell id -u),0) |
| 179 | $(SUDO_MAKE) $@ | 187 | $(SUDO_MAKE) $@ |
| @@ -282,7 +290,8 @@ gold.iso: rootfs/seed.iso reused-child | |||
| 282 | --protective-msdos-label | 290 | --protective-msdos-label |
| 283 | mv $@~tmp $@ | 291 | mv $@~tmp $@ |
| 284 | 292 | ||
| 285 | rootfs/seed.iso: rootfs/samizdat.seed.btrfs | 293 | rootfs/seed.iso: $(addprefix rootfs/samizdat.seed.btrf, s \ |
| 294 | $(if $(VERITY), s.verity s.verity.log $(if $(VERITY_SIGN), s.verity.log.asc))) | ||
| 286 | rm -f $@~tmp | 295 | rm -f $@~tmp |
| 287 | touch $@~tmp | 296 | touch $@~tmp |
| 288 | fallocate -n -l 10G $@~tmp | 297 | fallocate -n -l 10G $@~tmp |
| @@ -293,7 +302,7 @@ rootfs/seed.iso: rootfs/samizdat.seed.btrfs | |||
| 293 | -volid SamizdatLive \ | 302 | -volid SamizdatLive \ |
| 294 | -pathspecs on \ | 303 | -pathspecs on \ |
| 295 | -follow link \ | 304 | -follow link \ |
| 296 | -add /rootfs/samizdat.btrfs=$< -- \ | 305 | -add $^ -- \ |
| 297 | -follow default | 306 | -follow default |
| 298 | mv $@~tmp $@ | 307 | mv $@~tmp $@ |
| 299 | 308 | ||
diff --git a/build-deps.control b/build-deps.control index fc3eaeb..a946554 100644 --- a/build-deps.control +++ b/build-deps.control | |||
| @@ -1,6 +1,7 @@ | |||
| 1 | Source: sami | 1 | Source: sami |
| 2 | Build-Depends: bridge-utils, | 2 | Build-Depends: bridge-utils, |
| 3 | build-essential, | 3 | build-essential, |
| 4 | cryptsetup, | ||
| 4 | devscripts, | 5 | devscripts, |
| 5 | libbz2-dev, | 6 | libbz2-dev, |
| 6 | libncurses-dev, | 7 | libncurses-dev, |