1 files changed, 17 insertions, 2 deletions
diff --git a/Makefile b/Makefile
index 35294b4..53c643b 100644
--- a/Makefile
+++ b/Makefile
@@ -162,6 +162,7 @@ $(btrfs_images): FORCE
        $(MAKE) -C rootfs $(notdir $@)
 boot: rootfs
+        sudo initrd.sh
        sudo SLOW_BOOT=y qemu.sh
 fastboot: rootfs
@@ -203,12 +204,26 @@ get_loop_dev="$$(sudo losetup -n -O name -j $@~tmp)"
 get_backing_file="$$(sudo losetup -n -O back-file -j $@~tmp)"
 get_min_size="$$(btrfs inspect-internal min-dev-size --id 1 $@.mnt | (read b _; echo $$b))"
+%.verity.sh: %.verity
+        h=$$(sed -ne 's/^Root hash:[ \t]*//p' $<.log) && [ "$$h" ] && \
+                printf 'verity_root_hash=%s\nverity_hash_offset=%s\n' "$$h" $(shell stat -c %s $(basename $<)) > $@
+%.verity.log: %.verity
 %.verity: %
-        sudo veritysetup format $< $@~tmp > $@.log~tmp
+        cp --reflink $< $@~tmp
+        sudo veritysetup --hash-offset=$(shell stat -c %s $<) format $@~tmp $@~tmp > $@.log~tmp
        mv $@.log~tmp $@.log
        mv $@~tmp $@
        sudo chmod 644 $@
-        h=$$(sed -ne 's/^Root hash:[ \t]*//p' $@.log) && [ "$$h" ]
+root_hash = $(shell sed -ne 's/^Root hash: *//p' < $<.log)
+veritymount: rootfs/samizdat.seed.btrfs.verity.sh
+        @sudo veritysetup remove samizverity >/dev/null 2>&1 || true
+        set -x && . $< && sudo veritysetup --ignore-corruption --hash-offset=$$verity_hash_offset \
+                create samizverity $(basename $<) $(basename $<) $$verity_root_hash
+        sudo veritysetup remove samizverity
 %.verity.log.asc: %.verity.log
        sudo gpg --armor --detach-sign $^

diff --git a/Makefile b/Makefile index 35294b4..53c643b 100644 --- a/Makefile +++ b/Makefile
@@ -162,6 +162,7 @@ $(btrfs_images): FORCE
162	$(MAKE) -C rootfs $(notdir $@)	162	$(MAKE) -C rootfs $(notdir $@)
163		163
164	boot: rootfs	164	boot: rootfs
		165	sudo initrd.sh
165	sudo SLOW_BOOT=y qemu.sh	166	sudo SLOW_BOOT=y qemu.sh
166		167
167	fastboot: rootfs	168	fastboot: rootfs
@@ -203,12 +204,26 @@ get_loop_dev="$$(sudo losetup -n -O name -j $@~tmp)"
203	get_backing_file="$$(sudo losetup -n -O back-file -j $@~tmp)"	204	get_backing_file="$$(sudo losetup -n -O back-file -j $@~tmp)"
204	get_min_size="$$(btrfs inspect-internal min-dev-size --id 1 $@.mnt \| (read b _; echo $$b))"	205	get_min_size="$$(btrfs inspect-internal min-dev-size --id 1 $@.mnt \| (read b _; echo $$b))"
205		206
		207	%.verity.sh: %.verity
		208	h=$$(sed -ne 's/^Root hash:[ \t]*//p' $<.log) && [ "$$h" ] && \
		209	printf 'verity_root_hash=%s\nverity_hash_offset=%s\n' "$$h" $(shell stat -c %s $(basename $<)) > $@
		210
		211	%.verity.log: %.verity
206	%.verity: %	212	%.verity: %
207	sudo veritysetup format $< $@~tmp > $@.log~tmp	213	cp --reflink $< $@~tmp
		214	sudo veritysetup --hash-offset=$(shell stat -c %s $<) format $@~tmp $@~tmp > $@.log~tmp
208	mv $@.log~tmp $@.log	215	mv $@.log~tmp $@.log
209	mv $@~tmp $@	216	mv $@~tmp $@
210	sudo chmod 644 $@	217	sudo chmod 644 $@
211	h=$$(sed -ne 's/^Root hash:[ \t]*//p' $@.log) && [ "$$h" ]	218
		219
		220	root_hash = $(shell sed -ne 's/^Root hash: *//p' < $<.log)
		221
		222	veritymount: rootfs/samizdat.seed.btrfs.verity.sh
		223	@sudo veritysetup remove samizverity >/dev/null 2>&1 \|\| true
		224	set -x && . $< && sudo veritysetup --ignore-corruption --hash-offset=$$verity_hash_offset \
		225	create samizverity $(basename $<) $(basename $<) $$verity_root_hash
		226	sudo veritysetup remove samizverity
212		227
213	%.verity.log.asc: %.verity.log	228	%.verity.log.asc: %.verity.log
214	sudo gpg --armor --detach-sign $^	229	sudo gpg --armor --detach-sign $^