From 855814666e24bce39c92c90b2e05e4cf901b5fae Mon Sep 17 00:00:00 2001 From: Andrew Cady Date: Sat, 10 Oct 2020 13:21:23 -0400 Subject: mostly old uncommitted changes committing everything without discretion rebase -i from me --- Makefile | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 35294b4..53c643b 100644 --- a/Makefile +++ b/Makefile @@ -162,6 +162,7 @@ $(btrfs_images): FORCE $(MAKE) -C rootfs $(notdir $@) boot: rootfs + sudo initrd.sh sudo SLOW_BOOT=y qemu.sh fastboot: rootfs @@ -203,12 +204,26 @@ get_loop_dev="$$(sudo losetup -n -O name -j $@~tmp)" get_backing_file="$$(sudo losetup -n -O back-file -j $@~tmp)" get_min_size="$$(btrfs inspect-internal min-dev-size --id 1 $@.mnt | (read b _; echo $$b))" +%.verity.sh: %.verity + h=$$(sed -ne 's/^Root hash:[ \t]*//p' $<.log) && [ "$$h" ] && \ + printf 'verity_root_hash=%s\nverity_hash_offset=%s\n' "$$h" $(shell stat -c %s $(basename $<)) > $@ + +%.verity.log: %.verity %.verity: % - sudo veritysetup format $< $@~tmp > $@.log~tmp + cp --reflink $< $@~tmp + sudo veritysetup --hash-offset=$(shell stat -c %s $<) format $@~tmp $@~tmp > $@.log~tmp mv $@.log~tmp $@.log mv $@~tmp $@ sudo chmod 644 $@ - h=$$(sed -ne 's/^Root hash:[ \t]*//p' $@.log) && [ "$$h" ] + + +root_hash = $(shell sed -ne 's/^Root hash: *//p' < $<.log) + +veritymount: rootfs/samizdat.seed.btrfs.verity.sh + @sudo veritysetup remove samizverity >/dev/null 2>&1 || true + set -x && . $< && sudo veritysetup --ignore-corruption --hash-offset=$$verity_hash_offset \ + create samizverity $(basename $<) $(basename $<) $$verity_root_hash + sudo veritysetup remove samizverity %.verity.log.asc: %.verity.log sudo gpg --armor --detach-sign $^ -- cgit v1.2.3