From: Gylstorff Quirin <quirin.gylstorff@siemens.com>
To: Jan Kiszka <jan.kiszka@siemens.com>,
cip-dev@lists.cip-project.org, felix.moessbauer@siemens.com
Subject: Re: [cip-dev][isar-cip-core][PATCH] initramfs-verity-hook: Ensure sync on rebuild
Date: Tue, 12 Sep 2023 12:07:54 +0200 [thread overview]
Message-ID: <94deff88-b5ff-16e1-89cb-d5337b788b50@siemens.com> (raw)
In-Reply-To: <5a4f1ebe-305d-409d-b142-49626877455a@siemens.com>
On 8/28/23 08:47, Jan Kiszka wrote:
> On 23.08.23 15:28, Quirin Gylstorff wrote:
>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>
>> Disable the timestamp of the do_install() task to
>> re-execute when ever a dependency on do_install
>> is executed.
>>
>> Without this change the sstate needs to be clean for
>> every rebuild.
>>
>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> ---
>> .../initramfs-verity-hook/initramfs-verity-hook_0.1.bb | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
>> index 3fc63ed..7435649 100644
>> --- a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
>> +++ b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
>> @@ -40,6 +40,9 @@ do_install[cleandirs] += " \
>> ${D}/usr/share/initramfs-tools/scripts/local-top \
>> ${D}/usr/share/initramfs-tools/conf-hooks.d"
>>
>> +# Ensure VERITY_ENV_FILE is updated also when rebuilding initramfs-verity-hook
>> +do_install[nostamp] = "1"
>> +
>> do_install() {
>> # Insert the veritysetup commandline into the script
>> if [ -f "${VERITY_ENV_FILE}" ]; then
>
> No other dpkg-raw packages require this, do they? What makes initramfs
> packages special here? And what about those in isar upstream?
>
This is necessary for the initramfs package which contain the
checksum/uuid from the root file system build.
This ensure that the checksum/uuid is refreshed.
It fixes the problem that an rebuild of a verity image leads to a broken
boot after the build.
I will send a v2 to clarify.
Quirin
next prev parent reply other threads:[~2023-09-12 10:08 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-23 13:28 [cip-dev][isar-cip-core][PATCH] initramfs-verity-hook: Ensure sync on rebuild Quirin Gylstorff
2023-08-28 6:47 ` Jan Kiszka
2023-09-12 10:07 ` Gylstorff Quirin [this message]
2023-09-12 10:25 ` Jan Kiszka
2023-09-13 1:26 ` MOESSBAUER, Felix
2023-09-13 12:51 ` Gylstorff Quirin
2023-09-14 5:55 ` Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=94deff88-b5ff-16e1-89cb-d5337b788b50@siemens.com \
--to=quirin.gylstorff@siemens.com \
--cc=cip-dev@lists.cip-project.org \
--cc=felix.moessbauer@siemens.com \
--cc=jan.kiszka@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox