o/build/mkpayload: port to llvm-objcopy GNU and LLVM objcopy have some material differences in how they work. LLVM is able to automatically assign VMAs, but needs --set-section-flags for it. Use that and drop all the explicit VMAs. Also with the new toolchain cc.objcopy_excutable is not populated, so we need to get the executable path using the new action-based way. Currently contains a hack to force static on to get our custom toolchain for both host and cross-builds as GNU objcopy is not compatible. Change-Id: I0a5ef1cbeb3f94326a2cef099c23c046df166bdd Reviewed-on: https://review.monogon.dev/c/monogon/+/4214 Reviewed-by: Tim Windelschmidt <tim@monogon.tech> Tested-by: Jenkins CI

commit: 163525e321a41724b1e457315c5003603957b3c6 [log] [tgz]
author: Lorenz Brun <lorenz@monogon.tech> Thu May 22 15:30:14 2025 +0200
committer: Lorenz Brun <lorenz@monogon.tech> Wed Jun 11 19:46:15 2025 +0000
tree: 80d85c9fe0f4904696f49bffd704063e6671de17
parent: 6ff6b45b266b0ef0768d5172769ba1d725b10124 [diff]
diff --git a/osbase/build/mkverity/def.bzl b/osbase/build/mkverity/def.bzl
index 417c883..bb5b8a4 100644
--- a/osbase/build/mkverity/def.bzl
+++ b/osbase/build/mkverity/def.bzl

@@ -1,3 +1,5 @@
+load("//osbase/build:def.bzl", "build_static_transition")
+
 # VerityInfo is emitted by verity_image, and contains a file enclosing a
 # singular dm-verity target table.
 VerityInfo = provider(
@@ -46,6 +48,7 @@
     ]
 
 verity_image = rule(
+    cfg = build_static_transition,
     implementation = _verity_image_impl,
     doc = """
       Build a dm-verity target image by appending Verity metadata to the source
commit	163525e321a41724b1e457315c5003603957b3c6	[log] [tgz]
author	Lorenz Brun <lorenz@monogon.tech>	Thu May 22 15:30:14 2025 +0200
committer	Lorenz Brun <lorenz@monogon.tech>	Wed Jun 11 19:46:15 2025 +0000
tree	80d85c9fe0f4904696f49bffd704063e6671de17
parent	6ff6b45b266b0ef0768d5172769ba1d725b10124 [diff]