Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 2add1cb4f90df3dfe3dac1748605555f4158f125^! / . / osbase / build / mkverity / def.bzl
commit2add1cb4f90df3dfe3dac1748605555f4158f125[log] [tgz]
authorJan Schär <jan@monogon.tech>Mon Jul 14 09:26:18 2025 +0000
committerJan Schär <jan@monogon.tech>Tue Jul 15 11:55:43 2025 +0000
tree5c79b1296315a835cdf402f54350ab03090d2ce1
parente2265b30113f50b7b2d04259ad326c3e4aba7f5e [diff] [blame]
osbase/build/mkverity: generate salt from product info

The salt is now generated from the product info file, instead of the
input image file. This reduces build time by around 0.3 s.

Change-Id: Id3263e24604745324a5652658ff79cc79c9df5fa
Reviewed-on: https://review.monogon.dev/c/monogon/+/4431
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Tested-by: Jenkins CI

diff --git a/osbase/build/mkverity/def.bzl b/osbase/build/mkverity/def.bzl
index 417c883..1176060 100644
--- a/osbase/build/mkverity/def.bzl
+++ b/osbase/build/mkverity/def.bzl

@@ -17,22 +17,23 @@
     # Run mkverity.
     image = ctx.actions.declare_file(ctx.attr.name + ".img")
     table = ctx.actions.declare_file(ctx.attr.name + ".dmt")
+    inputs = [ctx.file.source]
+    args = ctx.actions.args()
+    args.add("-input", ctx.file.source)
+    args.add("-output", image)
+    if ctx.file.salt:
+        args.add("-salt", ctx.file.salt)
+        inputs.append(ctx.file.salt)
+    args.add("-table", table)
+    args.add("-data_alias", ctx.attr.rootfs_partlabel)
+    args.add("-hash_alias", ctx.attr.rootfs_partlabel)
     ctx.actions.run(
         mnemonic = "GenVerityImage",
         progress_message = "Generating a dm-verity image: {}".format(image.short_path),
-        inputs = [ctx.file.source],
-        outputs = [
-            image,
-            table,
-        ],
+        inputs = inputs,
+        outputs = [image, table],
         executable = ctx.file._mkverity,
-        arguments = [
-            "-input=" + ctx.file.source.path,
-            "-output=" + image.path,
-            "-table=" + table.path,
-            "-data_alias=" + ctx.attr.rootfs_partlabel,
-            "-hash_alias=" + ctx.attr.rootfs_partlabel,
-        ],
+        arguments = [args],
     )
 
     return [
@@ -56,6 +57,16 @@
         "source": attr.label(
             doc = "A source image.",
             allow_single_file = True,
+            mandatory = True,
+        ),
+        "salt": attr.label(
+            doc = """
+                A file which will be hashed to generate the salt.
+                This should be a small file which is different for each
+                released image, but which only changes when the source also
+                changes. The product info file is a good choice for this.
+            """,
+            allow_single_file = True,
         ),
         "rootfs_partlabel": attr.string(
             doc = "GPT partition label of the rootfs to be used with dm-mod.create.",