commit bed76d97e58becd2aa314a6132c9968efabc16b5
author Tim Windelschmidt <tim@monogon.tech> Tue Feb 18 03:04:14 2025 +0100
committer Tim Windelschmidt <tim@monogon.tech> Tue Feb 25 21:36:11 2025 +0000
tree d9e862bcddf77a913e8bdd3bb361f2fbcd949be5
parent 8eb0244ed3653b6bcb80a29acb4f9e6b66a272f4

osbase/build: move efi.bzl, split and move def.bzl to their corresponding action

This is a small reorganization to make the osbase/build less dependent on each other.

Change-Id: I8c12f04f3bdc98128c5424f142f452c2e094f2e8
Reviewed-on: https://review.monogon.dev/c/monogon/+/3903
Tested-by: Jenkins CI
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>

osbase/build/mkverity/def.bzl

diff --git a/osbase/build/mkverity/def.bzl b/osbase/build/mkverity/def.bzl
new file mode 100644
index 0000000..417c883
--- /dev/null
+++ b/osbase/build/mkverity/def.bzl
@@ -0,0 +1,72 @@
+# VerityInfo is emitted by verity_image, and contains a file enclosing a
+# singular dm-verity target table.
+VerityInfo = provider(
+    "Information necessary to mount a single dm-verity target.",
+    fields = {
+        "table": "A file containing the dm-verity target table. See: https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html",
+    },
+)
+
+def _verity_image_impl(ctx):
+    """
+    Create a new file containing the source image data together with the Verity
+    metadata appended to it, and provide an associated DeviceMapper Verity target
+    table in a separate file, through VerityInfo provider.
+    """
+
+    # Run mkverity.
+    image = ctx.actions.declare_file(ctx.attr.name + ".img")
+    table = ctx.actions.declare_file(ctx.attr.name + ".dmt")
+    ctx.actions.run(
+        mnemonic = "GenVerityImage",
+        progress_message = "Generating a dm-verity image: {}".format(image.short_path),
+        inputs = [ctx.file.source],
+        outputs = [
+            image,
+            table,
+        ],
+        executable = ctx.file._mkverity,
+        arguments = [
+            "-input=" + ctx.file.source.path,
+            "-output=" + image.path,
+            "-table=" + table.path,
+            "-data_alias=" + ctx.attr.rootfs_partlabel,
+            "-hash_alias=" + ctx.attr.rootfs_partlabel,
+        ],
+    )
+
+    return [
+        DefaultInfo(
+            files = depset([image]),
+            runfiles = ctx.runfiles(files = [image]),
+        ),
+        VerityInfo(
+            table = table,
+        ),
+    ]
+
+verity_image = rule(
+    implementation = _verity_image_impl,
+    doc = """
+      Build a dm-verity target image by appending Verity metadata to the source
+      image. A corresponding dm-verity target table will be made available
+      through VerityInfo provider.
+  """,
+    attrs = {
+        "source": attr.label(
+            doc = "A source image.",
+            allow_single_file = True,
+        ),
+        "rootfs_partlabel": attr.string(
+            doc = "GPT partition label of the rootfs to be used with dm-mod.create.",
+            default = "PARTLABEL=METROPOLIS-SYSTEM-X",
+        ),
+        "_mkverity": attr.label(
+            doc = "The mkverity executable needed to generate the image.",
+            default = "//osbase/build/mkverity",
+            allow_single_file = True,
+            executable = True,
+            cfg = "exec",
+        ),
+    },
+)