| Tim Windelschmidt | bed76d9 | 2025-02-18 03:04:14 +0100 | [diff] [blame] | 1 | # VerityInfo is emitted by verity_image, and contains a file enclosing a |
| 2 | # singular dm-verity target table. |
| 3 | VerityInfo = provider( |
| 4 | "Information necessary to mount a single dm-verity target.", |
| 5 | fields = { |
| 6 | "table": "A file containing the dm-verity target table. See: https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html", |
| 7 | }, |
| 8 | ) |
| 9 | |
| 10 | def _verity_image_impl(ctx): |
| 11 | """ |
| 12 | Create a new file containing the source image data together with the Verity |
| 13 | metadata appended to it, and provide an associated DeviceMapper Verity target |
| 14 | table in a separate file, through VerityInfo provider. |
| 15 | """ |
| 16 | |
| 17 | # Run mkverity. |
| 18 | image = ctx.actions.declare_file(ctx.attr.name + ".img") |
| 19 | table = ctx.actions.declare_file(ctx.attr.name + ".dmt") |
| 20 | ctx.actions.run( |
| 21 | mnemonic = "GenVerityImage", |
| 22 | progress_message = "Generating a dm-verity image: {}".format(image.short_path), |
| 23 | inputs = [ctx.file.source], |
| 24 | outputs = [ |
| 25 | image, |
| 26 | table, |
| 27 | ], |
| 28 | executable = ctx.file._mkverity, |
| 29 | arguments = [ |
| 30 | "-input=" + ctx.file.source.path, |
| 31 | "-output=" + image.path, |
| 32 | "-table=" + table.path, |
| 33 | "-data_alias=" + ctx.attr.rootfs_partlabel, |
| 34 | "-hash_alias=" + ctx.attr.rootfs_partlabel, |
| 35 | ], |
| 36 | ) |
| 37 | |
| 38 | return [ |
| 39 | DefaultInfo( |
| 40 | files = depset([image]), |
| 41 | runfiles = ctx.runfiles(files = [image]), |
| 42 | ), |
| 43 | VerityInfo( |
| 44 | table = table, |
| 45 | ), |
| 46 | ] |
| 47 | |
| 48 | verity_image = rule( |
| Tim Windelschmidt | bed76d9 | 2025-02-18 03:04:14 +0100 | [diff] [blame] | 49 | implementation = _verity_image_impl, |
| 50 | doc = """ |
| 51 | Build a dm-verity target image by appending Verity metadata to the source |
| 52 | image. A corresponding dm-verity target table will be made available |
| 53 | through VerityInfo provider. |
| 54 | """, |
| 55 | attrs = { |
| 56 | "source": attr.label( |
| 57 | doc = "A source image.", |
| 58 | allow_single_file = True, |
| 59 | ), |
| 60 | "rootfs_partlabel": attr.string( |
| 61 | doc = "GPT partition label of the rootfs to be used with dm-mod.create.", |
| 62 | default = "PARTLABEL=METROPOLIS-SYSTEM-X", |
| 63 | ), |
| 64 | "_mkverity": attr.label( |
| 65 | doc = "The mkverity executable needed to generate the image.", |
| 66 | default = "//osbase/build/mkverity", |
| 67 | allow_single_file = True, |
| 68 | executable = True, |
| 69 | cfg = "exec", |
| 70 | ), |
| 71 | }, |
| 72 | ) |