diff --git a/classes/dm-verity-img.bbclass b/classes/dm-verity-img.bbclass index 6ad0f75..16d395b 100644 --- a/classes/dm-verity-img.bbclass +++ b/classes/dm-verity-img.bbclass @@ -18,12 +18,18 @@ # The resulting image can then be used to implement the device mapper block # integrity checking on the target device. +# Define the location where the DM_VERITY_IMAGE specific dm-verity root hash +# is stored where it can be installed into associated initramfs rootfs. +STAGING_VERITY_DIR ?= "${TMPDIR}/work-shared/${MACHINE}/dm-verity" + # Process the output from veritysetup and generate the corresponding .env # file. The output from veritysetup is not very machine-friendly so we need to # convert it to some better format. Let's drop the first line (doesn't contain # any useful info) and feed the rest to a script. process_verity() { - local ENV="$OUTPUT.env" + local ENV="${STAGING_VERITY_DIR}/${IMAGE_BASENAME}.$TYPE.verity.env" + install -d ${STAGING_VERITY_DIR} + rm -f $ENV # Each line contains a key and a value string delimited by ':'. Read the # two parts into separate variables and process them separately. For the @@ -39,8 +45,6 @@ process_verity() { # Add partition size echo "DATA_SIZE=$SIZE" >> $ENV - - ln -sf $ENV ${IMAGE_BASENAME}-${MACHINE}.$TYPE.verity.env } verity_setup() { diff --git a/recipes-core/images/dm-verity-image-initramfs.bb b/recipes-core/images/dm-verity-image-initramfs.bb index 8dd8543..e791c19 100644 --- a/recipes-core/images/dm-verity-image-initramfs.bb +++ b/recipes-core/images/dm-verity-image-initramfs.bb @@ -24,6 +24,6 @@ IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}" inherit core-image deploy_verity_hash() { - install -D -m 0644 ${DEPLOY_DIR_IMAGE}/${DM_VERITY_IMAGE}-${MACHINE}.${DM_VERITY_IMAGE_TYPE}.verity.env ${IMAGE_ROOTFS}/${datadir}/dm-verity.env + install -D -m 0644 ${STAGING_VERITY_DIR}/${DM_VERITY_IMAGE}.${DM_VERITY_IMAGE_TYPE}.verity.env ${IMAGE_ROOTFS}${datadir}/dm-verity.env } IMAGE_PREPROCESS_COMMAND += "deploy_verity_hash;"