mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-10 14:36:58 +02:00
build_image: enable verity by default
This commit is contained in:
Michael Marineau
parent
29e35fe28a
commit
2016567d6f
@ -28,7 +28,7 @@ DEFINE_string getbinpkgver "" \
|
|||||||
"Use binary packages from a specific version."
|
"Use binary packages from a specific version."
|
||||||
DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \
|
DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \
|
||||||
"Default all bootloaders to use kernel-based root fs integrity checking."
|
"Default all bootloaders to use kernel-based root fs integrity checking."
|
||||||
DEFINE_boolean enable_verity ${FLAGS_FALSE} \
|
DEFINE_boolean enable_verity ${FLAGS_TRUE} \
|
||||||
"Default GRUB to use dm-verity-enabled boot arguments"
|
"Default GRUB to use dm-verity-enabled boot arguments"
|
||||||
DEFINE_string base_pkg "coreos-base/coreos" \
|
DEFINE_string base_pkg "coreos-base/coreos" \
|
||||||
"The base portage package to base the build off of (only applies to prod images)"
|
"The base portage package to base the build off of (only applies to prod images)"
|
||||||
|
|||||||
@ -40,7 +40,7 @@ with open(os.path.join(outputdir, "grub_modules.config"), "w") as f:
|
|||||||
f.write(json.dumps({"9": {"binaryvalues": [{"prefix": "grub_module", "values": hashvalues}]}}))
|
f.write(json.dumps({"9": {"binaryvalues": [{"prefix": "grub_module", "values": hashvalues}]}}))
|
||||||
|
|
||||||
with open(os.path.join(outputdir, "kernel_cmdline.config"), "w") as f:
|
with open(os.path.join(outputdir, "kernel_cmdline.config"), "w") as f:
|
||||||
f.write(json.dumps({"8": {"asciivalues": [{"prefix": "grub_kernel_cmdline", "values": [{"value": "rootflags=rw mount.usrflags=ro BOOT_IMAGE=/coreos/vmlinuz-[ab] mount.usr=PARTUUID=\S{36} rootflags=rw mount.usrflags=ro consoleblank=0 root=LABEL=ROOT (console=\S+)? (coreos.autologin=\S+)? verity.usrhash=\\S{64}", "description": "CoreOS kernel command line %s" % version}]}]}}))
|
f.write(json.dumps({"8": {"asciivalues": [{"prefix": "grub_kernel_cmdline", "values": [{"value": "rootflags=rw mount.usrflags=ro BOOT_IMAGE=/coreos/vmlinuz-[ab] mount.usr=/dev/mapper/usr verity.usr=PARTUUID=\S{36} rootflags=rw mount.usrflags=ro consoleblank=0 root=LABEL=ROOT (console=\S+)? (coreos.autologin=\S+)? verity.usrhash=\\S{64}", "description": "CoreOS kernel command line %s" % version}]}]}}))
|
||||||
|
|
||||||
commands = [{"value": '\[.*\]', "description": "CoreOS Grub configuration %s" % version},
|
commands = [{"value": '\[.*\]', "description": "CoreOS Grub configuration %s" % version},
|
||||||
{"value": 'gptprio.next -d usr -u usr_uuid', "description": "CoreOS Grub configuration %s" % version},
|
{"value": 'gptprio.next -d usr -u usr_uuid', "description": "CoreOS Grub configuration %s" % version},
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user