Re: [isar-cip-core]RFC v2 4/9] Create a initrd with support for dm-verity

Quirin Gylstorff

On 11/19/21 2:29 PM, Christian Storm via wrote:
diff --git a/recipes-initramfs/initramfs-verity-hook/files/verity.script.tmpl b/recipes-initramfs/initramfs-verity-hook/files/verity.script.tmpl
new file mode 100644
index 0000000..c4f3dc4
--- /dev/null
+++ b/recipes-initramfs/initramfs-verity-hook/files/verity.script.tmpl
@@ -0,0 +1,68 @@
+ # Make sure that this script is run last in local-top
+ local req
+ for req in "${0%/*}"/*; do
+ script="${req##*/}"
+ if [ "$script" != "${0##*/}" ] && [ "$script" != "cryptroot" ]; then
Hm, so you explicitly enumerate all scripts except for cryptroot so that
you run (hopefully right?) thereafter.
Isn't it sufficient to make cryptroot dependent on this?
Looks too verbose and complicated...
It is the same scripting as cryptroot uses in Debian 11 which inspired this
script. See [1].
Anyway, this doesn't answer the questions?
Kind regards,

The `verity.script` should executed as last script in the local-top init phase. if the cryptroot script exists `verity.script` is the second last script.

If the package `cryptsetup-initramfs` is always installed an entry in the cryptroot script would be enough. We have currently no dependency to

If we want to change the cryptroot dependency we need to patch the necessary scripts/packages. Patching other packages is something I like to avoid for this feature.



Join to automatically receive all group messages.