In order to ensure that the bundled initramfs always contains the most recently generated DM_VERITY_IMAGE specific root filesystems' root hash, we disable the timestamp for do_rootfs() task here, meaning that the task will be re-executed whenever some task that depends on it executes.
Effectively these re-executions should occur only when e.g. 'bitbake <DM_VERITY_IMAGE>' is issued. If 100% reproducible image builds are needed then this approach may need revising. Without this change, executing e.g. the following sequence $ bitbake <DM_VERITY_IMAGE> $ bitbake -c clean <DM_VERITY_IMAGE> $ bitbake <DM_VERITY_IMAGE> results in an unbootable <DM_VERITY_IMAGE> rootfs, which fails like Mounting /dev/vda over dm-verity as the root filesystem [ 8.729974] device-mapper: verity: sha256 using implementation sha256-generic [ 8.810784] device-mapper: verity: 253:0: metadata block 3017 is corrupted [ 8.813018] device-mapper: verity: 253:0: metadata block 3017 is corrupted [ 8.813912] Buffer I/O error on dev dm-0, logical block 2992, async page read Verity device detected corruption after activation. [ 8.889548] device-mapper: verity: 253:0: metadata block 3017 is corrupted [ 8.891060] device-mapper: verity: 253:0: metadata block 3017 is corrupted [ 8.891456] Buffer I/O error on dev dm-0, logical block 2992, async page read ... [ 9.135707] EXT4-fs (dm-0): unable to read superblock [ 9.142897] EXT4-fs (dm-0): unable to read superblock [ 9.145393] EXT4-fs (dm-0): unable to read superblock [ 9.147905] FAT-fs (dm-0): unable to read boot sector mount: /new_root: can't read superblock on /dev/mapper/rootfs. BusyBox v1.32.0 () multi-call binary. Usage: switch_root [-c CONSOLE_DEV] NEW_ROOT NEW_INIT [ARGS] [ 9.243274] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100 [ 9.243701] CPU: 0 PID: 1 Comm: switch_root Not tainted 5.8.3-yocto-standard #1 [ 9.243853] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014 ... [ 9.248548] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100 ]--- Signed-off-by: Niko Mauno <niko.ma...@vaisala.com> --- recipes-core/images/dm-verity-image-initramfs.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/recipes-core/images/dm-verity-image-initramfs.bb b/recipes-core/images/dm-verity-image-initramfs.bb index 96f55ceb..6171d117 100644 --- a/recipes-core/images/dm-verity-image-initramfs.bb +++ b/recipes-core/images/dm-verity-image-initramfs.bb @@ -16,6 +16,9 @@ PACKAGE_INSTALL = " \ # Can we somehow inspect reverse dependencies to avoid these variables? do_rootfs[depends] += "${DM_VERITY_IMAGE}:do_image_complete" +# Ensure dm-verity.env is updated also when rebuilding DM_VERITY_IMAGE +do_rootfs[nostamp] = "1" + IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}" inherit core-image -- 2.20.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#50461): https://lists.yoctoproject.org/g/yocto/message/50461 Mute This Topic: https://lists.yoctoproject.org/mt/76691216/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-