%package -n veritytool
Summary: A tool for dm-verity
License: Apache-2.0
+Requires: bash
+Requires: gawk
+Requires: grep
+Requires: coreutils
+Requires: cryptsetup
%description -n veritytool
verityctl tool for dm-verity. Similar with veritysetup of cryptsetup
mkdir -p %{buildroot}%{_mnt_initrd_dir}
+# veritytool
+mkdir -p %{buildroot}%{_bindir}
+cp -f scripts/verityctl %{buildroot}%{_bindir}
+
%post
/sbin/ldconfig
%files -n veritytool
%manifest initrd.manifest
%license LICENSE.Apache-2.0
+%{_bindir}/verityctl
--- /dev/null
+#!/bin/sh
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+usage()
+{
+ echo "Usage: verityctl <action> <action-specific>"
+ echo ""
+ echo "Action commands:"
+ echo " format <device> - format device"
+}
+
+format()
+{
+ IMG_FILE=$1
+
+ if [ -f $IMG_FILE ]
+ then
+ echo "Run verityctl format $IMG_FILE"
+ else
+ echo "$IMG_FILE does not exist"
+ exit 1;
+ fi
+
+ IMG_PATH=`dirname $IMG_FILE`
+
+ /sbin/veritysetup format $IMG_FILE $IMG_PATH/hash_data | tee $IMG_PATH/verity_format_output.txt
+ root_hash=`grep "Root hash" $IMG_PATH/verity_format_output.txt | gawk '{print $3,$4}'`
+
+ dd if=/dev/zero of=$IMG_PATH/meta_data bs=32768 count=1 2> /dev/null
+ echo "dm-verity0" | dd of=/$IMG_PATH/meta_data bs=1 seek=0 conv=notrunc 2> /dev/null
+ echo "b1b1b1b1" | dd of=/$IMG_PATH/meta_data bs=1 seek=16 conv=notrunc 2> /dev/null
+ echo $root_hash | dd of=/$IMG_PATH/meta_data bs=1 seek=32 conv=notrunc 2> /dev/null
+
+ cat $IMG_PATH/meta_data $IMG_PATH/hash_data >> $IMG_FILE
+
+ rm -f $IMG_PATH/hash_data
+ rm -f $IMG_PATH/meta_data
+ rm -f $IMG_PATH/verity_format_output.txt
+}
+
+case $1 in
+ "format")
+ if [ $# -ne 2 ]; then usage; exit 1; fi
+ format $2
+ exit 0;
+ ;;
+
+ *)
+ usage
+ exit 0;
+ ;;
+esac