WIP

avnik · avnik · commit f9a5bc0e929c · 2026-02-16T15:04:15.000+02:00
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -158,7 +158,7 @@
 
     nix-store-veritysetup-generator = {
       # FIXME: Move to github:tiiuae
-      url = "github:avnik/nix-store-veritysetup-generator?ref=avnik/ghaf";
+      url = "github:avnik/nix-store-veritysetup-generator/ghaf";
       inputs = {
         nixpkgs.follows = "nixpkgs";
         flake-parts.follows = "flake-parts";
diff --git a/modules/development/debug-tools.nix b/modules/development/debug-tools.nix
@@ -40,6 +40,9 @@ in
 
       # FSS (Forward Secure Sealing) integrity test
       fss-test
+
+      # For debug complicated issues
+      pkgs.strace
     ]
     ++ rmDesktopEntries [
       pkgs.htop
diff --git a/modules/partitioning/mk-manifest.py b/modules/partitioning/mk-manifest.py
@@ -1,6 +1,7 @@
 #!/usr/bin/env python3
 # SPDX-FileCopyrightText: 2022-2026 TII (SSRC) and the Ghaf contributors
 # SPDX-License-Identifier: Apache-2.0
+import hashlib
 import sys
 import json
 import os
@@ -19,6 +20,14 @@ def rename(filename, version, fragment):
     return new
 
 
+def sha256_file(path: str) -> str:
+    h = hashlib.sha256()
+    with open(path, "rb") as f:
+        for chunk in iter(lambda: f.read(1024 * 1024), b""):
+            h.update(chunk)
+    return h.hexdigest()
+
+
 def main():
     if len(sys.argv) != 7:
         print(
@@ -48,15 +57,15 @@ def main():
         "root_verity_hash": root_verity_hash,
         "root": {
             "file": os.path.basename(store),
-            "sha256": "fixme",
+            "sha256": sha256_file(store),
         },
         "verity": {
             "file": os.path.basename(verity),
-            "sha256": "fixme",
+            "sha256": sha256_file(verity),
         },
         "kernel": {
             "file": os.path.basename(kernel),
-            "sha256": "fixme",
+            "sha256": sha256_file(kernel),
         },
     }
     manifest = json.dumps(manifest, indent=True)
diff --git a/modules/partitioning/verity-volume.nix b/modules/partitioning/verity-volume.nix
@@ -85,9 +85,13 @@ in
 
     ghaf.graphics.boot.enable = lib.mkForce (!debugEnable); # FIXME: temporary
 
+    # Show pretty name in bootloader
+    system.nixos.extraOSReleaseArgs = {
+      PRETTY_NAME = "Ghaf ${config.ghaf.version}"; # FIXME: Probably too global override
+    };
     boot = {
       kernelParams = [
-        "storehash=${roothashPlaceholder}" # See `ghaf-store-veritysetup.enable` for details
+        "ghaf.storehash=${roothashPlaceholder}" # See `ghaf-store-veritysetup.enable` for details
         "systemd.verity_root_options=panic-on-corruption"
         "ghaf.revision=${config.ghaf.version}" # Help ghaf-veritysetup-generator to find root and verity volumes
       ]

Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,9 @@ in`
`40`	`40`
`41`	`41`	`# FSS (Forward Secure Sealing) integrity test`
`42`	`42`	`fss-test`
	`43`	`+`
	`44`	`+ # For debug complicated issues`
	`45`	`+ pkgs.strace`
`43`	`46`	`]`
`44`	`47`	`++ rmDesktopEntries [`
`45`	`48`	`pkgs.htop`