Image Customizer: Make verity API a list. #10789
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Change the verity config from a single item to a list of items. This is being done so that it is easier to add support for other verity partitions (e.g. /usr) in the future. However, this change restricts the verity API to only the root partition (`/`). In addition, move the verity config from `.os` to `.storage`. This is being done for alignment with the Trident API. But is also probably a more morally correct place for verity to be placed. As a side effect, this change removes support for enabling verity on a base image that somehow had all the correct partitions to support verity but didn't actually have verity enabled. None of our base images are like this. So, it is expected that no user ever made use of this functionality. This functionality could be re-added in the future. It was omitted from this change to avoid adding additional complexity.
liulanze
approved these changes
Oct 23, 2024
liulanze
approved these changes
Oct 25, 2024
cwize1
added a commit
that referenced
this pull request
Oct 25, 2024
Missing docs fixes associated with #10789.
12 tasks
cwize1
added a commit
that referenced
this pull request
Oct 29, 2024
In change #10789, the `imagecustomizerapi.FileSystem` type had an internal field added called `PartitionId` which is filled in by the API validity checks. ISO to ISO customization supports cracking open the squashfs file and modifying the Live-OS. However, to do this, a temporary OS image must be created. This creation logic uses the `imagecustomizerapi.FileSystem` type but the code wasn't updated to ensure the `PartitionId` field has a value.
12 tasks
cwize1
added a commit
that referenced
this pull request
Oct 29, 2024
In change #10789, the `imagecustomizerapi.FileSystem` type had an internal field added called `PartitionId` which is filled in by the API validity checks. ISO to ISO customization supports cracking open the squashfs file and modifying the Live-OS. However, to do this, a temporary OS image must be created. This creation logic uses the `imagecustomizerapi.FileSystem` type but the code wasn't updated to ensure the `PartitionId` field has a value.
durgajagadeesh
pushed a commit
to durgajagadeesh/azurelinux_djpalli
that referenced
this pull request
Dec 31, 2024
Change the verity config from a single item to a list of items. This is being done so that it is easier to add support for other verity partitions (e.g. /usr) in the future. However, this change restricts the verity API to only the root partition (`/`). In addition, move the verity config from `.os` to `.storage`. This is being done for alignment with the Trident API. But is also probably a more morally correct place for verity to be placed. As a side effect, this change removes support for enabling verity on a base image that somehow had all the correct partitions to support verity but didn't actually have verity enabled. None of our base images are like this. So, it is expected that no user ever made use of this functionality. This functionality could be re-added in the future. It was omitted from this change to avoid adding additional complexity.
durgajagadeesh
pushed a commit
to durgajagadeesh/azurelinux_djpalli
that referenced
this pull request
Dec 31, 2024
In change microsoft#10789, the `imagecustomizerapi.FileSystem` type had an internal field added called `PartitionId` which is filled in by the API validity checks. ISO to ISO customization supports cracking open the squashfs file and modifying the Live-OS. However, to do this, a temporary OS image must be created. This creation logic uses the `imagecustomizerapi.FileSystem` type but the code wasn't updated to ensure the `PartitionId` field has a value.
JocelynBerrendonner
pushed a commit
to JocelynBerrendonner/azurelinux
that referenced
this pull request
Jan 23, 2025
Change the verity config from a single item to a list of items. This is being done so that it is easier to add support for other verity partitions (e.g. /usr) in the future. However, this change restricts the verity API to only the root partition (`/`). In addition, move the verity config from `.os` to `.storage`. This is being done for alignment with the Trident API. But is also probably a more morally correct place for verity to be placed. As a side effect, this change removes support for enabling verity on a base image that somehow had all the correct partitions to support verity but didn't actually have verity enabled. None of our base images are like this. So, it is expected that no user ever made use of this functionality. This functionality could be re-added in the future. It was omitted from this change to avoid adding additional complexity.
JocelynBerrendonner
pushed a commit
to JocelynBerrendonner/azurelinux
that referenced
this pull request
Jan 23, 2025
In change microsoft#10789, the `imagecustomizerapi.FileSystem` type had an internal field added called `PartitionId` which is filled in by the API validity checks. ISO to ISO customization supports cracking open the squashfs file and modifying the Live-OS. However, to do this, a temporary OS image must be created. This creation logic uses the `imagecustomizerapi.FileSystem` type but the code wasn't updated to ensure the `PartitionId` field has a value.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Change the verity config from a single item to a list of items. This is being done so that it is easier to add support for other verity partitions (e.g. /usr) in the future. However, this change restricts the verity API to only the root partition (
/).In addition, move the verity config from
.osto.storage. This is being done for alignment with the Trident API. But is also probably a more morally correct place for verity to be placed.As a side effect, this change removes support for enabling verity on a base image that somehow had all the correct partitions to support verity but didn't actually have verity enabled. None of our base images are like this. So, it is expected that no user ever made use of this functionality. This functionality could be re-added in the future. It was omitted from this change to avoid adding additional complexity.
Merge Checklist
All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)
*-staticsubpackages, etc.) have had theirReleasetag incremented../cgmanifest.json,./toolkit/scripts/toolchain/cgmanifest.json,.github/workflows/cgmanifest.json)./LICENSES-AND-NOTICES/SPECS/data/licenses.json,./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md,./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)*.signatures.jsonfilessudo make go-tidy-allandsudo make go-test-coveragepassDoes this affect the toolchain?
NO
Test Methodology