Using Checksum=true seems to generate incorrect output

justinvreeland commented 5 days ago

mkosi commit the issue has been seen with

main

Used host distribution

Archlinux

Used target distribution

default

Linux kernel version used

6.10.8-arch1-1

CPU architectures issue was seen on

x86_64

Unexpected behaviour you saw

I expected to see a SHA256SUMS file or image.sha256 file that would be compatible with importctl. Instead files with names like image.SHA256SUMS are generated. When using the configuration attached I see:

ls mkosi.output
total 34188
    0 lrwxrwxrwx 1 root root        9 Sep 13 12:31 image -> image.raw
34184 -rw-r--r-- 1 root root 36028416 Sep 13 12:31 image.raw
    4 -rw-r--r-- 1 root root       76 Sep 13 12:31 image.SHA256SUMS

The mkosi docs lead me to believe the file should be created as a standalone file. From the mkosi docs:

Generate a SHA256SUMS file of all generated artifacts after the build is complete.

The importctl docs seem to agree:

Verification is done either via an
inline signed file with the name of the image and the suffix
.sha256 or via separate SHA256SUMS and SHA256SUMS.gpg files.

This also applies to the image.SHA256SUMS.gpg file.

Used mkosi config

[Validation]
Checksum=true

mkosi output

No response

behrmann commented 5 days ago

Unfortunately we have to bake the image name into the output, otherwise when generating multiple outputs they would clobber each other. You will have to do some post processing after invoking mkosi or maybe you can hack this with a postoutput script.

justinvreeland commented 5 days ago

Ahh I can understand how that causes problem. Were I making a lot of images in the same directory though I'd like have the option to concatenate and re-sign the file for all the images built into that directory. I can see people wanting things either way depending on how much post processing they want to do. I think it'd be ideal for mkosi to be able to produce working output to be consumed by related tools though.

systemd / mkosi