| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Closes #35307.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some ambiguity (e.g., same-named man pages in multiple volumes)
makes it impossible to fully automate this, but the following
Python snippet (run inside the man/ directory of the systemd repo)
helped to generate the sed command lines (which were subsequently
manually reviewed, run and the false positives reverted):
from pathlib import Path
import lxml
from lxml import etree as ET
man2vol: dict[str, str] = {}
man2citerefs: dict[str, list] = {}
for file in Path(".").glob("*.xml"):
tree = ET.parse(file, lxml.etree.XMLParser(recover=True))
meta = tree.find("refmeta")
if meta is not None:
title = meta.findtext("refentrytitle")
if title is not None:
vol = meta.findtext("manvolnum")
if vol is not None:
man2vol[title] = vol
citerefs = list(tree.iter("citerefentry"))
if citerefs:
man2citerefs[title] = citerefs
for man, refs in man2citerefs.items():
for ref in refs:
title = ref.findtext("refentrytitle")
if title is not None:
has = ref.findtext("manvolnum")
try:
should_have = man2vol[title]
except KeyError: # Non-systemd man page reference? Ignore.
continue
if has != should_have:
print(
f"sed -i '\\|<citerefentry><refentrytitle>{title}"
f"</refentrytitle><manvolnum>{has}</manvolnum>"
f"</citerefentry>|s|<manvolnum>{has}</manvolnum>|"
f"<manvolnum>{should_have}</manvolnum>|' {man}.xml"
)
|
|
|
|
|
|
|
| |
This allows loading the X.509 certificate from an OpenSSL provider
instead of a file system path. This allows loading certficates directly
from hardware tokens instead of having to export them to a file on
disk first.
|
|
|
|
|
|
|
|
| |
The page was written when systemd-repart was primarily intended to be used on a
running system. But nowadays it's more often used to create images, so extend
that part of the description.
While at it, fix some whitespace issues and trim some overly complicated sentences.
|
| |
|
| |
|
|
|
|
|
|
| |
fix: #31482
Signed-off-by: cunshunxia <cunshunxia@tencent.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out it's mostly PKCS11 that supports the URI format,
and other engines just take files. For example the tpm2-tss-openssl
engine just takes a sealed private key file path as the key input,
and the engine needs to be specified separately.
Add --private-key-source=file|engine:foo|provider:bar to
manually specify how to use the private key parameter.
Follow-up for 0a8264080a5d4b5e13e65eed80ac98a476f7fe43
|
|
|
|
|
|
|
|
|
|
|
|
| |
These can be used along with two new settings MountPoint= and
EncryptedVolume= to write fstab and crypttab entries to the given
paths respectively in the root directory that repart is operating on.
This is useful to cover scenarios that aren't covered by the
Discoverable Partitions Spec. For example when one wants to mount
/home as a separate btrfs subvolume. Because multiple btrfs subvolumes
can be mounted from the same partition, we allow specifying MountPoint=
multiple times to add multiple entries for the same partition.
|
|
|
|
|
|
| |
The provider API which is new requires providers, which are not
widely available and don't work very well yet, so also use a
fallback with the legacy engine API.
|
|
|
|
| |
<arg> is not allowed inside <term>.
|
| |
|
|
|
|
|
| |
This is just a slight markup improvement; there should be no difference
in rendering.
|
|
|
|
|
|
|
| |
This adds what was added to systemd-cryptenroll recently to
systemd-repart too.
Follow-up for: c3a2a681bed77ce4f9218cd28405994ab5263077
|
| |
|
|
|
|
| |
Follow-up for a121b331e37682341152b51269cf8ce00e68d755.
|
|
|
|
|
|
|
|
|
|
|
| |
This adds --make-ddi=confext, --make-ddi=sysext, --make-ddi=portable, to
make it really easiy to generate DDIs of the specified class. It
it's ultimately just a fancy wrapper around some defaults and in
particular --definitions=.
This makes it very easy to generate a confext:
$ systemd-repart -C --private-key=privkey.pem --certificate=cert.crt -s mytree/ mytree.confext.raw
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This specifies a directory to which CopyFiles= is considered relative.
If unset defaults to the --root=/--image= setting, or host / otherwise.
This is very similar to --root= but is much more focussed: it is really
and exclusively about CopyFiles= (and related settings such as
ExcludeFiles=) and does not affect any of the settings, i.e. it doesn't
affect CopyBlocks=, the machine ID/seed handling, or where definitions
are read from.
In fact, --root= and --copy-source= may be combined for example to
use the machine ID and similar from one tree, but the copy the files
from another.
|
|
|
|
|
|
|
|
| |
This tries to add information about when each option was added. It goes
back to version 183.
The version info is included from a separate file to allow generating it,
which would allow more control on the formatting of the final output.
|
| |
|
|
|
|
| |
Definitions will be synthesized from each of the given images.
|
| |
|
|
|
|
|
|
|
|
| |
--copy-from synthesizes partition definitions from the given image
which are then applied to the repart algorithm. In its most basic
form, this allows copying an image to another device but it can
also be combined with --definitions to copy + add partitions in the
same call to repart.
|
|
|
|
| |
This reverts commit 47c7805579bd54f2c149c80b22caed6f71ea01a7.
|
|
|
|
|
|
|
| |
--oem can be used to only install OEM partitions (usr, verity,
verity-sig, ...). OEM= is used to indicate OEM partitions. If unset,
defaults to !FactoryReset. We also add a credential repart.oem to
allow configuring --oem via a credential.
|
|\
| |
| | |
repart: Add --offline argument
|
| |
| |
| |
| |
| | |
This allows the user to explicit configure whether loop devices
should be used to build the image or not.
|
|/
|
|
| |
Follow-up for: #27848
|
|\
| |
| | |
repart: Add --architecture option
|
| |
| |
| |
| |
| |
| |
| | |
This option allows overriding the architecture that's used for the
architecture specific partition types. This is useful to allow
reusing the same repart configuration to produce the same image for
different architectures.
|
|/
|
|
|
|
|
|
| |
Fixes #22974.
The text is reworded a bit too. In particular, it's "partitions" that are not
reordered, not "partition table slots". If we were reordering things, we'd move
the partitions between slots. The slots themselves are not moveable.
|
|
|
|
| |
Fixes #26761.
|
|
|
|
| |
various components
|
|
|
|
|
|
| |
Let's allow users to configure the (logical) sector size of their
image. This is required when building images for a 4k sector size
disk on a 512b sector size host or vice-versa.
|
| |
|
|
|
|
|
| |
Defer is better because it indicates that we still intend to
populate these partitions later.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--include-partitions and --exclude-partitions now fully exclude
partitions from repart. Whenever a partition type is excluded, we
don't take any partitions of that type into account at all when
running systemd-repart.
--skip-partitions= is introduced to do what --exclude-partitions did
previously. Any skipped partitions are taken into acount when doing
size calculations, but are not yet populated.
Why do we need both concepts? Exclusion is needed so that we can
use shared repart definitions to generate bootable and non-bootable
images. When generating a non-bootable image, we use --exclude-partitions
to exclude the ESP partition. Skipping is needed so that we can
populate the root partition while skipping the ESP partition, get
the roothash of the root partition, use that to generate a UKI, and
finally populate the ESP partition with the UKI included.
|
|
|
|
|
|
|
|
|
| |
Let's allow filtering the partitions to operate on by partition
type UUID. This is necessary when building bootable images with a
verity protected root/usr partition as we can only build the UKI
image when we have the verity roothash which means we cannot populate
the EFI partition yet when we run repart initially to determine the
verity roothash.
|
|
|
|
|
|
|
| |
Note --private-key and --certificate options for configuring
verity signature partitions in the listing of options.
Adjust one error message referring to the --certificate option.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For use with sysupdate or other systemd tooling, it's useful to be
able to generate split artifacts from disk images, where each
partition is written to a separate file. Let's support this with
a --split switch for repart and a SplitName= configuration option.
--split enables split artifacts generation, and SplitName= configures
for which partition to generate split artifacts, and which suffix to
add to the split artifact name.
For SplitName=, we add support for some extra specifiers, more specifically
the partition Type UUID and the partition UUID.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In many places we spelled out the phrase behind "initrd" in full, but this
isn't terribly useful. In fact, no "RAM disk" is used, so emphasizing this
is just confusing to the reader. Let's just say "initrd" everywhere, people
understand what this refers to, and that it's in fact an initramfs image.
Also, s/i.e./e.g./ where appropriate.
Also, don't say "in RAM", when in fact it's virtual memory, whose pages
may or may not be loaded in page frames in RAM, and we have no control over
this.
Also, add <filename></filename> and other minor cleanups.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is similar to the --image= switch in the other tools, like
systemd-sysusers or systemd-tmpfiles, i.e. it apply the configuration
from the image to the image.
This is particularly useful for downloading minimized GPT image, and
then extending it to the desired size via:
# systemd-repart --image=foo.image --size=5G
|
| |
|
|
|
|
|
| |
This adds support for showing a pager, turning of the legend, like in
the other tools.
|
| |
|
| |
|
|
|
|
| |
Reported by Fossies.org
|