ManPages Pro - Translated Unix Manual Pages

systemd-repart(8)

Original

English • 717 lines

SYSTEMD-REPART(8) systemd-repart SYSTEMD-REPART(8)

NAME
systemd-repart, systemd-repart.service - Automatically grow and add
partitions, and generate disk images (DDIs)

SYNOPSIS
systemd-repart [OPTIONS...] [[BLOCKDEVICE]...]

systemd-repart.service

DESCRIPTION
systemd-repart creates partition tables, and adds or grows partitions,
based on the configuration files described in repart.d(5).

systemd-repart is used when building OS images, and also when deploying
images to automatically adjust them, during boot, to the system they
are running on. This way the image can be minimal in size and may be
augmented automatically at boot, taking possession of the disk space
available.

If invoked with no arguments, systemd-repart operates on the block
device backing the root file system partition of the running OS, thus
adding and growing partitions of the booted OS itself. When called in
the initrd, it operates on the block device backing /sysroot/ instead,
i.e. on the block device the system will soon transition into. If
--image= is used, it will operate on the specified device or image
file. The systemd-repart.service service is generally run at boot in
the initrd, in order to augment the partition table of the OS before
its partitions are mounted.

systemd-repart operations are mostly incremental: it grows existing
partitions or adds new ones, but does not shrink, delete, or move
existing partitions. The service is intended to be run on every boot,
but when it detects that the partition table already matches the
installed repart.d/*.conf configuration files, it executes no
operation.

The following use cases are among those covered:

• The root partition may be grown to cover the whole available disk
space.

• A /home/, swap, or /srv/ partition can be added.

• A second (or third, ...) root partition may be added, to cover A/B
style setups where a second version of the root file system is
alternatingly used for implementing update schemes. The deployed
image would carry only a single partition ("A") but on first boot a
second partition ("B") for this purpose is automatically created.

The algorithm executed by systemd-repart is roughly as follows:

1. The repart.d/*.conf configuration files are loaded and parsed, and
ordered by filename (without the directory prefix). For each
configuration file, drop-in files are loaded from directories with
same name as the configuration file with the suffix ".d" added.

2. The partition table on the block device is loaded and parsed, if
present.

3. The existing partitions in the partition table are matched with the
repart.d/*.conf files by GPT partition type UUID. The first
existing partition of a specific type is assigned the first
configuration file declaring the same type. The second existing
partition of a specific type is then assigned the second
configuration file declaring the same type, and so on. After this
iterative assigning is complete, any existing partitions that have
no matching configuration file are considered "foreign" and left as
they are. And any configuration files for which no partition was
matched are treated as requests to create a partition.

4. Partitions that shall be created are now allocated on the disk,
taking the size constraints and weights declared in the
configuration files into account. Free space is used within the
limits set by size and padding requests. In addition, existing
partitions that should be grown are grown. New partitions are
always appended to the end of the partition table, taking the first
partition table slot whose index is greater than the indexes of all
existing partitions. Partitions are never reordered and thus
partition numbers remain stable. When partitions are created, they
are placed in the smallest area of free space that is large enough
to satisfy the size and padding limits. This means that partitions
might have different order on disk than in the partition table.
Note that this allocation happens in memory only, the partition
table on disk is not updated yet.

5. All existing partitions for which configuration files exist and
which currently have no GPT partition label set will be assigned a
label, either explicitly configured in the configuration or — if
that's missing — derived automatically from the partition type. The
same is done for all partitions that are newly created. These
assignments are done in memory only, too, the disk is not updated
yet.

6. Similarly, all existing partitions for which configuration files
exist and which currently have an all-zero identifying UUID will be
assigned a new UUID. This UUID is cryptographically hashed from a
common seed value together with the partition type UUID (and a
counter in case multiple partitions of the same type are defined),
see below. The same is done for all partitions that are created
anew. These assignments are done in memory only, too, the disk is
not updated yet.

7. Similarly, if the disk's volume UUID is all zeroes it is also
initialized, also cryptographically hashed from the same common
seed value. This is done in memory only too.

8. The disk space assigned to new partitions (i.e. what was previously
free space) is now erased. Specifically, all file system signatures
are removed, and if the device supports it, the BLKDISCARD I/O
control command is issued to inform the hardware that the space is
now empty. In addition any "padding" between partitions and at the
end of the device is similarly erased.

9. The new partition table is finally written to disk. The kernel is
asked to reread the partition table.

As an exception to the normal incremental operation, when called in a
special "factory reset" mode, systemd-repart may be used to erase
existing partitions to reset an installation back to vendor defaults.
This mode of operation is used when either the --factory-reset=yes
switch is passed on the tool's command line, or the
systemd.factory_reset=yes option is specified on the kernel command
line, or the FactoryResetRequest EFI variable (vendor UUID
8cf2644b-4b0b-428f-9387-6d876050dc67) is set to "yes". It alters the
algorithm above slightly: between the 3rd and the 4th step above any
partition marked explicitly via the FactoryReset= boolean is deleted,
and the algorithm restarted, thus immediately re-creating these
partitions anew empty.

Note that systemd-repart by default only changes partition tables, it
does not create or resize any file systems within these partitions,
unless the Format= configuration option is specified. Also note that
there are also separate mechanisms available for this purpose, for
example systemd-growfs(8) and systemd-makefs.

The UUIDs identifying the new partitions created (or assigned to
existing partitions that have no UUID yet), as well as the disk as a
whole are hashed cryptographically from a common seed value. This seed
value is usually the machine-id(5) of the system, so that the machine
ID reproducibly determines the UUIDs assigned to all partitions. If the
machine ID cannot be read (or the user passes --seed=random, see below)
the seed is generated randomly instead, so that the partition UUIDs are
also effectively random. The seed value may also be set explicitly,
formatted as UUID via the --seed= option. By hashing these UUIDs from a
common seed images prepared with this tool become reproducible and the
result of the algorithm above deterministic.

The positional argument should specify the block device or a regular
file to operate on. If --empty=create is specified, the specified path
is created as regular file, which is useful for generating disk images
from scratch.

OPTIONS
The following options are understood:

--dry-run=
Takes a boolean. If this switch is not specified, --dry-run=yes is
the implied default. Controls whether systemd-repart executes the
requested re-partition operations or whether it should only show
what it would do. Unless --dry-run=no is specified systemd-repart
will not actually touch the device's partition table.

Added in version 245.

--empty=
Takes one of "refuse", "allow", "require", "force" or "create".
Controls how to operate on block devices that are entirely empty,
i.e. carry no partition table/disk label yet. If this switch is not
specified, the implied default is "refuse".

If "refuse" systemd-repart requires that the block device it shall
operate on already carries a partition table and refuses operation
if none is found. If "allow" the command will extend an existing
partition table or create a new one if none exists. If "require"
the command will create a new partition table if none exists so
far, and refuse operation if one already exists. If "force" it will
create a fresh partition table unconditionally, erasing the disk
fully in effect. If "force" no existing partitions will be taken
into account or survive the operation. Hence: use with care, this
is a great way to lose all your data. If "create" a new loopback
file is create under the path passed via the device node parameter,
of the size indicated with --size=, see below.

Added in version 245.

--discard=
Takes a boolean. If this switch is not specified ,--discard=yes is
the implied default. Controls whether to issue the BLKDISCARD I/O
control command on the space taken up by any added partitions or on
the space in between them. Usually, it is a good idea to issue this
request since it tells the underlying hardware that the covered
blocks shall be considered empty, improving performance. If
operating on a regular file instead of a block device node, a
sparse file is generated.

Added in version 245.

--size=
Takes a size in bytes, using the usual K, M, G, T suffixes, or the
special value "auto". If used the specified device node path must
refer to a regular file, which is then grown to the specified size
if smaller, before any change is made to the partition table. If
specified as "auto" the minimal size for the disk image is
automatically determined (i.e. the minimal sizes of all partitions
are summed up, taking space for additional metadata into account).
This switch is not supported if the specified node is a block
device. This switch has no effect if the file is already as large
as the specified size or larger. The specified size is implicitly
rounded up to multiples of 4096. When used with --empty=create this
specifies the initial size of the loopback file to create.

The --size=auto option takes the sizes of pre-existing partitions
into account. However, it does not accommodate for partition tables
that are not tightly packed: the configured partitions might still
not fit into the backing device if empty space exists between
pre-existing partitions (or before the first partition) that cannot
be fully filled by partitions to grow or create.

Also note that the automatic size determination does not take files
or directories specified with CopyFiles= into account: operation
might fail if the specified files or directories require more disk
space then the configured per-partition minimal size limit.

Added in version 246.

--factory-reset=
Takes boolean. If this switch is not specified, --factory-reset=no
is the implied default. Controls whether to operate in "factory
reset" mode, see above. If set to true this will remove all
existing partitions marked with FactoryReset= set to yes early
while executing the re-partitioning algorithm. Use with care, this
is a great way to lose all your data. Note that partition files
need to explicitly turn FactoryReset= on, as the option defaults to
off. If no partitions are marked for factory reset this switch has
no effect. Note that there are two other methods to request factory
reset operation: via the kernel command line and via an EFI
variable, see above.

Added in version 245.

--can-factory-reset
If this switch is specified the disk is not re-partitioned. Instead
it is determined if any existing partitions are marked with
FactoryReset=. If there are the tool will exit with exit status
zero, otherwise non-zero. This switch may be used to quickly
determine whether the running system supports a factory reset
mechanism built on systemd-repart.

Added in version 245.

--root=
Takes a path to a directory to use as root file system when
searching for repart.d/*.conf files, for the machine ID file to use
as seed and for the CopyFiles= and CopyBlocks= source files and
directories. By default when invoked on the regular system this
defaults to the host's root file system /. If invoked from the
initrd this defaults to /sysroot/, so that the tool operates on the
configuration and machine ID stored in the root file system later
transitioned into itself.

See --copy-source= for a more restricted option that only affects
CopyFiles=.

Added in version 245.

--image=
Takes a path to a disk image file or device to mount and use in a
similar fashion to --root=, see above.

Added in version 249.

--image-policy=policy
Takes an image policy string as argument, as per systemd.image-
policy(7). The policy is enforced when operating on the disk image
specified via --image=, see above. If not specified, defaults to
the "*" policy, i.e. all recognized file systems in the image are
used.

--seed=
Takes a UUID as argument or the special value random. If a UUID is
specified the UUIDs to assign to partitions and the partition table
itself are derived via cryptographic hashing from it. If not
specified, it is attempted to read the machine ID from the host (or
more precisely, the root directory configured via --root=) and use
it as seed instead, falling back to a randomized seed otherwise.
Use --seed=random to force a randomized seed. Explicitly specifying
the seed may be used to generated strictly reproducible partition
tables.

Added in version 245.

--pretty=
Takes a boolean argument. If this switch is not specified, it
defaults to on when called from an interactive terminal and off
otherwise. Controls whether to show a user friendly table and
graphic illustrating the changes applied.

Added in version 245.

--definitions=
Takes a file system path. If specified the *.conf files are read
from the specified directory instead of searching in
/usr/lib/repart.d/*.conf, /etc/repart.d/*.conf,
/run/repart.d/*.conf.

This parameter can be specified multiple times.

Added in version 245.

--key-file=
Takes a file system path. Configures the encryption key to use when
setting up LUKS2 volumes configured with the Encrypt=key-file
setting in partition files. Should refer to a regular file
containing the key, or an AF_UNIX stream socket in the file system.
In the latter case, a connection is made to it and the key read
from it. If this switch is not specified, the empty key (i.e. zero
length key) is used. This behaviour is useful for setting up
encrypted partitions during early first boot that receive their
user-supplied password only in a later setup step.

Added in version 247.

--private-key=
Takes a file system path or an engine or provider specific
designation. Configures the signing key to use when creating verity
signature partitions with the Verity=signature setting in partition
files.

Added in version 252.

--private-key-source=
Takes one of "file", "engine" or "provider". In the latter two
cases, it is followed by the name of a provider or engine,
separated by colon, that will be passed to OpenSSL's "engine" or
"provider" logic. Configures how to load the private key to use
when creating verity signature partitions with the Verity=signature
setting in partition files.

Added in version 256.

--certificate=
Takes a file system path or a provider specific designation.
Configures the PEM encoded X.509 certificate to use when creating
verity signature partitions with the Verity=signature setting in
partition files.

Added in version 252.

--certificate-source=
Takes one of "file", or "provider". In the latter case, it is
followed by the name of a provider, separated by colon, that will
be passed to OpenSSL's "provider" logic. Configures how to load the
X.509 certificate to use when creating verity signature partitions
with the Verity=signature setting in partition files.

Added in version 257.

--join-signature=
Specifies a colon-separated tuple with a hex-encoded top-level
Verity hash of a Verity=hash partition as first element, and a
PKCS7 signature of the roothash as a path to a DER-encoded
signature file, or as an ASCII base64 string encoding of a
DER-encoded signature prefixed by "base64:". To be used on a
pre-existing image that was created with a parameter such as
--defer-partitions=root-verity-sig, in order to allow implementing
offline signing of the verity signature partition.

This is an alternative to online signing using parameters such as
--private-key=, for build systems where the private key for
production signing is not available in the same context where
content is created.

Added in version 258.

--tpm2-device=, --tpm2-pcrs=
Configures the TPM2 device and list of PCRs to use for LUKS2
volumes configured with the Encrypt=tpm2 option. These options take
the same parameters as the identically named options to systemd-
cryptenroll(1) and have the same effect on partitions where TPM2
enrollment is requested.

Added in version 248.

--tpm2-device-key=PATH, --tpm2-seal-key-handle=HANDLE
Configures a TPM2 SRK key to bind encryption to. See systemd-
cryptenroll(1) for details on this option.

Added in version 255.

--tpm2-public-key=PATH, --tpm2-public-key-pcrs=PCR[+PCR...]
Configures a TPM2 signed PCR policy to bind encryption to. See
systemd-cryptenroll(1) for details on these two options.

Added in version 252.

--tpm2-pcrlock=PATH
Configures a TPM2 pcrlock policy to bind encryption to. See
systemd-cryptenroll(1) for details on this option.

Added in version 255.

--split=BOOL
Enables generation of split artifacts from partitions configured
with SplitName=. If enabled, for each partition with SplitName=
set, a separate output file containing just the contents of that
partition is generated. The output filename consists of the
loopback filename suffixed with the name configured with
SplitName=. If the loopback filename ends with ".raw", the suffix
is inserted before the ".raw" extension instead.

Note that --split is independent from --dry-run. Even if --dry-run
is enabled, split artifacts will still be generated from an
existing image if --split is enabled.

Added in version 252.

--include-partitions=PARTITIONS, --exclude-partitions=PARTITIONS
These options specify which partition types systemd-repart should
operate on. If --include-partitions= is used, all partitions that
are not specified are excluded. If --exclude-partitions= is used,
all partitions that are specified are excluded. Both options take a
comma separated list of GPT partition type UUIDs or identifiers
(see Type= in repart.d(5)).

Added in version 253.

--defer-partitions=PARTITIONS
This option specifies for which partition types systemd-repart
should defer. All partitions that are deferred using this option
are still taken into account when calculating the sizes and offsets
of other partitions, but are not actually written to the disk
image. The net effect of this option is that if you run
systemd-repart again without this option, the missing partitions
will be added as if they had not been deferred the first time
systemd-repart was executed.

Added in version 253.

--sector-size=BYTES
This option allows configuring the sector size of the image
produced by systemd-repart. It takes a value that is a power of "2"
between "512" and "4096". This option is useful when building
images for disks that use a different sector size as the disk on
which the image is produced.

Added in version 253.

--architecture=ARCH
This option allows overriding the architecture used for
architecture specific partition types. For example, if set to
"arm64" a partition type of "root-x86-64" referenced in repart.d/
drop-ins will be patched dynamically to refer to "root-arm64"
instead. Takes one of "alpha", "arc", "arm", "arm64", "ia64",
"loongarch64", "mips-le", "mips64-le", "parisc", "ppc", "ppc64",
"ppc64-le", "riscv32", "riscv64", "s390", "s390x", "tilegx", "x86"
or "x86-64".

Added in version 254.

--offline=BOOL
Instructs systemd-repart to build the image offline. Takes a
boolean or "auto". Defaults to "auto". If enabled, the image is
built without using loop devices. This is useful to build images
unprivileged or when loop devices are not available. If disabled,
the image is always built using loop devices. If "auto",
systemd-repart will build the image online if possible and fall
back to building the image offline if loop devices are not
available or cannot be accessed due to missing permissions.

Added in version 254.

--copy-from=PATH
Instructs systemd-repart to synthesize partition definitions from
the partition table in the given image or device. This option can
be specified multiple times to synthesize definitions from each of
the given images or devices. The generated definitions will copy
the partitions into the destination partition table. The copied
partitions will have the same size, metadata and contents but might
have a different partition number and might be located at a
different offset in the destination partition table. These
definitions can be combined with partition definitions read from
regular partition definition files. The synthesized definitions
take precedence over the definitions read from partition definition
files.

Added in version 255.

--copy-source=PATH, -s PATH
Specifies a source directory all CopyFiles= source paths shall be
considered relative to. This is similar to --root=, but exclusively
applies to the CopyFiles= setting. If --root= and --copy-source=
are used in combination the former applies as usual, except for
CopyFiles= where the latter takes precedence.

Added in version 255.

--make-ddi=TYPE
Takes one of "sysext", "confext" or "portable". Generates a
Discoverable Disk Image (DDI) for a system extension (sysext, see
systemd-sysext(8) for details), configuration extension (confext)
or Portable Services[1]. The generated image will consist of a
signed Verity "erofs" file system as root partition. In this mode
of operation the partition definitions in /usr/lib/repart.d/*.conf
and related directories are not read, and --definitions= is not
supported, as appropriate definitions for the selected DDI class
will be chosen automatically.

Must be used in conjunction with --copy-source= to specify the file
hierarchy to populate the DDI with. The specified directory should
contain an etc/ subdirectory if "confext" is selected. If "sysext"
is selected it should contain either a usr/ or opt/ directory, or
both. If "portable" is used a full OS file hierarchy can be
provided.

This option implies --empty=create, --size=auto and --seed=random
(the latter two can be overridden).

The private key and certificate for signing the DDI must be
specified via the --private-key= and --certificate= switches.

Added in version 255.

-S, -C, -P
Shortcuts for --make-ddi=sysext, --make-ddi=confext,
--make-ddi=portable, respectively.

Added in version 255.

--append-fstab=
Takes one of "no", "auto" or "replace". Controls how the generated
fstab(5) file by --generate-fstab= will behave in case that there
is a previously existing file.

If "no" systemd-repart will complain and abort in case that there
is a file. This is the default behaviour. If "replace" the file
will be silently replaced with the new generated one.

If "auto" systemd-repart will search in the pre-existing file the
section that belong to the automatically generated content and will
replace it with the newer generated content, and keep the user
provided section if there is one. The generated section is
identified looking for the automatic content surrounded by "# Start
section ↓ of automatically generated fstab by systemd-repart" and
"# End section ↑ of automatically generated fstab by
systemd-repart". The content that is before and after those
comments are considered user provided, and kept in the new file.

Added in version 258.

--generate-fstab=PATH
Specifies a path where to write fstab(5) entries for the
mountpoints configured with MountPoint= in the root directory
specified with --copy-source= or --root= or in the host's root
directory if neither is specified. Disabled by default.

Added in version 256.

--generate-crypttab=PATH
Specifies a path where to write crypttab entries for the encrypted
volumes configured with EncryptedVolume= in the root directory
specified with --copy-source= or --root= or in the host's root
directory if neither is specified. Disabled by default.

Added in version 256.

--list-devices
Show a list of candidate block devices this command may operate on.
Specifically, this enumerates block devices currently present that
support partition tables, and shows their device node paths along
with any of their symlinks.

Added in version 257.

-h, --help
Print a short help text and exit.

--version
Print a short version string and exit.

--no-pager
Do not pipe output into a pager.

--no-legend
Do not print the legend, i.e. column headers and the footer with
hints.

--json=MODE
Shows output formatted as JSON. Expects one of "short" (for the
shortest possible output without any redundant whitespace or line
breaks), "pretty" (for a pretty version of the same, with
indentation and line breaks) or "off" (to turn off JSON output, the
default).

EXIT STATUS
On success, 0 is returned, and a non-zero failure code otherwise.

EXAMPLE
Example 1. Generate a configuration extension image

The following creates a configuration extension DDI (confext) for an
/etc/motd update:

mkdir -p tree/etc/extension-release.d
echo "Hello World" >tree/etc/motd
cat >tree/etc/extension-release.d/extension-release.my-motd <<EOF
ID=fedora
VERSION_ID=38
IMAGE_ID=my-motd
IMAGE_VERSION=7
EOF
systemd-repart -C \
--private-key=verity-private-key.pem \
--certificate=verity-certificate.pem \
-s tree/ \
/var/lib/confexts/my-motd.confext.raw
systemd-confext refresh

The DDI generated that way may be applied to the system with systemd-
confext(1).

Example 2. Generate a system extension image and sign it via PKCS11

The following creates a system extension DDI (sysext) for an /usr/foo
update and signs it with a hardware token via PKCS11:

mkdir -p tree/usr/lib/extension-release.d
echo "Hello World" >tree/usr/foo
cat >tree/usr/lib/extension-release.d/extension-release.my-foo <<EOF
ID=fedora
VERSION_ID=38
IMAGE_ID=my-foo
IMAGE_VERSION=7
EOF
systemd-repart --make-ddi=sysext \
--private-key-source=engine:pkcs11 \
--private-key="pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=0123456789abcdef;token=Some%20Cert" \
--certificate=verity-certificate.pem \
-s tree/ \
/var/lib/extensions/my-foo.sysext.raw
systemd-sysext refresh

The DDI generated that way may be applied to the system with systemd-
sysext(8).

Example 3. Generate a dm-verity signature offline and append it to a
pre-built image

The following creates an image with dm-verity metadata, signs it
separately to simulate an offline signing system, and then appends the
signature to the image:

mkdir -p repart.d/ /tmp/tree/usr/lib/

cat >/tmp/tree/usr/lib/os-release <<EOF
ID=debian
VERSION_ID=13
EOF

cat >repart.d/10-root.conf <<EOF
[Partition]
Type=root
Format=erofs
SizeMinBytes=100M
SizeMaxBytes=100M
Verity=data
VerityMatchKey=root
EOF

cat >repart.d/11-root-verity.conf <<EOF
[Partition]
Type=root-verity
Label=%o_%w_verity
Verity=hash
VerityMatchKey=root
SizeMinBytes=400M
SizeMaxBytes=400M
EOF

cat >repart.d/12-root-verity-sig.conf <<EOF
[Partition]
Type=root-verity-sig
Label=%o_%w_verity_sig
Verity=signature
VerityMatchKey=root
EOF

systemd-repart --definitions repart.d \
--defer-partitions=root-verity-sig \
--copy-source=/tmp/tree/ \
--empty=create --size=600M \
--json=short \
/tmp/img.raw | | jq --raw-output0 .[-1].roothash > /tmp/img.roothash

openssl smime -sign -in /tmp/img.roothash \
-inkey verity-private-key.pem \
-signer verity-certificate.pem \
-noattr -binary -outform der \
-out /tmp/img.roothash.p7s

systemd-repart --definitions repart.d \
--dry-run=no --root=/tmp/tree/ \
--join-signature="$(cat /tmp/img.roothash):/tmp/img.roothash.p7s" \
--certificate=verity-certificate.pem \
/tmp/img.raw

SEE ALSO
systemd(1), repart.d(5), machine-id(5), systemd-cryptenroll(1),
portablectl(1), systemd-sysext(8)

NOTES
1. Portable Services
https://systemd.io/PORTABLE_SERVICES

systemd 258 SYSTEMD-REPART(8)

systemd-repart(8)

systemdrepart, systemdrepart.service \- Automatically grow and add partitions, and generate disk images (DDIs)

0popularity

System Information

systemd 258 1.0.0

Updated

Maintained by Unknown

systemd-repart(8)

System Information

Actions