systemd-repart can not only do repartitioning at runtime. It can also
create GPT partition images from scratch.
This is especially useful when building non-trivial images that follow
uapi-group's discoverable partition specification [1].
Creating these images using wic becomes cumbersome with dm-verity needing
a lot of careful dependency ordering and non-trivial splitting into
partitions. systemd-repart makes this very simple with just a few config
files.
Example:
This builds an image that splits out /usr into a dm-verity guarded
partition while creating the necessary metadata to auto-discover it.
01-esp.conf:
[Partition]
Type=esp
CopyFiles=/boot/:/
Minimize=guess
02-usr.conf:
[Partition]
Type=usr
CopyFiles=/usr/:/
Verity=data
VerityMatchKey=usr
Minimize=guess
03-usr-verity.conf:
[Partition]
Type=usr-verity
Verity=hash
VerityMatchKey=usr
Minimize=guess
04-usr-verity-sig.conf:
[Partition]
Type=usr-verity-sig
Verity=signature
VerityMatchKey=usr
[1]
https://uapi-group.org/specifications/specs/discoverable_partitions_specification/
Cc: Mikko Rapeli <[email protected]>
Signed-off-by: Erik Schilling <[email protected]>
---
I had this sitting on my disk for quite a while since I hacked this up
for a prototype.
Posting to see if there is any interest into something like this.
---
meta/classes-recipe/systemd-repart.bbclass | 47 ++++++++++++++++++++++++++++++
1 file changed, 47 insertions(+)
diff --git a/meta/classes-recipe/systemd-repart.bbclass
b/meta/classes-recipe/systemd-repart.bbclass
new file mode 100644
index 0000000000..83f9b65bf3
--- /dev/null
+++ b/meta/classes-recipe/systemd-repart.bbclass
@@ -0,0 +1,47 @@
+#
+# Copyright OpenEmbedded Contributors
+#
+# SPDX-License-Identifier: MIT
+#
+
+DEPENDS += "systemd-native"
+DEPENDS += "strace-native"
+DEPENDS += "dosfstools-native"
+DEPENDS += "mtools-native"
+
+oe_image_systemd_repart() {
+ local additional_args=""
+
+ if [[ -n "${REPART_PRIVATE_KEY}" ]]
+ then
+ additional_args="$additional_args --private-key=${REPART_PRIVATE_KEY}"
+ fi
+
+ if [[ -n "${REPART_CERTIFICATE}" ]]
+ then
+ additional_args="$additional_args --certificate=${REPART_CERTIFICATE}"
+ fi
+
+ # map architectures to systemd's expected values
+ local systemd_arch="${TARGET_ARCH}"
+ case "${systemd_arch}" in
+ aarch64)
+ systemd_arch=arm64
+ ;;
+ esac
+
+ local image_name="${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.img"
+ systemd-repart --root="${IMAGE_ROOTFS}" \
+ --definitions="${REPART_DEFINITION_DIR}" \
+ --empty=create --size=auto --dry-run=no --offline=yes \
+ --architecture="${systemd_arch}" \
+ --json=pretty --no-pager $additional_args \
+ "${image_name}"
+ if [[ -n "${IMAGE_LINK_NAME}" ]]
+ then
+ ln -f -s "${image_name}" "${IMAGE_LINK_NAME}.img"
+ fi
+}
+
+IMAGE_CMD:systemd-repart = "oe_image_systemd_repart"
+do_image_systemd_repart[deptask] += "do_unpack"
---
base-commit: 9ecb97083efa1b632ce9827ed1201cc1484fcd71
change-id: 20240426-systemd-repart-99ed87b50b6a
Best regards,
--
Erik Schilling <[email protected]>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198724):
https://lists.openembedded.org/g/openembedded-core/message/198724
Mute This Topic: https://lists.openembedded.org/mt/105755548/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
