On Sat, Nov 5, 2022 at 12:06 PM TJ <syst...@iam.tj> wrote: > Just seen this announcement in the v252 changelog: > > "We intend to remove support for split-usr (/usr mounted separately > during boot) ..." > > How does this align with support for separate /usr/ with dm-verity ? > > For example, this will affect nspawn. See "man 1 systemd-nspawn" and > "--root-hash=" where in respect of /usr/ it says: > > "Note that this configures the root hash for the root file system. Disk > images may also contain separate file systems for the /usr/ hierarchy, > which may be Verity protected as well. The root hash for this protection > may be configured via the "user.verity.usrhash" extended file attribute > or via a .usrhash file adjacent to the disk image, following the same > format and logic as for the root hash for the root file system described > here." >
/usr can remain on a separate partition as long as it's mounted *by the initrd* (the same way initrd currently mounts your rootfs), so that by the time systemd starts it already has the full filesystem. What's finally being removed is support for having the rootfs itself mount /usr halfway through, which requires many things that normally are on /usr/lib to be split between it and /lib instead (such as on Debian). Using the initrd to mount /usr isn't new. <https://web.archive.org/web/20150906203654if_/https://www.gentoo.org/support/news-items/2013-09-27-initramfs-required.html> -- Mantas Mikulėnas
