On Sat, Nov 5, 2022 at 12:52 PM TJ <syst...@iam.tj> wrote: > On 05/11/2022 10:36, Mantas Mikulėnas wrote: > > On Sat, Nov 5, 2022 at 12:06 PM TJ <syst...@iam.tj> wrote: > > > >> Just seen this announcement in the v252 changelog: > >> > >> "We intend to remove support for split-usr (/usr mounted separately > >> during boot) ..." > >> > >> How does this align with support for separate /usr/ with dm-verity ? > >> > >> For example, this will affect nspawn. See "man 1 systemd-nspawn" and > >> "--root-hash=" where in respect of /usr/ it says: > >> > >> "Note that this configures the root hash for the root file system. Disk > >> images may also contain separate file systems for the /usr/ hierarchy, > >> which may be Verity protected as well. The root hash for this protection > >> may be configured via the "user.verity.usrhash" extended file attribute > >> or via a .usrhash file adjacent to the disk image, following the same > >> format and logic as for the root hash for the root file system described > >> here." > >> > > > > /usr can remain on a separate partition as long as it's mounted *by the > > initrd* (the same way initrd currently mounts your rootfs), so that by > the > > time systemd starts it already has the full filesystem. > > How does this work when systemd is used inside the initrd, as > "recommended" / discussed at, for example "Using systemd inside an initrd" > : >
>From the initrd's perspective, it's not being mounted *at* /usr – it's being mounted at /newroot/usr or such (like how the rootfs itself is mounted at /newroot). The initrd has its own / and its own /usr. -- Mantas Mikulėnas
