2 <!DOCTYPE refentry PUBLIC
"-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4 <!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
6 <refentry id=
"repart.d" conditional='ENABLE_REPART'
7 xmlns:
xi=
"http://www.w3.org/2001/XInclude">
10 <title>repart.d
</title>
11 <productname>systemd
</productname>
15 <refentrytitle>repart.d
</refentrytitle>
16 <manvolnum>5</manvolnum>
20 <refname>repart.d
</refname>
21 <refpurpose>Partition Definition Files for Automatic Boot-Time Repartitioning
</refpurpose>
26 <member><filename>/etc/repart.d/*.conf
</filename></member>
27 <member><filename>/run/repart.d/*.conf
</filename></member>
28 <member><filename>/usr/lib/repart.d/*.conf
</filename></member>
33 <title>Description
</title>
35 <para><filename>repart.d/*.conf
</filename> files describe basic properties of partitions of block
36 devices of the local system. They may be used to declare types, names and sizes of partitions that shall
38 <citerefentry><refentrytitle>systemd-repart
</refentrytitle><manvolnum>8</manvolnum></citerefentry>
39 service reads these files and attempts to add new partitions currently missing and enlarge existing
40 partitions according to these definitions. Operation is generally incremental, i.e. when applied, what
41 exists already is left intact, and partitions are never shrunk, moved or deleted.
</para>
43 <para>These definition files are useful for implementing operating system images that are prepared and
44 delivered with minimally sized images (for example lacking any state or swap partitions), and which on
45 first boot automatically take possession of any remaining disk space following a few basic rules.
</para>
47 <para>Currently, support for partition definition files is only implemented for GPT partition
50 <para>Partition files are generally matched against any partitions already existing on disk in a simple
51 algorithm: the partition files are sorted by their filename (ignoring the directory prefix), and then
52 compared in order against existing partitions matching the same partition type UUID. Specifically, the
53 first existing partition with a specific partition type UUID is assigned the first definition file with
54 the same partition type UUID, and the second existing partition with a specific type UUID the second
55 partition file with the same type UUID, and so on. Any left-over partition files that have no matching
56 existing partition are assumed to define new partition that shall be created. Such partitions are
57 appended to the end of the partition table, in the order defined by their names utilizing the first
58 partition slot greater than the highest slot number currently in use. Any existing partitions that have
59 no matching partition file are left as they are.
</para>
61 <para>Note that these definitions may only be used to create and initialize new partitions or to grow
62 existing ones. In the latter case it will not grow the contained files systems however; separate
64 <citerefentry><refentrytitle>systemd-growfs
</refentrytitle><manvolnum>8</manvolnum></citerefentry> may be
65 used to grow the file systems inside of these partitions. Partitions may also be marked for automatic
66 growing via the
<varname>GrowFileSystem=
</varname> setting, in which case the file system is grown on
67 first mount by tools that respect this flag. See below for details.
</para>
71 <title>[Partition] Section Options
</title>
75 <term><varname>Type=
</varname></term>
77 <listitem><para>The GPT partition type UUID to match. This may be a GPT partition type UUID such as
78 <constant>4f68bce3-e8cd-
4db1-
96e7-fbcaf984b709
</constant>, or an identifier.
79 Architecture specific partition types can use one of these architecture identifiers:
80 <constant>alpha
</constant>,
<constant>arc
</constant>,
<constant>arm
</constant> (
32-bit),
81 <constant>arm64
</constant> (
64-bit, aka aarch64),
<constant>ia64
</constant>,
82 <constant>loongarch64
</constant>,
<constant>mips-le
</constant>,
<constant>mips64-le
</constant>,
83 <constant>parisc
</constant>,
<constant>ppc
</constant>,
<constant>ppc64
</constant>,
84 <constant>ppc64-le
</constant>,
<constant>riscv32
</constant>,
<constant>riscv64
</constant>,
85 <constant>s390
</constant>,
<constant>s390x
</constant>,
<constant>tilegx
</constant>,
86 <constant>x86
</constant> (
32-bit, aka i386) and
<constant>x86-
64</constant> (
64-bit, aka amd64).
89 <para>The supported identifiers are:
</para>
92 <title>GPT partition type identifiers
</title>
94 <tgroup cols='
2' align='left' colsep='
1' rowsep='
1'
>
95 <colspec colname=
"name" />
96 <colspec colname=
"explanation" />
100 <entry>Identifier
</entry>
101 <entry>Explanation
</entry>
107 <entry><constant>esp
</constant></entry>
108 <entry>EFI System Partition
</entry>
112 <entry><constant>xbootldr
</constant></entry>
113 <entry>Extended Boot Loader Partition
</entry>
117 <entry><constant>swap
</constant></entry>
118 <entry>Swap partition
</entry>
122 <entry><constant>home
</constant></entry>
123 <entry>Home (
<filename>/home/
</filename>) partition
</entry>
127 <entry><constant>srv
</constant></entry>
128 <entry>Server data (
<filename>/srv/
</filename>) partition
</entry>
132 <entry><constant>var
</constant></entry>
133 <entry>Variable data (
<filename>/var/
</filename>) partition
</entry>
137 <entry><constant>tmp
</constant></entry>
138 <entry>Temporary data (
<filename>/var/tmp/
</filename>) partition
</entry>
142 <entry><constant>linux-generic
</constant></entry>
143 <entry>Generic Linux file system partition
</entry>
147 <entry><constant>root
</constant></entry>
148 <entry>Root file system partition type appropriate for the local architecture (an alias for an architecture root file system partition type listed below, e.g.
<constant>root-x86-
64</constant>)
</entry>
152 <entry><constant>root-verity
</constant></entry>
153 <entry>Verity data for the root file system partition for the local architecture
</entry>
157 <entry><constant>root-verity-sig
</constant></entry>
158 <entry>Verity signature data for the root file system partition for the local architecture
</entry>
162 <entry><constant>root-secondary
</constant></entry>
163 <entry>Root file system partition of the secondary architecture of the local architecture (usually the matching
32-bit architecture for the local
64-bit architecture)
</entry>
167 <entry><constant>root-secondary-verity
</constant></entry>
168 <entry>Verity data for the root file system partition of the secondary architecture
</entry>
172 <entry><constant>root-secondary-verity-sig
</constant></entry>
173 <entry>Verity signature data for the root file system partition of the secondary architecture
</entry>
177 <entry><constant>root-{arch}
</constant></entry>
178 <entry>Root file system partition of the given architecture (such as
<constant>root-x86-
64</constant> or
<constant>root-riscv64
</constant>)
</entry>
182 <entry><constant>root-{arch}-verity
</constant></entry>
183 <entry>Verity data for the root file system partition of the given architecture
</entry>
187 <entry><constant>root-{arch}-verity-sig
</constant></entry>
188 <entry>Verity signature data for the root file system partition of the given architecture
</entry>
192 <entry><constant>usr
</constant></entry>
193 <entry><filename>/usr/
</filename> file system partition type appropriate for the local architecture (an alias for an architecture
<filename>/usr/
</filename> file system partition type listed below, e.g.
<constant>usr-x86-
64</constant>)
</entry>
197 <entry><constant>usr-verity
</constant></entry>
198 <entry>Verity data for the
<filename>/usr/
</filename> file system partition for the local architecture
</entry>
202 <entry><constant>usr-verity-sig
</constant></entry>
203 <entry>Verity signature data for the
<filename>/usr/
</filename> file system partition for the local architecture
</entry>
207 <entry><constant>usr-secondary
</constant></entry>
208 <entry><filename>/usr/
</filename> file system partition of the secondary architecture of the local architecture (usually the matching
32-bit architecture for the local
64-bit architecture)
</entry>
212 <entry><constant>usr-secondary-verity
</constant></entry>
213 <entry>Verity data for the
<filename>/usr/
</filename> file system partition of the secondary architecture
</entry>
217 <entry><constant>usr-secondary-verity-sig
</constant></entry>
218 <entry>Verity signature data for the
<filename>/usr/
</filename> file system partition of the secondary architecture
</entry>
222 <entry><constant>usr-{arch}
</constant></entry>
223 <entry><filename>/usr/
</filename> file system partition of the given architecture
</entry>
227 <entry><constant>usr-{arch}-verity
</constant></entry>
228 <entry>Verity data for the
<filename>/usr/
</filename> file system partition of the given architecture
</entry>
232 <entry><constant>usr-{arch}-verity-sig
</constant></entry>
233 <entry>Verity signature data for the
<filename>/usr/
</filename> file system partition of the given architecture
</entry>
239 <para>This setting defaults to
<constant>linux-generic
</constant>.
</para>
241 <para>Most of the partition type UUIDs listed above are defined in the
<ulink
242 url=
"https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
243 Specification
</ulink>.
</para>
245 <xi:include href=
"version-info.xml" xpointer=
"v245"/></listitem>
249 <term><varname>Label=
</varname></term>
251 <listitem><para>The textual label to assign to the partition if none is assigned yet. Note that this
252 setting is not used for matching. It is also not used when a label is already set for an existing
253 partition. It is thus only used when a partition is newly created or when an existing one had a no
254 label set (that is: an empty label). If not specified a label derived from the partition type is
255 automatically used. Simple specifier expansion is supported, see below.
</para>
257 <xi:include href=
"version-info.xml" xpointer=
"v245"/></listitem>
261 <term><varname>UUID=
</varname></term>
263 <listitem><para>The UUID to assign to the partition if none is assigned yet. Note that this
264 setting is not used for matching. It is also not used when a UUID is already set for an existing
265 partition. It is thus only used when a partition is newly created or when an existing one had a
266 all-zero UUID set. If set to
<literal>null
</literal>, the UUID is set to all zeroes. If not specified
267 a UUID derived from the partition type is automatically used.
</para>
269 <xi:include href=
"version-info.xml" xpointer=
"v246"/></listitem>
273 <term><varname>Priority=
</varname></term>
275 <listitem><para>A numeric priority to assign to this partition, in the range -
2147483648…
2147483647,
276 with smaller values indicating higher priority, and higher values indicating smaller priority. This
277 priority is used in case the configured size constraints on the defined partitions do not permit
278 fitting all partitions onto the available disk space. If the partitions do not fit, the highest
279 numeric partition priority of all defined partitions is determined, and all defined partitions with
280 this priority are removed from the list of new partitions to create (which may be multiple, if the
281 same priority is used for multiple partitions). The fitting algorithm is then tried again. If the
282 partitions still do not fit, the now highest numeric partition priority is determined, and the
283 matching partitions removed too, and so on. Partitions of a priority of
0 or lower are never
284 removed. If all partitions with a priority above
0 are removed and the partitions still do not fit on
285 the device the operation fails. Note that this priority has no effect on ordering partitions, for
286 that use the alphabetical order of the filenames of the partition definition files. Defaults to
289 <xi:include href=
"version-info.xml" xpointer=
"v245"/></listitem>
293 <term><varname>Weight=
</varname></term>
295 <listitem><para>A numeric weight to assign to this partition in the range
0…
1000000. Available disk
296 space is assigned the defined partitions according to their relative weights (subject to the size
297 constraints configured with
<varname>SizeMinBytes=
</varname>,
<varname>SizeMaxBytes=
</varname>), so
298 that a partition with weight
2000 gets double the space as one with weight
1000, and a partition with
299 weight
333 a third of that. Defaults to
1000.
</para>
301 <para>The
<varname>Weight=
</varname> setting is used to distribute available disk space in an
302 "elastic" fashion, based on the disk size and existing partitions. If a partition shall have a fixed
303 size use both
<varname>SizeMinBytes=
</varname> and
<varname>SizeMaxBytes=
</varname> with the same
304 value in order to fixate the size to one value, in which case the weight has no
307 <xi:include href=
"version-info.xml" xpointer=
"v245"/></listitem>
311 <term><varname>PaddingWeight=
</varname></term>
313 <listitem><para>Similar to
<varname>Weight=
</varname>, but sets a weight for the free space after the
314 partition (the
"padding"). When distributing available space the weights of all partitions and all
315 defined padding is summed, and then each partition and padding gets the fraction defined by its
316 weight. Defaults to
0, i.e. by default no padding is applied.
</para>
318 <para>Padding is useful if empty space shall be left for later additions or a safety margin at the
319 end of the device or between partitions.
</para>
321 <xi:include href=
"version-info.xml" xpointer=
"v245"/></listitem>
325 <term><varname>SizeMinBytes=
</varname></term>
326 <term><varname>SizeMaxBytes=
</varname></term>
328 <listitem><para>Specifies minimum and maximum size constraints in bytes. Takes the usual K, M, G, T,
329 … suffixes (to the base of
1024). If
<varname>SizeMinBytes=
</varname> is specified the partition is
330 created at or grown to at least the specified size. If
<varname>SizeMaxBytes=
</varname> is specified
331 the partition is created at or grown to at most the specified size. The precise size is determined
332 through the weight value configured with
<varname>Weight=
</varname>, see above. When
333 <varname>SizeMinBytes=
</varname> is set equal to
<varname>SizeMaxBytes=
</varname> the configured
334 weight has no effect as the partition is explicitly sized to the specified fixed value. Note that
335 partitions are never created smaller than
4096 bytes, and since partitions are never shrunk the
336 previous size of the partition (in case the partition already exists) is also enforced as lower bound
337 for the new size. The values should be specified as multiples of
4096 bytes, and are rounded upwards
338 (in case of
<varname>SizeMinBytes=
</varname>) or downwards (in case of
339 <varname>SizeMaxBytes=
</varname>) otherwise. If the backing device does not provide enough space to
340 fulfill the constraints placing the partition will fail. For partitions that shall be created,
341 depending on the setting of
<varname>Priority=
</varname> (see above) the partition might be dropped
342 and the placing algorithm restarted. By default a minimum size constraint of
10M and no maximum size
343 constraint is set.
</para>
345 <xi:include href=
"version-info.xml" xpointer=
"v245"/></listitem>
349 <term><varname>PaddingMinBytes=
</varname></term>
350 <term><varname>PaddingMaxBytes=
</varname></term>
352 <listitem><para>Specifies minimum and maximum size constraints in bytes for the free space after the
353 partition (the
"padding"). Semantics are similar to
<varname>SizeMinBytes=
</varname> and
354 <varname>SizeMaxBytes=
</varname>, except that unlike partition sizes free space can be shrunk and can
355 be as small as zero. By default no size constraints on padding are set, so that only
356 <varname>PaddingWeight=
</varname> determines the size of the padding applied.
</para>
358 <xi:include href=
"version-info.xml" xpointer=
"v245"/></listitem>
362 <term><varname>CopyBlocks=
</varname></term>
364 <listitem><para>Takes a path to a regular file, block device node or directory, or the special value
365 <literal>auto
</literal>. If specified and the partition is newly created, the data from the specified
366 path is written to the newly created partition, on the block level. If a directory is specified, the
367 backing block device of the file system the directory is on is determined, and the data read directly
368 from that. This option is useful to efficiently replicate existing file systems onto new partitions
369 on the block level — for example to build a simple OS installer or an OS image builder.
</para>
371 <para>If the special value
<literal>auto
</literal> is specified, the source to copy from is
372 automatically picked up from the running system (or the image specified with
373 <option>--image=
</option> — if used). A partition that matches both the configured partition type (as
374 declared with
<varname>Type=
</varname> described above), and the currently mounted directory
375 appropriate for that partition type is determined. For example, if the partition type is set to
376 <literal>root
</literal> the partition backing the root directory (
<filename>/
</filename>) is used as
377 source to copy from — if its partition type is set to
<literal>root
</literal> as well. If the
378 declared type is
<literal>usr
</literal> the partition backing
<filename>/usr/
</filename> is used as
379 source to copy blocks from — if its partition type is set to
<literal>usr
</literal> too. The logic is
380 capable of automatically tracking down the backing partitions for encrypted and Verity-enabled
381 volumes.
<literal>CopyBlocks=auto
</literal> is useful for implementing
"self-replicating" systems,
382 i.e. systems that are their own installer.
</para>
384 <para>The file specified here must have a size that is a multiple of the basic block size
512 and not
385 be empty. If this option is used, the size allocation algorithm is slightly altered: the partition is
386 created as least as big as required to fit the data in, i.e. the data size is an additional minimum
387 size value taken into consideration for the allocation algorithm, similar to and in addition to the
388 <varname>SizeMin=
</varname> value configured above.
</para>
390 <para>This option has no effect if the partition it is declared for already exists, i.e. existing
391 data is never overwritten. Note that the data is copied in before the partition table is updated,
392 i.e. before the partition actually is persistently created. This provides robustness: it is
393 guaranteed that the partition either doesn't exist or exists fully populated; it is not possible that
394 the partition exists but is not or only partially populated.
</para>
396 <para>This option cannot be combined with
<varname>Format=
</varname> or
397 <varname>CopyFiles=
</varname>.
</para>
399 <xi:include href=
"version-info.xml" xpointer=
"v246"/></listitem>
403 <term><varname>Format=
</varname></term>
405 <listitem><para>Takes a file system name, such as
<literal>ext4
</literal>,
<literal>btrfs
</literal>,
406 <literal>xfs
</literal>,
<literal>vfat
</literal>,
<literal>erofs
</literal>,
407 <literal>squashfs
</literal> or the special value
<literal>swap
</literal>. If specified and the partition
408 is newly created it is formatted with the specified file system (or as swap device). The file system
409 UUID and label are automatically derived from the partition UUID and label. If this option is used,
410 the size allocation algorithm is slightly altered: the partition is created as least as big as
411 required for the minimal file system of the specified type (or
4KiB if the minimal size is not
414 <para>This option has no effect if the partition already exists.
</para>
416 <para>Similarly to the behaviour of
<varname>CopyBlocks=
</varname>, the file system is formatted
417 before the partition is created, ensuring that the partition only ever exists with a fully
418 initialized file system.
</para>
420 <para>This option cannot be combined with
<varname>CopyBlocks=
</varname>.
</para>
422 <xi:include href=
"version-info.xml" xpointer=
"v247"/></listitem>
426 <term><varname>CopyFiles=
</varname></term>
428 <listitem><para>Takes a pair of colon separated absolute file system paths. The first path refers to
429 a source file or directory on the host, the second path refers to a target in the file system of the
430 newly created partition and formatted file system. This setting may be used to copy files or
431 directories from the host into the file system that is created due to the
<varname>Format=
</varname>
432 option. If
<varname>CopyFiles=
</varname> is used without
<varname>Format=
</varname> specified
433 explicitly,
<literal>Format=
</literal> with a suitable default is implied (currently
434 <literal>vfat
</literal> for
<literal>ESP
</literal> and
<literal>XBOOTLDR
</literal> partitions, and
435 <literal>ext4
</literal> otherwise, but this may change in the future). This option may be used
436 multiple times to copy multiple files or directories from host into the newly formatted file system.
437 The colon and second path may be omitted in which case the source path is also used as the target
438 path (relative to the root of the newly created file system). If the source path refers to a
439 directory it is copied recursively.
</para>
441 <para>This option has no effect if the partition already exists: it cannot be used to copy additional
442 files into an existing partition, it may only be used to populate a file system created anew.
</para>
444 <para>The copy operation is executed before the file system is registered in the partition table,
445 thus ensuring that a file system populated this way only ever exists fully initialized.
</para>
447 <para>Note that
<varname>CopyFiles=
</varname> will skip copying files that aren't supported by the
448 target filesystem (e.g symlinks, fifos, sockets and devices on vfat). When an unsupported file type
449 is encountered,
<command>systemd-repart
</command> will skip copying this file and write a log message
452 <para>Note that
<command>systemd-repart
</command> does not change the UIDs/GIDs of any copied files
453 and directories. When running
<command>systemd-repart
</command> as an unprivileged user to build an
454 image of files and directories owned by the same user, you can run
<command>systemd-repart
</command>
455 in a user namespace with the current user mapped to the root user to make sure the files and
456 directories in the image are owned by the root user.
</para>
458 <para>Note that when populating XFS filesystems with
<command>systemd-repart
</command> and loop
459 devices are not available, populating XFS filesystems with files containing spaces, tabs or newlines
460 might fail on old versions of
461 <citerefentry project='man-pages'
><refentrytitle>mkfs.xfs
</refentrytitle><manvolnum>8</manvolnum></citerefentry>
462 due to limitations of its protofile format.
</para>
464 <para>Note that when populating XFS filesystems with
<command>systemd-repart
</command> and loop
465 devices are not available, extended attributes will not be copied into generated XFS filesystems
466 due to limitations
<citerefentry project='man-pages'
><refentrytitle>mkfs.xfs
</refentrytitle><manvolnum>8</manvolnum></citerefentry>'s
467 protofile format.
</para>
469 <para>This option cannot be combined with
<varname>CopyBlocks=
</varname>.
</para>
472 <citerefentry><refentrytitle>systemd-repart
</refentrytitle><manvolnum>8</manvolnum></citerefentry> is
473 invoked with the
<option>--copy-source=
</option> command line switch the file paths are taken
474 relative to the specified directory. If
<option>--copy-source=
</option> is not used, but the
475 <option>--image=
</option> or
<option>--root=
</option> switches are used, the source paths are taken
476 relative to the specified root directory or disk image root.
</para>
478 <xi:include href=
"version-info.xml" xpointer=
"v247"/></listitem>
482 <term><varname>ExcludeFiles=
</varname></term>
483 <term><varname>ExcludeFilesTarget=
</varname></term>
485 <listitem><para>Takes an absolute file system path referring to a source file or directory on the
486 host. This setting may be used to exclude files or directories from the host from being copied into
487 the file system when
<varname>CopyFiles=
</varname> is used. This option may be used multiple times to
488 exclude multiple files or directories from host from being copied into the newly formatted file
491 <para>If the path is a directory and ends with
<literal>/
</literal>, only the directory's
492 contents are excluded but not the directory itself. If the path is a directory and does not end with
493 <literal>/
</literal>, both the directory and its contents are excluded.
</para>
495 <para><varname>ExcludeFilesTarget=
</varname> is like
<varname>ExcludeFiles=
</varname> except that
496 instead of excluding the path on the host from being copied into the partition, we exclude any files
497 and directories from being copied into the given path in the partition.
</para>
500 <citerefentry><refentrytitle>systemd-repart
</refentrytitle><manvolnum>8</manvolnum></citerefentry>
501 is invoked with the
<option>--image=
</option> or
<option>--root=
</option> command line switches the
502 paths specified are taken relative to the specified root directory or disk image root.
505 <xi:include href=
"version-info.xml" xpointer=
"v254"/></listitem>
509 <term><varname>MakeDirectories=
</varname></term>
511 <listitem><para>Takes one or more absolute paths, separated by whitespace, each declaring a directory
512 to create within the new file system. Behaviour is similar to
<varname>CopyFiles=
</varname>, but
513 instead of copying in a set of files this just creates the specified directories with the default
514 mode of
0755 owned by the root user and group, plus all their parent directories (with the same
515 ownership and access mode). To configure directories with different ownership or access mode, use
516 <varname>CopyFiles=
</varname> and specify a source tree to copy containing appropriately
517 owned/configured directories. This option may be used more than once to create multiple
518 directories. When
<varname>CopyFiles=
</varname> and
<varname>MakeDirectories=
</varname> are used
519 together the former is applied first. If a directory listed already exists no operation is executed
520 (in particular, the ownership/access mode of the directories is left as is).
</para>
522 <para>The primary use case for this option is to create a minimal set of directories that may be
523 mounted over by other partitions contained in the same disk image. For example, a disk image where
524 the root file system is formatted at first boot might want to automatically pre-create
525 <filename>/usr/
</filename> in it this way, so that the
<literal>usr
</literal> partition may
526 over-mount it.
</para>
529 <citerefentry><refentrytitle>systemd-tmpfiles
</refentrytitle><manvolnum>8</manvolnum></citerefentry>
530 with its
<option>--image=
</option> option to pre-create other, more complex directory hierarchies (as
531 well as other inodes) with fine-grained control of ownership, access modes and other file
534 <xi:include href=
"version-info.xml" xpointer=
"v249"/></listitem>
538 <term><varname>Subvolumes=
</varname></term>
540 <listitem><para>Takes one or more absolute paths, separated by whitespace, each declaring a directory
541 that should be a subvolume within the new file system. This option may be used more than once to
542 specify multiple directories. Note that this setting does not create the directories themselves, that
543 can be configured with
<varname>MakeDirectories=
</varname> and
<varname>CopyFiles=
</varname>.
</para>
545 <para>Note that this option only takes effect if the target filesystem supports subvolumes, such as
546 <literal>btrfs
</literal>.
</para>
548 <para>Note that due to limitations of
<literal>mkfs.btrfs
</literal>, this option is only supported
549 when running with
<option>--offline=no
</option>.
</para>
551 <xi:include href=
"version-info.xml" xpointer=
"v255"/></listitem>
555 <term><varname>Encrypt=
</varname></term>
557 <listitem><para>Takes one of
<literal>off
</literal>,
<literal>key-file
</literal>,
558 <literal>tpm2
</literal> and
<literal>key-file+tpm2
</literal> (alternatively, also accepts a boolean
559 value, which is mapped to
<literal>off
</literal> when false, and
<literal>key-file
</literal> when
560 true). Defaults to
<literal>off
</literal>. If not
<literal>off
</literal> the partition will be
561 formatted with a LUKS2 superblock, before the blocks configured with
<varname>CopyBlocks=
</varname>
562 are copied in or the file system configured with
<varname>Format=
</varname> is created.
</para>
564 <para>The LUKS2 UUID is automatically derived from the partition UUID in a stable fashion. If
565 <literal>key-file
</literal> or
<literal>key-file+tpm2
</literal> is used, a key is added to the LUKS2
566 superblock, configurable with the
<option>--key-file=
</option> option to
567 <command>systemd-repart
</command>. If
<literal>tpm2
</literal> or
<literal>key-file+tpm2
</literal> is
568 used, a key is added to the LUKS2 superblock that is enrolled to the local TPM2 chip, as configured
569 with the
<option>--tpm2-device=
</option> and
<option>--tpm2-pcrs=
</option> options to
570 <command>systemd-repart
</command>.
</para>
572 <para>When used this slightly alters the size allocation logic as the implicit, minimal size limits
573 of
<varname>Format=
</varname> and
<varname>CopyBlocks=
</varname> are increased by the space necessary
574 for the LUKS2 superblock (see above).
</para>
576 <para>This option has no effect if the partition already exists.
</para>
578 <xi:include href=
"version-info.xml" xpointer=
"v247"/></listitem>
582 <term><varname>Verity=
</varname></term>
584 <listitem><para>Takes one of
<literal>off
</literal>,
<literal>data
</literal>,
585 <literal>hash
</literal> or
<literal>signature
</literal>. Defaults to
<literal>off
</literal>. If set
586 to
<literal>off
</literal> or
<literal>data
</literal>, the partition is populated with content as
587 specified by
<varname>CopyBlocks=
</varname> or
<varname>CopyFiles=
</varname>. If set to
588 <literal>hash
</literal>, the partition will be populated with verity hashes from the matching verity
589 data partition. If set to
<literal>signature
</literal>, the partition will be populated with a JSON
590 object containing a signature of the verity root hash of the matching verity hash partition.
</para>
592 <para>A matching verity partition is a partition with the same verity match key (as configured with
593 <varname>VerityMatchKey=
</varname>).
</para>
595 <para>If not explicitly configured, the data partition's UUID will be set to the first
128
596 bits of the verity root hash. Similarly, if not configured, the hash partition's UUID will be set to
597 the final
128 bits of the verity root hash. The verity root hash itself will be included in the
598 output of
<command>systemd-repart
</command>.
</para>
600 <para>This option has no effect if the partition already exists.
</para>
602 <para>Usage of this option in combination with
<varname>Encrypt=
</varname> is not supported.
</para>
604 <para>For each unique
<varname>VerityMatchKey=
</varname> value, a single verity data partition
605 (
<literal>Verity=data
</literal>) and a single verity hash partition (
<literal>Verity=hash
</literal>)
606 must be defined.
</para>
608 <xi:include href=
"version-info.xml" xpointer=
"v252"/></listitem>
612 <term><varname>VerityMatchKey=
</varname></term>
614 <listitem><para>Takes a short, user-chosen identifier string. This setting is used to find sibling
615 verity partitions for the current verity partition. See the description for
616 <varname>Verity=
</varname>.
</para>
618 <xi:include href=
"version-info.xml" xpointer=
"v252"/></listitem>
622 <term><varname>VerityDataBlockSizeBytes=
</varname></term>
624 <listitem><para>Configures the data block size of the generated verity hash partition. Must be between
512 and
625 4096 bytes and must be a power of
2. Defaults to the sector size if configured explicitly, or the underlying
626 block device sector size, or
4K if systemd-repart is not operating on a block device.
629 <xi:include href=
"version-info.xml" xpointer=
"v255"/></listitem>
633 <term><varname>VerityHashBlockSizeBytes=
</varname></term>
635 <listitem><para>Configures the hash block size of the generated verity hash partition. Must be between
512 and
636 4096 bytes and must be a power of
2. Defaults to the sector size if configured explicitly, or the underlying
637 block device sector size, or
4K if systemd-repart is not operating on a block device.
640 <xi:include href=
"version-info.xml" xpointer=
"v255"/></listitem>
644 <term><varname>FactoryReset=
</varname></term>
646 <listitem><para>Takes a boolean argument. If specified the partition is marked for removal during a
647 factory reset operation. This functionality is useful to implement schemes where images can be reset
648 into their original state by removing partitions and creating them anew. Defaults to off.
</para>
650 <xi:include href=
"version-info.xml" xpointer=
"v245"/></listitem>
654 <term><varname>Flags=
</varname></term>
656 <listitem><para>Configures the
64-bit GPT partition flags field to set for the partition when creating
657 it. This option has no effect if the partition already exists. If not specified the flags values is
658 set to all zeroes, except for the three bits that can also be configured via
659 <varname>NoAuto=
</varname>,
<varname>ReadOnly=
</varname> and
<varname>GrowFileSystem=
</varname>; see
660 below for details on the defaults for these three flags. Specify the flags value in hexadecimal (by
661 prefixing it with
<literal>0x
</literal>), binary (prefix
<literal>0b
</literal>) or decimal (no
664 <xi:include href=
"version-info.xml" xpointer=
"v249"/></listitem>
668 <term><varname>NoAuto=
</varname></term>
669 <term><varname>ReadOnly=
</varname></term>
670 <term><varname>GrowFileSystem=
</varname></term>
672 <listitem><para>Configures the No-Auto, Read-Only and Grow-File-System partition flags (bit
63,
60
673 and
59) of the partition table entry, as defined by the
<ulink
674 url=
"https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification
</ulink>. Only
675 available for partition types supported by the specification. This option is a friendly way to set
676 bits
63,
60 and
59 of the partition flags value without setting any of the other bits, and may be set
677 via
<varname>Flags=
</varname> too, see above.
</para>
679 <para>If
<varname>Flags=
</varname> is used in conjunction with one or more of
680 <varname>NoAuto=
</varname>/
<varname>ReadOnly=
</varname>/
<varname>GrowFileSystem=
</varname> the latter
681 control the value of the relevant flags, i.e. the high-level settings
682 <varname>NoAuto=
</varname>/
<varname>ReadOnly=
</varname>/
<varname>GrowFileSystem=
</varname> override
683 the relevant bits of the low-level setting
<varname>Flags=
</varname>.
</para>
685 <para>Note that the three flags affect only automatic partition mounting, as implemented by
686 <citerefentry><refentrytitle>systemd-gpt-auto-generator
</refentrytitle><manvolnum>8</manvolnum></citerefentry>
687 or the
<option>--image=
</option> option of various commands (such as
688 <citerefentry><refentrytitle>systemd-nspawn
</refentrytitle><manvolnum>1</manvolnum></citerefentry>). It
689 has no effect on explicit mounts, such as those done via
<citerefentry
690 project='man-pages'
><refentrytitle>mount
</refentrytitle><manvolnum>8</manvolnum></citerefentry> or
692 project='man-pages'
><refentrytitle>fstab
</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
</para>
694 <para>If both bit
50 and
59 are set for a partition (i.e. the partition is marked both read-only and
695 marked for file system growing) the latter is typically without effect: the read-only flag takes
696 precedence in most tools reading these flags, and since growing the file system involves writing to
697 the partition it is consequently ignored.
</para>
699 <para><varname>NoAuto=
</varname> defaults to off.
<varname>ReadOnly=
</varname> defaults to on for
700 Verity partition types, and off for all others.
<varname>GrowFileSystem=
</varname> defaults to on for
701 all partition types that support it, except if the partition is marked read-only (and thus
702 effectively, defaults to off for Verity partitions).
</para>
704 <xi:include href=
"version-info.xml" xpointer=
"v249"/></listitem>
708 <term><varname>SplitName=
</varname></term>
710 <listitem><para>Configures the suffix to append to split artifacts when the
<option>--split
</option>
712 <citerefentry><refentrytitle>systemd-repart
</refentrytitle><manvolnum>8</manvolnum></citerefentry> is
713 used. Simple specifier expansion is supported, see below. Defaults to
<literal>%t
</literal>. To
714 disable split artifact generation for a partition, set
<varname>SplitName=
</varname> to
715 <literal>-
</literal>.
</para>
717 <xi:include href=
"version-info.xml" xpointer=
"v252"/></listitem>
721 <term><varname>Minimize=
</varname></term>
723 <listitem><para>Takes one of
<literal>off
</literal>,
<literal>best
</literal>, and
724 <literal>guess
</literal> (alternatively, also accepts a boolean value, which is mapped to
725 <literal>off
</literal> when false, and
<literal>best
</literal> when true). Defaults to
726 <literal>off
</literal>. If set to
<literal>best
</literal>, the partition will have the minimal size
727 required to store the sources configured with
<varname>CopyFiles=
</varname>.
<literal>best
</literal>
728 is currently only supported for read-only filesystems. If set to
<literal>guess
</literal>, the
729 partition is created at least as big as required to store the sources configured with
730 <varname>CopyFiles=
</varname>. Note that unless the filesystem is a read-only filesystem,
731 <command>systemd-repart
</command> will have to populate the filesystem twice to guess the minimal
732 required size, so enabling this option might slow down repart when populating large partitions.
735 <xi:include href=
"version-info.xml" xpointer=
"v253"/></listitem>
741 <title>Specifiers
</title>
743 <para>Specifiers may be used in the
<varname>Label=
</varname>,
<varname>CopyBlocks=
</varname>,
744 <varname>CopyFiles=
</varname>,
<varname>MakeDirectories=
</varname>,
<varname>SplitName=
</varname>
745 settings. The following expansions are understood:
</para>
746 <table class='specifiers'
>
747 <title>Specifiers available
</title>
748 <tgroup cols='
3' align='left' colsep='
1' rowsep='
1'
>
749 <colspec colname=
"spec" />
750 <colspec colname=
"mean" />
751 <colspec colname=
"detail" />
754 <entry>Specifier
</entry>
755 <entry>Meaning
</entry>
756 <entry>Details
</entry>
760 <xi:include href=
"standard-specifiers.xml" xpointer=
"a"/>
761 <xi:include href=
"standard-specifiers.xml" xpointer=
"A"/>
762 <xi:include href=
"standard-specifiers.xml" xpointer=
"b"/>
763 <xi:include href=
"standard-specifiers.xml" xpointer=
"B"/>
764 <xi:include href=
"standard-specifiers.xml" xpointer=
"H"/>
765 <xi:include href=
"standard-specifiers.xml" xpointer=
"l"/>
766 <xi:include href=
"standard-specifiers.xml" xpointer=
"m"/>
767 <xi:include href=
"standard-specifiers.xml" xpointer=
"M"/>
768 <xi:include href=
"standard-specifiers.xml" xpointer=
"o"/>
769 <xi:include href=
"standard-specifiers.xml" xpointer=
"v"/>
770 <xi:include href=
"standard-specifiers.xml" xpointer=
"w"/>
771 <xi:include href=
"standard-specifiers.xml" xpointer=
"W"/>
772 <xi:include href=
"standard-specifiers.xml" xpointer=
"T"/>
773 <xi:include href=
"standard-specifiers.xml" xpointer=
"V"/>
774 <xi:include href=
"standard-specifiers.xml" xpointer=
"percent"/>
779 <para>Additionally, for the
<varname>SplitName=
</varname> setting, the following specifiers are also
781 <table class='specifiers'
>
782 <title>Specifiers available
</title>
783 <tgroup cols='
3' align='left' colsep='
1' rowsep='
1'
>
784 <colspec colname=
"spec" />
785 <colspec colname=
"mean" />
786 <colspec colname=
"detail" />
789 <entry>Specifier
</entry>
790 <entry>Meaning
</entry>
791 <entry>Details
</entry>
796 <entry><literal>%T
</literal></entry>
797 <entry>Partition Type UUID
</entry>
798 <entry>The partition type UUID, as configured with
<varname>Type=
</varname></entry>
801 <entry><literal>%t
</literal></entry>
802 <entry>Partition Type Identifier
</entry>
803 <entry>The partition type identifier corresponding to the partition type UUID
</entry>
806 <entry><literal>%U
</literal></entry>
807 <entry>Partition UUID
</entry>
808 <entry>The partition UUID, as configured with
<varname>UUID=
</varname></entry>
811 <entry><literal>%n
</literal></entry>
812 <entry>Partition Number
</entry>
813 <entry>The partition number assigned to the partition
</entry>
821 <title>Examples
</title>
824 <title>Grow the root partition to the full disk size at first boot
</title>
826 <para>With the following file the root partition is automatically grown to the full disk if possible
829 <para><programlisting># /usr/lib/repart.d/
50-root.conf
832 </programlisting></para>
836 <title>Create a swap and home partition automatically on boot, if missing
</title>
838 <para>The home partition gets all available disk space while the swap partition gets
1G at most and
64M
839 at least. We set a priority
> 0 on the swap partition to ensure the swap partition is not used if not
840 enough space is available. For every three bytes assigned to the home partition the swap partition gets
843 <para><programlisting># /usr/lib/repart.d/
60-home.conf
846 </programlisting></para>
848 <para><programlisting># /usr/lib/repart.d/
70-swap.conf
855 </programlisting></para>
859 <title>Create B partitions in an A/B Verity setup, if missing
</title>
861 <para>Let's say the vendor intends to update OS images in an A/B setup, i.e. with two root partitions
862 (and two matching Verity partitions) that shall be used alternatingly during upgrades. To minimize
863 image sizes the original image is shipped only with one root and one Verity partition (the
"A" set),
864 and the second root and Verity partitions (the
"B" set) shall be created on first boot on the free
865 space on the medium.
</para>
867 <para><programlisting># /usr/lib/repart.d/
50-root.conf
872 </programlisting></para>
874 <para><programlisting># /usr/lib/repart.d/
60-root-verity.conf
879 </programlisting></para>
881 <para>The definitions above cover the
"A" set of root partition (of a fixed
512M size) and Verity
882 partition for the root partition (of a fixed
64M size). Let's use symlinks to create the
"B" set of
883 partitions, since after all they shall have the same properties and sizes as the
"A" set.
</para>
885 <para><programlisting># ln -s
50-root.conf /usr/lib/repart.d/
70-root-b.conf
886 # ln -s
60-root-verity.conf /usr/lib/repart.d/
80-root-verity-b.conf
887 </programlisting></para>
891 <title>Create a data partition and corresponding verity partitions from a OS tree
</title>
893 <para>Assuming we have an OS tree at
<filename index='false'
>/var/tmp/os-tree
</filename> that we want
894 to package in a root partition together with matching verity partitions, we can do so as follows:
897 <para><programlisting>#
50-root.conf
900 CopyFiles=/var/tmp/os-tree
904 </programlisting></para>
906 <para><programlisting>#
60-root-verity.conf
911 # Explicitly set the hash and data block size to
4K
912 VerityDataBlockSizeBytes=
4096
913 VerityHashBlockSizeBytes=
4096
915 </programlisting></para>
917 <para><programlisting>#
70-root-verity-sig.conf
922 </programlisting></para>
928 <title>See Also
</title>
930 <citerefentry><refentrytitle>systemd
</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
931 <citerefentry><refentrytitle>systemd-repart
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
932 <citerefentry project='man-pages'
><refentrytitle>sfdisk
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
933 <citerefentry><refentrytitle>systemd-cryptenroll
</refentrytitle><manvolnum>1</manvolnum></citerefentry>
projects / thirdparty / systemd.git / blob