]>
Commit | Line | Data |
---|---|---|
61f403a1 LP |
1 | <?xml version='1.0'?> <!--*-nxml-*--> |
2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" | |
eea10b26 | 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> |
db9ecf05 | 4 | <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> |
61f403a1 | 5 | |
bb5a34fb | 6 | <refentry id="systemd-dissect" conditional='HAVE_BLKID' |
61f403a1 LP |
7 | xmlns:xi="http://www.w3.org/2001/XInclude"> |
8 | ||
9 | <refentryinfo> | |
10 | <title>systemd-dissect</title> | |
11 | <productname>systemd</productname> | |
12 | </refentryinfo> | |
13 | ||
14 | <refmeta> | |
15 | <refentrytitle>systemd-dissect</refentrytitle> | |
16 | <manvolnum>1</manvolnum> | |
17 | </refmeta> | |
18 | ||
19 | <refnamediv> | |
20 | <refname>systemd-dissect</refname> | |
92828ba6 | 21 | <refname>mount.ddi</refname> |
2781f7b4 | 22 | <refpurpose>Dissect Discoverable Disk Images (DDIs)</refpurpose> |
61f403a1 LP |
23 | </refnamediv> |
24 | ||
25 | <refsynopsisdiv> | |
26 | <cmdsynopsis> | |
dfa6c32a | 27 | <command>systemd-dissect</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> |
61f403a1 LP |
28 | </cmdsynopsis> |
29 | <cmdsynopsis> | |
20dcd73a | 30 | <command>systemd-dissect</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg>--mount</arg> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="plain"><replaceable>PATH</replaceable></arg> |
61f403a1 | 31 | </cmdsynopsis> |
ac1f1adf | 32 | <cmdsynopsis> |
20dcd73a | 33 | <command>systemd-dissect</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg>--umount</arg> <arg choice="plain"><replaceable>PATH</replaceable></arg> |
ac1f1adf | 34 | </cmdsynopsis> |
07d6072e | 35 | <cmdsynopsis> |
20dcd73a | 36 | <command>systemd-dissect</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg>--attach</arg> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> |
07d6072e LP |
37 | </cmdsynopsis> |
38 | <cmdsynopsis> | |
20dcd73a | 39 | <command>systemd-dissect</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg>--detach</arg> <arg choice="plain"><replaceable>PATH</replaceable></arg> |
07d6072e | 40 | </cmdsynopsis> |
0cf16924 | 41 | <cmdsynopsis> |
20dcd73a | 42 | <command>systemd-dissect</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg>--list</arg> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> |
0cf16924 | 43 | </cmdsynopsis> |
b5b40106 | 44 | <cmdsynopsis> |
20dcd73a | 45 | <command>systemd-dissect</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg>--mtree</arg> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> |
b5b40106 | 46 | </cmdsynopsis> |
1a06ce16 | 47 | <cmdsynopsis> |
20dcd73a | 48 | <command>systemd-dissect</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg>--with</arg> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="opt" rep="repeat"><replaceable>COMMAND</replaceable></arg> |
1a06ce16 | 49 | </cmdsynopsis> |
61f403a1 | 50 | <cmdsynopsis> |
20dcd73a | 51 | <command>systemd-dissect</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg>--copy-from</arg> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="plain"><replaceable>PATH</replaceable></arg> <arg choice="opt"><replaceable>TARGET</replaceable></arg> |
61f403a1 LP |
52 | </cmdsynopsis> |
53 | <cmdsynopsis> | |
20dcd73a | 54 | <command>systemd-dissect</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg>--copy-to</arg> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="opt"><replaceable>SOURCE</replaceable></arg> <arg choice="plain"><replaceable>PATH</replaceable></arg> |
61f403a1 | 55 | </cmdsynopsis> |
b68f4cad LP |
56 | <cmdsynopsis> |
57 | <command>systemd-dissect</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg>--make-archive</arg> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="opt"><replaceable>TARGET</replaceable></arg> | |
58 | </cmdsynopsis> | |
a0582220 | 59 | <cmdsynopsis> |
20dcd73a | 60 | <command>systemd-dissect</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg>--discover</arg> |
a0582220 AAF |
61 | </cmdsynopsis> |
62 | <cmdsynopsis> | |
20dcd73a | 63 | <command>systemd-dissect</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg>--validate</arg> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> |
a0582220 | 64 | </cmdsynopsis> |
61f403a1 LP |
65 | </refsynopsisdiv> |
66 | ||
67 | <refsect1> | |
68 | <title>Description</title> | |
69 | ||
70 | <para><command>systemd-dissect</command> is a tool for introspecting and interacting with file system OS | |
e4823735 | 71 | disk images, specifically Discoverable Disk Images (DDIs). It supports four different operations:</para> |
61f403a1 LP |
72 | |
73 | <orderedlist> | |
74 | <listitem><para>Show general OS image information, including the image's | |
75 | <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> data, | |
76 | machine ID, partition information and more.</para></listitem> | |
77 | ||
78 | <listitem><para>Mount an OS image to a local directory. In this mode it will dissect the OS image and | |
79 | mount the included partitions according to their designation onto a directory and possibly | |
80 | sub-directories.</para></listitem> | |
81 | ||
ac1f1adf DDM |
82 | <listitem><para>Unmount an OS image from a local directory. In this mode it will recursively unmount |
83 | the mounted partitions and remove the underlying loop device, including all the partition sub-devices. | |
84 | </para></listitem> | |
85 | ||
61f403a1 LP |
86 | <listitem><para>Copy files and directories in and out of an OS image.</para></listitem> |
87 | </orderedlist> | |
88 | ||
89 | <para>The tool may operate on three types of OS images:</para> | |
90 | ||
91 | <orderedlist> | |
92 | <listitem><para>OS disk images containing a GPT partition table envelope, with partitions marked | |
db811444 | 93 | according to the <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions |
61f403a1 LP |
94 | Specification</ulink>.</para></listitem> |
95 | ||
96 | <listitem><para>OS disk images containing just a plain file-system without an enveloping partition | |
97 | table. (This file system is assumed to be the root file system of the OS.)</para></listitem> | |
98 | ||
99 | <listitem><para>OS disk images containing a GPT or MBR partition table, with a single | |
100 | partition only. (This partition is assumed to contain the root file system of the OS.)</para></listitem> | |
101 | </orderedlist> | |
102 | ||
103 | <para>OS images may use any kind of Linux-supported file systems. In addition they may make use of LUKS | |
104 | disk encryption, and contain Verity integrity information. Note that qualifying OS images may be booted | |
21556381 | 105 | with <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s |
61f403a1 LP |
106 | <option>--image=</option> switch, and be used as root file system for system service using the |
107 | <varname>RootImage=</varname> unit file setting, see | |
21556381 | 108 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> |
461836a4 LP |
109 | |
110 | <para>Note that the partition table shown when invoked without command switch (as listed below) does not | |
111 | necessarily show all partitions included in the image, but just the partitions that are understood and | |
112 | considered part of an OS disk image. Specifically, partitions of unknown types are ignored, as well as | |
113 | duplicate partitions (i.e. more than one per partition type), as are root and <filename>/usr/</filename> | |
114 | partitions of architectures not compatible with the local system. In other words: this tool will display | |
115 | what it operates with when mounting the image. To display the complete list of partitions use a tool such | |
116 | as <citerefentry | |
117 | project='man-pages'><refentrytitle>fdisk</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> | |
92828ba6 LP |
118 | |
119 | <para>The <command>systemd-dissect</command> command may be invoked as <command>mount.ddi</command> in | |
120 | which case it implements the <citerefentry | |
121 | project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> "external | |
122 | helper" interface. This ensures disk images compatible with <command>systemd-dissect</command> can be | |
123 | mounted directly by <command>mount</command> and <citerefentry | |
124 | project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For | |
125 | details see below.</para> | |
7d93e4af | 126 | |
7fa428cf | 127 | <xi:include href="vpick.xml" xpointer="image"/> |
61f403a1 LP |
128 | </refsect1> |
129 | ||
130 | <refsect1> | |
131 | <title>Commands</title> | |
132 | ||
133 | <para>If neither of the command switches listed below are passed the specified disk image is opened and | |
134 | general information about the image and the contained partitions and their use is shown.</para> | |
135 | ||
136 | <variablelist> | |
137 | <varlistentry> | |
138 | <term><option>--mount</option></term> | |
139 | <term><option>-m</option></term> | |
140 | ||
141 | <listitem><para>Mount the specified OS image to the specified directory. This will dissect the image, | |
142 | determine the OS root file system — as well as possibly other partitions — and mount them to the | |
143 | specified directory. If the OS image contains multiple partitions marked with the <ulink | |
db811444 | 144 | url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink> |
61f403a1 LP |
145 | multiple nested mounts are established. This command expects two arguments: a path to an image file |
146 | and a path to a directory where to mount the image.</para> | |
147 | ||
ac1f1adf | 148 | <para>To unmount an OS image mounted like this use the <option>--umount</option> operation.</para> |
61f403a1 LP |
149 | |
150 | <para>When the OS image contains LUKS encrypted or Verity integrity protected file systems | |
151 | appropriate volumes are automatically set up and marked for automatic disassembly when the image is | |
152 | unmounted.</para> | |
153 | ||
154 | <para>The OS image may either be specified as path to an OS image stored in a regular file or may | |
155 | refer to block device node (in the latter case the block device must be the "whole" device, i.e. not | |
156 | a partition device). (The other supported commands described here support this, too.)</para> | |
157 | ||
158 | <para>All mounted file systems are checked with the appropriate <citerefentry | |
159 | project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
160 | implementation in automatic fixing mode, unless explicitly turned off (<option>--fsck=no</option>) or | |
92828ba6 LP |
161 | read-only operation is requested (<option>--read-only</option>).</para> |
162 | ||
163 | <para>Note that this functionality is also available in <citerefentry | |
164 | project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> via a | |
165 | command such as <command>mount -t ddi myimage.raw targetdir/</command>, as well as in <citerefentry | |
166 | project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For | |
ec07c3c8 AK |
167 | details, see below.</para> |
168 | ||
169 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
170 | </varlistentry> |
171 | ||
172 | <varlistentry> | |
173 | <term><option>-M</option></term> | |
174 | ||
ec07c3c8 AK |
175 | <listitem><para>This is a shortcut for <option>--mount --mkdir</option>.</para> |
176 | ||
177 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
178 | </varlistentry> |
179 | ||
ac1f1adf DDM |
180 | <varlistentry> |
181 | <term><option>--umount</option></term> | |
182 | <term><option>-u</option></term> | |
183 | ||
184 | <listitem><para>Unmount an OS image from the specified directory. This command expects one argument: | |
185 | a directory where an OS image was mounted.</para> | |
186 | ||
187 | <para>All mounted partitions will be recursively unmounted, and the underlying loop device will be | |
ec07c3c8 AK |
188 | removed, along with all its partition sub-devices.</para> |
189 | ||
190 | <xi:include href="version-info.xml" xpointer="v252"/></listitem> | |
ac1f1adf DDM |
191 | </varlistentry> |
192 | ||
193 | <varlistentry> | |
194 | <term><option>-U</option></term> | |
195 | ||
ec07c3c8 AK |
196 | <listitem><para>This is a shortcut for <option>--umount --rmdir</option>.</para> |
197 | ||
198 | <xi:include href="version-info.xml" xpointer="v252"/></listitem> | |
ac1f1adf | 199 | </varlistentry> |
07d6072e LP |
200 | |
201 | <varlistentry> | |
202 | <term><option>--attach</option></term> | |
203 | ||
204 | <listitem><para>Attach the specified disk image to an automatically allocated loopback block device, | |
205 | and print the path to the loopback block device to standard output. This is similar to an invocation | |
206 | of <command>losetup --find --show</command>, but will validate the image as DDI before attaching, and | |
207 | derive the correct sector size to use automatically. Moreover, it ensures the per-partition block | |
ec07c3c8 AK |
208 | devices are created before returning. Takes a path to a disk image file.</para> |
209 | ||
210 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
07d6072e LP |
211 | </varlistentry> |
212 | ||
213 | <varlistentry> | |
214 | <term><option>--detach</option></term> | |
215 | ||
216 | <listitem><para>Detach the specified disk image from a loopback block device. This undoes the effect | |
217 | of <option>--attach</option> above. This expects either a path to a loopback block device as an | |
218 | argument, or the path to the backing image file. In the latter case it will automatically determine | |
ec07c3c8 AK |
219 | the right device to detach.</para> |
220 | ||
221 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
07d6072e | 222 | </varlistentry> |
ac1f1adf | 223 | |
0cf16924 AAF |
224 | <varlistentry> |
225 | <term><option>--list</option></term> | |
226 | <term><option>-l</option></term> | |
227 | ||
2292fa1e | 228 | <listitem><para>Prints the paths of all the files and directories in the specified OS image or |
ec07c3c8 AK |
229 | directory to standard output.</para> |
230 | ||
231 | <xi:include href="version-info.xml" xpointer="v253"/></listitem> | |
0cf16924 AAF |
232 | </varlistentry> |
233 | ||
b5b40106 LP |
234 | <varlistentry> |
235 | <term><option>--mtree</option></term> | |
b5b40106 | 236 | |
8fb35004 ZJS |
237 | <listitem><para>Generates a BSD |
238 | <citerefentry project='die-net'><refentrytitle>mtree</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
2292fa1e | 239 | compatible file manifest of the specified disk image or directory. This is useful for comparing image |
b5b40106 LP |
240 | contents in detail, including inode information and other metadata. While the generated manifest will |
241 | contain detailed inode information, it currently excludes extended attributes, file system | |
8fb35004 ZJS |
242 | capabilities, MAC labels, |
243 | <citerefentry project='man-pages'><refentrytitle>chattr</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
244 | file flags, | |
be57c176 | 245 | <citerefentry project='url'><refentrytitle url='https://btrfs.readthedocs.io/en/latest/btrfs-man5.html'>btrfs</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
8fb35004 ZJS |
246 | subvolume information, and various other file metadata. File content information is shown via a |
247 | SHA256 digest. Additional fields might be added in future. Note that inode information such as link | |
248 | counts, inode numbers and timestamps is excluded from the output on purpose, as it typically | |
ec07c3c8 AK |
249 | complicates reproducibility.</para> |
250 | ||
251 | <xi:include href="version-info.xml" xpointer="v253"/></listitem> | |
b5b40106 LP |
252 | </varlistentry> |
253 | ||
1a06ce16 LP |
254 | <varlistentry> |
255 | <term><option>--with</option></term> | |
256 | ||
257 | <listitem><para>Runs the specified command with the specified OS image mounted. This will mount the | |
258 | image to a temporary directory, switch the current working directory to it, and invoke the specified | |
259 | command line as child process. Once the process ends it will unmount the image again, and remove the | |
260 | temporary directory. If no command is specified a shell is invoked. The image is mounted writable, | |
261 | use <option>--read-only</option> to switch to read-only operation. The invoked process will have the | |
262 | <varname>$SYSTEMD_DISSECT_ROOT</varname> environment variable set, containing the absolute path name | |
263 | of the temporary mount point, i.e. the same directory that is set as the current working | |
47838b55 | 264 | directory. It will also have the <varname>$SYSTEMD_DISSECT_DEVICE</varname> environment variable set, |
ec07c3c8 AK |
265 | containing the absolute path name of the loop device the image was attached to.</para> |
266 | ||
267 | <xi:include href="version-info.xml" xpointer="v253"/></listitem> | |
1a06ce16 LP |
268 | </varlistentry> |
269 | ||
61f403a1 LP |
270 | <varlistentry> |
271 | <term><option>--copy-from</option></term> | |
272 | <term><option>-x</option></term> | |
273 | ||
2292fa1e DDM |
274 | <listitem><para>Copies a file or directory from the specified OS image or directory into the |
275 | specified location on the host file system. Expects three arguments: a path to an image file or | |
276 | directory, a source path (relative to the image's root directory) and a destination path (relative to | |
277 | the current working directory, or an absolute path, both outside of the image). If the destination | |
278 | path is omitted or specified as dash (<literal>-</literal>), the specified file is written to | |
279 | standard output. If the source path in the image file system refers to a regular file it is copied to | |
280 | the destination path. In this case access mode, extended attributes and timestamps are copied as | |
281 | well, but file ownership is not. If the source path in the image refers to a directory, it is copied | |
282 | to the destination path, recursively with all containing files and directories. In this case the file | |
ec07c3c8 AK |
283 | ownership is copied too.</para> |
284 | ||
285 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
286 | </varlistentry> |
287 | ||
288 | <varlistentry> | |
289 | <term><option>--copy-to</option></term> | |
290 | <term><option>-a</option></term> | |
291 | ||
292 | <listitem><para>Copies a file or directory from the specified location in the host file system into | |
2292fa1e DDM |
293 | the specified OS image or directory. Expects three arguments: a path to an image file or directory, a |
294 | source path (relative to the current working directory, or an absolute path, both outside of the | |
295 | image) and a destination path (relative to the image's root directory). If the source path is omitted | |
296 | or specified as dash (<literal>-</literal>), the data to write is read from standard input. If the | |
297 | source path in the host file system refers to a regular file, it is copied to the destination path. | |
298 | In this case access mode, extended attributes and timestamps are copied as well, but file ownership | |
299 | is not. If the source path in the host file system refers to a directory it is copied to the | |
300 | destination path, recursively with all containing files and directories. In this case the file | |
301 | ownership is copied too.</para> | |
61f403a1 LP |
302 | |
303 | <para>As with <option>--mount</option> file system checks are implicitly run before the copy | |
ec07c3c8 AK |
304 | operation begins.</para> |
305 | ||
306 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
307 | </varlistentry> |
308 | ||
b68f4cad LP |
309 | <varlistentry> |
310 | <term><option>--make-archive</option></term> | |
311 | ||
312 | <listitem><para>Generates an archive file from the specified disk image. Expects two arguments: the | |
313 | path to the disk image and optionally the output archive file path. If the latter is omitted the | |
314 | archive is written to standard output. The archive file format is determined automatically from the | |
315 | specified output archive file name, e.g. any path suffixed with <literal>.tar.xz</literal> will | |
316 | result in an xz compressed UNIX tarball (if the path is omitted an uncompressed UNIX tarball is | |
317 | created). See | |
318 | <citerefentry><refentrytitle>libarchive</refentrytitle><manvolnum>3</manvolnum></citerefentry> for a | |
319 | list of supported archive formats and compression schemes.</para> | |
320 | ||
321 | <xi:include href="version-info.xml" xpointer="v256"/></listitem> | |
322 | </varlistentry> | |
323 | ||
0305cf6e LP |
324 | <varlistentry> |
325 | <term><option>--discover</option></term> | |
326 | ||
3b288a2d | 327 | <listitem><para>Show a list of DDIs in well-known directories. This will show machine, portable |
1e07c6f3 | 328 | service and system/configuration extension disk images in the usual directories |
0305cf6e | 329 | <filename>/usr/lib/machines/</filename>, <filename>/usr/lib/portables/</filename>, |
1e07c6f3 | 330 | <filename>/usr/lib/confexts/</filename>, <filename>/var/lib/machines/</filename>, |
0305cf6e | 331 | <filename>/var/lib/portables/</filename>, <filename>/var/lib/extensions/</filename> and so |
ec07c3c8 AK |
332 | on.</para> |
333 | ||
334 | <xi:include href="version-info.xml" xpointer="v253"/></listitem> | |
0305cf6e LP |
335 | </varlistentry> |
336 | ||
dee4a623 LP |
337 | <varlistentry> |
338 | <term><option>--validate</option></term> | |
339 | ||
340 | <listitem><para>Validates the partition arrangement of a disk image (DDI), and ensures it matches the | |
341 | image policy specified via <option>--image-policy=</option>, if one is specified. This parses the | |
342 | partition table and probes the file systems in the image, but does not attempt to mount them (nor to | |
343 | set up disk encryption/authentication via LUKS/Verity). It does this taking the configured image | |
344 | dissection policy into account. Since this operation does not mount file systems, this command – | |
345 | unlike all other commands implemented by this tool – requires no privileges other than the ability to | |
346 | access the specified file. Prints "OK" and returns zero if the image appears to be in order and | |
347 | matches the specified image dissection policy. Otherwise prints an error message and returns | |
ec07c3c8 AK |
348 | non-zero.</para> |
349 | ||
350 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
dee4a623 LP |
351 | </varlistentry> |
352 | ||
61f403a1 LP |
353 | <xi:include href="standard-options.xml" xpointer="help" /> |
354 | <xi:include href="standard-options.xml" xpointer="version" /> | |
355 | </variablelist> | |
356 | ||
357 | </refsect1> | |
358 | ||
359 | <refsect1> | |
360 | <title>Options</title> | |
361 | ||
362 | <para>The following options are understood:</para> | |
363 | ||
364 | <variablelist> | |
365 | <varlistentry> | |
366 | <term><option>--read-only</option></term> | |
367 | <term><option>-r</option></term> | |
368 | ||
369 | <listitem><para>Operate in read-only mode. By default <option>--mount</option> will establish | |
370 | writable mount points. If this option is specified they are established in read-only mode | |
ec07c3c8 AK |
371 | instead.</para> |
372 | ||
373 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
374 | </varlistentry> |
375 | ||
376 | <varlistentry> | |
377 | <term><option>--fsck=no</option></term> | |
378 | ||
379 | <listitem><para>Turn off automatic file system checking. By default when an image is accessed for | |
60c6c210 LP |
380 | writing (by <option>--mount</option> or <option>--copy-to</option>) the file systems contained in the |
381 | OS image are automatically checked using the appropriate <citerefentry | |
61f403a1 LP |
382 | project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
383 | command, in automatic fixing mode. This behavior may be switched off using | |
ec07c3c8 AK |
384 | <option>--fsck=no</option>.</para> |
385 | ||
386 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
387 | </varlistentry> |
388 | ||
74a54bae LP |
389 | <varlistentry> |
390 | <term><option>--growfs=no</option></term> | |
391 | ||
392 | <listitem><para>Turn off automatic growing of accessed file systems to their partition size, if | |
393 | marked for that in the GPT partition table. By default when an image is accessed for writing (by | |
394 | <option>--mount</option> or <option>--copy-to</option>) the file systems contained in the OS image | |
395 | are automatically grown to their partition sizes, if bit 59 in the GPT partition flags is set for | |
396 | partition types that are defined by the <ulink | |
db811444 | 397 | url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink>. This |
74a54bae LP |
398 | behavior may be switched off using <option>--growfs=no</option>. File systems are grown automatically |
399 | on access if all of the following conditions are met:</para> | |
400 | <orderedlist> | |
401 | <listitem><para>The file system is mounted writable</para></listitem> | |
402 | <listitem><para>The file system currently is smaller than the partition it is contained in (and thus can be grown)</para></listitem> | |
403 | <listitem><para>The image contains a GPT partition table</para></listitem> | |
404 | <listitem><para>The file system is stored on a partition defined by the Discoverable Partitions Specification</para></listitem> | |
405 | <listitem><para>Bit 59 of the GPT partition flags for this partition is set, as per specification</para></listitem> | |
406 | <listitem><para>The <option>--growfs=no</option> option is not passed.</para></listitem> | |
407 | </orderedlist> | |
ec07c3c8 AK |
408 | |
409 | <xi:include href="version-info.xml" xpointer="v249"/> | |
74a54bae LP |
410 | </listitem> |
411 | </varlistentry> | |
412 | ||
61f403a1 LP |
413 | <varlistentry> |
414 | <term><option>--mkdir</option></term> | |
415 | ||
416 | <listitem><para>If combined with <option>--mount</option> the directory to mount the OS image to is | |
417 | created if it is missing. Note that the directory is not automatically removed when the disk image is | |
ec07c3c8 AK |
418 | unmounted again.</para> |
419 | ||
420 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
421 | </varlistentry> |
422 | ||
ac1f1adf DDM |
423 | <varlistentry> |
424 | <term><option>--rmdir</option></term> | |
425 | ||
426 | <listitem><para>If combined with <option>--umount</option> the specified directory where the OS image | |
ec07c3c8 AK |
427 | is mounted is removed after unmounting the OS image.</para> |
428 | ||
429 | <xi:include href="version-info.xml" xpointer="v252"/></listitem> | |
ac1f1adf DDM |
430 | </varlistentry> |
431 | ||
61f403a1 LP |
432 | <varlistentry> |
433 | <term><option>--discard=</option></term> | |
434 | ||
435 | <listitem><para>Takes one of <literal>disabled</literal>, <literal>loop</literal>, | |
436 | <literal>all</literal>, <literal>crypto</literal>. If <literal>disabled</literal> the image is | |
75909cc7 | 437 | accessed with empty block discarding turned off. If <literal>loop</literal> discarding is enabled if |
61f403a1 | 438 | operating on a regular file. If <literal>crypt</literal> discarding is enabled even on encrypted file |
ec07c3c8 AK |
439 | systems. If <literal>all</literal> discarding is unconditionally enabled.</para> |
440 | ||
441 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
442 | </varlistentry> |
443 | ||
e7e2fbdd LP |
444 | <varlistentry> |
445 | <term><option>--in-memory</option></term> | |
446 | ||
447 | <listitem><para>If specified an in-memory copy of the specified disk image is used. This may be used | |
448 | to operate with write-access on a (possibly read-only) image, without actually modifying the original | |
449 | file. This may also be used in order to operate on a disk image without keeping the originating file | |
ec07c3c8 AK |
450 | system busy, in order to allow it to be unmounted.</para> |
451 | ||
452 | <xi:include href="version-info.xml" xpointer="v253"/></listitem> | |
e7e2fbdd LP |
453 | </varlistentry> |
454 | ||
61f403a1 LP |
455 | <varlistentry> |
456 | <term><option>--root-hash=</option></term> | |
457 | <term><option>--root-hash-sig=</option></term> | |
458 | <term><option>--verity-data=</option></term> | |
459 | ||
75909cc7 ZJS |
460 | <listitem><para>Configure various aspects of Verity data integrity for the OS image. Option |
461 | <option>--root-hash=</option> specifies a hex-encoded top-level Verity hash to use for setting up the | |
462 | Verity integrity protection. Option <option>--root-hash-sig=</option> specifies the path to a file | |
463 | containing a PKCS#7 signature for the hash. This signature is passed to the kernel during activation, | |
464 | which will match it against signature keys available in the kernel keyring. Option | |
465 | <option>--verity-data=</option> specifies a path to a file with the Verity data to use for the OS | |
466 | image, in case it is stored in a detached file. It is recommended to embed the Verity data directly | |
467 | in the image, using the Verity mechanisms in the <ulink | |
db811444 | 468 | url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink>. |
ec07c3c8 AK |
469 | </para> |
470 | ||
471 | <xi:include href="version-info.xml" xpointer="v247"/></listitem> | |
61f403a1 LP |
472 | </varlistentry> |
473 | ||
236d1fa2 LP |
474 | <varlistentry> |
475 | <term><option>--loop-ref=</option></term> | |
476 | ||
477 | <listitem><para>Configures the "reference" string the kernel shall report as backing file for the | |
478 | loopback block device. While this is supposed to be a path or filename referencing the backing file, | |
479 | this is not enforced and the kernel accepts arbitrary free-form strings, chosen by the user. Accepts | |
480 | arbitrary strings up to a length of 63 characters. This sets the kernel's | |
481 | <literal>.lo_file_name</literal> field for the block device. Note this is distinct from the | |
482 | <filename>/sys/class/block/loopX/loop/backing_file</filename> attribute file that always reports a | |
483 | path referring to the actual backing file. The latter is subject to mount namespace translation, the | |
7a05926f YW |
484 | former is not.</para> |
485 | ||
486 | <para>This setting is particularly useful in combination with the <option>--attach</option> command, | |
487 | as it allows later referencing the allocated loop device via | |
488 | <filename>/dev/disk/by-loop-ref/…</filename> symlinks. Example: first, set up the loopback device | |
489 | via <command>systemd-dissect attach --loop-ref=quux foo.raw</command>, and then reference it in a | |
490 | command via the specified filename: <command>cfdisk /dev/disk/by-loop-ref/quux</command>. | |
ec07c3c8 AK |
491 | </para> |
492 | ||
493 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
236d1fa2 LP |
494 | </varlistentry> |
495 | ||
12d58b6c DDM |
496 | <varlistentry> |
497 | <term><option>--mtree-hash=no</option></term> | |
498 | ||
499 | <listitem><para>If combined with <option>--mtree</option>, turns off inclusion of file hashes in the | |
500 | mtree output. This makes the <option>--mtree</option> faster when operating on large images. | |
ec07c3c8 AK |
501 | </para> |
502 | ||
503 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
12d58b6c DDM |
504 | </varlistentry> |
505 | ||
9ea81191 | 506 | <xi:include href="standard-options.xml" xpointer="image-policy-open" /> |
17547fb5 LP |
507 | <xi:include href="standard-options.xml" xpointer="no-pager" /> |
508 | <xi:include href="standard-options.xml" xpointer="no-legend" /> | |
8d0d1a30 | 509 | <xi:include href="standard-options.xml" xpointer="json" /> |
61f403a1 | 510 | </variablelist> |
61f403a1 LP |
511 | </refsect1> |
512 | ||
513 | <refsect1> | |
514 | <title>Exit status</title> | |
515 | ||
1a06ce16 LP |
516 | <para>On success, 0 is returned, a non-zero failure code otherwise. If the <option>--with</option> |
517 | command is used the exit status of the invoked command is propagated.</para> | |
518 | </refsect1> | |
519 | ||
92828ba6 LP |
520 | <refsect1> |
521 | <title>Invocation as <command>/sbin/mount.ddi</command></title> | |
522 | ||
523 | <para>The <command>systemd-dissect</command> executable may be symlinked to | |
524 | <filename>/sbin/mount.ddi</filename>. If invoked through that it implements <citerefentry | |
525 | project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry>'s | |
526 | "external helper" interface for the (pseudo) file system type <literal>ddi</literal>. This means | |
527 | conformant disk images may be mounted directly via</para> | |
528 | ||
529 | <programlisting># mount -t ddi myimage.raw targetdir/</programlisting> | |
530 | ||
531 | <para>in a fashion mostly equivalent to:</para> | |
532 | ||
533 | <programlisting># systemd-dissect --mount myimage.raw targetdir/</programlisting> | |
534 | ||
535 | <para>Note that since a single DDI may contain multiple file systems it should later be unmounted with | |
536 | <command>umount -R targetdir/</command>, for recursive operation.</para> | |
537 | ||
538 | <para>This functionality is particularly useful to mount DDIs automatically at boot via simple | |
539 | <filename>/etc/fstab</filename> entries. For example:</para> | |
540 | ||
541 | <programlisting>/path/to/myimage.raw /images/myimage/ ddi defaults 0 0</programlisting> | |
542 | ||
543 | <para>When invoked this way the mount options <literal>ro</literal>, <literal>rw</literal>, | |
544 | <literal>discard</literal>, <literal>nodiscard</literal> map to the corresponding options listed above | |
545 | (i.e. <option>--read-only</option>, <option>--discard=all</option>, | |
546 | <option>--discard=disabled</option>). Mount options are <emphasis>not</emphasis> generically passed on to | |
547 | the file systems inside the images.</para> | |
548 | </refsect1> | |
1a06ce16 LP |
549 | |
550 | <refsect1> | |
551 | <title>Examples</title> | |
552 | ||
553 | <example> | |
b68f4cad | 554 | <title>Generate a tarball from an OS disk image (<option>--with</option>)</title> |
1a06ce16 | 555 | |
92828ba6 | 556 | <programlisting># systemd-dissect --with foo.raw tar cz . >foo.tar.gz</programlisting> |
1a06ce16 | 557 | </example> |
b68f4cad LP |
558 | |
559 | <para>or alternatively just:</para> | |
560 | ||
561 | <example> | |
562 | <title>Generate a tarball from an OS disk image (<option>--make-archive</option>)</title> | |
563 | ||
564 | <programlisting># systemd-dissect --make-archive foo.raw foo.tar.gz</programlisting> | |
565 | </example> | |
61f403a1 LP |
566 | </refsect1> |
567 | ||
568 | <refsect1> | |
569 | <title>See Also</title> | |
13a69c12 DT |
570 | <para><simplelist type="inline"> |
571 | <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> | |
572 | <member><citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> | |
573 | <member><citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry></member> | |
7d93e4af | 574 | <member><citerefentry><refentrytitle>systemd.v</refentrytitle><manvolnum>7</manvolnum></citerefentry></member> |
13a69c12 DT |
575 | <member><ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink></member> |
576 | <member><citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> | |
577 | <member><citerefentry project='man-pages'><refentrytitle>umount</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> | |
578 | <member><citerefentry project='man-pages'><refentrytitle>fdisk</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> | |
579 | </simplelist></para> | |
61f403a1 LP |
580 | </refsect1> |
581 | ||
582 | </refentry> |