]>
Commit | Line | Data |
---|---|---|
61f403a1 LP |
1 | <?xml version='1.0'?> <!--*-nxml-*--> |
2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" | |
3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> | |
db9ecf05 | 4 | <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> |
61f403a1 | 5 | |
bb5a34fb | 6 | <refentry id="systemd-dissect" conditional='HAVE_BLKID' |
61f403a1 LP |
7 | xmlns:xi="http://www.w3.org/2001/XInclude"> |
8 | ||
9 | <refentryinfo> | |
10 | <title>systemd-dissect</title> | |
11 | <productname>systemd</productname> | |
12 | </refentryinfo> | |
13 | ||
14 | <refmeta> | |
15 | <refentrytitle>systemd-dissect</refentrytitle> | |
16 | <manvolnum>1</manvolnum> | |
17 | </refmeta> | |
18 | ||
19 | <refnamediv> | |
20 | <refname>systemd-dissect</refname> | |
21 | <refpurpose>Dissect file system OS images</refpurpose> | |
22 | </refnamediv> | |
23 | ||
24 | <refsynopsisdiv> | |
25 | <cmdsynopsis> | |
26 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="plain"><replaceable>IMAGE</replaceable></arg></command> | |
27 | </cmdsynopsis> | |
28 | <cmdsynopsis> | |
29 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--mount</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="plain"><replaceable>PATH</replaceable></arg></command> | |
30 | </cmdsynopsis> | |
31 | <cmdsynopsis> | |
32 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--copy-from</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="plain"><replaceable>PATH</replaceable></arg> <arg choice="opt"><replaceable>TARGET</replaceable></arg></command> | |
33 | </cmdsynopsis> | |
34 | <cmdsynopsis> | |
35 | <command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--copy-to</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="opt"><replaceable>SOURCE</replaceable></arg> <arg choice="plain"><replaceable>PATH</replaceable></arg></command> | |
36 | </cmdsynopsis> | |
37 | </refsynopsisdiv> | |
38 | ||
39 | <refsect1> | |
40 | <title>Description</title> | |
41 | ||
42 | <para><command>systemd-dissect</command> is a tool for introspecting and interacting with file system OS | |
43 | disk images. It supports four different operations:</para> | |
44 | ||
45 | <orderedlist> | |
46 | <listitem><para>Show general OS image information, including the image's | |
47 | <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> data, | |
48 | machine ID, partition information and more.</para></listitem> | |
49 | ||
50 | <listitem><para>Mount an OS image to a local directory. In this mode it will dissect the OS image and | |
51 | mount the included partitions according to their designation onto a directory and possibly | |
52 | sub-directories.</para></listitem> | |
53 | ||
54 | <listitem><para>Copy files and directories in and out of an OS image.</para></listitem> | |
55 | </orderedlist> | |
56 | ||
57 | <para>The tool may operate on three types of OS images:</para> | |
58 | ||
59 | <orderedlist> | |
60 | <listitem><para>OS disk images containing a GPT partition table envelope, with partitions marked | |
61 | according to the <ulink url="https://systemd.io/DISCOVERABLE_PARTITIONS">Discoverable Partitions | |
62 | Specification</ulink>.</para></listitem> | |
63 | ||
64 | <listitem><para>OS disk images containing just a plain file-system without an enveloping partition | |
65 | table. (This file system is assumed to be the root file system of the OS.)</para></listitem> | |
66 | ||
67 | <listitem><para>OS disk images containing a GPT or MBR partition table, with a single | |
68 | partition only. (This partition is assumed to contain the root file system of the OS.)</para></listitem> | |
69 | </orderedlist> | |
70 | ||
71 | <para>OS images may use any kind of Linux-supported file systems. In addition they may make use of LUKS | |
72 | disk encryption, and contain Verity integrity information. Note that qualifying OS images may be booted | |
21556381 | 73 | with <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s |
61f403a1 LP |
74 | <option>--image=</option> switch, and be used as root file system for system service using the |
75 | <varname>RootImage=</varname> unit file setting, see | |
21556381 | 76 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> |
461836a4 LP |
77 | |
78 | <para>Note that the partition table shown when invoked without command switch (as listed below) does not | |
79 | necessarily show all partitions included in the image, but just the partitions that are understood and | |
80 | considered part of an OS disk image. Specifically, partitions of unknown types are ignored, as well as | |
81 | duplicate partitions (i.e. more than one per partition type), as are root and <filename>/usr/</filename> | |
82 | partitions of architectures not compatible with the local system. In other words: this tool will display | |
83 | what it operates with when mounting the image. To display the complete list of partitions use a tool such | |
84 | as <citerefentry | |
85 | project='man-pages'><refentrytitle>fdisk</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> | |
61f403a1 LP |
86 | </refsect1> |
87 | ||
88 | <refsect1> | |
89 | <title>Commands</title> | |
90 | ||
91 | <para>If neither of the command switches listed below are passed the specified disk image is opened and | |
92 | general information about the image and the contained partitions and their use is shown.</para> | |
93 | ||
94 | <variablelist> | |
95 | <varlistentry> | |
96 | <term><option>--mount</option></term> | |
97 | <term><option>-m</option></term> | |
98 | ||
99 | <listitem><para>Mount the specified OS image to the specified directory. This will dissect the image, | |
100 | determine the OS root file system — as well as possibly other partitions — and mount them to the | |
101 | specified directory. If the OS image contains multiple partitions marked with the <ulink | |
102 | url="https://systemd.io/DISCOVERABLE_PARTITIONS">Discoverable Partitions Specification</ulink> | |
103 | multiple nested mounts are established. This command expects two arguments: a path to an image file | |
104 | and a path to a directory where to mount the image.</para> | |
105 | ||
106 | <para>To unmount an OS image mounted like this use <citerefentry | |
107 | project='man-pages'><refentrytitle>umount</refentrytitle><manvolnum>8</manvolnum></citerefentry>'s | |
108 | <option>-R</option> switch (for recursive operation), so that the OS image and all nested partition | |
109 | mounts are unmounted.</para> | |
110 | ||
111 | <para>When the OS image contains LUKS encrypted or Verity integrity protected file systems | |
112 | appropriate volumes are automatically set up and marked for automatic disassembly when the image is | |
113 | unmounted.</para> | |
114 | ||
115 | <para>The OS image may either be specified as path to an OS image stored in a regular file or may | |
116 | refer to block device node (in the latter case the block device must be the "whole" device, i.e. not | |
117 | a partition device). (The other supported commands described here support this, too.)</para> | |
118 | ||
119 | <para>All mounted file systems are checked with the appropriate <citerefentry | |
120 | project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
121 | implementation in automatic fixing mode, unless explicitly turned off (<option>--fsck=no</option>) or | |
122 | read-only operation is requested (<option>--read-only</option>).</para></listitem> | |
123 | </varlistentry> | |
124 | ||
125 | <varlistentry> | |
126 | <term><option>-M</option></term> | |
127 | ||
128 | <listitem><para>This is a shortcut for <option>--mount --mkdir</option>.</para></listitem> | |
129 | </varlistentry> | |
130 | ||
131 | <varlistentry> | |
132 | <term><option>--copy-from</option></term> | |
133 | <term><option>-x</option></term> | |
134 | ||
135 | <listitem><para>Copies a file or directory from the specified OS image into the specified location on | |
136 | the host file system. Expects three arguments: a path to an image file, a source path (relative to | |
137 | the image's root directory) and a destination path (relative to the current working directory, or an | |
138 | absolute path, both outside of the image). If the destination path is omitted or specified as dash | |
139 | (<literal>-</literal>), the specified file is written to standard output. If the source path in the | |
140 | image file system refers to a regular file it is copied to the destination path. In this case access | |
141 | mode, extended attributes and timestamps are copied as well, but file ownership is not. If the source | |
142 | path in the image refers to a directory, it is copied to the destination path, recursively with all | |
143 | containing files and directories. In this case the file ownership is copied too.</para></listitem> | |
144 | </varlistentry> | |
145 | ||
146 | <varlistentry> | |
147 | <term><option>--copy-to</option></term> | |
148 | <term><option>-a</option></term> | |
149 | ||
150 | <listitem><para>Copies a file or directory from the specified location in the host file system into | |
151 | the specified OS image. Expects three arguments: a path to an image file, a source path (relative to | |
152 | the current working directory, or an absolute path, both outside of the image) and a destination path | |
153 | (relative to the image's root directory). If the source path is omitted or specified as dash | |
154 | (<literal>-</literal>), the data to write is read from standard input. If the source path in the host | |
155 | file system refers to a regular file, it is copied to the destination path. In this case access mode, | |
156 | extended attributes and timestamps are copied as well, but file ownership is not. If the source path | |
157 | in the host file system refers to a directory it is copied to the destination path, recursively with | |
158 | all containing files and directories. In this case the file ownership is copied | |
159 | too.</para> | |
160 | ||
161 | <para>As with <option>--mount</option> file system checks are implicitly run before the copy | |
162 | operation begins.</para></listitem> | |
163 | </varlistentry> | |
164 | ||
165 | <xi:include href="standard-options.xml" xpointer="help" /> | |
166 | <xi:include href="standard-options.xml" xpointer="version" /> | |
167 | </variablelist> | |
168 | ||
169 | </refsect1> | |
170 | ||
171 | <refsect1> | |
172 | <title>Options</title> | |
173 | ||
174 | <para>The following options are understood:</para> | |
175 | ||
176 | <variablelist> | |
177 | <varlistentry> | |
178 | <term><option>--read-only</option></term> | |
179 | <term><option>-r</option></term> | |
180 | ||
181 | <listitem><para>Operate in read-only mode. By default <option>--mount</option> will establish | |
182 | writable mount points. If this option is specified they are established in read-only mode | |
183 | instead.</para></listitem> | |
184 | </varlistentry> | |
185 | ||
186 | <varlistentry> | |
187 | <term><option>--fsck=no</option></term> | |
188 | ||
189 | <listitem><para>Turn off automatic file system checking. By default when an image is accessed for | |
190 | writing (by <option>--mount</option> or <option>--add</option>) the file systems contained in the OS | |
191 | image are automatically checked using the appropriate <citerefentry | |
192 | project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
193 | command, in automatic fixing mode. This behavior may be switched off using | |
194 | <option>--fsck=no</option>.</para></listitem> | |
195 | </varlistentry> | |
196 | ||
197 | <varlistentry> | |
198 | <term><option>--mkdir</option></term> | |
199 | ||
200 | <listitem><para>If combined with <option>--mount</option> the directory to mount the OS image to is | |
201 | created if it is missing. Note that the directory is not automatically removed when the disk image is | |
202 | unmounted again.</para></listitem> | |
203 | </varlistentry> | |
204 | ||
205 | <varlistentry> | |
206 | <term><option>--discard=</option></term> | |
207 | ||
208 | <listitem><para>Takes one of <literal>disabled</literal>, <literal>loop</literal>, | |
209 | <literal>all</literal>, <literal>crypto</literal>. If <literal>disabled</literal> the image is | |
75909cc7 | 210 | accessed with empty block discarding turned off. If <literal>loop</literal> discarding is enabled if |
61f403a1 LP |
211 | operating on a regular file. If <literal>crypt</literal> discarding is enabled even on encrypted file |
212 | systems. If <literal>all</literal> discarding is unconditionally enabled.</para></listitem> | |
213 | </varlistentry> | |
214 | ||
215 | <varlistentry> | |
216 | <term><option>--root-hash=</option></term> | |
217 | <term><option>--root-hash-sig=</option></term> | |
218 | <term><option>--verity-data=</option></term> | |
219 | ||
75909cc7 ZJS |
220 | <listitem><para>Configure various aspects of Verity data integrity for the OS image. Option |
221 | <option>--root-hash=</option> specifies a hex-encoded top-level Verity hash to use for setting up the | |
222 | Verity integrity protection. Option <option>--root-hash-sig=</option> specifies the path to a file | |
223 | containing a PKCS#7 signature for the hash. This signature is passed to the kernel during activation, | |
224 | which will match it against signature keys available in the kernel keyring. Option | |
225 | <option>--verity-data=</option> specifies a path to a file with the Verity data to use for the OS | |
226 | image, in case it is stored in a detached file. It is recommended to embed the Verity data directly | |
227 | in the image, using the Verity mechanisms in the <ulink | |
228 | url="https://systemd.io/DISCOVERABLE_PARTITIONS">Discoverable Partitions Specification</ulink>. | |
229 | </para></listitem> | |
61f403a1 LP |
230 | </varlistentry> |
231 | ||
17547fb5 LP |
232 | <xi:include href="standard-options.xml" xpointer="no-pager" /> |
233 | <xi:include href="standard-options.xml" xpointer="no-legend" /> | |
8d0d1a30 | 234 | <xi:include href="standard-options.xml" xpointer="json" /> |
61f403a1 LP |
235 | </variablelist> |
236 | ||
237 | </refsect1> | |
238 | ||
239 | <refsect1> | |
240 | <title>Exit status</title> | |
241 | ||
242 | <para>On success, 0 is returned, a non-zero failure code | |
243 | otherwise.</para> | |
244 | </refsect1> | |
245 | ||
246 | <refsect1> | |
247 | <title>See Also</title> | |
248 | <para> | |
249 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
21556381 ZJS |
250 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
251 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
61f403a1 | 252 | <ulink url="https://systemd.io/DISCOVERABLE_PARTITIONS">Discoverable Partitions Specification</ulink>, |
461836a4 LP |
253 | <citerefentry project='man-pages'><refentrytitle>umount</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
254 | <citerefentry project='man-pages'><refentrytitle>fdisk</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
61f403a1 LP |
255 | </para> |
256 | </refsect1> | |
257 | ||
258 | </refentry> |