systemd-repart(8) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXIT STATUS | EXAMPLE | SEE ALSO | NOTES | COLOPHON

SYSTEMD-REPART(8)            systemd-repart            SYSTEMD-REPART(8)

NAME         top

       systemd-repart, systemd-repart.service - Automatically grow and
       add partitions

SYNOPSIS         top


       systemd-repart [OPTIONS...] [[BLOCKDEVICE]...]

       systemd-repart.service

DESCRIPTION         top

       systemd-repart grows and adds partitions to a partition table,
       based on the configuration files described in repart.d(5).

       If invoked with no arguments, it operates on the block device
       backing the root file system partition of the running OS, thus
       growing and adding partitions of the booted OS image itself. If
       --image= is used it will operate on the specified image file.
       When called in the initrd it operates on the block device backing
       /sysroot/ instead, i.e. on the block device the system will soon
       transition into. The systemd-repart.service service is generally
       run at boot in the initrd, in order to augment the partition
       table of the OS before its partitions are mounted.
       systemd-repart (mostly) operates in a purely incremental mode: it
       only grows existing and adds new partitions; it does not shrink,
       delete or move existing partitions. The service is intended to be
       run on every boot, but when it detects that the partition table
       already matches the installed repart.d/*.conf configuration
       files, it executes no operation.

       systemd-repart is intended to be used when deploying OS images,
       to automatically adjust them to the system they are running on,
       during first boot. This way the deployed image can be minimal in
       size and may be augmented automatically at boot when needed,
       taking possession of disk space available but not yet used.
       Specifically the following use cases are among those covered:

       •   The root partition may be grown to cover the whole available
           disk space.

       •   A /home/, swap or /srv/ partition can be added.

       •   A second (or third, ...) root partition may be added, to
           cover A/B style setups where a second version of the root
           file system is alternatingly used for implementing update
           schemes. The deployed image would carry only a single
           partition ("A") but on first boot a second partition ("B")
           for this purpose is automatically created.

       The algorithm executed by systemd-repart is roughly as follows:

        1. The repart.d/*.conf configuration files are loaded and
           parsed, and ordered by filename (without the directory
           prefix). For each configuration file, drop-in files are
           looked for in directories with same name as the configuration
           file with a suffix ".d" added.

        2. The partition table already existing on the block device is
           loaded and parsed.

        3. The existing partitions in the partition table are matched up
           with the repart.d/*.conf files by GPT partition type UUID.
           The first existing partition of a specific type is assigned
           the first configuration file declaring the same type. The
           second existing partition of a specific type is then assigned
           the second configuration file declaring the same type, and so
           on. After this iterative assigning is complete any left-over
           existing partitions that have no matching configuration file
           are considered "foreign" and left as they are. And any
           configuration files for which no partition currently exists
           are understood as a request to create such a partition.

        4. Partitions that shall be created are now allocated on the
           disk, taking the size constraints and weights declared in the
           configuration files into account. Free space is used within
           the limits set by size and padding requests. In addition,
           existing partitions that should be grown are grown. New
           partitions are always appended to the end of the partition
           table, taking the first partition table slot whose index is
           greater than the indexes of all existing partitions.
           Partitions are never reordered and thus partition numbers
           remain stable. When partitions are created, they are placed
           in the smallest area of free space that is large enough to
           satisfy the size and padding limits. This means that
           partitions might have different order on disk than in the
           partition table. Note that this allocation happens in memory
           only, the partition table on disk is not updated yet.

        5. All existing partitions for which configuration files exist
           and which currently have no GPT partition label set will be
           assigned a label, either explicitly configured in the
           configuration or — if that's missing — derived automatically
           from the partition type. The same is done for all partitions
           that are newly created. These assignments are done in memory
           only, too, the disk is not updated yet.

        6. Similarly, all existing partitions for which configuration
           files exist and which currently have an all-zero identifying
           UUID will be assigned a new UUID. This UUID is
           cryptographically hashed from a common seed value together
           with the partition type UUID (and a counter in case multiple
           partitions of the same type are defined), see below. The same
           is done for all partitions that are created anew. These
           assignments are done in memory only, too, the disk is not
           updated yet.

        7. Similarly, if the disk's volume UUID is all zeroes it is also
           initialized, also cryptographically hashed from the same
           common seed value. This is done in memory only too.

        8. The disk space assigned to new partitions (i.e. what was
           previously free space) is now erased. Specifically, all file
           system signatures are removed, and if the device supports it,
           the BLKDISCARD I/O control command is issued to inform the
           hardware that the space is now empty. In addition any
           "padding" between partitions and at the end of the device is
           similarly erased.

        9. The new partition table is finally written to disk. The
           kernel is asked to reread the partition table.

       As exception to the normally strictly incremental operation, when
       called in a special "factory reset" mode, systemd-repart may also
       be used to erase existing partitions to reset an installation
       back to vendor defaults. This mode of operation is used when
       either the --factory-reset=yes switch is passed on the tool's
       command line, or the systemd.factory_reset=yes option specified
       on the kernel command line, or the FactoryReset EFI variable
       (vendor UUID 8cf2644b-4b0b-428f-9387-6d876050dc67) is set to
       "yes". It alters the algorithm above slightly: between the 3rd
       and the 4th step above any partition marked explicitly via the
       FactoryReset= boolean is deleted, and the algorithm restarted,
       thus immediately re-creating these partitions anew empty.

       Note that systemd-repart by default only changes partition
       tables, it does not create or resize any file systems within
       these partitions, unless the Format= configuration option is
       specified. Also note that there are also separate mechanisms
       available for this purpose, for example systemd-growfs(8) and
       systemd-makefs.

       The UUIDs identifying the new partitions created (or assigned to
       existing partitions that have no UUID yet), as well as the disk
       as a whole are hashed cryptographically from a common seed value.
       This seed value is usually the machine-id(5) of the system, so
       that the machine ID reproducibly determines the UUIDs assigned to
       all partitions. If the machine ID cannot be read (or the user
       passes --seed=random, see below) the seed is generated randomly
       instead, so that the partition UUIDs are also effectively random.
       The seed value may also be set explicitly, formatted as UUID via
       the --seed= option. By hashing these UUIDs from a common seed
       images prepared with this tool become reproducible and the result
       of the algorithm above deterministic.

       The positional argument should specify the block device to
       operate on. Instead of a block device node path a regular file
       may be specified too, in which case the command operates on it
       like it would if a loopback block device node was specified with
       the file attached. If --empty=create is specified the specified
       path is created as regular file, which is useful for generating
       disk images from scratch.

OPTIONS         top

       The following options are understood:

       --dry-run=
           Takes a boolean. If this switch is not specified
           --dry-run=yes is the implied default. Controls whether
           systemd-repart executes the requested re-partition operations
           or whether it should only show what it would do. Unless
           --dry-run=no is specified systemd-repart will not actually
           touch the device's partition table.

           Added in version 245.

       --empty=
           Takes one of "refuse", "allow", "require", "force" or
           "create". Controls how to operate on block devices that are
           entirely empty, i.e. carry no partition table/disk label yet.
           If this switch is not specified the implied default is
           "refuse".

           If "refuse" systemd-repart requires that the block device it
           shall operate on already carries a partition table and
           refuses operation if none is found. If "allow" the command
           will extend an existing partition table or create a new one
           if none exists. If "require" the command will create a new
           partition table if none exists so far, and refuse operation
           if one already exists. If "force" it will create a fresh
           partition table unconditionally, erasing the disk fully in
           effect. If "force" no existing partitions will be taken into
           account or survive the operation. Hence: use with care, this
           is a great way to lose all your data. If "create" a new
           loopback file is create under the path passed via the device
           node parameter, of the size indicated with --size=, see
           below.

           Added in version 245.

       --discard=
           Takes a boolean. If this switch is not specified
           --discard=yes is the implied default. Controls whether to
           issue the BLKDISCARD I/O control command on the space taken
           up by any added partitions or on the space in between them.
           Usually, it's a good idea to issue this request since it
           tells the underlying hardware that the covered blocks shall
           be considered empty, improving performance. If operating on a
           regular file instead of a block device node, a sparse file is
           generated.

           Added in version 245.

       --size=
           Takes a size in bytes, using the usual K, M, G, T suffixes,
           or the special value "auto". If used the specified device
           node path must refer to a regular file, which is then grown
           to the specified size if smaller, before any change is made
           to the partition table. If specified as "auto" the minimal
           size for the disk image is automatically determined (i.e. the
           minimal sizes of all partitions are summed up, taking space
           for additional metadata into account). This switch is not
           supported if the specified node is a block device. This
           switch has no effect if the file is already as large as the
           specified size or larger. The specified size is implicitly
           rounded up to multiples of 4096. When used with
           --empty=create this specifies the initial size of the
           loopback file to create.

           The --size=auto option takes the sizes of pre-existing
           partitions into account. However, it does not accommodate for
           partition tables that are not tightly packed: the configured
           partitions might still not fit into the backing device if
           empty space exists between pre-existing partitions (or before
           the first partition) that cannot be fully filled by
           partitions to grow or create.

           Also note that the automatic size determination does not take
           files or directories specified with CopyFiles= into account:
           operation might fail if the specified files or directories
           require more disk space then the configured per-partition
           minimal size limit.

           Added in version 246.

       --factory-reset=
           Takes boolean. If this switch is not specified
           --factory=reset=no is the implied default. Controls whether
           to operate in "factory reset" mode, see above. If set to true
           this will remove all existing partitions marked with
           FactoryReset= set to yes early while executing the
           re-partitioning algorithm. Use with care, this is a great way
           to lose all your data. Note that partition files need to
           explicitly turn FactoryReset= on, as the option defaults to
           off. If no partitions are marked for factory reset this
           switch has no effect. Note that there are two other methods
           to request factory reset operation: via the kernel command
           line and via an EFI variable, see above.

           Added in version 245.

       --can-factory-reset
           If this switch is specified the disk is not re-partitioned.
           Instead it is determined if any existing partitions are
           marked with FactoryReset=. If there are the tool will exit
           with exit status zero, otherwise non-zero. This switch may be
           used to quickly determine whether the running system supports
           a factory reset mechanism built on systemd-repart.

           Added in version 245.

       --root=
           Takes a path to a directory to use as root file system when
           searching for repart.d/*.conf files, for the machine ID file
           to use as seed and for the CopyFiles= and CopyBlocks= source
           files and directories. By default when invoked on the regular
           system this defaults to the host's root file system /. If
           invoked from the initrd this defaults to /sysroot/, so that
           the tool operates on the configuration and machine ID stored
           in the root file system later transitioned into itself.

           See --copy-source= for a more restricted option that only
           affects CopyFiles=.

           Added in version 245.

       --image=
           Takes a path to a disk image file or device to mount and use
           in a similar fashion to --root=, see above.

           Added in version 249.

       --image-policy=policy
           Takes an image policy string as argument, as per
           systemd.image-policy(7). The policy is enforced when
           operating on the disk image specified via --image=, see
           above. If not specified defaults to the "*" policy, i.e. all
           recognized file systems in the image are used.

       --seed=
           Takes a UUID as argument or the special value random. If a
           UUID is specified the UUIDs to assign to partitions and the
           partition table itself are derived via cryptographic hashing
           from it. If not specified it is attempted to read the machine
           ID from the host (or more precisely, the root directory
           configured via --root=) and use it as seed instead, falling
           back to a randomized seed otherwise. Use --seed=random to
           force a randomized seed. Explicitly specifying the seed may
           be used to generated strictly reproducible partition tables.

           Added in version 245.

       --pretty=
           Takes a boolean argument. If this switch is not specified, it
           defaults to on when called from an interactive terminal and
           off otherwise. Controls whether to show a user friendly table
           and graphic illustrating the changes applied.

           Added in version 245.

       --definitions=
           Takes a file system path. If specified the *.conf files are
           read from the specified directory instead of searching in
           /usr/lib/repart.d/*.conf, /etc/repart.d/*.conf,
           /run/repart.d/*.conf.

           This parameter can be specified multiple times.

           Added in version 245.

       --key-file=
           Takes a file system path. Configures the encryption key to
           use when setting up LUKS2 volumes configured with the
           Encrypt=key-file setting in partition files. Should refer to
           a regular file containing the key, or an AF_UNIX stream
           socket in the file system. In the latter case a connection is
           made to it and the key read from it. If this switch is not
           specified the empty key (i.e. zero length key) is used. This
           behaviour is useful for setting up encrypted partitions
           during early first boot that receive their user-supplied
           password only in a later setup step.

           Added in version 247.

       --private-key=
           Takes a file system path. Configures the signing key to use
           when creating verity signature partitions with the
           Verity=signature setting in partition files.

           Added in version 252.

       --private-key-source=
           Takes one of "file", "engine" or "provider". In the latter
           two cases, it is followed by the name of a provider or
           engine, separated by colon, that will be passed to OpenSSL's
           "engine" or "provider" logic. Configures the signing
           mechanism to use when creating verity signature partitions
           with the Verity=signature setting in partition files.

           Added in version 256.

       --certificate=
           Takes a file system path. Configures the PEM encoded X.509
           certificate to use when creating verity signature partitions
           with the Verity=signature setting in partition files.

           Added in version 252.

       --tpm2-device=, --tpm2-pcrs=
           Configures the TPM2 device and list of PCRs to use for LUKS2
           volumes configured with the Encrypt=tpm2 option. These
           options take the same parameters as the identically named
           options to systemd-cryptenroll(1) and have the same effect on
           partitions where TPM2 enrollment is requested.

           Added in version 248.

       --tpm2-device-key=PATH, --tpm2-seal-key-handle=HANDLE
           Configures a TPM2 SRK key to bind encryption to. See
           systemd-cryptenroll(1) for details on this option.

           Added in version 255.

       --tpm2-public-key=PATH, --tpm2-public-key-pcrs=PCR[+PCR...]
           Configures a TPM2 signed PCR policy to bind encryption to.
           See systemd-cryptenroll(1) for details on these two options.

           Added in version 252.

       --tpm2-pcrlock=PATH
           Configures a TPM2 pcrlock policy to bind encryption to. See
           systemd-cryptenroll(1) for details on this option.

           Added in version 255.

       --split=BOOL
           Enables generation of split artifacts from partitions
           configured with SplitName=. If enabled, for each partition
           with SplitName= set, a separate output file containing just
           the contents of that partition is generated. The output
           filename consists of the loopback filename suffixed with the
           name configured with SplitName=. If the loopback filename
           ends with ".raw", the suffix is inserted before the ".raw"
           extension instead.

           Note that --split is independent from --dry-run. Even if
           --dry-run is enabled, split artifacts will still be generated
           from an existing image if --split is enabled.

           Added in version 252.

       --include-partitions=PARTITIONS, --exclude-partitions=PARTITIONS
           These options specify which partition types systemd-repart
           should operate on. If --include-partitions= is used, all
           partitions that aren't specified are excluded. If
           --exclude-partitions= is used, all partitions that are
           specified are excluded. Both options take a comma separated
           list of GPT partition type UUIDs or identifiers (see Type= in
           repart.d(5)).

           Added in version 253.

       --defer-partitions=PARTITIONS
           This option specifies for which partition types
           systemd-repart should defer. All partitions that are deferred
           using this option are still taken into account when
           calculating the sizes and offsets of other partitions, but
           aren't actually written to the disk image. The net effect of
           this option is that if you run systemd-repart again without
           this option, the missing partitions will be added as if they
           had not been deferred the first time systemd-repart was
           executed.

           Added in version 253.

       --sector-size=BYTES
           This option allows configuring the sector size of the image
           produced by systemd-repart. It takes a value that is a power
           of "2" between "512" and "4096". This option is useful when
           building images for disks that use a different sector size as
           the disk on which the image is produced.

           Added in version 253.

       --architecture=ARCH
           This option allows overriding the architecture used for
           architecture specific partition types. For example, if set to
           "arm64" a partition type of "root-x86-64" referenced in
           repart.d/ drop-ins will be patched dynamically to refer to
           "root-arm64" instead. Takes one of "alpha", "arc", "arm",
           "arm64", "ia64", "loongarch64", "mips-le", "mips64-le",
           "parisc", "ppc", "ppc64", "ppc64-le", "riscv32", "riscv64",
           "s390", "s390x", "tilegx", "x86" or "x86-64".

           Added in version 254.

       --offline=BOOL
           Instructs systemd-repart to build the image offline. Takes a
           boolean or "auto". Defaults to "auto". If enabled, the image
           is built without using loop devices. This is useful to build
           images unprivileged or when loop devices are not available.
           If disabled, the image is always built using loop devices. If
           "auto", systemd-repart will build the image online if
           possible and fall back to building the image offline if loop
           devices are not available or cannot be accessed due to
           missing permissions.

           Added in version 254.

       --copy-from=IMAGE
           Instructs systemd-repart to synthesize partition definitions
           from the partition table in the given image. This option can
           be specified multiple times to synthesize definitions from
           each of the given images. The generated definitions will copy
           the partitions into the destination partition table. The
           copied partitions will have the same size, metadata and
           contents but might have a different partition number and
           might be located at a different offset in the destination
           partition table. These definitions can be combined with
           partition definitions read from regular partition definition
           files. The synthesized definitions take precedence over the
           definitions read from partition definition files.

           Added in version 255.

       --copy-source=PATH, -s PATH
           Specifies a source directory all CopyFiles= source paths
           shall be considered relative to. This is similar to --root=,
           but exclusively applies to the CopyFiles= setting. If --root=
           and --copy-source= are used in combination the former applies
           as usual, except for CopyFiles= where the latter takes
           precedence.

           Added in version 255.

       --make-ddi=TYPE
           Takes one of "sysext", "confext" or "portable". Generates a
           Discoverable Disk Image (DDI) for a system extension (sysext,
           see systemd-sysext(8) for details), configuration extension
           (confext) or portable service[1]. The generated image will
           consist of a signed Verity "erofs" file system as root
           partition. In this mode of operation the partition
           definitions in /usr/lib/repart.d/*.conf and related
           directories are not read, and --definitions= is not
           supported, as appropriate definitions for the selected DDI
           class will be chosen automatically.

           Must be used in conjunction with --copy-source= to specify
           the file hierarchy to populate the DDI with. The specified
           directory should contain an etc/ subdirectory if "confext" is
           selected. If "sysext" is selected it should contain either a
           usr/ or opt/ directory, or both. If "portable" is used a full
           OS file hierarchy can be provided.

           This option implies --empty=create, --size=auto and
           --seed=random (the latter two can be overridden).

           The private key and certificate for signing the DDI must be
           specified via the --private-key= and --certificate= switches.

           Added in version 255.

       -S, -C, -P
           Shortcuts for --make-ddi=sysext, --make-ddi=confext,
           --make-ddi=portable, respectively.

           Added in version 255.

       --generate-fstab=PATH
           Specifies a path where to write fstab entries for the
           mountpoints configured with MountPoint= in the root directory
           specified with --copy-source= or --root= or in the host's
           root directory if neither is specified. Disabled by default.

           Added in version 256.

       --generate-crypttab=PATH
           Specifies a path where to write crypttab entries for the
           encrypted volumes configured with EncryptedVolume= in the
           root directory specified with --copy-source= or --root= or in
           the host's root directory if neither is specified. Disabled
           by default.

           Added in version 256.

       -h, --help
           Print a short help text and exit.

       --version
           Print a short version string and exit.

       --no-pager
           Do not pipe output into a pager.

       --no-legend
           Do not print the legend, i.e. column headers and the footer
           with hints.

       --json=MODE
           Shows output formatted as JSON. Expects one of "short" (for
           the shortest possible output without any redundant whitespace
           or line breaks), "pretty" (for a pretty version of the same,
           with indentation and line breaks) or "off" (to turn off JSON
           output, the default).

EXIT STATUS         top

       On success, 0 is returned, a non-zero failure code otherwise.

EXAMPLE         top

       Example 1. Generate a configuration extension image

       The following creates a configuration extension DDI (confext) for
       an /etc/motd update:

           mkdir tree tree/etc tree/etc/extension-release.d
           echo "Hello World" > tree/etc/motd
           cat > tree/etc/extension-release.d/extension-release.my-motd <<EOF
           ID=fedora
           VERSION_ID=38
           IMAGE_ID=my-motd
           IMAGE_VERSION=7
           EOF
           systemd-repart -C --private-key=privkey.pem --certificate=cert.crt -s tree/ /var/lib/confexts/my-motd.confext.raw
           systemd-confext refresh

       The DDI generated that way may be applied to the system with
       systemd-confext(1).

       Example 2. Generate a system extension image and sign it via
       PKCS11

       The following creates a system extension DDI (sysext) for an
       /usr/foo update and signs it with a hardware token via PKCS11.

           mkdir tree tree/usr tree/usr/lib/extension-release.d
           echo "Hello World" > tree/usr/foo
           cat > tree/usr/lib/extension-release.d/extension-release.my-foo <<EOF
           ID=fedora
           VERSION_ID=38
           IMAGE_ID=my-foo
           IMAGE_VERSION=7
           EOF
           systemd-repart --make-ddi=sysext --private-key-source=engine:pkcs11 --private-key="pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=0123456789abcdef;token=Some%20Cert" --certificate=cert.crt -s tree/ /var/lib/extensions/my-foo.sysext.raw
           systemd-sysext refresh

       The DDI generated that way may be applied to the system with
       systemd-sysext(1).

SEE ALSO         top

       systemd(1), repart.d(5), machine-id(5), systemd-cryptenroll(1),
       portablectl(1), systemd-sysext(8)

NOTES         top

        1. portable service
           https://systemd.io/PORTABLE_SERVICES

COLOPHON         top

       This page is part of the systemd (systemd system and service
       manager) project.  Information about the project can be found at
       ⟨http://www.freedesktop.org/wiki/Software/systemd⟩.  If you have
       a bug report for this manual page, see
       ⟨http://www.freedesktop.org/wiki/Software/systemd/#bugreports⟩.
       This page was obtained from the project's upstream Git repository
       ⟨https://github.com/systemd/systemd.git⟩ on 2024-06-14.  (At that
       time, the date of the most recent commit that was found in the
       repository was 2024-06-13.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       [email protected]

systemd 257~devel                                      SYSTEMD-REPART(8)

Pages that refer to this page: repart.d(5)sysupdate.d(5)systemd.directives(7)systemd.index(7)[email protected](8)systemd-pcrlock(8)systemd-sysupdate(8)