[systemd-devel] Support for unmerged-usr systems will be REMOVED in the second half of 2023
TJ
systemd at iam.tj
Sat Nov 5 10:52:29 UTC 2022
On 05/11/2022 10:36, Mantas Mikulėnas wrote:
> On Sat, Nov 5, 2022 at 12:06 PM TJ <systemd at iam.tj> wrote:
>
>> Just seen this announcement in the v252 changelog:
>>
>> "We intend to remove support for split-usr (/usr mounted separately
>> during boot) ..."
>>
>> How does this align with support for separate /usr/ with dm-verity ?
>>
>> For example, this will affect nspawn. See "man 1 systemd-nspawn" and
>> "--root-hash=" where in respect of /usr/ it says:
>>
>> "Note that this configures the root hash for the root file system. Disk
>> images may also contain separate file systems for the /usr/ hierarchy,
>> which may be Verity protected as well. The root hash for this protection
>> may be configured via the "user.verity.usrhash" extended file attribute
>> or via a .usrhash file adjacent to the disk image, following the same
>> format and logic as for the root hash for the root file system described
>> here."
>>
>
> /usr can remain on a separate partition as long as it's mounted *by the
> initrd* (the same way initrd currently mounts your rootfs), so that by the
> time systemd starts it already has the full filesystem.
How does this work when systemd is used inside the initrd, as
"recommended" / discussed at, for example "Using systemd inside an initrd" :
https://systemd.io/INITRD_INTERFACE/
> What's finally being removed is support for having the rootfs itself mount
> /usr halfway through, which requires many things that normally are on
> /usr/lib to be split between it and /lib instead (such as on Debian).
>
> Using the initrd to mount /usr isn't new.
> <https://web.archive.org/web/20150906203654if_/https://www.gentoo.org/support/news-items/2013-09-27-initramfs-required.html>
>
Does it also affect the command-line options "mount.usr=,
mount.usrfstype=, mount.usrflags=, usrhash=, systemd.verity_usr_data=,
systemd.verity_usr_hash=, systemd.verity_usr_options=" as per "man 7
kernel-command-line" ?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xEFEC37A429CD6080.asc
Type: application/pgp-keys
Size: 15139 bytes
Desc: OpenPGP public key
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20221105/ae285125/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20221105/ae285125/attachment-0001.sig>
More information about the systemd-devel
mailing list