[systemd-devel] Image based OS, CopyBlocks, verity and duplicate UUIDs

Lennart Poettering lennart at poettering.net
Tue Jun 13 12:25:37 UTC 2023


On Mo, 12.06.23 15:28, Marius Schiffer (marius.schiffer at gmail.com) wrote:

> Hi,
>
> I'm currently building an OS image (with mkosi), for which I'm struggling
> to find a suitable installation and updating strategy for. One requirement
> is a self-replicating install. It should be bootable from a USB stick with
> full functionality and be installable from there.
>
> I settled on using verity protected partitions with their roothash embedded
> into the signed UKI's cmdline.
> This works perfectly fine for booting from the USB stick.
> For the installation, I use systemd-repart to create slots for A/B
> partitions and copying the partitions from the USB stick by block to the
> first slot.
> Updating using systemd-sysupdate (on the installed system) installs a new
> data and verity partition in the unused slot and a UKI with the
> corresponding roothash. systemd-boot can then sort the UKIs by version.
>
> Unfortunately, copying the data and verity partitions on installation of
> course results in the same partition UUIDs on the installed medium and the
> USB stick. UUID collision results in unpredictable mounting when both the
> installed medium and the USB stick is present (which could be the case for
> reinstallation for some reason, or if the USB stick was left on
> reboot).

If systemd-gpt-auto-generator is used to mount these, then

https://github.com/systemd/systemd/commit/1a81ddef00a0a25f6bcdd1e6633430e8b240b87f

should address your issue, no? because then we'll not mount by uuid
anymore, but purely by diskseq ensuring that the stuff
gpt-auto-generator finds is also the stuff we'll end up mounting
eventually.

Lennart

--
Lennart Poettering, Berlin


More information about the systemd-devel mailing list