[systemd-devel] Hermetic-usr implementation on dracut
Nils Kattenbeck
nilskemail at gmail.com
Mon Mar 3 10:54:35 UTC 2025
Hi,
systemd definitely already has all the stuff in place to do this on it's
own.
The stuff creating the root partition would be sd-repart which just needs a
corresponding partition description.
A good example of how this can be used is particleOS
https://github.com/systemd/particleos
which is an experiment to implement a OS based on the blog post you
mentioned.
It uses mkosi https://github.com/systemd/mkosi to create the image
which in turn will generate a purely systemd based initrd.
Cheers, Nils
On Mon, Mar 3, 2025, 11:45 Emanuele Giuseppe Esposito <eesposit at redhat.com>
wrote:
> Hello everyone,
>
> As you might know already, I tried to submit a new dracut module that
> implements the hermetic-usr approach described by Lennart in his
> blogpost "Fitting everything together":
> https://0pointer.net/blog/fitting-everything-together.html.
>
> The PR is here: https://github.com/dracut-ng/dracut-ng/pull/1234
>
> While there are some small things to fix, it works well, at least in the
> environments that I tried.
>
> It is able to recreate the whole root from scratch, provided that /usr
> is existing in a separate partition.It creates a LUKS as well as
> plaintext root, and supports plaintext /usr as well as dm-verity
> protected one.
>
> Zbigniew pointed me that a dracut module might not be the best way to
> achieve this, and there might be work in progress already in systemd to
> achieve the same goal with a separate systemd component.
>
> Can you point me to the work that is being done in systemd? More
> specifically, if there is something similar to what I implemented that
> puts together systemd-repart with systemd-tmpfiles and sysusers and
> creates a root. Is there some project already going on that does this?
>
> My module uses only 3 systemd units, and most of this stuff could be
> reused, if you want. Or maybe is it better to continue the work on dracut?
>
> Let me know,
> Emanuele
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20250303/cd1207c7/attachment.htm>
More information about the systemd-devel
mailing list