table of contents
- bookworm 252.31-1~deb12u1
- bookworm-backports 254.16-1~bpo12+1
REPART.D(5) | repart.d | REPART.D(5) |
NAME¶
repart.d - Partition Definition Files for Automatic Boot-Time Repartitioning
SYNOPSIS¶
/etc/repart.d/*.conf /run/repart.d/*.conf /usr/lib/repart.d/*.conf
DESCRIPTION¶
repart.d/*.conf files describe basic properties of partitions of block devices of the local system. They may be used to declare types, names and sizes of partitions that shall exist. The systemd-repart(8) service reads these files and attempts to add new partitions currently missing and enlarge existing partitions according to these definitions. Operation is generally incremental, i.e. when applied, what exists already is left intact, and partitions are never shrunk, moved or deleted.
These definition files are useful for implementing operating system images that are prepared and delivered with minimally sized images (for example lacking any state or swap partitions), and which on first boot automatically take possession of any remaining disk space following a few basic rules.
Currently, support for partition definition files is only implemented for GPT partition tables.
Partition files are generally matched against any partitions already existing on disk in a simple algorithm: the partition files are sorted by their filename (ignoring the directory prefix), and then compared in order against existing partitions matching the same partition type UUID. Specifically, the first existing partition with a specific partition type UUID is assigned the first definition file with the same partition type UUID, and the second existing partition with a specific type UUID the second partition file with the same type UUID, and so on. Any left-over partition files that have no matching existing partition are assumed to define new partition that shall be created. Such partitions are appended to the end of the partition table, in the order defined by their names utilizing the first partition slot greater than the highest slot number currently in use. Any existing partitions that have no matching partition file are left as they are.
Note that these definitions may only be used to create and initialize new partitions or to grow existing ones. In the latter case it will not grow the contained files systems however; separate mechanisms, such as systemd-growfs(8) may be used to grow the file systems inside of these partitions. Partitions may also be marked for automatic growing via the GrowFileSystem= setting, in which case the file system is grown on first mount by tools that respect this flag. See below for details.
[PARTITION] SECTION OPTIONS¶
Type=
Table 1. GPT partition type identifiers
Identifier | Explanation |
esp | EFI System Partition |
xbootldr | Extended Boot Loader Partition |
swap | Swap partition |
home | Home (/home/) partition |
srv | Server data (/srv/) partition |
var | Variable data (/var/) partition |
tmp | Temporary data (/var/tmp/) partition |
linux-generic | Generic Linux file system partition |
root | Root file system partition type appropriate for the local architecture (an alias for an architecture root file system partition type listed below, e.g. root-x86-64) |
root-verity | Verity data for the root file system partition for the local architecture |
root-verity-sig | Verity signature data for the root file system partition for the local architecture |
root-secondary | Root file system partition of the secondary architecture of the local architecture (usually the matching 32-bit architecture for the local 64-bit architecture) |
root-secondary-verity | Verity data for the root file system partition of the secondary architecture |
root-secondary-verity-sig | Verity signature data for the root file system partition of the secondary architecture |
root-{arch} | Root file system partition of the given architecture (such as root-x86-64 or root-riscv64) |
root-{arch}-verity | Verity data for the root file system partition of the given architecture |
root-{arch}-verity-sig | Verity signature data for the root file system partition of the given architecture |
usr | /usr/ file system partition type appropriate for the local architecture (an alias for an architecture /usr/ file system partition type listed below, e.g. usr-x86-64) |
usr-verity | Verity data for the /usr/ file system partition for the local architecture |
usr-verity-sig | Verity signature data for the /usr/ file system partition for the local architecture |
usr-secondary | /usr/ file system partition of the secondary architecture of the local architecture (usually the matching 32-bit architecture for the local 64-bit architecture) |
usr-secondary-verity | Verity data for the /usr/ file system partition of the secondary architecture |
usr-secondary-verity-sig | Verity signature data for the /usr/ file system partition of the secondary architecture |
usr-{arch} | /usr/ file system partition of the given architecture |
usr-{arch}-verity | Verity data for the /usr/ file system partition of the given architecture |
usr-{arch}-verity-sig | Verity signature data for the /usr/ file system partition of the given architecture |
This setting defaults to
linux-generic.
Most of the partition type UUIDs listed above are defined in the Discoverable Partitions Specification[1].
Label=
UUID=
Priority=
Weight=
The Weight= setting is used to distribute available disk space in an "elastic" fashion, based on the disk size and existing partitions. If a partition shall have a fixed size use both SizeMinBytes= and SizeMaxBytes= with the same value in order to fixate the size to one value, in which case the weight has no effect.
PaddingWeight=
Padding is useful if empty space shall be left for later additions or a safety margin at the end of the device or between partitions.
SizeMinBytes=, SizeMaxBytes=
PaddingMinBytes=, PaddingMaxBytes=
CopyBlocks=
If the special value "auto" is specified, the source to copy from is automatically picked up from the running system (or the image specified with --image= — if used). A partition that matches both the configured partition type (as declared with Type= described above), and the currently mounted directory appropriate for that partition type is determined. For example, if the partition type is set to "root" the partition backing the root directory (/) is used as source to copy from — if its partition type is set to "root" as well. If the declared type is "usr" the partition backing /usr/ is used as source to copy blocks from — if its partition type is set to "usr" too. The logic is capable of automatically tracking down the backing partitions for encrypted and Verity-enabled volumes. "CopyBlocks=auto" is useful for implementing "self-replicating" systems, i.e. systems that are their own installer.
The file specified here must have a size that is a multiple of the basic block size 512 and not be empty. If this option is used, the size allocation algorithm is slightly altered: the partition is created at least as big as required to fit the data in, i.e. the data size is an additional minimum size value taken into consideration for the allocation algorithm, similar to and in addition to the SizeMin= value configured above.
This option has no effect if the partition it is declared for already exists, i.e. existing data is never overwritten. Note that the data is copied in before the partition table is updated, i.e. before the partition actually is persistently created. This provides robustness: it is guaranteed that the partition either doesn't exist or exists fully populated; it is not possible that the partition exists but is not or only partially populated.
This option cannot be combined with Format= or CopyFiles=.
Format=
This option has no effect if the partition already exists.
Similarly to the behaviour of CopyBlocks=, the file system is formatted before the partition is created, ensuring that the partition only ever exists with a fully initialized file system.
This option cannot be combined with CopyBlocks=.
CopyFiles=
This option has no effect if the partition already exists: it cannot be used to copy additional files into an existing partition, it may only be used to populate a file system created anew.
The copy operation is executed before the file system is registered in the partition table, thus ensuring that a file system populated this way only ever exists fully initialized.
Note that CopyFiles= will skip copying files that aren't supported by the target filesystem (e.g symlinks, fifos, sockets and devices on vfat). When an unsupported file type is encountered, systemd-repart will skip copying this file and write a log message about it.
Note that systemd-repart does not change the UIDs/GIDs of any copied files and directories. When running systemd-repart as an unprivileged user to build an image of files and directories owned by the same user, you can run systemd-repart in a user namespace with the current user mapped to the root user to make sure the files and directories in the image are owned by the root user.
Note that when populating XFS filesystems with systemd-repart and loop devices are not available, populating XFS filesystems with files containing spaces, tabs or newlines might fail on old versions of mkfs.xfs(8) due to limitations of its protofile format.
Note that when populating XFS filesystems with systemd-repart and loop devices are not available, extended attributes will not be copied into generated XFS filesystems due to limitations mkfs.xfs(8)'s protofile format.
This option cannot be combined with CopyBlocks=.
When systemd-repart(8) is invoked with the --image= or --root= command line switches the source paths specified are taken relative to the specified root directory or disk image root.
ExcludeFiles=, ExcludeFilesTarget=
If the path is a directory and ends with "/", only the directory's contents are excluded but not the directory itself. If the path is a directory and does not end with "/", both the directory and its contents are excluded.
ExcludeFilesTarget= is like ExcludeFiles= except that instead of excluding the path on the host from being copied into the partition, we exclude any files and directories from being copied into the given path in the partition.
When systemd-repart(8) is invoked with the --image= or --root= command line switches the paths specified are taken relative to the specified root directory or disk image root.
MakeDirectories=
The primary use case for this option is to create a minimal set of directories that may be mounted over by other partitions contained in the same disk image. For example, a disk image where the root file system is formatted at first boot might want to automatically pre-create /usr/ in it this way, so that the "usr" partition may over-mount it.
Consider using systemd-tmpfiles(8) with its --image= option to pre-create other, more complex directory hierarchies (as well as other inodes) with fine-grained control of ownership, access modes and other file attributes.
Encrypt=
The LUKS2 UUID is automatically derived from the partition UUID in a stable fashion. If "key-file" or "key-file+tpm2" is used, a key is added to the LUKS2 superblock, configurable with the --key-file= option to systemd-repart. If "tpm2" or "key-file+tpm2" is used, a key is added to the LUKS2 superblock that is enrolled to the local TPM2 chip, as configured with the --tpm2-device= and --tpm2-pcrs= options to systemd-repart.
When used this slightly alters the size allocation logic as the implicit, minimal size limits of Format= and CopyBlocks= are increased by the space necessary for the LUKS2 superblock (see above).
This option has no effect if the partition already exists.
Verity=
A matching verity partition is a partition with the same verity match key (as configured with VerityMatchKey=).
If not explicitly configured, the data partition's UUID will be set to the first 128 bits of the verity root hash. Similarly, if not configured, the hash partition's UUID will be set to the final 128 bits of the verity root hash. The verity root hash itself will be included in the output of systemd-repart.
This option has no effect if the partition already exists.
Usage of this option in combination with Encrypt= is not supported.
For each unique VerityMatchKey= value, a single verity data partition ("Verity=data") and a single verity hash partition ("Verity=hash") must be defined.
VerityMatchKey=
FactoryReset=
Flags=
NoAuto=, ReadOnly=, GrowFileSystem=
If Flags= is used in conjunction with one or more of NoAuto=/ReadOnly=/GrowFileSystem= the latter control the value of the relevant flags, i.e. the high-level settings NoAuto=/ReadOnly=/GrowFileSystem= override the relevant bits of the low-level setting Flags=.
Note that the three flags affect only automatic partition mounting, as implemented by systemd-gpt-auto-generator(8) or the --image= option of various commands (such as systemd-nspawn(1)). It has no effect on explicit mounts, such as those done via mount(8) or fstab(5).
If both bit 50 and 59 are set for a partition (i.e. the partition is marked both read-only and marked for file system growing) the latter is typically without effect: the read-only flag takes precedence in most tools reading these flags, and since growing the file system involves writing to the partition it is consequently ignored.
NoAuto= defaults to off. ReadOnly= defaults to on for Verity partition types, and off for all others. GrowFileSystem= defaults to on for all partition types that support it, except if the partition is marked read-only (and thus effectively, defaults to off for Verity partitions).
SplitName=
Minimize=
SPECIFIERS¶
Specifiers may be used in the Label=, CopyBlocks=, CopyFiles=, MakeDirectories=, SplitName= settings. The following expansions are understood:
Table 2. Specifiers available
Specifier | Meaning | Details |
"%a" | Architecture | A short string identifying the architecture of the local system. A string such as x86, x86-64 or arm64. See the architectures defined for ConditionArchitecture= in systemd.unit(5) for a full list. |
"%A" | Operating system image version | The operating system image version identifier of the running system, as read from the IMAGE_VERSION= field of /etc/os-release. If not set, resolves to an empty string. See os-release(5) for more information. |
"%b" | Boot ID | The boot ID of the running system, formatted as string. See random(4) for more information. |
"%B" | Operating system build ID | The operating system build identifier of the running system, as read from the BUILD_ID= field of /etc/os-release. If not set, resolves to an empty string. See os-release(5) for more information. |
"%H" | Host name | The hostname of the running system. |
"%l" | Short host name | The hostname of the running system, truncated at the first dot to remove any domain component. |
"%m" | Machine ID | The machine ID of the running system, formatted as string. See machine-id(5) for more information. |
"%M" | Operating system image identifier | The operating system image identifier of the running system, as read from the IMAGE_ID= field of /etc/os-release. If not set, resolves to an empty string. See os-release(5) for more information. |
"%o" | Operating system ID | The operating system identifier of the running system, as read from the ID= field of /etc/os-release. See os-release(5) for more information. |
"%v" | Kernel release | Identical to uname -r output. |
"%w" | Operating system version ID | The operating system version identifier of the running system, as read from the VERSION_ID= field of /etc/os-release. If not set, resolves to an empty string. See os-release(5) for more information. |
"%W" | Operating system variant ID | The operating system variant identifier of the running system, as read from the VARIANT_ID= field of /etc/os-release. If not set, resolves to an empty string. See os-release(5) for more information. |
"%T" | Directory for temporary files | This is either /tmp or the path "$TMPDIR", "$TEMP" or "$TMP" are set to. (Note that the directory may be specified without a trailing slash.) |
"%V" | Directory for larger and persistent temporary files | This is either /var/tmp or the path "$TMPDIR", "$TEMP" or "$TMP" are set to. (Note that the directory may be specified without a trailing slash.) |
"%%" | Single percent sign | Use "%%" in place of "%" to specify a single percent sign. |
Additionally, for the
SplitName= setting, the following specifiers are also understood:
Table 3. Specifiers available
Specifier | Meaning | Details |
"%T" | Partition Type UUID | The partition type UUID, as configured with Type= |
"%t" | Partition Type Identifier | The partition type identifier corresponding to the partition type UUID |
"%U" | Partition UUID | The partition UUID, as configured with UUID= |
"%n" | Partition Number | The partition number assigned to the partition |
EXAMPLES¶
Example 1. Grow the root partition to the full
disk size at first boot
With the following file the root partition is automatically grown to the full disk if possible during boot.
# /usr/lib/repart.d/50-root.conf [Partition] Type=root
Example 2. Create a swap and home partition automatically on boot, if missing
The home partition gets all available disk space while the swap partition gets 1G at most and 64M at least. We set a priority > 0 on the swap partition to ensure the swap partition is not used if not enough space is available. For every three bytes assigned to the home partition the swap partition gets assigned one.
# /usr/lib/repart.d/60-home.conf [Partition] Type=home
# /usr/lib/repart.d/70-swap.conf [Partition] Type=swap SizeMinBytes=64M SizeMaxBytes=1G Priority=1 Weight=333
Example 3. Create B partitions in an A/B Verity setup, if missing
Let's say the vendor intends to update OS images in an A/B setup, i.e. with two root partitions (and two matching Verity partitions) that shall be used alternatingly during upgrades. To minimize image sizes the original image is shipped only with one root and one Verity partition (the "A" set), and the second root and Verity partitions (the "B" set) shall be created on first boot on the free space on the medium.
# /usr/lib/repart.d/50-root.conf [Partition] Type=root SizeMinBytes=512M SizeMaxBytes=512M
# /usr/lib/repart.d/60-root-verity.conf [Partition] Type=root-verity SizeMinBytes=64M SizeMaxBytes=64M
The definitions above cover the "A" set of root partition (of a fixed 512M size) and Verity partition for the root partition (of a fixed 64M size). Let's use symlinks to create the "B" set of partitions, since after all they shall have the same properties and sizes as the "A" set.
# ln -s 50-root.conf /usr/lib/repart.d/70-root-b.conf # ln -s 60-root-verity.conf /usr/lib/repart.d/80-root-verity-b.conf
Example 4. Create a data and verity partition from a OS tree
Assuming we have an OS tree at /var/tmp/os-tree that we want to package in a root partition together with a matching verity partition, we can do so as follows:
# 50-root.conf [Partition] Type=root CopyFiles=/var/tmp/os-tree Verity=data VerityMatchKey=root
# 60-root-verity.conf [Partition] Type=root-verity Verity=hash VerityMatchKey=root
SEE ALSO¶
systemd(1), systemd-repart(8), sfdisk(8), systemd-cryptenroll(1)
NOTES¶
- 1.
- Discoverable Partitions Specification
systemd 254 |