systemd-repart, systemd-repart.service - Automatically grow and add partitions, and generate disk images

systemd-repart creates partition tables, and adds or grows partitions, based on the configuration files
       described in repart.d(5).

       systemd-repart is used when building OS images, and also when deploying images to automatically adjust
       them, during boot, to the system they are running on. This way the image can be minimal in size and may
       be augmented automatically at boot, taking possession of the disk space available.

       If invoked with no arguments, systemd-repart operates on the block device backing the root file system
       partition of the running OS, thus adding and growing partitions of the booted OS itself. When called in
       the initrd, it operates on the block device backing /sysroot/ instead, i.e. on the block device the
       system will soon transition into. If --image= is used, it will operate on the specified device or image
       file. The systemd-repart.service service is generally run at boot in the initrd, in order to augment the
       partition table of the OS before its partitions are mounted.

       systemd-repart operations are mostly incremental: it grows existing partitions or adds new ones, but does
       not shrink, delete, or move existing partitions. The service is intended to be run on every boot, but
       when it detects that the partition table already matches the installed repart.d/*.conf configuration
       files, it executes no operation.

       The following use cases are among those covered:

       •   The root partition may be grown to cover the whole available disk space.

       •   A /home/, swap, or /srv/ partition can be added.

       •   A second (or third, ...) root partition may be added, to cover A/B style setups where a second
           version of the root file system is alternatingly used for implementing update schemes. The deployed
           image would carry only a single partition ("A") but on first boot a second partition ("B") for this
           purpose is automatically created.

       The algorithm executed by systemd-repart is roughly as follows:

        1. The repart.d/*.conf configuration files are loaded and parsed, and ordered by filename (without the
           directory prefix). For each configuration file, drop-in files are loaded from directories with same
           name as the configuration file with the suffix ".d" added.

        2. The partition table on the block device is loaded and parsed, if present.

        3. The existing partitions in the partition table are matched with the repart.d/*.conf files by GPT
           partition type UUID. The first existing partition of a specific type is assigned the first
           configuration file declaring the same type. The second existing partition of a specific type is then
           assigned the second configuration file declaring the same type, and so on. After this iterative
           assigning is complete, any existing partitions that have no matching configuration file are
           considered "foreign" and left as they are. And any configuration files for which no partition was
           matched are treated as requests to create a partition.

        4. Partitions that shall be created are now allocated on the disk, taking the size constraints and
           weights declared in the configuration files into account. Free space is used within the limits set by
           size and padding requests. In addition, existing partitions that should be grown are grown. New
           partitions are always appended to the end of the partition table, taking the first partition table
           slot whose index is greater than the indexes of all existing partitions. Partitions are never
           reordered and thus partition numbers remain stable. When partitions are created, they are placed in
           the smallest area of free space that is large enough to satisfy the size and padding limits. This
           means that partitions might have different order on disk than in the partition table. Note that this
           allocation happens in memory only, the partition table on disk is not updated yet.

        5. All existing partitions for which configuration files exist and which currently have no GPT partition
           label set will be assigned a label, either explicitly configured in the configuration or — if that's
           missing — derived automatically from the partition type. The same is done for all partitions that are
           newly created. These assignments are done in memory only, too, the disk is not updated yet.

        6. Similarly, all existing partitions for which configuration files exist and which currently have an
           all-zero identifying UUID will be assigned a new UUID. This UUID is cryptographically hashed from a
           common seed value together with the partition type UUID (and a counter in case multiple partitions of
           the same type are defined), see below. The same is done for all partitions that are created anew.
           These assignments are done in memory only, too, the disk is not updated yet.

        7. Similarly, if the disk's volume UUID is all zeroes it is also initialized, also cryptographically
           hashed from the same common seed value. This is done in memory only too.

        8. The disk space assigned to new partitions (i.e. what was previously free space) is now erased.
           Specifically, all file system signatures are removed, and if the device supports it, the BLKDISCARD
           I/O control command is issued to inform the hardware that the space is now empty. In addition any
           "padding" between partitions and at the end of the device is similarly erased.

        9. The new partition table is finally written to disk. The kernel is asked to reread the partition
           table.

       As an exception to the normal incremental operation, when called in a special "factory reset" mode,
       systemd-repart may be used to erase existing partitions to reset an installation back to vendor defaults.
       This mode of operation is used when either the --factory-reset=yes switch is passed on the tool's command
       line, or the systemd.factory_reset=yes option is specified on the kernel command line, or the
       FactoryReset EFI variable (vendor UUID 8cf2644b-4b0b-428f-9387-6d876050dc67) is set to "yes". It alters
       the algorithm above slightly: between the 3rd and the 4th step above any partition marked explicitly via
       the FactoryReset= boolean is deleted, and the algorithm restarted, thus immediately re-creating these
       partitions anew empty.

       Note that systemd-repart by default only changes partition tables, it does not create or resize any file
       systems within these partitions, unless the Format= configuration option is specified. Also note that
       there are also separate mechanisms available for this purpose, for example systemd-growfs(8) and
       systemd-makefs.

       The UUIDs identifying the new partitions created (or assigned to existing partitions that have no UUID
       yet), as well as the disk as a whole are hashed cryptographically from a common seed value. This seed
       value is usually the machine-id(5) of the system, so that the machine ID reproducibly determines the
       UUIDs assigned to all partitions. If the machine ID cannot be read (or the user passes --seed=random, see
       below) the seed is generated randomly instead, so that the partition UUIDs are also effectively random.
       The seed value may also be set explicitly, formatted as UUID via the --seed= option. By hashing these
       UUIDs from a common seed images prepared with this tool become reproducible and the result of the
       algorithm above deterministic.

       The positional argument should specify the block device or a regular file to operate on. If
       --empty=create is specified, the specified path is created as regular file, which is useful for
       generating disk images from scratch.

Example1.Generateaconfigurationextensionimage

       The following creates a configuration extension DDI (confext) for an /etc/motd update:

           mkdir -p tree/etc/extension-release.d
           echo "Hello World" >tree/etc/motd
           cat >tree/etc/extension-release.d/extension-release.my-motd <<EOF
           ID=fedora
           VERSION_ID=38
           IMAGE_ID=my-motd
           IMAGE_VERSION=7
           EOF
           systemd-repart -C \
             --private-key=privkey.pem \
             --certificate=cert.crt \
             -s tree/ \
             /var/lib/confexts/my-motd.confext.raw
           systemd-confext refresh

       The DDI generated that way may be applied to the system with systemd-confext(1).

       Example2.GenerateasystemextensionimageandsignitviaPKCS11

       The following creates a system extension DDI (sysext) for an /usr/foo update and signs it with a hardware
       token via PKCS11:

           mkdir -p tree/usr/lib/extension-release.d
           echo "Hello World" >tree/usr/foo
           cat >tree/usr/lib/extension-release.d/extension-release.my-foo <<EOF
           ID=fedora
           VERSION_ID=38
           IMAGE_ID=my-foo
           IMAGE_VERSION=7
           EOF
           systemd-repart --make-ddi=sysext \
             --private-key-source=engine:pkcs11 \
             --private-key="pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=0123456789abcdef;token=Some%20Cert" \
             --certificate=cert.crt \
             -s tree/ \
             /var/lib/extensions/my-foo.sysext.raw
           systemd-sysext refresh

       The DDI generated that way may be applied to the system with systemd-sysext(8).

       On success, 0 is returned, and a non-zero failure code otherwise.

       systemd-repart, systemd-repart.service - Automatically grow and add partitions, and generate disk images
       (DDIs)

        1. Portable Services
           https://systemd.io/PORTABLE_SERVICES

systemd 257.7                                                                                  SYSTEMD-REPART(8)

       The following options are understood:

       --dry-run=
           Takes a boolean. If this switch is not specified, --dry-run=yes is the implied default. Controls
           whether systemd-repart executes the requested re-partition operations or whether it should only show
           what it would do. Unless --dry-run=no is specified systemd-repart will not actually touch the
           device's partition table.

           Added in version 245.

       --empty=
           Takes one of "refuse", "allow", "require", "force" or "create". Controls how to operate on block
           devices that are entirely empty, i.e. carry no partition table/disk label yet. If this switch is not
           specified, the implied default is "refuse".

           If "refuse" systemd-repart requires that the block device it shall operate on already carries a
           partition table and refuses operation if none is found. If "allow" the command will extend an
           existing partition table or create a new one if none exists. If "require" the command will create a
           new partition table if none exists so far, and refuse operation if one already exists. If "force" it
           will create a fresh partition table unconditionally, erasing the disk fully in effect. If "force" no
           existing partitions will be taken into account or survive the operation. Hence: use with care, this
           is a great way to lose all your data. If "create" a new loopback file is create under the path passed
           via the device node parameter, of the size indicated with --size=, see below.

           Added in version 245.

       --discard=
           Takes a boolean. If this switch is not specified ,--discard=yes is the implied default. Controls
           whether to issue the BLKDISCARD I/O control command on the space taken up by any added partitions or
           on the space in between them. Usually, it is a good idea to issue this request since it tells the
           underlying hardware that the covered blocks shall be considered empty, improving performance. If
           operating on a regular file instead of a block device node, a sparse file is generated.

           Added in version 245.

       --size=
           Takes a size in bytes, using the usual K, M, G, T suffixes, or the special value "auto". If used the
           specified device node path must refer to a regular file, which is then grown to the specified size if
           smaller, before any change is made to the partition table. If specified as "auto" the minimal size
           for the disk image is automatically determined (i.e. the minimal sizes of all partitions are summed
           up, taking space for additional metadata into account). This switch is not supported if the specified
           node is a block device. This switch has no effect if the file is already as large as the specified
           size or larger. The specified size is implicitly rounded up to multiples of 4096. When used with
           --empty=create this specifies the initial size of the loopback file to create.

           The --size=auto option takes the sizes of pre-existing partitions into account. However, it does not
           accommodate for partition tables that are not tightly packed: the configured partitions might still
           not fit into the backing device if empty space exists between pre-existing partitions (or before the
           first partition) that cannot be fully filled by partitions to grow or create.

           Also note that the automatic size determination does not take files or directories specified with
           CopyFiles= into account: operation might fail if the specified files or directories require more disk
           space then the configured per-partition minimal size limit.

           Added in version 246.

       --factory-reset=
           Takes boolean. If this switch is not specified, --factory=reset=no is the implied default. Controls
           whether to operate in "factory reset" mode, see above. If set to true this will remove all existing
           partitions marked with FactoryReset= set to yes early while executing the re-partitioning algorithm.
           Use with care, this is a great way to lose all your data. Note that partition files need to
           explicitly turn FactoryReset= on, as the option defaults to off. If no partitions are marked for
           factory reset this switch has no effect. Note that there are two other methods to request factory
           reset operation: via the kernel command line and via an EFI variable, see above.

           Added in version 245.

       --can-factory-reset
           If this switch is specified the disk is not re-partitioned. Instead it is determined if any existing
           partitions are marked with FactoryReset=. If there are the tool will exit with exit status zero,
           otherwise non-zero. This switch may be used to quickly determine whether the running system supports
           a factory reset mechanism built on systemd-repart.

           Added in version 245.

       --root=
           Takes a path to a directory to use as root file system when searching for repart.d/*.conf files, for
           the machine ID file to use as seed and for the CopyFiles= and CopyBlocks= source files and
           directories. By default when invoked on the regular system this defaults to the host's root file
           system /. If invoked from the initrd this defaults to /sysroot/, so that the tool operates on the
           configuration and machine ID stored in the root file system later transitioned into itself.

           See --copy-source= for a more restricted option that only affects CopyFiles=.

           Added in version 245.

       --image=
           Takes a path to a disk image file or device to mount and use in a similar fashion to --root=, see
           above.

           Added in version 249.

       --image-policy=policy
           Takes an image policy string as argument, as per systemd.image-policy(7). The policy is enforced when
           operating on the disk image specified via --image=, see above. If not specified, defaults to the "*"
           policy, i.e. all recognized file systems in the image are used.

       --seed=
           Takes a UUID as argument or the special value random. If a UUID is specified the UUIDs to assign to
           partitions and the partition table itself are derived via cryptographic hashing from it. If not
           specified, it is attempted to read the machine ID from the host (or more precisely, the root
           directory configured via --root=) and use it as seed instead, falling back to a randomized seed
           otherwise. Use --seed=random to force a randomized seed. Explicitly specifying the seed may be used
           to generated strictly reproducible partition tables.

           Added in version 245.

       --pretty=
           Takes a boolean argument. If this switch is not specified, it defaults to on when called from an
           interactive terminal and off otherwise. Controls whether to show a user friendly table and graphic
           illustrating the changes applied.

           Added in version 245.

       --definitions=
           Takes a file system path. If specified the *.conf files are read from the specified directory instead
           of searching in /usr/lib/repart.d/*.conf, /etc/repart.d/*.conf, /run/repart.d/*.conf.

           This parameter can be specified multiple times.

           Added in version 245.

       --key-file=
           Takes a file system path. Configures the encryption key to use when setting up LUKS2 volumes
           configured with the Encrypt=key-file setting in partition files. Should refer to a regular file
           containing the key, or an AF_UNIX stream socket in the file system. In the latter case, a connection
           is made to it and the key read from it. If this switch is not specified, the empty key (i.e. zero
           length key) is used. This behaviour is useful for setting up encrypted partitions during early first
           boot that receive their user-supplied password only in a later setup step.

           Added in version 247.

       --private-key=
           Takes a file system path or an engine or provider specific designation. Configures the signing key to
           use when creating verity signature partitions with the Verity=signature setting in partition files.

           Added in version 252.

       --private-key-source=
           Takes one of "file", "engine" or "provider". In the latter two cases, it is followed by the name of a
           provider or engine, separated by colon, that will be passed to OpenSSL's "engine" or "provider"
           logic. Configures how to load the private key to use when creating verity signature partitions with
           the Verity=signature setting in partition files.

           Added in version 256.

       --certificate=
           Takes a file system path or a provider specific designation. Configures the PEM encoded X.509
           certificate to use when creating verity signature partitions with the Verity=signature setting in
           partition files.

           Added in version 252.

       --certificate-source=
           Takes one of "file", or "provider". In the latter case, it is followed by the name of a provider,
           separated by colon, that will be passed to OpenSSL's "provider" logic. Configures how to load the
           X.509 certificate to use when creating verity signature partitions with the Verity=signature setting
           in partition files.

           Added in version 257.

       --tpm2-device=, --tpm2-pcrs=
           Configures the TPM2 device and list of PCRs to use for LUKS2 volumes configured with the Encrypt=tpm2
           option. These options take the same parameters as the identically named options to systemd-cryptenroll(1) and have the same effect on partitions where TPM2 enrollment is requested.

           Added in version 248.

       --tpm2-device-key=PATH, --tpm2-seal-key-handle=HANDLE
           Configures a TPM2 SRK key to bind encryption to. See systemd-cryptenroll(1) for details on this
           option.

           Added in version 255.

       --tpm2-public-key=PATH, --tpm2-public-key-pcrs=PCR[+PCR...]
           Configures a TPM2 signed PCR policy to bind encryption to. See systemd-cryptenroll(1) for details on
           these two options.

           Added in version 252.

       --tpm2-pcrlock=PATH
           Configures a TPM2 pcrlock policy to bind encryption to. See systemd-cryptenroll(1) for details on
           this option.

           Added in version 255.

       --split=BOOL
           Enables generation of split artifacts from partitions configured with SplitName=. If enabled, for
           each partition with SplitName= set, a separate output file containing just the contents of that
           partition is generated. The output filename consists of the loopback filename suffixed with the name
           configured with SplitName=. If the loopback filename ends with ".raw", the suffix is inserted before
           the ".raw" extension instead.

           Note that --split is independent from --dry-run. Even if --dry-run is enabled, split artifacts will
           still be generated from an existing image if --split is enabled.

           Added in version 252.

       --include-partitions=PARTITIONS, --exclude-partitions=PARTITIONS
           These options specify which partition types systemd-repart should operate on. If
           --include-partitions= is used, all partitions that are not specified are excluded. If
           --exclude-partitions= is used, all partitions that are specified are excluded. Both options take a
           comma separated list of GPT partition type UUIDs or identifiers (see Type= in repart.d(5)).

           Added in version 253.

       --defer-partitions=PARTITIONS
           This option specifies for which partition types systemd-repart should defer. All partitions that are
           deferred using this option are still taken into account when calculating the sizes and offsets of
           other partitions, but are not actually written to the disk image. The net effect of this option is
           that if you run systemd-repart again without this option, the missing partitions will be added as if
           they had not been deferred the first time systemd-repart was executed.

           Added in version 253.

       --sector-size=BYTES
           This option allows configuring the sector size of the image produced by systemd-repart. It takes a
           value that is a power of "2" between "512" and "4096". This option is useful when building images for
           disks that use a different sector size as the disk on which the image is produced.

           Added in version 253.

       --architecture=ARCH
           This option allows overriding the architecture used for architecture specific partition types. For
           example, if set to "arm64" a partition type of "root-x86-64" referenced in repart.d/ drop-ins will be
           patched dynamically to refer to "root-arm64" instead. Takes one of "alpha", "arc", "arm", "arm64",
           "ia64", "loongarch64", "mips-le", "mips64-le", "parisc", "ppc", "ppc64", "ppc64-le", "riscv32",
           "riscv64", "s390", "s390x", "tilegx", "x86" or "x86-64".

           Added in version 254.

       --offline=BOOL
           Instructs systemd-repart to build the image offline. Takes a boolean or "auto". Defaults to "auto".
           If enabled, the image is built without using loop devices. This is useful to build images
           unprivileged or when loop devices are not available. If disabled, the image is always built using
           loop devices. If "auto", systemd-repart will build the image online if possible and fall back to
           building the image offline if loop devices are not available or cannot be accessed due to missing
           permissions.

           Added in version 254.

       --copy-from=IMAGE
           Instructs systemd-repart to synthesize partition definitions from the partition table in the given
           image. This option can be specified multiple times to synthesize definitions from each of the given
           images. The generated definitions will copy the partitions into the destination partition table. The
           copied partitions will have the same size, metadata and contents but might have a different partition
           number and might be located at a different offset in the destination partition table. These
           definitions can be combined with partition definitions read from regular partition definition files.
           The synthesized definitions take precedence over the definitions read from partition definition
           files.

           Added in version 255.

       --copy-source=PATH, -sPATH
           Specifies a source directory all CopyFiles= source paths shall be considered relative to. This is
           similar to --root=, but exclusively applies to the CopyFiles= setting. If --root= and --copy-source=
           are used in combination the former applies as usual, except for CopyFiles= where the latter takes
           precedence.

           Added in version 255.

       --make-ddi=TYPE
           Takes one of "sysext", "confext" or "portable". Generates a Discoverable Disk Image (DDI) for a
           system extension (sysext, see systemd-sysext(8) for details), configuration extension (confext) or
           PortableServices[1]. The generated image will consist of a signed Verity "erofs" file system as root
           partition. In this mode of operation the partition definitions in /usr/lib/repart.d/*.conf and
           related directories are not read, and --definitions= is not supported, as appropriate definitions for
           the selected DDI class will be chosen automatically.

           Must be used in conjunction with --copy-source= to specify the file hierarchy to populate the DDI
           with. The specified directory should contain an etc/ subdirectory if "confext" is selected. If
           "sysext" is selected it should contain either a usr/ or opt/ directory, or both. If "portable" is
           used a full OS file hierarchy can be provided.

           This option implies --empty=create, --size=auto and --seed=random (the latter two can be overridden).

           The private key and certificate for signing the DDI must be specified via the --private-key= and
           --certificate= switches.

           Added in version 255.

       -S, -C, -P
           Shortcuts for --make-ddi=sysext, --make-ddi=confext, --make-ddi=portable, respectively.

           Added in version 255.

       --generate-fstab=PATH
           Specifies a path where to write fstab(5) entries for the mountpoints configured with MountPoint= in
           the root directory specified with --copy-source= or --root= or in the host's root directory if
           neither is specified. Disabled by default.

           Added in version 256.

       --generate-crypttab=PATH
           Specifies a path where to write crypttab entries for the encrypted volumes configured with
           EncryptedVolume= in the root directory specified with --copy-source= or --root= or in the host's root
           directory if neither is specified. Disabled by default.

           Added in version 256.

       --list-devices
           Show a list of candidate block devices this command may operate on. Specifically, this enumerates
           block devices currently present that support partition tables, and shows their device node paths
           along with any of their symlinks.

           Added in version 257.

       -h, --help
           Print a short help text and exit.

       --version
           Print a short version string and exit.

       --no-pager
           Do not pipe output into a pager.

       --no-legend
           Do not print the legend, i.e. column headers and the footer with hints.

       --json=MODE
           Shows output formatted as JSON. Expects one of "short" (for the shortest possible output without any
           redundant whitespace or line breaks), "pretty" (for a pretty version of the same, with indentation
           and line breaks) or "off" (to turn off JSON output, the default).

systemd(1), repart.d(5), machine-id(5), systemd-cryptenroll(1), portablectl(1), systemd-sysext(8)

systemd-repart [OPTIONS...] [[BLOCKDEVICE]...]

       systemd-repart.service