DESCRIPTION¶
systemd-repart creates partition tables, and adds or grows
partitions, based on the configuration files described in
repart.d(5).
systemd-repart is used when building OS images, and
also when deploying images to automatically adjust them, during boot,
to the system they are running on. This way the image can be minimal in size
and may be augmented automatically at boot, taking possession of the disk
space available.
If invoked with no arguments, systemd-repart operates on
the block device backing the root file system partition of the running OS,
thus adding and growing partitions of the booted OS itself. When called in
the initrd, it operates on the block device backing /sysroot/ instead, i.e.
on the block device the system will soon transition into. If --image=
is used, it will operate on the specified device or image file. The
systemd-repart.service service is generally run at boot in the initrd, in
order to augment the partition table of the OS before its partitions are
mounted.
systemd-repart operations are mostly incremental: it grows
existing partitions or adds new ones, but does not shrink, delete, or move
existing partitions. The service is intended to be run on every boot, but
when it detects that the partition table already matches the installed
repart.d/*.conf configuration files, it executes no operation.
The following use cases are among those covered:
•The root partition may be grown to cover the
whole available disk space.
•A /home/, swap, or /srv/ partition can be
added.
•A second (or third, ...) root partition may be
added, to cover A/B style setups where a second version of the root file
system is alternatingly used for implementing update schemes. The deployed
image would carry only a single partition ("A") but on first boot a
second partition ("B") for this purpose is automatically
created.
The algorithm executed by systemd-repart is roughly as
follows:
1.The repart.d/*.conf configuration files are loaded and
parsed, and ordered by filename (without the directory prefix). For each
configuration file, drop-in files are loaded from directories with same name
as the configuration file with the suffix ".d" added.
2.The partition table on the block device is loaded and
parsed, if present.
3.The existing partitions in the partition table are
matched with the repart.d/*.conf files by GPT partition type UUID. The first
existing partition of a specific type is assigned the first configuration file
declaring the same type. The second existing partition of a specific type is
then assigned the second configuration file declaring the same type, and so
on. After this iterative assigning is complete, any existing partitions that
have no matching configuration file are considered "foreign" and
left as they are. And any configuration files for which no partition was
matched are treated as requests to create a partition.
4.Partitions that shall be created are now allocated on
the disk, taking the size constraints and weights declared in the
configuration files into account. Free space is used within the limits set by
size and padding requests. In addition, existing partitions that should be
grown are grown. New partitions are always appended to the end of the
partition table, taking the first partition table slot whose index is greater
than the indexes of all existing partitions. Partitions are never reordered
and thus partition numbers remain stable. When partitions are created, they
are placed in the smallest area of free space that is large enough to satisfy
the size and padding limits. This means that partitions might have different
order on disk than in the partition table. Note that this allocation happens
in memory only, the partition table on disk is not updated yet.
5.All existing partitions for which configuration files
exist and which currently have no GPT partition label set will be assigned a
label, either explicitly configured in the configuration or — if that's
missing — derived automatically from the partition type. The same is
done for all partitions that are newly created. These assignments are done in
memory only, too, the disk is not updated yet.
6.Similarly, all existing partitions for which
configuration files exist and which currently have an all-zero identifying
UUID will be assigned a new UUID. This UUID is cryptographically hashed from a
common seed value together with the partition type UUID (and a counter in case
multiple partitions of the same type are defined), see below. The same is done
for all partitions that are created anew. These assignments are done in memory
only, too, the disk is not updated yet.
7.Similarly, if the disk's volume UUID is all zeroes it
is also initialized, also cryptographically hashed from the same common seed
value. This is done in memory only too.
8.The disk space assigned to new partitions (i.e. what
was previously free space) is now erased. Specifically, all file system
signatures are removed, and if the device supports it, the BLKDISCARD
I/O control command is issued to inform the hardware that the space is now
empty. In addition any "padding" between partitions and at the end
of the device is similarly erased.
9.The new partition table is finally written to disk.
The kernel is asked to reread the partition table.
As an exception to the normal incremental operation, when called
in a special "factory reset" mode, systemd-repart may be
used to erase existing partitions to reset an installation back to vendor
defaults. This mode of operation is used when either the
--factory-reset=yes switch is passed on the tool's command line, or
the systemd.factory_reset=yes option is specified on the kernel
command line, or the FactoryReset EFI variable (vendor UUID
8cf2644b-4b0b-428f-9387-6d876050dc67) is set to "yes". It
alters the algorithm above slightly: between the 3rd and the 4th step above
any partition marked explicitly via the FactoryReset= boolean is
deleted, and the algorithm restarted, thus immediately re-creating these
partitions anew empty.
Note that systemd-repart by default only changes partition
tables, it does not create or resize any file systems within these
partitions, unless the Format= configuration option is specified.
Also note that there are also separate mechanisms available for this
purpose, for example systemd-growfs(8) and systemd-makefs.
The UUIDs identifying the new partitions created (or assigned to
existing partitions that have no UUID yet), as well as the disk as a whole
are hashed cryptographically from a common seed value. This seed value is
usually the machine-id(5) of the system, so that the machine ID
reproducibly determines the UUIDs assigned to all partitions. If the machine
ID cannot be read (or the user passes --seed=random, see below) the
seed is generated randomly instead, so that the partition UUIDs are also
effectively random. The seed value may also be set explicitly, formatted as
UUID via the --seed= option. By hashing these UUIDs from a common
seed images prepared with this tool become reproducible and the result of
the algorithm above deterministic.
The positional argument should specify the block device or a
regular file to operate on. If --empty=create is specified, the
specified path is created as regular file, which is useful for generating
disk images from scratch.
OPTIONS¶
The following options are understood:
--dry-run=
Takes a boolean. If this switch is not specified
--dry-run=yes is the implied default. Controls whether systemd-repart
executes the requested re-partition operations or whether it should only show
what it would do. Unless
--dry-run=no is specified systemd-repart will
not actually touch the device's partition table.
Added in version 245.
--empty=
Takes one of "refuse", "allow",
"require", "force" or "create". Controls how to
operate on block devices that are entirely empty, i.e. carry no partition
table/disk label yet. If this switch is not specified the implied default is
"refuse".
If "refuse" systemd-repart requires that the
block device it shall operate on already carries a partition table and
refuses operation if none is found. If "allow" the command will
extend an existing partition table or create a new one if none exists. If
"require" the command will create a new partition table if none
exists so far, and refuse operation if one already exists. If
"force" it will create a fresh partition table unconditionally,
erasing the disk fully in effect. If "force" no existing
partitions will be taken into account or survive the operation. Hence: use
with care, this is a great way to lose all your data. If "create"
a new loopback file is create under the path passed via the device node
parameter, of the size indicated with --size=, see below.
Added in version 245.
--discard=
Takes a boolean. If this switch is not specified
--discard=yes is the implied default. Controls whether to issue the
BLKDISCARD I/O control command on the space taken up by any added
partitions or on the space in between them. Usually, it's a good idea to issue
this request since it tells the underlying hardware that the covered blocks
shall be considered empty, improving performance. If operating on a regular
file instead of a block device node, a sparse file is generated.
Added in version 245.
--size=
Takes a size in bytes, using the usual K, M, G, T
suffixes, or the special value "auto". If used the specified device
node path must refer to a regular file, which is then grown to the specified
size if smaller, before any change is made to the partition table. If
specified as "auto" the minimal size for the disk image is
automatically determined (i.e. the minimal sizes of all partitions are summed
up, taking space for additional metadata into account). This switch is not
supported if the specified node is a block device. This switch has no effect
if the file is already as large as the specified size or larger. The specified
size is implicitly rounded up to multiples of 4096. When used with
--empty=create this specifies the initial size of the loopback file to
create.
The --size=auto option takes the sizes of pre-existing
partitions into account. However, it does not accommodate for partition
tables that are not tightly packed: the configured partitions might still
not fit into the backing device if empty space exists between pre-existing
partitions (or before the first partition) that cannot be fully filled by
partitions to grow or create.
Also note that the automatic size determination does not take
files or directories specified with CopyFiles= into account:
operation might fail if the specified files or directories require more disk
space then the configured per-partition minimal size limit.
Added in version 246.
--factory-reset=
Takes boolean. If this switch is not specified
--factory=reset=no is the implied default. Controls whether to operate
in "factory reset" mode, see above. If set to true this will remove
all existing partitions marked with
FactoryReset= set to yes early
while executing the re-partitioning algorithm. Use with care, this is a great
way to lose all your data. Note that partition files need to explicitly turn
FactoryReset= on, as the option defaults to off. If no partitions are
marked for factory reset this switch has no effect. Note that there are two
other methods to request factory reset operation: via the kernel command line
and via an EFI variable, see above.
Added in version 245.
--can-factory-reset
If this switch is specified the disk is not
re-partitioned. Instead it is determined if any existing partitions are marked
with
FactoryReset=. If there are the tool will exit with exit status
zero, otherwise non-zero. This switch may be used to quickly determine whether
the running system supports a factory reset mechanism built on
systemd-repart.
Added in version 245.
--root=
Takes a path to a directory to use as root file system
when searching for repart.d/*.conf files, for the machine ID file to use as
seed and for the
CopyFiles= and
CopyBlocks= source files and
directories. By default when invoked on the regular system this defaults to
the host's root file system /. If invoked from the initrd this defaults to
/sysroot/, so that the tool operates on the configuration and machine ID
stored in the root file system later transitioned into itself.
See --copy-source= for a more restricted option that only
affects CopyFiles=.
Added in version 245.
--image=
Takes a path to a disk image file or device to mount and
use in a similar fashion to
--root=, see above.
Added in version 249.
--image-policy=policy
Takes an image policy string as argument, as per
systemd.image-policy(7). The policy is enforced when operating on the
disk image specified via
--image=, see above. If not specified defaults
to the "*" policy, i.e. all recognized file systems in the image are
used.
--seed=
Takes a UUID as argument or the special value
random. If a UUID is specified the UUIDs to assign to partitions and
the partition table itself are derived via cryptographic hashing from it. If
not specified it is attempted to read the machine ID from the host (or more
precisely, the root directory configured via
--root=) and use it as
seed instead, falling back to a randomized seed otherwise. Use
--seed=random to force a randomized seed. Explicitly specifying the
seed may be used to generated strictly reproducible partition tables.
Added in version 245.
--pretty=
Takes a boolean argument. If this switch is not
specified, it defaults to on when called from an interactive terminal and off
otherwise. Controls whether to show a user friendly table and graphic
illustrating the changes applied.
Added in version 245.
--definitions=
Takes a file system path. If specified the *.conf files
are read from the specified directory instead of searching in
/usr/lib/repart.d/*.conf, /etc/repart.d/*.conf, /run/repart.d/*.conf.
This parameter can be specified multiple times.
Added in version 245.
--key-file=
Takes a file system path. Configures the encryption key
to use when setting up LUKS2 volumes configured with the
Encrypt=key-file setting in partition files. Should refer to a regular
file containing the key, or an
AF_UNIX stream socket in the file
system. In the latter case a connection is made to it and the key read from
it. If this switch is not specified the empty key (i.e. zero length key) is
used. This behaviour is useful for setting up encrypted partitions during
early first boot that receive their user-supplied password only in a later
setup step.
Added in version 247.
--private-key=
Takes a file system path. Configures the signing key to
use when creating verity signature partitions with the
Verity=signature
setting in partition files.
Added in version 252.
--private-key-source=
Takes one of "file", "engine" or
"provider". In the latter two cases, it is followed by the name of a
provider or engine, separated by colon, that will be passed to OpenSSL's
"engine" or "provider" logic. Configures the signing
mechanism to use when creating verity signature partitions with the
Verity=signature setting in partition files.
Added in version 256.
--certificate=
Takes a file system path. Configures the PEM encoded
X.509 certificate to use when creating verity signature partitions with the
Verity=signature setting in partition files.
Added in version 252.
--tpm2-device=, --tpm2-pcrs=
Configures the TPM2 device and list of PCRs to use for
LUKS2 volumes configured with the
Encrypt=tpm2 option. These options
take the same parameters as the identically named options to
systemd-cryptenroll(1) and have the same effect on partitions where
TPM2 enrollment is requested.
Added in version 248.
--tpm2-device-key=PATH,
--tpm2-seal-key-handle=HANDLE
Configures a TPM2 SRK key to bind encryption to. See
systemd-cryptenroll(1) for details on this option.
Added in version 255.
--tpm2-public-key=PATH,
--tpm2-public-key-pcrs=PCR[+PCR...]
Configures a TPM2 signed PCR policy to bind encryption
to. See
systemd-cryptenroll(1) for details on these two options.
Added in version 252.
--tpm2-pcrlock=PATH
Configures a TPM2 pcrlock policy to bind encryption to.
See
systemd-cryptenroll(1) for details on this option.
Added in version 255.
--split=BOOL
Enables generation of split artifacts from partitions
configured with
SplitName=. If enabled, for each partition with
SplitName= set, a separate output file containing just the contents of
that partition is generated. The output filename consists of the loopback
filename suffixed with the name configured with
SplitName=. If the
loopback filename ends with ".raw", the suffix is inserted before
the ".raw" extension instead.
Note that --split is independent from --dry-run.
Even if --dry-run is enabled, split artifacts will still be generated
from an existing image if --split is enabled.
Added in version 252.
--include-partitions=PARTITIONS,
--exclude-partitions=PARTITIONS
These options specify which partition types
systemd-repart should operate on. If
--include-partitions= is
used, all partitions that aren't specified are excluded. If
--exclude-partitions= is used, all partitions that are specified are
excluded. Both options take a comma separated list of GPT partition type UUIDs
or identifiers (see
Type= in
repart.d(5)).
Added in version 253.
--defer-partitions=PARTITIONS
This option specifies for which partition types
systemd-repart should defer. All partitions that are deferred using
this option are still taken into account when calculating the sizes and
offsets of other partitions, but aren't actually written to the disk image.
The net effect of this option is that if you run
systemd-repart again
without this option, the missing partitions will be added as if they had not
been deferred the first time
systemd-repart was executed.
Added in version 253.
--sector-size=BYTES
This option allows configuring the sector size of the
image produced by
systemd-repart. It takes a value that is a power of
"2" between "512" and "4096". This option is
useful when building images for disks that use a different sector size as the
disk on which the image is produced.
Added in version 253.
--architecture=ARCH
This option allows overriding the architecture used for
architecture specific partition types. For example, if set to
"arm64" a partition type of "root-x86-64" referenced in
repart.d/ drop-ins will be patched dynamically to refer to
"root-arm64" instead. Takes one of "alpha",
"arc", "arm", "arm64", "ia64",
"loongarch64", "mips-le", "mips64-le",
"parisc", "ppc", "ppc64", "ppc64-le",
"riscv32", "riscv64", "s390", "s390x",
"tilegx", "x86" or "x86-64".
Added in version 254.
--offline=BOOL
Instructs
systemd-repart to build the image
offline. Takes a boolean or "auto". Defaults to "auto". If
enabled, the image is built without using loop devices. This is useful to
build images unprivileged or when loop devices are not available. If disabled,
the image is always built using loop devices. If "auto",
systemd-repart will build the image online if possible and fall back to
building the image offline if loop devices are not available or cannot be
accessed due to missing permissions.
Added in version 254.
--copy-from=IMAGE
Instructs
systemd-repart to synthesize partition
definitions from the partition table in the given image. This option can be
specified multiple times to synthesize definitions from each of the given
images. The generated definitions will copy the partitions into the
destination partition table. The copied partitions will have the same size,
metadata and contents but might have a different partition number and might be
located at a different offset in the destination partition table. These
definitions can be combined with partition definitions read from regular
partition definition files. The synthesized definitions take precedence over
the definitions read from partition definition files.
Added in version 255.
--copy-source=PATH, -s PATH
Specifies a source directory all
CopyFiles= source
paths shall be considered relative to. This is similar to
--root=, but
exclusively applies to the
CopyFiles= setting. If
--root= and
--copy-source= are used in combination the former applies as usual,
except for
CopyFiles= where the latter takes precedence.
Added in version 255.
--make-ddi=TYPE
Takes one of "sysext", "confext" or
"portable". Generates a Discoverable Disk Image (DDI) for a system
extension (sysext, see
systemd-sysext(8) for details), configuration
extension (confext) or
Portable Services[1]. The generated image will
consist of a signed Verity "erofs" file system as root partition. In
this mode of operation the partition definitions in /usr/lib/repart.d/*.conf
and related directories are not read, and
--definitions= is not
supported, as appropriate definitions for the selected DDI class will be
chosen automatically.
Must be used in conjunction with --copy-source= to specify
the file hierarchy to populate the DDI with. The specified directory should
contain an etc/ subdirectory if "confext" is selected. If
"sysext" is selected it should contain either a usr/ or opt/
directory, or both. If "portable" is used a full OS file hierarchy
can be provided.
This option implies --empty=create, --size=auto and
--seed=random (the latter two can be overridden).
The private key and certificate for signing the DDI must be
specified via the --private-key= and --certificate=
switches.
Added in version 255.
-S, -C, -P
Shortcuts for
--make-ddi=sysext,
--make-ddi=confext,
--make-ddi=portable, respectively.
Added in version 255.
--generate-fstab=PATH
Specifies a path where to write
fstab(5) entries
for the mountpoints configured with
MountPoint= in the root directory
specified with
--copy-source= or
--root= or in the host's root
directory if neither is specified. Disabled by default.
Added in version 256.
--generate-crypttab=PATH
Specifies a path where to write crypttab entries for the
encrypted volumes configured with
EncryptedVolume= in the root
directory specified with
--copy-source= or
--root= or in the
host's root directory if neither is specified. Disabled by default.
Added in version 256.
-h, --help
Print a short help text and exit.
--version
Print a short version string and exit.
--no-pager
Do not pipe output into a pager.
--no-legend
Do not print the legend, i.e. column headers and the
footer with hints.
--json=MODE
Shows output formatted as JSON. Expects one of
"short" (for the shortest possible output without any redundant
whitespace or line breaks), "pretty" (for a pretty version of the
same, with indentation and line breaks) or "off" (to turn off JSON
output, the default).