man: in systemd-nspawn(1), refer to systemd.exec(5) for the shared stuff

We should avoid duplicating lengthy description of very similar concepts. --root-hash-sig follows the same semantics as RootHashSig=, so just refer the reader to the other man page. --root-hash doesn't implement the same features as RootHash=, so we can't fully replace the description, but let's give the user a hint to look at the other man page too. For #17177.
2025-03-14 04:58:28 +03:00 · 2020-09-29 12:16:12 +02:00 · 2020-09-29 12:16:12 +02:00 · 9e7600cfd7
commit 9e7600cfd7
parent 0b4d17c9a5
1 changed files with 9 additions and 13 deletions
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@ -405,24 +405,20 @@
        <literal>user.verity.usrhash</literal> extended file attribute or via a <filename>.usrhash</filename>
        file adjacent to the disk image, following the same format and logic as for the root hash for the
        root file system described here. Note that there's currently no switch to configure the root hash for
-        the <filename>/usr/</filename> from the command line.</para></listitem>
+        the <filename>/usr/</filename> from the command line.</para>
+
+        <para>Also see the <varname>RootHash=</varname> option in
+        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--root-hash-sig=</option></term>

-        <listitem><para>Takes a PKCS7 formatted binary signature of the <option>--root-hash=</option> option as a path
-        to a DER encoded signature file or as an ASCII base64 string encoding of the DER encoded signature, prefixed
-        by <literal>base64:</literal>. The dm-verity volume will only be opened if the signature of the root hash hex
-        string is valid and done by a public key present in the kernel keyring. If this option is not specified, but a
-        file with the <filename>.roothash.p7s</filename> suffix is found next to the image file, bearing otherwise the
-        same name (except if the image has the <filename>.raw</filename> suffix, in which case the signature file must
-        not have it in its name), the signature is read from it and automatically used.</para>
-
-        <para>The root hash for the <filename>/usr/</filename> file system included in a disk image may be
-        configured via a <filename>.usrhash.p7s</filename> file adjacent to the disk image. There's currently
-        no switch to configure the signature of the root hash of the <filename>/usr/</filename> file system
-        from the command line.</para></listitem>
+        <listitem><para>Takes a PKCS7 signature of the <option>--root-hash=</option> option.
+        The semantics are the same as for the <varname>RootHashSignature=</varname> option, see
+        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+        </para></listitem>
      </varlistentry>

      <varlistentry>