mirror of
https://github.com/systemd/systemd.git
synced 2024-12-27 07:22:31 +03:00
be57c17625
https://archive.kernel.org/oldwiki/btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5).html says "This wiki has been archived and the content is no longer updated." and redirects to https://btrfs.readthedocs.io/en/latest/btrfs-man5.html. Let's move all the btrfs links to btrfs.readthedocs.io.
554 lines
30 KiB
XML
554 lines
30 KiB
XML
<?xml version='1.0'?> <!--*-nxml-*-->
|
||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
||
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
|
||
|
||
<refentry id="systemd-dissect" conditional='HAVE_BLKID'
|
||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
||
|
||
<refentryinfo>
|
||
<title>systemd-dissect</title>
|
||
<productname>systemd</productname>
|
||
</refentryinfo>
|
||
|
||
<refmeta>
|
||
<refentrytitle>systemd-dissect</refentrytitle>
|
||
<manvolnum>1</manvolnum>
|
||
</refmeta>
|
||
|
||
<refnamediv>
|
||
<refname>systemd-dissect</refname>
|
||
<refname>mount.ddi</refname>
|
||
<refpurpose>Dissect Discoverable Disk Images (DDIs)</refpurpose>
|
||
</refnamediv>
|
||
|
||
<refsynopsisdiv>
|
||
<cmdsynopsis>
|
||
<command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="plain"><replaceable>IMAGE</replaceable></arg></command>
|
||
</cmdsynopsis>
|
||
<cmdsynopsis>
|
||
<command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--mount</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="plain"><replaceable>PATH</replaceable></arg></command>
|
||
</cmdsynopsis>
|
||
<cmdsynopsis>
|
||
<command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--umount</option> <arg choice="plain"><replaceable>PATH</replaceable></arg></command>
|
||
</cmdsynopsis>
|
||
<cmdsynopsis>
|
||
<command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--attach</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg></command>
|
||
</cmdsynopsis>
|
||
<cmdsynopsis>
|
||
<command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--detach</option> <arg choice="plain"><replaceable>PATH</replaceable></arg></command>
|
||
</cmdsynopsis>
|
||
<cmdsynopsis>
|
||
<command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--list</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg></command>
|
||
</cmdsynopsis>
|
||
<cmdsynopsis>
|
||
<command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--mtree</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg></command>
|
||
</cmdsynopsis>
|
||
<cmdsynopsis>
|
||
<command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--with</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="opt" rep="repeat"><replaceable>COMMAND</replaceable></arg></command>
|
||
</cmdsynopsis>
|
||
<cmdsynopsis>
|
||
<command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--copy-from</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="plain"><replaceable>PATH</replaceable></arg> <arg choice="opt"><replaceable>TARGET</replaceable></arg></command>
|
||
</cmdsynopsis>
|
||
<cmdsynopsis>
|
||
<command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--copy-to</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg> <arg choice="opt"><replaceable>SOURCE</replaceable></arg> <arg choice="plain"><replaceable>PATH</replaceable></arg></command>
|
||
</cmdsynopsis>
|
||
<cmdsynopsis>
|
||
<command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--discover</option></command>
|
||
</cmdsynopsis>
|
||
<cmdsynopsis>
|
||
<command>systemd-dissect <arg choice="opt" rep="repeat">OPTIONS</arg> <option>--validate</option> <arg choice="plain"><replaceable>IMAGE</replaceable></arg></command>
|
||
</cmdsynopsis>
|
||
</refsynopsisdiv>
|
||
|
||
<refsect1>
|
||
<title>Description</title>
|
||
|
||
<para><command>systemd-dissect</command> is a tool for introspecting and interacting with file system OS
|
||
disk images, specifically Discoverable Disk Images (DDIs). It supports four different operations:</para>
|
||
|
||
<orderedlist>
|
||
<listitem><para>Show general OS image information, including the image's
|
||
<citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> data,
|
||
machine ID, partition information and more.</para></listitem>
|
||
|
||
<listitem><para>Mount an OS image to a local directory. In this mode it will dissect the OS image and
|
||
mount the included partitions according to their designation onto a directory and possibly
|
||
sub-directories.</para></listitem>
|
||
|
||
<listitem><para>Unmount an OS image from a local directory. In this mode it will recursively unmount
|
||
the mounted partitions and remove the underlying loop device, including all the partition sub-devices.
|
||
</para></listitem>
|
||
|
||
<listitem><para>Copy files and directories in and out of an OS image.</para></listitem>
|
||
</orderedlist>
|
||
|
||
<para>The tool may operate on three types of OS images:</para>
|
||
|
||
<orderedlist>
|
||
<listitem><para>OS disk images containing a GPT partition table envelope, with partitions marked
|
||
according to the <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
|
||
Specification</ulink>.</para></listitem>
|
||
|
||
<listitem><para>OS disk images containing just a plain file-system without an enveloping partition
|
||
table. (This file system is assumed to be the root file system of the OS.)</para></listitem>
|
||
|
||
<listitem><para>OS disk images containing a GPT or MBR partition table, with a single
|
||
partition only. (This partition is assumed to contain the root file system of the OS.)</para></listitem>
|
||
</orderedlist>
|
||
|
||
<para>OS images may use any kind of Linux-supported file systems. In addition they may make use of LUKS
|
||
disk encryption, and contain Verity integrity information. Note that qualifying OS images may be booted
|
||
with <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
|
||
<option>--image=</option> switch, and be used as root file system for system service using the
|
||
<varname>RootImage=</varname> unit file setting, see
|
||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
||
|
||
<para>Note that the partition table shown when invoked without command switch (as listed below) does not
|
||
necessarily show all partitions included in the image, but just the partitions that are understood and
|
||
considered part of an OS disk image. Specifically, partitions of unknown types are ignored, as well as
|
||
duplicate partitions (i.e. more than one per partition type), as are root and <filename>/usr/</filename>
|
||
partitions of architectures not compatible with the local system. In other words: this tool will display
|
||
what it operates with when mounting the image. To display the complete list of partitions use a tool such
|
||
as <citerefentry
|
||
project='man-pages'><refentrytitle>fdisk</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
||
|
||
<para>The <command>systemd-dissect</command> command may be invoked as <command>mount.ddi</command> in
|
||
which case it implements the <citerefentry
|
||
project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> "external
|
||
helper" interface. This ensures disk images compatible with <command>systemd-dissect</command> can be
|
||
mounted directly by <command>mount</command> and <citerefentry
|
||
project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For
|
||
details see below.</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Commands</title>
|
||
|
||
<para>If neither of the command switches listed below are passed the specified disk image is opened and
|
||
general information about the image and the contained partitions and their use is shown.</para>
|
||
|
||
<variablelist>
|
||
<varlistentry>
|
||
<term><option>--mount</option></term>
|
||
<term><option>-m</option></term>
|
||
|
||
<listitem><para>Mount the specified OS image to the specified directory. This will dissect the image,
|
||
determine the OS root file system — as well as possibly other partitions — and mount them to the
|
||
specified directory. If the OS image contains multiple partitions marked with the <ulink
|
||
url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink>
|
||
multiple nested mounts are established. This command expects two arguments: a path to an image file
|
||
and a path to a directory where to mount the image.</para>
|
||
|
||
<para>To unmount an OS image mounted like this use the <option>--umount</option> operation.</para>
|
||
|
||
<para>When the OS image contains LUKS encrypted or Verity integrity protected file systems
|
||
appropriate volumes are automatically set up and marked for automatic disassembly when the image is
|
||
unmounted.</para>
|
||
|
||
<para>The OS image may either be specified as path to an OS image stored in a regular file or may
|
||
refer to block device node (in the latter case the block device must be the "whole" device, i.e. not
|
||
a partition device). (The other supported commands described here support this, too.)</para>
|
||
|
||
<para>All mounted file systems are checked with the appropriate <citerefentry
|
||
project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||
implementation in automatic fixing mode, unless explicitly turned off (<option>--fsck=no</option>) or
|
||
read-only operation is requested (<option>--read-only</option>).</para>
|
||
|
||
<para>Note that this functionality is also available in <citerefentry
|
||
project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> via a
|
||
command such as <command>mount -t ddi myimage.raw targetdir/</command>, as well as in <citerefentry
|
||
project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For
|
||
details, see below.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v247"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-M</option></term>
|
||
|
||
<listitem><para>This is a shortcut for <option>--mount --mkdir</option>.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v247"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--umount</option></term>
|
||
<term><option>-u</option></term>
|
||
|
||
<listitem><para>Unmount an OS image from the specified directory. This command expects one argument:
|
||
a directory where an OS image was mounted.</para>
|
||
|
||
<para>All mounted partitions will be recursively unmounted, and the underlying loop device will be
|
||
removed, along with all its partition sub-devices.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-U</option></term>
|
||
|
||
<listitem><para>This is a shortcut for <option>--umount --rmdir</option>.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--attach</option></term>
|
||
|
||
<listitem><para>Attach the specified disk image to an automatically allocated loopback block device,
|
||
and print the path to the loopback block device to standard output. This is similar to an invocation
|
||
of <command>losetup --find --show</command>, but will validate the image as DDI before attaching, and
|
||
derive the correct sector size to use automatically. Moreover, it ensures the per-partition block
|
||
devices are created before returning. Takes a path to a disk image file.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v254"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--detach</option></term>
|
||
|
||
<listitem><para>Detach the specified disk image from a loopback block device. This undoes the effect
|
||
of <option>--attach</option> above. This expects either a path to a loopback block device as an
|
||
argument, or the path to the backing image file. In the latter case it will automatically determine
|
||
the right device to detach.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v254"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--list</option></term>
|
||
<term><option>-l</option></term>
|
||
|
||
<listitem><para>Prints the paths of all the files and directories in the specified OS image or
|
||
directory to standard output.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--mtree</option></term>
|
||
|
||
<listitem><para>Generates a BSD
|
||
<citerefentry project='die-net'><refentrytitle>mtree</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||
compatible file manifest of the specified disk image or directory. This is useful for comparing image
|
||
contents in detail, including inode information and other metadata. While the generated manifest will
|
||
contain detailed inode information, it currently excludes extended attributes, file system
|
||
capabilities, MAC labels,
|
||
<citerefentry project='man-pages'><refentrytitle>chattr</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||
file flags,
|
||
<citerefentry project='url'><refentrytitle url='https://btrfs.readthedocs.io/en/latest/btrfs-man5.html'>btrfs</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||
subvolume information, and various other file metadata. File content information is shown via a
|
||
SHA256 digest. Additional fields might be added in future. Note that inode information such as link
|
||
counts, inode numbers and timestamps is excluded from the output on purpose, as it typically
|
||
complicates reproducibility.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--with</option></term>
|
||
|
||
<listitem><para>Runs the specified command with the specified OS image mounted. This will mount the
|
||
image to a temporary directory, switch the current working directory to it, and invoke the specified
|
||
command line as child process. Once the process ends it will unmount the image again, and remove the
|
||
temporary directory. If no command is specified a shell is invoked. The image is mounted writable,
|
||
use <option>--read-only</option> to switch to read-only operation. The invoked process will have the
|
||
<varname>$SYSTEMD_DISSECT_ROOT</varname> environment variable set, containing the absolute path name
|
||
of the temporary mount point, i.e. the same directory that is set as the current working
|
||
directory. It will also have the <varname>$SYSTEMD_DISSECT_DEVICE</varname> environment variable set,
|
||
containing the absolute path name of the loop device the image was attached to.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--copy-from</option></term>
|
||
<term><option>-x</option></term>
|
||
|
||
<listitem><para>Copies a file or directory from the specified OS image or directory into the
|
||
specified location on the host file system. Expects three arguments: a path to an image file or
|
||
directory, a source path (relative to the image's root directory) and a destination path (relative to
|
||
the current working directory, or an absolute path, both outside of the image). If the destination
|
||
path is omitted or specified as dash (<literal>-</literal>), the specified file is written to
|
||
standard output. If the source path in the image file system refers to a regular file it is copied to
|
||
the destination path. In this case access mode, extended attributes and timestamps are copied as
|
||
well, but file ownership is not. If the source path in the image refers to a directory, it is copied
|
||
to the destination path, recursively with all containing files and directories. In this case the file
|
||
ownership is copied too.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v247"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--copy-to</option></term>
|
||
<term><option>-a</option></term>
|
||
|
||
<listitem><para>Copies a file or directory from the specified location in the host file system into
|
||
the specified OS image or directory. Expects three arguments: a path to an image file or directory, a
|
||
source path (relative to the current working directory, or an absolute path, both outside of the
|
||
image) and a destination path (relative to the image's root directory). If the source path is omitted
|
||
or specified as dash (<literal>-</literal>), the data to write is read from standard input. If the
|
||
source path in the host file system refers to a regular file, it is copied to the destination path.
|
||
In this case access mode, extended attributes and timestamps are copied as well, but file ownership
|
||
is not. If the source path in the host file system refers to a directory it is copied to the
|
||
destination path, recursively with all containing files and directories. In this case the file
|
||
ownership is copied too.</para>
|
||
|
||
<para>As with <option>--mount</option> file system checks are implicitly run before the copy
|
||
operation begins.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v247"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--discover</option></term>
|
||
|
||
<listitem><para>Show a list of DDIs in well-known directories. This will show machine, portable
|
||
service and system/configuration extension disk images in the usual directories
|
||
<filename>/usr/lib/machines/</filename>, <filename>/usr/lib/portables/</filename>,
|
||
<filename>/usr/lib/confexts/</filename>, <filename>/var/lib/machines/</filename>,
|
||
<filename>/var/lib/portables/</filename>, <filename>/var/lib/extensions/</filename> and so
|
||
on.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--validate</option></term>
|
||
|
||
<listitem><para>Validates the partition arrangement of a disk image (DDI), and ensures it matches the
|
||
image policy specified via <option>--image-policy=</option>, if one is specified. This parses the
|
||
partition table and probes the file systems in the image, but does not attempt to mount them (nor to
|
||
set up disk encryption/authentication via LUKS/Verity). It does this taking the configured image
|
||
dissection policy into account. Since this operation does not mount file systems, this command –
|
||
unlike all other commands implemented by this tool – requires no privileges other than the ability to
|
||
access the specified file. Prints "OK" and returns zero if the image appears to be in order and
|
||
matches the specified image dissection policy. Otherwise prints an error message and returns
|
||
non-zero.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v254"/></listitem>
|
||
</varlistentry>
|
||
|
||
<xi:include href="standard-options.xml" xpointer="help" />
|
||
<xi:include href="standard-options.xml" xpointer="version" />
|
||
</variablelist>
|
||
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Options</title>
|
||
|
||
<para>The following options are understood:</para>
|
||
|
||
<variablelist>
|
||
<varlistentry>
|
||
<term><option>--read-only</option></term>
|
||
<term><option>-r</option></term>
|
||
|
||
<listitem><para>Operate in read-only mode. By default <option>--mount</option> will establish
|
||
writable mount points. If this option is specified they are established in read-only mode
|
||
instead.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v247"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--fsck=no</option></term>
|
||
|
||
<listitem><para>Turn off automatic file system checking. By default when an image is accessed for
|
||
writing (by <option>--mount</option> or <option>--copy-to</option>) the file systems contained in the
|
||
OS image are automatically checked using the appropriate <citerefentry
|
||
project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||
command, in automatic fixing mode. This behavior may be switched off using
|
||
<option>--fsck=no</option>.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v247"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--growfs=no</option></term>
|
||
|
||
<listitem><para>Turn off automatic growing of accessed file systems to their partition size, if
|
||
marked for that in the GPT partition table. By default when an image is accessed for writing (by
|
||
<option>--mount</option> or <option>--copy-to</option>) the file systems contained in the OS image
|
||
are automatically grown to their partition sizes, if bit 59 in the GPT partition flags is set for
|
||
partition types that are defined by the <ulink
|
||
url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink>. This
|
||
behavior may be switched off using <option>--growfs=no</option>. File systems are grown automatically
|
||
on access if all of the following conditions are met:</para>
|
||
<orderedlist>
|
||
<listitem><para>The file system is mounted writable</para></listitem>
|
||
<listitem><para>The file system currently is smaller than the partition it is contained in (and thus can be grown)</para></listitem>
|
||
<listitem><para>The image contains a GPT partition table</para></listitem>
|
||
<listitem><para>The file system is stored on a partition defined by the Discoverable Partitions Specification</para></listitem>
|
||
<listitem><para>Bit 59 of the GPT partition flags for this partition is set, as per specification</para></listitem>
|
||
<listitem><para>The <option>--growfs=no</option> option is not passed.</para></listitem>
|
||
</orderedlist>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v249"/>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--mkdir</option></term>
|
||
|
||
<listitem><para>If combined with <option>--mount</option> the directory to mount the OS image to is
|
||
created if it is missing. Note that the directory is not automatically removed when the disk image is
|
||
unmounted again.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v247"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--rmdir</option></term>
|
||
|
||
<listitem><para>If combined with <option>--umount</option> the specified directory where the OS image
|
||
is mounted is removed after unmounting the OS image.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--discard=</option></term>
|
||
|
||
<listitem><para>Takes one of <literal>disabled</literal>, <literal>loop</literal>,
|
||
<literal>all</literal>, <literal>crypto</literal>. If <literal>disabled</literal> the image is
|
||
accessed with empty block discarding turned off. If <literal>loop</literal> discarding is enabled if
|
||
operating on a regular file. If <literal>crypt</literal> discarding is enabled even on encrypted file
|
||
systems. If <literal>all</literal> discarding is unconditionally enabled.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v247"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--in-memory</option></term>
|
||
|
||
<listitem><para>If specified an in-memory copy of the specified disk image is used. This may be used
|
||
to operate with write-access on a (possibly read-only) image, without actually modifying the original
|
||
file. This may also be used in order to operate on a disk image without keeping the originating file
|
||
system busy, in order to allow it to be unmounted.</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--root-hash=</option></term>
|
||
<term><option>--root-hash-sig=</option></term>
|
||
<term><option>--verity-data=</option></term>
|
||
|
||
<listitem><para>Configure various aspects of Verity data integrity for the OS image. Option
|
||
<option>--root-hash=</option> specifies a hex-encoded top-level Verity hash to use for setting up the
|
||
Verity integrity protection. Option <option>--root-hash-sig=</option> specifies the path to a file
|
||
containing a PKCS#7 signature for the hash. This signature is passed to the kernel during activation,
|
||
which will match it against signature keys available in the kernel keyring. Option
|
||
<option>--verity-data=</option> specifies a path to a file with the Verity data to use for the OS
|
||
image, in case it is stored in a detached file. It is recommended to embed the Verity data directly
|
||
in the image, using the Verity mechanisms in the <ulink
|
||
url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink>.
|
||
</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v247"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--loop-ref=</option></term>
|
||
|
||
<listitem><para>Configures the "reference" string the kernel shall report as backing file for the
|
||
loopback block device. While this is supposed to be a path or filename referencing the backing file,
|
||
this is not enforced and the kernel accepts arbitrary free-form strings, chosen by the user. Accepts
|
||
arbitrary strings up to a length of 63 characters. This sets the kernel's
|
||
<literal>.lo_file_name</literal> field for the block device. Note this is distinct from the
|
||
<filename>/sys/class/block/loopX/loop/backing_file</filename> attribute file that always reports a
|
||
path referring to the actual backing file. The latter is subject to mount namespace translation, the
|
||
former is not.</para>
|
||
|
||
<para>This setting is particularly useful in combination with the <option>--attach</option> command,
|
||
as it allows later referencing the allocated loop device via
|
||
<filename>/dev/disk/by-loop-ref/…</filename> symlinks. Example: first, set up the loopback device
|
||
via <command>systemd-dissect attach --loop-ref=quux foo.raw</command>, and then reference it in a
|
||
command via the specified filename: <command>cfdisk /dev/disk/by-loop-ref/quux</command>.
|
||
</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v254"/></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--mtree-hash=no</option></term>
|
||
|
||
<listitem><para>If combined with <option>--mtree</option>, turns off inclusion of file hashes in the
|
||
mtree output. This makes the <option>--mtree</option> faster when operating on large images.
|
||
</para>
|
||
|
||
<xi:include href="version-info.xml" xpointer="v254"/></listitem>
|
||
</varlistentry>
|
||
|
||
<xi:include href="standard-options.xml" xpointer="image-policy-open" />
|
||
<xi:include href="standard-options.xml" xpointer="no-pager" />
|
||
<xi:include href="standard-options.xml" xpointer="no-legend" />
|
||
<xi:include href="standard-options.xml" xpointer="json" />
|
||
</variablelist>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Exit status</title>
|
||
|
||
<para>On success, 0 is returned, a non-zero failure code otherwise. If the <option>--with</option>
|
||
command is used the exit status of the invoked command is propagated.</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Invocation as <command>/sbin/mount.ddi</command></title>
|
||
|
||
<para>The <command>systemd-dissect</command> executable may be symlinked to
|
||
<filename>/sbin/mount.ddi</filename>. If invoked through that it implements <citerefentry
|
||
project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry>'s
|
||
"external helper" interface for the (pseudo) file system type <literal>ddi</literal>. This means
|
||
conformant disk images may be mounted directly via</para>
|
||
|
||
<programlisting># mount -t ddi myimage.raw targetdir/</programlisting>
|
||
|
||
<para>in a fashion mostly equivalent to:</para>
|
||
|
||
<programlisting># systemd-dissect --mount myimage.raw targetdir/</programlisting>
|
||
|
||
<para>Note that since a single DDI may contain multiple file systems it should later be unmounted with
|
||
<command>umount -R targetdir/</command>, for recursive operation.</para>
|
||
|
||
<para>This functionality is particularly useful to mount DDIs automatically at boot via simple
|
||
<filename>/etc/fstab</filename> entries. For example:</para>
|
||
|
||
<programlisting>/path/to/myimage.raw /images/myimage/ ddi defaults 0 0</programlisting>
|
||
|
||
<para>When invoked this way the mount options <literal>ro</literal>, <literal>rw</literal>,
|
||
<literal>discard</literal>, <literal>nodiscard</literal> map to the corresponding options listed above
|
||
(i.e. <option>--read-only</option>, <option>--discard=all</option>,
|
||
<option>--discard=disabled</option>). Mount options are <emphasis>not</emphasis> generically passed on to
|
||
the file systems inside the images.</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Examples</title>
|
||
|
||
<example>
|
||
<title>Generate a tarball from an OS disk image</title>
|
||
|
||
<programlisting># systemd-dissect --with foo.raw tar cz . >foo.tar.gz</programlisting>
|
||
</example>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>See Also</title>
|
||
<para>
|
||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions Specification</ulink>,
|
||
<citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||
<citerefentry project='man-pages'><refentrytitle>umount</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||
<citerefentry project='man-pages'><refentrytitle>fdisk</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||
</para>
|
||
</refsect1>
|
||
|
||
</refentry>
|