diff mbox series

[RFC] systemd-repart.bbclass: provide build-time partitioning helper

Message ID 20240426-systemd-repart-v1-1-a6a710a14a8c@linaro.org
State New
Headers show
Series [RFC] systemd-repart.bbclass: provide build-time partitioning helper | expand

Commit Message

Erik Schilling April 26, 2024, 6:13 p.m. UTC 
systemd-repart can not only do repartitioning at runtime. It can also
create GPT partition images from scratch.

This is especially useful when building non-trivial images that follow
uapi-group's discoverable partition specification [1].

Creating these images using wic becomes cumbersome with dm-verity needing
a lot of careful dependency ordering and non-trivial splitting into
partitions. systemd-repart makes this very simple with just a few config
files.

Example:

This builds an image that splits out /usr into a dm-verity guarded
partition while creating the necessary metadata to auto-discover it.

  01-esp.conf:
    [Partition]
    Type=esp
    CopyFiles=/boot/:/
    Minimize=guess

  02-usr.conf:
    [Partition]
    Type=usr
    CopyFiles=/usr/:/
    Verity=data
    VerityMatchKey=usr
    Minimize=guess

  03-usr-verity.conf:
    [Partition]
    Type=usr-verity
    Verity=hash
    VerityMatchKey=usr
    Minimize=guess

  04-usr-verity-sig.conf:
    [Partition]
    Type=usr-verity-sig
    Verity=signature
    VerityMatchKey=usr

[1] https://uapi-group.org/specifications/specs/discoverable_partitions_specification/

Cc: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Erik Schilling <erik.schilling@linaro.org>
---
I had this sitting on my disk for quite a while since I hacked this up
for a prototype.

Posting to see if there is any interest into something like this.
---
 meta/classes-recipe/systemd-repart.bbclass | 47 ++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)


---
base-commit: 9ecb97083efa1b632ce9827ed1201cc1484fcd71
change-id: 20240426-systemd-repart-99ed87b50b6a

Best regards,
diff mbox series

Patch

diff --git a/meta/classes-recipe/systemd-repart.bbclass b/meta/classes-recipe/systemd-repart.bbclass
new file mode 100644
index 0000000000..83f9b65bf3
--- /dev/null
+++ b/meta/classes-recipe/systemd-repart.bbclass
@@ -0,0 +1,47 @@ 
+#
+# Copyright OpenEmbedded Contributors
+#
+# SPDX-License-Identifier: MIT
+#
+
+DEPENDS += "systemd-native"
+DEPENDS += "strace-native"
+DEPENDS += "dosfstools-native"
+DEPENDS += "mtools-native"
+
+oe_image_systemd_repart() {
+    local additional_args=""
+
+    if [[ -n "${REPART_PRIVATE_KEY}" ]]
+    then
+        additional_args="$additional_args --private-key=${REPART_PRIVATE_KEY}"
+    fi
+
+    if [[ -n "${REPART_CERTIFICATE}" ]]
+    then
+        additional_args="$additional_args --certificate=${REPART_CERTIFICATE}"
+    fi
+
+    # map architectures to systemd's expected values
+    local systemd_arch="${TARGET_ARCH}"
+    case "${systemd_arch}" in
+        aarch64)
+        systemd_arch=arm64
+        ;;
+    esac
+
+    local image_name="${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.img"
+    systemd-repart --root="${IMAGE_ROOTFS}" \
+        --definitions="${REPART_DEFINITION_DIR}" \
+        --empty=create --size=auto --dry-run=no --offline=yes \
+        --architecture="${systemd_arch}" \
+        --json=pretty --no-pager $additional_args \
+        "${image_name}"
+    if [[ -n "${IMAGE_LINK_NAME}" ]]
+    then
+        ln -f -s "${image_name}" "${IMAGE_LINK_NAME}.img"
+    fi
+}
+
+IMAGE_CMD:systemd-repart = "oe_image_systemd_repart"
+do_image_systemd_repart[deptask] += "do_unpack"