diff options
Diffstat (limited to 'upstream/debian-unstable/man8/systemd-repart.8')
| -rw-r--r-- | upstream/debian-unstable/man8/systemd-repart.8 | 104 |
1 files changed, 83 insertions, 21 deletions
diff --git a/upstream/debian-unstable/man8/systemd-repart.8 b/upstream/debian-unstable/man8/systemd-repart.8 index b873a9f5..58006473 100644 --- a/upstream/debian-unstable/man8/systemd-repart.8 +++ b/upstream/debian-unstable/man8/systemd-repart.8 @@ -1,5 +1,5 @@ '\" t -.TH "SYSTEMD\-REPART" "8" "" "systemd 255" "systemd-repart" +.TH "SYSTEMD\-REPART" "8" "" "systemd 256~rc3" "systemd-repart" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -415,6 +415,19 @@ setting in partition files\&. Added in version 252\&. .RE .PP +\fB\-\-private\-key\-source=\fR +.RS 4 +Takes one of +"file", +"engine" +or +"provider"\&. In the latter two cases, it is followed by the name of a provider or engine, separated by colon, that will be passed to OpenSSL\*(Aqs "engine" or "provider" logic\&. Configures the signing mechanism to use when creating verity signature partitions with the +\fIVerity=signature\fR +setting in partition files\&. +.sp +Added in version 256\&. +.RE +.PP \fB\-\-certificate=\fR .RS 4 Takes a file system path\&. Configures the PEM encoded X\&.509 certificate to use when creating verity signature partitions with the @@ -435,7 +448,7 @@ and have the same effect on partitions where TPM2 enrollment is requested\&. Added in version 248\&. .RE .PP -\fB\-\-tpm2\-device\-key=\fR [PATH], \fB\-\-tpm2\-seal\-key\-handle=\fR [HANDLE] +\fB\-\-tpm2\-device\-key=\fR\fB\fIPATH\fR\fR, \fB\-\-tpm2\-seal\-key\-handle=\fR\fB\fIHANDLE\fR\fR .RS 4 Configures a TPM2 SRK key to bind encryption to\&. See \fBsystemd-cryptenroll\fR(1) @@ -444,7 +457,7 @@ for details on this option\&. Added in version 255\&. .RE .PP -\fB\-\-tpm2\-public\-key=\fR [PATH], \fB\-\-tpm2\-public\-key\-pcrs=\fR [PCR...] +\fB\-\-tpm2\-public\-key=\fR\fB\fIPATH\fR\fR, \fB\-\-tpm2\-public\-key\-pcrs=\fR\fB\fIPCR\fR\fI[+PCR\&.\&.\&.]\fR\fR .RS 4 Configures a TPM2 signed PCR policy to bind encryption to\&. See \fBsystemd-cryptenroll\fR(1) @@ -453,7 +466,7 @@ for details on these two options\&. Added in version 252\&. .RE .PP -\fB\-\-tpm2\-pcrlock=\fR [PATH] +\fB\-\-tpm2\-pcrlock=\fR\fB\fIPATH\fR\fR .RS 4 Configures a TPM2 pcrlock policy to bind encryption to\&. See \fBsystemd-cryptenroll\fR(1) @@ -462,7 +475,7 @@ for details on this option\&. Added in version 255\&. .RE .PP -\fB\-\-split=\fR [BOOL] +\fB\-\-split=\fR\fB\fIBOOL\fR\fR .RS 4 Enables generation of split artifacts from partitions configured with \fISplitName=\fR\&. If enabled, for each partition with @@ -485,7 +498,7 @@ is enabled\&. Added in version 252\&. .RE .PP -\fB\-\-include\-partitions=\fR [PARTITION...], \fB\-\-exclude\-partitions=\fR [PARTITION...] +\fB\-\-include\-partitions=\fR\fB\fIPARTITIONS\fR\fR, \fB\-\-exclude\-partitions=\fR\fB\fIPARTITIONS\fR\fR .RS 4 These options specify which partition types \fBsystemd\-repart\fR @@ -501,7 +514,7 @@ in Added in version 253\&. .RE .PP -\fB\-\-defer\-partitions=\fR [PARTITION...] +\fB\-\-defer\-partitions=\fR\fB\fIPARTITIONS\fR\fR .RS 4 This option specifies for which partition types \fBsystemd\-repart\fR @@ -514,7 +527,7 @@ was executed\&. Added in version 253\&. .RE .PP -\fB\-\-sector\-size=\fR [BYTES] +\fB\-\-sector\-size=\fR\fB\fIBYTES\fR\fR .RS 4 This option allows configuring the sector size of the image produced by \fBsystemd\-repart\fR\&. It takes a value that is a power of @@ -527,7 +540,7 @@ and Added in version 253\&. .RE .PP -\fB\-\-architecture=\fR [ARCH] +\fB\-\-architecture=\fR\fB\fIARCH\fR\fR .RS 4 This option allows overriding the architecture used for architecture specific partition types\&. For example, if set to "arm64" @@ -562,7 +575,7 @@ or Added in version 254\&. .RE .PP -\fB\-\-offline=\fR [BOOL] +\fB\-\-offline=\fR\fB\fIBOOL\fR\fR .RS 4 Instructs \fBsystemd\-repart\fR @@ -576,7 +589,7 @@ will build the image online if possible and fall back to building the image offl Added in version 254\&. .RE .PP -\fB\-\-copy\-from=\fR [IMAGE] +\fB\-\-copy\-from=\fR\fB\fIIMAGE\fR\fR .RS 4 Instructs \fBsystemd\-repart\fR @@ -585,7 +598,7 @@ to synthesize partition definitions from the partition table in the given image\ Added in version 255\&. .RE .PP -\fB\-\-copy\-source=\fR\fIPATH\fR, \fB\-s\fR \fIPATH\fR +\fB\-\-copy\-source=\fR\fB\fIPATH\fR\fR, \fB\-s\fR \fIPATH\fR .RS 4 Specifies a source directory all \fICopyFiles=\fR @@ -603,7 +616,7 @@ where the latter takes precedence\&. Added in version 255\&. .RE .PP -\fB\-\-make\-ddi=\fR\fITYPE\fR +\fB\-\-make\-ddi=\fR\fB\fITYPE\fR\fR .RS 4 Takes one of "sysext", @@ -662,6 +675,32 @@ Shortcuts for Added in version 255\&. .RE .PP +\fB\-\-generate\-fstab=\fR\fB\fIPATH\fR\fR +.RS 4 +Specifies a path where to write fstab entries for the mountpoints configured with +\fBMountPoint=\fR +in the root directory specified with +\fB\-\-copy\-source=\fR +or +\fB\-\-root=\fR +or in the host\*(Aqs root directory if neither is specified\&. Disabled by default\&. +.sp +Added in version 256\&. +.RE +.PP +\fB\-\-generate\-crypttab=\fR\fB\fIPATH\fR\fR +.RS 4 +Specifies a path where to write crypttab entries for the encrypted volumes configured with +\fBEncryptedVolume=\fR +in the root directory specified with +\fB\-\-copy\-source=\fR +or +\fB\-\-root=\fR +or in the host\*(Aqs root directory if neither is specified\&. Disabled by default\&. +.sp +Added in version 256\&. +.RE +.PP \fB\-h\fR, \fB\-\-help\fR .RS 4 Print a short help text and exit\&. @@ -682,7 +721,7 @@ Do not pipe output into a pager\&. Do not print the legend, i\&.e\&. column headers and the footer with hints\&. .RE .PP -\fB\-\-json=\fR\fIMODE\fR +\fB\-\-json=\fR\fB\fIMODE\fR\fR .RS 4 Shows output formatted as JSON\&. Expects one of "short" @@ -701,7 +740,7 @@ On success, 0 is returned, a non\-zero failure code otherwise\&. .PP The following creates a configuration extension DDI (confext) for an /etc/motd -update\&. +update: .sp .if n \{\ .RS 4 @@ -724,14 +763,37 @@ systemd\-confext refresh .PP The DDI generated that way may be applied to the system with \fBsystemd-confext\fR(1)\&. +.PP +\fBExample\ \&2.\ \&Generate a system extension image and sign it via PKCS11\fR +.PP +The following creates a system extension DDI (sysext) for an +/usr/foo +update and signs it with a hardware token via PKCS11\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf +mkdir tree tree/usr tree/usr/lib/extension\-release\&.d +echo "Hello World" > tree/usr/foo +cat > tree/usr/lib/extension\-release\&.d/extension\-release\&.my\-foo <<EOF +ID=fedora +VERSION_ID=38 +IMAGE_ID=my\-foo +IMAGE_VERSION=7 +EOF +systemd\-repart \-\-make\-ddi=sysext \-\-private\-key\-source=engine:pkcs11 \-\-private\-key="pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=0123456789abcdef;token=Some%20Cert" \-\-certificate=cert\&.crt \-s tree/ /var/lib/extensions/my\-foo\&.sysext\&.raw +systemd\-sysext refresh +.fi +.if n \{\ +.RE +.\} +.PP +The DDI generated that way may be applied to the system with +\fBsystemd-sysext\fR(1)\&. .SH "SEE ALSO" .PP -\fBsystemd\fR(1), -\fBrepart.d\fR(5), -\fBmachine-id\fR(5), -\fBsystemd-cryptenroll\fR(1), -\fBportablectl\fR(1), -\fBsystemd-sysext\fR(8) +\fBsystemd\fR(1), \fBrepart.d\fR(5), \fBmachine-id\fR(5), \fBsystemd-cryptenroll\fR(1), \fBportablectl\fR(1), \fBsystemd-sysext\fR(8) .SH "NOTES" .IP " 1." 4 portable service |