Hi,
I'm currently building an OS image
(with mkosi), for which I'm struggling to find a suitable installation
and updating strategy for. One requirement is a self-replicating
install. It should be bootable from a USB stick with full functionality
and be installable from there.
I settled on using verity protected partitions with their roothash embedded into the signed UKI's cmdline.
This works perfectly fine for booting from the USB stick.
For
the installation, I use systemd-repart to create slots for A/B
partitions and copying the partitions from the USB stick by block to the
first slot.
Updating using systemd-sysupdate (on the
installed system) installs a new data and verity partition in the unused
slot and a UKI with the corresponding roothash. systemd-boot can then
sort the UKIs by version.
Unfortunately,
copying the data and verity partitions on installation of course results
in the same partition UUIDs on the installed medium and the USB stick.
UUID collision results in unpredictable mounting when both the installed
medium and the USB stick is present (which could be the case for
reinstallation for some reason, or if the USB stick was left on reboot).
One possible solution is creating two different UKIs with hardcoded partition labels in their cmdline.
This would lose some flexibility/automagic in e.g. sysupdate though. The partition label would have to be set manually.
Another solution could be to extend systemd to first search the booted device for the UUIDs specified by the roothash.
Is there a better solution here I'm not seeing?
Marius
