Hi,
systemd definitely already has all the stuff in place to do this on it's own.
The stuff creating the root partition would be sd-repart which just needs a corresponding partition description.
A good example of how this can be used is particleOS https://github.com/systemd/particleos
which is an experiment to implement a OS based on the blog post you mentioned.
It uses mkosi https://github.com/systemd/mkosi to create the image
which in turn will generate a purely systemd based initrd.
Cheers, Nils
On Mon, Mar 3, 2025, 11:45 Emanuele Giuseppe Esposito <eesposit@xxxxxxxxxx> wrote:
Hello everyone,
As you might know already, I tried to submit a new dracut module that
implements the hermetic-usr approach described by Lennart in his
blogpost "Fitting everything together":
https://0pointer.net/blog/fitting-everything-together.html.
The PR is here: https://github.com/dracut-ng/dracut-ng/pull/1234
While there are some small things to fix, it works well, at least in the
environments that I tried.
It is able to recreate the whole root from scratch, provided that /usr
is existing in a separate partition.It creates a LUKS as well as
plaintext root, and supports plaintext /usr as well as dm-verity
protected one.
Zbigniew pointed me that a dracut module might not be the best way to
achieve this, and there might be work in progress already in systemd to
achieve the same goal with a separate systemd component.
Can you point me to the work that is being done in systemd? More
specifically, if there is something similar to what I implemented that
puts together systemd-repart with systemd-tmpfiles and sysusers and
creates a root. Is there some project already going on that does this?
My module uses only 3 systemd units, and most of this stuff could be
reused, if you want. Or maybe is it better to continue the work on dracut?
Let me know,
Emanuele
