Better cater to outputs for `systemd-sysupdate`

[septatrix]

When using systemd-sysupdate in an A/B style, the UKIs needs to know which partition to boot to. This can be achieved by setting the roothash or usrhash kernel command line option and labeling the partition fittingly. However, there is no way to model this in mkosi with the static KernelCommandLine= option. It is already possible to split the base system and united generation into two different presets/images and have one depend on the other though this is pretty much where I am stuck currently. Having mkosi better support this use case would allow one to pretty much implement everything from Lennarts "fitting everything together" post with mkosi.

There is also the problem that depending on the sysupdate.d setup the partition files generated when SplitArtifacts=true should include parts of the hash but that can be implemented with some rather trivial scripting. Bundling, signing and all the other steps for generating a UKI though are way harder to script.

[septatrix]

x-ref: https://github.com/systemd/systemd/issues/29722

[DaanDeMeyer]

@septatrix We automatically do the roothash/usrhash stuff in mkosi when required. This isn't documented but please check the sources

[septatrix]

Okay I found it. Is there any reason for not doing it for partitions without a hash, i.e. why use finalize_roothash instead of finalize_root which would also help to append the partition UUID for writeable root partitions?

[DaanDeMeyer]

@septatrix Because we generally want to rely on systemd-gpt-auto-generator instead of explicit root= on the kernel command line so we don't use it unless required.

[septatrix]

systemd-gpt-auto-generator however reaches its limits when finding the root partition belonging to a UKI if it is writeable. In those cases roothash cannot be used. Though I am aware that A/B style updates with a writeable root partition are likely not that widespread.

[septatrix]

If you do not plan to support that usecase please feel free to close this issue. I will likely manage with the small patch of replacing finalize_roothash with finalize_root

[septatrix]

We automatically do the roothash/usrhash stuff in mkosi when required. This isn't documented but please check the sources.

I think I got most of this running as expected. One thing came up, however: sysupdate wishes for the partuuids to be included in the filename SplitName=%U.%t. Could mkosi maybe set this as a default or is that not possible? Currently I have simply set in inside the repart.d whiles which also works though having this be set by systemd would be a better OOTB experience.

[septatrix]

Or is this something which should be implemented in repart itself? E.g. if a partition definition has a VerityMatchKey=... set it defaults to %U.%t and otherwise to %t?

[septatrix]

Another thing I noticed and wasted way too much time on to figure out. The final filename of the split partitions depends on the name of the loopback device and the SplitName= configured in the repart.d definitions. This means that something like SplitName=%U.%t would result in FoobarOS_1.0.0.3e3a(...some uuid).usr-x86-64-verity.raw. sysupdate however gets confused by the version number and subsequent UUID starting with a number. This means that artifacts have to be manually renamed. While this is not too hard, this also means that the generated SHA256SUMS file is essentially useless, including the automatic signing.

It would be great if the separator would instead be an underscore (to archive the same syntax as shown in the sysupdate man page foobarOS_@v_@u.verity.xz) though this seems to be hardcoded in repartd. Maybe mkosi could rename the files?

[septatrix]

@septatrix Because we generally want to rely on systemd-gpt-auto-generator instead of explicit root= on the kernel command line so we don't use it unless required.

It has just come to my attention that Ubuntu no longer ships with systemd-gpt-auto-generator since 253.5-1ubuntu5. I have filed a bug upstream* though if they are unwilling to revert the change this will no longer work for Ubuntu.

*downstream? Upstream of mkosi but downstream of systemd/Debian :D

[DaanDeMeyer]

We're working with the ubuntu systemd maintainer to get it added back for the next LTS release.

[mcassaniti]

There's a large post here covering UKI naming, but it also spans into other systemd-sysupdate details. While the output names should include the partition UUIDs, they do need to include the version as well.

[mcassaniti]

I have to retract my statement above. I mis-configured and had SplitName = %U.%t rather than SplitName = %A.%U.%t in my repart.d files which includes all the relevant details now (version, UUID and partition type).

[septatrix]

Another feature desirable for sysupdate would be to have the unit presets being applied to /usr instead of /etc. I opened discussion #2790 for that with more of an explanation