From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 585A97FA4;
	Wed, 29 Oct 2025 10:14:23 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id 449BD8012; Wed, 29 Oct 2025 10:14:21 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_PASS,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,
	SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=4.0.1
Received: from mail-yw1-x112b.google.com (mail-yw1-x112b.google.com
 [IPv6:2607:f8b0:4864:20::112b])
	by atuin.qyliss.net (Postfix) with ESMTPS id A10B88010
	for <devel@spectrum-os.org>; Wed, 29 Oct 2025 10:14:20 +0000 (UTC)
Received: by mail-yw1-x112b.google.com with SMTP id
 00721157ae682-785db6b7484so51982367b3.1
        for <devel@spectrum-os.org>; Wed, 29 Oct 2025 03:14:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1761732859; x=1762337659;
 darn=spectrum-os.org;
        h=cc:to:content-transfer-encoding:mime-version:message-id:date
         :subject:from:from:to:cc:subject:date:message-id:reply-to;
        bh=KNSOF7yjcbKo812WAAKKWUyO4PNKJ40SwkP714/GKY4=;
        b=aFxJaA7eLwiV8/i5G5MWcM1sfuYF9UQkzNxjBEotPGGk0E3bqI4TnbPh052FTKpO6N
         RkWoCLFqIZH438jKALLLUvabIdxsKH4ZEGtCdIa7gpysHcB8Lev2nTJxf8hYNmMTdaSL
         pjULBluDCmuFLsHvMvq4kfOwvG7r2SiapOhaSEtsiuIpm49b3yyF2hamkaXBaS5qH1cN
         w8Junkr7IXZAT212VEVeQNMVhwmfjnpg+1q8uVBjc542NKd6QcOFTwGBM5zxABZaVr8X
         YnJUv8qdoCijoPXaTtz7Q+YOrS9r/Y3Fe23sGqNfCebuBdNF/oZSBs2coezLobK2+u/G
         XL3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1761732859; x=1762337659;
        h=cc:to:content-transfer-encoding:mime-version:message-id:date
         :subject:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=KNSOF7yjcbKo812WAAKKWUyO4PNKJ40SwkP714/GKY4=;
        b=F5sJbmPCRa6t2DqXq82wPmAbujXznLZ8jRHog5laEFLyTXVrCiiXnAQs04L9sm/sPp
         cWzD3XStGLFMgVCBcGVhkFioNn2/JPqJNmWAgMmq0AUuzPvilpZdaxt7BFdTRqVo8nS7
         mkEd715c7S9d6o3mezmpEAWWpP8DmfkEjHXAM3Iikpf1USCdHVphxqsO2027O8zeSo42
         Pu0FFjCbDKhz/GQW4U7Xe51NPgNiU6T2N/hWGgq3k4gCuR50cHSF5hnHCAR+EVZO1W2D
         zaUSj2Q1hw5XrNt/swpxXnxpmk+qB8t0MDq5Oy/GB8oTrr8USOAps26y/DogR5F2ft/w
         gSJg==
X-Gm-Message-State: AOJu0Yyof6ElFJET+EaBa0BII4eGlhKRV251IgN3Ma3CAuhcTVg0DAZp
	ndF/GCMyhrd9WfKeIk7cyp9Kq3FDBTgk25QwCLAxzzpmVnsexK7qcWpbb0wiqQ==
X-Gm-Gg: ASbGncvz3+NhBAYM5gWsGSl/GGccs+ePOqVePXF/cGCwhjIz6HwA89Bn12cqkDdKdUp
	W0LWGa64A/KIRdO4OFzhdfKln0XkIoQhTWzuwBezC9NypMnfpzguremR+adTyGL94UMPKcxlHk5
	PPdcrtDjxifVhRDU1PIeNuKlpIFlTNZMcDmbY1JXTG/W1rZZohIni9vmlvxGn9nxr0mx/BFNPeZ
	5GpsMwR3Fw8s4KhWpeVMWLc6hNPIo6JoDr5EWn53+z0/o6CbSNAtq6mWJKr2Uu/Haov/JoBoTLB
	hLM+GlVr2QBroS/plbtqoHi10qE0OXcvG/403z9oMl1pdfvjvezkwwCj2yu5nSMOfoprobo2rjU
	l7nKtrrUondha22j+FIbL0KCYcptcpfxb3ECBUCiBg9IfjNJAETVFDB5aCvQr5hqpBc32eteKQd
	V/KR+mHfhiPbjTrEJ02CNxafrlsi4z0pm5UOhyeLot630GXtbDz7PWkjjctf2I82kEnIu+nKcV4
	pT1vxs1Hvn64nbInMFoYxWH
X-Google-Smtp-Source: 
 AGHT+IHUjBuHarp9nE+rYyi8LC7+o9C7eYA375FPyAw+crFesxALsbYaEGf/WREvPw8fXG8PbNXEeQ==
X-Received: by 2002:a05:690c:4b09:b0:783:72c4:5bce with SMTP id
 00721157ae682-7862901907dmr24693007b3.64.1761732859140;
        Wed, 29 Oct 2025 03:14:19 -0700 (PDT)
Received: from localhost.localdomain
 (h96-60-249-169.cncrtn.broadband.dynamic.tds.net. [96.60.249.169])
        by smtp.gmail.com with UTF8SMTPSA id
 00721157ae682-7862fbcb4absm2447457b3.31.2025.10.29.03.14.18
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 29 Oct 2025 03:14:18 -0700 (PDT)
From: Demi Marie Obenour <demiobenour@gmail.com>
Subject: [PATCH 0/7] System updates based on systemd-sysupdate
Date: Wed, 29 Oct 2025 06:12:39 -0400
Message-Id: <20251029-updates-v1-0-401c1be2a11b@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-B4-Tracking: v=1; b=H4sIAJfoAWkC/6tWKk4tykwtVrJSqFYqSi3LLM7MzwNyDHUUlJIzE
 vPSU3UzU4B8JSMDI1MDSyML3dKClMSS1GJdS6NUS0sLE8tUI2NDJaDqgqLUtMwKsEnRsbW1AKI
 kPYFZAAAA
X-Change-ID: 20250928-updates-92e99849e231
To: Spectrum OS Development <devel@spectrum-os.org>
X-Mailer: b4 0.14.3
X-Developer-Signature: v=1; a=ed25519-sha256; t=1761732759; l=4101;
 i=demiobenour@gmail.com; s=20250729; h=from:subject:message-id;
 bh=ZpdN8TRGBMlNb/uomu8TNs9EMFKjcJME5Xzpup3h/6U=;
 b=C+/NNHKKiTK+uBVY2PNv/ULzse4n+dWICWmSfdXfPb4FVB+ui0onNsyCrpwVrYPo+HSO4NZw8
 bhfys1KVB20DuM5zCuDBUwt61uG9U8ieEb/et9Faz2n6AaZMu1DTLIU
X-Developer-Key: i=demiobenour@gmail.com; a=ed25519;
 pk=X57Q4/YQDj9t4SBeKaDwvXYKB6quZJVx/DE2Ly2out0=
Message-ID-Hash: RFM2QDDYSCEGPEL7MMGHVG6YIOKT63PK
X-Message-ID-Hash: RFM2QDDYSCEGPEL7MMGHVG6YIOKT63PK
X-MailFrom: demiobenour@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: Demi Marie Obenour <demiobenour@gmail.com>, Alyssa Ross <hi@alyssa.is>
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/RFM2QDDYSCEGPEL7MMGHVG6YIOKT63PK/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

This implements updates via systemd-sysupdate.  See individual commit
messages for details.

There are major changes to the image build process.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
---
Demi Marie Obenour (7):
      host/rootfs: Use full util-linux and systemd
      release/combined: Compress installation image
      tools: Add directory checker for updates
      Adjust partition layout to support updates
      release: add install step
      Factor out dm-verity build rules
      Support updates via systemd-sysupdate

 host/initramfs/Makefile                            | 17 ++--
 host/initramfs/default.nix                         |  2 +
 host/initramfs/etc/init                            | 17 ++--
 host/initramfs/etc/probe                           | 20 +++--
 host/initramfs/shell.nix                           |  1 +
 host/rootfs/Makefile                               | 54 ++++++-------
 host/rootfs/default.nix                            | 64 +++++++--------
 host/rootfs/file-list.mk                           |  5 ++
 host/rootfs/image/etc/fstab                        |  1 +
 .../image/etc/sysupdate.d/50-verity.transfer       | 21 +++++
 host/rootfs/image/etc/sysupdate.d/60-root.transfer | 21 +++++
 .../image/etc/sysupdate.d/70-kernel.transfer       | 25 ++++++
 host/rootfs/image/usr/bin/run-update               | 54 +++++++++++++
 host/rootfs/image/usr/bin/update                   | 56 +++++++++++++
 host/rootfs/image/usr/bin/vm-start                 | 25 +++++-
 host/rootfs/os-release.in                          | 13 +++
 host/rootfs/os-release.in.license                  |  2 +
 host/rootfs/shell.nix                              |  3 +-
 img/app/Makefile                                   |  2 +-
 img/app/default.nix                                |  5 +-
 lib/kcmdline-utils.mk                              |  8 ++
 lib/verity.mk                                      | 18 +++++
 lib/version.nix                                    | 15 ++++
 release/checks/integration/default.nix             |  2 +-
 release/checks/integration/meson.build             |  2 +-
 release/checks/no-roothash.nix                     |  2 +-
 release/combined/eosimages.nix                     | 16 ++--
 release/live/Makefile                              | 46 +++++------
 release/live/default.nix                           | 17 ++--
 release/live/shell.nix                             |  4 +-
 scripts/format-uuid.awk                            | 35 ++++++++
 scripts/format-uuid.sh                             |  1 +
 scripts/make-gpt.bash                              | 72 +++++++++++++++++
 scripts/make-gpt.sh                                | 67 +--------------
 scripts/make-live-image.sh                         | 41 ++++++++++
 scripts/sfdisk-field.awk                           |  3 +-
 tools/default.nix                                  |  1 +
 tools/meson.build                                  |  1 +
 tools/updates-dir-check/meson.build                |  4 +
 tools/updates-dir-check/updates-dir-check.c        | 94 ++++++++++++++++++++++
 update-signing-keys.gpg                            |  1 +
 update-signing-keys.gpg.license                    |  2 +
 update-url                                         |  1 +
 update-url.license                                 |  2 +
 version                                            |  1 +
 version.license                                    |  2 +
 vm/app/sysupdate.d/50-verity.transfer              | 18 +++++
 vm/app/sysupdate.d/60-root.transfer                | 18 +++++
 vm/app/sysupdate.d/70-kernel.transfer              | 18 +++++
 vm/app/updates.nix                                 | 57 +++++++++++++
 vm/sys/net/Makefile                                |  2 +-
 vm/sys/net/default.nix                             |  5 +-
 52 files changed, 782 insertions(+), 202 deletions(-)
---
base-commit: 11c411139e006ddf6ce074c22c30a0bb9b6fb76e
change-id: 20250928-updates-92e99849e231

-- 
Sincerely,
Demi Marie Obenour (she/her/hers)