From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 8C65ECCA6; Sat, 22 Nov 2025 01:27:34 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 10AD7CC8B; Sat, 22 Nov 2025 01:27:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_PASS,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=4.0.1 Received: from mail-yx1-xb12a.google.com (mail-yx1-xb12a.google.com [IPv6:2607:f8b0:4864:20::b12a]) by atuin.qyliss.net (Postfix) with ESMTPS id 52911CC43 for ; Sat, 22 Nov 2025 01:27:31 +0000 (UTC) Received: by mail-yx1-xb12a.google.com with SMTP id 956f58d0204a3-63f996d4e1aso2737678d50.0 for ; Fri, 21 Nov 2025 17:27:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763774849; x=1764379649; darn=spectrum-os.org; h=cc:to:references:in-reply-to:content-transfer-encoding:mime-version :message-id:date:subject:from:from:to:cc:subject:date:message-id :reply-to; bh=ngcmP1K++tvQM2eyMJ9p2/XJgrfCeu3fz6+k1YR0sXI=; b=HWPENKF+te0jBGUWzpcv4JsRpihg6K+LqeqzXcjmmTAsiyg+hSc8A/Bk3oBRShZ5HG VSOXFfRqU1DgXLByGrJ8XOnO8SeFTdSeI6DJ/F2T7v49J0/8MHJmJmuWnpDx5k51MBsR 8rIy3UAy8M8cEI9dxFbcDlhoI4ZUPhxeX0XZDHQgMeQtJHm7lyN+t+VDqvwNrlnm7WO7 vFuvb+M4bh/76EFfE+boIDNzUEhl16+U3DLbYK0rvqUCC8CMxkuAKOoUsDenRjZHcSC0 g95cj7fsnEV97pKawWdxWwrBshXj9YLBNgwPcdlYFlM0ajxlzpg1KlQ4lm3Hd6Gjv+G5 PY3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763774849; x=1764379649; h=cc:to:references:in-reply-to:content-transfer-encoding:mime-version :message-id:date:subject:from:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ngcmP1K++tvQM2eyMJ9p2/XJgrfCeu3fz6+k1YR0sXI=; b=EBS5/VufZfT8d2CXKbIrXcD7qT6wb8jtdSYUN4kuf9g3bpzpJEpEYYhgJSneRRtmi5 1mHQPRl1hcX3woaOH+igJoNJQ3H7nLGRRBAenPuy+P5wFjiiwJKmjOLbgMYSMg24ngBs x3ZWu8bAf2x7gJfr1iGPA0qhtE+TMio5IKM9zS0nd2YRQLg6O+0fm6LQ5/6U2nNAA3sc JhP5HVOqSqrUKf+/HTZiFx5TF9u2DalfcuyV7hVYEKJqPjQJOnmUfPDc6Y43Gntags4F 38ym6gnzlwL0QSV3W5hAhVqJgsRQfS9RSlgdiG0a8ORlt7FJ+lS89pBL8E0hALEH04GA 5tsg== X-Gm-Message-State: AOJu0YwxOFtwyn/IW+QMz6M/frP+78tnQr6qvL2E3ZJFe38xYdOzuMrc knq3laa+w4lg+cwqPh7muDuNBm0Nhut0JK74pCB/sY0OdWwtS70j3MqnpSr+rw== X-Gm-Gg: ASbGncu5xju/wbzzkLceJLGs63O0mRk/r2GTH7IxtlW/AqNouMBzbOBQMUGNM2TMnR/ fP2D0G6CIPW1bU54T3VEVUOh10nfyKQp0O40b+7msCM4dN0ZIzUdZZICbkOlZHN2bi3MEJVzJiu 3cI34RrAuZ9VP/mVGz0sNKtAYQedSUrmz7f/BmFtFUqEauS5kdceQ5n8v77R4CdLx//C86EkOJg G0z1F9GKHYhFlMY7UN1lAkVOCwSiSvIeTUGlCpI/5UPozhwzy0iQNEWxJSnQPvk6yALeJ/p5cxY H8jToM2xF+u2fdStUJ1i+D6l1fpN34w2ABVmR9b99tOVq0eyOmXcZphxyw1Y1Uku93E6oKHbYxJ AZMtZGNjIbvQS8lkpOS6HZ1g3NjLfPrNjRk1XKI7w49TD3c4SnAtrVkEUfree+IruxHmYXuxu53 SIwrq1ok8Ra1fC0IE34qbf2WBKDurO08E0/nPdE/wUpsyqIsLUdlA0iQuCVnjJUQkW++ZpOUK1I jjpYPwGODhGC4KwJqNwTleykFxYWfLyLAM= X-Google-Smtp-Source: AGHT+IETH+A1PpJ4QUdjN+3MLVT8ASph5S1BlGP74QwraAFrOHyOZCu+jtcHDyb07MTlW1R1qtr8ew== X-Received: by 2002:a53:c84a:0:b0:63e:4264:878b with SMTP id 956f58d0204a3-64302ad8107mr2593517d50.58.1763774849047; Fri, 21 Nov 2025 17:27:29 -0800 (PST) Received: from localhost.localdomain (h96-60-249-169.cncrtn.broadband.dynamic.tds.net. [96.60.249.169]) by smtp.gmail.com with UTF8SMTPSA id 00721157ae682-78a7987eba3sm20624287b3.12.2025.11.21.17.27.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Nov 2025 17:27:28 -0800 (PST) From: Demi Marie Obenour Subject: [PATCH v4 00/14] System updates based on systemd-sysupdate Date: Fri, 21 Nov 2025 20:23:22 -0500 Message-Id: <20251121-updates-v4-0-d4561c42776e@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-B4-Tracking: v=1; b=H4sIAIoQIWkC/12Qy27CMBBFfwV53VSeiR9jVv2Pqgs/xsRSISEJU SvEv9cECaIur+VzRvdexcRj4Unsd1cx8lKm0p9qUG87ETt/OnBTUs0CJWrpkJrLkPzMU+OQnSP lGFsQ9fcwci4/q+nzq+auTHM//q7iBe6vqwMkuqdjgUY2SkKEwOgBwsfh6Mv3e+yP4u5Y8MUB4 IvDyhElZ0ImCNb959ott7nXVi4Qeecc6Npny90eJUY+X+oK86OJGPwcu7rBfhc1UJCskGUka7X mbFH7yMTOQEw5kEEkvY7xpCQnDChtG6UPJilE743CnLClAFohRZNtgnr/9geOn31AjQEAAA== X-Change-ID: 20250928-updates-92e99849e231 In-Reply-To: <20251119-updates-v3-0-b88a99915509@gmail.com> References: <20251119-updates-v3-0-b88a99915509@gmail.com> To: Spectrum OS Development X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1763774602; l=6289; i=demiobenour@gmail.com; s=20250729; h=from:subject:message-id; bh=Yq186Z9d8M3yd+gBDcz6JiQKQSCdgexSOnDTpdx9tIY=; b=cQ4IoGbyIWsP3qEYGQX0LC/Rq1jLvoxWuuV//Vw9YNhO93wBtYPUGn5qqB6MoYlRHXU9N3U4K sknGDKYdfUWAJ+0Mosehbxzc1LRmjf5CEf4jI8EyLdhMVE430thBSQh X-Developer-Key: i=demiobenour@gmail.com; a=ed25519; pk=X57Q4/YQDj9t4SBeKaDwvXYKB6quZJVx/DE2Ly2out0= Message-ID-Hash: SKUNVJJZHAMKORXZ4WCAJOXQS523JVZL X-Message-ID-Hash: SKUNVJJZHAMKORXZ4WCAJOXQS523JVZL X-MailFrom: demiobenour@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Demi Marie Obenour , Alyssa Ross X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This implements updates via systemd-sysupdate. See individual commit messages for details. There are major changes to the image build process. Signed-off-by: Demi Marie Obenour --- Changes in v4: - Fix build errors in intermediate patches. - Apply suggestions from code review. - Link to v3: https://spectrum-os.org/lists/archives/spectrum-devel/20251119-updates-v3-0-b88a99915509@gmail.com Changes in v3: - See individual commits for details. There are too many to mention here. - Link to v2: https://spectrum-os.org/lists/archives/spectrum-devel/20251112-updates-v2-0-88d96bf81b79@gmail.com Changes in v2: - updates-dir-check: - Do not check that there is a SHA256SUMS or SHA256SUMS.gpg file in the update directory. systemd-sysupdate will fail if it cannot find a manifest or its signature. - Follow symlinks in opening the directory. The path is from a trusted source and will always point to a BTRFS snapshot, never a symlink. The only exception is the last component, which is still checked to not be a symlink. - VM: - Link SHA256SUMS.sha256.asc to SHA256SUMS.gpg. Recent systemd-sysupdate seems to use the former name. - Get update URL from host. - Use an execline script instead of a shell script. - Update script: - Unmount shared directory if already mounted. This avoids errors when mounting it again. - Delete old snapshot if present. - Provide the VM information with a different directory layout. - Do not bind-mount the information passed into the VM into the shared VM folder. Instead rely on this folder being read-only to the guest. This is enforced by a read-only bind mount in virtiofs's mount namespace. - Testing: - Lots of manual update testing. - Disable the test for the live image as it doesn't work anymore. - Nix: - Move validation to a separate low-priority patch. - Documentation: - Document that updating the system is now possible. - Installer: - Remove the "Try Spectrum" button. - Link to v1: https://spectrum-os.org/lists/archives/spectrum-devel/20251029-updates-v1-0-401c1be2a11b@gmail.com --- Demi Marie Obenour (14): host/rootfs: Install all programs from util-linuxMinimal host/rootfs: Install systemd-pull tools: Add directory checker for updates scripts: port make-gpt.sh to bash scripts/make-gpt.sh: Allow specifying partition size Support generating multiple partition UUIDs scripts: Use shell expansion to get partition path release: Compress installation images and remove live image Use OS version to set partition labels and UKI name Add B partitions to installation images release: Create directory with system update Support updates via systemd-sysupdate Documentation: Update support Validate configuration parameters Documentation/development/build-configuration.adoc | 13 ++ Documentation/installation/getting-spectrum.adoc | 56 +++++++-- Documentation/installation/index.adoc | 4 +- Documentation/using-spectrum/index.adoc | 2 + Documentation/using-spectrum/updates.adoc | 30 +++++ host/efi.nix | 2 +- host/initramfs/Makefile | 18 +-- host/initramfs/etc/probe | 20 --- host/initramfs/shell.nix | 2 + host/rootfs/Makefile | 27 ++++- host/rootfs/busybox-config | 134 +++++++++++++++++++++ host/rootfs/busybox-config.license | 4 + host/rootfs/default.nix | 92 +++++++++----- host/rootfs/file-list.mk | 7 ++ host/rootfs/image/etc/fstab | 1 + .../image/etc/sysupdate.d/50-verity.transfer | 20 +++ host/rootfs/image/etc/sysupdate.d/60-root.transfer | 20 +++ .../image/etc/sysupdate.d/70-kernel.transfer | 20 +++ .../image/etc/vm-sysupdate.d/50-verity.transfer | 18 +++ .../image/etc/vm-sysupdate.d/60-root.transfer | 18 +++ .../image/etc/vm-sysupdate.d/70-kernel.transfer | 18 +++ host/rootfs/image/usr/bin/spectrum-update | 83 +++++++++++++ host/rootfs/os-release.in | 15 +++ host/rootfs/shell.nix | 2 + img/app/Makefile | 2 +- lib/config.default.nix | 4 + lib/config.nix | 15 ++- lib/fake-update-signing-key.gpg | 3 + release.nix | 2 + release/checks/integration/meson.build | 2 +- release/checks/integration/try.c | 29 ----- release/combined/eosimages.nix | 19 ++- release/combined/grub.cfg.in | 5 - release/live/Makefile | 15 ++- release/live/default.nix | 5 +- release/live/shell.nix | 3 +- release/update.nix | 33 +++++ scripts/format-uuid.awk | 35 ++++++ scripts/format-uuid.sh | 19 --- scripts/make-gpt.sh | 30 ++--- tools/default.nix | 1 + tools/meson.build | 4 + tools/updates-dir-check.c | 134 +++++++++++++++++++++ vm/app/systemd-sysupdate/default.nix | 57 +++++++++ vm/app/systemd-sysupdate/escape-url.awk | 31 +++++ .../systemd-sysupdate/populate-transfer-directory | 26 ++++ vm/sys/net/Makefile | 2 +- 47 files changed, 928 insertions(+), 174 deletions(-) --- base-commit: e89924f5613539e4dcd9d485a82f976c817b34c1 change-id: 20250928-updates-92e99849e231 prerequisite-patch-id: c518b0e42e0c87755ef725ace8e961cdfb862285 prerequisite-patch-id: 0ed2b2073c0ab6d422aa642fd238b15428c6f7d1 -- Sincerely, Demi Marie Obenour (she/her/hers)