This implements updates via systemd-sysupdate. See individual commit messages for details. There are major changes to the image build process. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> --- Demi Marie Obenour (7): host/rootfs: Use full util-linux and systemd release/combined: Compress installation image tools: Add directory checker for updates Adjust partition layout to support updates release: add install step Factor out dm-verity build rules Support updates via systemd-sysupdate host/initramfs/Makefile | 17 ++-- host/initramfs/default.nix | 2 + host/initramfs/etc/init | 17 ++-- host/initramfs/etc/probe | 20 +++-- host/initramfs/shell.nix | 1 + host/rootfs/Makefile | 54 ++++++------- host/rootfs/default.nix | 64 +++++++-------- host/rootfs/file-list.mk | 5 ++ host/rootfs/image/etc/fstab | 1 + .../image/etc/sysupdate.d/50-verity.transfer | 21 +++++ host/rootfs/image/etc/sysupdate.d/60-root.transfer | 21 +++++ .../image/etc/sysupdate.d/70-kernel.transfer | 25 ++++++ host/rootfs/image/usr/bin/run-update | 54 +++++++++++++ host/rootfs/image/usr/bin/update | 56 +++++++++++++ host/rootfs/image/usr/bin/vm-start | 25 +++++- host/rootfs/os-release.in | 13 +++ host/rootfs/os-release.in.license | 2 + host/rootfs/shell.nix | 3 +- img/app/Makefile | 2 +- img/app/default.nix | 5 +- lib/kcmdline-utils.mk | 8 ++ lib/verity.mk | 18 +++++ lib/version.nix | 15 ++++ release/checks/integration/default.nix | 2 +- release/checks/integration/meson.build | 2 +- release/checks/no-roothash.nix | 2 +- release/combined/eosimages.nix | 16 ++-- release/live/Makefile | 46 +++++------ release/live/default.nix | 17 ++-- release/live/shell.nix | 4 +- scripts/format-uuid.awk | 35 ++++++++ scripts/format-uuid.sh | 1 + scripts/make-gpt.bash | 72 +++++++++++++++++ scripts/make-gpt.sh | 67 +-------------- scripts/make-live-image.sh | 41 ++++++++++ scripts/sfdisk-field.awk | 3 +- tools/default.nix | 1 + tools/meson.build | 1 + tools/updates-dir-check/meson.build | 4 + tools/updates-dir-check/updates-dir-check.c | 94 ++++++++++++++++++++++ update-signing-keys.gpg | 1 + update-signing-keys.gpg.license | 2 + update-url | 1 + update-url.license | 2 + version | 1 + version.license | 2 + vm/app/sysupdate.d/50-verity.transfer | 18 +++++ vm/app/sysupdate.d/60-root.transfer | 18 +++++ vm/app/sysupdate.d/70-kernel.transfer | 18 +++++ vm/app/updates.nix | 57 +++++++++++++ vm/sys/net/Makefile | 2 +- vm/sys/net/default.nix | 5 +- 52 files changed, 782 insertions(+), 202 deletions(-) --- base-commit: 11c411139e006ddf6ce074c22c30a0bb9b6fb76e change-id: 20250928-updates-92e99849e231 -- Sincerely, Demi Marie Obenour (she/her/hers)