Merge pull request #4795 from poettering/dissect

Generalize image dissection logic of nspawn, and make it useful for other tools.
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2016-12-10 01:08:13 -0500
committer: GitHub <noreply@github.com> 2016-12-10 01:08:13 -0500
commit: 4a5567d5d6ab01974dd089eb8907fecd6aff4fcf (patch)
tree: 4f40cdd195f08022e2846d5c9757147ca436fede /man
parent: 2e1f244efd2dfc1a60d032bef3d88b9ba6e0444b (diff)
parent: 58abb66f4b9b0b3a16fe29211454d9936d35c35d (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index cd0a90d82f..2bc81ea1aa 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -235,17 +235,34 @@
           identified by the partition types defined by the <ulink
           url="http://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec/">Discoverable
           Partitions Specification</ulink>.</para></listitem>
+
+          <listitem><para>No partition table, and a single file system spanning the whole image.</para></listitem>
         </itemizedlist>
 
         <para>On GPT images, if an EFI System Partition (ESP) is discovered, it is automatically mounted to
         <filename>/efi</filename> (or <filename>/boot</filename> as fallback) in case a directory by this name exists
         and is empty.</para>
 
+        <para>Partitions encrypted with LUKS are automatically decrypted. Also, on GPT images dm-verity data integrity
+        hash partitions are set up if the root hash for them is specified using the <option>--root-hash=</option>
+        option.</para>
+
         <para>Any other partitions, such as foreign partitions or swap partitions are not mounted. May not be specified
         together with <option>--directory=</option>, <option>--template=</option>.</para></listitem>
       </varlistentry>
 
       <varlistentry>
+        <term><option>--root-hash=</option></term>
+
+        <listitem><para>Takes a data integrity (dm-verity) root hash specified in hexadecimal. This option enables data
+        integrity checks using dm-verity, if the used image contains the appropriate integrity data (see above). The
+        specified hash must match the root hash of integrity data, and is usually at least 256bits (and hence 64
+        hexadecimal characters) long (in case of SHA256 for example). If this option is not specified, but a file with
+        the <filename>.roothash</filename> suffix is found next to the image file, bearing otherwise the same name the
+        root hash is read from it and automatically used.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term><option>-a</option></term>
         <term><option>--as-pid2</option></term>
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2016-12-10 01:08:13 -0500
committer	GitHub <noreply@github.com>	2016-12-10 01:08:13 -0500
commit	4a5567d5d6ab01974dd089eb8907fecd6aff4fcf (patch)
tree	4f40cdd195f08022e2846d5c9757147ca436fede /man
parent	2e1f244efd2dfc1a60d032bef3d88b9ba6e0444b (diff)
parent	58abb66f4b9b0b3a16fe29211454d9936d35c35d (diff)