systemd-sysext --version
systemd-sysext status
systemd-sysext --version
systemd-sysext status
systemd-sysext --version
systemd-sysext status
/usr/lib/extension-release.d/extension-release.NAME
/usr/lib/extension-release.d/extension-release.NAME
/usr/lib/extension-release.d/extension-release.NAME
/usr/lib/extension-release.d/extension-release.debug-tools
/usr/lib/extension-release.d/extension-release.debug-tools
/usr/lib/extension-release.d/extension-release.debug-tools
ID=debian
VERSION_ID=12
SYSEXT_SCOPE=system
ARCHITECTURE=x86-64
ID=debian
VERSION_ID=12
SYSEXT_SCOPE=system
ARCHITECTURE=x86-64
ID=debian
VERSION_ID=12
SYSEXT_SCOPE=system
ARCHITECTURE=x86-64
sudo mkdir -p /var/lib/extensions/debug-tools/usr/local/bin
sudo mkdir -p /var/lib/extensions/debug-tools/usr/lib/extension-release.d
sudo mkdir -p /var/lib/extensions/debug-tools/opt/debug-tools
sudo mkdir -p /var/lib/extensions/debug-tools/usr/local/bin
sudo mkdir -p /var/lib/extensions/debug-tools/usr/lib/extension-release.d
sudo mkdir -p /var/lib/extensions/debug-tools/opt/debug-tools
sudo mkdir -p /var/lib/extensions/debug-tools/usr/local/bin
sudo mkdir -p /var/lib/extensions/debug-tools/usr/lib/extension-release.d
sudo mkdir -p /var/lib/extensions/debug-tools/opt/debug-tools
sudo tee /var/lib/extensions/debug-tools/usr/lib/extension-release.d/extension-release.debug-tools >/dev/null <<'EOF'
ID=debian
VERSION_ID=12
SYSEXT_SCOPE=system
ARCHITECTURE=x86-64
EOF
sudo tee /var/lib/extensions/debug-tools/usr/lib/extension-release.d/extension-release.debug-tools >/dev/null <<'EOF'
ID=debian
VERSION_ID=12
SYSEXT_SCOPE=system
ARCHITECTURE=x86-64
EOF
sudo tee /var/lib/extensions/debug-tools/usr/lib/extension-release.d/extension-release.debug-tools >/dev/null <<'EOF'
ID=debian
VERSION_ID=12
SYSEXT_SCOPE=system
ARCHITECTURE=x86-64
EOF
sudo tee /var/lib/extensions/debug-tools/usr/local/bin/hello-sysext >/dev/null <<'EOF'
#!/usr/bin/env bash
set -euo pipefail
printf 'hello from systemd-sysext\n'
EOF sudo chmod 0755 /var/lib/extensions/debug-tools/usr/local/bin/hello-sysext
sudo tee /var/lib/extensions/debug-tools/usr/local/bin/hello-sysext >/dev/null <<'EOF'
#!/usr/bin/env bash
set -euo pipefail
printf 'hello from systemd-sysext\n'
EOF sudo chmod 0755 /var/lib/extensions/debug-tools/usr/local/bin/hello-sysext
sudo tee /var/lib/extensions/debug-tools/usr/local/bin/hello-sysext >/dev/null <<'EOF'
#!/usr/bin/env bash
set -euo pipefail
printf 'hello from systemd-sysext\n'
EOF sudo chmod 0755 /var/lib/extensions/debug-tools/usr/local/bin/hello-sysext
sudo tee /var/lib/extensions/debug-tools/opt/debug-tools/README.txt >/dev/null <<'EOF'
This file is provided by the debug-tools system extension.
EOF
sudo tee /var/lib/extensions/debug-tools/opt/debug-tools/README.txt >/dev/null <<'EOF'
This file is provided by the debug-tools system extension.
EOF
sudo tee /var/lib/extensions/debug-tools/opt/debug-tools/README.txt >/dev/null <<'EOF'
This file is provided by the debug-tools system extension.
EOF
sudo systemd-sysext refresh
sudo systemd-sysext refresh
sudo systemd-sysext refresh
systemd-sysext status
systemd-sysext status
systemd-sysext status
command -v hello-sysext
hello-sysext
ls -l /opt/debug-tools
cat /opt/debug-tools/README.txt
command -v hello-sysext
hello-sysext
ls -l /opt/debug-tools
cat /opt/debug-tools/README.txt
command -v hello-sysext
hello-sysext
ls -l /opt/debug-tools
cat /opt/debug-tools/README.txt
systemd-sysext list
systemd-sysext list
systemd-sysext list
sudo systemd-sysext unmerge
sudo systemd-sysext unmerge
sudo systemd-sysext unmerge
sudo systemd-sysext merge
sudo systemd-sysext merge
sudo systemd-sysext merge
sudo systemd-sysext refresh
sudo systemd-sysext refresh
sudo systemd-sysext refresh
sudo mkdir -p /var/lib/extensions/mytest
make
sudo DESTDIR=/var/lib/extensions/mytest make install
sudo mkdir -p /var/lib/extensions/mytest/usr/lib/extension-release.d
sudo tee /var/lib/extensions/mytest/usr/lib/extension-release.d/extension-release.mytest >/dev/null <<'EOF'
ID=debian
VERSION_ID=12
SYSEXT_SCOPE=system
ARCHITECTURE=x86-64
EOF
sudo systemd-sysext refresh
sudo mkdir -p /var/lib/extensions/mytest
make
sudo DESTDIR=/var/lib/extensions/mytest make install
sudo mkdir -p /var/lib/extensions/mytest/usr/lib/extension-release.d
sudo tee /var/lib/extensions/mytest/usr/lib/extension-release.d/extension-release.mytest >/dev/null <<'EOF'
ID=debian
VERSION_ID=12
SYSEXT_SCOPE=system
ARCHITECTURE=x86-64
EOF
sudo systemd-sysext refresh
sudo mkdir -p /var/lib/extensions/mytest
make
sudo DESTDIR=/var/lib/extensions/mytest make install
sudo mkdir -p /var/lib/extensions/mytest/usr/lib/extension-release.d
sudo tee /var/lib/extensions/mytest/usr/lib/extension-release.d/extension-release.mytest >/dev/null <<'EOF'
ID=debian
VERSION_ID=12
SYSEXT_SCOPE=system
ARCHITECTURE=x86-64
EOF
sudo systemd-sysext refresh
sudo mkdir -p /etc/extensions/debug-tools
sudo systemd-sysext refresh
sudo mkdir -p /etc/extensions/debug-tools
sudo systemd-sysext refresh
sudo mkdir -p /etc/extensions/debug-tools
sudo systemd-sysext refresh
sudo rmdir /etc/extensions/debug-tools
sudo systemd-sysext refresh
sudo rmdir /etc/extensions/debug-tools
sudo systemd-sysext refresh
sudo rmdir /etc/extensions/debug-tools
sudo systemd-sysext refresh
sudo systemd-sysext refresh
sudo systemd-sysext refresh
sudo systemd-sysext refresh - shipping optional troubleshooting tools
- testing a newer build of a low-level binary
- layering in site-specific files on top of a controlled base image
- keeping the base OS reproducible while still allowing operational flexibility - systemd-sysext merges only /usr and /opt
- files inside /etc and /var in the extension are ignored by sysext
- it is additive by design, even though overlayfs technically allows replacement behavior
- it is not the right tool for shipping system services early in boot - a Linux host with systemd-sysext available
- root access for installation into system extension paths
- overlayfs support in the kernel - /etc/extensions/
- /run/extensions/
- /var/lib/extensions/ - ID= should match your host OS family
- VERSION_ID= is the fallback compatibility gate
- ARCHITECTURE= should match the host architecture when set
- do not put os-release in the extension's /usr/lib, because that would shadow the host metadata - directory: debug-tools
- file: extension-release.debug-tools - I want dependency management
- I want normal upgrade and removal tracking
- I am distributing software broadly to many mixed systems
- the host is not trying to keep /usr controlled or reproducible - use sysext when you want extra files to appear in /usr or /opt
- use portable services when you want to ship services in an image and manage them as services, with service-level sandboxing - systemd-sysext man page: https://manpages.debian.org/bookworm-backports/systemd/systemd-sysext.8.en.html
- Portable Services introduction: https://systemd.io/PORTABLE_SERVICES/
- extension-release format reference: https://www.freedesktop.org/software/systemd/man/extension-release.html
- Discoverable Partitions Specification: https://uapi-group.org/specifications/specs/discoverable_partitions_specification/
