diff --git a/man/os-release.xml b/man/os-release.xml
index a7c60183ae..6be96cf8bc 100644
--- a/man/os-release.xml
+++ b/man/os-release.xml
@@ -17,6 +17,7 @@
os-release
initrd-release
+ extension-release
Operating system identification
@@ -24,6 +25,7 @@
/etc/os-release
/usr/lib/os-release
/etc/initrd-release
+ /usr/lib/extension-release.d/extension-release.IMAGE
@@ -94,6 +96,28 @@
above) work correctly. The rest of this document that talks about os-release
should be understood to apply to initrd-release too.
+
+
+ <filename>/usr/lib/extension-release.d/extension-release.<replaceable>IMAGE</replaceable></filename>
+
+ /usr/lib/extension-release.d/extension-release.IMAGE
+ for extension images plays the same role as os-release in the main system, and follows the
+ same syntax and rules as described in the Portable Services Documentation.
+ The purpose of this file is to allow the operating system to correctly match an extension image
+ to a base OS image, This is typically implemented by first checking that the ID=
+ options match, and if they do either SYSEXT_LEVEL= has to match too (preferred), or
+ as a fallback if that is not present VERSION_ID= is checked. This ensures that ABI/API
+ between the layers matches and no incompatible images are merged in an overlay.
+ It is preferred that the extension-release.IMAGE filename is suffixed
+ with the exact file name of the image that contains it, so that all such files in every layer of an overlay are visible.
+ But for the purpose of parsing metadata, in case it is not possible to guarantee that an image file name is stable
+ and doesn't change between the build and the deployment phases, the first and only file which name starts with
+ extension-release., is located in the same directory and is tagged with a
+ user.extension-release.strict xattr7
+ set to the string 0, will be parsed instead, if the one with the expected name cannot be found.
+ The rest of this document that talks about os-release should be understood to apply to
+ extension-release too.
+
@@ -373,7 +397,8 @@
A lower-case string (mostly numeric, no spaces or other characters outside of 0–9,
a–z, ".", "_" and "-") identifying the operating system extensions support level, to indicate which
- extension images are supported. See
+ extension images are supported. See /usr/lib/extension-release.d/extension-release.IMAGE,
+ initrd and
systemd-sysext8)
for more information.
@@ -436,6 +461,13 @@ VARIANT="Workstation Edition"
VARIANT_ID=workstation
+
+ <filename>extension-release</filename> file for an extension for Fedora Workstation 32
+
+ ID=fedora
+VERSION_ID=32
+
+
Reading <filename>os-release</filename> in
<citerefentry><refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum></citerefentry>
diff --git a/man/portablectl.xml b/man/portablectl.xml
index d798219d45..c5404db0ba 100644
--- a/man/portablectl.xml
+++ b/man/portablectl.xml
@@ -359,7 +359,11 @@
top of IMAGE when attaching/detaching. This argument can be specified
multiple times, in which case the order in which images are laid down follows the rules specified in
systemd.exec5
- for the ExtensionImages= directive.
+ for the ExtensionImages= directive. The image(s) must contain an
+ extension-release file with metadata that matches what is defined in the
+ os-release of IMAGE. See:
+ os-release5.
+
Note that the same extensions have to be specified, in the same order, when attaching
and detaching.
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 008cbe9af1..eadfc02421 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -428,6 +428,11 @@
paths. If the empty string is assigned, the entire list of mount paths defined prior to this is
reset.
+ Each image must carry a /usr/lib/extension-release.d/extension-release.IMAGE
+ file, with the appropriate metadata which matches RootImage=/RootDirectory=
+ or the host. See:
+ os-release5.
+
When DevicePolicy= is set to closed or
strict, or set to auto and DeviceAllow= is
set, then this setting adds /dev/loop-control with rw mode,