From 293b4acbb61c10823a6e94411f9b847b0510f56b Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan@amutable.com>
Date: Wed, 27 May 2026 14:41:22 +0000
Subject: [PATCH] Revert switch to systemd-sysinstall

systemd-sysinstall does not integrate with systemd-sysupdate
which means updates do not work when the system was installed
using systemd-sysinstall.

Specifically, the boot entries installed by systemd-sysinstall
are not removed when the system is updated by systemd-sysupdate.
until this addressed, revert the switch to systemd-sysinstall.
---
 README.md                                | 44 +++++++++---------------
 mkosi.extra/usr/lib/repart.d/00-esp.conf |  1 +
 mkosi.uki-profiles/20-install.conf       | 21 -----------
 3 files changed, 17 insertions(+), 49 deletions(-)
 delete mode 100644 mkosi.uki-profiles/20-install.conf

diff --git a/README.md b/README.md
index b123202e..49842d9f 100644
--- a/README.md
+++ b/README.md
@@ -181,36 +181,24 @@ as well.
 
 ## Installation
 
-Before installing ParticleOS, make sure that Secure Boot is in *setup*
-*mode* on the target system. The Secure Boot mode can be configured in
-the UEFI firmware interface of the target system. If there's an
-existing Linux installation on the target system already, run
-`systemctl reboot --firmware-setup` to reboot into the UEFI firmware
-interface. At the same time, make sure the UEFI firmware interface is
-password protected so an attacker cannot just disable Secure Boot
+Before installing ParticleOS, make sure that Secure Boot is in setup mode on the
+target system. The Secure Boot mode can be configured in the UEFI firmware
+interface of the target system. If there's an existing Linux installation on the
+target system already, run `systemctl reboot --firmware-setup` to reboot into
+the UEFI firmware interface. At the same time, make sure the UEFI firmware
+interface is password protected so an attacker cannot just disable Secure Boot
 again.
 
-To install ParticleOS with a USB drive, first build the image on an
-existing Linux system as described above. Then, write it to the USB
-drive with `mkosi burn /dev/<usb>`. Once written to the USB drive, plug
-the USB drive into the system onto which you'd like to install
-ParticleOS and boot into the USB drive via the firmware menu. Then,
-boot into the "Installer" UKI profile, which runs
-`systemd-sysinstall`. It will prompt for the target drive and any
-other details required, then partition the disk, copy ParticleOS onto
-it, set up the ESP via `bootctl install` and finally install a kernel
-via `bootctl link`. Once it completes, reboot into the target drive
-(i.e not the USB drive) and the default profile (i.e. not the
-installer one) to complete the installation.
-
-If you prefer to drive the install manually, boot into the "Live
-System" UKI profile instead. When you end up in the root shell, run
-`systemd-sysinstall` to install ParticleOS to the system's drive,
-then reboot as above. If you invoke `systemd-sysinstall` without
-arguments it will interactively query you for configuration
-parameters, as necessary. You may alternatively configure the new
-installation with command line parameters of the tool, see the
-systemd-sysinstall(8) man page for details.
+To install ParticleOS with a USB drive, first build the image on an existing
+Linux system as described above. Then, burn it to the USB drive with
+`mkosi burn /dev/<usb>`. Once burned to the USB drive, plug the USB drive into
+the system onto which you'd like to install ParticleOS and boot into the USB
+drive via the firmware. Then, boot into the "Installer" UKI profile. When you
+end up in the root shell, run
+`systemd-repart --dry-run=no --empty=force --defer-partitions=swap,root,home /dev/<drive>`
+to install ParticleOS to the system's drive. Finally, reboot into the target
+drive (not the USB) and the regular profile (not the installer one) to complete
+the installation.
 
 ## LUKS recovery key
 
diff --git a/mkosi.extra/usr/lib/repart.d/00-esp.conf b/mkosi.extra/usr/lib/repart.d/00-esp.conf
index 81a884ef..cac14753 100644
--- a/mkosi.extra/usr/lib/repart.d/00-esp.conf
+++ b/mkosi.extra/usr/lib/repart.d/00-esp.conf
@@ -3,5 +3,6 @@
 [Partition]
 Type=esp
 Format=vfat
+CopyFiles=/boot:/
 SizeMinBytes=1G
 SizeMaxBytes=1G
diff --git a/mkosi.uki-profiles/20-install.conf b/mkosi.uki-profiles/20-install.conf
deleted file mode 100644
index bbf31220..00000000
--- a/mkosi.uki-profiles/20-install.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[UKIProfile]
-Profile=
-        ID=install
-        TITLE=Installer
-
-Cmdline=
-        root=tmpfs
-        mount.usr=dissect
-        rd.systemd.mask=systemd-repart.service
-        systemd.mask=systemd-repart.service
-        systemd.unit=system-install.target
-        systemd.set-credential=passwd.plaintext-password.root:particleos
-        rw
-        audit=0
-        systemd.image_policy=esp=unprotected:xbootldr=unprotected+unused+absent:usr=signed:=ignore
-        systemd.image_filter=usr=ParticleOS_*:usr-verity=ParticleOS_*:usr-verity-sig=ParticleOS_*
-        ipe.enforce=0
-
-SignExpectedPcr=no