systemd-import-generator — Generator for automatically downloading disk images at boot
/usr/lib/systemd/system-generators/systemd-import-generator
systemd-import-generator may be used to automatically download disk images (tarballs or DDIs) via systemd-importd.service(8) at boot, based on parameters on the kernel command line or via system credentials. This is useful for automatically deploying an systemd-confext(8), systemd-sysext(8), systemd-nspawn(1)/ systemd-vmspawn(1) or systemd-portabled.service(8) image at boot. This provides functionality equivalent to importctl(1), but accessible via the kernel command line and system credentials.
systemd-import-generator implements
    systemd.generator(7).
systemd-import-generator understands the following
    kernel-command-line(7)
    parameters:
systemd.pull=¶This option takes a colon separate triplet of option string, local target image name
        and remote URL. The local target image name can be specified as an empty string, in which case the
        name is derived from the specified remote URL. The remote URL must using the
        "http://", "https://", "file://" schemes. The
        option string itself is a comma separated list of options:
Controls whether to mark the local image as read-only. If not specified read-only defaults to off.
Controls whether to cryptographically validate the download before installing it
            in place. Takes one of "no", "checksum", or
            "signature" (the default if not specified). For details see the
            --verify= of
            importctl(1).
            
Controls the image class to download, and thus ultimately the target directory
            for the image, depending on this choice the target directory
            /var/lib/extensions/, /var/lib/confexts/,
            /var/lib/machines/ or /var/lib/portables/ is
            selected.
Specification of exactly one of these options is mandatory.
Controls the type of resource to download, i.e. a (possibly compressed) tarball that needs to be unpacked into a file system tree, or (possibly compressed) raw disk image (DDI).
Specification of exactly one of these options is mandatory.
systemd.pull.success_action=, systemd.pull.failure_action=¶Controls whether to execute an action such as reboot, power-off and similar after
        completing the download successfully, or unsuccessfully. See
        SuccessAction=/FailureAction= on
        systemd.unit(5) for
        details about the available actions. If not specified, no action is taken, and the system will
        continue to boot normally.
systemd-import-generator supports the system credentials logic. The following credentials are used when passed in:
import.pull¶This credential should be a text file, with each line referencing one download
        operation. Each line should follow the same format as the value of the
        systemd.pull= kernel command line option described above.
Example 1. Download Configuration Extension
systemd.pull=raw,confext::https://example.com/myconfext.raw.gz
With a kernel command line option like the above a configuration extension DDI is downloaded automatically at boot from the specified URL, validated cryptographically, uncompressed and installed.
Example 2. Download System Extension (Without Validation)
systemd.pull=tar,sysext,verify=no::https://example.com/mysysext.tar.gz
With a kernel command line option like the above a system extension tarball is downloaded automatically at boot from the specified URL, uncompressed and installed – without any cryptographic validation. This is useful for development purposes in virtual machines and containers. Warning: do not deploy a system with validation disabled like this!