Support user provided repart defintions for extension and portable im…

…ages

Building an unsigned extension image with verity hashes provides data
integrity without needing a certificate on the target machine. Support
such setups by letting configured repart definition directories take
precedence over the built-in ones.

mkosi/__init__.py

@@ -3491,8 +3491,11 @@ def make_esp(context: Context, uki: Path) -> list[Partition]:
 
 
 def make_extension_or_portable_image(context: Context, output: Path) -> None:
-    unsigned = "-unsigned" if not want_verity(context.config) else ""
-    r = context.resources / f"repart/definitions/{context.config.output_format}{unsigned}.repart.d"
+    if context.config.repart_dirs:
+        definitions = context.config.repart_dirs
+    else:
+        unsigned = "-unsigned" if not want_verity(context.config) else ""
+        definitions = [context.resources / f"repart/definitions/{context.config.output_format}{unsigned}.repart.d"]
 
     cmdline: list[PathString] = [
         "systemd-repart",
@@ -3504,7 +3507,6 @@ def make_extension_or_portable_image(context: Context, output: Path) -> None:
         "--seed", str(context.config.seed) if context.config.seed else "random",
         "--empty=create",
         "--size=auto",
-        "--definitions", workdir(r),
         workdir(output),
     ]  # fmt: skip
     options: list[PathString] = [
@@ -3513,9 +3515,12 @@ def make_extension_or_portable_image(context: Context, output: Path) -> None:
         "--become-root",
         "--bind", output.parent, workdir(output.parent),
         "--ro-bind", context.root, "/buildroot",
-        "--ro-bind", r, workdir(r),
     ]  # fmt: skip
 
+    for d in definitions:
+        cmdline += ["--definitions", workdir(d)]
+        options += ["--ro-bind", d, workdir(d)]
+
     if not context.config.architecture.is_native():
         cmdline += ["--architecture", str(context.config.architecture)]
     if context.config.passphrase: