UKI Cleanup#2200
Conversation
Johan-Liebert1
added
the
ci/merge
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request refactors the UKI (Unified Kernel Image) build process to support passing explicit kernel and initramfs paths via CLI arguments, reducing reliance on auto-discovery within the rootfs. Key changes include updating the seal-uki and finalize-uki scripts to use named arguments, modifying Dockerfile stages to extract and clean up kernel components, and extending the Rust library and CLI to handle the new parameters. Review feedback identified a potential path resolution bug in the Rust file existence checks, a filename mismatch in the upgrade test Dockerfile, and suggested improvements for error handling and validation in the seal-uki script.
Johan-Liebert1
force-pushed
the
uki-cleanup
branch
from
cb42d78 to
8a3ed64
Compare
Johan-Liebert1
force-pushed
the
uki-cleanup
branch
7 times, most recently
from
66dc0e3 to
3a9dc2b
Compare
Johan-Liebert1
force-pushed
the
uki-cleanup
branch
from
3a9dc2b to
8e581d4
Compare
Johan-Liebert1
force-pushed
the
uki-cleanup
branch
from
8e581d4 to
503b07a
Compare
|
I think we should have the kernel and initrd as required arguments and thus only support the case where they are not in the rootfs anymore as I don't see a use case where someone would want a sealed image with both a UKI and split out kernel and initrd. Edit: That would break the current |
|
Hmm. I kind of lean towards not breaking it at least right away, it seems really easy to continue to support what we have now too. We could mark it deprecated though. |
Johan-Liebert1
force-pushed
the
uki-cleanup
branch
from
503b07a to
8a5c7ae
Compare
|
Failures are transient & volatile related. Maybe from #2201? |
Johan-Liebert1
force-pushed
the
uki-cleanup
branch
from
8a5c7ae to
cc8a2d8
Compare
github-actions
Bot
added
area/install
Johan-Liebert1
force-pushed
the
uki-cleanup
branch
from
f2c3424 to
667a0fd
Compare
Don't know if clap has a way to do this, if it does I couldn't find it. We just print our custom warning if |
Johan-Liebert1
force-pushed
the
uki-cleanup
branch
2 times, most recently
from
4d6bed6 to
20e2fed
Compare
Johan-Liebert1
force-pushed
the
uki-cleanup
branch
3 times, most recently
from
3e9a91e to
135915e
Compare
Johan-Liebert1
force-pushed
the
uki-cleanup
branch
4 times, most recently
from
866acdc to
c41bdc8
Compare
|
Converting to draft. Still needs a bit more work |
Johan-Liebert1
force-pushed
the
uki-cleanup
branch
4 times, most recently
from
f5c48ad to
e2b3c1d
Compare
Now that we can pass kernel and initrd paths to `bootc ukify`, rework our UKI Dockerfile to remove kernel + initrd from the final layer and only keep the UKI This still will not *remove* the kernel + initrd from the tarball but have whiteout instead See bootc-dev#2027 (comment) Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
vmlinuz and intrd should not be present in UKI images; add test for the same Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
So we can just use bootc to extract the `.linux` and `.initrd` sections from the UKI and not have to use objcopy Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
This command is equivalent to
`mv /target-root/usr/lib/modules/$kver/{vmlinuz,initramfs.img} /out/$kver`
We could just use `mv`, but having an actual bootc cmd is cleaner
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Johan-Liebert1
force-pushed
the
uki-cleanup
branch
from
e2b3c1d to
4df1993
Compare
|
This one's also ready for review |
|
|
||
| rootfs=${1:-/} | ||
|
|
||
| # Temporary: downgrade kernel to last 6.x when 7.0 or 7.1 is present. |
There was a problem hiding this comment.
This can probably be dropped
There was a problem hiding this comment.
f44 still seems to ship with 7.0
| umount /target-rootfs/etc/resolv.conf | ||
| } | ||
|
|
||
| # All network-fetching operations: package installs from distro repos, Copr, Koji. |
There was a problem hiding this comment.
On this topic also...since we're building the base image from scratch here, we can just use --install nowadays too instead.
There was a problem hiding this comment.
We could, but we have a lot of conditional installs for uki/bls which makes it a bit messy
Johan-Liebert1
force-pushed
the
uki-cleanup
branch
3 times, most recently
from
1630c09 to
d7e40d7
Compare
Since we do not want kernel + initrd in the final UKI dockerfile, we now build the initrd inside the `target-rootfs` generated by `bootc-base-imagectl`. Instead of rebuilding the initrd ourselves, now we add `/var/usr` directory to the target-rootfs with `--add-dir` cli option to bootc-base-imagectl. This directory contains our rpms and other configs required for building the initramfs After that's done we split the rootfs and vmlinuz + initrd into /target-rootfs and /kernel/$kver respectively Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Now since we need to build our initramfs before the `fetch` build stage, we need packages built first as we need `bootc` and `bootc-initramfs-setup` binaries Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Johan-Liebert1
force-pushed
the
uki-cleanup
branch
from
d7e40d7 to
3538344
Compare
3 participants
ukify: Allow passing custom kernel, initramfs
While building a sealed UKI image we'd want to remove the original
kernel + initramfs from the final image and have only the final UKI
present. This was not possible before as
bootc container ukifyexpected kernel + initramfs to be present in
usr/lib/modulesofcontainer root
Fixes: #2185
dockerfile/uki: Rework to remove kernel + initrd
Now that we can pass kernel and initrd paths to
bootc ukify, reworkour UKI Dockerfile to remove kernel + initrd from the final layer
and only keep the UKI
This still will not remove the kernel + initrd from the tarball but
have whiteout instead
See #2027 (comment)
test/integration: Test vmlinuz non-existence with UKI
vmlinuz and intrd should not be present in UKI images; add test for the
same