kairos icon indicating copy to clipboard operation
kairos copied to clipboard

Published 20 hours ago verified publisher icon kairos-io

feat: Auto build sysext overlay for standard UKI images

Open bencorrado opened this issue 1 year ago • 2 comments

Is your feature request related to a problem? Please describe.

When building a UKI image the firmware of devices can regularly limit the total UKI image size causing a malloc issue that prevents the system from booting. On many firmware packages this appears to not directly be linked to system resources where adding more RAM/disk does not fix the issue.

This creates an issue when creating large UKI files that contain a full rootfs as the system will not boot on some systems. Even jus enabling standard over core variant can cause issues for a lot of hardware.

Right now packaging the sysext and adding it to a UKI ISO build is a manual process.

Describe the solution you'd like

We should attempt to load things into sysext instead of into the rootfs. for standard packaging. Prepackaging a standard variant sysext and having the build process know that when there is a VARIANT=standard and BOOTLOADER=systemd-boot it should not build this into the rootfs like the other standard images, but instead at the osbuilder/enki stage layer on the right sysext as an overlay.

Describe alternatives you've considered

Additional context

Recovery and reset do NOT load sysext by default. If the software placed into the sysext is expected to be used here we should alert the user in docs. We should make sure installer runs the sysext as much of the standard variant needs this (might be there, I have not verified)

bencorrado avatar Oct 14 '24 19:10 bencorrado

Completion of this could revert https://github.com/kairos-io/kairos/pull/2940

bencorrado avatar Oct 14 '24 19:10 bencorrado

This is a good point but I think the changes migth be part of the earthly file maybe?

Like we could do an extra target that its for developers only that does:

  • Build base image or get it from remote
  • Build and sign whatever sysexts we use on standard (k3s, k9s, provider-kairos)
  • Build the uki iso with the iso-overlay pointing to our built+signed sysext

That way we mainly reuse everything in there with the keys and such and it would be really simple to implement (a few lines of earthly).

We are still experimenting with UKI and sysexts thought, but for example I set an automated service that builds and pushes sysext-ready docker images: https://github.com/Itxaka/sysext-examples

This is bumping and pushing them to several repos, i.e.:

  • https://quay.io/repository/itxaka/k3s?tab=tags
  • https://quay.io/repository/itxaka/tailscale?tab=tags

and so on.

Those can be easily consumed by the enki sysext command to build signed sysext ready for kairos. So we could use those to build the core uki + standard extras easily.

We also wanted to leverage the sysext in non-uki formats as well (except alpine :() in order to have a more cohesive release process, i.e. Build just core, provide sysexts or commands to easily build sysexts for both types (uki and non-uki)

Itxaka avatar Oct 15 '24 12:10 Itxaka

We did this: https://github.com/kairos-io/kairos/pull/2929/files but it needs a release to get something built.

jimmykarily avatar Nov 04 '24 16:11 jimmykarily