Encrypted images are usually quite good to compress. For two reasons:
The file system is not 100% full. For example, SUSE Micro images are typically filled about 60%.
You might choose a weak encryption cipher intentionally. If you distribute images publicly you force the user to reencrypt the LUKS volume (typically on first start) anyway, as the master key is obviously publicly known. So you can use the null cipher, for example. cryptsetup reencrypt even supports this scheme by switching automatically from null to the default cipher.
It might make more sense to depend on the luks_randomize setting instead, as this makes the image truly incompressible.
Problem description
When building encrypted images, the final image is not compressed. Due to this condition here:
https://github.com/OSInside/kiwi/blob/main/kiwi/builder/disk.py#L402-L403
Expected behaviour
Encrypted images are usually quite good to compress. For two reasons:
nullcipher, for example.cryptsetup reencrypteven supports this scheme by switching automatically fromnullto the default cipher.It might make more sense to depend on the
luks_randomizesetting instead, as this makes the image truly incompressible.Steps to reproduce the behaviour
Build any LUKS encrypted OEM image.
OS and Software information