search

kairos-io / kairos

:penguin: The immutable Linux meta-distribution for edge Kubernetes.
https://kairos.io
Apache License 2.0
1.11k stars 97 forks source link

feat: remove firmware in Ubuntu uki images #2565

Closed mudler closed 4 months ago

mudler commented 5 months ago

The firmware in the ubuntu image brings nearly ~500MB (see also the previous attempt in #2283 ).

We can drop the firmware in the core uki images such as those have to be consumed already in a process that includes remastering and customization - and document that we don't ship firmware and is left to the user to build images with the proper firmware.

@@ -229,8 +229,10 @@ FROM base-ubuntu-current AS kernel-ubuntu-24.04

 RUN apt-get update
 # If a kernel is already installed, don't try to install it again, this way the base image can
 # be non-hwe for older releases
+#RUN [ -z "$(ls -A /lib/modules/)" ] && apt-get install -y --no-install-recommends \
+#    linux-image-generic-hwe-24.04 || true
 RUN [ -z "$(ls -A /lib/modules/)" ] && apt-get install -y --no-install-recommends \
-    linux-image-generic-hwe-24.04 || true
+    amd64-microcode intel-microcode iucode-tool kmod linux-base linux-image-6.8.0-31-generic linux-modules-6.8.0-31-generic || true
 RUN apt-get clean && rm -rf /var/lib/apt/lists/*
ci-robbot commented 5 months ago

Hello mudler, thank you for opening this issue (kairos-io/kairos#2565). In order to meet the project's requirements, please provide a detailed description of the issue and, if it's a bug, the steps to reproduce it. Additionally, it would be helpful if you could mention the versions of the relevant artifacts being used. I apologize for any inconvenience this may cause, but as a bot, I have labeled this issue with 'enhancement' and 'triage' labels. Please update the issue with the necessary information to proceed with the review process. Remember, this is an experiment by @mudler and @jimmykarily. If you have any further questions, feel free to ask.

mauromorales commented 5 months ago

@mudler what do you think about #2566 ? I also like the idea of no firmware

bencorrado commented 5 days ago

For anyone who needs firmware and finds this you can install the firmware then remove the things you don't need. I figured this out by booting a system with firmware removed and grepping dmesg for firmware then noting the missing directories and adding them to the code below. This should go into a dockerfile before doing any enki packaging.

# Remove all files in /usr/lib/firmware except the specified ones in mediatek, i915, intel, amd, and their sub-directories
RUN find /usr/lib/firmware \
    ! -path "/usr/lib/firmware" \
    ! -path "/usr/lib/firmware/mediatek" \
    ! -path "/usr/lib/firmware/mediatek/*" \
    ! -path "/usr/lib/firmware/i915" \
    ! -path "/usr/lib/firmware/i915/*" \
    ! -path "/usr/lib/firmware/intel-ucode" \
    ! -path "/usr/lib/firmware/intel-ucode/*" \
    ! -path "/usr/lib/firmware/intel" \
    ! -path "/usr/lib/firmware/intel/*" \
    ! -path "/usr/lib/firmware/amd" \
    ! -path "/usr/lib/firmware/amd/*" \
    ! -path "/usr/lib/firmware/amd-ucode" \
    ! -path "/usr/lib/firmware/amd-ucode/*" \
    ! -path "/usr/lib/firmware/mediatek/*MT7922*.bin" \
    ! -path "/usr/lib/firmware/mediatek/*MT7922*.bin.zst" \
    -type f -exec rm -f {} \;