Merge oci2sysext with enki https://github.com/kairos-io/oci2sysext (or documentation)

kairos-io / kairos

:penguin: The immutable Linux meta-distribution for edge Kubernetes.

https://kairos.io

Apache License 2.0

1.05k stars 91 forks source link

Merge oci2sysext with enki https://github.com/kairos-io/oci2sysext (or documentation) #2631

Open jimmykarily opened 2 months ago

jimmykarily commented 2 months ago

Let make an enki command that does exactly the same. We should either make it a library and import it or otherwise archive the old repo (to avoid duplication).

Itxaka commented 1 month ago

Does this make sense now?

What oci2sysext does its just a simple squashfs image but what we want is what systemd-repart does, which is a image with 3 partitions, one root, one verity and one hash, all in erofs (RO fs)

This currently wont work for our usecase so I rather have it dropped for now.

Itxaka commented 1 month ago

cc @mudler

mudler commented 1 month ago

Does this make sense now?

It does

What oci2sysext does its just a simple squashfs image but what we want is what systemd-repart does, which is a image with 3 partitions, one root, one verity and one hash, all in erofs (RO fs)

That's the least interesting bit of oci2sysext, what we care about is the interface. It takes a container image, and builds a sysext around it.

This currently wont work for our usecase so I rather have it dropped for now.

As-is it won't, no, so we can take from oci2sysext only the container image extraction part, and plug it in a command that generates a valid sysext with verity and such

mudler commented 1 month ago

Example of dockerfile that would feeded to oci2sysext:

FROM <kairos_release:X>

RUN apt-get install tailscale

# this installs a bunch of stuff in /usr

Oci2sysext then packs the difference over a systemd-extension