sys-apps/systemd: Avoid initrd bloat by using OpenSSL instead of gcrypt

systemd-journal's Forward Secure Sealing feature requires gcrypt, but Flatcar doesn't need it. Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
2026-05-05 04:06:33 +02:00 · 2025-04-07 18:35:18 +01:00 · 2025-04-07 18:35:18 +01:00 · 959e0715a9
commit 959e0715a9
parent e5ef9e4f36
2 changed files with 5 additions and 0 deletions
--- a/changelog/changes/2025-04-17-systemd-crypt.md
+++ b/changelog/changes/2025-04-17-systemd-crypt.md
@ -0,0 +1 @@
+- systemd now uses OpenSSL instead of gcrypt for cryptography to reduce the size of the initrd. This change disables systemd-journal's Forward Secure Sealing feature, but it is generally not useful for Flatcar.
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
@ -166,3 +166,7 @@ net-dns/bind-tools gssapi
 # Flatcar can't benefit from this performance boost for several reasons, the
 # main one being the use of binary packages.
 sys-kernel/dracut -dracut-cpio
+
+# Avoid initrd bloat by using OpenSSL instead of gcrypt in systemd.
+# systemd-journal's FSS feature requires gcrypt, but Flatcar doesn't need it.
+sys-apps/systemd -gcrypt
				`@ -0,0 +1 @@`
				`- systemd now uses OpenSSL instead of gcrypt for cryptography to reduce the size of the initrd. This change disables systemd-journal's Forward Secure Sealing feature, but it is generally not useful for Flatcar.`