We currently use gzip together with pigz (parallel gzip) for importing
container images, and this is a lengthy operation (takes multiple minutes). By
moving to zstd we gain on all fronts: zstd produces smaller files, and is
faster to decompress/compress then pigz while using less resources.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
The folders are not created through "keepdir" which results in tmpfiles
rules but an explict tmpfiles file. This is error prone and we should
try to move to "keepdir" instead but for the backport, just add the
missing line.
- remove unecessary files
- drop `pkg_postint`
- create `/etc/ssl` with tmpfiles
- mark openssl as stable for arm64 and amd64
- continue shipping app-misc/c_rehash
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Signed-off-by: Dongsu Park <dpark@linux.microsoft.com>
`build_image` depends on accesss to the torcx manifest and the "content
addressable nature" of the directory. We currently rely on the torcx output
root structure being preserved in the container image.
While we're moving the torcx output root out of the container image, preserve
its contents so that they can be restored from bincache.
The SDK container bind mounts __build__/images to the containers image
directory, but the CI uses a different path for images. This causes issues when
building the oem sysext, because it requires mounting an overlayfs. The current
path (~/build/...) is an overlayfs and an ovlerayfs can't be an upper
directory.
Align the CONTAINER_IMAGE_ROOT and CONTAINER_TORCX_ROOT values with standard
practices to that oem sysext building in jenkins ci works.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
After changes to the inode size, the sysext installation runs out of
space because the installation happens on a mounted production image.
This is problematic because the /usr partition is only 1024MB in size
and gets full. Mount a temporary overlay so that we can use that for
installation, and discard it afterwards.
This also means we no longer need to disable verity and in fact could
live without copying the prod image. I won't make that change since
we're working on a new script to automate building of sysexts using the
overlay approach.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Inode sizes smaller than 256:
- don't support extended metadata (nanosecond timestamp resolution)
- cannot handle dates beyond 2038
- are deprecated
Change the default from 128 to 256. There is no way to apply this change on a
mounted filesystem so this change will only apply to new deployments.
Fixes: flatcar/flatcar#1082
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
