Sysroot-wrappers contains binaries installed to /usr/lib64/sysroot-wrappers,
but the profile referenced them through the 'lib -> lib64' symlink. Stop
relying on that symlink, which is not present in arm64 profiles, and is
not part of 17.1 amd64 profiles.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
With the switch from rkt to systemd-nspawn the ability for the service
to set the routing entries for the TCP load balancer got lost,
resulting in an unreachable LB as reported in
https://github.com/kinvolk/Flatcar/issues/459
The fix also reported there is to retain CAP_NET_ADMIN when starting
the service.
The vmlinuz kernel image gets installed to /usr/boot/ but isn't usable
for dm-verity until it gets copied over to /boot/flatcar/ and the hash
gets embedded at a particular offset. The file in /usr/boot/ uses space
while it's not having a real purpose as long as dm-verity is used.
Delete the vmlinuz file under /usr/boot/ to free up space. When
generating the ISO image we use the vmlinuz file from /boot/flatcar/
which also has the advantage that we only distribute a single vmlinuz
file with one particular checksum.
For consistency with code further down in the file: aarch64 cross compilation only applies when CBUILD is x86,
for native aarch64 builds rust is guaranteed to have aarch64 rustlibs.
Btrfs filesystems do not support a non-standard 64k page size on arm64
when the filesystem was created by a 4k page size system.
Use the default page size for arm64 to ensure compatibility with
btrfs filesystems created by amd64 systems.
With the default gzip compression the 60 MB limit for the vmlinuz
bundle of kernel+initramfs was reached. The limit comes from the size
of the /boot partition which is 128 MB large and the kernel needs to
fit twice, in addition to GRUB.
Use zstd for the initramfs as it provides a similar speed but better
compression. For the kernel we can't switch yet to zstd for arm64
but for amd64 it works.
The defaults already give more space than the ext4 defaults but it's
recommended to use the mixed mode for filesystems smaller than 1-5 GB.
Another aspect is the duplication of metadata and while it currently is
off it's actually related to the underlying block device and could
change as soon as the block device type changes.
Select the mixed mode that uses a merged area for data and metadata
blocks. Also ensure that no metadata duplication gets enabled
automatically.
The compression feature of btrfs allows us to store more in the
size-limited /usr and OEM partitions. The size should of course still
be monitored to not bloat the image but more headroom helps to try
things out quickly without hitting the hard limit which fails the
build.
Use btrfs for the OEM partition but with zlib compression because
the outdated GRUB version doesn't support zstd yet.
New subvolumes currently can't be used for the OEM partition as default
subvolumes because GRUB tries to read the grub.cfg from the top
subvolume (at least with our old version). (We could however use
subvolumes for the /usr partition when switching to btrfs if that
makes any sense.)
The limited /usr and OEM partiton size is a challenge when adding new
packages or updating a package. Since the disk layout can't be changed
for compatibility reasons when updating an existing instance, we can't
simply try out something without ensuring first that enough space is
there by removing something else. This situation can be relaxed by
leveraging btrfs compression. There was some support for btrfs but it
was a bit outdated and didn't allow to configure compression or setting
read-only flags.
Fix the btrfs support, allow to mark the default subvolume as read only
and add a compression variable that allows to select a compression
algorithm. Instead of enabling compression by setting the mount option,
we can set the filesystem attribute which has the benefit that
compression is still used with the default mount options for this (top)
directory and its contents. While for the ext2 /usr partition a hack
existed to force read-only mode by modifying some bytes and checking
these bytes could also be used to know if read-only should be used to
prevent corruption of dm-verity data, we rather check directly whether
dm-verity is active for this partition and mount it read-only (and
with the norecovery option to really prevent any write attempt).
The newly enabled update test performs an update from the built image
to itself. This is useful to test that the update mechanism didn't
break but it doesn't say if the built image will be accepted as update
from the previous official release.
Introduce an additional kola run that begins from the previous official
release and tests to update to the built image. Since the test does two
updates it also covers the case of updating from the built image to the
built image. Thus, we can skip the test in the normal run.
This new kola run is done first to keep the qemu-latest symlink valid
for the main test suite.
When performing a full bootstrap (stage1-4), the stage1 results are currently
discarded because of the logic in catalyst_build: the first build stage uses
the "seed" and every following stage uses the previous stages results *but*
stage1 is built before catalyst_build. So from the point of view of
catalyst_build, stage2 is the first one and uses the seed tarball.
To make sure stage1 results are used if it was built, set the SEED variable to
the latest stage1 location.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Due to unnecessary wildcard listings, ebuild files including all rc or
beta are being listed. Since `VERSION_OLD` is already generated as a
unique version, we do not need to list multiple files to filter by
running `head -n1` etc. We just need to use only the specific ebuild.
Simply list only the unique ebuild file.
Before passing runc versions to `sed '/-/!{s/$/_/}'`, we need to replace
`_` with `-`, because runc tarball files already have names like
`1.0.0_rc2`. Without the fix, version sort would `1.0.0` come before
`1.0.0_rc2`, which is not expected in the later steps.