chore: better compression for sysext images

flake.nix

@@ -46,45 +46,31 @@
             name = "debug-tools";
             version = "0.0.1";
             packages = [
-              { drv = pkgs.curl; path = "bin/curl"; }
-              { drv = pkgs.bash; path = "bin/bash"; }
+              { drv = pkgs.curl; path = "bin/"; }
+              { drv = pkgs.bash; path = "bin/"; }
+              { drv = pkgs.keyutils; path = "bin/"; }
+              { drv = pkgs.gnutar; path = "bin/"; }
+              { drv = pkgs.strace; path = "bin/"; }
+              { drv = pkgs.cryptsetup; path = "bin/"; }
+              { drv = pkgs.erofs-utils; path = "bin/"; }
+              { drv = pkgs.binutils-unwrapped; path = "bin/"; }
+              { drv = pkgs.binutils-unwrapped.lib; path = "lib/"; }
+              { drv = pkgs.util-linuxMinimal; path = "bin/"; }
+              { drv = pkgs.util-linuxMinimal.mount; path = "bin/"; }
+              { drv = pkgs.util-linuxMinimal.login; path = "bin/"; }
+              { drv = pkgs.util-linuxMinimal.swap; path = "bin/"; }
               { drv = patosPkgs.glibc; path = "bin/ldd"; }
-              { drv = pkgs.util-linux; path = "bin/sfdisk"; }
-              { drv = pkgs.readline.out; path = "lib/libreadline.so.8.2"; }
-              { drv = pkgs.readline.out; path = "lib/libreadline.so.8"; }
-              { drv = pkgs.readline.out; path = "lib/libhistory.so.8.2"; }
-              { drv = pkgs.readline.out; path = "lib/libhistory.so.8"; }
-              { drv = pkgs.ncurses.out; path = "/lib/libncursesw.so.6.5"; }
-              { drv = pkgs.ncurses.out; path = "/lib/libncursesw.so.6"; }
-              { drv = pkgs.keyutils; path = "bin/keyctl"; }
-              { drv = pkgs.gnutar; path = "bin/tar"; }
-              { drv = pkgs.binutils-unwrapped; path = "bin/strings"; }
-              { drv = pkgs.strace; path = "bin/strace"; }
               { drv = patosPkgs.tpm2-tools; path = "bin/tpm2"; }
               { drv = patosPkgs.openssl; path = "bin/openssl"; }
-              { drv = pkgs.cryptsetup; path = "bin/cryptsetup"; }
-              { drv = pkgs.cryptsetup; path = "bin/veritysetup"; }
-              { drv = pkgs.erofs-utils; path = "bin/mkfs.erofs"; }
-              # shared lib required for cryptsetup
-              { drv = pkgs.popt; path = "lib/libpopt.so.0.0.2"; }
-              { drv = pkgs.popt; path = "lib/libpopt.so.0"; }
-              { drv = pkgs.popt; path = "lib/libpopt.so"; }
               # shared lib required for mkfs.erofs
-              { drv = pkgs.lz4.lib; path = "lib/liblz4.so.1.10.0"; }
-              { drv = pkgs.lz4.lib; path = "lib/liblz4.so.1"; }
-              { drv = pkgs.lz4.lib; path = "lib/liblz4.so"; }
-              # shared lib required for binutils
-              { drv = pkgs.binutils-unwrapped.lib; path = "lib/libsframe.so.1.0.0"; }
-              { drv = pkgs.binutils-unwrapped.lib; path = "lib/libsframe.so.1"; }
-              { drv = pkgs.binutils-unwrapped.lib; path = "lib/libbfd-2.44.so"; }
-              { drv = pkgs.binutils-unwrapped.lib; path = "lib/libbfd.so"; }
+              { drv = pkgs.lz4.lib; path = "lib/"; }
+              # shared lib required for cryptsetup
+              { drv = pkgs.popt; path = "lib/"; }
               # shared lib required for strace
-              { drv = pkgs.elfutils.out; path = "lib/libdw-0.192.so"; }
-              { drv = pkgs.elfutils.out; path = "lib/libdw.so.1"; }
-              { drv = pkgs.elfutils.out; path = "lib/libdw.so"; }
-              { drv = pkgs.elfutils.out; path = "lib/libelf-0.192.so"; }
-              { drv = pkgs.elfutils.out; path = "lib/libelf.so.1"; }
-              { drv = pkgs.elfutils.out; path = "lib/libelf.so"; }
+              { drv = pkgs.elfutils.out; path = "lib/"; }
+              # shared lib required for bash
+              { drv = pkgs.readline.out; path = "lib/"; }
+              { drv = pkgs.ncurses.out; path = "lib/"; }
             ];
           };
         };

lib/make-sysext.nix

@@ -46,6 +46,7 @@ runCommand name
 
   }
   ''
+    set -ex -o pipefail
     do_copy () {
       local prefix="$1"
       local drv="$2"
@@ -60,6 +61,25 @@ runCommand name
       destdir="$(dirname -- "$destfile")"
 
       mkdir -pv "$destdir"
+
+      # recursively copy if ending with /
+      if [[ "$destfile" =~ /$ ]]; then
+        basedir="$(dirname -- "$destfile")"
+        chmod -R 755 "$basedir"
+        # remove if exists
+        for f in $srcfile/*; do
+          basename="$(basename -- "$f")"
+          rm -f "$destfile/$basename"
+        done
+        cp -rPv "$srcfile" "$basedir"
+        chmod -R 755 "$basedir"
+        for f in $destfile/*; do
+          patchelf --set-interpreter /lib/ld-linux-x86-64.so.2 $f || true
+          patchelf --set-rpath /usr/lib $f || true
+        done
+        return
+      fi
+
       cp -Pv "$srcfile" "$destfile"
 
       chmod 755 "$destfile"
@@ -79,7 +99,7 @@ runCommand name
 
     pushd $out
     find tree -type d -exec chmod 0755 {} \;
-    mkfs.erofs --all-root $name.raw tree/
+    mkfs.erofs -zlz4hc,12 -C1048576 -Efragments,dedupe,ztailpacking --all-root $name.raw tree/
     veritysetup format --root-hash-file $name.roothash $name.raw $name.verity
     # TODO: pcks7 signature
     # openssl smime -sign -nocerts -noattr -binary -in ${name}.roothash \