From e85353bc3532bc5fbe01c292204cc633c22a2f1c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Wed, 11 Jun 2025 11:07:55 +0200
Subject: [PATCH] chore: better compression for sysext images
---
flake.nix | 54 +++++++++++++++++----------------------------
lib/make-sysext.nix | 22 +++++++++++++++++-
2 files changed, 41 insertions(+), 35 deletions(-)
diff --git a/flake.nix b/flake.nix
index 3567477..cfbd77c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -46,45 +46,31 @@
name = "debug-tools";
version = "0.0.1";
packages = [
- { drv = pkgs.curl; path = "bin/curl"; }
- { drv = pkgs.bash; path = "bin/bash"; }
+ { drv = pkgs.curl; path = "bin/"; }
+ { drv = pkgs.bash; path = "bin/"; }
+ { drv = pkgs.keyutils; path = "bin/"; }
+ { drv = pkgs.gnutar; path = "bin/"; }
+ { drv = pkgs.strace; path = "bin/"; }
+ { drv = pkgs.cryptsetup; path = "bin/"; }
+ { drv = pkgs.erofs-utils; path = "bin/"; }
+ { drv = pkgs.binutils-unwrapped; path = "bin/"; }
+ { drv = pkgs.binutils-unwrapped.lib; path = "lib/"; }
+ { drv = pkgs.util-linuxMinimal; path = "bin/"; }
+ { drv = pkgs.util-linuxMinimal.mount; path = "bin/"; }
+ { drv = pkgs.util-linuxMinimal.login; path = "bin/"; }
+ { drv = pkgs.util-linuxMinimal.swap; path = "bin/"; }
{ drv = patosPkgs.glibc; path = "bin/ldd"; }
- { drv = pkgs.util-linux; path = "bin/sfdisk"; }
- { drv = pkgs.readline.out; path = "lib/libreadline.so.8.2"; }
- { drv = pkgs.readline.out; path = "lib/libreadline.so.8"; }
- { drv = pkgs.readline.out; path = "lib/libhistory.so.8.2"; }
- { drv = pkgs.readline.out; path = "lib/libhistory.so.8"; }
- { drv = pkgs.ncurses.out; path = "/lib/libncursesw.so.6.5"; }
- { drv = pkgs.ncurses.out; path = "/lib/libncursesw.so.6"; }
- { drv = pkgs.keyutils; path = "bin/keyctl"; }
- { drv = pkgs.gnutar; path = "bin/tar"; }
- { drv = pkgs.binutils-unwrapped; path = "bin/strings"; }
- { drv = pkgs.strace; path = "bin/strace"; }
{ drv = patosPkgs.tpm2-tools; path = "bin/tpm2"; }
{ drv = patosPkgs.openssl; path = "bin/openssl"; }
- { drv = pkgs.cryptsetup; path = "bin/cryptsetup"; }
- { drv = pkgs.cryptsetup; path = "bin/veritysetup"; }
- { drv = pkgs.erofs-utils; path = "bin/mkfs.erofs"; }
- # shared lib required for cryptsetup
- { drv = pkgs.popt; path = "lib/libpopt.so.0.0.2"; }
- { drv = pkgs.popt; path = "lib/libpopt.so.0"; }
- { drv = pkgs.popt; path = "lib/libpopt.so"; }
# shared lib required for mkfs.erofs
- { drv = pkgs.lz4.lib; path = "lib/liblz4.so.1.10.0"; }
- { drv = pkgs.lz4.lib; path = "lib/liblz4.so.1"; }
- { drv = pkgs.lz4.lib; path = "lib/liblz4.so"; }
- # shared lib required for binutils
- { drv = pkgs.binutils-unwrapped.lib; path = "lib/libsframe.so.1.0.0"; }
- { drv = pkgs.binutils-unwrapped.lib; path = "lib/libsframe.so.1"; }
- { drv = pkgs.binutils-unwrapped.lib; path = "lib/libbfd-2.44.so"; }
- { drv = pkgs.binutils-unwrapped.lib; path = "lib/libbfd.so"; }
+ { drv = pkgs.lz4.lib; path = "lib/"; }
+ # shared lib required for cryptsetup
+ { drv = pkgs.popt; path = "lib/"; }
# shared lib required for strace
- { drv = pkgs.elfutils.out; path = "lib/libdw-0.192.so"; }
- { drv = pkgs.elfutils.out; path = "lib/libdw.so.1"; }
- { drv = pkgs.elfutils.out; path = "lib/libdw.so"; }
- { drv = pkgs.elfutils.out; path = "lib/libelf-0.192.so"; }
- { drv = pkgs.elfutils.out; path = "lib/libelf.so.1"; }
- { drv = pkgs.elfutils.out; path = "lib/libelf.so"; }
+ { drv = pkgs.elfutils.out; path = "lib/"; }
+ # shared lib required for bash
+ { drv = pkgs.readline.out; path = "lib/"; }
+ { drv = pkgs.ncurses.out; path = "lib/"; }
];
};
};
diff --git a/lib/make-sysext.nix b/lib/make-sysext.nix
index 6de1e63..59b04cf 100644
--- a/lib/make-sysext.nix
+++ b/lib/make-sysext.nix
@@ -46,6 +46,7 @@ runCommand name
}
''
+ set -ex -o pipefail
do_copy () {
local prefix="$1"
local drv="$2"
@@ -60,6 +61,25 @@ runCommand name
destdir="$(dirname -- "$destfile")"
mkdir -pv "$destdir"
+
+ # recursively copy if ending with /
+ if [[ "$destfile" =~ /$ ]]; then
+ basedir="$(dirname -- "$destfile")"
+ chmod -R 755 "$basedir"
+ # remove if exists
+ for f in $srcfile/*; do
+ basename="$(basename -- "$f")"
+ rm -f "$destfile/$basename"
+ done
+ cp -rPv "$srcfile" "$basedir"
+ chmod -R 755 "$basedir"
+ for f in $destfile/*; do
+ patchelf --set-interpreter /lib/ld-linux-x86-64.so.2 $f || true
+ patchelf --set-rpath /usr/lib $f || true
+ done
+ return
+ fi
+
cp -Pv "$srcfile" "$destfile"
chmod 755 "$destfile"
@@ -79,7 +99,7 @@ runCommand name
pushd $out
find tree -type d -exec chmod 0755 {} \;
- mkfs.erofs --all-root $name.raw tree/
+ mkfs.erofs -zlz4hc,12 -C1048576 -Efragments,dedupe,ztailpacking --all-root $name.raw tree/
veritysetup format --root-hash-file $name.roothash $name.raw $name.verity
# TODO: pcks7 signature
# openssl smime -sign -nocerts -noattr -binary -in ${name}.roothash \