Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

separate steps for generating rootfs #2958

Merged
merged 1 commit into from
Dec 13, 2022
Merged

separate steps for generating rootfs #2958

merged 1 commit into from
Dec 13, 2022

Conversation

deitch
Copy link
Contributor

@deitch deitch commented Dec 7, 2022

This does not change anything in the output, only in the interim steps.

Current

Currently, we generate the rootfs.img by calling makerootfs.sh, which calls (simplified):

linuxkit build -o - $YML | docker run mkrootfs-squash

In other words, we build the OS root filesystem (left hand side of above) and pipe the tar stream to the container that creates squashfs (or ext4).

This works, but has two shortcomings:

  1. If we need to regenerate, we have to do the whole thing, both expensive parts.
  2. We cannot use the interim output tar for anything useful (like, perhaps, scanning for an SBoM or security)

Proposed

This PR breaks the above down into 2 steps:

  1. Generate the rootfs.tar file
  2. Use the tar file to generate the rootfs image (squashfs or ext4)

The rootfs.tar is in the dist/<arch>/<release>/ directory, but not in the installer/ subdir, as we do not need the tar file artifact in the final eve image.

A next step PR will add scanners, initial for an SBoM which will be included in installer/ and thus in the resulting image, but possibly also in other places (release artifacts), and future security scanners.

How

Change:

  • tools/makerootfs.sh to have 3 different operating modes, as well as use getopt to parse the CLI flags
  • Makefile to add a rootfstar target and several target changes
  • docs/BUILD.md to describe the new usage

@deitch deitch force-pushed the syft-scan-rootfs branch 4 times, most recently from 341d325 to 9f263cd Compare December 7, 2022 09:57
@deitch
Copy link
Contributor Author

deitch commented Dec 7, 2022
edited
Loading

I fixed most of the yetus complaints. All of the remaining yetus complaints are incorrect here.

giggsoff
giggsoff reviewed Dec 7, 2022
View reviewed changes
docs/BUILD.md Outdated Show resolved Hide resolved
docs/BUILD.md Outdated Show resolved Hide resolved
tools/makerootfs.sh Outdated Show resolved Hide resolved
docs/BUILD.md Outdated Show resolved Hide resolved
@deitch
separate steps for generating rootfs
34d149a 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
eriknordmark
eriknordmark approved these changes Dec 12, 2022
View reviewed changes
Copy link
Contributor

@eriknordmark eriknordmark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@eriknordmark eriknordmark merged commit 7daf158 into lf-edge:master Dec 13, 2022
@deitch deitch deleted the syft-scan-rootfs branch December 13, 2022 09:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@giggsoff giggsoff giggsoff left review comments

@eriknordmark eriknordmark eriknordmark approved these changes

@rvs rvs Awaiting requested review from rvs

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@deitch @giggsoff @eriknordmark