diff --git a/build.sh b/build.sh index 09a3d4c..97b532d 100755 --- a/build.sh +++ b/build.sh @@ -26,6 +26,7 @@ make_debug_archive () { # Finally compress /tmp/debugroot/usr into a zstd tarball at $DEBUG_TAR. # We actually only need usr because that's where all the relevant stuff lays anyways. + # TODO: needs really moving to erofs instead of tar tar --directory=/tmp/debugroot --create --file="$DEBUG_TAR" usr zstd --threads=0 --rm "$DEBUG_TAR" # --threads=0 automatically uses the optimal number } @@ -42,7 +43,6 @@ MAIN_UKI=${OUTPUT}.efi # Output main UKI path LIVE_UKI=${OUTPUT}_live.efi # Output live UKI path EROFS_UKI=${OUTPUT}_erofs.addon.efi # Output live UKI path DEBUG_TAR=${OUTPUT}_debug-x86-64.tar # Output debug archive path (.zst will be added) -ROOTFS_TAR=${OUTPUT}_root-x86-64.tar # Output rootfs tarball path (.zst will be added) ROOTFS_EROFS=${OUTPUT}_root-x86-64.erofs # Output erofs image path IMG=${OUTPUT}.raw # Output raw image path @@ -119,11 +119,6 @@ mount esp.raw esp.raw.mnt # Copy everything from /usr/share/factory/boot into esp.raw.mnt. cp --archive --recursive "${OUTPUT}/usr/share/factory/boot/." esp.raw.mnt -# FIXME a hack to remove the rootflags= from the live boot because they are not applicable -# Can be dropped once erofs is default and we don't need the addon anymore. -ukify build \ - --cmdline "kde-linux.erofs=1" \ - --output esp.raw.mnt/EFI/Linux/$EFI_BASE.efi.extra.d/erofs.addon.efi # We're done, unmount esp.raw.mnt. umount esp.raw.mnt @@ -135,15 +130,10 @@ cp "$MAIN_UKI" "${OUTPUT}/usr/share/factory/boot/EFI/Linux/$EFI" cd .. # and back to root -# Create rootfs tarball for consumption by systemd-sysext (doesn't currently support consuming raw images :() -rm -rf "$ROOTFS_TAR" ./*.tar -time tar -C "${OUTPUT}"/ --xattrs --xattrs-include=*.* -cf "$ROOTFS_TAR" . -time zstd -T0 --rm "$ROOTFS_TAR" - # Drop flatpak data from erofs. They are in the usr/share/factory and deployed from there. rm -rf "$OUTPUT/var/lib/flatpak" mkdir "$OUTPUT/var/lib/flatpak" # but keep a mountpoint around for the live session -time mkfs.erofs -d0 -zzstd -Efragments,ztailpacking "$ROOTFS_EROFS" "$OUTPUT" > /dev/null 2>&1 +time mkfs.erofs -d0 -zzstd:$ZSTD_LEVEL -Efragments,ztailpacking "$ROOTFS_EROFS" "$OUTPUT" > /dev/null 2>&1 cp --reflink=auto "$ROOTFS_EROFS" kde-linux.cache/root.raw # Now assemble the two generated images using systemd-repart and the definitions in mkosi.repart into $IMG. diff --git a/mkosi.extra/live/usr/bin/_calamares@subvol b/mkosi.extra/live/usr/bin/_calamares@subvol index dc8d771..7bbd60d 100755 --- a/mkosi.extra/live/usr/bin/_calamares@subvol +++ b/mkosi.extra/live/usr/bin/_calamares@subvol @@ -31,43 +31,20 @@ rm -rfv ./* btrfs subvolume sync . || true btrfs quota enable --simple . -if grep "kde-linux.erofs=1" /proc/cmdline; then - btrfs subvolume create @system - mkdir @system/boot @system/proc @system/sys @system/dev @system/run @system/usr - cp /dev/gpt-auto-root kde-linux_$IMAGE_VERSION.erofs +btrfs subvolume create @system +mkdir @system/boot @system/proc @system/sys @system/dev @system/run @system/usr +cp /dev/gpt-auto-root kde-linux_$IMAGE_VERSION.erofs - # Overmount calamares' mount with the subvol mount - mount -o "subvol=@system" "$device" "$ROOT" - mount -t proc proc "$ROOT/proc" - mount -t sysfs sys "$ROOT/sys" - mount -o bind /dev "$ROOT/dev" - mount -t tmpfs tmpfs "$ROOT/run" - mkdir "$ROOT/run/udev" # This is not part of @system but rather the $ROOT (do not move this to the mkdir list of @system!) - mount -o bind /run/udev "$ROOT/run/udev" - mount -t efivarfs efivarfs "$ROOT/sys/firmware/efi/efivars" - mount -o ro,X-mount.subdir=usr /dev/gpt-auto-root "$ROOT/usr" -else - btrfs subvolume create @kde-linux_$IMAGE_VERSION - cp -ra /system/. @kde-linux_$IMAGE_VERSION - btrfs subvolume create @home - btrfs subvolume create @root - btrfs subvolume create @locale - btrfs subvolume create @snap - btrfs subvolume create @var-overlay - btrfs subvolume create @etc-overlay - mkdir @var-overlay/upper @var-overlay/work @etc-overlay/upper @etc-overlay/work - - # Overmount calamares' mount with the subvol mount - mount -o "subvol=@kde-linux_$IMAGE_VERSION" "$device" "$ROOT" - mount -t proc proc "$ROOT/proc" - mount -t sysfs sys "$ROOT/sys" - mount -o bind /dev "$ROOT/dev" - mount -t tmpfs tmpfs "$ROOT/run" - mkdir "$ROOT/run/udev" # This is not part of @system but rather the $ROOT (do not move this to the mkdir list of @system!) - mount -o bind /run/udev "$ROOT/run/udev" - mount -t efivarfs efivarfs "$ROOT/sys/firmware/efi/efivars" - _kde-linux-overlay "$device" "$ROOT" -fi +# Overmount calamares' mount with the subvol mount +mount -o "subvol=@system" "$device" "$ROOT" +mount -t proc proc "$ROOT/proc" +mount -t sysfs sys "$ROOT/sys" +mount -o bind /dev "$ROOT/dev" +mount -t tmpfs tmpfs "$ROOT/run" +mkdir "$ROOT/run/udev" # This is not part of @system but rather the $ROOT (do not move this to the mkdir list of @system!) +mount -o bind /run/udev "$ROOT/run/udev" +mount -t efivarfs efivarfs "$ROOT/sys/firmware/efi/efivars" +mount -o ro,X-mount.subdir=usr /dev/gpt-auto-root "$ROOT/usr" # ESP is a bit tricky. Find the block device of the root partition and then we'll ask systemd for an ESP on that device. # ... and luks devices are even more tricky because we need to get the real device first @@ -95,19 +72,3 @@ systemd-tmpfiles --root="$ROOT" --exclude-prefix=/usr --create systemctl --root="$ROOT" preset-all systemctl --root="$ROOT" preset-all --global -if grep "kde-linux.erofs=1" /proc/cmdline; then - # Enable the erofs feature. This file will eventually need removing by a service file or something when erofs is full default. - mkdir --parents $ROOT/etc/sysupdate.d/erofs.feature.d/ - cat <<- EOF >> $ROOT/etc/sysupdate.d/erofs.feature.d/enable.conf -# Auto generated by KDE Linux installer. Enables EROFS rootfs. -[Feature] -Enabled=true -EOF - - mkdir --parents $ROOT/etc/sysupdate.d/tar.feature.d/ - cat <<- EOF >> $ROOT/etc/sysupdate.d/tar.feature.d/enable.conf -# Auto generated by KDE Linux installer. Disables tar rootfs. -[Feature] -Enabled=false -EOF -fi diff --git a/mkosi.extra/usr/bin/_kde-linux-overlay b/mkosi.extra/usr/bin/_kde-linux-overlay deleted file mode 100755 index 8c5f9ff..0000000 --- a/mkosi.extra/usr/bin/_kde-linux-overlay +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/sh -# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL -# SPDX-FileCopyrightText: 2023-2024 Harald Sitter - -set -ex - -rootdisk=/dev/disk/by-partlabel/KDELinux -if [ -b /dev/gpt-auto-root ]; then - # When the partition was auto detected we can just use the auto-root device - rootdisk=/dev/gpt-auto-root -elif [ -b /dev/disk/by-partlabel/KDEOS ]; then - rootdisk=/dev/disk/by-partlabel/KDEOS # Fallback for older images -fi -rootdisk=${1:-$rootdisk} -sysroot=${2:-/sysroot} - -# TODO should probably transition to .mount units or a generator instead -# NOTE: this is also called by calamares, so maybe mount units are a bad idea - -if [ -d "${sysroot}/system/@etc-overlay" ]; then - # already mounted - exit 0 -fi - -mount -v \ - -o rw,subvol=/ \ - "$rootdisk" "${sysroot}/system" - -# Make sure our subvolumes exist! In particular if we introduce subvolumes after installation. -# FIXME This is a bit garbage. It'd be much tidier if we could tell repart to do this for us. But in some sort of -# safe mode so it doesn't twiddle the partition table. - -[ -d "${sysroot}/system/@root" ] || btrfs subvolume create "${sysroot}/system/@root" - -# container storage benefits from not being inside a overlay filesystem -[ -d "${sysroot}/system/@containers" ] || btrfs subvolume create "${sysroot}/system/@containers" -[ -d "${sysroot}/system/@docker" ] || btrfs subvolume create "${sysroot}/system/@docker" - -# Clean up legacy volumes -# @locale is no longer used because we now generate all locales into the image -[ -d "${sysroot}/system/@locale" ] && btrfs subvolume delete "${sysroot}/system/@locale" - -mount -v \ - -o rw,subvol=@home \ - "$rootdisk" "${sysroot}/home" -mount -v \ - -o rw,subvol=@root \ - "$rootdisk" "${sysroot}/root" -mount -v \ - -o rw,subvol=@snap \ - "$rootdisk" "${sysroot}/snap" -mount -v \ - -t overlay \ - -o "rw,lowerdir=${sysroot}/etc,upperdir=${sysroot}/system/@etc-overlay/upper,workdir=${sysroot}/system/@etc-overlay/work,index=off,metacopy=off" \ - overlay "${sysroot}/etc" -mount -v \ - -t overlay \ - -o "rw,lowerdir=${sysroot}/var,upperdir=${sysroot}/system/@var-overlay/upper,workdir=${sysroot}/system/@var-overlay/work,index=off,metacopy=off" \ - overlay "${sysroot}/var" - -mkdir -p "${sysroot}/var/lib/containers" -mount -v \ - -o rw,subvol=@containers \ - "$rootdisk" "${sysroot}/var/lib/containers" - -mkdir -p "${sysroot}/var/lib/docker" -mount -v \ - -o rw,subvol=@docker \ - "$rootdisk" "${sysroot}/var/lib/docker" - -# TODO: should we maybe also mount /etc into the initrd /etc so we have early access to fstab and the like diff --git a/mkosi.extra/usr/bin/_kde-linux-rebuild-efi b/mkosi.extra/usr/bin/_kde-linux-rebuild-efi index 187c99b..4bf87d7 100755 --- a/mkosi.extra/usr/bin/_kde-linux-rebuild-efi +++ b/mkosi.extra/usr/bin/_kde-linux-rebuild-efi @@ -32,7 +32,7 @@ ukify build \ --output live.efi # lsm= defaulting to apparmor from https://wiki.archlinux.org/title/AppArmor -echo "rw rootflags=subvol=@kde-linux_$IMAGE_VERSION,compress=zstd:1 \ +echo "rw rootflags=subvol=@system,compress=zstd:1 \ lsm=landlock,lockdown,yama,integrity,apparmor,bpf \ vt.global_cursor_default=0 quiet splash loglevel=3" > cmdline mkinitcpio --config mkinitcpio.conf --generate initrd --kernel "$kernel_version" @@ -41,7 +41,3 @@ ukify build \ --initrd initrd \ --cmdline @cmdline \ --output kde-linux.efi - -ukify build \ - --cmdline "rootflags=subvol=@system,compress=zstd:1 kde-linux.erofs=1" \ - --output erofs.addon.efi diff --git a/mkosi.extra/usr/lib/systemd/system-generators/kde-linux-mount-generator b/mkosi.extra/usr/lib/systemd/system-generators/kde-linux-mount-generator index 3bfdc84..6dc5517 100755 --- a/mkosi.extra/usr/lib/systemd/system-generators/kde-linux-mount-generator +++ b/mkosi.extra/usr/lib/systemd/system-generators/kde-linux-mount-generator @@ -19,11 +19,6 @@ if grep "kde-linux.live=1" /proc/cmdline; then exit 0 fi -if ! grep "kde-linux.erofs=1" /proc/cmdline; then - echo "kde-linux.erofs=1 not in cmdline. Not generating mount units." - exit 0 -fi - if [ "$SYSTEMD_IN_INITRD" = "1" ]; then # The transition service in case the system needs transitioning still diff --git a/mkosi.extra/usr/lib/systemd/system/kde-linux-overlay.service b/mkosi.extra/usr/lib/systemd/system/kde-linux-overlay.service deleted file mode 100644 index 58b005e..0000000 --- a/mkosi.extra/usr/lib/systemd/system/kde-linux-overlay.service +++ /dev/null @@ -1,24 +0,0 @@ -# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL -# SPDX-FileCopyrightText: 2024 Harald Sitter - -[Unit] -Description=Overlay Root File System -DefaultDependencies=no -Requires=sysroot.mount -Conflicts=shutdown.target -After=sysroot.mount systemd-repart.service -Before=initrd-root-fs.target initrd-parse-etc.service shutdown.target -AssertPathExists=/etc/initrd-release -# On the live system we let systemd.volatile handle the overlay since we want to discard changes -ConditionKernelCommandLine=!kde-linux.live=1 -# The erofs system works by virtue of a systemd generator -ConditionKernelCommandLine=!kde-linux.erofs=1 -# Make sure the module is loaded -Wants=modprobe@overlay.service -After=modprobe@overlay.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/bin/_kde-linux-overlay -Restart=no diff --git a/mkosi.extra/usr/lib/sysupdate.d/erofs.feature b/mkosi.extra/usr/lib/sysupdate.d/erofs.feature index ee7ca37..3abec04 100644 --- a/mkosi.extra/usr/lib/sysupdate.d/erofs.feature +++ b/mkosi.extra/usr/lib/sysupdate.d/erofs.feature @@ -3,4 +3,4 @@ [Feature] Description=EROFS-based RootFS -Enabled=false +Enabled=true diff --git a/mkosi.extra/usr/lib/sysupdate.d/tar.feature b/mkosi.extra/usr/lib/sysupdate.d/tar.feature index 2753f4e..ab05b4a 100644 --- a/mkosi.extra/usr/lib/sysupdate.d/tar.feature +++ b/mkosi.extra/usr/lib/sysupdate.d/tar.feature @@ -3,4 +3,5 @@ [Feature] Description=Tar-based RootFS +# This continues to be enabled so the artifacts get vacuumed. Enabled=true