Build ZFS sysext with each release

.github/workflows/ci.yaml

@@ -185,7 +185,7 @@ jobs:
           ./run_sdk_container -n "${container_name}" \
                   ./build_image --board="${arch}-usr" --group="${channel}" \
                                 --output_root="${CI_CONTAINER_ARTIFACT_ROOT}" \
-                                prodtar container
+                                prodtar container sysext
 
       - name: Build VM image(s)
         shell: bash

.github/workflows/portage-stable-packages-list

@@ -312,6 +312,7 @@ eclass/cmake-multilib.eclass
 eclass/cmake.eclass
 eclass/desktop.eclass
 eclass/distutils-r1.eclass
+eclass/dist-kernel-utils.eclass
 eclass/eapi7-ver.eclass
 eclass/eapi8-dosym.eclass
 eclass/edo.eclass
@@ -540,6 +541,8 @@ sys-fs/multipath-tools
 sys-fs/quota
 sys-fs/squashfs-tools
 sys-fs/xfsprogs
+sys-fs/zfs
+sys-fs/zfs-kmod
 
 sys-kernel/linux-headers
 

build_image

@@ -104,15 +104,18 @@ fi
 . "${BUILD_LIBRARY_DIR}/dev_container_util.sh" || exit 1
 . "${BUILD_LIBRARY_DIR}/test_image_content.sh" || exit 1
 . "${BUILD_LIBRARY_DIR}/vm_image_util.sh" || exit 1
+. "${BUILD_LIBRARY_DIR}/extra_sysexts.sh" || exit 1
 
 PROD_IMAGE=0
 PROD_TAR=0
 CONTAINER=0
+SYSEXT=0
 for arg in "$@"; do
   case "${arg}" in
     prod) PROD_IMAGE=1 ;;
     prodtar) PROD_IMAGE=1 PROD_TAR=1 ;;
     container) CONTAINER=1 ;;
+    sysext) SYSEXT=1 ;;
     *)    die_notrace "Unknown image type ${arg}" ;;
   esac
 done
@@ -124,7 +127,7 @@ if [[ ${skip_test_build_root} -ne 1 ]]; then
 fi
 
 # Handle existing directory.
-if [[ -e "${BUILD_DIR}" ]]; then
+if [[ -e "${BUILD_DIR}" ]] && [[ "${PROD_IMAGE}" = 1 ]]; then
   if [[ ${FLAGS_replace} -eq ${FLAGS_TRUE} ]]; then
     sudo rm -rf "${BUILD_DIR}"
   else
@@ -177,6 +180,9 @@ if [[ "${PROD_IMAGE}" -eq 1 ]]; then
     create_prod_tar ${FLATCAR_PRODUCTION_IMAGE_NAME}
   fi
 fi
+if [[ "${SYSEXT}" -eq 1 ]]; then
+  create_prod_sysexts "${FLATCAR_PRODUCTION_IMAGE_NAME}"
+fi
 
 if [[ ${FLAGS_generate_update} -eq ${FLAGS_TRUE} ]] || \
    [[ ${FLAGS_extract_update} -eq ${FLAGS_TRUE} ]]

build_library/extra_sysexts.sh

@@ -0,0 +1,3 @@
+EXTRA_SYSEXTS=(
+  zfs:sys-fs/zfs
+)

build_library/prod_image_util.sh

@@ -247,3 +247,39 @@ create_prod_tar() {
   sudo losetup --detach "${lodev}"
   upload_image "${container}"
 }
+
+create_prod_sysexts() {
+  local image_name="$1"
+  local image_sysext_base="${image_name%.bin}_sysext.squashfs"
+  local to_upload=()
+  for sysext in "${EXTRA_SYSEXTS[@]}"; do
+    local name="flatcar-${sysext%:*}"
+    local pkg="${sysext#*:}"
+    local mangle_script="${BUILD_LIBRARY_DIR}/sysext_mangle_${name}"
+    if [[ ! -x "${mangle_script}" ]]; then
+      mangle_script=
+    fi
+    sudo rm -f "${BUILD_DIR}/${name}.raw" \
+	"${BUILD_DIR}/flatcar-test-update-${name}.gz" \
+	"${BUILD_DIR}/${name}_*"
+    sudo "${SCRIPT_ROOT}/build_sysext" --board="${BOARD}" \
+        --squashfs_base="${BUILD_DIR}/${image_sysext_base}" \
+	--image_builddir="${BUILD_DIR}" \
+	${mangle_script:+--manglefs_script=${mangle_script}} \
+	"${name}" "${pkg}"
+    delta_generator \
+      -private_key "/usr/share/update_engine/update-payload-key.key.pem" \
+      -new_image "${BUILD_DIR}/${name}.raw" \
+      -out_file "${BUILD_DIR}/flatcar_test_update-${name}.gz"
+    to_upload+=(
+        "${BUILD_DIR}/${name}.raw"
+        "${BUILD_DIR}/${name}_contents.txt"
+        "${BUILD_DIR}/${name}_contents_wtd.txt"
+        "${BUILD_DIR}/${name}_disk_usage.txt"
+        "${BUILD_DIR}/${name}_packages.txt"
+        "${BUILD_DIR}/flatcar_test_update-${name}.gz"
+    )
+  done
+  upload_image -d ${BUILD_DIR}/sysexts.DIGESTS "${to_upload[@]}"
+}
+

build_library/sysext_mangle_flatcar-zfs

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+set -euo pipefail
+rootfs="${1}"
+
+pushd "${rootfs}"
+
+rm -rf ./usr/{lib/debug/,lib64/cmake/,include/}
+rm -rf ./usr/lib/dracut/
+rm -rf ./usr/share/initramfs-tools
+rm -rf ./usr/src
+
+mkdir -p ./usr/share/zfs/etc
+rm -rf ./etc/{csh.env,environment.d/,profile.env}
+cp -a ./etc/. ./usr/share/zfs/etc/
+
+pushd ./usr/lib/systemd/system
+while read cmd unit; do
+  if [ "$cmd" = enable ]; then
+    target=$(awk -F= '/WantedBy/ { print $2 }' $unit)
+    mkdir -p "${target}.wants"
+    ln -svr "${unit}" "${target}".wants/
+  fi
+done < <(grep -v '^#' "${rootfs}"/usr/lib/systemd/system-preset/50-zfs.preset)
+mkdir -p "multi-user.target.d"
+{ echo "[Unit]"; echo "Upholds=zfs.target"; } > "multi-user.target.d/10-zfs.conf"
+popd
+
+mkdir -p ./usr/lib/tmpfiles.d
+cat <<EOF >./usr/lib/tmpfiles.d/10-zfs.conf
+d  /etc/zfs                                                 0755  root  root  -  -
+L  /etc/zfs/zed.d                                           -     -     -     -  /usr/share/zfs/etc/zfs/zed.d
+L  /etc/zfs/zfs-functions                                   -     -     -     -  /usr/share/zfs/etc/zfs/zfs-functions
+L  /etc/zfs/zpool.d                                         -     -     -     -  /usr/share/zfs/etc/zfs/zpool.d
+C  /etc/systemd/system/systemd-udevd.service.d/10-zfs.conf  -     -     -     -  /usr/lib/systemd/system/systemd-udevd.service.d/10-zfs.conf
+EOF
+
+mkdir -p ./usr/lib/systemd/system/systemd-udevd.service.d
+cat <<EOF >./usr/lib/systemd/system/systemd-udevd.service.d/10-zfs.conf
+[Unit]
+After=systemd-sysext.service
+EOF
+popd

build_sysext

@@ -217,9 +217,13 @@ for package; do
     --usepkgonly \
     --getbinpkg \
     --verbose \
+    --jobs=${NUM_JOBS} \
     "${package}"
 done
 
+# Make squashfs generation more reproducible.
+export SOURCE_DATE_EPOCH=$(stat -c '%Y' "${BUILD_DIR}/fs-root/usr/lib/os-release")
+
 # Unmount in order to get rid of the overlay
 umount "${BUILD_DIR}/install-root"
 umount "${BUILD_DIR}/fs-root"

changelog/changes/2024-03-13-zfs.md

@@ -0,0 +1 @@
+- Provided a ZFS-2.2.2 Flatcar extension as optional systemd-sysext image with the release. Write 'zfs' to `/etc/flatcar/enabled-sysext.conf` through Ignition and the sysext will be installed during provisioning. ZFS support is experimental and ZFS is not supported for the root partition. ([flatcar/scripts#1742](https://github.com/flatcar/scripts/pull/1742))

ci-automation/image.sh

@@ -103,7 +103,7 @@ function _image_build_impl() {
                           --base_sysexts="${base_sysexts_param}" \
                           --output_root="${CONTAINER_IMAGE_ROOT}" \
                           --only_store_compressed \
-                          prodtar container
+                          prodtar container sysext
 
     # copy resulting images + push to buildcache
     local images_out="images/"

sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild

@@ -88,6 +88,7 @@ RDEPEND="${RDEPEND}
 	app-admin/sdnotify-proxy
 	app-admin/sudo
 	app-admin/toolbox
+	app-alternatives/awk
 	app-arch/gzip
 	app-arch/bzip2
 	app-arch/lbzip2
@@ -157,7 +158,6 @@ RDEPEND="${RDEPEND}
 	sys-apps/diffutils
 	sys-apps/ethtool
 	sys-apps/findutils
-	sys-apps/gawk
 	sys-apps/gptfdisk
 	sys-apps/grep
 	sys-apps/ignition

sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild

@@ -34,4 +34,5 @@ RDEPEND="
 	coreos-base/coreos
 	coreos-base/coreos-dev
 	coreos-base/flatcar-eks
+	sys-fs/zfs
 	"

sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-fs/zfs

@@ -0,0 +1,4 @@
+cros_post_src_install_rm_systemd_masks() {
+	rm "${D}$(systemd_get_systemunitdir)"/zfs-load-key.service
+	rm "${D}$(systemd_get_systemunitdir)"/zfs-import.service
+}

sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-fs/zfs-kmod

@@ -0,0 +1,2 @@
+: ${MODULES_ROOT:=$(echo ${SYSROOT}/lib/modules/*)}
+KERNEL_DIR="${MODULES_ROOT}/build"

sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass

@@ -187,6 +187,7 @@ shred_keys() {
 # Populate /lib/modules/$(uname -r)/{build,source}
 install_build_source() {
 	local kernel_arch=$(tc-arch-kernel)
+	local host_kernel_arch=$(tc-ninja_magic_to_arch kern "${CBUILD}")
 
 	# NOTE: We have to get ${archabspaths} before removing symlinks under
 	# /usr/lib/modules. However, do not exclude "dt-bindings" for now,
@@ -232,6 +233,7 @@ install_build_source() {
 	# or arm64.
 	{
 		echo source/Makefile
+		find source/arch/${host_kernel_arch} -follow -maxdepth 1 -name 'Makefile*' -print
 		find source/arch/${kernel_arch} -follow -maxdepth 1 -name 'Makefile*' -print
 		find source/arch/${kernel_arch} -follow \( -name 'module.lds' -o -name 'Kbuild.platforms' -o -name 'Platform' \) -print
 		find $(find source/arch/${kernel_arch} -follow \( -name include -o -name scripts \) -follow -type d -print) -print
@@ -243,6 +245,22 @@ install_build_source() {
 		--owner=root:root \
 		--dereference \
 		"${D}/usr/lib/modules/${KV_FULL}" || die
+	# ./build/source is a symbolic link so cpio ends up creating an empty dir.
+	# Restore the symlink.
+	pushd "${D}/usr/lib/modules/${KV_FULL}"
+	rmdir build/source || die
+	ln -sr source build || die
+	# Symlink includes into the build directory to resemble Ubuntu's /lib/modules
+	# layout. This lets the Nvidia driver build when passing SYSSRC=/lib/modules/../build
+	# instead of requiring SYSOUT/SYSSRC.
+	{
+		find source/include -mindepth 1 -maxdepth 1 -type d
+		find source/arch/${kernel_arch}/include -mindepth 1 -maxdepth 1 -type d
+	} | while read src; do
+		dst="${src/source/build}"
+		ln -sr "${src}" "${dst}" || die
+	done || die
+	popd
 }
 
 coreos-kernel_pkg_pretend() {

sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.provided

@@ -3,3 +3,6 @@ virtual/mta-1
 
 # pulled in by dev-libs/cyrus-sasl
 net-mail/mailbase-1.1
+
+# Only installs openrc files
+sys-fs/udev-init-scripts-35

sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use

@@ -156,3 +156,5 @@ app-containers/docker-cli hardened
 # The vanilla USE flag must be enabled if python is disabled.
 sys-apps/policycoreutils vanilla -python
 sys-libs/libsemanage -python
+
+sys-fs/zfs minimal -rootfs

sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild

@@ -10,7 +10,7 @@ CROS_WORKON_REPO="https://github.com"
 if [[ "${PV}" == 9999 ]]; then
 	KEYWORDS="~amd64 ~arm ~arm64 ~x86"
 else
-	CROS_WORKON_COMMIT="0bade95d3b33b75b6c827d2db2f9298aff0ca05f" # flatcar-master
+	CROS_WORKON_COMMIT="08125679df614d1e95c20ea7676ba19c56838103" # flatcar-master
 	KEYWORDS="amd64 arm arm64 x86"
 fi