-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch to 23.0 profiles #2287
Switch to 23.0 profiles #2287
Conversation
CI passed. |
Build action triggered: https://github.com/flatcar/scripts/actions/runs/11145812491 |
It's from Gentoo commit 0e727a3a16bc2abfd39386f10821d3e5ce89c45a.
6225e8f
to
089aeab
Compare
Rerun the CI, still works. |
This also gets rid of the long messages about using deprecated profiles everytime we call |
I see a smaller size of the initrd vs the current nightly, which is great. I do not have the actual comparison available as there is no github actions run, do you know what got axed? |
My guess would be that this is unrelated to my PR, but rather to the kernel update that got merged too. But I checked the report, and it says: BEGIN_REPORT: All 0 newly added files: All 0 just deleted files: Top 10 grown in size files (of 283 files total): ./rootfs-0/usr/bin/mknod by 4168 bytes (4 kbytes) from 85096 bytes (83 kbytes) to 89264 bytes (87 kbytes) Top 10 shrunk in size files (of 244 files total): ./rootfs-0/usr/lib64/libcrypto.so.3 by 442288 bytes (431 kbytes) from 5343472 bytes (5218 kbytes, 5 mbytes) to 4901184 bytes (4786 kbytes, 4 mbytes) Total size difference: decreased by 1820826 bytes (1778 kbytes, 1 mbytes) Take the total size difference with a grain of salt as normally initrd is compressed, so the actual difference will be smaller. END_REPORT Pretty much random things… |
Interesting is that
|
It's not just systemd, OpenSSL is significantly smaller. That make me think it was a more global change, so I compared the profiles. This is new in 23.0 and is almost certainly the cause: LDFLAGS="-Wl,-z,pack-relative-relocs" From Gentoo #818376:
Hurray! 🥳 |
Same are on the new image, which you can download from https://bincache.flatcar-linux.net/images/amd64/4109.0.0+new-profile/. But Chewi's explanation makes sense. I should have done a better job of checking the actual differences between the old and new profiles. |
I was about to give you some even better news, which is that you can also enable |
It's something to keep the eye on - I suppose it will eventually land for amd64 too. Or we could enable it now (in a separate PR though), and get the savings for arm64 now, and eventually for amd64. |
CI: http://jenkins.infra.kinvolk.io:8080/job/container/job/sdk/1761/cldsv/
--
--
changelog/
directory (user-facing change, bug fix, security fix, update)/boot
and/usr
size, packages, list files for any missing binaries, kernel modules, config files, kernel modules, etc.