Skip to content

Commit

Permalink
Reduce UKI size etc
Browse files Browse the repository at this point in the history
  • Loading branch information
@valtzu
valtzu committed Sep 21, 2024
1 parent 5b9f1ea commit 3ab2044
Show file tree
Hide file tree
Showing 9 changed files with 107 additions and 85 deletions.
11 changes: 11 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,14 @@ mkosi
```
mkosi --architecture=x86-64 --compress-output=no --force qemu
```


### How to create credentials

See https://www.freedesktop.org/software/systemd/man/latest/systemd.system-credentials.html

**NOTE:** --with-key=null requires systemd v256

```
systemd-creds encrypt --with-key=null --name=network.hosts <(echo 127.0.0.1 localhost) /efi/loader/credentials/network.hosts.cred
```
31 changes: 7 additions & 24 deletions mkosi.conf
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,12 @@
[Config]
MinimumVersion=24
Dependencies=base,boot
Profile=disk

[Output]
OutputDirectory=mkosi.output
CacheDirectory=mkosi.cache
BuildDirectory=mkosi.builddir
#WorkspaceDirectory=mkosi.workspace

[Distribution]
Architecture=arm64
Expand All @@ -11,14 +17,6 @@ Release=trixie
WithNetwork=yes
BaseTrees=
%O/base_%v
ExtraTrees=
%O/boot_%v/efi:/efi
%O/boot_%v/boot:/boot
%O/boot_%v/usr/lib/modules:/usr/lib/modules
Bootable=no
RemoveFiles=
/boot/vmlinu*
/usr/lib/modules/*/vmlinu*

[Host]
Incremental=yes
Expand All @@ -43,20 +41,5 @@ QemuMem=4G
# # Disable the kernel's ratelimiting on userspace logging to kmsg.
# printk.devkmsg=on

[Output]
OutputDirectory=mkosi.output
CacheDirectory=mkosi.cache
BuildDirectory=mkosi.builddir
#WorkspaceDirectory=mkosi.workspace
ImageId=system
Output=%i_%v
CompressOutput=no
CompressLevel=0
Format=disk
SplitArtifacts=yes

[Validation]
Checksum=no
SecureBoot=yes
SecureBootKey=mkosi.key
SecureBootCertificate=mkosi.crt
6 changes: 6 additions & 0 deletions mkosi.finalize
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
#!/bin/bash -e

#cp $BUILDROOT/efi/EFI/Linux/*.efi $OUTPUTDIR/

kver=$(basename $BUILDROOT/usr/lib/modules/*)
if zcat -t $BUILDROOT/usr/lib/modules/$kver/vmlinuz ; then
mv $BUILDROOT/usr/lib/modules/$kver/{vmlinuz,vmlinuz.gz}
gzip -d $BUILDROOT/usr/lib/modules/$kver/vmlinuz.gz
fi
26 changes: 6 additions & 20 deletions mkosi.images/base/mkosi.conf
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
[Output]
Output=base_%v
Format=tar
CompressOutput=no
CompressLevel=0

[Content]
Locale=en_US.UTF-8
Keymap=fi
Timezone=Europe/Helsinki
WithDocs=no
Bootable=no
ExtraTrees=
Expand Down Expand Up @@ -52,20 +55,3 @@ Packages=
util-linux
xz-utils
zstd

Environment=
SYSTEMD_REPART_MKFS_OPTIONS_VFAT="-S 512"

KernelCommandLine=
console=ttyAMA0
ipv6.disable=1
fstab=no
mount.usrflags=noatime
systemd.swap=no
rw

[Output]
Output=base_%v
Format=tar
CompressOutput=no
CompressLevel=0
34 changes: 0 additions & 34 deletions mkosi.images/boot/mkosi.conf
View file

This file was deleted.

7 changes: 0 additions & 7 deletions mkosi.images/boot/mkosi.finalize
View file

This file was deleted.

5 changes: 5 additions & 0 deletions mkosi.postoutput
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#!/bin/bash -e

#ln -sf boot_${IMAGE_VERSION}.efi $OUTPUTDIR/${IMAGE_ID}_${IMAGE_VERSION}.efi

ls -la $OUTPUTDIR
9 changes: 9 additions & 0 deletions mkosi.profiles/conf/mkosi.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
[Config]
Dependencies=base

[Output]
Format=directory
Overlay=yes
ImageId=%p
Output=%i_%v
SplitArtifacts=yes
63 changes: 63 additions & 0 deletions mkosi.profiles/disk/mkosi.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
[Config]
Dependencies=base

[Output]
ImageId=system
Output=%i_%v
CompressOutput=no
CompressLevel=0
Format=disk
SplitArtifacts=yes

[Content]
Packages=
linux-image-arm64
RemoveFiles=
/boot/vmlinu*
Locale=en_US.UTF-8
Keymap=fi
Timezone=Europe/Helsinki
Environment=
SYSTEMD_REPART_MKFS_OPTIONS_VFAT="-S 512"
SYSTEMD_ESP_PATH=/efi
Bootable=yes
Bootloader=systemd-boot
UnifiedKernelImageFormat=%i_%v
KernelModulesInitrdExclude=
.*
KernelModulesInitrdInclude=
default
raspberrypi
/bcm2835_wdt.ko
/bcm2711_thermal.ko.xz
/vc4.ko
/v3d.ko
/dwc2.ko
/genet.ko
/sdhci.ko
/uas.ko
/usb-storage.ko
/xhci-pci.ko
/phy-generic.ko.xz
KernelModulesExclude=
sound
bluetooth
wireless
drivers/net/ethernet
KernelModulesInclude=
drivers/net/ethernet/broadcom/genet/genet
KernelCommandLine=
console=ttyAMA0
ipv6.disable=1
fstab=no
mount.usrflags=noatime
systemd.swap=no
rw
# rd.debug
# #systemd.log_level=debug
# systemd.log_target=console

[Validation]
SecureBoot=yes
SecureBootKey=%D/mkosi.key
SecureBootCertificate=%D/mkosi.crt

0 comments on commit 3ab2044

Please sign in to comment.