Merge pull request #29 from jandubois/shrink-qcow2-image

Shrink distro artifacts via external xz and build-time cleanup

Author: mook-as

.dockerignore

@@ -1,2 +1,3 @@
 distro.tar.xz
-distro.qcow2
+distro.qcow2.xz
+distro.raw.xz

.github/workflows/build.yaml

@@ -21,10 +21,16 @@ jobs:
         - type: tar.xz
           arch: arm64
           runs-on: ubuntu-24.04-arm
-        - type: qcow2
+        - type: raw.xz
           arch: amd64
           runs-on: ubuntu-latest
-        - type: qcow2
+        - type: raw.xz
+          arch: arm64
+          runs-on: ubuntu-24.04-arm
+        - type: qcow2.xz
+          arch: amd64
+          runs-on: ubuntu-latest
+        - type: qcow2.xz
           arch: arm64
           runs-on: ubuntu-24.04-arm
     env:

.github/workflows/release.yaml

@@ -23,12 +23,14 @@ jobs:
       run: |
         set -o errexit -o nounset -o xtrace
         for arch in amd64 arm64; do
-          mv distro-qcow2-${arch}/distro.qcow2 distro.${GITHUB_REF_NAME}.${arch}.qcow2
-          rmdir distro-qcow2-${arch}/
+          mv distro-raw.xz-${arch}/distro.raw.xz distro.${GITHUB_REF_NAME}.${arch}.raw.xz
+          rmdir distro-raw.xz-${arch}/
+          mv distro-qcow2.xz-${arch}/distro.qcow2.xz distro.${GITHUB_REF_NAME}.${arch}.qcow2.xz
+          rmdir distro-qcow2.xz-${arch}/
           mv distro-tar.xz-${arch}/distro.tar.xz distro.${GITHUB_REF_NAME}.${arch}.tar.xz
           rmdir distro-tar.xz-${arch}/
         done
-        for f in distro.*.{qcow2,tar.xz}; do
+        for f in distro.*.{raw.xz,qcow2.xz,tar.xz}; do
           sha256sum "$f" > "$f.sha256"
         done
     - name: Create release
@@ -40,6 +42,6 @@ jobs:
         --verify-tag
         --repo ${{ github.repository }}
         "${GITHUB_REF_NAME}"
-        distro.*.{qcow2,tar.xz}{,.sha256}
+        distro.*.{raw.xz,qcow2.xz,tar.xz}{,.sha256}
       env:
         GH_TOKEN: ${{ github.token }}

.gitignore

@@ -1,3 +1,4 @@
 /root/build/
-*.qcow2
+*.qcow2.xz
+*.raw.xz
 *.tar.xz

Dockerfile

@@ -18,10 +18,16 @@ RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/g
     go build -ldflags '-s -w' -o /go/bin/rd-init .
 
 FROM registry.opensuse.org/opensuse/bci/kiwi:10 AS builder
-ARG type=qcow2
+ARG type=qcow2.xz
 ARG NERDCTL_VERSION
+# The BCI kiwi image ships /etc/kiwi.yml with mapper and runtime_checks
+# settings required for building inside Docker. Append xz -0 so kiwi
+# does not waste time on compression we discard and recompress at
+# xz -9 --extreme in Makefile.docker. Using --config would replace the
+# existing file and lose the mapper setting, breaking loop devices.
 RUN --mount=type=cache,target=/var/cache/zypp \
-    zypper --non-interactive install parted
+    zypper --non-interactive install parted && \
+    echo -e '\nxz:\n  - options: '\''-0'\''' >> /etc/kiwi.yml
 WORKDIR /build
 COPY . /description
 COPY --from=gobuild /go/bin/* /description/root/usr/local/bin/
@@ -32,4 +38,4 @@ RUN --security=insecure \
     make -C /description -f Makefile.docker TYPE=${type}
 
 FROM scratch
-COPY --from=builder /build/*.qcow2 /build/*.tar.xz /
+COPY --from=builder /build/*.raw.xz /build/*.qcow2.xz /build/*.tar.xz /

Makefile

@@ -5,9 +5,9 @@ include root/build/versions.env
 GO ?= $(or $(shell which go.exe),$(shell which go))
 GOARCH ?= $(shell $(GO) env GOARCH)
 GOOS ?= $(shell $(GO) env GOOS)
-TYPE ?= $(if $(filter windows,$(GOOS)),tar.xz,qcow2)
+TYPE ?= $(if $(filter windows,$(GOOS)),tar.xz,raw.xz)
 
-# Default target is either `distro.qcow2` or `distro.tar.xz`
+# Default target is either `distro.raw.xz` or `distro.tar.xz`
 distro.$(TYPE):
 
 DOWNLOADS += root/build/nerdctl-$(NERDCTL_VERSION).tgz
@@ -35,4 +35,4 @@ distro.%: $(DOWNLOADS) $(IMAGE_FILES)
 		--platform=linux/$(GOARCH) --output=. --build-arg=type=$* .
 
 clean:
-	rm -f distro.tar.xz distro.qcow2 $(DOWNLOADS)
+	rm -f distro.tar.xz distro.qcow2.xz $(DOWNLOADS)

Makefile.docker

@@ -2,7 +2,7 @@
 
 include root/build/versions.env
 
-TYPE ?= qcow2
+TYPE ?= raw.xz
 ARCH ?= $(shell uname -m)
 
 /build/distro.${TYPE}:
@@ -12,18 +12,41 @@ GO_ARCH := $(GO_ARCH:aarch64=arm64)
 
 INPUTS += root/build/nerdctl-$(NERDCTL_VERSION).tgz
 
-rancher-desktop-distro.%.qcow2: config.kiwi config.sh ${INPUTS}
+rancher-desktop-distro.%.raw: config.kiwi config.sh ${INPUTS}
 	kiwi --debug --profile=lima system build \
 		--description /description --target-dir /build
 
 rancher-desktop-distro.%.tar.xz: config.kiwi config.sh ${INPUTS}
 	kiwi --debug --profile=wsl system build \
 		--description /description --target-dir /build
 
-/build/distro.qcow2: /build/rancher-desktop-distro.$(ARCH)-0.100.0.qcow2
-	mv $< $@
-
+# Post-kiwi cleanup, then produce the requested output format.
+#
+# clean-rootfs.sh loop-mounts the raw disk, removes grub2 build tools
+# and other build-time artifacts, then fstrim's the filesystem so freed
+# blocks become holes. It runs here rather than in pre_disk_sync.sh
+# because kiwi re-invokes grub2-mkconfig on the mounted disk after that
+# hook.
+#
+# raw.xz  — for macOS/VZ: qemu and VZ both consume raw directly.
+# qcow2.xz — for Linux/qemu: internally zstd-compressed, then
+#            xz-compressed for storage/transfer.
+/build/distro.raw.xz: /build/rancher-desktop-distro.$(ARCH)-0.100.0.raw
+	./clean-rootfs.sh $<
+	xz -9 --extreme --stdout $< > $@
+
+/build/distro.qcow2: /build/rancher-desktop-distro.$(ARCH)-0.100.0.raw
+	./clean-rootfs.sh $<
+	qemu-img convert -c -f raw $< -O qcow2 -o compression_type=zstd,compat=1.1 $@
+
+/build/distro.qcow2.xz: /build/distro.qcow2
+	xz -9 --extreme --stdout $< > $@
+
+# Recompress the tarball kiwi leaves behind. Kiwi runs xz in threaded
+# mode with 24 MiB blocks, which loses a meaningful chunk of ratio to
+# block boundaries; a single xz -9 --extreme pass is ~14% smaller.
 /build/distro.tar.xz: /build/rancher-desktop-distro.$(ARCH)-0.100.0.tar.xz
-	mv $< $@
+	xz --decompress --stdout $< | xz -9 --extreme > $@
 
+.INTERMEDIATE: /build/distro.qcow2
 .DELETE_ON_ERROR: # Avoid half-downloaded files

README.md

@@ -5,8 +5,9 @@ Desktop.
 
 The distribution is built using `docker`:
 ```sh
-make TYPE=qcow2 # For Linux/darwin hosts
-make TYPE=tar.xz # For WSL hosts
+make TYPE=raw.xz   # For macOS/VZ hosts (default)
+make TYPE=qcow2.xz # For Linux/qemu hosts
+make TYPE=tar.xz   # For WSL hosts
 ```
 
 To cross-compile for a non-native architecture, set `GOARCH` to the target

clean-rootfs.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+
+# Post-kiwi cleanup of the root filesystem inside a raw disk image.
+# Called from Makefile.docker after kiwi has finished writing the raw
+# disk (including grub2-mkconfig). Shared by the raw.xz and qcow2.xz
+# build targets.
+#
+# Usage: ./clean-rootfs.sh /path/to/raw-disk.img
+
+set -o errexit
+
+RAW=$1
+
+LOOP=$(losetup --find --show "$RAW")
+kpartx -as "$LOOP"
+
+# Find the ext4 root partition. The layout differs between amd64
+# (p1=bios-boot, p2=EFI, p3=root) and arm64 (p1=EFI, p2=root).
+ROOT=
+for p in /dev/mapper/"$(basename "$LOOP")"p*; do
+    [ "$(blkid -o value -s TYPE "$p" 2>/dev/null)" = ext4 ] || continue
+    ROOT=$p
+    break
+done
+: ${ROOT:?Failed to find ext4 partition in $RAW}
+
+MNT=$(mktemp -d)
+mount "$ROOT" "$MNT"
+
+# grub2 build/install tools. The EFI bootloader and runtime grub modules
+# in /boot/grub2 are already in place; these commands are not invoked
+# again. Keep grub2-editenv for grubenv management.
+find "$MNT/usr/bin" "$MNT/usr/sbin" -maxdepth 1 -name 'grub2-*' \
+    ! -name 'grub2-editenv' -delete
+
+# Config files only read by grub2-mkconfig, which we just removed.
+rm -rf "$MNT/etc/grub.d" "$MNT/etc/default/grub"
+
+# /usr/share/grub2/<arch>-efi is the factory copy of the grub modules
+# that grub2-install replicated into /boot/grub2/<arch>-efi.
+rm -rf "$MNT/usr/share/grub2"/*-efi
+rm -f  "$MNT/usr/share/grub2"/*.pf2
+rm -rf "$MNT/usr/share/grub2/grub-mkconfig_lib" "$MNT/usr/share/grub2/themes"
+
+sync
+
+# Discard freed blocks so they become holes in the backing raw file.
+# qemu-img and xz both benefit from this.
+fstrim "$MNT"
+
+umount "$MNT"
+rmdir "$MNT"
+kpartx -d "$LOOP"
+losetup --detach "$LOOP"

config.kiwi

@@ -101,6 +101,11 @@
     <package name="systemd-resolved" />
     <package name="grub2-x86_64-efi" arch="x86_64" />
   </packages>
+  <packages type="delete" profiles="lima">
+    <!-- Pulled in by cni-plugin-flannel but we use k3s's embedded flannel
+         daemon, so the standalone flanneld binary is dead weight. -->
+    <package name="flannel" />
+  </packages>
   <users>
     <user pwdformat="plain" password="suse" home="/root" name="root" groups="root" />
   </users>