Tips and tricks

Finding all open pull requests and issues

Searching all repo code

Using repo grep you can search across all of the Git repos at once:


Note: this could take some time.

Base system dependency graph

Get a view into what the base system will contain and why it will contain those things with the emerge tree view:

emerge-amd64-usr --emptytree -p -v --tree coreos-base/coreos-dev

Get a tree view of the SDK dependencies:

emerge --emptytree -p -v --tree coreos-base/hard-host-depends coreos-devel/sdk-depends

Add new upstream package

An overview on contributing new packages to Flatcar Container Linux:

  • create a git branch for the work
  • fetch the the target package(s) from upstream (Gentoo)
  • make any necessary changes for Flatcar Container Linux
  • add the package(s) as a dependency of coreos-base/coreos
  • build the package(s) and test
  • commit changes to git
  • push the branch to your GitHub account and create a pull request

See CONTRIBUTING for guidelines before you push.

The following Flatcar Container Linux repositories are used:

  • Packages that will work unmodified are versioned in src/third_party/portage-stable
  • Packages with Container-Linux-specific changes are versioned in src/third_party/coreos-overlay

Use repo start to create a work branch before making any changes.

~/trunk/src/scripts $ repo start my_package_update --all

You can use scripts/update_ebuilds to fetch unmodified packages into src/third_party/portage-stable and add the files to git. The package argument should be in the format of category/package-name, e.g.:

~/trunk/src/scripts $ ./update_ebuilds sys-block/open-iscsi

Modified packages must be moved out of src/third_party/portage-stable to src/third_party/coreos-overlay.

If you know in advance that any files in the upstream package will need to be changed, the package can be fetched from upstream Gentoo directly into src/third_party/coreos-overlay. e.g.:

~/trunk/src/third_party/coreos-overlay $ mkdir -p sys-block/open-iscsi
~/trunk/src/third_party/coreos-overlay $ rsync -av rsync:// sys-block/open-iscsi/

The tailing / prevents rsync from creating the directory for the package so you don’t end up with sys-block/open-iscsi/open-iscsi. Remember to add any new files to git.

To quickly test your new package(s), use the following commands:

~/trunk/src/scripts $ # Manually merge a package in the chroot
~/trunk/src/scripts $ emerge-amd64-usr packagename
~/trunk/src/scripts $ # Manually unmerge a package in the chroot
~/trunk/src/scripts $ emerge-amd64-usr --unmerge packagename
~/trunk/src/scripts $ # Remove a binary from the cache
~/trunk/src/scripts $ sudo rm /build/amd64-usr/packages/category/packagename-version.tbz2

To recreate the chroot prior to a clean rebuild, exit the chroot and run:

~/flatcar-sdk $ cork create --replace

To include the new package as a dependency of Flatcar Container Linux, add the package to the end of the RDEPEND environment variable in coreos-base/coreos/coreos-0.0.1.ebuild then increment the revision of Flatcar Container Linux by renaming the softlink (e.g.):

~/trunk/src/third_party/coreos-overly $ git mv coreos-base/coreos/coreos-0.0.1-r237.ebuild coreos-base/coreos/coreos-0.0.1-r238.ebuild

The new package will now be built and installed as part of the normal build flow when you run build_packages again.

If tests are successful, commit the changes, push to your GitHub fork and create a pull request.

Packaging references


Creating SDK with different options

To create SDK from a non-default manifest branch, for example, new-sdk:

~/flatcar-sdk $ cork create --manifest-branch=new-sdk

To create SDK with a non-default SDK version, for example, 2229.0.0:

~/flatcar-sdk $ cork create --sdk-version=2229.0.0

Caching git https passwords

Turn on the credential helper and git will save your password in memory for some time:

git config --global credential.helper cache

Note: You need git 1.7.10 or newer to use the credential helper

Why doesn’t Flatcar Container Linux use SSH in the git remotes? Because we can’t do anonymous clones from GitHub with an SSH URL. This will be fixed eventually.

SSH config

You will be booting lots of VMs with on the fly ssh key generation. Add this in your $HOME/.ssh/config to stop the annoying fingerprint warnings.

  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null
  User core
  LogLevel QUIET

Hide loop devices from desktop environments

By default desktop environments will diligently display any mounted devices including loop devices used to construct Flatcar Container Linux disk images. If the daemon responsible for this happens to be udisks then you can disable this behavior with the following udev rule:

echo 'SUBSYSTEM=="block", KERNEL=="ram*|loop*", ENV{UDISKS_PRESENTATION_HIDE}="1", ENV{UDISKS_PRESENTATION_NOPOLICY}="1"' > /etc/udev/rules.d/85-hide-loop.rules
udevadm control --reload

Leaving developer mode

Some daemons act differently in “dev mode”. For example update_engine refuses to auto-update or connect to HTTPS URLs. If you need to test something out of dev_mode on a vm you can do the following:

mv /root/.dev_mode{,.old}

If you want to permanently leave you can run the following:

crossystem disable_dev_request=1; reboot

Build everything from scratch

If you want to build everything from scratch, but at the same time want to exclude several packages that take much time.

emerge-amd64-usr --emptytree -1 -v --tree --exclude="dev-lang/rust sys-devel/gcc" coreos-base/coreos-dev

Or if you want to do the rebuild by running build_packages, you should remove the binary package of coreos before rebuilding it:

emerge-amd64-usr --unmerge coreos-base/coreos
rm -f /build/amd64-usr/var/lib/portage/pkgs/coreos-base/coreos-0.0.1*.tbz2

Modify or update invididual packages

Before or after setting up the SDK with ./setup_board you can modify the package definitions in third_party/coreos-overlay/. Changes for toolchain packages like the compiler need to be done before running ./setup_board but any changes for the final image can be done before running ./build_packages && ./build_image. All build commands can be run multiple times but whether your last changes are picked up depends on whether the package revision was increased (by renaming the ebuild file) or the package uninstalled and the binary package removed (See the last commands in Build everything from scratch where it was done for the parent package coreos-base/coreos). Therefore, we recommend to run every build command only once in a fresh SDK to be sure that your most recent modification is used.

For some packages, like the Linux kernel in coreos-source, coreos-kernel, and coreos-modules, it is enough to rename the ebuild file and it will download a new kernel version. Ebuilds for other packages under coreos-overlay/ reference a specific commit in CROS_WORKON_COMMIT which needs to be changed. If files of a package changed their hash sums, use ebuild packagename.ebuild manifest to recalculate the hashes for the Manifest file.

Here is an example of updating an individual package to a newer version:

git mv aaa-bbb/package/package-0.0.1-r1.ebuild aaa-bbb/package/package-0.0.1-r2.ebuild
ebuild aaa-bbb/package/package-0.0.1-r2.ebuild manifest
emerge-amd64-usr -1 -v aaa-bbb/package

Do not forget about updating its version and revision in package.accept_keywords files in the profiles directory. In some cases such a file can pin an exact version of a specific package, which needs to be updated as well.

Use binary packages from a shared build store

Some packages like coreos-modules take a long time to build. Use:

./build_packages --getbinpkgver=$(gsutil cat gs://…/boards/amd64-usr/current-master/version.txt |& sed -n 's/^FLATCAR_VERSION=//p')

to use packages from the another build store.

Allow /usr to be remounted as read-write

By default, in every Flatcar image, it is not possible to remount /usr partition as read-write. However, sometimes it is needed to mount the partition as read-write mainly for debugging purposes. To make such a debugging image, Use

./build_image --noenable_rootfs_verification

Then it will create an image without dm-verity being enabled. So after booting with the image, you can simply run:

sudo mount -o remount,rw /usr

Known issues

build_packages fails on coreos-base

Sometimes coreos-dev or coreos builds will fail in build_packages with a backtrace pointing to epoll. This hasn’t been tracked down but running build_packages again should fix it. The error looks something like this:

Packages failed:

Newly added package fails checking for kernel sources

It may be necessary to comment out kernel source checks from the ebuild if the build fails, as Flatcar Container Linux does not yet provide visibility of the configured kernel source at build time. Usually this is not a problem, but may lead to warning messages.

Emerging coreos-kernel (either manually or through build_packages) may fail with the error:

/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/../../../../x86_64-pc-linux-gnu/bin/ld: scripts/kconfig/conf.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be used when making a shared object; recompile with -fPIC scripts/kconfig/conf.o: error adding symbols: Bad value

This indicates the ccache is corrupt. To clear the ccache, run:

CCACHE_DIR=/var/tmp/ccache ccache -C

To avoid corrupting the ccache, do not abort builds.

build_image hangs while emerging packages after previously aborting a build

Delete all *.portage_lockfiles in /build/<arch>/. To avoid stale lockfiles, do not abort builds.

Constants and IDs

Flatcar Container Linux app ID

This UUID is used to identify Flatcar Container Linux to the update service and elsewhere:


GPT UUID types

  • Flatcar Container Linux Root: 5dfbf5f4-2848-4bac-aa5e-0d9a20b745a6
  • Flatcar Container Linux Reserved: c95dc21a-df0e-4340-8d7b-26cbfa9a03e0
  • Flatcar Container Linux Raid Containing Root: be9067b9-ea49-4f15-b4f6-f36f8c9e1818