Tips and tricks
Finding all open pull requests and issues
Searching all repo code
Using repo grep
you can search across all of the Git repos at once:
repo grep CONFIG_EXTRA_FIRMWARE
Note: this could take some time.
Base system dependency graph
Get a view into what the base system will contain and why it will contain those things with the emerge tree view:
emerge-amd64-usr --emptytree -p -v --tree coreos-base/coreos-dev
Get a tree view of the SDK dependencies:
emerge --emptytree -p -v --tree coreos-base/hard-host-depends coreos-devel/sdk-depends
Add new upstream package
An overview on contributing new packages to Flatcar Container Linux:
- create a git branch for the work
- fetch the the target package(s) from upstream (Gentoo)
- make any necessary changes for Flatcar Container Linux
- add the package(s) as a dependency of
coreos-base/coreos
- build the package(s) and test
- commit changes to git
- push the branch to your GitHub account and create a pull request
See CONTRIBUTING for guidelines before you push.
The following Flatcar Container Linux repositories are used:
- Packages that will work unmodified are versioned in
src/third_party/portage-stable
- Packages with Container-Linux-specific changes are versioned in
src/third_party/coreos-overlay
Use repo start
to create a work branch before making any changes.
~/trunk/src/scripts $ repo start my_package_update --all
You can use scripts/update_ebuilds
to fetch unmodified packages into src/third_party/portage-stable
and add the files to git. The package argument should be in the format of category/package-name
, e.g.:
~/trunk/src/scripts $ ./update_ebuilds sys-block/open-iscsi
Modified packages must be moved out of src/third_party/portage-stable
to src/third_party/coreos-overlay
.
If you know in advance that any files in the upstream package will need to be changed, the package can be fetched from upstream Gentoo directly into src/third_party/coreos-overlay
. e.g.:
~/trunk/src/third_party/coreos-overlay $ mkdir -p sys-block/open-iscsi
~/trunk/src/third_party/coreos-overlay $ rsync -av rsync://rsync.gentoo.org/gentoo-portage/sys-block/open-iscsi/ sys-block/open-iscsi/
The tailing / prevents rsync from creating the directory for the package so you don’t end up with sys-block/open-iscsi/open-iscsi
. Remember to add any new files to git.
To quickly test your new package(s), use the following commands:
~/trunk/src/scripts $ # Manually merge a package in the chroot
~/trunk/src/scripts $ emerge-amd64-usr packagename
~/trunk/src/scripts $ # Manually unmerge a package in the chroot
~/trunk/src/scripts $ emerge-amd64-usr --unmerge packagename
~/trunk/src/scripts $ # Remove a binary from the cache
~/trunk/src/scripts $ sudo rm /build/amd64-usr/packages/category/packagename-version.tbz2
To recreate the chroot prior to a clean rebuild, exit the chroot and run:
~/flatcar-sdk $ cork create --replace
To include the new package as a dependency of Flatcar Container Linux, add the package to the end of the RDEPEND
environment variable in coreos-base/coreos/coreos-0.0.1.ebuild
then increment the revision of Flatcar Container Linux by renaming the softlink (e.g.):
~/trunk/src/third_party/coreos-overly $ git mv coreos-base/coreos/coreos-0.0.1-r237.ebuild coreos-base/coreos/coreos-0.0.1-r238.ebuild
The new package will now be built and installed as part of the normal build flow when you run build_packages
again.
If tests are successful, commit the changes, push to your GitHub fork and create a pull request.
Packaging references
References:
Creating SDK with different options
To create SDK from a non-default manifest branch, for example, new-sdk
:
~/flatcar-sdk $ cork create --manifest-branch=new-sdk
To create SDK with a non-default SDK version, for example, 2229.0.0
:
~/flatcar-sdk $ cork create --sdk-version=2229.0.0
Caching git https passwords
Turn on the credential helper and git will save your password in memory for some time:
git config --global credential.helper cache
Note: You need git 1.7.10 or newer to use the credential helper
Why doesn’t Flatcar Container Linux use SSH in the git remotes? Because we can’t do anonymous clones from GitHub with an SSH URL. This will be fixed eventually.
SSH config
You will be booting lots of VMs with on the fly ssh key generation. Add this in your $HOME/.ssh/config
to stop the annoying fingerprint warnings.
Host 127.0.0.1
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
User core
LogLevel QUIET
Hide loop devices from desktop environments
By default desktop environments will diligently display any mounted devices including loop devices used to construct Flatcar Container Linux disk images. If the daemon responsible for this happens to be udisks
then you can disable this behavior with the following udev rule:
echo 'SUBSYSTEM=="block", KERNEL=="ram*|loop*", ENV{UDISKS_PRESENTATION_HIDE}="1", ENV{UDISKS_PRESENTATION_NOPOLICY}="1"' > /etc/udev/rules.d/85-hide-loop.rules
udevadm control --reload
Leaving developer mode
Some daemons act differently in “dev mode”. For example update_engine refuses to auto-update or connect to HTTPS URLs. If you need to test something out of dev_mode on a vm you can do the following:
mv /root/.dev_mode{,.old}
If you want to permanently leave you can run the following:
crossystem disable_dev_request=1; reboot
Build everything from scratch
If you want to build everything from scratch, but at the same time want to exclude several packages that take much time.
emerge-amd64-usr --emptytree -1 -v --tree --exclude="dev-lang/rust sys-devel/gcc" coreos-base/coreos-dev
Or if you want to do the rebuild by running build_packages
, you should remove the binary package of coreos
before rebuilding it:
emerge-amd64-usr --unmerge coreos-base/coreos
rm -f /build/amd64-usr/var/lib/portage/pkgs/coreos-base/coreos-0.0.1*.tbz2
./build_packages
Modify or update invididual packages
Before or after setting up the SDK with ./setup_board
you can modify the package definitions in third_party/coreos-overlay/
.
Changes for toolchain packages like the compiler need to be done before running ./setup_board
but any changes for the final image
can be done before running ./build_packages && ./build_image
.
All build commands can be run multiple times but whether your last changes are picked up depends on whether the package revision
was increased (by renaming the ebuild file) or the package uninstalled and the binary package removed (See the last commands in
Build everything from scratch where it was done for the parent package coreos-base/coreos
).
Therefore, we recommend to run every build command only once in a fresh SDK to be sure that your most recent modification is used.
For some packages, like the Linux kernel in coreos-source
, coreos-kernel
, and coreos-modules
, it is enough to rename
the ebuild file and it will download a new kernel version.
Ebuilds for other packages under coreos-overlay/
reference a specific commit in CROS_WORKON_COMMIT
which needs to be changed.
If files of a package changed their hash sums, use ebuild packagename.ebuild manifest
to recalculate the hashes for
the Manifest
file.
Here is an example of updating an individual package to a newer version:
git mv aaa-bbb/package/package-0.0.1-r1.ebuild aaa-bbb/package/package-0.0.1-r2.ebuild
ebuild aaa-bbb/package/package-0.0.1-r2.ebuild manifest
emerge-amd64-usr -1 -v aaa-bbb/package
Do not forget about updating its version and revision in package.accept_keywords
files in the profiles
directory.
In some cases such a file can pin an exact version of a specific package, which needs to be updated as well.
Use binary packages from a shared build store
Some packages like coreos-modules
take a long time to build. Use:
./build_packages --getbinpkgver=$(gsutil cat gs://…/boards/amd64-usr/current-master/version.txt |& sed -n 's/^FLATCAR_VERSION=//p')
to use packages from the another build store.
Allow /usr to be remounted as read-write
By default, in every Flatcar image, it is not possible to remount /usr
partition as read-write. However, sometimes it is needed to mount the partition as read-write mainly for debugging purposes. To make such a debugging image, Use
./build_image --noenable_rootfs_verification
Then it will create an image without dm-verity being enabled. So after booting with the image, you can simply run:
sudo mount -o remount,rw /usr
Known issues
build_packages fails on coreos-base
Sometimes coreos-dev or coreos builds will fail in build_packages
with a backtrace pointing to epoll
. This hasn’t been tracked down but running build_packages
again should fix it. The error looks something like this:
Packages failed:
coreos-base/coreos-dev-0.1.0-r63
coreos-base/coreos-0.0.1-r187
Newly added package fails checking for kernel sources
It may be necessary to comment out kernel source checks from the ebuild if the build fails, as Flatcar Container Linux does not yet provide visibility of the configured kernel source at build time. Usually this is not a problem, but may lead to warning messages.
coreos-kernel
fails to link after previously aborting a build
Emerging coreos-kernel
(either manually or through build_packages
) may fail with the error:
/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/../../../../x86_64-pc-linux-gnu/bin/ld: scripts/kconfig/conf.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be used when making a shared object; recompile with -fPIC scripts/kconfig/conf.o: error adding symbols: Bad value
This indicates the ccache is corrupt. To clear the ccache, run:
CCACHE_DIR=/var/tmp/ccache ccache -C
To avoid corrupting the ccache, do not abort builds.
build_image
hangs while emerging packages after previously aborting a build
Delete all *.portage_lockfile
s in /build/<arch>/
. To avoid stale lockfiles, do not abort builds.
Constants and IDs
Flatcar Container Linux app ID
This UUID is used to identify Flatcar Container Linux to the update service and elsewhere:
e96281a6-d1af-4bde-9a0a-97b76e56dc57
GPT UUID types
- Flatcar Container Linux Root: 5dfbf5f4-2848-4bac-aa5e-0d9a20b745a6
- Flatcar Container Linux Reserved: c95dc21a-df0e-4340-8d7b-26cbfa9a03e0
- Flatcar Container Linux Raid Containing Root: be9067b9-ea49-4f15-b4f6-f36f8c9e1818