Tips and tricks

    Finding all open pull requests and issues

    Searching all repo code

    Using repo grep you can search across all of the Git repos at once:


    Note: this could take some time.

    Base system dependency graph

    Get a view into what the base system will contain and why it will contain those things with the emerge tree view:

    emerge-amd64-usr --emptytree -p -v --tree coreos-base/coreos-dev

    Get a tree view of the SDK dependencies:

    emerge --emptytree -p -v --tree coreos-base/hard-host-depends coreos-devel/sdk-depends

    Add new upstream package

    An overview on contributing new packages to Flatcar Container Linux:

    • create a git branch for the work
    • fetch the the target package(s) from upstream (Gentoo)
    • make any necessary changes for Flatcar Container Linux
    • add the package(s) as a dependency of coreos-base/coreos
    • build the package(s) and test
    • commit changes to git
    • push the branch to your GitHub account and create a pull request

    See CONTRIBUTING for guidelines before you push.

    The following Flatcar Container Linux repositories are used:

    • Packages that will work unmodified are versioned in src/third_party/portage-stable
    • Packages with Container-Linux-specific changes are versioned in src/third_party/coreos-overlay

    Use repo start to create a work branch before making any changes.

    ~/trunk/src/scripts $ repo start my_package_update --all

    You can use scripts/update_ebuilds to fetch unmodified packages into src/third_party/portage-stable and add the files to git. The package argument should be in the format of category/package-name, e.g.:

    ~/trunk/src/scripts $ ./update_ebuilds sys-block/open-iscsi

    Modified packages must be moved out of src/third_party/portage-stable to src/third_party/coreos-overlay.

    If you know in advance that any files in the upstream package will need to be changed, the package can be fetched from upstream Gentoo directly into src/third_party/coreos-overlay. e.g.:

    ~/trunk/src/third_party/coreos-overlay $ mkdir -p sys-block/open-iscsi
    ~/trunk/src/third_party/coreos-overlay $ rsync -av rsync:// sys-block/open-iscsi/

    The tailing / prevents rsync from creating the directory for the package so you don’t end up with sys-block/open-iscsi/open-iscsi. Remember to add any new files to git.

    To quickly test your new package(s), use the following commands:

    ~/trunk/src/scripts $ # Manually merge a package in the chroot
    ~/trunk/src/scripts $ emerge-amd64-usr packagename
    ~/trunk/src/scripts $ # Manually unmerge a package in the chroot
    ~/trunk/src/scripts $ emerge-amd64-usr --unmerge packagename
    ~/trunk/src/scripts $ # Remove a binary from the cache
    ~/trunk/src/scripts $ sudo rm /build/amd64-usr/packages/category/packagename-version.tbz2

    To recreate the chroot prior to a clean rebuild, exit the chroot and run:

    ~/flatcar-sdk $ cork create --replace

    To include the new package as a dependency of Flatcar Container Linux, add the package to the end of the RDEPEND environment variable in coreos-base/coreos/coreos-0.0.1.ebuild then increment the revision of Flatcar Container Linux by renaming the softlink (e.g.):

    ~/trunk/src/third_party/coreos-overly $ git mv coreos-base/coreos/coreos-0.0.1-r237.ebuild coreos-base/coreos/coreos-0.0.1-r238.ebuild

    The new package will now be built and installed as part of the normal build flow when you run build_packages again.

    If tests are successful, commit the changes, push to your GitHub fork and create a pull request.

    Packaging references


    Creating SDK with different options

    To create SDK from a non-default manifest branch, for example, new-sdk:

    ~/flatcar-sdk $ cork create --manifest-branch=new-sdk

    To create SDK with a non-default SDK version, for example, 2229.0.0:

    ~/flatcar-sdk $ cork create --sdk-version=2229.0.0

    Caching git https passwords

    Turn on the credential helper and git will save your password in memory for some time:

    git config --global credential.helper cache

    Note: You need git 1.7.10 or newer to use the credential helper

    Why doesn’t Flatcar Container Linux use SSH in the git remotes? Because we can’t do anonymous clones from GitHub with an SSH URL. This will be fixed eventually.

    SSH config

    You will be booting lots of VMs with on the fly ssh key generation. Add this in your $HOME/.ssh/config to stop the annoying fingerprint warnings.

      StrictHostKeyChecking no
      UserKnownHostsFile /dev/null
      User core
      LogLevel QUIET

    Hide loop devices from desktop environments

    By default desktop environments will diligently display any mounted devices including loop devices used to construct Flatcar Container Linux disk images. If the daemon responsible for this happens to be udisks then you can disable this behavior with the following udev rule:

    echo 'SUBSYSTEM=="block", KERNEL=="ram*|loop*", ENV{UDISKS_PRESENTATION_HIDE}="1", ENV{UDISKS_PRESENTATION_NOPOLICY}="1"' > /etc/udev/rules.d/85-hide-loop.rules
    udevadm control --reload

    Leaving developer mode

    Some daemons act differently in “dev mode”. For example update_engine refuses to auto-update or connect to HTTPS URLs. If you need to test something out of dev_mode on a vm you can do the following:

    mv /root/.dev_mode{,.old}

    If you want to permanently leave you can run the following:

    crossystem disable_dev_request=1; reboot

    Build everything from scratch

    If you want to build everything from scratch, but at the same time want to exclude several packages that take much time.

    emerge-amd64-usr --emptytree -1 -v --tree --exclude="dev-lang/rust sys-devel/gcc" coreos-base/coreos-dev

    Or if you want to do the rebuild by running build_packages, you should remove the binary package of coreos before rebuilding it:

    emerge-amd64-usr --unmerge coreos-base/coreos
    rm -f /build/amd64-usr/var/lib/portage/pkgs/coreos-base/coreos-0.0.1*.tbz2

    Modify or update invididual packages

    Before or after setting up the SDK with ./setup_board you can modify the package definitions in third_party/coreos-overlay/. Changes for toolchain packages like the compiler need to be done before running ./setup_board but any changes for the final image can be done before running ./build_packages && ./build_image. All build commands can be run multiple times but whether your last changes are picked up depends on whether the package revision was increased (by renaming the ebuild file) or the package uninstalled and the binary package removed (See the last commands in Build everything from scratch where it was done for the parent package coreos-base/coreos). Therefore, we recommend to run every build command only once in a fresh SDK to be sure that your most recent modification is used.

    For some packages, like the Linux kernel in coreos-source, coreos-kernel, and coreos-modules, it is enough to rename the ebuild file and it will download a new kernel version. Ebuilds for other packages under coreos-overlay/ reference a specific commit in CROS_WORKON_COMMIT which needs to be changed. If files of a package changed their hash sums, use ebuild packagename.ebuild manifest to recalculate the hashes for the Manifest file.

    Here is an example of updating an individual package to a newer version:

    git mv aaa-bbb/package/package-0.0.1-r1.ebuild aaa-bbb/package/package-0.0.1-r2.ebuild
    ebuild aaa-bbb/package/package-0.0.1-r2.ebuild manifest
    emerge-amd64-usr -1 -v aaa-bbb/package

    Do not forget about updating its version and revision in package.accept_keywords files in the profiles directory. In some cases such a file can pin an exact version of a specific package, which needs to be updated as well.

    Use binary packages from a shared build store

    Some packages like coreos-modules take a long time to build. Use:

    ./build_packages --getbinpkgver=$(gsutil cat gs://…/boards/amd64-usr/current-master/version.txt |& sed -n 's/^FLATCAR_VERSION=//p')

    to use packages from the another build store.

    Allow /usr to be remounted as read-write

    By default, in every Flatcar image, it is not possible to remount /usr partition as read-write. However, sometimes it is needed to mount the partition as read-write mainly for debugging purposes. To make such a debugging image, Use

    ./build_image --noenable_rootfs_verification

    Then it will create an image without dm-verity being enabled. So after booting with the image, you can simply run:

    sudo mount -o remount,rw /usr

    Known issues

    build_packages fails on coreos-base

    Sometimes coreos-dev or coreos builds will fail in build_packages with a backtrace pointing to epoll. This hasn’t been tracked down but running build_packages again should fix it. The error looks something like this:

    Packages failed:

    Newly added package fails checking for kernel sources

    It may be necessary to comment out kernel source checks from the ebuild if the build fails, as Flatcar Container Linux does not yet provide visibility of the configured kernel source at build time. Usually this is not a problem, but may lead to warning messages.

    Emerging coreos-kernel (either manually or through build_packages) may fail with the error:

    /usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/../../../../x86_64-pc-linux-gnu/bin/ld: scripts/kconfig/conf.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be used when making a shared object; recompile with -fPIC scripts/kconfig/conf.o: error adding symbols: Bad value

    This indicates the ccache is corrupt. To clear the ccache, run:

    CCACHE_DIR=/var/tmp/ccache ccache -C

    To avoid corrupting the ccache, do not abort builds.

    build_image hangs while emerging packages after previously aborting a build

    Delete all *.portage_lockfiles in /build/<arch>/. To avoid stale lockfiles, do not abort builds.

    Constants and IDs

    Flatcar Container Linux app ID

    This UUID is used to identify Flatcar Container Linux to the update service and elsewhere:


    GPT UUID types

    • Flatcar Container Linux Root: 5dfbf5f4-2848-4bac-aa5e-0d9a20b745a6
    • Flatcar Container Linux Reserved: c95dc21a-df0e-4340-8d7b-26cbfa9a03e0
    • Flatcar Container Linux Raid Containing Root: be9067b9-ea49-4f15-b4f6-f36f8c9e1818