Generate sysext images out of element checkouts
Related to #819
The idea is to generate a sysext image to overlay in a gnomeos installation from a gnome-build-meta element.
Quick sketch:
-
bst artifact checkout
of the element (only /usr for now) - Add sysext metadata
- Make a DDI gpt image for the sysext
- export/checkout the image to user's specified location (or pwd and default name when not specified)
./utils/make-me-sysext.py sdk/gtk.bst --path foobar.sysext.raw
The expected usecase for these images would be:
- local development on gnomeos
- creating and exporting the images from Gitlab CI like we do with Flatpak Bundles
- Installing generated images in Openqa and
nspawn
environment (once overlaying sysexts is supported)
Ideally we should also be signing the images with local keys if they are available, so we will not have to disable tpm2/secureboot for development.
What's out of scope:
- Managing installed images. It's possible we might end up installing multiple images of the same element, however we should avoid keeping track of this and let the user manage it to keep things simple for now. Additionally if we were to install the images ourselves with a tool, in order for it to be atomic we'd want to have them exported into
XDG_CACHE_DIR/foobar/sdk_gtk_identifier.sysext.raw
and then symlinked into/var/lib/extensions/sdk_sysext.sysext.raw
. This will become complicate real quick. - Installing the images (this can be left to the end user and usecase, we can implement it on top later on)
Versioning:
Currently we use include/image-version.yml
to get the version of the sysext OS build and eventually we could use the same for local builds, however this won't work with OS builds from the repo or can we know if a gnome-build-meta checkout will be compatible with the host version of GNOME OS. Thus for now I'd say we put VERSION=_any
in the metadata and revisit this later
Naming:
Each build should have a unique name and ideally somewhat identifiable ex: sdk_gtk_123abc.sysext.raw
. However there are a couple of problems with trying to use a deterministic id (123abc
) rather than any random string. First we want this to work with dirty git checkouts so we can't use the git sha or any $version
. Maybe we could try to use the bst artifact
key or a shortenend version of it but this need to be investigated how it will work with open workspaces and hopefully invalidate.
For first approach we can just create a random string.
One problem is that the order which sysext loads extensions is currently unspecified (but seems to use a alphanumerical short) so we might run into weird issues where a new build of the sysext might be loaded before the old one and need manual intervention. We could use the same identifier for each element so you can only ever overwrite sysexts when you install them and maybe we could use the current git branch
for this so you have some idea the image was for when you see it again (sdk_gtk_test_webkit_fix.sysext.raw
) (element_git_branch.sysext.raw
)