Skip to content

Bring the PAYG UKI below 100MB, plus some other PAYG fixes #179

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Oct 21, 2025
Merged

Bring the PAYG UKI below 100MB, plus some other PAYG fixes #179

merged 7 commits into from
Oct 21, 2025

Conversation

ssssam
Copy link
Contributor

@ssssam ssssam commented Oct 20, 2025

Main thing in this PR is disabling kernel debug symbols, which brings the size of payg-image.efi down from 392MB to 98.2MB. This is below the 100MB limit imposed by the sb-signer (just).

About re-enabling kernel debug symbols, see tracking issues #176 and #178.

Other changes in this PR:

  • Remove some dead code
  • Add howdo doc about inspecting the UKI
  • Detect errors properly during the UKI build
  • Speed up linux.bst build process
  • Fix a build failure in eos-payg-nonfree

@ssssam ssssam mentioned this pull request Oct 20, 2025
Closed
starnight
starnight reviewed Oct 21, 2025
View reviewed changes
Copy link
Contributor

@starnight starnight left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! LGTM!

Only the typo :)

doc/howto/debug-initramfs.md Outdated

The UKI is only used for PAYG devices.

Note that building the UKI is only possible within Endless. But uou can find
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

uou -> you?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good spot!

@starnight starnight mentioned this pull request Oct 21, 2025
Closed
dsd
dsd approved these changes Oct 21, 2025
View reviewed changes
elements/eos/payg/uki.bst
- freedesktop-sdk.bst:components/dracut.bst
- freedesktop-sdk.bst:components/ostree.bst
- freedesktop-sdk.bst:components/python3-pefile.bst
- freedesktop-sdk.bst:components/zstd.bst
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was this addition intentional?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, as the initramfs is zstd compressed, but i didnt put that in the commit message. will update

@ssssam ssssam force-pushed the sam/payg-uki-fixes branch from 1d3fcd2 to 8d54ab1 Compare October 21, 2025 08:44
@ssssam
Copy link
Contributor Author

ssssam commented Oct 21, 2025

Updated with some small changes, I'll merge once the CI is complete.

ssssam added 7 commits October 21, 2025 10:46
@ssssam
Remove unused GNOME OS initramfs code
58b9bfa
@ssssam
doc: Add guidance on inspecting the contents of the initramfs and UKI
bbec23c
@ssssam
payg: Fix UKI build process
9ded38f 
Dracut errors were not being correctly detected.

Add zstd, which is needed for compression.
@ssssam
linux: Run modules_install in parallel
7198328 
This allows signing to happen on many cores in parallel.
@ssssam
linux: Don't compress modules
33793a0 
This matches the eos6 kernel build which does not compress modules.
They will still be compressed within the initramfs (which is compressed
with zstd as a single blob) and within the ostree (where each object
is gzipped individually).
@ssssam
payg: Update eos-payg-nonfree to reference new libsodium version
597d687
@ssssam
linux: Disable debug info
81f07e9 
Kernel modules are otherwise huge, which causes problems in particular
for the PAYG UKI.

A better solution would be to build and then split out the debug info.
There are a couple of ways to do this, see:
<#176>

Fixes #178
by bringing the UKI down to a mere 98.6MB.
@ssssam ssssam force-pushed the sam/payg-uki-fixes branch from 8d54ab1 to 81f07e9 Compare October 21, 2025 08:46
@ssssam
Copy link
Contributor Author

ssssam commented Oct 21, 2025

Updated again to resolve conflicts after landing #180

@ssssam ssssam merged commit 08baeaf into main Oct 21, 2025
1 check passed
@ssssam ssssam deleted the sam/payg-uki-fixes branch October 21, 2025 09:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@starnight starnight starnight left review comments

@dsd dsd dsd approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ssssam @dsd @starnight