How do image-based systems figure out what partition sizes they need?

Posted Nov 6, 2024 18:54 UTC (Wed) by walters (subscriber, #7396)
In reply to: How do image-based systems figure out what partition sizes they need? by Karellen
Parent article: Building secure images with NixOS

> Is the solution just "have an order of magnitude more disk space than you're ever going to use"? Or what?

We're working on https://github.com/containers/composefs/ which doesn't have this issue; its tagline is "The reliability of disk images, the flexibility of files".

How do image-based systems figure out what partition sizes they need?

Posted Nov 7, 2024 6:40 UTC (Thu) by bof (subscriber, #110741) [Link] (1 responses)

Interesting.

I'm confused though about the separate content-addressed store. That gets populated only from mkcomposefs runs? And the EROFS images can only work if the content store in place, happens to contain all the content that was there when the image was created in the first place?

Won't that mean that any newer image is going to break if the content store ever is restored from older backup? And how would garbage collection in the content store work?

I feel like I'm missing something there.

How do image-based systems figure out what partition sizes they need?

Posted Nov 7, 2024 18:28 UTC (Thu) by walters (subscriber, #7396) [Link]

> That gets populated only from mkcomposefs runs?

Not necessarily.

Basically the composefs git repository is a low level unopinionated generic tool. Yes, `mkcomposefs` can write files into the object store, but so can any other tool and in practice we expect sophisticated higher level software to do exactly that.

> And the EROFS images can only work if the content store in place, happens to contain all the content that was there when the image was created in the first place?

Well yes, you are responsible for ensuring the object store is populated. But for example you could totally have higher level software, before invoking "mount.composefs" quickly check that the expected objects are there, and if not fetch them from a network object store on-demand. There's CLI tools and a C library that lets you read and write the composefs EROFS for doing things like this.

> And how would garbage collection in the content store work?

That is again up to higher level tooling; I'll try to fill out the docs more but the simple baseline is:

- You maintain a set of "GC roots" (images) that are composefs blobs
- Iterate over those composefs blobs, parse them to find which objects they reference
- Iterate over the object store and remove unreferenced objects

We are working on a higher level Rust project that will be a much more opinionated interface to things like this, including direct integration with e.g. OCI.

But there are already others who have integrated composefs, e.g. there was a lightning talk at All Systems Go from https://rauc.io/ about using composefs.