Skip to content

UKI new API, supporting UKI re-customization with enabling /boot cleanup #512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
liulanze wants to merge 4 commits into
base: main
Choose a base branch
from
Open

UKI new API, supporting UKI re-customization with enabling /boot cleanup #512

liulanze wants to merge 4 commits into from

Conversation

@liulanze
Copy link
Contributor

@liulanze liulanze commented Dec 3, 2025
edited
Loading

This PR introduces a new UKI API design that deprecates the kernels field in favor
of a simpler, more powerful mode field, enabling advanced UKI re-customization
scenarios including proper /boot partition cleanup.

Key Changes

API Changes:

  • DEPRECATED: os.uki.kernels (supported values: auto or list of kernel versions)
  • NEW: os.uki.mode (supported values: create | passthrough)
    • create: Generate UKI files for all installed kernels (replaces old UKIs if present)
    • passthrough: Preserve existing UKI files without modification

Feature Enhancements:

  • Enables UKI re-customization: Can now customize an existing UKI image and regenerate
    UKIs with updated kernel cmdline args, verity hashes, or other boot parameters
  • Proper /boot partition handling: create mode safely cleans up /boot when regenerating
    UKIs, while passthrough mode leaves everything untouched

Checklist

  • Tests added/updated
  • Documentation updated (if needed)
  • Code conforms to style guidelines

Test dev functional build:

https://github.com/microsoft/azure-linux-image-tools/actions/runs/19910635867

@liulanze liulanze requested a review from a team as a code owner December 3, 2025 23:32
@liulanze liulanze mentioned this pull request Dec 3, 2025
Closed
3 tasks
cwize1
cwize1 requested changes Dec 4, 2025
View reviewed changes
toolkit/tools/pkg/imagecustomizerlib/shrinkfilesystems.go Outdated
err := shell.ExecuteLive(true /*squashErrors*/, "e2fsck", "-fy", partitionDevice)
if err != nil {
return 0, fmt.Errorf("%w (device='%s'):\n%w", ErrFilesystemE2fsckResize, partitionDevice, err)
// e2fsck returns exit code 1 if it corrected errors. This is considered a success.
Copy link
Contributor

@cwize1 cwize1 Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Revert. We intentionally fail if there is any disk corruption because it means something went wrong.

Copy link
Contributor Author

@liulanze liulanze Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed, but keep seeing the error FAIL: TestOutputAndInjectArtifactsCosi, this happened before this code also.

Copy link
Contributor

@cwize1 cwize1 Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't see this error in the GitHub workflows. Is this something that only happens on your local dev box?

Copy link
Contributor Author

@liulanze liulanze Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have seen this error from dev build, please see - https://github.com/microsoft/azure-linux-image-tools/actions/runs/19920812104

Copy link
Contributor Author

@liulanze liulanze Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems for the e2fsck exit code, the 1: File system errors were found and corrected., should we treat it as an error?

Copy link
Contributor

@cwize1 cwize1 Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, we intentionally fail if there was any disk corruption even if that corruption was corrected. It means something went wrong, which suggests there might be other problems as well.

I would double check all the mounts and make sure CleanClose is being called correctly.

@liulanze liulanze requested a review from cwize1 December 4, 2025 07:16
cwize1
cwize1 requested changes Dec 4, 2025
View reviewed changes
@liulanze liulanze requested a review from cwize1 December 4, 2025 21:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cwize1 cwize1 Awaiting requested review from cwize1

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@liulanze @cwize1