flatcar
diff --git a/‎.github/workflows/docker-apply-patch.sh
Lines changed: 0 additions & 65 deletions b/‎.github/workflows/docker-apply-patch.sh
Lines changed: 0 additions & 65 deletions
diff --git a/‎.github/workflows/docker-release-main.yaml
Lines changed: 0 additions & 53 deletions b/‎.github/workflows/docker-release-main.yaml
Lines changed: 0 additions & 53 deletions
diff --git a/‎.github/workflows/portage-stable-packages-list
Lines changed: 6 additions & 0 deletions b/‎.github/workflows/portage-stable-packages-list
Lines changed: 6 additions & 0 deletions
diff --git a/‎.github/workflows/runc-apply-patch.sh
Lines changed: 0 additions & 51 deletions b/‎.github/workflows/runc-apply-patch.sh
Lines changed: 0 additions & 51 deletions
diff --git a/‎.github/workflows/runc-release-main.yaml
Lines changed: 0 additions & 65 deletions b/‎.github/workflows/runc-release-main.yaml
Lines changed: 0 additions & 65 deletions
diff --git a/‎build_image
Lines changed: 2 additions & 2 deletions b/‎build_image
Lines changed: 2 additions & 2 deletions
diff --git a/‎build_library/sysext_mangle_containerd-flatcar
Lines changed: 11 additions & 0 deletions b/‎build_library/sysext_mangle_containerd-flatcar
Lines changed: 11 additions & 0 deletions
diff --git a/‎build_library/sysext_mangle_docker-flatcar
Lines changed: 10 additions & 0 deletions b/‎build_library/sysext_mangle_docker-flatcar
Lines changed: 10 additions & 0 deletions
diff --git a/‎build_library/sysext_prod_builder
Lines changed: 6 additions & 4 deletions b/‎build_library/sysext_prod_builder
Lines changed: 6 additions & 4 deletions
diff --git a/‎build_sysext
Lines changed: 18 additions & 0 deletions b/‎build_sysext
Lines changed: 18 additions & 0 deletions
@@ -87,6 +87,12 @@ app-arch/zstd
 
 app-cdr/cdrtools
 
+app-containers/cri-tools
+app-containers/docker
+app-containers/docker-cli
+app-containers/docker-proxy
+app-containers/runc
+
 app-crypt/adcli
 app-crypt/libb2
 app-crypt/libmd
 
@@ -33,8 +33,8 @@ DEFINE_string base_pkg "coreos-base/coreos" \
   "The base portage package to base the build off of (only applies to prod images)"
 DEFINE_string base_dev_pkg "coreos-base/coreos-dev" \
   "The base portage package to base the build off of (only applies to dev containers)"
-DEFINE_string base_sysexts "containerd-flatcar:app-containers/containerd,docker-flatcar:app-containers/docker" \
-  "Comma-separated list of name:package - build 'package' into sysext 'name', and include with OS image and update payload. Must be in order of dependencies, base sysexts come first."
+DEFINE_string base_sysexts "containerd-flatcar:app-containers/containerd,docker-flatcar:app-containers/docker&app-containers/docker-cli" \
+  "Comma-separated list of name:package[&package[&package]] - build 'package' (a single package or a list of packages separated by '&') into sysext 'name', and include with OS image and update payload. Must be in order of dependencies, base sysexts come first."
 DEFINE_string output_root "${DEFAULT_BUILD_ROOT}/images" \
   "Directory in which to place image result directories (named by version)"
 DEFINE_string disk_layout "" \
 
@@ -3,5 +3,16 @@
 set -euo pipefail
 rootfs="${1}"
 
+
+# No manpages on Flatcar, no need to ship "stress" tool
+echo ">>> NOTICE: $0: removing 'gen-manpages', 'containerd-stress' from sysext"
+rm -f "${rootfs}/usr/bin/gen-manpages" "${rootfs}/usr/bin/containerd-stress"
+
+script_root="$(cd "$(dirname "$0")/../"; pwd)"
+files_dir="${script_root}/sdk_container/src/third_party/coreos-overlay/coreos/sysext/containerd"
+
+echo ">>> NOTICE $0: installing extra files from '${files_dir}'"
+cp -va "${files_dir}/"* "${rootfs}"
+
 mkdir -p "${rootfs}/usr/lib/systemd/system/multi-user.target.d"
 { echo "[Unit]"; echo "Upholds=containerd.service"; } > "${rootfs}/usr/lib/systemd/system/multi-user.target.d/10-containerd-service.conf"
@@ -3,5 +3,15 @@
 set -euo pipefail
 rootfs="${1}"
 
+# Remove debug and contrib
+echo ">>> NOTICE: $0: removing '/usr/lib/debug/', '/usr/share/docker/contrib' from sysext"
+rm -rf "${rootfs}/usr/lib/debug/" "${rootfs}/usr/share/docker/contrib/"
+
+script_root="$(cd "$(dirname "$0")/../"; pwd)"
+files_dir="${script_root}/sdk_container/src/third_party/coreos-overlay/coreos/sysext/docker"
+
+echo ">>> NOTICE $0: installing extra files from '${files_dir}'"
+cp -va "${files_dir}/"* "${rootfs}"
+
 mkdir -p "${rootfs}/usr/lib/systemd/system/sockets.target.d"
 { echo "[Unit]"; echo "Upholds=docker.socket"; } > "${rootfs}/usr/lib/systemd/system/sockets.target.d/10-docker-socket.conf"
@@ -30,17 +30,19 @@ create_prod_sysext() {
   local base_sysext="$4"
   local install_root="$5"
   local name="$6"
-  local grp_pkg="$7"
+  local grp_pkgs="$7"
   local pkginfo="${8:-}"
 
   local -a build_sysext_opts=()
 
-  local msg="Installing ${grp_pkg}' in sysext ${name}.raw"
+  local -a grp_pkg
+  mapfile -t grp_pkg <<<"${grp_pkgs//&/$'\n'}"
+  local msg="Installing ${grp_pkg[*]} in sysext ${name}.raw"
 
   # Include previous sysexts' pkginfo if supplied
   if [[ -n "${pkginfo}" ]] ; then
     if [[ ! -f "${output_dir}/${pkginfo}" ]] ; then
-      die "Sysext build '${grp_pkg}': unable to find package info at '${output_dir}/${pkginfo}'."
+      die "Sysext build '${name}': unable to find package info at '${output_dir}/${pkginfo}'."
     fi
     msg="${msg} w/ package info '${pkginfo}'"
     build_sysext_opts+=( "--base_pkginfo=${output_dir}/${pkginfo}" )
@@ -60,7 +62,7 @@ create_prod_sysext() {
             --squashfs_base="${base_sysext}" \
             --generate_pkginfo \
             "${build_sysext_opts[@]}" \
-            "${name}" "${grp_pkg}"
+            "${name}" "${grp_pkg[@]}"
 
   sudo mv "${workdir}/sysext-build/${name}.raw" "${workdir}/sysext-build/${name}_pkginfo.raw" \
                               "${workdir}/sysext-build/${name}"_*.txt "${output_dir}"
 
@@ -25,6 +25,8 @@ DEFINE_string squashfs_base '' \
   "The path to the squashfs base image. Defaults to the most current image built in '${default_imagedir}/${FLATCAR_PRODUCTION_IMAGE_SYSEXT_BASE}'."
 DEFINE_string image_builddir '' \
   "Custom directory to build the sysext in. Defaults to a 'sysext' sub-directory of the directory the squashfs base image resides in; '${default_imagedir}/sysext' by default."
+DEFINE_boolean strip_binaries "${FLAGS_FALSE}" \
+  "After installation, scan sysext root for unstripped binaries and strip these. WARNING - this can subtly break some packages, e.g. Docker (see https://github.com/moby/moby/blob/master/project/PACKAGERS.md#stripping-binaries)."
 DEFINE_string manglefs_script '' \
   "A path to executable that will customize the rootfs of the sysext image."
 DEFINE_boolean generate_pkginfo "${FLAGS_FALSE}" \
@@ -231,6 +233,22 @@ info "Writing ${SYSEXTNAME}_packages.txt"
 ROOT="${BUILD_DIR}/install-root" PORTAGE_CONFIGROOT="${BUILD_DIR}/install-root" \
       equery --no-color list --format '$cpv::$repo' '*' > "${BUILD_DIR}/${SYSEXTNAME}_packages.txt"
 
+
+if [[ "${FLAGS_strip_binaries}" = "${FLAGS_TRUE}" ]]; then
+    chost="$("portageq-${BOARD}" envvar CHOST)"
+    strip="${chost}-strip"
+    
+    info "Stripping all non-stripped binaries in sysext using '${strip}'"
+
+    # Find all non-stripped binaries, remove ':' from filepath, and strip 'em
+    find "${BUILD_DIR}/install-root" -exec file \{\} \; \
+         | awk '/not stripped/ {print substr($1, 1, length($1)-1)}' \
+         | while read bin; do
+                info "     ${strip} ${bin}"
+                "${strip}" "${bin}"
+           done
+fi
+
 if [[ -n "${FLAGS_manglefs_script}" ]]; then
   if [[ ! -x "${FLAGS_manglefs_script}" ]]; then
     die "${FLAGS_manglefs_script} is not executable"