[Bug 2039209] Re: last-minute surprise /var/cache/swcatalog/cache/C-os-catalog.xb in mantic images
Julian Andres Klode
2039209 at bugs.launchpad.net
Thu Oct 12 17:23:18 UTC 2023
** Description changed:
Our last respin of the Ubuntu Desktop ISO for mantic to pick up a new
version of the ubuntu-desktop-installer snap also unexpectedly increased
the total image size by 50MiB.
Tracked this down to the addition of a new file under /var/cache:
- $ du -sh /mnt/*/var/cache/swcatalog/cache/C-os-catalog.xb
+ $ du -sh /mnt/*/var/cache/swcatalog/cache/C-os-catalog.xb
8.4M /mnt/2/var/cache/swcatalog/cache/C-os-catalog.xb
$
This file gets compressed, but we get a SEPARATE copy of it in each of
the per-language squashfs layers on the system.
Previously, this file WAS present in the minimal.enhanced-
secureboot.squashfs, however something has changed to cause this file to
be different in each of the per-language layers on top of this.
A copy also ended up in casper/minimal.standard.live.squashfs that had
not been there before.
- I think the image builds should enforce a whitelist of files allowed
+ I think the image builds should enforce am allowlist of files allowed
under /var/cache and fail the build for unexpected contents for each
given squashfs layer.
** Description changed:
Our last respin of the Ubuntu Desktop ISO for mantic to pick up a new
version of the ubuntu-desktop-installer snap also unexpectedly increased
the total image size by 50MiB.
Tracked this down to the addition of a new file under /var/cache:
$ du -sh /mnt/*/var/cache/swcatalog/cache/C-os-catalog.xb
8.4M /mnt/2/var/cache/swcatalog/cache/C-os-catalog.xb
$
This file gets compressed, but we get a SEPARATE copy of it in each of
the per-language squashfs layers on the system.
Previously, this file WAS present in the minimal.enhanced-
secureboot.squashfs, however something has changed to cause this file to
be different in each of the per-language layers on top of this.
A copy also ended up in casper/minimal.standard.live.squashfs that had
not been there before.
- I think the image builds should enforce am allowlist of files allowed
+ I think the image builds should enforce an allowlist of files allowed
under /var/cache and fail the build for unexpected contents for each
given squashfs layer.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to livecd-rootfs in Ubuntu.
https://bugs.launchpad.net/bugs/2039209
Title:
last-minute surprise /var/cache/swcatalog/cache/C-os-catalog.xb in
mantic images
Status in livecd-rootfs package in Ubuntu:
New
Bug description:
Our last respin of the Ubuntu Desktop ISO for mantic to pick up a new
version of the ubuntu-desktop-installer snap also unexpectedly
increased the total image size by 50MiB.
Tracked this down to the addition of a new file under /var/cache:
$ du -sh /mnt/*/var/cache/swcatalog/cache/C-os-catalog.xb
8.4M /mnt/2/var/cache/swcatalog/cache/C-os-catalog.xb
$
This file gets compressed, but we get a SEPARATE copy of it in each of
the per-language squashfs layers on the system.
Previously, this file WAS present in the minimal.enhanced-
secureboot.squashfs, however something has changed to cause this file
to be different in each of the per-language layers on top of this.
A copy also ended up in casper/minimal.standard.live.squashfs that had
not been there before.
I think the image builds should enforce an allowlist of files allowed
under /var/cache and fail the build for unexpected contents for each
given squashfs layer.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/2039209/+subscriptions
More information about the foundations-bugs
mailing list