fix overlayfs layer duplication doubling extracted size
Creating the tailscale argv[0] symlinks with RUN in the final scratch stage forced overlayfs to copy-up the whole /usr/local/bin directory, duplicating the ~3 MB binary into a second layer. RouterOS extracts overlay layers separately, so the on-disk rootfs measured ~7 MB instead of ~3.4 MB. Assemble /usr/local/bin in the builder stage and bring it in with a single COPY layer. Verified on RouterOS 7.21.2: du -sx / now ~3.4 MB.
This commit is contained in:
+15
-6
@@ -117,6 +117,17 @@ RUN mkdir -p /out && \
|
|||||||
# Expected: ~14 MB raw → ~3.8 MB compressed (with -gcflags=all=-l)
|
# Expected: ~14 MB raw → ~3.8 MB compressed (with -gcflags=all=-l)
|
||||||
RUN upx --lzma --best /out/tailscale.combined
|
RUN upx --lzma --best /out/tailscale.combined
|
||||||
|
|
||||||
|
# Lay out the final /usr/local/bin HERE (binary + argv[0] symlinks) so the final
|
||||||
|
# stage can bring it in with a SINGLE COPY layer. Creating the symlinks with a
|
||||||
|
# `RUN` in the final scratch stage instead would force overlayfs to copy-up the
|
||||||
|
# whole directory — duplicating the ~3 MB binary into another layer and roughly
|
||||||
|
# doubling the extracted on-disk size on RouterOS (overlay layers are extracted
|
||||||
|
# separately). Building it in one place keeps it to one copy.
|
||||||
|
RUN mkdir -p /out/usrlocalbin && \
|
||||||
|
mv /out/tailscale.combined /out/usrlocalbin/tailscale.combined && \
|
||||||
|
ln -s /usr/local/bin/tailscale.combined /out/usrlocalbin/tailscale && \
|
||||||
|
ln -s /usr/local/bin/tailscale.combined /out/usrlocalbin/tailscaled
|
||||||
|
|
||||||
# =============================================================================
|
# =============================================================================
|
||||||
# Stage 2: Custom minimal busybox
|
# Stage 2: Custom minimal busybox
|
||||||
# =============================================================================
|
# =============================================================================
|
||||||
@@ -211,12 +222,10 @@ COPY --from=busybox /rootfs/ /
|
|||||||
# CA certificates (needed to reach Tailscale coordination server)
|
# CA certificates (needed to reach Tailscale coordination server)
|
||||||
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
||||||
|
|
||||||
# Combined Tailscale binary
|
# Combined Tailscale binary + its argv[0] symlinks, in a single layer (built in
|
||||||
COPY --from=builder /out/tailscale.combined /usr/local/bin/tailscale.combined
|
# the builder stage to avoid overlayfs copy-up duplicating the binary — see the
|
||||||
|
# builder stage comment).
|
||||||
# Symlinks: combined binary behavior switches on argv[0]
|
COPY --from=builder /out/usrlocalbin/ /usr/local/bin/
|
||||||
RUN ["/bin/busybox", "ln", "-s", "/usr/local/bin/tailscale.combined", "/usr/local/bin/tailscale"]
|
|
||||||
RUN ["/bin/busybox", "ln", "-s", "/usr/local/bin/tailscale.combined", "/usr/local/bin/tailscaled"]
|
|
||||||
|
|
||||||
# Ensure /usr/local/bin and busybox dirs are on PATH for interactive shells
|
# Ensure /usr/local/bin and busybox dirs are on PATH for interactive shells
|
||||||
ENV PATH=/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
ENV PATH=/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||||
|
|||||||
Reference in New Issue
Block a user