Lumpiasty/mikrotik-tailscale
1
0
Fork 0
Code Issues 1 Pull Requests 2 Packages Projects Releases Wiki Activity

fix overlayfs layer duplication doubling extracted size

Browse Source 
Creating the tailscale argv[0] symlinks with RUN in the final scratch
stage forced overlayfs to copy-up the whole /usr/local/bin directory,
duplicating the ~3 MB binary into a second layer. RouterOS extracts
overlay layers separately, so the on-disk rootfs measured ~7 MB instead
of ~3.4 MB. Assemble /usr/local/bin in the builder stage and bring it in
with a single COPY layer. Verified on RouterOS 7.21.2: du -sx / now ~3.4 MB.
This commit is contained in:
Lumpiasty
2026-05-29 04:23:41 +02:00
parent 864859a5a0
commit 082703a6b8
1 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+15 -6
View File
@@ -117,6 +117,17 @@ RUN mkdir -p /out && \
# Expected: ~14 MB raw → ~3.8 MB compressed (with -gcflags=all=-l)
RUN upx --lzma --best /out/tailscale.combined
# Lay out the final /usr/local/bin HERE (binary + argv[0] symlinks) so the final
# stage can bring it in with a SINGLE COPY layer. Creating the symlinks with a
# `RUN` in the final scratch stage instead would force overlayfs to copy-up the
# whole directory — duplicating the ~3 MB binary into another layer and roughly
# doubling the extracted on-disk size on RouterOS (overlay layers are extracted
# separately). Building it in one place keeps it to one copy.
RUN mkdir -p /out/usrlocalbin && \
mv /out/tailscale.combined /out/usrlocalbin/tailscale.combined && \
ln -s /usr/local/bin/tailscale.combined /out/usrlocalbin/tailscale && \
ln -s /usr/local/bin/tailscale.combined /out/usrlocalbin/tailscaled
# =============================================================================
# Stage 2: Custom minimal busybox
# =============================================================================
@@ -211,12 +222,10 @@ COPY --from=busybox /rootfs/ /
# CA certificates (needed to reach Tailscale coordination server)
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
# Combined Tailscale binary
COPY --from=builder /out/tailscale.combined /usr/local/bin/tailscale.combined
# Symlinks: combined binary behavior switches on argv[0]
RUN ["/bin/busybox", "ln", "-s", "/usr/local/bin/tailscale.combined", "/usr/local/bin/tailscale"]
RUN ["/bin/busybox", "ln", "-s", "/usr/local/bin/tailscale.combined", "/usr/local/bin/tailscaled"]
# Combined Tailscale binary + its argv[0] symlinks, in a single layer (built in
# the builder stage to avoid overlayfs copy-up duplicating the binary — see the
# builder stage comment).
COPY --from=builder /out/usrlocalbin/ /usr/local/bin/
# Ensure /usr/local/bin and busybox dirs are on PATH for interactive shells
ENV PATH=/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin