As it stands (and as I understand it), current downstream Fedora Atomic images have no way to completely remove a base package from a base fedora atomic image (for example, an image that wants to use a different kernel, be it patched or whatever, will have to override and replace the default fedora kernel with the patched version, with the previous kernel still present on the system), this leads to unnecessary added overhead and more disk space being used overall by system deployments.
All of this said, is there a plan to eventually allow downstream images to completely remove base packages from upstream Fedora Atomic, so that they become more space efficient?
Could you be more specific about “downstream images” and “base/upstream images”?
Are you referring to applying overrides locally by rpm-ostree override replace command, e.g. rpm-ostree override replace ./kernel*.rpm, creating a new deployment on an official non-OCI (classic OSTree) installation?
Was talking about downstream like universal blue images, with upstream being fedora images (like silverblue, coreos, etc.).
And by overrides, I meant what they are doing in universal blue, like in blue-build, where I can request packages to be removed in a custom image and it won’t show up in the next pull (though the image itself is built entirely in the cloud, in this case, github)
They can? Last I checked, all that blue-build does is execute rpm-ostree override remove when removing a base package, which doesn’t really gets removed from the image itself, only hidden from the deployment that gets built (see here: https://coreos.github.io/rpm-ostree/administrator-handbook/#removing-a-base-package). Unless there is something that enables that to happen while the image is being built in the cloud, but doesn’t happen on the client.
It is fundamentally impossible to do it without repackaging the content of the base layers of the container image because this is how container images work, they are append only. Doing this repackaging is what GitHub - hhd-dev/rechunk does.
So, from what I can understand, rechunk already does what I asked in this thread? From its github page:
Drops unused files and lowers image size
E.g., if you extend Kinoite and replace the kernel, you do not have to ship the old kernel which was part of the original OSTree commit.
so it does not leave the kernel from upstream fedora in the resulting image in this example?
Avoids layer changes
Package groups such as Plasma that update together get their own layers and through timestamp clamping have the same hashes. If KDE does not update, the user does not have to redownload it.
You can remove anything you want from the image in a layer but due to how containers work, this will not remove those files from the container image itself. rpm-ostree/bootc will see that you have removed files in a layer and will thus not add them to the deployment, but they are still downloaded as part of updates.