revert: remove in-VM erofs creation, use host-side umoci extraction#98
Merged
hiroTamada merged 1 commit intomainfrom Feb 13, 2026
Merged
revert: remove in-VM erofs creation, use host-side umoci extraction#98hiroTamada merged 1 commit intomainfrom
hiroTamada merged 1 commit intomainfrom
Conversation
This reverts commit 8f3e617. The in-VM erofs creation optimization had issues with OCI edge cases that go-containerregistry/umoci handles correctly: - Directory symlinks (/bin -> usr/bin) not working through overlay+erofs - Manual tar extraction missing edge cases in whiteout handling The optimization saved ~30% build time but caused "fork/exec /bin/sh: no such file or directory" errors for images using merged /usr directories (common in modern Debian/Ubuntu-based images). Reverting to the slower but correct host-side extraction pipeline until we can properly integrate go-containerregistry inside the builder VM. Co-authored-by: Cursor <[email protected]>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
|
|
||
| // Mount readonly rootfs from /dev/vda. | ||
| // Filesystem type is auto-detected to support both ext4 (legacy) and erofs (default). | ||
| if err := mount("/dev/vda", "/lower", "", "ro"); err != nil { |
There was a problem hiding this comment.
Ext4-only mount breaks existing erofs images
High Severity
setupOverlay now mounts /dev/vda as ext4 only. Previously it relied on kernel autodetection, so cached images built as erofs still booted. After this change, any existing erofs rootfs in the image store fails to mount, causing VM boot failures for reused images.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This reverts commit 8f3e617.
The in-VM erofs creation optimization had issues with OCI edge cases that go-containerregistry/umoci handles correctly:
/bin -> usr/bin) not working through overlay+erofsThe optimization saved ~30% build time but caused
fork/exec /bin/sh: no such file or directoryerrors for images using merged /usr directories (common in modern Debian/Ubuntu-based images like Python).Root Cause
The manual
tarextraction + custom whiteout processing increateErofsFromRegistrydoesn't handle all OCI edge cases. Specifically, when/binis a symlink tousr/bin(standard in Debian 12+, Ubuntu 20.04+), the overlay+erofs combination fails to resolve/bin/shcorrectly at runtime.Solution
Revert to the slower but correct host-side extraction pipeline (umoci + mkfs.erofs) until we can properly integrate go-containerregistry inside the builder VM.
Test plan
Made with Cursor
Note
Medium Risk
Touches the build completion contract and image conversion/export defaults, which can impact build latency and runtime boot behavior. While largely a revert to a simpler pipeline, regressions could surface in image readiness timing and rootfs mounting assumptions.
Overview
Build completion now always waits for the host-side image conversion pipeline before marking a build
ready, addressing a race where the build finished but the image wasn’t usable yet.This reverts the in-VM EROFS creation/registration path: drops
ErofsDiskPathfrom build results/types, removescreateErofsFromRegistryand prebuilt-image registration plumbing, and removes EROFS tooling from the builder image.Image export defaults are shifted back to
ext4asDefaultImageFormat, and the init overlay setup mounts/dev/vdaexplicitly asext4. Separately, the builder image config now defaults tohypeman/builder:latest, and the embedded builder-image Docker build no longer forces--network=host.Written by Cursor Bugbot for commit e13a4e0. This will update automatically on new commits. Configure here.