flatcar · t-lo · Jul 28, 2025 · Jul 28, 2025 · Jul 28, 2025
@@ -1,4 +1,5 @@
 EXTRA_SYSEXTS=(
+  "overlaybd|sys-fs/overlaybd,app-containers/accelerated-container-image"
   "incus|app-containers/incus"
   "nvidia-drivers-535|x11-drivers/nvidia-drivers:0/535|-kernel-open persistenced|amd64"
   "nvidia-drivers-535-open|x11-drivers/nvidia-drivers:0/535|kernel-open persistenced|amd64"

@@ -0,0 +1,3 @@
+* Added [overlaybd](https://containerd.github.io/overlaybd/) system extension to support accelerated container images.
+  The extension includes both [overlaybd](https://github.com/containerd/overlaybd/) as well as [accelerated-container-image](https://github.com/containerd/accelerated-container-image) tools.
+  Add `overlaybd` to [`/etc/flatcar/enabled-sysext.conf`](https://www.flatcar.org/docs/latest/provisioning/sysext/) to check it out.
@@ -0,0 +1 @@
+accelerated-container-image-9999.ebuild
@@ -0,0 +1,50 @@
+# Copyright 2025 The Flatcar Container Linux Maintainers
+# Distributed under the terms of the Apache License 2.0
+
+EAPI=8
+
+inherit git-r3 go-module systemd tmpfiles
+
+DESCRIPTION="Remote container image format (overlaybd) and snapshotter based on block-device"
+HOMEPAGE="https://github.com/containerd/accelerated-container-image"
+EGIT_REPO_URI="https://github.com/containerd/accelerated-container-image.git"
+
+if [[ ${PV} == 9999* ]]; then
+	KEYWORDS="~amd64 ~arm64"
+else
+	EGIT_COMMIT="v${PV}"
+	KEYWORDS="amd64 arm64"
+fi
+
+LICENSE="Apache-2.0"
+SLOT="0"
+
+# FIXME HACK ALERT: the build pulls go modules during src_compile.
+# This fails if network sandbox is enabled.
+RESTRICT="${RESTRICT} network-sandbox"
+
+
+RDEPEND="sys-fs/overlaybd"
+
+src_unpack() {
+	git-r3_src_unpack
+	go-module_src_unpack
+}
+
+src_install() {
+	emake install \
+		DESTDIR="${ED}" \
+		SN_DESTDIR="${ED}/usr/local/overlaybd/snapshotter" \
+		SN_CFGDIR="${ED}/usr/local/overlaybd/snapshotter/etc"
+
+	sed -i 's,/opt/overlaybd,/usr/local/overlaybd,' \
+		"${ED}/usr/local/overlaybd/snapshotter/overlaybd-snapshotter.service" || die
+
+  # tmpfiles will take care of symlinking /usr/local/overlaybd/snapshotter
+  # to /opt/overlaybd/snapshotter, where upstream expects the binaries.
+  # (we need them in /usr to be used in a sysext)
+	dotmpfiles "${FILESDIR}/10-overlaybd-snapshotter.conf"
+
+	systemd_dounit "${ED}/usr/local/overlaybd/snapshotter/overlaybd-snapshotter.service"
+	systemd_enable_service "multi-user.target" "overlaybd-snapshotter.service"
+}
@@ -0,0 +1,2 @@
+C /etc/overlaybd-snapshotter/config.json - - - - /usr/local/overlaybd/snapshotter/etc/config.json
+L /opt/overlaybd/snapshotter - - - - /usr/local/overlaybd/snapshotter
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="project">
+		<email>[email protected]</email>
+		<name>The Flatcar Container Linux Maintainers</name>
+	</maintainer>
+	<upstream>
+		<remote-id type="github">containerd/accelerated-container-image</remote-id>
+	</upstream>
+</pkgmetadata>
@@ -0,0 +1,2 @@
+C /etc/overlaybd/overlaybd.json - - - - /usr/local/overlaybd/etc/overlaybd.json
+d /opt/overlaybd - - - - -
@@ -0,0 +1,129 @@
+From de68119855229db8e457043d86bbb38bbd5d55d9 Mon Sep 17 00:00:00 2001
+From: James Le Cuirot <[email protected]>
+Date: Fri, 25 Jul 2025 17:12:03 +0100
+Subject: [PATCH 1/3] Fix cross-compiling by using CMAKE_SYSTEM_PROCESSOR
+ rather than uname -m
+
+There is no need to check the architecture twice. Also check for arm64
+(MacOS) wherever we check for aarch64 (Linux).
+
+Signed-off-by: James Le Cuirot <[email protected]>
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -9,10 +9,8 @@ enable_language(C)
+ set(CMAKE_CXX_FLAGS_RELEASE "-O2 -DNDEBUG")
+ set(CMAKE_CXX_FLAGS_RELWITHDEBINFO "-O2 -DNDEBUG -g")
+
+-# Get CPU arch
+-execute_process(COMMAND uname -m OUTPUT_VARIABLE ARCH OUTPUT_STRIP_TRAILING_WHITESPACE)
+-if (NOT (${ARCH} STREQUAL x86_64) AND NOT (${ARCH} STREQUAL aarch64) AND NOT (${ARCH} STREQUAL arm64))
+-    message(FATAL_ERROR "Unknown CPU architecture ${ARCH}")
++if (NOT (CMAKE_SYSTEM_PROCESSOR STREQUAL x86_64) AND NOT (CMAKE_SYSTEM_PROCESSOR STREQUAL aarch64) AND NOT (CMAKE_SYSTEM_PROCESSOR STREQUAL arm64))
++    message(FATAL_ERROR "Unknown CPU architecture ${CMAKE_SYSTEM_PROCESSOR}")
+ endif ()
+
+ option(OBD_VER "Overlaybd version" "overlaybd/0.0.0-undefined")
+@@ -25,7 +23,7 @@ set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_CURRENT_SOURCE_DIR}/CMake")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fpic -Wall -Werror=sign-compare")
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fpic -Wall -Werror=sign-compare -DOVERLAYBD_VER=${OBD_VER}")
+
+-if (${ARCH} STREQUAL aarch64)
++if ((CMAKE_SYSTEM_PROCESSOR STREQUAL aarch64) OR (CMAKE_SYSTEM_PROCESSOR STREQUAL arm64))
+   set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -march=armv8-a+crc -fsigned-char -fno-stack-protector -fomit-frame-pointer")
+ endif ()
+
+--- a/src/overlaybd/zfile/CMakeLists.txt
++++ b/src/overlaybd/zfile/CMakeLists.txt
+@@ -2,19 +2,13 @@ file(GLOB SOURCE_ZFILE "*.cpp")
+ file(GLOB SOURCE_LZ4 "lz4/*.c")
+ file(GLOB SOURCE_CRC32 "crc32/crc32c.cpp")
+
+-# Get CPU arch
+-execute_process(COMMAND uname -m OUTPUT_VARIABLE ARCH OUTPUT_STRIP_TRAILING_WHITESPACE)
+-if (NOT (${ARCH} STREQUAL x86_64) AND NOT (${ARCH} STREQUAL aarch64))
+-    message(FATAL_ERROR "Unknown CPU architecture ${ARCH}")
+-endif ()
+-
+ set (CMAKE_CXX_STANDARD 17)
+ add_library(crc32_lib STATIC ${SOURCE_CRC32})
+ target_include_directories(crc32_lib PUBLIC
+     ${PHOTON_INCLUDE_DIR}
+ )
+
+-if (${ARCH} STREQUAL x86_64)
++if (CMAKE_SYSTEM_PROCESSOR STREQUAL x86_64)
+     target_compile_options(crc32_lib PUBLIC -msse4.2 -mcrc32)
+ else()
+     target_compile_options(crc32_lib PRIVATE -march=native -mcpu=generic+crc)
+-- 
+2.49.0
+
+
+From ee0e074c256ea1bcbcff2ed5a3e311becaf122cc Mon Sep 17 00:00:00 2001
+From: James Le Cuirot <[email protected]>
+Date: Mon, 28 Jul 2025 12:05:19 +0100
+Subject: [PATCH 2/3] Respect aarch64 -march=|-mcpu= flag and check whether
+ -mcpu=native works
+
+Packagers may specify a target system up front, which should be
+respected. The CRC extensions are not strictly necessary as there is a
+software fallback.
+
+Otherwise, use -mcpu=native if it works (it won't when cross-compiling)
+or -mcpu=generic+crc.
+
+Signed-off-by: James Le Cuirot <[email protected]>
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -24,7 +24,16 @@ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fpic -Wall -Werror=sign-compare")
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fpic -Wall -Werror=sign-compare -DOVERLAYBD_VER=${OBD_VER}")
+
+ if ((CMAKE_SYSTEM_PROCESSOR STREQUAL aarch64) OR (CMAKE_SYSTEM_PROCESSOR STREQUAL arm64))
+-  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -march=armv8-a+crc -fsigned-char -fno-stack-protector -fomit-frame-pointer")
++    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsigned-char -fno-stack-protector -fomit-frame-pointer")
++    if (NOT CMAKE_CXX_FLAGS MATCHES "-march=|-mcpu=")
++        include(CheckCXXCompilerFlag)
++        check_cxx_compiler_flag(-mcpu=native COMPILER_HAS_NATIVE_FLAG)
++        if (COMPILER_HAS_NATIVE_FLAG)
++            set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mcpu=native")
++        else ()
++            set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mcpu=generic+crc")
++        endif ()
++    endif ()
+ endif ()
+
+ set(CMAKE_CXX_STANDARD_LIBRARIES "-static-libgcc ${CMAKE_CXX_STANDARD_LIBRARIES}")
+--- a/src/overlaybd/zfile/CMakeLists.txt
++++ b/src/overlaybd/zfile/CMakeLists.txt
+@@ -10,8 +10,6 @@ target_include_directories(crc32_lib PUBLIC
+
+ if (CMAKE_SYSTEM_PROCESSOR STREQUAL x86_64)
+     target_compile_options(crc32_lib PUBLIC -msse4.2 -mcrc32)
+-else()
+-    target_compile_options(crc32_lib PRIVATE -march=native -mcpu=generic+crc)
+ endif()
+
+ if(ENABLE_DSA OR ENABLE_ISAL)
+-- 
+2.49.0
+
+
+From 2e4edd416a42fad0e8d7ac21855a4e81f34f1e82 Mon Sep 17 00:00:00 2001
+From: James Le Cuirot <[email protected]>
+Date: Mon, 28 Jul 2025 12:16:50 +0100
+Subject: [PATCH 3/3] Patch Photon after fetching to fix cross issues
+
+Signed-off-by: James Le Cuirot <[email protected]>
+--- a/CMake/Findphoton.cmake
++++ b/CMake/Findphoton.cmake
+@@ -6,6 +6,7 @@ FetchContent_Declare(
+   photon
+   GIT_REPOSITORY https://github.com/alibaba/PhotonLibOS.git
+   GIT_TAG v0.6.17
++  PATCH_COMMAND patch -p1 -i @FILESDIR@/photon-cross.patch
+ )
+
+ if(BUILD_TESTING)
+-- 
+2.49.0
+
@@ -0,0 +1,90 @@
+From a0ea7bb44f4c863519537605e8118b6ff6afd57e Mon Sep 17 00:00:00 2001
+From: James Le Cuirot <[email protected]>
+Date: Mon, 28 Jul 2025 10:23:02 +0100
+Subject: [PATCH 1/2] Fix cross-compiling by using CMAKE_SYSTEM_PROCESSOR
+ rather than uname -m
+
+There is no need to check the architecture twice. Also check for arm64
+(MacOS) wherever we check for aarch64 (Linux).
+
+Signed-off-by: James Le Cuirot <[email protected]>
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -38,10 +38,8 @@ set(PHOTON_E2FS_SOURCE "" CACHE STRING "")
+ set(PHOTON_GFLAGS_SOURCE "https://github.com/gflags/gflags/archive/refs/tags/v2.2.2.tar.gz" CACHE STRING "")
+ set(PHOTON_GOOGLETEST_SOURCE "https://github.com/google/googletest/archive/refs/tags/release-1.12.1.tar.gz" CACHE STRING "")
+
+-# Get CPU arch and number
+-execute_process(COMMAND uname -m OUTPUT_VARIABLE ARCH OUTPUT_STRIP_TRAILING_WHITESPACE)
+-if (NOT (${ARCH} STREQUAL x86_64) AND NOT (${ARCH} STREQUAL aarch64) AND NOT (${ARCH} STREQUAL arm64))
+-    message(FATAL_ERROR "Unknown CPU architecture ${ARCH}")
++if (NOT (CMAKE_SYSTEM_PROCESSOR STREQUAL x86_64) AND NOT (CMAKE_SYSTEM_PROCESSOR STREQUAL aarch64) AND NOT (CMAKE_SYSTEM_PROCESSOR STREQUAL arm64))
++    message(FATAL_ERROR "Unknown CPU architecture ${CMAKE_SYSTEM_PROCESSOR}")
+ endif ()
+ ProcessorCount(NumCPU)
+
+@@ -65,9 +63,9 @@ if (CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
+     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-packed-bitfield-compat")
+ endif()
+
+-if (${ARCH} STREQUAL x86_64)
++if (CMAKE_SYSTEM_PROCESSOR STREQUAL x86_64)
+     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -msse4.2")
+-elseif (${ARCH} STREQUAL aarch64)
++elseif ((CMAKE_SYSTEM_PROCESSOR STREQUAL aarch64) OR (CMAKE_SYSTEM_PROCESSOR STREQUAL arm64))
+     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mcpu=generic+crc -fsigned-char -fno-stack-protector -fomit-frame-pointer")
+ endif ()
+
+--- a/net/security-context/test/CMakeLists.txt
++++ b/net/security-context/test/CMakeLists.txt
+@@ -6,9 +6,8 @@ add_executable(test-tls test.cpp)
+ target_link_libraries(test-tls PRIVATE photon_shared ${testing_libs})
+ add_test(NAME test-tls COMMAND $<TARGET_FILE:test-tls>)
+
+-if (ENABLE_SASL AND (NOT (APPLE AND (${ARCH} STREQUAL arm64))))
++if (ENABLE_SASL AND NOT (APPLE AND (CMAKE_SYSTEM_PROCESSOR STREQUAL arm64)))
+     add_executable(test-sasl test-sasl.cpp)
+     target_link_libraries(test-sasl PRIVATE photon_shared ${testing_libs})
+     add_test(NAME test-sasl COMMAND $<TARGET_FILE:test-sasl>)
+ endif ()
+-
+-- 
+2.49.0
+
+
+From 467ecb887c8cc9107e8f055c90f02ee04fcb895e Mon Sep 17 00:00:00 2001
+From: James Le Cuirot <[email protected]>
+Date: Mon, 28 Jul 2025 11:17:24 +0100
+Subject: [PATCH 2/2] Respect aarch64 -march=|-mcpu= flag and check whether
+ -mcpu=native works
+
+Packagers may specify a target system up front, which should be
+respected. The CRC extensions are not strictly necessary as there is a
+software fallback.
+
+Otherwise, use -mcpu=native if it works (it won't when cross-compiling)
+or -mcpu=generic+crc.
+
+Signed-off-by: James Le Cuirot <[email protected]>
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -66,7 +66,15 @@ endif()
+ if (CMAKE_SYSTEM_PROCESSOR STREQUAL x86_64)
+     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -msse4.2")
+ elseif ((CMAKE_SYSTEM_PROCESSOR STREQUAL aarch64) OR (CMAKE_SYSTEM_PROCESSOR STREQUAL arm64))
+-    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mcpu=generic+crc -fsigned-char -fno-stack-protector -fomit-frame-pointer")
++    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsigned-char -fno-stack-protector -fomit-frame-pointer")
++    if (NOT CMAKE_CXX_FLAGS MATCHES "-march=|-mcpu=")
++        check_cxx_compiler_flag(-mcpu=native COMPILER_HAS_NATIVE_FLAG)
++        if (COMPILER_HAS_NATIVE_FLAG)
++            set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mcpu=native")
++        else ()
++            set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mcpu=generic+crc")
++        endif ()
++    endif ()
+ endif ()
+
+ check_cxx_compiler_flag(-mcrc32 COMPILER_HAS_MCRC32_FLAG)
+-- 
+2.49.0
+
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="project">
+		<email>[email protected]</email>
+		<name>The Flatcar Container Linux Maintainers</name>
+	</maintainer>
+	<use>
+		<flag name="dsa">Accelerate CRC calculations with Intel Data Streaming Accelerator</flag>
+		<flag name="qat">Accelerate compression with Intel QuickAssist Technology</flag>
+	</use>
+	<upstream>
+		<remote-id type="github">containerd/overlaybd</remote-id>
+	</upstream>
+</pkgmetadata>
@@ -0,0 +1 @@
+overlaybd-9999.ebuild
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		C /etc/overlaybd-snapshotter/config.json - - - - /usr/local/overlaybd/snapshotter/etc/config.json
		L /opt/overlaybd/snapshotter - - - - /usr/local/overlaybd/snapshotter
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		C /etc/overlaybd/overlaybd.json - - - - /usr/local/overlaybd/etc/overlaybd.json
		d /opt/overlaybd - - - - -