ephemeral: Support extracting UKIs #144
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds support for extracting the kernel and initramfs from Unified Kernel Images (UKIs) for ephemeral VMs. The approach of using objcopy is straightforward and effective. My review focuses on improving the robustness of the implementation by addressing potential panics from non-UTF-8 file paths and fixing non-deterministic behavior in kernel selection. The changes are otherwise well-structured and clear.
We want `bcvk ephemeral` to work for systems with UKIs; there's two choices here. We could switch in this case to actually booting via EFI firmware, and rely on the systemd-stub credentials to do things like inject kargs. But here I chose to do something a bit simpler - we extract the kernel+initramfs via `objcopy` from the UKI and use those in exactly the same way we do things today. Assisted-by: Claude Code (Sonnet 4.5) Signed-off-by: Colin Walters <[email protected]>
| debug!("Extracting kernel and initramfs from UKI: {:?}", uki_path); | ||
|
|
||
| // Extract .linux section (kernel) from UKI | ||
| Command::new("objcopy") |
There was a problem hiding this comment.
I haven't tested this, but I suspect if binutils isn't installed this is probably going to error with a bare "No such file or directory", and then down below it's going to map into "Failed to extract kernel from UKI: No such file or directory" which sounds like the UKI is missing. The sort of thing future me would waste entirely too much time on before I finally figured out that actually objcopy is missing 😆
There was a problem hiding this comment.
This is a good thing to think about but there's a map_err in there which adds error context.
There was a problem hiding this comment.
Oh sorry yes you're right. Will look at adding a check for this
2 participants
We want
bcvk ephemeralto work for systems with UKIs; there's two choices here. We could switch in this case to actually booting via EFI firmware, and rely on the systemd-stub credentials to do things like inject kargs.But here I chose to do something a bit simpler - we extract the kernel+initramfs via
objcopyfrom the UKI and use those in exactly the same way we do things today.