kata: remove rustc from agent closure

[burgerdev]

The sev crate specifies a crate type of dylib, which results in a libsev.so library in the output of makeRustPackage. The library is intended for use under FFI (i.e., from C) and not necessary for the agent binary.

Removing the library sheds some 800MiB of rustc from the agent's closure and reduces the podvm-image size by 1.4GiB.

$ nix-store --query --size /nix/store/aw6s09mwmbifnxbm6587kgwm46jgmaa6-image-podvm-gpu-1-rc1 # before
2694330064
$ nix-store --query --size /nix/store/z14q27diajh5x3iqkbckcnvp6gb7bkr7-image-podvm-gpu-1-rc1 # after
1264297680

[msanft]

Hmm. I wonder how it makes sure that it doesn't need the dependency anymore. It shouldn't have a notion of understanding about what rm'ing the file does, but I guess it will look at output paths or something. As this should not be harmful in any case, I'm fine with removing it, and I see you did evaluate its outcome, which looks very promising. Thanks!

[burgerdev]

On current main, the cloud-api-adaptor derivation has two outputs:

$ tree /nix/store/3ycmwghjsvk4d5w7iyd685p18dyw6zlq-kata-agent-3.10.1 
/nix/store/3ycmwghjsvk4d5w7iyd685p18dyw6zlq-kata-agent-3.10.1
├── bin
│   └── kata-agent
└── lib
    └── libsev.so

3 directories, 2 files

However, kata-agent does not link to libsev.so.

$ ldd /nix/store/3ycmwghjsvk4d5w7iyd685p18dyw6zlq-kata-agent-3.10.1/bin/kata-agent 
        linux-vdso.so.1 (0x00007072041c1000)
        libseccomp.so.2 => /nix/store/qzp9356icvbkmgmkxxlbdsc3fb2p6rqb-libseccomp-2.5.5-lib/lib/libseccomp.so.2 (0x000070720419b000)
        libgcc_s.so.1 => /nix/store/97f3gw9vpyxvwjv2i673isvg92q65mwn-gcc-13.3.0-lib/lib/libgcc_s.so.1 (0x0000707204176000)
        libm.so.6 => /nix/store/pacbfvpzqz2mksby36awvbcn051zcji3-glibc-2.40-36/lib/libm.so.6 (0x0000707202919000)
        libc.so.6 => /nix/store/pacbfvpzqz2mksby36awvbcn051zcji3-glibc-2.40-36/lib/libc.so.6 (0x0000707202720000)
        /nix/store/pacbfvpzqz2mksby36awvbcn051zcji3-glibc-2.40-36/lib/ld-linux-x86-64.so.2 => /nix/store/pacbfvpzqz2mksby36awvbcn051zcji3-glibc-2.40-36/lib64/ld-linux-x86-64.so.2 (0x00007072041c3000)

The rustc libs are configured in the library's rpath, and that's why rustc gets into the runtime deps, I guess.

$ readelf -d /nix/store/3ycmwghjsvk4d5w7iyd685p18dyw6zlq-kata-agent-3.10.1/lib/libsev.so | grep -E "R(UN)?PATH"
 0x000000000000001d (RUNPATH)            Library runpath: [/nix/store/2dns4qfj3lfmzfpg6qqpjjms0bsn9ain-rustc-1.82.0/lib/rustlib/x86_64-unknown-linux-gnu/lib:/nix/store/pacbfvpzqz2mksby36awvbcn051zcji3-glibc-2.40-36/lib:/nix/store/97f3gw9vpyxvwjv2i673isvg92q65mwn-gcc-13.3.0-lib/lib]