Using staticx and PyInstaller "file" mode creates a fat-binary which needs to be uncompressed at runtime.
For containerized applications which are supposed to run in read-only mode, this is bad behaviour and unnecessary:
staticx unpacks to /tmp, which is not a real tmpfs. Hence, the container runtime creates a persistent volume/overlay
on shutdown of the container, staticx runs a clean up script to delete the tmp files. however, in automotive embedded systems, sress testing includes hard powering-off the devices, which leads to garbage piling up (leftover overlay volumes).
a good citizen app would be run in read-only mode, so that no persistent volumes are created at runtime. that requires /tmp to be mounted to a real tmpfs - or even better, the application does not create temp files at all.
for an application like carsim, which has no persistence requirements, as the states are kept in the Kuksa Databroker, the container should run in read-only mode.
Tasks:
Remove staticx from the build in the Dockerfile
Change PyInstaller to directory mode
Test the container and functionality with docker run ... --read-only ...