Date: Fri, 15 Sep 2023 09:31:10 +0000 From: bugzilla-noreply@freebsd.org To: pkgbase@FreeBSD.org Subject: [Bug 273783] pkgbase: The libraries currently contained in runtime and utilities should be split out Message-ID: <bug-273783-36141-mbTQd7oMvT@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-273783-36141@https.bugs.freebsd.org/bugzilla/> References: <bug-273783-36141@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D273783 --- Comment #9 from dfr@rabson.org --- I build a sequence of container images with two important ones early in the sequence that explicitly avoid installing runtime. These are intended to support static and dynamically linked workloads which don't need (or want) shell access or any of the other binaries installed by runtime. This restri= cted base serves to keep the download size and storage cost of the images as sma= ll as possible as well as reducing the attack surface inside the container. These workloads still need access to things like /etc/passwd and sometimes /etc/termcap and I work around the packaging system to cherry pick the bits= I want from runtime. This means that later layers which do install runtime le= ave things like /etc/master.passwd.pkgsave which I have to clean up. Probably 'fighting the packaging tools' is an exaggeration. If splitting out all the libraries is a step too far, would there be an objection to moving a few libs from runtime to clibs? Currently, I cherry p= ick libz and libcrypt from the runtime package - these could move to clibs with= out ballooning the package count. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-273783-36141-mbTQd7oMvT>