Date: Thu, 24 Apr 2025 05:35:41 +0100 From: Lexi Winter <ivy@FreeBSD.org> To: Gordon Tetlow <gordon@tetlows.org> Cc: freebsd-pkgbase@freebsd.org Subject: Re: Splitting critical libraries from interactive shell in runtime package Message-ID: <aAm_nSWjq_iCtW6N@ragweed.eden.le-fay.org> In-Reply-To: <015C4C6B-1CEC-4398-A8B9-CE21E88C617C@tetlows.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] Gordon Tetlow: > A while ago, I was playing around with building stripped down jails > based on pkgbase and noticed that /bin/sh and a whole host of > interactive commands is in the FreeBSD-runtime package. > [...] > So, my proposal/question is, can we split out the critical libraries > from the shell and supporting commands in the runtime package so a > minimal jail could be properly built via pkgbase? i see no reason not to do this. FreeBSD-runtime is the default package that everything else gets lumped into if it hasn't been moved elsewhere, so there are definitely things in there that shouldn't be. however... i believe there is a general desire to not have a separate package for every single command, so you may need to put some thought into the most useful way to organise this. for example, perhaps it makes sense for FreeBSD-runtime to be a metapackage which depends on other required packages for a functional basic interactive system. you'd also need to make sure you don't break everyone's system when they upgrade and don't realise /bin/sh is in a different package that they neglected to install. > What needs to happen to make that work? the short version is you need to add PACKAGE=xxx to the Makefiles for the things you want to move, and then add dependencies in release/packages/ for other packages which require /bin/sh, e.g. FreeBSD-rc. > Digging around, I found dfr@ asking about this in > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273783. There seemed > to be agreement from manu@ that making a shell-free environment is a > good goal we can support. as i write this, Bugzilla seems to be offline, buf if there's an existing PR i trust that some people have already brought up some of the obvious issues that come to mind. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQSyjTg96lp3RifySyn1nT63mIK/YAUCaAm/nAAKCRD1nT63mIK/ YO5fAQCbPmcNYfALjU+97miUuRtBvqRSh3k0708vjgynxfFnzwD/ZcdXhiDYOoL4 CyablTaPIubFa//dBGI6lQyc2o7KYwU= =1hGn -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?aAm_nSWjq_iCtW6N>