From nobody Thu Apr 24 04:35:41 2025 X-Original-To: freebsd-pkgbase@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Zjjp92tLNz5tTQn for ; Thu, 24 Apr 2025 04:35:45 +0000 (UTC) (envelope-from ivy@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Zjjp921rgz3XfR; Thu, 24 Apr 2025 04:35:45 +0000 (UTC) (envelope-from ivy@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1745469345; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=faR82Vf/+Qq2gpkHiNQ5u8djTxG6xCi0nxgyvD5sbK8=; b=A+dE/b1rurdjcMGrmA5E9xejpfUxeE2DqHERov2OSAfI7jlgzr4tMu9xxuuQjf2QiJZzvm Je8ygKcucL0sTmbOTWxhbPGp6EJvbDjCDDo4KAjA/gRNyJ1cjwo8G1HVasAb69sw1/2P11 GTbYGtib3miEytz1vblwKZfYStmtuQzbDFa2OF9mFp8mMCKDhe8dnXocCdjYqxmEGh3R58 AwXecDVLNezWjQHcwGluILR8EvZGRGTnuFFlSfmiw845kNWAo6mwze/sOKBZEkQqqvO/Vd aIoIkjDGo9hXjqMXPQr8evJcj8aBLQgV5zLDhBc831+W2mFVk/dIxxEzt2XJQQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1745469345; a=rsa-sha256; cv=none; b=LztvrfTcDC1Szpk0TdOJw4XU9XDzXH1XzlH8uLtrjP/zzS4B0Fu3oksaZJGa8s91a24OQl 3ojBxi8LR0VV6PtH/TeaWyxao8I3RPWViOh8y8j+5H+lWPylz5wxK/cMkfvBKjDi5jEMGn gL9K3WTslRR1oLvwzrz5tXEO2tLFHWad/bCM0K8MASD8Tv06/tIBYgN4OQZ6tFP7TNvgT0 nSRzw/S40cuWpRfjUO1vJAPhP4uYPCVfqK8VZR7fCDNAcRgKhBNt+5Ke+cwh+KgcD5zqTr sEYqi/UFx6eb6i8PQnC5MZxdqXYGQY9hBHVjQeu0anTRnMFmM9Dos4XS7YHIIQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1745469345; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=faR82Vf/+Qq2gpkHiNQ5u8djTxG6xCi0nxgyvD5sbK8=; b=aFqxfqXlPiksQdGbbzEJyRs/Ijco6ht28WSbhk8UOlyQdlvK6GdmumBYnWPoFH2MAlGw/M lSieEc/MFBBWGuOMyIpcPC9nyynlpLpf0rCEt2MM22oaR17Nr8no+bfivGG0z0qshiKRCt yLb5VJdlLLb2ScZLLusYdublZGcB2e3qSVgu6CBEZAJqcJhjjUCnKkQP1Tc6dAaLZ1IVG+ TKjiUeEPjdBSvFphoBHR1qUo/XmVwJcSLkjHUTL5wjSPEH8itLrxtSKteB1Zibh245MdQ/ D3bcGSO2kRKFciljTgAwhbGiBnJNzz7JSfTBeAnvHNbBhJ34k8FDuXAuEaf2sQ== Received: from ragweed.eden.le-fay.org (ragweed.eden.le-fay.org [IPv6:2001:8b0:aab5:c401:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: ivy/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4Zjjp86FWLz10vV; Thu, 24 Apr 2025 04:35:44 +0000 (UTC) (envelope-from ivy@FreeBSD.org) Date: Thu, 24 Apr 2025 05:35:41 +0100 From: Lexi Winter To: Gordon Tetlow Cc: freebsd-pkgbase@freebsd.org Subject: Re: Splitting critical libraries from interactive shell in runtime package Message-ID: References: <015C4C6B-1CEC-4398-A8B9-CE21E88C617C@tetlows.org> List-Id: Packaging the FreeBSD base system List-Archive: https://lists.freebsd.org/archives/freebsd-pkgbase List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pkgbase@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Y+5PulfOtRdoPKFF" Content-Disposition: inline In-Reply-To: <015C4C6B-1CEC-4398-A8B9-CE21E88C617C@tetlows.org> --Y+5PulfOtRdoPKFF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Gordon Tetlow: > A while ago, I was playing around with building stripped down jails > based on pkgbase and noticed that /bin/sh and a whole host of > interactive commands is in the FreeBSD-runtime package.=20 > [...] > So, my proposal/question is, can we split out the critical libraries > from the shell and supporting commands in the runtime package so a > minimal jail could be properly built via pkgbase? i see no reason not to do this. FreeBSD-runtime is the default package that everything else gets lumped into if it hasn't been moved elsewhere, so there are definitely things in there that shouldn't be. however... i believe there is a general desire to not have a separate package for every single command, so you may need to put some thought into the most useful way to organise this. for example, perhaps it makes sense for FreeBSD-runtime to be a metapackage which depends on other required packages for a functional basic interactive system. you'd also need to make sure you don't break everyone's system when they upgrade and don't realise /bin/sh is in a different package that they neglected to install. > What needs to happen to make that work? the short version is you need to add PACKAGE=3Dxxx to the Makefiles for the things you want to move, and then add dependencies in release/packages/ for other packages which require /bin/sh, e.g. FreeBSD-rc. > Digging around, I found dfr@ asking about this in > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D273783. There seemed > to be agreement from manu@ that making a shell-free environment is a > good goal we can support. as i write this, Bugzilla seems to be offline, buf if there's an existing PR i trust that some people have already brought up some of the obvious issues that come to mind. --Y+5PulfOtRdoPKFF Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQSyjTg96lp3RifySyn1nT63mIK/YAUCaAm/nAAKCRD1nT63mIK/ YO5fAQCbPmcNYfALjU+97miUuRtBvqRSh3k0708vjgynxfFnzwD/ZcdXhiDYOoL4 CyablTaPIubFa//dBGI6lQyc2o7KYwU= =1hGn -----END PGP SIGNATURE----- --Y+5PulfOtRdoPKFF--