From nobody Thu Apr 24 06:35:01 2025 X-Original-To: freebsd-pkgbase@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZjmS16Zdzz5tbj3 for ; Thu, 24 Apr 2025 06:35:13 +0000 (UTC) (envelope-from manu@bidouilliste.com) Received: from mx.blih.net (mx.blih.net [212.83.155.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZjmS12SSqz3kCg; Thu, 24 Apr 2025 06:35:13 +0000 (UTC) (envelope-from manu@bidouilliste.com) Authentication-Results: mx1.freebsd.org; none Received: from skull.home.blih.net (mwc0868.ftth.cust.milkywan.net [45.13.107.196]) by mx.blih.net (OpenSMTPD) with ESMTPSA id cd72661a (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Thu, 24 Apr 2025 06:35:05 +0000 (UTC) Date: Thu, 24 Apr 2025 08:35:01 +0200 From: Emmanuel Vadot To: Lexi Winter Cc: Gordon Tetlow , freebsd-pkgbase@freebsd.org Subject: Re: Splitting critical libraries from interactive shell in runtime package Message-Id: <20250424083501.71d047f2ecf04f29d4383062@bidouilliste.com> In-Reply-To: References: <015C4C6B-1CEC-4398-A8B9-CE21E88C617C@tetlows.org> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd15.0) List-Id: Packaging the FreeBSD base system List-Archive: https://lists.freebsd.org/archives/freebsd-pkgbase List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pkgbase@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:12876, ipnet:212.83.128.0/19, country:FR] X-Rspamd-Queue-Id: 4ZjmS12SSqz3kCg X-Spamd-Bar: ---- On Thu, 24 Apr 2025 05:35:41 +0100 Lexi Winter wrote: > Gordon Tetlow: > > A while ago, I was playing around with building stripped down jails > > based on pkgbase and noticed that /bin/sh and a whole host of > > interactive commands is in the FreeBSD-runtime package. > > [...] > > So, my proposal/question is, can we split out the critical libraries > > from the shell and supporting commands in the runtime package so a > > minimal jail could be properly built via pkgbase? > > i see no reason not to do this. FreeBSD-runtime is the default package > that everything else gets lumped into if it hasn't been moved elsewhere, > so there are definitely things in there that shouldn't be. Not anymore, FreeBSD-utilities is the default package for a long time now. > however... i believe there is a general desire to not have a separate > package for every single command, so you may need to put some thought > into the most useful way to organise this. for example, perhaps it > makes sense for FreeBSD-runtime to be a metapackage which depends on > other required packages for a functional basic interactive system. The rational for FreeBSD-runtime is that if you have it (and -clibs since it's a dep) you can boot to single user and have (almost ?) every tools needed to repair your system. > you'd also need to make sure you don't break everyone's system when they > upgrade and don't realise /bin/sh is in a different package that they > neglected to install. Yup, that's the main problem without pkg groups right now. > > What needs to happen to make that work? > > the short version is you need to add PACKAGE=xxx to the Makefiles for > the things you want to move, and then add dependencies in > release/packages/ for other packages which require /bin/sh, e.g. > FreeBSD-rc. > > > Digging around, I found dfr@ asking about this in > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273783. There seemed > > to be agreement from manu@ that making a shell-free environment is a > > good goal we can support. > > as i write this, Bugzilla seems to be offline, buf if there's an > existing PR i trust that some people have already brought up some of the > obvious issues that come to mind. -- Emmanuel Vadot