From nobody Wed Jul 30 03:14:37 2025
X-Original-To: freebsd-pkgbase@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bsHQ25KFDz631J6
	for <freebsd-pkgbase@mlmmj.nyi.freebsd.org>; Wed, 30 Jul 2025 03:14:50 +0000 (UTC)
	(envelope-from pete@nomadlogic.org)
Received: from mail.nomadlogic.org (mail.nomadlogic.org [66.165.241.226])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bsHQ20n5Jz3bmq
	for <freebsd-pkgbase@freebsd.org>; Wed, 30 Jul 2025 03:14:49 +0000 (UTC)
	(envelope-from pete@nomadlogic.org)
Authentication-Results: mx1.freebsd.org;
	none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nomadlogic.org;
	s=04242021; t=1753845277;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=RNgiv7Y9XFTm0jhKLNgezD9X6Dix2Cocv5Nt3DElBCY=;
	b=jlztBF2TLjW5NLvnLMsSDM9TYAIdRM1NLIXB0FeW73EQ4Avb9ggOb4exnC4YN+lgqFPctV
	RikLHYRbvVdYA4Oa2H6WjSjSh9X3XQN1CFWWVgfAUWC0XyliBkBXQ8nGtvFL6EXoQcR5K8
	9DWE8iAkrn8CXqh96H8ylrTBet6yLag=
Received: from [192.168.1.182] (47-150-35-101.fdr01.snmn.ca.ip.frontiernet.net [47.150.35.101])
	by mail.nomadlogic.org (OpenSMTPD) with ESMTPSA id 4aa7dd13 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
	Wed, 30 Jul 2025 03:14:37 +0000 (UTC)
Message-ID: <05e21800-f283-4d78-922d-76d9a9aad2d0@nomadlogic.org>
Date: Tue, 29 Jul 2025 20:14:37 -0700
List-Id: Packaging the FreeBSD base system <freebsd-pkgbase.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-pkgbase
List-Help: <mailto:freebsd-pkgbase+help@freebsd.org>
List-Post: <mailto:freebsd-pkgbase@freebsd.org>
List-Subscribe: <mailto:freebsd-pkgbase+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-pkgbase+unsubscribe@freebsd.org>
Sender: owner-freebsd-pkgbase@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: PKGBASE Removes FreeBSD Base System Feature
To: Shawn Webb <shawn.webb@hardenedbsd.org>, vermaden <vermaden@interia.pl>
Cc: freebsd-pkgbase@freebsd.org
References: <gblzvammhkzqxmwduyap@vpbk>
 <na7zou5skn2rcvyoigjgnnlzaomqsx23aj7dq3epq5ds65cu4y@ukgxp5zsj7j7>
Content-Language: en-US
From: Pete Wright <pete@nomadlogic.org>
In-Reply-To: <na7zou5skn2rcvyoigjgnnlzaomqsx23aj7dq3epq5ds65cu4y@ukgxp5zsj7j7>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4bsHQ20n5Jz3bmq
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:29802, ipnet:66.165.240.0/22, country:US]



On 7/29/25 19:18, Shawn Webb wrote:
> On Wed, Jul 30, 2025 at 02:28:35AM +0200, vermaden wrote:
>> Hi,
>>
>> after short discussion here:
>> - https://github.com/freebsd/pkg/issues/2485
>>
>> I got REALLY concerned.
>>
>> One of THE features and selling points of a FreeBSD UNIX system is the 'untouchable' Base System.
>>
>> Without PKGBASE all the features are preserved.
>>
>> But when You convert to PKGBASE its ... GONE!
>>
>> Consider this command:
>>
>> # pkg delete -af
>>
>> What it does?
>>
>> It removes all third party packages on 'classic' FreeBSD system without touching the FreeBSD Base System.
>>
>> What the same "pkg delete -af" command does on a PKGBASE FreeBSD system?
>>
>> It kills/destroys almost all of the FreeBSD Base System and leaves only two PKGBASE packages called:
>>
>> - FreeBSD-clibs
>> - FreeBSD-runtime
>>
>> All the rest of Base System is GONE. Destroyed.
> 
> Hey vermaden,
> 
> As mentioned in the GitHub ticket, it appears there might be some room
> for discussion on which base packages ought to be marked vital and if
> the current list (of two) should be expanded.
> 
> I suspect there could also be room for discussion on technical
> measures pkg could adopt to help mitigate issues like this.
> 
> I myself don't have much in the way of suggestions on either topic of
> discussion. I'm simply hoping this email moves the needle forward in a
> positive direction.

Fortunately pkgbase doesn't seem to be changing what is IMHO the real 
differentiator of BSD - the fact that the tools, userland and kernel are 
all part of one coherent development process.  This feels like a natural 
progression to me.

To the original point of ensuring you can't nuke the entire base system 
by accident.  one idea i didn't see on the github thread (apologies if i 
missed it) is adding a config parameter to the repo config.  So perhaps 
a FreeBSD-base.conf could look like so:


FreeBSD-base: {
   url: "pkg+https://pkg.FreeBSD.org/${ABI}/base_release_3",
   mirror_type: "srv",
   signature_type: "fingerprints",
   fingerprints: "/usr/share/keys/pkg",
   enabled: yes
   protected: yes
}

where "protected" would prevent packages from getting outright deleted? 
I could even see this getting extended to private repo configs - for 
example i may want to make sure people can't uninstall the software i 
deploy to my site using our internal repo.

-pete

-- 
Pete Wright
pete@nomadlogic.org