[Bug 273783] pkgbase: The libraries currently contained in runtime and utilities should be split out

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273783

--- Comment #9 from dfr@rabson.org ---
I build a sequence of container images with two important ones early in the
sequence that explicitly avoid installing runtime. These are intended to
support static and dynamically linked workloads which don't need (or want)
shell access or any of the other binaries installed by runtime. This restricted
base serves to keep the download size and storage cost of the images as small
as possible as well as reducing the attack surface inside the container.

These workloads still need access to things like /etc/passwd and sometimes
/etc/termcap and I work around the packaging system to cherry pick the bits I
want from runtime. This means that later layers which do install runtime leave
things like /etc/master.passwd.pkgsave which I have to clean up. Probably
'fighting the packaging tools' is an exaggeration.

If splitting out all the libraries is a step too far, would there be an
objection to moving a few libs from runtime to clibs? Currently, I cherry pick
libz and libcrypt from the runtime package - these could move to clibs without
ballooning the package count.

-- 
You are receiving this mail because:
You are the assignee for the bug.