From nobody Fri Sep 15 09:31:10 2023 X-Original-To: pkgbase@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Rn87y3YC6z4sWtf for ; Fri, 15 Sep 2023 09:31:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Rn87y0Q4Rz4dC0 for ; Fri, 15 Sep 2023 09:31:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694770270; a=rsa-sha256; cv=none; b=fCv6ZRTZN0T5QoW6aoi5NJ01lHpGGQdz+/lw87Os/4lWotruDRZO2P0FEDEpfQBr6P5+B4 SV7Vx6ipFYEablgafrJ4sl1N/H1q61gjIe0SqoFU+hNHK6u2IaVt6zrFvWaoXGUYquXauP TXejVUmBG/nUqnOEQZrwqmbrG10CxJG6S2w2p7tL3UMRJ8Fa8v1450JVmAZzQ7faFHsy0A ZmwNfupZqH3qVBmEclBY1x2TUwpP6Rh7xU3bYekiLFPCzZVl9+qeMRrB8TT2wLYKgZyVOV Ddf4y9/i/tPStgoTnFhmRn5QZrJv3HuXKQelwrwQJf3yKQHG2iPIZs22QovxHQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694770270; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=U2pTKPQeLtJpucAEcjBlo/3Tezw6dJ5x1V209gpN5uE=; b=pfXO6dq0a8y2mLI2+Vvay0Fkjxl4GdIOH2mctPeiW7gTtg0KsubbiPRmIRxukgLL4MTYoH pmMWHDCkwOtno8hzQ7kfJdGGp+I4iXs4g4tmF75sXyeSmqND6WIXBJe1xYJNAbdXcFTFdb 01HaBCOQQecLs+MlF57QAQSD+SfzCFu/p+pw/wCUN6j2+gNG2BebKVQ37Qmb9f2r0gR1GQ qrjkFbS5Pin3y04a3lcKxt9mZjWFX5XaSfdelkpGKah2GEj6lYdIYzBzYokCQ29IHKwp0j AoojJU6hWwHbW53qvtLqDKnMu8/+EHsTyzX8Qj6pznDDaH52PZHp2CWvu3gVwg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Rn87x6d2Lz3fH for ; Fri, 15 Sep 2023 09:31:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 38F9V9Os081759 for ; Fri, 15 Sep 2023 09:31:09 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 38F9V9VE081758 for pkgbase@FreeBSD.org; Fri, 15 Sep 2023 09:31:09 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pkgbase@FreeBSD.org Subject: [Bug 273783] pkgbase: The libraries currently contained in runtime and utilities should be split out Date: Fri, 15 Sep 2023 09:31:10 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: 15.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: dfr@rabson.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pkgbase@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Packaging the FreeBSD base system List-Archive: https://lists.freebsd.org/archives/freebsd-pkgbase List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pkgbase@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D273783 --- Comment #9 from dfr@rabson.org --- I build a sequence of container images with two important ones early in the sequence that explicitly avoid installing runtime. These are intended to support static and dynamically linked workloads which don't need (or want) shell access or any of the other binaries installed by runtime. This restri= cted base serves to keep the download size and storage cost of the images as sma= ll as possible as well as reducing the attack surface inside the container. These workloads still need access to things like /etc/passwd and sometimes /etc/termcap and I work around the packaging system to cherry pick the bits= I want from runtime. This means that later layers which do install runtime le= ave things like /etc/master.passwd.pkgsave which I have to clean up. Probably 'fighting the packaging tools' is an exaggeration. If splitting out all the libraries is a step too far, would there be an objection to moving a few libs from runtime to clibs? Currently, I cherry p= ick libz and libcrypt from the runtime package - these could move to clibs with= out ballooning the package count. --=20 You are receiving this mail because: You are the assignee for the bug.=