Page MenuHomeFreeBSD
Differential D52616

release: Don't install FreeBSD-caroot in the notoolchain image
AbandonedPublic
Actions

Authored by dfr on Fri, Sep 19, 1:56 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Oct 10, 1:33 PM
Unknown Object (File)
Mon, Oct 6, 9:24 PM
Unknown Object (File)
Fri, Oct 3, 5:24 PM
Unknown Object (File)
Thu, Oct 2, 2:16 AM
Unknown Object (File)
Tue, Sep 30, 8:54 AM
Unknown Object (File)
Sat, Sep 27, 5:24 PM
Unknown Object (File)
Sat, Sep 20, 11:30 AM
Unknown Object (File)
Sat, Sep 20, 5:30 AM
View All 12 Files
Subscribers
imp
jrtc27

Details

Reviewers
dch
cperciva
ivy
Summary

The certificates are already present since they were copied into the
static parent image.

If FreeBSD-caroot is installed, the post-install hook runs the host's
certctl to rehash. If the host is running FreeBSD-14, this results in
installing symbolic links. This is different from the FreeBSD-15 certctl
which copies the files and results in different image contents depending
on the build host.

MFC after: 1 day

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 67164
Build 64047: arc lint + arc unit

Event Timeline

dfr created this revision.Fri, Sep 19, 1:56 PM
Herald added subscribers: jrtc27, imp. · View Herald TranscriptFri, Sep 19, 1:56 PM
dfr requested review of this revision.Fri, Sep 19, 1:56 PM
Harbormaster completed remote builds in B67164: Diff 162412.Fri, Sep 19, 1:56 PM
dch accepted this revision.Thu, Sep 25, 9:30 AM
dch added a reviewer: ivy.

FreeBSD-caroot is in both minimal,minimal-jail package sets atm & that
seems (from a non-OCI jail perspective) to be the right thing to do.

If we are building these in re@ for release & snapshots, the build
hosts will always be newer. Does it matter for (a very small set of)
downstream users who build their own OCI containers from scratch,
that the image contents are slightly different?

i.e. if we don't land this, does anybody care other than us?

This revision is now accepted and ready to land.Thu, Sep 25, 9:30 AM
dch requested changes to this revision.Thu, Sep 25, 9:31 AM
This revision now requires changes to proceed.Thu, Sep 25, 9:31 AM
dfr added a comment.Thu, Sep 25, 3:50 PM
In D52616#1204489, @dch wrote:

i.e. if we don't land this, does anybody care other than us?

Its probably just me that cares about it to be honest. I came across the issue while diffing images built with the simpler layer-squashing script and the new layer preserving script. Releases are built in a chroot which matches the release so this problem only affects people like me who are taking shortcuts to reduce the iteration time while debugging.

dfr abandoned this revision.Wed, Oct 8, 2:32 PM

This issue does not affect the release building process and will resolve itself for me when I update my build host to stable/15

Revision Contents
Changeset List

PathSize
release/
tools/
1 line

Diff 162412

View Options

release/tools/oci-image-notoolchain.conf

Loading...