release: switch OCI containers to use pkg sets
ClosedPublic
Actions

Authored by dch on Fri, Oct 10, 12:02 AM.

Details

Reviewers

ivy
dfr

Group Reviewers

releng

Commits

rGb84e5059dbdd: release: switch OCI containers to use pkg sets
rGa5b19a0cb9c4: release: switch OCI containers to use pkg sets

Summary

use minimal-jail in no-toolchain

results in the following packages, with *** for those that will
be cleaned up via another review

FreeBSD-at
FreeBSD-audit-lib
FreeBSD-bhyve
FreeBSD-blocklist
FreeBSD-bluetooth         ***
FreeBSD-bluetooth-lib     ***
FreeBSD-bmake
FreeBSD-bzip2
FreeBSD-bzip2-lib
FreeBSD-caroot
FreeBSD-certctl
FreeBSD-clibs
FreeBSD-cron
FreeBSD-ctf-lib
FreeBSD-devd
FreeBSD-dma
FreeBSD-fetch
FreeBSD-inetd
FreeBSD-ipf
FreeBSD-ipfw
FreeBSD-kerberos-lib
FreeBSD-kernel-man
FreeBSD-lib9p
FreeBSD-libarchive
FreeBSD-libbsdstat
FreeBSD-libcasper
FreeBSD-libcuse
FreeBSD-libevent1
FreeBSD-libexecinfo
FreeBSD-libldns
FreeBSD-libmagic
FreeBSD-libucl
FreeBSD-libvmmapi
FreeBSD-libyaml
FreeBSD-locales
FreeBSD-mandoc
FreeBSD-mtree
FreeBSD-natd
FreeBSD-ncurses
FreeBSD-netmap
FreeBSD-newsyslog
FreeBSD-openssl
FreeBSD-openssl-lib
FreeBSD-periodic
FreeBSD-pf
FreeBSD-pkg-bootstrap
FreeBSD-ppp               ***
FreeBSD-rc
FreeBSD-runtime
FreeBSD-set-minimal-jail
FreeBSD-sound             ***
FreeBSD-ssh
FreeBSD-syslogd
FreeBSD-tcpd
FreeBSD-telnet
FreeBSD-ufs-lib
FreeBSD-utilities
FreeBSD-vi
FreeBSD-xz
FreeBSD-xz-lib
FreeBSD-zfs
FreeBSD-zfs-lib
FreeBSD-zoneinfo

MFC after: 3 days

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

dch created this revision.Fri, Oct 10, 12:02 AM

Herald added subscribers: ivy, jrtc27, imp. · View Herald TranscriptFri, Oct 10, 12:02 AM

dch requested review of this revision.Fri, Oct 10, 12:02 AM

Harbormaster completed remote builds in B67684: Diff 163892.Fri, Oct 10, 12:02 AM

EDIT: it's probably FreeBSD-bhyve, so I'll drop that for the moment.

@ivy I haven't figured out how these packages get pulled in yet. Is it practical to drop these packages from whatever set includes them?

FreeBSD-bluetooth
FreeBSD-bluetooth-lib
FreeBSD-devd
FreeBSD-ppp
FreeBSD-sound

If not, I'm fine with this as is, its just ~ 2MiB total extra.

remove FreeBSD-bhyve, in the expectation that these packages
would no longer appear in the list.

That has not had the desired effect though, they're still present,
albeit pkg autoremove will clean them up.

Harbormaster completed remote builds in B67685: Diff 163893.Fri, Oct 10, 1:12 AM

In D53014#1211148, @dch wrote:

FreeBSD-devd

adding devd to set-minimal-jail was requested by @imp, on the basis that it's a general kernel event handling system, not specific to hardware devices.

FreeBSD-bluetooth
FreeBSD-bluetooth-lib
FreeBSD-ppp
FreeBSD-sound

sound is being added because utilities depends on it, because of shared objects in /usr/lib/virtual_oss that require libprivatesamplerate. this is a bug, i'll fix it (i probably just missed these when creating the sound package). sound depends on bluetooth, which depends on ppp. this is a separate bug: it's because libbluetooth is in bluetooth when it should be in bluetooth-lib.

it seems like you're missing a lot of stuff which is not toolchain-related, like for example bsnmp, csh, sendmail and yp. if that's intentional, the additional dependencies are not an issue with this diff and will be fixed later, so this looks fine.

This revision is now accepted and ready to land.Fri, Oct 10, 2:49 AM

I'm cool removing devd. I was cool having people add it back manually if need be.

In D53014#1211160, @imp wrote:

I'm cool removing devd. I was cool having people add it back manually if need be.

it's tiny (~90kB), so i think we should just leave it. it's useful for network configuration in jails and probably more stuff will use it over time.

thanks! I'm find with devd, it was the sound/bt stuff that was unexpected.

In D53014#1211157, @ivy wrote:

it seems like you're missing a lot of stuff which is not toolchain-related,
like for example bsnmp, csh, sendmail and yp. if that's intentional, the
additional dependencies are not an issue with this diff and will be fixed later, so this looks fine.

Yes I expect there will be very few users *needing* these things in a container.
It's trivial to add missing things later on, both as a user, when building images,
and to the images themselves if they're really necessary.

dch edited the summary of this revision. (Show Details)Fri, Oct 10, 9:58 AM

Trim commit msg

This revision now requires review to proceed.Fri, Oct 10, 10:00 AM

Harbormaster completed remote builds in B67690: Diff 163912.Fri, Oct 10, 10:00 AM

This revision was not accepted when it landed; it landed in state Needs Review.Fri, Oct 10, 3:52 PM

Closed by commit rGa5b19a0cb9c4: release: switch OCI containers to use pkg sets (authored by dch). · Explain Why

This revision was automatically updated to reflect the committed changes.

dch added a commit: rGa5b19a0cb9c4: release: switch OCI containers to use pkg sets.

dch added a commit: rGb84e5059dbdd: release: switch OCI containers to use pkg sets.Fri, Oct 10, 7:52 PM