Add systemd-container to additional-packages list #482
Conversation
As requested in [NAS-123533](https://ixsystems.atlassian.net/browse/NAS-123533).
|
Can one of the admins verify this patch? |
|
@Jip-Hop thanks a lot for the PR and the very detailed justification for wanting to add this to our base image. It allowed me to immediately understand all the reasons for why this change is being requested so I greatly appreciate it. Unfortunately, however, we're in the perpetual process of removing 3rd party packages/dependencies that our api does not actively use. We're really trying to pay off the proverbial "CVE technical debt" by shrinking our attack surface. Because of this fact, we will not be accepting this change. As an aside, I've found that you've written a VERY neat and interesting "jail" script that is run on SCALE that very clearly makes alterations to the base image that is not supported by us. I believe it's only natural to update your script to check for the existence of the systemd-container package and add it if it's not already included. This would at least allow that portion of the community to be able to continue using your solution 😄 NOTE: (I'm sure you're aware of how to do this already) But to add a package to scale, you'll need to |
|
Thanks for the compliment on the jail script! 😄 In my opinion it was more neat when it was 'living off the land' using the packages provided by default and interfering as little as possible. But I had already implemented the Are there any plans to progressively prevent adding a package to SCALE (like removing the package manager completely)? Since first it was just apt Do you have an idea why systemd-container was gone in the # TrueNAS-SCALE-23.10-MASTER-20230813-042924
# With systemd-container
admin@truenas[~]$ apt list '?any-version(?installed?depends(?exact-name(systemd-container)))'
Listing... Done
libnss-mymachines/bookworm,now 252.6-1 amd64 [installed,automatic]
libvirt-daemon-system-systemd/bookworm,now 9.0.0-4 all [installed,automatic]
admin@truenas[~]$ apt list '?any-version(?installed?depends(?exact-name(libnss-mymachines)))'
Listing... Done
admin@truenas[~]$ apt list '?any-version(?installed?depends(?exact-name(libvirt-daemon-system-systemd)))'
Listing... Done
libvirt-daemon-system/bookworm,now 9.0.0-4 amd64 [installed,automatic]
admin@truenas[~]$ apt list '?any-version(?installed?depends(?exact-name(libvirt-daemon-system)))'
Listing... Done
truenas/now 20230813053755~truenas+1 all [installed,local]But in According to the description of libvirt-daemon-system-systemd:
And the description of libvirt-daemon-system-sysv:
So somehow |
As planned in https://ixsystems.atlassian.net/browse/NAS-125733. Ticket is already closed even though systemd-container is not added explicitly as a package to install. It's currently only included in SCALE as [a transient dependency of libvirt-daemon-system](https://github.com/truenas/middleware/blob/release/24.04-BETA.1/debian/debian/control). See my previous attempt at this PR for more info: truenas#482.
As planned in https://ixsystems.atlassian.net/browse/NAS-125733. Ticket is already closed even though systemd-container is not added explicitly as a package to install. It's currently only included in SCALE as [a transient dependency of libvirt-daemon-system](https://github.com/truenas/middleware/blob/release/24.04-BETA.1/debian/debian/control). See my previous attempt at this PR for more info: truenas#482.
As planned in https://ixsystems.atlassian.net/browse/NAS-125733. Ticket is already closed even though systemd-container is not added explicitly as a package to install. It is currently only included in SCALE as [a transient dependency of libvirt-daemon-system](https://github.com/truenas/middleware/blob/release/24.04-BETA.1/debian/debian/control). See my previous attempt at this PR for more info: truenas#482.
As planned in https://ixsystems.atlassian.net/browse/NAS-125733. Ticket is already closed even though systemd-container is not added explicitly as a package to install. It is currently only included in SCALE as [a transient dependency of libvirt-daemon-system](https://github.com/truenas/middleware/blob/release/24.04-BETA.1/debian/debian/control). See my previous attempt at this PR for more info: truenas#482.
As planned in https://ixsystems.atlassian.net/browse/NAS-125733. Ticket is already closed even though systemd-container is not added explicitly as a package to install. It is currently only included in SCALE as [a transient dependency of libvirt-daemon-system](https://github.com/truenas/middleware/blob/release/24.04-BETA.1/debian/debian/control). See my previous attempt at this PR for more info: #482. (cherry picked from commit ab3b230)
As planned in https://ixsystems.atlassian.net/browse/NAS-125733. Ticket is already closed even though systemd-container is not added explicitly as a package to install. It is currently only included in SCALE as [a transient dependency of libvirt-daemon-system](https://github.com/truenas/middleware/blob/release/24.04-BETA.1/debian/debian/control). See my previous attempt at this PR for more info: #482. (cherry picked from commit ab3b230) (cherry picked from commit 7959521)
As requested in NAS-123533.
The systemd-container package, which provides the systemd-nspawn and machinectl commands, was included with SCALE releases prior to version 22.12.3. It was then gone for some releases and seems to be present again in a future version (tested with TrueNAS-SCALE-23.10-MASTER-20230813-042924).
This pull requests adds systemd-container to the list of additional-packages to be installed.
Reasons to include it in the list: