Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support usrmerged /bin and /sbin #1477

Closed
wants to merge 1 commit into from
Closed

support usrmerged /bin and /sbin #1477

wants to merge 1 commit into from

Conversation

mythi
Copy link

@mythi mythi commented Dec 7, 2023

Distros are adopting the merged /usr directories scheme where the /{bin,sbin,lib}/ directories are made symbolic links to /usr/{bin,sbin,lib}/.

There are use cases where this could be justified for Distroless as well. For example, a statically built Busybox/Toybox w/ built-in shell can be installed to /usr/bin and still have the typical shellscript shebangs (/bin/sh or /bin/bash) working.

However, Debian 11/12 base packages (base-files, libc6 etc) do not support the merged /usr so it's not very straightfoward to enable for Distroless.

One approach to support this for /bin/ and /sbin is to create a layer with whiteouts and symlinks. Tests are also added to ensure any Distroless image flavor does not overwrite the symlinks created in that lower layer.

@mythi
support usrmerged /bin and /sbin
d8c5261 
Distros are adopting the merged /usr directories scheme where the /{bin,sbin,lib}/
directories are made symbolic links to /usr/{bin,sbin,lib}/.

There are use cases where this could be justified for Distroless
as well. For example, a statically built Busybox/Toybox w/ built-in
shell can be installed to /usr/bin and still have the typical
shellscript shebangs (/bin/sh or /bin/bash) working.

However, Debian 11/12 base packages (base-files, libc6 etc) do not
support the merged /usr so it's not very straightfoward to enable
for Distroless.

One approach to support this for /bin/ and /sbin is to create a
layer with whiteouts and symlinks. Tests are also added to ensure
any Distroless image flavor does not overwrite the symlinks created
in that lower layer.

Signed-off-by: Mikko Ylinen <[email protected]>
@loosebazooka
Copy link
Member

I think we can modify the deb package processor to be merge file system aware. But we'd start to get into very strange territory. What we'd ideally want to do is prevent ALL layers from writing to /bin and /sbin and force the build config to ensure this never happens.

@mythi
Copy link
Author

mythi commented Dec 7, 2023

But we'd start to get into very strange territory.

Yup, agreed. I'm currently testing one idea on my side to workaround the limitation so maybe I'm able to sort this out without any Distroless changes needed after all. Just wanted to share this draft since I had it ready.

@mythi
Copy link
Author

mythi commented Dec 12, 2023

For me, #!/usr/bin/env bash worked so I think I'll just close this one. Perhaps it's fine to keep #1393 open for tracking purposes since I think the ask makes sense.

@mythi mythi closed this Dec 12, 2023
@loosebazooka
Copy link
Member

Yeah unfortunately it's a rather annoying problem given our build

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mythi @loosebazooka