On Wed, Sep 28, 2011 at 05:35:46PM +0100, Stefan Hajnoczi wrote:
On Wed, Sep 28, 2011 at 1:19 PM, Richard W.M. Jones
<rjones(a)redhat.com> wrote:
> On Wed, Sep 28, 2011 at 11:14:57AM +0100, Stefan Hajnoczi wrote:
>> Does febootstrap-supermin-helper need to be dynamic or could
>> libguestfs create a /var/lib/guestfs/appliance-initramfs.gz on
>> install? Then libguestfs on the client can create the appliance
>> domain and point at that static initramfs file path.
>
> This is how the Debian package of libguestfs works (Hilko's official
> package, not my one).
>
> However this is troublesome because it means any security problem in a
> dependent program is baked into the appliance. Applying a security
> update to the host wouldn't update this libguestfs appliance. Compare
> this to the way febootstrap-supermin-helper normally works (eg
> upstream, Fedora and RHEL): the appliance is rebuilt whenever any
> change is noticed in a dependent program.
That sounds like a limitation in the packaging system.
If 'watch' hooks can be registered by the libguestfs package on its
dependencies, then it can rebuild itself every thing a dependency
changes. Or the low-tech way is for the libguestfs package maintainer
to create a new package each time its dependencies have updated -
Debian has a volatile repo for packages that change a lot.
At the end of the day we have this problem because the libguestfs
appliance is a distro built from the underlying distro itself :)!
RPM & dpkg both have trigger mechanisms. The Debian package doesn't
appear to use it for whatever reason. In the RPM we just don't use
triggers because the checksum method we're using is more convenient
and produces about the same result.
We could change this but I want to look at other alternatives as well.
In particular, using 9pfs might mean there's no need to explicitly
build a root appliance at all (but it needs some qemu changes).
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v