On Wed, Sep 28, 2011 at 1:19 PM, Richard W.M. Jones <rjones@redhat.com> wrote:
On Wed, Sep 28, 2011 at 11:14:57AM +0100, Stefan Hajnoczi wrote:
Does febootstrap-supermin-helper need to be dynamic or could libguestfs create a /var/lib/guestfs/appliance-initramfs.gz on install? Then libguestfs on the client can create the appliance domain and point at that static initramfs file path.
This is how the Debian package of libguestfs works (Hilko's official package, not my one).
However this is troublesome because it means any security problem in a dependent program is baked into the appliance. Applying a security update to the host wouldn't update this libguestfs appliance. Compare this to the way febootstrap-supermin-helper normally works (eg upstream, Fedora and RHEL): the appliance is rebuilt whenever any change is noticed in a dependent program.
That sounds like a limitation in the packaging system. If 'watch' hooks can be registered by the libguestfs package on its dependencies, then it can rebuild itself every thing a dependency changes. Or the low-tech way is for the libguestfs package maintainer to create a new package each time its dependencies have updated - Debian has a volatile repo for packages that change a lot. At the end of the day we have this problem because the libguestfs appliance is a distro built from the underlying distro itself :)! Stefan