Re: Support for merged-/usr now in debootstrap; default for stretch?

To: debian-boot@lists.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: Support for merged-/usr now in debootstrap; default for stretch?
From: Felipe Sateler <fsateler@debian.org>
Date: Wed, 14 Sep 2016 15:15:07 +0000 (UTC)
Message-id: <[🔎] nrbphq$7gn$1@blaine.gmane.org>
References: <[🔎] 871t0nv8np.fsf@deep-thought.43-1.org> <[🔎] nrbnch$ko0$1@blaine.gmane.org> <[🔎] 20160914145013.gatgyumrzki7oi2k@maredsous>

On Wed, 14 Sep 2016 16:50:13 +0200, Pierre Chifflier wrote:

> On Wed, Sep 14, 2016 at 02:38:09PM +0000, Felipe Sateler wrote:
>> On Tue, 13 Sep 2016 22:36:58 +0200, Ansgar Burchardt wrote:
>> 
>> > Hi,
>> > 
>> > debootstrap in unstable can now install with merged-/usr, that is
>> > with /bin, /sbin, /lib* being symlinks to their counterpart in /usr. 
>> > Run
>> > 
>> >   debootstrap --merged-usr testing .../testing
>> >   http://deb.debian.org/debian
>> > 
>> > to give it a try.
>> > 
>> > It has been previously suggested to make this the default for (at
>> > least)
>> > new installations.  I think Russ' earlier mail[1] explains quite well
>> > why the "split" between / and /usr doesn't really work out for Debian
>> > these days and that trying to maintain it for some configurations
>> > (which are not documented) is mostly busy-work.  There is also a nice
>> > article on LWN[2] summarizing earlier discussions.
>> > 
>> > I found these arguments convincing enough and would like to see the
>> > default switched to merged-/usr for Stretch and later.  Possibly also
>> > switching systems on upgrade to the new scheme (not necessarily
>> > already in the Stretch release cycle).
>> 
>> I agree that merging /usr is a good thing to do. We should default to
>> that, and at some point force the merge somehow (via the usrmerge
>> package?
>> ). Ideally, stretch systems that are fresh-installed should have the
>> same configuration as stretch-upgraded systems, otherwise confusion
>> will ensue.
>> 
>> 
> Hi,
> 
> Except that breaks having different mount points, which is useful to
> enforce different mount options (my /usr is nodev,ro).

You seem to misunderstand. The proposal is to move everything from /bin, /
sbin, /lib{,64,32,...} into /usr/$dir. It does not prevent having /usr in 
a separate partition.

Please see the references in Ansgar's original mail.

> Does this mean this cannot be supported anymore ? It would be a step
> backward, security-speaking, if split /usr does not work at all.

Split /usr is still supported, but it has to be mounted by the initramfs. 
All initramfs providers in debian do so for stretch. Even more, having a 
split /usr that is not mounted by the initramfs is not supported:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830829

-- 
Saludos,
Felipe Sateler

Reply to:

References:
- Support for merged-/usr now in debootstrap; default for stretch?
  - From: Ansgar Burchardt <ansgar@debian.org>
- Re: Support for merged-/usr now in debootstrap; default for stretch?
  - From: Felipe Sateler <fsateler@debian.org>
- Re: Support for merged-/usr now in debootstrap; default for stretch?
  - From: Pierre Chifflier <pollux@debian.org>

Prev by Date: Re: Support for merged-/usr now in debootstrap; default for stretch?
Next by Date: Processing of debian-installer-netboot-images_20150422+deb8u4.b1_amd64.changes
Previous by thread: Re: Support for merged-/usr now in debootstrap; default for stretch?
Next by thread: Re: Support for merged-/usr now in debootstrap; default for stretch?
Index(es):
- Date
- Thread