[RFC] Reorganizing Linux packages

To: debian-kernel@lists.debian.org
Cc: deity@lists.debian.org
Subject: [RFC] Reorganizing Linux packages
From: Bastian Blank <waldi@debian.org>
Date: Sat, 30 Aug 2025 13:00:38 +0200
Message-id: <[🔎] 20250830110038.ig4sfx6l4l7yawdn@shell.thinkmo.de>
Mail-followup-to: debian-kernel@lists.debian.org, deity@lists.debian.org
Reply-to: debian-kernel@lists.debian.org

[Cc apt maintainers, as this interacts with the versioned package
support, reply-to kernel maintainers]

Hi

This is the plan to re-organize the Linux packages a bit, or maybe a
lot.

The goals are:
- Move packaged files out of `/boot`
- Replace extra cloud build with stripped down variant of the normal
  build
- Prepare for pre-built initramfs and/or UKI
- Remove hard dependency between headers and (bootable) image

Does this look sensible?

Bastian

## Implementation

### Move files away from `/boot`

All the packages files are moved to `/usr/lib/modules/6.17-amd64`.
`linux-base` will include scripts to copy them to `/boot` and provide the
current interface for bootloaders.

### Split modules out of `linux-image` package

Like the other distributions we should move all the modules into it's own
package, `linux-modules`.  We can then split this new package further in a
later change.

### Replace extra cloud build with stripped down variant

We currently build a special config for cloud environments.  This comes with
some downsides, like we currently disable DRM and force traditional framebuffer
drivers.

This should be replaced with a stripped down version of the normale variant.
It should specify possitivly which modules and dependencies should be included,
without need to change the config.

Currently we use this extra variant for CI builds.  We need to find another way
to do CI builds without exploiding build times.  Like stripping almost all
modules from the build.

### Convert `linux-image` package into kind of meta-package

The `linux-image` packages are the interface for users to install.  We need to
retain it in the function of installing a bootable kernel.

The files itself can be moved into a different package `linux-binary`.

### Re-do dependencies in `linux-headers`

We want to fulfill the following conditions:
- `linux-image` and `linux-headers` can be installed independent.
- If both are installed, they need to be of the same version.
- This needs to apply both to the unversioned meta-packages and the versioned
  real ones.

This can be done by introducing a marker package, prior art is `gcc-14-base`.

### Fulfill current apt view on versioned kernel packages

apt includes code to not remove packages related to the current running kernel.
It is done by matching `uname -r` to the end of the package name.

This means, for out stipped down cloud variant, we need to rename packages to
fulfill this requirement.

Any communication regarding a more forgivable way have stalled in
https://bugs.debian.org/1060109.

## Side effects

- Images will get uninstallable until signed packages are available by default
- Closes way back to module signing via secure boot key
- Unsigned image is not longer installable in a booting configuration

## Proposed package layout

| Package: linux-base-6.17-amd64
| Depends:
|  linux-base (>= 1),
| 
| Package: linux-image-6.17-amd64
| Depends:
|  linux-binary-6.17-amd64 (= ${Source-Version}),
|  linux-modules-6.17-amd64 (= ${Source-Version}),
| 
| Package: linux-image-cloud-6.17-amd64
| Depends:
|  linux-binary-6.17-amd64 (= ${Source-Version}),
|  linux-modules-cloud-6.17-amd64 (= ${Source-Version}),
| 
| Package: linux-binary-6.17-amd64
| 
| Package: linux-binary-uki-6.17-amd64
| Provides:
|  linux-binary-6.17-amd64 (= ${Source-Version}),
| Breaks:
|  linux-binary-6.17-amd64,
| 
| Package: linux-binary-unsigned-6.17-amd64
| 
| Package: linux-modules-6.17-amd64
| Depends:
|  linux-base-6.17-amd64 (= ${Source-Version}),
| 
| Package: linux-modules-cloud-6.17-amd64
| Depends:
|  linux-base-6.17-amd64 (= ${Source-Version}),
| Provides:
|  linux-modules-6.17-amd64 (= ${Source-Version}),
| Breaks:
|  linux-modules-6.17-amd64,
| 
| Package: linux-headers-6.17-amd64
| Depends:
|  linux-base-6.17-amd64 (= ${Source-Version}),
| 
| Package: linux-base-amd64
| 
| Package: linux-image-amd64
| Depends:
|  linux-base-amd64 (= ${Source-Version}),
|  linux-image-6.17-amd64 (= ${Source-Version}),
| 
| Package: linux-image-cloud-amd64
| Depends:
|  linux-base-amd64 (= ${Source-Version}),
|  linux-image-cloud-6.17-amd64 (= ${Source-Version}),
| 
| Package: linux-headers-amd64
| Depends:
|  linux-base-amd64 (= ${Source-Version}),
|  linux-headers-6.17-amd64 (= ${Source-Version}),
| 
| Package: linux-headers-cloud-amd64
| Depends:
|  linux-headers-amd64 (= ${Source-Version}),
-- 
Well, Jim, I'm not much of an actor either.

Reply to:

Follow-Ups:
- Re: [RFC] Reorganizing Linux packages
  - From: Antonio Russo <aerusso@aerusso.net>

Prev by Date: Bug#1112498: closed by Bastian Blank <waldi@debian.org> (Re: Bug#1112498: initramfs-tools: commit 0df1765e902e56d9698beacc1cc056f327ed58c2 halts reiser4 boot in new Trixie install)
Next by Date: Re: [RFC] Reorganizing Linux packages
Previous by thread: Bug#1112498: closed by Bastian Blank <waldi@debian.org> (Re: Bug#1112498: initramfs-tools: commit 0df1765e902e56d9698beacc1cc056f327ed58c2 halts reiser4 boot in new Trixie install)
Next by thread: Re: [RFC] Reorganizing Linux packages
Index(es):
- Date
- Thread