Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: remove "extras" packages from factory #2666

Open
mauromorales opened this issue Jun 26, 2024 · 3 comments
Open

feat: remove "extras" packages from factory #2666

mauromorales opened this issue Jun 26, 2024 · 3 comments
Labels
enhancement New feature or request triage Add this label to issues that should be triaged and prioretized in the next planning call

Comments

@mauromorales
Copy link
Member

mauromorales commented Jun 26, 2024
edited
Loading

When a user with BYOI passes their base image through the factory, we should only install packages required by kairos to function. No "extras" should be added like nano, vim, or anything else that the user did not request.

IMO we should split images/Dockerfile.ubuntu into something like images/Dockerfile.ubuntu-factory and images/Dockerfile.ubuntu-base (or a better name) where the former only contains packages that are required to convert any image into a Kairos distro, while the latter will be used as --BASE_IMAGE=ubuntu-base.
@mauromorales mauromorales added enhancement New feature or request triage Add this label to issues that should be triaged and prioretized in the next planning call labels Jun 26, 2024
@jimmykarily
Copy link
Contributor

Crazy idea (?) : implement a very lightweight editor in kairos-agent and get rid of all others.

@jimmykarily
Copy link
Contributor

@antongisli how important is this? I mean, is there a security audit or something that needs this to be addressed?

@antongisli
Copy link
Contributor

There should be an option to have NO editor.
Production systems should not have editors on them, period. I understand for development it's useful, but once design is finished, those systems should be hardened. No audit - just security best practice and pretty much what any vendor does for edge devices

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request triage Add this label to issues that should be triaged and prioretized in the next planning call
Projects
🧙Issue tracking board
Status: No status
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mauromorales @jimmykarily @antongisli