Xen project Mailing List

Re: [PATCH test-artifacts v3 03/13] Add debian rootfs artifact

To: Anthony PERARD <anthony.perard@xxxxxxxxxx>

From: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>

Date: Wed, 15 Apr 2026 19:59:34 +0200

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=fm2 header.d=invisiblethingslab.com header.i="@invisiblethingslab.com" header.h="Cc:Content-Type:Date:From:In-Reply-To:Message-ID:MIME-Version:References:Subject:To"; dkim=pass header.s=fm2 header.d=messagingengine.com header.i="@messagingengine.com" header.h="Cc:Content-Type:Date:Feedback-ID:From:In-Reply-To:Message-ID:MIME-Version:References:Subject:To:X-ME-Proxy:X-ME-Sender"

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Wed, 15 Apr 2026 17:59:49 +0000

Feedback-id: i1568416f:Fastmail

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, Apr 15, 2026 at 11:50:38AM +0000, Anthony PERARD wrote: > I'm commenting on changes I found in the branch used by the pipeline > linked in the cover leter, since there's no copy on the mailing list of > the patch :-( (overzealous spam filter). > > > diff --git a/scripts/debian-rootfs.sh b/scripts/debian-rootfs.sh > > new file mode 100755 > > index 000000000000..7cb8a96e39c0 > > --- /dev/null > > +++ b/scripts/debian-rootfs.sh > ... > > +PKGS=( > > + # System > > + bridge-utils > > + dropbear > > + udev > > + systemd-sysv > > + iproute2 > > + inetutils-ping > > + util-linux > > + cpio > > Is `cpio` going to be used in dom0? The alpine rootfs don't have it. Alpine does have it, via busybox. That said, I don't see it used in any current test. > > +# don't need persistent logging, avoid journal flush service > > +rmdir var/log/journal > > I think this would better be done with: > > cat >> /etc/systemd/journald.conf.d/storage.conf <<EOF > [Journal] > Storage=volatile > EOF > > because I think systemd intend to change the behavior in future release, > and we are more explicit with a config file. +1 > > +# Create rootfs > > +cd / > > +{ > > + PATHS="bin etc home init lib lib64 mnt opt root sbin srv tmp usr var" > > + find $PATHS -print0 > > + echo -ne "dev\0proc\0run\0sys\0" > > +} | cpio -0 -H newc -o | gzip > "${COPYDIR}/rootfs.cpio.gz" > > You should add "-R0:0" to the `cpio` command, like we do for the alpine > rootfs. Hm, I'm not sure if that's a good idea. There are a few intentionally non-root files in Debian. Right now that is: -rw-r----- 1 root 42 496 Apr 1 01:08 etc/gshadow -rw-r----- 1 root 42 564 Apr 1 01:08 etc/shadow -rw-r----- 1 root 42 444 Apr 1 01:08 etc/gshadow- -rw-r----- 1 root 42 565 Apr 1 01:08 etc/shadow- -rwxr-sr-x 1 root 42 31256 Apr 19 2025 usr/bin/expiry -rwxr-sr-x 1 root 42 113848 Apr 19 2025 usr/bin/chage -rwsr-xr-- 1 root printadm 51272 Mar 8 2025 usr/lib/dbus-1.0/dbus-daemon-launch-helper -rwxr-sr-x 1 root 42 43256 Jun 29 2025 usr/sbin/unix_chkpwd drwxr-xr-x 2 systemd- systemd- 0 Apr 1 01:08 var/lib/systemd/network drwxr-xr-x 2 42 root 0 Apr 1 01:07 var/lib/apt/lists/auxfiles drwx------ 2 42 root 0 Apr 1 01:07 var/lib/apt/lists/partial drwxrwsr-x 2 root mem 0 Sep 8 2025 var/mail -rw-rw-r-- 1 root 43 0 Sep 8 2025 var/log/wtmp -rw-rw-r-- 1 root 43 0 Sep 8 2025 var/log/lastlog -rw-rw---- 1 root 43 0 Sep 8 2025 var/log/btmp -rw-r----- 1 root adm 31508 Apr 1 01:08 var/log/apt/term.log drwx------ 2 42 root 0 Apr 1 01:08 var/cache/apt/archives/partial While it _might_ not explode right now if we reset it to root, it may cause issues in the future (for example APT likes to run downloads as unprivileged user, with write access only to /var/lib/apt/lists/partial). -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab

Attachment: signature.asc
Description: PGP signature

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.