Talk:Incus: Difference between revisions
Latest comment: 8 December by Adamcstephens in topic Issues with squashfs
→Issues with squashfs: Reply |
→Issues with squashfs: Reply |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 7: | Line 7: | ||
:No, this needs to be properly fixed in the squashfs image. [[User:Adamcstephens|Adamcstephens]] ([[User talk:Adamcstephens|talk]]) 15:02, 8 December 2024 (UTC) | :No, this needs to be properly fixed in the squashfs image. [[User:Adamcstephens|Adamcstephens]] ([[User talk:Adamcstephens|talk]]) 15:02, 8 December 2024 (UTC) | ||
:https://github.com/NixOS/nixpkgs/pull/363247 [[User:Adamcstephens|Adamcstephens]] ([[User talk:Adamcstephens|talk]]) 15:19, 8 December 2024 (UTC) | :https://github.com/NixOS/nixpkgs/pull/363247 [[User:Adamcstephens|Adamcstephens]] ([[User talk:Adamcstephens|talk]]) 15:19, 8 December 2024 (UTC) | ||
::Cool, thanks! I’m still unsure why we would advise people to use the squashfs instead of the tarball (like Hydra seems to be doing for producing the images published on the linux-containers image server), but at least the fix in permissions should fix the SSH service. [[User:Sephi|Sephi]] ([[User talk:Sephi|talk]]) 16:02, 8 December 2024 (UTC) | |||
:::squashfs is preferred because it's quicker to build and extract, as it operates in parallel across cores. You're welcome to use the tarball, but in general working with squashfs provides a better experience. [[User:Adamcstephens|Adamcstephens]] ([[User talk:Adamcstephens|talk]]) 18:13, 8 December 2024 (UTC) | |||
:::Also the linux containers project seems to favor squashfs, so we're also following their lead. We previously provided them tarballs before squashfs was available, and I think they were re-packing into squashfs anyway. :) [[User:Adamcstephens|Adamcstephens]] ([[User talk:Adamcstephens|talk]]) 18:16, 8 December 2024 (UTC) | |||
Latest revision as of 18:16, 8 December 2024
Issues with squashfs
The instructions to create an LXC container result in a / partition that has 0777 permissions. This is probably not a good idea from a security perspective, and it also prevents SSH from working correctly (it will refuse to read keys from /etc/ssh/authorized_keys.d).
Using `nix build .#nixosConfigurations.container.config.system.build.tarball --print-out-paths` instead of `nix build .#nixosConfigurations.container.config.system.build.squashfs --print-out-paths` fixes the issue for me. Maybe this should be updated? Sephi (talk) 12:38, 8 December 2024 (UTC)
- No, this needs to be properly fixed in the squashfs image. Adamcstephens (talk) 15:02, 8 December 2024 (UTC)
- https://github.com/NixOS/nixpkgs/pull/363247 Adamcstephens (talk) 15:19, 8 December 2024 (UTC)
- Cool, thanks! I’m still unsure why we would advise people to use the squashfs instead of the tarball (like Hydra seems to be doing for producing the images published on the linux-containers image server), but at least the fix in permissions should fix the SSH service. Sephi (talk) 16:02, 8 December 2024 (UTC)
- squashfs is preferred because it's quicker to build and extract, as it operates in parallel across cores. You're welcome to use the tarball, but in general working with squashfs provides a better experience. Adamcstephens (talk) 18:13, 8 December 2024 (UTC)
- Also the linux containers project seems to favor squashfs, so we're also following their lead. We previously provided them tarballs before squashfs was available, and I think they were re-packing into squashfs anyway. :) Adamcstephens (talk) 18:16, 8 December 2024 (UTC)
- Cool, thanks! I’m still unsure why we would advise people to use the squashfs instead of the tarball (like Hydra seems to be doing for producing the images published on the linux-containers image server), but at least the fix in permissions should fix the SSH service. Sephi (talk) 16:02, 8 December 2024 (UTC)