Talk:Incus: Difference between revisions
Latest comment: 8 December by Adamcstephens in topic Issues with squashfs
→Issues with squashfs: Reply |
→Issues with squashfs: Reply |
||
Line 8: | Line 8: | ||
:https://github.com/NixOS/nixpkgs/pull/363247 [[User:Adamcstephens|Adamcstephens]] ([[User talk:Adamcstephens|talk]]) 15:19, 8 December 2024 (UTC) | :https://github.com/NixOS/nixpkgs/pull/363247 [[User:Adamcstephens|Adamcstephens]] ([[User talk:Adamcstephens|talk]]) 15:19, 8 December 2024 (UTC) | ||
::Cool, thanks! I’m still unsure why we would advise people to use the squashfs instead of the tarball (like Hydra seems to be doing for producing the images published on the linux-containers image server), but at least the fix in permissions should fix the SSH service. [[User:Sephi|Sephi]] ([[User talk:Sephi|talk]]) 16:02, 8 December 2024 (UTC) | ::Cool, thanks! I’m still unsure why we would advise people to use the squashfs instead of the tarball (like Hydra seems to be doing for producing the images published on the linux-containers image server), but at least the fix in permissions should fix the SSH service. [[User:Sephi|Sephi]] ([[User talk:Sephi|talk]]) 16:02, 8 December 2024 (UTC) | ||
:::squashfs is preferred because it's quicker to build and extract, as it operates in parallel across cores. You're welcome to use the tarball, but in general working with squashfs provides a better experience. [[User:Adamcstephens|Adamcstephens]] ([[User talk:Adamcstephens|talk]]) 18:13, 8 December 2024 (UTC) |
Revision as of 18:13, 8 December 2024
Issues with squashfs
The instructions to create an LXC container result in a / partition that has 0777 permissions. This is probably not a good idea from a security perspective, and it also prevents SSH from working correctly (it will refuse to read keys from /etc/ssh/authorized_keys.d).
Using `nix build .#nixosConfigurations.container.config.system.build.tarball --print-out-paths` instead of `nix build .#nixosConfigurations.container.config.system.build.squashfs --print-out-paths` fixes the issue for me. Maybe this should be updated? Sephi (talk) 12:38, 8 December 2024 (UTC)
- No, this needs to be properly fixed in the squashfs image. Adamcstephens (talk) 15:02, 8 December 2024 (UTC)
- https://github.com/NixOS/nixpkgs/pull/363247 Adamcstephens (talk) 15:19, 8 December 2024 (UTC)
- Cool, thanks! I’m still unsure why we would advise people to use the squashfs instead of the tarball (like Hydra seems to be doing for producing the images published on the linux-containers image server), but at least the fix in permissions should fix the SSH service. Sephi (talk) 16:02, 8 December 2024 (UTC)
- squashfs is preferred because it's quicker to build and extract, as it operates in parallel across cores. You're welcome to use the tarball, but in general working with squashfs provides a better experience. Adamcstephens (talk) 18:13, 8 December 2024 (UTC)
- Cool, thanks! I’m still unsure why we would advise people to use the squashfs instead of the tarball (like Hydra seems to be doing for producing the images published on the linux-containers image server), but at least the fix in permissions should fix the SSH service. Sephi (talk) 16:02, 8 December 2024 (UTC)