On Thu, Dec 19, 2024 at 09:53:27PM +0100, Chris Hofstaedtler wrote: > > > > In theory, if we don't want to explicitly install the package in d-i, > > > > another possibility might be to bump it to Priority: standard and let > > > > tasksel install it. I'm not sure what the tradeoffs might be that would > > > > drive the decision one way or another. > [..] > > > Regarding tasksel vs. Priority, the latter has a potential for a much > > > wider impact: lots of Debian system are installed without d-i and/or > > > tasksel, and most if not all would get the package via Priority. (Think > > > of all the tools building Debian images, chroots, containers, etc., on > > > top of debootstrap/mmdebstrap/etc.) > > > > I'm not sure it's the case that most of those other systems install > > Priority: standard. Debootstrap certainly doesn't by itself, and I > > don't think the debuerreotype tool for building OCI images does either. > > In any case, your point still stands. I'll re-assign this to general > > for now, and we can discuss the options in a broader context. > > We have a mechanism for installing iputils-ping into "most" systems, why > not use the same mechanism to install linux-sysctl-defaults? > > Systems that want iputils-ping likely also want > linux-sysctl-defaults.
Both iputils-ping and systemd declare Recommends on linux-sysctl-defaults. The expectation is very much that it's installed everywhere by default. The only reason it isn't today is that those packages are installed by deboostrap, which doesn't install Recommends. I believe that it's important for linux-sysctl-defaults to be part of the default installation except in unusual cases. In addition to the "make ping work" sysctl, it sets a number of other important sysctls that should be set by default (e.g. net.core.default_qdisc, fs.protected_symlinks, net.ipv4.conf.default.rp_filter and others). These are system-wide settings that we don't want changed with the installation of some package after the fact. There are at least a couple of ways we can accomplish this: * Raise the linux-sysctl-defaults priority to 'standard', which will get it installed by tasksel under d-i while still leaving it out of other debootstrapped installations (containers, etc) * Raise its priority to 'important', in which case debootstrap will install it And there are probably more. noah
