Skip to content

Prepare for modular daemons, make granular installations possible, implement usr-merge

Andrea Bolognani requested to merge abologna/libvirt:modular-daemons into debian/latest

This is long overdue. Apologies for the wait.

Upstream libvirt has introduced modular daemons several years back. Their main advantage compared to a traditional, monolithic deployment is that each driver runs in a completely separate process, improving isolation. These days, modular daemons are considered the preferred way to deploy libvirt. Other distributions such as Fedora have already adopted them as the default. Debian is lagging behind.

Another area where Fedora is ahead of Debian is the granularity of its packages. Each driver is packaged separately, making it possible for a security-conscious admin to create a very minimal installation. For example KubeVirt, a popular project built on top of libvirt, only includes the QEMU driver in its container images, forgoing components that are part of a typical installation such as the network or storage drivers and thus minimizing their attack surface.

Both of these things would be valuable to have in Debian. This MR doesn't quite gets us there, but it bridges the gap when it comes to package granularity and sets the stage for later introducing modular daemons.

This requires reorganizing things quite a bit.

The primary issue with the approach to packaging libvirt currently used in Debian is that daemons and their configuration files are shipped in separate packages: respectively libvirt-daemon for the daemon itself, libvirt-daemon-system, libvirt-daemon-system-systemd and libvirt-daemon-system-sysv for its configuration. In a world where we ship more than a dozen daemons, this arrangement clearly doesn't scale.

The solution is quite obvious: ship the configuration together with the daemon. This has the additional positive effect of bringing libvirt in line with the rest of Debian, where the daemon/configuration split is uncommon if not entirely unique. We can also get rid of the systemd/sysv split, which was only introduced because of a tooling bug that has long since been resolved.

With the MR applied, each driver (and storage backend) comes in its own binary package, making granular installations possible. Modular daemons are still not shipped, but introducing them at this point should be fairly simple. (Famous last words!)

Care is taken to ensure that ownership of the various conffiles is transferred correctly between packages, that new binary packages are installed as needed, and in general that upgrades works as expected. I have tested upgrades from bookworm quite extensively, across three init systems: systemd, sysv and openrc. It all seems to work quite nicely at this point.

Last but not least, usr-merge is implemented. See #1064126 for information on how that transition interacts with the refactoring that makes up the bulk of this MR.

Merge request reports