zeha
commented
9 months ago @mika I think nowadays klibc-utils should be okay enough? Do we want to keep busybox for initramfs?
Closed adrelanos closed 9 months ago
zeha
commented
9 months ago @mika I think nowadays klibc-utils should be okay enough? Do we want to keep busybox for initramfs?
mika
commented
9 months ago Hm good point, I think the actual tools like cryptsetup which rely on busybox in initramfs stage have busybox as dependency anyways, so let's give this a try. :)
(Sorry for the delay, Q4 madness)
busybox had some security vulnerabilities. I didn't check how severe these were or how to exploit there. However, busybox doesn't seem to be a a critically required dependency for a fully functional image. At least if using dracut.
So lets move it from being hardcoded in chroot-script to the local packages files.
Happy to send a PR. Seems to be a trivial change.
Waiting with the PR until https://github.com/grml/grml-debootstrap/pull/236 is merged otherwise there would be a merge conflict.