Package: zfs-linux Severity: wishlist Dear Maintainer,
I would like to open a discussion around providing prebuilt kernel modules for ZFS in Debian to better support a few specific use cases. Right now, the only option for stable usage of ZFS is through zfs-dkms which necessitates the installation of a full build system such that the module can be built dynamically. This is pretty normal and works well. However, there are use cases where a full build system is either not feasible or not permitted - for example, building ZFS at runtime during installation is not very practical and hinders the ability for users to run ZFS-on-root in Debian systems. It's still doable, of course, but there are extra steps needed to build the modules ahead of time such that they can be included in a custom installer. Additionally, having a full build system installed can be a security risk for high-criticality environments (which is the angle I'm approaching this from) where a common goal is to minimize the number of installed tools to reduce potential attack surface. The ability for an attacker to compile code locally on a machine is of particular use for obvious reasons. As such, I'd like to explore if it's feasible for the zfs-linux package to start providing prebuilt modules in zfs-modules-<KVER> packages - the basic requirements appears to already be there in the debianized source (both for normal systems and d-i), and it's just not being used. I am unsure if there are any Debian policy blockers for doing this, so I'd love to be enlightened there. There should not be any licensing problems with respect to the CDDL, as the module would be distributed entirely separately from the kernel same as the DKMS sources are today. Is this something that could be explored? -- System Information: Debian Release: 13.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.12.57+deb13-amd64 (SMP w/2 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=locale: Cannot set LC_ALL to default locale: No such file or directory UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
