From: jarl.gullberg@visar-systems.com   
      
   Package: zfs-linux   
   Severity: wishlist   
      
   Dear Maintainer,   
      
   I would like to open a discussion around providing prebuilt kernel   
   modules for ZFS in Debian to better support a few specific use cases.   
      
   Right now, the only option for stable usage of ZFS is through zfs-dkms   
   which necessitates the installation of a full build system such that the   
   module can be built dynamically. This is pretty normal and works well.   
      
   However, there are use cases where a full build system is either not   
   feasible or not permitted - for example, building ZFS at runtime during   
   installation is not very practical and hinders the ability for users to   
   run ZFS-on-root in Debian systems. It's still doable, of course, but   
   there are extra steps needed to build the modules ahead of time such   
   that they can be included in a custom installer.   
      
   Additionally, having a full build system installed can be a security   
   risk for high-criticality environments (which is the angle I'm   
   approaching this from) where a common goal is to minimize the number of   
   installed tools to reduce potential attack surface. The ability for an   
   attacker to compile code locally on a machine is of particular use for   
   obvious reasons.   
      
   As such, I'd like to explore if it's feasible for the zfs-linux package   
   to start providing prebuilt modules in zfs-modules- packages - the   
   basic requirements appears to already be there in the debianized   
   source (both for normal systems and d-i), and it's just not being used.   
      
   I am unsure if there are any Debian policy blockers for doing this, so   
   I'd love to be enlightened there. There should not be any licensing   
   problems with respect to the CDDL, as the module would be distributed   
   entirely separately from the kernel same as the DKMS sources are today.   
      
   Is this something that could be explored?   
      
   -- System Information:   
   Debian Release: 13.2   
     APT prefers stable-updates   
     APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,   
   'stable')   
   Architecture: amd64 (x86_64)   
      
   Kernel: Linux 6.12.57+deb13-amd64 (SMP w/2 CPU threads; PREEMPT)   
   Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=locale: Cannot set   
   LC_ALL to default locale: No such file or directory   
   UTF-8), LANGUAGE=en_US:en   
   Shell: /bin/sh linked to /usr/bin/dash   
   Init: systemd (via /run/systemd/system)   
   LSM: AppArmor: enabled   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)