Porchlight exposed two dependency classes that Muster patterns should make explicit instead of leaving to downstream appliance debugging.
Observed cases:
- T2R6/Home Assistant MQTT bridge needed the real broker adapter package (
mosquitto-clients for mosquitto_pub) installed and doctor-verified when real publishing is enabled.
- LAN scanner services needed scanner packages (
nmap, arp-scan) installed by the lifecycle capsule.
- Scanner unit hardening also needed protocol-family capability guidance:
ip -j route/addr/neigh requires AF_NETLINK under systemd RestrictAddressFamilies; ARP discovery needs AF_PACKET; raw scanner paths may need CAP_NET_RAW/CAP_NET_ADMIN.
Pattern takeaway:
Muster patterns should include a machine-checkable dependency/capability contract, not just service/timer shapes. For each pattern or composed appliance bundle, declare:
- required packages by distro family,
- optional package gates,
- doctor checks for enabled adapters,
- systemd sandbox/capability requirements,
- failure wording for missing dependencies or blocked capabilities.
This would have prevented Porchlight from reaching a state where MQTT autodiscovery or LAN observation looked like application bugs but were actually undeclared package/sandbox dependencies.
Porchlight exposed two dependency classes that Muster patterns should make explicit instead of leaving to downstream appliance debugging.
Observed cases:
mosquitto-clientsformosquitto_pub) installed and doctor-verified when real publishing is enabled.nmap,arp-scan) installed by the lifecycle capsule.ip -j route/addr/neighrequiresAF_NETLINKunder systemdRestrictAddressFamilies; ARP discovery needsAF_PACKET; raw scanner paths may needCAP_NET_RAW/CAP_NET_ADMIN.Pattern takeaway:
Muster patterns should include a machine-checkable dependency/capability contract, not just service/timer shapes. For each pattern or composed appliance bundle, declare:
This would have prevented Porchlight from reaching a state where MQTT autodiscovery or LAN observation looked like application bugs but were actually undeclared package/sandbox dependencies.