Poudriere in a jail

From TykWiki
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
  • Create a normal ezjail
  • Create a ZFS dataset for the jail
$ sudo zfs create -o jailed=on tyktank/poudriere
  • Change settings in ezjail config
export jail_poudriere_tyknet_dk_zfs_datasets="tyktank/poudriere"
export jail_poudriere_tyknet_dk_parameters="children.max=100 allow.mount allow.mount.tmpfs allow.mount.devfs allow.mount.procfs allow.mount.zfs allow.mount.nullfs allow.raw_sockets allow.socket_af allow.sysvipc allow.chflags enforce_statfs=1 ip6=inherit ip4=inherit"
  • Add needed kld modules to rc.conf (and load them manually)
kld_list="zfs aesni geom_mirror tmpfs linux linprocfs nullfs procfs fdescfs"
  • Install needed ports
$ sudo portmaster www/nginx ports-mgmt/poudriere
  • Create key and cert for signing packages
$ sudo mkdir -p /usr/local/etc/ssl/{keys,certs}
$ sudo chmod 0600 /usr/local/etc/ssl/keys
$ sudo openssl genrsa -out /usr/local/etc/ssl/keys/poudriere.key 4096
$ sudo openssl rsa -in /usr/local/etc/ssl/keys/poudriere.key -pubout -out /usr/local/etc/ssl/certs/poudriere.crt
  • Create /usr/local/etc/poudriere.conf with the following contents:
ZPOOL=tyktank
ZROOTFS=/poudriere
FREEBSD_HOST=ftp://ftp.dk.freebsd.org
RESOLV_CONF=/etc/resolv.conf
BASEFS=/usr/local/poudriere
USE_PORTLINT=no
USE_TMPFS=yes
DISTFILES_CACHE=/usr/ports/distfiles
PKG_REPO_SIGNING_KEY=/usr/local/etc/pki/poudriere/poudriere.key
NOLINUX=yes
BUILDER_HOSTNAME=poudriere.tyknet.dk

# https://gist.github.com/gynter/86ed7a6cae20927d6ef0
USE_MASTERMNT_HASH=yes
  • The last line is not a default setting but one that is neccesary due to path length restrictions combined with jails. To make it work apply the patch in the link above.
  • Create one or more jails for the versions you need to build for
sudo poudriere jail -c -j freebsd_10_3_amd64 -v 10.3-RELEASE
  • Create (one or more) ports tree. I name the default tree "default" and if I want to experiment with, say, one of the quarterly ports trees, I'd name it as such.
sudo poudriere ports -c -p default