- install to $j/base
- create $j/etc $j/var $j/home $j/tmp $j/usrlocal etc
- null-ro mount $j/base to $j/root
- null-rw mount $j/etc to $j/root/etc
- null-rw mount $j/var to $j/root/var
- etc...
- when upgrade time, diff $j/etc against $j/base/etc to see what was edited and how
- upgrade $j/base
- copy $j/base to $j/etc and apply the patches for changed items
- things like var can be updated by running the var mtree over it
- things like home and stuff don't need to be upgraded
- Or just use mergemaster to maintain etc/ and that should take care of upgrading var/ during the next boot
Sources
Modify src.conf to support building specially pruned CDN Jail worlds by excluding unnecessary functionality
/etc/src.conf
.if defined(CDN_JAIL) # Kernel targets make no sense for CDN Jails .if make(buildkernel) || make(installkernel) || make(kernel) . error Kernels aren't used in CDN Jails! .endif # Avoid foot-shooting during installworld .if make(installworld) && !defined(DESTDIR) . error Define DESTDIR when using CDN_JAIL! .endif # Put the build artifacts in a different location, to support plural builds MAKEOBJDIRPREFIX?=/usr/obj/CDN_JAIL # Set to not build acpiconf(8), acpidump(8) and related programs. WITHOUT_ACPI=yes # Set to not build amd(8) and related programs. WITHOUT_AMD=yes # Set to not build apm(8), apmd(8) and related programs. WITHOUT_APM=yes # Set to not build programs and libraries related to ATM networking. WITHOUT_ATM=yes # Set to not build Bluetooth related kernel modules, programs and libraries. WITHOUT_BLUETOOTH=yes # Set to not build the boot blocks and loader. WITHOUT_BOOT=yes # Set to not build or install programs for operating floppy disk driver. WITHOUT_FLOPPY=yes # Set to not build freebsd-update(8). WITHOUT_FREEBSD_UPDATE=yes # Set to not build games. WITHOUT_GAMES=yes # Set to not build gpioctl(8) as part of the base system. WITHOUT_GPIO=yes # Set to not build programs and libraries related to IPX networking. # When set, it also enforces the following options: # WITHOUT_IPX_SUPPORT # WITHOUT_NCP WITHOUT_IPX=yes # Set to not build programs that support a legacy PC console; e.g. kbdcontrol(8) # and vidcontrol(8). WITHOUT_LEGACY_CONSOLE=yes # Set to not build lpr(1) and related programs. WITHOUT_LPR=yes # Set to not build programs and libraries related to NDIS emulation support. WITHOUT_NDIS=yes # Set to not build ntpd(8) and related programs. WITHOUT_NTP=yes # Set to not build pmccontrol(8) and related programs. WITHOUT_PMC=yes # Set to not build or install portsnap(8) and related files. WITHOUT_PORTSNAP=yes # Set to not build rescue(8). WITHOUT_RESCUE=yes # Set to not build routed(8) utility. WITHOUT_ROUTED=yes # Set to not build sendmail(8) and related programs. WITHOUT_SENDMAIL=yes # Set to not build syscons(4) support files such as keyboard maps, fonts, and # screen output maps. WITHOUT_SYSCONS=yes # Set to not build sysinstall(8) and related programs. WITHOUT_SYSINSTALL=yes # Set to not build USB-related programs and libraries. WITHOUT_USB=yes # Set to not build programs used for 802.11 wireless networks; especially # wpa_supplicant(8) and hostapd(8). When set, it also enforces the following # options: # WITHOUT_WIRELESS_SUPPORT WITHOUT_WIRELESS=yes # Additionally, disable compiler and binutils installation, but not building .if !make(toolchain) && !make(buildworld) # Set to not install programs used for program development, compilers, # debuggers, etc. # implies WITHOUT_BINUTILS, WITHOUT_CLANG, WITHOUT_CLANG_IS_CC, WITHOUT_GCC, # WITHOUT_GDB WITHOUT_TOOLCHAIN=yes # Set to not build cpp(1) WITHOUT_CPP=yes # Set to not build g++(1) and related libraries. It will also prevent building # of gperf(1) and devd(8). # implies WITHOUT_CLANG, WITHOUT_CLANG_IS_CC, WITHOUT_GROFF WITHOUT_CXX=yes .endif .endif
poudriere builds packages into jenga.den:/srv/www/root/packages/cdnjail-cdn/ using ports tree cdn and jail cdnjail
/usr/local/etc/poudriere.conf
ZPOOL=jenga FREEBSD_HOST=http://jenga.den.cyberleo.net # make release into /pub/FreeBSD/releases/amd64/amd64/9.1-RELEASE-CDNJAIL/ BASEFS=/poudriere DISTFILES_CACHE=/var/ports/distfiles # shared with host CCACHE_DIR=/poudriere/ccache export HTTP_PROXY=http://gateway.den.cyberleo.net:46565 export FTP_PROXY=http://gateway.den.cyberleo.net:46565 ALLOW_MAKE_JOBS=yes
portmaster ports-mgmt/poudriere devel/ccache www/lighttpd
This stuff goes on the ports-tree-less target box:
Using this method, /usr/ports MUST NOT EXIST WHATSOEVER OR PORTMASTER WILL BITCH AT YOU WITH AN UNINTELLIGIBLE ERROR MESSAGE THAT YOU WILL SPEND HOURS TRYING TO DEBUG BEFORE JUST DELETING THE DIRECTORY AND FUCK.
/usr/local/etc/portmaster.rc
# Look for INDEX-9.bz2 here
MASTER_SITE_INDEX=http://jenga.den.cyberleo.net/packages/cdnjail-cdn/
# Look for packages here; should point to the directory containing All, Latest, et alia
PACKAGESITE=${MASTER_SITE_INDEX}
# Store the downloaded packages here
PACKAGES=/%
# Use packages only; never try to use ports tree
PM_PACKAGES=only
# Use INDEX for port version information
PM_INDEX=yes
# Use only INDEX; never try to use ports tree
PM_INDEX_ONLY=pm_index_only
Install portmaster and cdn-base from newly configured repo
PACKAGESITE=http://jenga.den.cyberleo.net/packages/cdnjail-cdn/Latest/ pkg_add -r portmaster portmaster misc-cdn/cdn-base
Check that ports are up to date without updating anything
portmaster -an
Show root and leaf port origins on the current machine
portmaster --list-origins