Inhaltsverzeichnis
Poudriere
This manual is based on FreeBSD 10.2/10.3. If you use an earlier version you must maybe start your jailname with a letter and not with a number.
Install
pkg install poudriere ccache
SSL Certificate and Key
mkdir -p /usr/local/etc/ssl/{keys,certs} chmod 0600 /usr/local/etc/ssl/keys openssl genrsa -out /usr/local/etc/ssl/keys/pkg.key 4096 openssl rsa -in /usr/local/etc/ssl/keys/pkg.key -pubout -out /usr/local/etc/ssl/certs/pkg.cert
Configure
cp /usr/local/etc/poudriere.conf.sample /usr/local/etc/poudriere.conf
We adapt the config to match our server configuration using ZFS, edit in the file the following options:
- /usr/local/etc/poudriere.conf
ZPOOL=zstorage FREEBSD_HOST=ftp://ftp.freebsd.org PKG_REPO_SIGNING_KEY=/usr/local/etc/ssl/keys/pkg.key CCACHE_DIR=/var/cache/ccache KEEP_OLD_PACKAGES=yes KEEP_OLD_PACKAGES_COUNT=3
Create Build Environment
I create a build environment for FreeBSD 10.3-RELEASE with arch AMD64:
poudriere jail -c -v 10.3-RELEASE -a amd64 -j 103amd64 poudriere jail -c -v 11.0-RELEASE -a amd64 -j 110amd64 poudriere jail -c -v 11.1-RELEASE -a amd64 -j 111amd64 poudriere jail -c -v 11.2-RELEASE -a amd64 -j 112amd64 poudriere jail -c -v 12.0-RELEASE -a amd64 -j 120amd64 poudriere jail -c -v 12.1-RELEASE -a amd64 -j 121amd64 poudriere jail -c -v 12.2-RELEASE -a amd64 -j 122amd64 poudriere jail -c -v 13.0-RELEASE -a amd64 -j 130amd64 poudriere jail -c -v 13.1-RELEASE -a amd64 -j 131amd64 poudriere ports -c -m svn poudriere ports -c -p gitlab_freebsd -m git poudriere ports -c -B branches/2018Q2 -p 2018Q2 -m svn poudriere ports -c -B branches/2018Q3 -p 2018Q3 -m svn poudriere ports -c -B branches/2018Q4 -p 2018Q4 -m svn poudriere ports -c -B branches/2019Q1 -p 2019Q1 -m svn poudriere ports -c -B branches/2019Q2 -p 2019Q2 -m svn poudriere ports -c -B branches/2019Q3 -p 2019Q3 -m svn poudriere ports -c -B branches/2019Q4 -p 2019Q4 -m svn poudriere ports -c -B branches/2020Q1 -p 2020Q1 -m svn poudriere ports -c -B branches/2020Q2 -p 2020Q2 -m svn poudriere ports -c -B branches/2020Q3 -p 2020Q3 -m svn poudriere ports -c -B branches/2020Q4 -p 2020Q4 -m svn poudriere ports -c -B branches/2021Q1 -p 2021Q1 -m svn poudriere ports -c -U https://git.freebsd.org/ports.git -m git -B main poudriere ports -c -U https://git.freebsd.org/ports.git -m git -B 2021Q2 -p 2021Q2 poudriere ports -c -U https://git.freebsd.org/ports.git -m git -B 2021Q3 -p 2021Q3 poudriere ports -c -U https://git.freebsd.org/ports.git -m git -B 2021Q4 -p 2021Q4 poudriere ports -c -U https://git.freebsd.org/ports.git -m git -B 2022Q1 -p 2022Q1 poudriere ports -c -U https://git.freebsd.org/ports.git -m git -B 2022Q2 -p 2022Q2 poudriere ports -c -U https://git.freebsd.org/ports.git -m git -B 2022Q3 -p 2022Q3
Make it accessible by ${ABI}
cd /usr/local/poudriere/data/packages/ ln -s 112amd64-default FreeBSD:11:amd64 ln -s 112amd64-gitlab FreeBSD:11:amd64-gitlab ln -s 121amd64-default FreeBSD:12:amd64 ln -s 121amd64-gitlab FreeBSD:12:amd64-gitlab ln -s 130amd64-default FreeBSD:13:amd64 ln -s 130amd64-gitlab FreeBSD:13:amd64-gitlab ln -s 131amd64-default FreeBSD:13:amd64 ln -s 131amd64-gitlab FreeBSD:13:amd64-gitlab
Configure Jail
The filename of the following configuration files will be build by JAILNAME-PORTNAME-SETNAME (see here also man poudriere). For JAILNAME we used 103amd64 and PORTNAME and SETNAME we have not defined so we have the following files available for configuration:
make.conf pkglist
Set some build options for the jail:
- /usr/local/etc/poudriere.d/make.conf
DEFAULT_VERSIONS=php=7.2 mysql=10.3m bdb=6 ssl=openssl111 pgsql=9.6 samba=4.8 WITH_BDB6_PERMITTED=1 WANT_OPENLDAP_SASL=yes WITH_MPM=event OPTIONS_UNSET=DEBUG DOCBOOK EXAMPLES OPTIONS_SET=proxy dav ssl ldap DISABLE_LICENSES=yes NO_LICENSES_INSTALL= yes NO_LICENSES_DIALOGS= yes LICENSES_ACCEPTED+=NONE
Define the ports we would like to build:
- /usr/local/etc/poudriere.d/pkglist
#databases/mariadb104-server databases/mariadb105-server databases/mongodb42 databases/mongodb-tools #www/apache24 security/py-htpasswd www/awstats www/webalizer net/p5-Geo-IP-PurePerl sysutils/goaccess shells/bash sysutils/beadm #dns/bind914 dns/bind916 security/clamav security/clamav-unofficial-sigs print/cups ftp/curl ftp/wget ftp/pure-ftpd ftp/proftpd ftp/tftp-hpa www/dokuwiki security/openssl mail/dovecot mail/dovecot-pigeonhole mail/fetchmail mail/getmail6 devel/git converters/p5-Encode devel/subversion devel/cvs #devel/viewvc devel/gitolite www/nginx www/fcgiwrap net/haproxy net/socat converters/base64 sysutils/hatop www/varnish4 #www/owncloud www/nextcloud graphics/pecl-imagick-im7 security/openvpn devel/pecl-xdebug devel/php-geshi devel/php-composer lang/php74 lang/php74-extensions www/wordpress german/hunspell textproc/en-hunspell www/smarty2 www/smarty3 #databases/phpmyadmin databases/phpmyadmin5 databases/phppgadmin #databases/adminer #www/gallery3 #devel/pecl-uploadprogress #www/pecl-twig print/pecl-pdflib devel/pear databases/pear-DB devel/pecl-jsmin www/drush #www/joomla3 www/wordpress #devel/pecl-jsmin devel/jsmin graphics/optipng graphics/jpegoptim devel/pecl-APCu net/netcat x11/xterm x11/xauth #security/fwbuilder www/matomo mail/postfix mail/postsrsd mail/sid-milter mail/postfix-policyd-spf-perl mail/opendkim mail/opendmarc mail/milter-callback mail/rspamd #mail/dcc-dccd #mail/spamass-milter #mail/mailman mail/pear-Mail_Mime mail/roundcube #mail/roundcube-markasjunk2 #mail/roundcube-sieverules net/pear-Net_SMTP mail/swaks mail/sympa www/spawn-fcgi #www/mod_security security/nikto #security/amavisd-new net/dhcp6 #lang/go textproc/apache-solr devel/maven #www/jetty8 net/minidlna net/miniupnpd misc/mc sysutils/pv sysutils/munin-common sysutils/munin-master sysutils/munin-node sysutils/xmbmon mail/mutt editors/jed #mail/t-prot #net-mgmt/nagios #net-mgmt/nagios4 #net-mgmt/nagios-plugins #net-mgmt/nagios-spamd-plugin net-mgmt/icinga2 net-mgmt/icingaweb2 net-mgmt/nagios-check_smartmon dns/ldns dns/py-dnspython databases/p5-MongoDB #graphics/pecl-imagick graphics/pecl-imagick-im7 shells/zsh shells/zsh-autosuggestions shells/zsh-completions shells/zsh-antigen #sysutils/autojump shells/bash shells/fish security/sudo #net/sslh shells/scponly sysutils/smartmontools #net/samba48 #net/samba410 net/samba411 net/samba412 sysutils/screen ports-mgmt/poudriere #ports-mgmt/poudriere-devel ports-mgmt/portlint security/vuxml ports-mgmt/modules2tuple net/rsync sysutils/pwgen databases/mysqltuner net/isc-dhcp44-server devel/ccache converters/dosunix net/radvd security/py-fail2ban security/rustscan security/nmap www/httrack benchmarks/iperf benchmarks/iperf3 net-mgmt/iftop net-mgmt/smokeping net/mtr-nox11 #net-mgmt/net-snmp deskutils/note #ports-mgmt/portmaster #ports-mgmt/portdowngrade #ports-mgmt/portupgrade #ports-mgmt/dialog4ports databases/p5-DBD-mysql net-mgmt/p5-Net-IP security/p5-Crypt-SSLeay www/p5-LWP-UserAgent-Determined math/p5-Math-Round devel/p5-Time-HiRes devel/p5-B-Hooks-EndOfScope devel/p5-BSD-Resource devel/p5-Class-Load devel/p5-Data-OptList devel/p5-ExtUtils-CBuilder devel/p5-ExtUtils-MakeMaker converters/p5-MIME-Base32 devel/p5-Package-DeprecationManager devel/p5-Package-Stash devel/p5-Package-Stash-XS devel/p5-Params-Util lang/p5-Scalar-List-Utils devel/p5-Sub-Exporter devel/p5-Sub-Exporter-Progressive devel/p5-Sub-Install devel/p5-Variable-Magic textproc/p5-YAML-Syck devel/p5-namespace-clean devel/p5-version devel/p5-Data-Dumper devel/p5-Algorithm-Diff archivers/p5-Archive-Tar devel/p5-CPAN-Meta-Requirements devel/p5-CPAN-Meta-YAML archivers/p5-Compress-Raw-Bzip2 archivers/p5-Compress-Raw-Zlib security/p5-Digest-MD5 security/p5-Digest-SHA devel/p5-ExtUtils-Constant devel/p5-ExtUtils-Install devel/p5-ExtUtils-Manifest devel/p5-ExtUtils-ParseXS devel/p5-Carp-Clan net/p5-Socket graphics/p5-GD misc/p5-Geography-Countries archivers/p5-IO-Zlib net/p5-IO-Socket-IP converters/p5-MIME-Base64 net/p5-IP-Country #net/p5-Geo-IP math/p5-Math-BigInt math/p5-Math-Complex devel/p5-Module-Metadata devel/p5-CPAN-Meta net/p5-Net net/p5-Net-CIDR-Lite devel/p5-Params-Classify devel/p5-Perl-OSType textproc/p5-Pod-Parser converters/p5-Storable-AMF devel/p5-Test-Harness devel/p5-Test-Simple textproc/p5-Text-Diff textproc/p5-Text-Balanced x11-toolkits/p5-Tk textproc/p5-YAML-Tiny devel/p5-parent devel/p5-PathTools devel/p5-Test-Deep devel/p5-Test-Exception textproc/p5-XML-SimpleObject textproc/p5-XML-Simple mail/p5-Email-MIME devel/p5-SVN-Notify graphics/p5-Image-Size www/p5-Template-Toolkit www/p5-HTML-Scrubber devel/p5-List-SomeUtils devel/p5-List-SomeUtils-XS mail/p5-Email-Send devel/p5-File-Slurp devel/p5-Getopt-Long devel/p5-Return-Value devel/p5-Storable editors/emacs@nox security/keepassxc devel/ruby-gems audio/teamspeak3-server #www/rubygem-passenger www/redmine4 www/rubygem-puma www/rubygem-thin devel/rubygem-abstract devel/rubygem-activesupport4 databases/rubygem-mysql2 databases/rubygem-arel devel/rubygem-atomic security/rubygem-bcrypt security/rubygem-bcrypt-ruby devel/rubygem-daemon_controller devel/rubygem-file-tail devel/rubygem-metaclass misc/rubygem-mime-types devel/rubygem-mocha devel/rubygem-power_assert www/rubygem-rack-mount devel/rubygem-rake-compiler devel/rubygem-rdoc net/rubygem-ruby-yadis devel/rubygem-shoulda devel/rubygem-shoulda-context devel/rubygem-shoulda-matchers devel/rubygem-sprockets devel/rubygem-spruz devel/rubygem-test-unit devel/rubygem-thread_safe devel/rubygem-eventmachine #devel/rubygem-tins #devel/rubygem-tins0 textproc/rubygem-yard graphics/rubygem-rmagick databases/rubygem-pg devel/rubygem-ffi devel/rubygem-rspec textproc/rubygem-sass #www/mediawiki127 #www/mediawiki132 #www/mediawiki134 www/mediawiki135 www/phpbb3 #www/magento #devel/gogs www/gitlab-ce devel/gitlab-runner #databases/postgresql11-server #databases/postgresql11-contrib databases/postgresql12-server databases/postgresql12-contrib sysutils/ezjail security/snort devel/sonarqube-community devel/sonar-scanner-cli #security/py-letsencrypt security/py-certbot sysutils/tree print/qpdf sysutils/devcpu-data net/mtr-nox11 ports-mgmt/synth security/chkrootkit security/lynis audio/mp3info # for openproject sysutils/rubygem-bundler # For log file collection and analysis using elasticsearch, kibana and more #textproc/elasticsearch2 #textproc/kibana45 #sysutils/logstash # libreoffice for nextcloud #editors/libreoffice benchmarks/bonnie++ devel/arcanist ports-mgmt/genplist misc/grc www/npm #lang/phantomjs # stuff to run redmine->gitlab migration tool #devel/py-log4py sysutils/lsop sysutils/dmidecode # to automatically test gitlab sysutils/vagrant #sysutils/rubygem-vagrant-disksize emulators/virtualbox-ose-nox11 emulators/virtualbox-ose-additions-nox11 sysutils/ansible sysutils/cbsd net/dante #sysutils/docker #sysutils/docker-freebsd sysutils/powermon sysutils/dtrace-toolkit net/geoipupdate lang/python lang/python2 lang/python3 textproc/py-autopep8 net/knxd net-mgmt/pushgateway net-mgmt/prometheus2 sysutils/node_exporter #www/grafana5 www/grafana6 sysutils/terraform sysutils/rubygem-chef sysutils/tmux sysutils/bacula9-server sysutils/bacula9-client www/bacula-web sysutils/burp # To package math/jts which is required for geo in apache-solr math/jts java/jdom java/junit textproc/xerces-j # iobroker archivers/unzip net/avahi-libdns dns/nss_mdns lang/gcc # to use dokuwiki-to-hugo converter textproc/py-markdown # jitsi net-im/jicofo net-im/jitsi-videobridge net-im/prosody security/p11-kit www/jitsi-meet # OpenHAB misc/openhab2 misc/openhab2-addons # Plex mediaserver multimedia/plexmediaserver multimedia/plexmediaserver-plexpass # Test ruby2.7 #devel/rubygem-rice #mail/rubygem-tmail #security/ruby-bitwarden #sysutils/puppet5 security/testssl.sh
Configure the options we would like to use for each port:
cd /usr/local/etc/poudriere.d poudriere options -f pkglist
Reconfigure the options:
cd /usr/local/etc/poudriere.d poudriere options -c -f pkglist
Build
poudriere bulk -f /usr/local/etc/poudriere.d/103amd64-pkglist -j 103amd64 poudriere bulk -f /usr/local/etc/poudriere.d/110amd64-pkglist -j 110amd64 poudriere bulk -f /usr/local/etc/poudriere.d/120amd64-pkglist -j 120amd64
Update Jail
poudriere jail -u -j 103amd64 poudriere jail -u -j 120amd64
Make it available via Web
Point your webserver to the path: /usr/local/poudriere/data if you would to also include the build reports. Or to the path: /usr/local/poudriere/data/packages if you only want to have the packages available. I use the following configuration for my apache:
- /usr/local/etc/apache24/Includes/servername.conf
<VirtualHost *:80 localhost:443> ServerName <servername> ServerAlias <serveralias> ServerAdmin <serveradminemail> Define BaseDir /usr/home/http/poudriere Define DocumentRoot /usr/local/share/poudriere/html Include etc/apache24/snipets/root.conf Include etc/apache24/snipets/logging.conf Alias /data /usr/local/poudriere/data/logs/bulk/ Alias /packages /usr/local/poudriere/data/packages/ <Directory /usr/local/poudriere/data/logs/bulk/> AllowOverride AuthConfig FileInfo Require all granted </Directory> <Directory /usr/local/poudriere/data/packages/> AllowOverride AuthConfig FileInfo Options Indexes MultiViews FollowSymLinks Require all granted </Directory> Include etc/apache24/ssl/ssl-template.conf #Include etc/apache24/ssl/https-forward.conf </VirtualHost>
Configure client
Make sure you copy the certificate to the client.
Create a configuration file:
- /usr/local/etc/pkg/repos/poudriere.conf
poudriere: { url: "http://<servername>/packages/${ABI}/", mirror_type: "pkg+http", signature_type: "pubkey", pubkey: "/usr/local/etc/ssl/certs/pkg.cert", enabled: yes }
Disable by standard repository by creating this file:
- /usr/local/etc/pkg/repos/FreeBSD.conf
FreeBSD: { enabled: no }
Update package list
pkg update
Rework package list to build
To get an overview about the packages that are missing you can:
pkg update pkg version -R | grep -v =
Compare with:
portmaster --list-origins | sort
Testing own ports using poudriere
poudriere testport -j 110amd64 textproc/apache-solr
Delete Build Environment
poudriere pkgclean -A -j 121amd64 -p 2020Q1 poudriere pkgclean -A -j 121amd64 -p 2020Q2 poudriere pkgclean -A -j 121amd64 -p 2020Q3 poudriere pkgclean -A -j 122amd64 -p 2020Q4 poudriere pkgclean -A -j 122amd64 -p 2021Q1 poudriere pkgclean -A -j 122amd64 poudriere pkgclean -A -j 130amd64 -p 2022Q1 poudriere pkgclean -A -j 130amd64 poudriere pkgclean -A -j 130amd64 -p gitlab poudriere pkgclean -A -j 130amd64 -p 2022Q2 poudriere jails -d -C all -j 111amd64 poudriere jails -d -C all -j 120amd64 poudriere jails -d -C all -j 121amd64 poudriere jails -d -C all -j 122amd64 poudriere jails -d -C all -j 130amd64 poudriere ports -d -p 2018Q2 poudriere ports -d -p 2018Q3 poudriere ports -d -p 2018Q4 poudriere ports -d -p 2019Q1 poudriere ports -d -p 2019Q2 poudriere ports -d -p 2019Q3 poudriere ports -d -p 2019Q4 poudriere ports -d -p 2020Q1 poudriere ports -d -p 2020Q2 poudriere ports -d -p 2020Q3 poudriere ports -d -p 2020Q4 poudriere ports -d -p 2021Q1 poudriere ports -d -p 2021Q2 poudriere ports -d -p 2021Q3 poudriere ports -d -p 2021Q4 poudriere ports -d -p 2022Q1 poudriere ports -d -p 2022Q2 poudriere logclean -a -j 112amd64 poudriere logclean -a -j 120amd64 poudriere logclean -a -j 121amd64 poudriere logclean -a -j 122amd64 poudriere logclean -a -j 130amd64 poudriere logclean -a -j 120amd64 -p 2018Q4 poudriere logclean -a -j 120amd64 -p 2019Q1 poudriere logclean -a -j 120amd64 -p 2019Q2 poudriere logclean -a -j 120amd64 -p 2019Q3 poudriere logclean -a -j 121amd64 -p 2019Q4 poudriere logclean -a -j 121amd64 -p 2020Q1 poudriere logclean -a -j 121amd64 -p 2020Q2 poudriere logclean -a -j 121amd64 -p 2020Q3 poudriere logclean -a -j 122amd64 -p 2020Q4 poudriere logclean -a -j 122amd64 -p 2021Q1 poudriere logclean -a -j 130amd64 -p 2021Q2 poudriere logclean -a -j 130amd64 -p 2022Q2 poudriere logclean -a -j 130amd64 -p gitlab poudriere logclean -a -p 2021Q3 poudriere logclean -a -p 2021Q4 poudriere logclean -a -p 2022Q1 poudriere logclean -a -p 2022Q2