Benutzer-Werkzeuge
freebsd:poudriere
Inhaltsverzeichnis
Poudriere
This manual is based on FreeBSD 10.2/10.3. If you use an earlier version you must maybe start your jailname with a letter and not with a number.
Install
pkg install poudriere ccache
SSL Certificate and Key
mkdir -p /usr/local/etc/ssl/{keys,certs}
chmod 0600 /usr/local/etc/ssl/keys
openssl genrsa -out /usr/local/etc/ssl/keys/pkg.key 4096
openssl rsa -in /usr/local/etc/ssl/keys/pkg.key -pubout -out /usr/local/etc/ssl/certs/pkg.cert
Configure
cp /usr/local/etc/poudriere.conf.sample /usr/local/etc/poudriere.conf
We adapt the config to match our server configuration using ZFS, edit in the file the following options:
- /usr/local/etc/poudriere.conf
ZPOOL=zstorage FREEBSD_HOST=ftp://ftp.freebsd.org PKG_REPO_SIGNING_KEY=/usr/local/etc/ssl/keys/pkg.key CCACHE_DIR=/var/cache/ccache KEEP_OLD_PACKAGES=yes KEEP_OLD_PACKAGES_COUNT=3
Create Build Environment
I create a build environment for FreeBSD 10.3-RELEASE with arch AMD64:
poudriere jail -c -v 10.3-RELEASE -a amd64 -j 103amd64 poudriere jail -c -v 11.0-RELEASE -a amd64 -j 110amd64 poudriere jail -c -v 11.1-RELEASE -a amd64 -j 111amd64 poudriere ports -c poudriere ports -c -B branches/2018Q2 -p 2018Q2 -m svn
Configure Jail
The filename of the following configuration files will be build by JAILNAME-PORTNAME-SETNAME (see here also man poudriere). For JAILNAME we used 103amd64 and PORTNAME and SETNAME we have not defined so we have the following files available for configuration:
make.conf pkglist
Set some build options for the jail:
- /usr/local/etc/poudriere.d/make.conf
DEFAULT_VERSIONS=php=7.1 apache=2.4 mysql=10.2m bdb=6 ssl=openssl WITH_BDB6_PERMITTED=1 WITH_OPENSSL_PORT=yes WITH_MPM=event OPTIONS_UNSET=DEBUG DOCBOOK EXAMPLES OPTIONS_SET=proxy dav ssl ldap DISABLE_LICENSES=yes
Define the ports we would like to build:
- /usr/local/etc/poudriere.d/pkglist
databases/mariadb102-server databases/mongodb #www/apache24 www/mod_geoip2 www/awstats www/webalizer sysutils/goaccess shells/bash sysutils/beadm #dns/bind99 dns/bind910 dns/sshfp security/clamav print/cups ftp/curl ftp/wget ftp/pure-ftpd ftp/proftpd ftp/tftp-hpa www/dokuwiki security/openssl mail/dovecot2 mail/dovecot2-pigeonhole mail/fetchmail devel/git converters/p5-Encode devel/subversion #devel/viewvc devel/gitolite www/nginx www/fcgiwrap net/haproxy sysutils/hatop www/varnish4 #www/owncloud www/nextcloud security/openvpn #lang/php56 #lang/php56-extensions devel/php-xdebug devel/php5-geshi devel/php-composer lang/php71 lang/php71-extensions german/hunspell textproc/en-hunspell www/smarty2 www/smarty3 databases/phpmyadmin #databases/adminer www/gallery3 #devel/pecl-uploadprogress #www/pecl-twig print/pecl-pdflib devel/pear databases/pear-DB www/drush www/joomla3 www/wordpress #devel/pecl-jsmin net/pecl-geoip devel/jsmin graphics/optipng graphics/jpegoptim devel/pecl-APCu net/netcat x11/xterm x11/xauth security/fwbuilder www/piwik mail/postfix mail/postsrsd mail/sid-milter mail/postfix-policyd-spf-perl mail/opendkim mail/opendmarc mail/milter-callback mail/rspamd security/clamsmtp mail/spamass-milter mail/mailman mail/roundcube www/mod_security security/nikto security/amavisd-new net/dhcp6 lang/go devel/go-sql-driver textproc/apache-solr www/jetty8 net/minidlna net/miniupnpd misc/mc sysutils/pv sysutils/munin-common sysutils/munin-master sysutils/munin-node sysutils/xmbmon mail/mutt editors/jed mail/t-prot #net-mgmt/nagios #net-mgmt/nagios4 net-mgmt/nrpe #net-mgmt/nagios-plugins net-mgmt/nagios-spamd-plugin net-mgmt/icinga2 net-mgmt/icingaweb2 graphics/pecl-imagick shells/zsh shells/bash shells/fish security/sudo net/sslh shells/scponly sysutils/smartmontools net/samba43 sysutils/screen ports-mgmt/poudriere ports-mgmt/poudriere-devel net/rsync sysutils/pwgen databases/mysqltuner net/isc-dhcp43-server devel/ccache converters/dosunix net/radvd security/py-fail2ban security/nmap www/httrack benchmarks/iperf net-mgmt/iftop net-mgmt/smokeping net/mtr-nox11 net-mgmt/net-snmp deskutils/note ports-mgmt/portmaster ports-mgmt/portdowngrade ports-mgmt/portupgrade ports-mgmt/dialog4ports databases/p5-DBD-mysql net-mgmt/p5-Net-IP security/p5-Crypt-SSLeay www/p5-LWP-UserAgent-Determined math/p5-Math-Round devel/p5-Time-HiRes devel/p5-B-Hooks-EndOfScope devel/p5-BSD-Resource devel/p5-Class-Load devel/p5-Data-OptList devel/p5-ExtUtils-CBuilder devel/p5-ExtUtils-MakeMaker converters/p5-MIME-Base32 devel/p5-Package-DeprecationManager devel/p5-Package-Stash devel/p5-Package-Stash-XS devel/p5-Params-Util lang/p5-Scalar-List-Utils devel/p5-Sub-Exporter devel/p5-Sub-Exporter-Progressive devel/p5-Sub-Install devel/p5-Variable-Magic textproc/p5-YAML-Syck devel/p5-namespace-clean devel/p5-version devel/p5-Data-Dumper devel/p5-Algorithm-Diff archivers/p5-Archive-Tar devel/p5-CPAN-Meta-Requirements devel/p5-CPAN-Meta-YAML archivers/p5-Compress-Raw-Bzip2 archivers/p5-Compress-Raw-Zlib security/p5-Digest-MD5 security/p5-Digest-SHA devel/p5-ExtUtils-Constant devel/p5-ExtUtils-Install devel/p5-ExtUtils-Manifest devel/p5-ExtUtils-ParseXS devel/p5-Carp-Clan graphics/p5-GD misc/p5-Geography-Countries archivers/p5-IO-Zlib net/p5-IP-Country net/p5-Geo-IP math/p5-Math-BigInt math/p5-Math-Complex devel/p5-Module-Metadata devel/p5-CPAN-Meta net/p5-Net net/p5-Net-CIDR-Lite devel/p5-Params-Classify devel/p5-Perl-OSType textproc/p5-Pod-Parser converters/p5-Storable-AMF devel/p5-Test-Harness devel/p5-Test-Simple textproc/p5-Text-Diff x11-toolkits/p5-Tk textproc/p5-YAML-Tiny devel/p5-parent devel/p5-PathTools devel/p5-Test-Deep devel/p5-Test-Exception textproc/p5-XML-SimpleObject textproc/p5-XML-Simple mail/p5-Email-MIME devel/p5-SVN-Notify graphics/p5-Image-Size editors/emacs-nox11 security/keepass devel/ruby-gems audio/teamspeak3-server www/rubygem-passenger www/redmine www/rubygem-thin devel/rubygem-abstract devel/rubygem-activesupport4 databases/rubygem-mysql2 databases/rubygem-arel devel/rubygem-atomic security/rubygem-bcrypt security/rubygem-bcrypt-ruby devel/rubygem-daemon_controller devel/rubygem-fastthread devel/rubygem-file-tail devel/rubygem-metaclass misc/rubygem-mime-types devel/rubygem-mocha devel/rubygem-power_assert www/rubygem-rack-mount devel/rubygem-rake-compiler devel/rubygem-rdoc net/rubygem-ruby-yadis devel/rubygem-shoulda devel/rubygem-shoulda-context devel/rubygem-shoulda-matchers devel/rubygem-sprockets devel/rubygem-spruz devel/rubygem-test-unit devel/rubygem-thread_safe devel/rubygem-eventmachine #devel/rubygem-tins #devel/rubygem-tins0 textproc/rubygem-yard graphics/rubygem-rmagick databases/rubygem-pg devel/rubygem-ffi devel/rubygem-rspec textproc/rubygem-sass www/mediawiki127 www/phpbb3 #devel/gogs www/gitlab sysutils/ezjail security/snort #security/py-letsencrypt security/py-certbot sysutils/tree print/qpdf sysutils/devcpu-data ports-mgmt/synth security/chkrootkit security/lynis audio/mp3info # for openproject sysutils/rubygem-bundler # For log file collection and analysis using elasticsearch, kibana and more #textproc/elasticsearch2 #textproc/kibana45 #sysutils/logstash # libreoffice for nextcloud #editors/libreoffice benchmarks/bonnie++ ports-mgmt/genplist misc/grc www/npm
Configure the options we would like to use for each port:
cd /usr/local/etc/poudriere.d poudriere options -j 103amd64 -f pkglist poudriere options -j 111amd64 -f pkglist
Reconfigure the options:
cd /usr/local/etc/poudriere.d poudriere options -c -j 103amd64 -f pkglist poudriere options -c -j 111amd64 -f pkglist
Build
poudriere bulk -f /usr/local/etc/poudriere.d/103amd64-pkglist -j 103amd64 poudriere bulk -f /usr/local/etc/poudriere.d/110amd64-pkglist -j 110amd64
Update Jail
poudriere jail -u -j 103amd64
Make it available via Web
Point your webserver to the path: /usr/local/poudriere/data if you would to also include the build reports. Or to the path: /usr/local/poudriere/data/packages if you only want to have the packages available. I use the following configuration for my apache:
- /usr/local/etc/apache24/Includes/servername.conf
<VirtualHost *:80 localhost:443> ServerName <servername> ServerAlias <serveralias> ServerAdmin <serveradminemail> Define BaseDir /usr/home/http/poudriere Define DocumentRoot /usr/local/share/poudriere/html Include etc/apache24/snipets/root.conf Include etc/apache24/snipets/logging.conf Alias /data /usr/local/poudriere/data/logs/bulk/ Alias /packages /usr/local/poudriere/data/packages/ <Directory /usr/local/poudriere/data/logs/bulk/> AllowOverride AuthConfig FileInfo Require all granted </Directory> <Directory /usr/local/poudriere/data/packages/> AllowOverride AuthConfig FileInfo Options Indexes MultiViews FollowSymLinks Require all granted </Directory> Include etc/apache24/ssl/ssl-template.conf #Include etc/apache24/ssl/https-forward.conf </VirtualHost>
Configure client
Make sure you copy the certificate to the client.
Create a configuration file:
- /usr/local/etc/pkg/repos/poudriere.conf
poudriere: { url: "http://<servername>/packages/103amd64-default/", mirror_type: "pkg+http", signature_type: "pubkey", pubkey: "/usr/local/etc/ssl/certs/pkg.cert", enabled: yes }
Disable by standard repository by creating this file:
- /usr/local/etc/pkg/repos/FreeBSD.conf
FreeBSD: { enabled: no }
Update package list
pkg update
Rework package list to build
To get an overview about the packages that are missing you can:
pkg update pkg version -R | grep -v =
Compare with:
portmaster --list-origins | sort
Testing own ports using poudriere
poudriere testport -j 110amd64 textproc/apache-solr
freebsd/poudriere.txt · Zuletzt geändert: 2018/04/16 14:20 (Externe Bearbeitung)
Seiten-Werkzeuge
Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-Noncommercial 4.0 International
