Benutzer-Werkzeuge

Webseiten-Werkzeuge


freebsd:poudriere

Poudriere

This manual is based on FreeBSD 10.2/10.3. If you use an earlier version you must maybe start your jailname with a letter and not with a number.

Install

pkg install poudriere ccache

SSL Certificate and Key

mkdir -p /usr/local/etc/ssl/{keys,certs}
chmod 0600 /usr/local/etc/ssl/keys
openssl genrsa -out /usr/local/etc/ssl/keys/pkg.key 4096
openssl rsa -in /usr/local/etc/ssl/keys/pkg.key -pubout -out /usr/local/etc/ssl/certs/pkg.cert

Configure

cp /usr/local/etc/poudriere.conf.sample /usr/local/etc/poudriere.conf

We adapt the config to match our server configuration using ZFS, edit in the file the following options:

/usr/local/etc/poudriere.conf
ZPOOL=zstorage
FREEBSD_HOST=ftp://ftp.freebsd.org
PKG_REPO_SIGNING_KEY=/usr/local/etc/ssl/keys/pkg.key
CCACHE_DIR=/var/cache/ccache
KEEP_OLD_PACKAGES=yes
KEEP_OLD_PACKAGES_COUNT=3

Create Build Environment

I create a build environment for FreeBSD 10.3-RELEASE with arch AMD64:

poudriere jail -c -v 10.3-RELEASE -a amd64 -j 103amd64
poudriere jail -c -v 11.0-RELEASE -a amd64 -j 110amd64
poudriere jail -c -v 11.1-RELEASE -a amd64 -j 111amd64
poudriere ports -c

Configure Jail

The filename of the following configuration files will be build by JAILNAME-PORTNAME-SETNAME (see here also man poudriere). For JAILNAME we used 103amd64 and PORTNAME and SETNAME we have not defined so we have the following files available for configuration:

make.conf
pkglist

Set some build options for the jail:

/usr/local/etc/poudriere.d/make.conf
DEFAULT_VERSIONS=php=7.1 apache=2.4 mysql=10.2m bdb=6 ssl=openssl
WITH_BDB6_PERMITTED=1
WITH_OPENSSL_PORT=yes
 
WITH_MPM=event
OPTIONS_UNSET=DEBUG DOCBOOK EXAMPLES
OPTIONS_SET=proxy dav ssl ldap
 
DISABLE_LICENSES=yes

Define the ports we would like to build:

/usr/local/etc/poudriere.d/pkglist
databases/mariadb102-server
databases/mongodb
#www/apache24
www/mod_geoip2
www/awstats
www/webalizer
sysutils/goaccess
shells/bash
sysutils/beadm
#dns/bind99
dns/bind910
dns/sshfp
security/clamav
print/cups
ftp/curl
ftp/wget
ftp/pure-ftpd
ftp/proftpd
ftp/tftp-hpa
www/dokuwiki
security/openssl
mail/dovecot2
mail/dovecot2-pigeonhole
mail/fetchmail
devel/git
converters/p5-Encode
devel/subversion
#devel/viewvc
devel/gitolite
www/nginx
www/fcgiwrap
net/haproxy
sysutils/hatop
www/varnish4
#www/owncloud
www/nextcloud
security/openvpn
#lang/php56
#lang/php56-extensions
devel/php-xdebug
devel/php5-geshi
devel/php-composer
lang/php71
lang/php71-extensions
 
german/hunspell
textproc/en-hunspell
www/smarty2
www/smarty3
databases/phpmyadmin
#databases/adminer
www/gallery3
#devel/pecl-uploadprogress
#www/pecl-twig
print/pecl-pdflib
devel/pear
databases/pear-DB
www/drush
www/joomla3
www/wordpress
#devel/pecl-jsmin
net/pecl-geoip
devel/jsmin
graphics/optipng
graphics/jpegoptim
devel/pecl-APCu
net/netcat
 
x11/xterm
x11/xauth
security/fwbuilder
 
www/piwik
mail/postfix
mail/postsrsd
mail/sid-milter
mail/postfix-policyd-spf-perl
mail/opendkim
mail/opendmarc
mail/milter-callback
mail/rspamd
security/clamsmtp
mail/spamass-milter
mail/mailman
mail/roundcube
 
www/mod_security
security/nikto
security/amavisd-new
net/dhcp6
lang/go
devel/go-sql-driver
textproc/apache-solr
www/jetty8
net/minidlna
net/miniupnpd
misc/mc
sysutils/pv
sysutils/munin-common
sysutils/munin-master
sysutils/munin-node
sysutils/xmbmon
mail/mutt
editors/jed
mail/t-prot
#net-mgmt/nagios
#net-mgmt/nagios4
net-mgmt/nrpe
#net-mgmt/nagios-plugins
net-mgmt/nagios-spamd-plugin
net-mgmt/icinga2
net-mgmt/icingaweb2
graphics/pecl-imagick
shells/zsh
shells/bash
shells/fish
security/sudo
net/sslh
shells/scponly
sysutils/smartmontools
net/samba43
sysutils/screen
ports-mgmt/poudriere
ports-mgmt/poudriere-devel
net/rsync
sysutils/pwgen
databases/mysqltuner
 
net/isc-dhcp43-server
devel/ccache
converters/dosunix
net/radvd
security/py-fail2ban
security/nmap
www/httrack
benchmarks/iperf
net-mgmt/iftop
net-mgmt/smokeping
net/mtr-nox11
net-mgmt/net-snmp
deskutils/note
ports-mgmt/portmaster
ports-mgmt/portdowngrade
ports-mgmt/portupgrade
ports-mgmt/dialog4ports
 
databases/p5-DBD-mysql
net-mgmt/p5-Net-IP
security/p5-Crypt-SSLeay
www/p5-LWP-UserAgent-Determined
math/p5-Math-Round
devel/p5-Time-HiRes
devel/p5-B-Hooks-EndOfScope
devel/p5-BSD-Resource
devel/p5-Class-Load
devel/p5-Data-OptList
devel/p5-ExtUtils-CBuilder
devel/p5-ExtUtils-MakeMaker
converters/p5-MIME-Base32
devel/p5-Package-DeprecationManager
devel/p5-Package-Stash
devel/p5-Package-Stash-XS
devel/p5-Params-Util
lang/p5-Scalar-List-Utils
devel/p5-Sub-Exporter
devel/p5-Sub-Exporter-Progressive
devel/p5-Sub-Install
devel/p5-Variable-Magic
textproc/p5-YAML-Syck
devel/p5-namespace-clean
devel/p5-version
devel/p5-Data-Dumper
devel/p5-Algorithm-Diff
archivers/p5-Archive-Tar
devel/p5-CPAN-Meta-Requirements
devel/p5-CPAN-Meta-YAML
archivers/p5-Compress-Raw-Bzip2
archivers/p5-Compress-Raw-Zlib
security/p5-Digest-MD5
security/p5-Digest-SHA
devel/p5-ExtUtils-Constant
devel/p5-ExtUtils-Install
devel/p5-ExtUtils-Manifest
devel/p5-ExtUtils-ParseXS
devel/p5-Carp-Clan
graphics/p5-GD
misc/p5-Geography-Countries
archivers/p5-IO-Zlib
net/p5-IP-Country
net/p5-Geo-IP
math/p5-Math-BigInt
math/p5-Math-Complex
devel/p5-Module-Metadata
devel/p5-CPAN-Meta
net/p5-Net
net/p5-Net-CIDR-Lite
devel/p5-Params-Classify
devel/p5-Perl-OSType
textproc/p5-Pod-Parser
converters/p5-Storable-AMF
devel/p5-Test-Harness
devel/p5-Test-Simple
textproc/p5-Text-Diff
x11-toolkits/p5-Tk
textproc/p5-YAML-Tiny
devel/p5-parent
devel/p5-PathTools
devel/p5-Test-Deep
devel/p5-Test-Exception
textproc/p5-XML-SimpleObject
textproc/p5-XML-Simple
mail/p5-Email-MIME
devel/p5-SVN-Notify
graphics/p5-Image-Size
 
editors/emacs-nox11
security/keepass
 
devel/ruby-gems
audio/teamspeak3-server
www/rubygem-passenger
www/redmine
www/rubygem-thin
devel/rubygem-abstract
devel/rubygem-activesupport4
databases/rubygem-mysql2
databases/rubygem-arel
devel/rubygem-atomic
security/rubygem-bcrypt
security/rubygem-bcrypt-ruby
devel/rubygem-daemon_controller
devel/rubygem-fastthread
devel/rubygem-file-tail
devel/rubygem-metaclass
misc/rubygem-mime-types
devel/rubygem-mocha
devel/rubygem-power_assert
www/rubygem-rack-mount
devel/rubygem-rake-compiler
devel/rubygem-rdoc
net/rubygem-ruby-yadis
devel/rubygem-shoulda
devel/rubygem-shoulda-context
devel/rubygem-shoulda-matchers
devel/rubygem-sprockets
devel/rubygem-spruz
devel/rubygem-test-unit
devel/rubygem-thread_safe
devel/rubygem-eventmachine
#devel/rubygem-tins
#devel/rubygem-tins0
textproc/rubygem-yard
graphics/rubygem-rmagick
databases/rubygem-pg
devel/rubygem-ffi
devel/rubygem-rspec
textproc/rubygem-sass
 
www/mediawiki127
www/phpbb3
 
#devel/gogs
www/gitlab
sysutils/ezjail
security/snort
 
#security/py-letsencrypt
security/py-certbot
 
sysutils/tree
print/qpdf
 
sysutils/devcpu-data
 
ports-mgmt/synth
 
security/chkrootkit
security/lynis
audio/mp3info
 
# for openproject
sysutils/rubygem-bundler
 
# For log file collection and analysis using elasticsearch, kibana and more
#textproc/elasticsearch2
#textproc/kibana45
#sysutils/logstash
 
# libreoffice for nextcloud
#editors/libreoffice
 
benchmarks/bonnie++
 
ports-mgmt/genplist
misc/grc
 
www/npm

Configure the options we would like to use for each port:

cd /usr/local/etc/poudriere.d
poudriere options -j 103amd64 -f pkglist
poudriere options -j 111amd64 -f pkglist

Reconfigure the options:

cd /usr/local/etc/poudriere.d
poudriere options -c -j 103amd64 -f pkglist
poudriere options -c -j 111amd64 -f pkglist

Build

poudriere bulk -f /usr/local/etc/poudriere.d/103amd64-pkglist -j 103amd64
poudriere bulk -f /usr/local/etc/poudriere.d/110amd64-pkglist -j 110amd64

Update Jail

poudriere jail -u -j 103amd64

Make it available via Web

Point your webserver to the path: /usr/local/poudriere/data if you would to also include the build reports. Or to the path: /usr/local/poudriere/data/packages if you only want to have the packages available. I use the following configuration for my apache:

/usr/local/etc/apache24/Includes/servername.conf
<VirtualHost *:80 localhost:443>
ServerName <servername>
ServerAlias <serveralias>
ServerAdmin <serveradminemail>

Define BaseDir /usr/home/http/poudriere
Define DocumentRoot /usr/local/share/poudriere/html
 
Include etc/apache24/snipets/root.conf
Include etc/apache24/snipets/logging.conf
 
Alias /data /usr/local/poudriere/data/logs/bulk/
Alias /packages /usr/local/poudriere/data/packages/
 
<Directory /usr/local/poudriere/data/logs/bulk/>
  AllowOverride AuthConfig  FileInfo
  Require all granted
</Directory>

<Directory /usr/local/poudriere/data/packages/>
  AllowOverride AuthConfig FileInfo
  Options Indexes MultiViews FollowSymLinks
  Require all granted
</Directory>

 
Include etc/apache24/ssl/ssl-template.conf
#Include etc/apache24/ssl/https-forward.conf
</VirtualHost>

Configure client

Make sure you copy the certificate to the client.

Create a configuration file:

/usr/local/etc/pkg/repos/poudriere.conf
poudriere: {
    url: "http://<servername>/packages/103amd64-default/",
    mirror_type: "pkg+http",
    signature_type: "pubkey",
    pubkey: "/usr/local/etc/ssl/certs/pkg.cert",
    enabled: yes
}

Disable by standard repository by creating this file:

/usr/local/etc/pkg/repos/FreeBSD.conf
FreeBSD: {
    enabled: no
}

Update package list

pkg update

Rework package list to build

To get an overview about the packages that are missing you can:

pkg update
pkg version -R | grep -v =

Compare with:

portmaster --list-origins | sort

Testing own ports using poudriere

poudriere testport -j 110amd64 textproc/apache-solr
freebsd/poudriere.txt · Zuletzt geändert: 2017/11/04 09:40 (Externe Bearbeitung)