documentation:technical_docs:poudriere
Differences
This shows you the differences between two versions of the page.
— | documentation:technical_docs:poudriere [2019/03/02 14:33] – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Poudriere image ====== | ||
+ | {{description> | ||
+ | ====== Why using poudriere in place of nanobsd ? ====== | ||
+ | BSDRP use a heavy customized nanobsd script that include package generation. This code need to be adapted each time the port build infrastructure change. | ||
+ | |||
+ | Why not using the new shinny " | ||
+ | |||
+ | ====== Externals links about Poudriere ====== | ||
+ | |||
+ | Here are a list of docs and tutorials about Poudriere: | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
+ | ====== Understanding Poudriere image ====== | ||
+ | |||
+ | ===== What is Poudriere ? ===== | ||
+ | |||
+ | It's a shell script used for build package in a clean (jail) environment. | ||
+ | But once you get a clean jail in one side, and a list of fresh generated package in other side, why not mix them together in a " | ||
+ | |||
+ | This is the " | ||
+ | that is presented here. | ||
+ | |||
+ | ===== Images generated by Poudriere ===== | ||
+ | |||
+ | Poudriere can generate multiple " | ||
+ | * iso: An ISO 9660 format image | ||
+ | * iso+mfs: An ISO 9660 format image where the root filesystem is MFS mounted | ||
+ | * iso+zmfs (default): | ||
+ | * usb: A GPT-layout prepared UFS2 image containing a UEFI boot loader. | ||
+ | * usb+mfs : A GPT-layout prepared UFS2 image containing a UEFI boot loader where the root filesystem is MFS mounted | ||
+ | * usb+zmfs: A GPT-layout prepared UFS2 image containing a UEFI boot loader where the root filesystem is LZ77 compressed and is MFS mounted. | ||
+ | * firmware: A NanoBSD style image with a GPT partitions and a UEFI boot loader | ||
+ | * rawfirmware: | ||
+ | * rawdisk: A raw UFS2, softupdates-enabled, | ||
+ | * zrawdisk: A raw ZFS disk image | ||
+ | * tar: An XZ-compressed tarball | ||
+ | * embedded: Create a u-boot ready embedded image | ||
+ | |||
+ | ===== The 6 minimum steps to build a poudriere firmware image ===== | ||
+ | |||
+ | Using poudriere from a ZFS is not mandatory but strongly advised. | ||
+ | - Install poudriere and configure it: < | ||
+ | echo " | ||
+ | - Create a poudriere jail WITH a GENERIC kernel (by default kernel is not build & installed): | ||
+ | - Create a port-tree using " | ||
+ | - Generate list of ports to be build & added into the firmware image:< | ||
+ | cat > ~/ | ||
+ | sysutils/ | ||
+ | net/frr6 | ||
+ | net/bird | ||
+ | net/mpd5 | ||
+ | EOF</ | ||
+ | - Build them using " | ||
+ | - Generate your disk image (4Gb total, because 2 systems partitions of 2Gb) using " | ||
+ | poudriere image -t firmware -j router -s 4g -p router-ports -h router -n router -f ~/ | ||
+ | (...) | ||
+ | [00:00:40] Image available at: / | ||
+ | |||
+ | ===== Comparing poudriere firmware image and nanobsd image ===== | ||
+ | |||
+ | ==== Final firmware file size ==== | ||
+ | |||
+ | Start by checking poudriere firmware file size: | ||
+ | < | ||
+ | root@lame4: | ||
+ | -rw-r--r-- | ||
+ | |||
+ | </ | ||
+ | |||
+ | We've obtained a 3.6GiB disk image file... which fit into a [[https:// | ||
+ | |||
+ | |||
+ | ==== Partition scheme ==== | ||
+ | |||
+ | The resulting images partition layout will have the same behavior than a nanobsd: | ||
+ | * GPT partition with EFI bootloader (nanobsd uses a MBR scheme with BIOS bootloader) | ||
+ | * first 991M (calculated from user input) system partition called gpt/ | ||
+ | * second system partition called gpt/ | ||
+ | * configuration configuration partition (hard-coded to 32M) called gpt/cfg | ||
+ | * data partition (hard-coded to 32M) called gpt/data | ||
+ | |||
+ | < | ||
+ | root@router: | ||
+ | => 4 4191926 | ||
+ | 4 | ||
+ | | ||
+ | | ||
+ | 2031290 | ||
+ | 4060858 | ||
+ | 4126394 | ||
+ | |||
+ | => 4 4191926 | ||
+ | 4 | ||
+ | | ||
+ | | ||
+ | 2031290 | ||
+ | 4060858 | ||
+ | 4126394 | ||
+ | |||
+ | root@router: | ||
+ | Filesystem | ||
+ | / | ||
+ | devfs | ||
+ | tmpfs 32M 3.2M | ||
+ | tmpfs 32M 2.7M | ||
+ | </ | ||
+ | ==== /etc ram disk ==== | ||
+ | |||
+ | Poudriere image is correctly compliant to a nanobsd /etc & /var ramdisk: | ||
+ | < | ||
+ | root@router: | ||
+ | / | ||
+ | devfs on /dev (devfs, local, multilabel) | ||
+ | /dev/md0 on /etc (ufs, local) | ||
+ | /dev/md1 on /var (ufs, local) | ||
+ | </ | ||
+ | |||
+ | Comparing to a standard nanobsd: | ||
+ | < | ||
+ | [root@nanobsd]~# | ||
+ | / | ||
+ | devfs on /dev (devfs, local) | ||
+ | /dev/md0 on /etc (ufs, local) | ||
+ | /dev/md1 on /var (ufs, local) | ||
+ | </ | ||
+ | ==== fstab ==== | ||
+ | |||
+ | fstab is compliant to nanobsd too: | ||
+ | |||
+ | < | ||
+ | root@router: | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | [root@nanobsd]~# | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | ====== Migrating from NanoBSD to poudriere image ====== | ||
+ | |||
+ | ===== Features matrix comparison ===== | ||
+ | |||
+ | nanobsd configuration file is a shell script,and BSDRP use a highly nanobsd customized configuration file generated by a wrapper (make.sh). | ||
+ | |||
+ | The challenge of migrating the customization done on nanobsd to poudriere image can be resumed here: | ||
+ | |||
+ | ^ BSDRP customized nanobsd usage ^ poudriere image ^ Purpose ^ | ||
+ | | Support differents src.conf: One for buildworld and another for installword | src.conf used for buildworld and installworld, | ||
+ | | Downloading a specific source revision of a stable/ | ||
+ | | Build a specific kernel file | Just had to install custom kernel int the custom source tree | Customized kernel | | ||
+ | | Build only list of kernel modules | FIXME How to do that? | Customized module list | | ||
+ | | Advanced scripting for building non-ports softwares | FIXME Not available, no idea of how to cleanly add this feature | Need to build some of / | ||
+ | | Advanced tunning of final image | FIXME Need to add a hook | Generating a mtree (for host-IDS), creating specific users | | ||
+ | | Building ports using own (outdated) embedded script | NATIVE role of poudriere | Adding ports to image | | ||
+ | | System upgrade by changing MBR active mode on system partition | System upgrade by setting " | ||
+ | ====== Customized poudriere image for BSDRP ====== | ||
+ | |||
+ | How to manually (without a " | ||
+ | |||
+ | ===== Set of configuration files ===== | ||
+ | |||
+ | We need to start creating a set of configuration files, named BSDRP: | ||
+ | * poudriere.d/ | ||
+ | * poudriere.d/ | ||
+ | * poudriere.d/ | ||
+ | * poudriere.d/ | ||
+ | |||
+ | Then need other configuration files: | ||
+ | * BSDRP-pkglist : List of packages to be build and included in the final image | ||
+ | |||
+ | ==== poudriere.d/ | ||
+ | |||
+ | The previous section of the NanoBSD configuration files found in variables CONF_BUILD and CONF_WORLD in file [[https:// | ||
+ | |||
+ | As for the BSDRP example, this give this file: | ||
+ | < | ||
+ | MALLOC_PRODUCTION= | ||
+ | BOOT_BOOT0_COMCONSOLE_SPEED=0 | ||
+ | WITHOUT_ACCT= | ||
+ | WITHOUT_AMD= | ||
+ | WITHOUT_APM= | ||
+ | WITHOUT_ASSERT_DEBUG= | ||
+ | WITHOUT_ATF= | ||
+ | WITHOUT_ATM= | ||
+ | WITHOUT_AUDIT= | ||
+ | WITHOUT_AUTHPF= | ||
+ | WITHOUT_AUTOFS= | ||
+ | WITHOUT_BHYVE= | ||
+ | WITHOUT_BLUETOOTH= | ||
+ | WITHOUT_BOOTPARAMD= | ||
+ | WITHOUT_BOOTPD= | ||
+ | WITHOUT_BSDINSTALL= | ||
+ | WITHOUT_CALENDAR= | ||
+ | WITHOUT_CCD= | ||
+ | WITHOUT_CTM= | ||
+ | WITHOUT_CVS= | ||
+ | WITHOUT_DICT= | ||
+ | WITHOUT_EE= | ||
+ | WITHOUT_EXAMPLES= | ||
+ | WITHOUT_FINGER= | ||
+ | WITHOUT_FLOPPY= | ||
+ | WITHOUT_FREEBSD_UPDATE= | ||
+ | WITHOUT_GAMES= | ||
+ | WITHOUT_GCOV= | ||
+ | WITHOUT_GNUCXX= | ||
+ | WITHOUT_GPIB= | ||
+ | WITHOUT_GPIO= | ||
+ | WITHOUT_GROFF= | ||
+ | WITHOUT_HAST= | ||
+ | WITHOUT_HTML= | ||
+ | WITHOUT_ICONV= | ||
+ | WITHOUT_INFO= | ||
+ | WITHOUT_IPX= | ||
+ | WITHOUT_IPX_SUPPORT= | ||
+ | WITHOUT_ISCSI= | ||
+ | WITHOUT_LIB32= | ||
+ | WITHOUT_LINT= | ||
+ | WITHOUT_LOADER_FIREWIRE= | ||
+ | WITHOUT_LOADER_GELI= | ||
+ | WITHOUT_LOCATE= | ||
+ | WITHOUT_LPR= | ||
+ | WITHOUT_NCP= | ||
+ | WITHOUT_NDIS= | ||
+ | WITHOUT_NETCAT= | ||
+ | WITHOUT_NIS= | ||
+ | WITHOUT_NLS= | ||
+ | WITHOUT_NLS_CATALOGS= | ||
+ | WITHOUT_NS_CACHING= | ||
+ | WITHOUT_PC_SYSINSTALL= | ||
+ | WITHOUT_PORTSNAP= | ||
+ | WITHOUT_PROFILE= | ||
+ | WITHOUT_QUOTAS= | ||
+ | WITHOUT_RBOOTD= | ||
+ | WITHOUT_RCMDS= | ||
+ | WITHOUT_RCS= | ||
+ | WITHOUT_RESCUE= | ||
+ | WITHOUT_ROUTED= | ||
+ | WITHOUT_SENDMAIL= | ||
+ | WITHOUT_SERVICESDB= | ||
+ | WITHOUT_SHAREDOCS= | ||
+ | WITHOUT_SVNLITE= | ||
+ | WITHOUT_SYSCONS= | ||
+ | WITHOUT_SYSINSTALL= | ||
+ | WITHOUT_TALK= | ||
+ | WITHOUT_TESTS= | ||
+ | WITHOUT_TESTS_SUPPORT= | ||
+ | WITHOUT_TFTP= | ||
+ | WITHOUT_TIMED= | ||
+ | WITHOUT_UNBOUND= | ||
+ | WITHOUT_USB_GADGET_EXAMPLES= | ||
+ | WITHOUT_WIRELESS= | ||
+ | WITHOUT_WPA_SUPPLICANT_EAPOL= | ||
+ | WITHOUT_ZFS= | ||
+ | WITH_IDEA= | ||
+ | WITH_OFED= | ||
+ | WITH_DEBUG_FILES= | ||
+ | WITH_REPRODUCIBLE_BUILD= | ||
+ | WITH_DIRDEPS_BUILD= | ||
+ | WITH_RETPOLINE= | ||
+ | </ | ||
+ | |||
+ | ==== poudriere.d/ | ||
+ | |||
+ | Allow to ADD WITHOUT that will be removed during installworld | ||
+ | |||
+ | < | ||
+ | cat <<EOF > / | ||
+ | WITHOUT_DEBUG_FILES= | ||
+ | WITHOUT_TOOLCHAIN= | ||
+ | WITHOUT_INCLUDES= | ||
+ | EOF | ||
+ | </ | ||
+ | ==== poudriere.d/ | ||
+ | |||
+ | This file contains configuration parameters common for all ports. | ||
+ | |||
+ | For BSDRP, it is simple: | ||
+ | < | ||
+ | cat <<EOF > / | ||
+ | OPTIONS_UNSET+= DOCS NLS X11 EXAMPLES | ||
+ | EOF | ||
+ | </ | ||
+ | |||
+ | ==== poudriere.d/ | ||
+ | |||
+ | If the ports builded need to use specific options, they need to be declared. | ||
+ | |||
+ | Using the command line " | ||
+ | |||
+ | Or you can do this: | ||
+ | < | ||
+ | rm -rf / | ||
+ | cd / | ||
+ | make config | ||
+ | cd ../frr | ||
+ | make config | ||
+ | cd ../ | ||
+ | make config | ||
+ | cd ../ | ||
+ | make config | ||
+ | cd ../ | ||
+ | make config | ||
+ | cp -r / | ||
+ | </ | ||
+ | ==== BSDRP-pkglist ==== | ||
+ | |||
+ | Now the list of package to be builded and added to the final image: | ||
+ | |||
+ | < | ||
+ | security/ | ||
+ | net-mgmt/ | ||
+ | net-mgmt/ | ||
+ | lang/ | ||
+ | lang/ | ||
+ | lang/python | ||
+ | devel/ | ||
+ | net-mgmt/ | ||
+ | net/frr6 | ||
+ | net/bird2 | ||
+ | net/ | ||
+ | net/ | ||
+ | security/ | ||
+ | security/ | ||
+ | net-mgmt/ | ||
+ | net/ucarp | ||
+ | net/arping | ||
+ | net/ | ||
+ | net/ | ||
+ | net/pim6dd | ||
+ | net/pim6sd | ||
+ | net/mrouted | ||
+ | net/pimdd | ||
+ | net/pimd | ||
+ | net/tayga | ||
+ | net/ | ||
+ | net/ | ||
+ | net/dhcp6 | ||
+ | sysutils/ | ||
+ | sysutils/ | ||
+ | sysutils/ | ||
+ | sysutils/ | ||
+ | security/ | ||
+ | net/mpd5 | ||
+ | net/mlvpn | ||
+ | security/ | ||
+ | security/ | ||
+ | benchmarks/ | ||
+ | net/exabgp | ||
+ | sysutils/ | ||
+ | sysutils/ | ||
+ | sysutils/ | ||
+ | sysutils/ | ||
+ | net/ | ||
+ | net-mgmt/ | ||
+ | net/ | ||
+ | net/ | ||
+ | net/ | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | ===== Building the jail ===== | ||
+ | |||
+ | |||
+ | The simplest solution is to re-use already existing BSDRP patched source tree: specific kernel configuration files can be installed into these source tree and use after. | ||
+ | |||
+ | Start by only patching BSDRP sources (sources and ports) using the BSDRP make.sh script: | ||
+ | < | ||
+ | ./make.sh -U | ||
+ | Update ONLY done | ||
+ | </ | ||
+ | |||
+ | There is now 2 sources ready patched: | ||
+ | * / | ||
+ | * / | ||
+ | |||
+ | |||
+ | < | ||
+ | poudriere jail -c -j BSDRP -a amd64 -z BSDRP -b -m src=/ | ||
+ | </ | ||
+ | Command line details: | ||
+ | * -b: Build from source | ||
+ | * -c: create a jail | ||
+ | * -j: SHORT name for the jail (I can't use BSDRP-amd64-10.3R here because later it will generate a long directory name and long name aren't well supported) | ||
+ | * -m src=: Path to the patched source branch we want to use | ||
+ | * -z: Configuration set name, used for loading the BSDRP-src.conf | ||
+ | * -K: The kernel configuration file, was copied here during patching BSDRP code trees | ||
+ | |||
+ | ===== Creating port tree ===== | ||
+ | |||
+ | Now we need to create a port-tree using the patched existing port tree: | ||
+ | |||
+ | < | ||
+ | poudriere ports -c -p BSDRP-ports -m null -M / | ||
+ | </ | ||
+ | |||
+ | ===== Build packages ===== | ||
+ | |||
+ | poudriere native role, we just give the jail name, sets name and port-tree name to use then the list of packages. | ||
+ | < | ||
+ | poudriere bulk -j BSDRP -z BSDRP -p BSDRP-ports -f / | ||
+ | </ | ||
+ | |||
+ | ===== Generating firmware image ===== | ||
+ | |||
+ | Here I'm instructing to build a 4GB image using the previous sets, jail, port-tree. | ||
+ | < | ||
+ | poudriere image -t firmware -s 4g -j BSDRP -p BSDRP-ports -z BSDRP -n BSDRP -h router.bsdrp.net -c / | ||
+ | </ | ||
+ | |||
+ | Command line explanation: | ||
+ | * -s: Size of full image size (same as the flash media) | ||
+ | * -n: Image name, will be use as the partition name too | ||
+ | * -h: Hostname configured on the image | ||
+ | * -f: List of package to be installed on the image | ||
+ | * -c: Directory tree to be copied on the image | ||
+ | |||
+ | FIXME: It needs a hook at the end of image generation for advanced task like generating an mtree (used for host-IDS) or specific user creation. |
documentation/technical_docs/poudriere.txt · Last modified: 2024/04/04 12:19 by olivier