Differences

This shows you the differences between two versions of the page.

--- documentation:technical_docs:poudriere [2023/10/10 01:06] – [poudriere.d/BSDRPj-make.conf] olivier
+++ documentation:technical_docs:poudriere [2023/10/12 14:26] – [Set of configuration files] olivier
@@ Line 50: / Line 50: @@
 cat > ~/router-pkglist <<EOF
 sysutils/tmux
-net/frr8
+net/frr9
 net/bird2
 net/mpd5
@@ Line 151: / Line 151: @@
 | Build a specific kernel file  | Just had to install custom kernel int the custom source tree | Customized kernel |
 | Build only list of kernel modules | Declaring MODULES_OVERRIDE in -src.conf | Customized module list |
-| Advanced scripting for building non-ports softwares | FIXME Not available, no idea of how to cleanly add this feature | Need to build some of /usr/src/tools |
+| Advanced scripting for building non-ports softwares | Solution should be to create a port | Need to build some of /usr/src/tools |
 | Advanced tuning of final image | -A post-script and -B pre-script | Generating a mtree (for host-IDS), creating specific users |
 | Building ports using own (outdated) embedded script | NATIVE role of poudriere | Adding ports to image |
@@ Line 174: / Line 174: @@
 Then need other configuration files:
   * BSDRP-pkglist : List of packages to be build and included in the final image
-  * A kernel configuration file: I'm using the BSDRP amd64 configuration
+  * A kernel configuration file: I'm using the [[https://github.com/ocochard/BSDRP/blob/master/BSDRP/kernels/amd64|BSDRP amd64 configuration]]
   * excluded.files: A list of file we want to be exculed during the installworld
-  * overlaydir/usr/local/etc/pkg.conf: with a FILES_IGNORE_GLOB list that will exclude files from being extracted during packages installation
+  * [[https://github.com/ocochard/BSDRP/blob/master/BSDRP/Files/usr/local/etc/pkg.conf|overlaydir/usr/local/etc/pkg.conf]]: with a FILES_IGNORE_GLOB list that will exclude files from being extracted during packages installation
 ==== poudriere.d/BSDRPj-src.conf ====
 The previous section of the NanoBSD configuration files found in variables CONF_BUILD and CONF_WORLD in file [[https://github.com/ocochard/BSDRP/blob/4febbb26dad24a38275eba344b85f05bc123e59f/BSDRP/BSDRP.nano|BSDRP/BSDRP.nano]] should be copied in this file.
-As for the BSDRP example, this give this file, that will include the MODULES_OVERRIDE list too
+Notice this jail will be used to build the port, so compiler should be kept here.
-<code>
-cat <<EOF > /usr/local/etc/poudriere.d/BSDRPj-src.conf
-BOOT_BOOT0_COMCONSOLE_SPEED=0
-WITHOUT_ACCT=
-WITHOUT_AMD=
-WITHOUT_APM=
-WITHOUT_ASSERT_DEBUG=
-WITHOUT_ATF=
-WITHOUT_ATM=
-WITHOUT_AUDIT=
-WITHOUT_AUTHPF=
-WITHOUT_AUTOFS=
-WITHOUT_BHYVE=
-WITHOUT_BLUETOOTH=
-WITHOUT_BOOTPARAMD=
-WITHOUT_BOOTPD=
-WITHOUT_BSDINSTALL=
-WITHOUT_CALENDAR=
-WITHOUT_CCD=
-WITHOUT_CROSS_COMPILER=
-WITHOUT_CTM=
-WITHOUT_CVS=
-WITHOUT_DICT=
-WITHOUT_EE=
-WITHOUT_EXAMPLES=
-WITHOUT_FINGER=
-WITHOUT_FLOPPY=
-WITHOUT_FREEBSD_UPDATE=
-WITHOUT_GAMES=
-WITHOUT_GCOV=
-WITHOUT_GNUCXX=
-WITHOUT_GPIB=
-WITHOUT_GPIO=
-WITHOUT_GROFF=
-WITHOUT_HAST=
-WITHOUT_HTML=
-WITHOUT_INFO=
-WITHOUT_IPX=
-WITHOUT_IPX_SUPPORT=
-WITHOUT_ISCSI=
-WITHOUT_KERBEROS=
-WITHOUT_LIB32=
-WITHOUT_LINT=
-WITHOUT_LLVM_ASSERTIONS=
-WITHOUT_LLVM_TARGET_ALL=
-WITHOUT_LOADER_FIREWIRE=
-WITHOUT_LOADER_GELI=
-WITHOUT_LOCATE=
-WITHOUT_LPR=
-WITHOUT_NCP=
-WITHOUT_NDIS=
-WITHOUT_NIS=
-WITHOUT_NLS=
-WITHOUT_NLS_CATALOGS=
-WITHOUT_NS_CACHING=
-WITHOUT_PC_SYSINSTALL=
-WITHOUT_PORTSNAP=
-WITHOUT_PROFILE=
-WITHOUT_QUOTAS=
-WITHOUT_RBOOTD=
-WITHOUT_RCMDS=
-WITHOUT_RCS=
-WITHOUT_RESCUE=
-WITHOUT_ROUTED=
-WITHOUT_SENDMAIL=
-WITHOUT_SERVICESDB=
-WITHOUT_SHAREDOCS=
-WITHOUT_SVNLITE=
-WITHOUT_SYSCONS=
-WITHOUT_SYSINSTALL=
-WITHOUT_TALK=
-WITHOUT_TESTS=
-WITHOUT_TESTS_SUPPORT=
-WITHOUT_TFTP=
-WITHOUT_TIMED=
-WITHOUT_UNBOUND=
-WITHOUT_USB_GADGET_EXAMPLES=
-WITHOUT_WIRELESS=
-WITHOUT_WPA_SUPPLICANT_EAPOL=
-WITHOUT_ZFS=
-WITH_IDEA=
-WITH_OFED=
-WITH_DEBUG_FILES=
-WITH_RETPOLINE=
-WITH_REPRODUCIBLE_BUILD=
-WITH_MALLOC_PRODUCTION=
-WITH_OPENSSL_KTLS=
-MODULES_OVERRIDE= \
-        backlight \
-        blake2 \
-        bridgestp \
-        carp \
-        dtrace \
-        dummynet \
-        fdescfs \
-        if_bridge \
-        if_disc \
-        if_epair \
-        if_gre \
-        if_infiniband \
-        if_lagg \
-        if_stf \
-        if_tuntap \
-        if_vxlan \
-        ipdivert \
-        ipfilter \
-        ipfw \
-        ipfw_nat \
-        ipfw_nat64 \
-        ipfw_pmod \
-        ipfw_nptv6 \
-        ipsec \
-        i2c \
-        fib_dxr \
-        ksyms \
-        libalias \
-        mlx4 \
-        mlx4en \
-        netgraph \
-        nullfs \
-        opensolaris \
-        pf \
-        pfsync \
-        pflog \
-        rc4 \
-        unionfs \
-        usb/uether \
-        usb/urndis \
-        amdsbwd \
-        amdsmn \
-        amdtemp \
-        cpuctl \
-        coretemp \
-        dpdk_lpm4 \
-        dpdk_lpm6 \
-        ena \
-        ichwd \
-        ioat \
-        ipmi \
-        ispfw \
-        hifn \
-        hyperv \
-        qat \
-        qatfw \
-        qat_c2xxx \
-        hwpmc \
-        padlock \
-        qlxgb \
-        qlxgbe \
-        safe \
-        vmware
-EOF
-</code>
+The [[https://github.com/ocochard/BSDRP/blob/master/poudriere.etc/poudriere.d/BSDRPj-src.conf|BSDRPj-src.conf]] is on github.
 ==== poudriere.d/image-BSDRPj-src.conf ====
-Allow to ADD WITHOUT that will be removed during installworld
+Allow to ADD WITHOUT_ knob that will be removed during installworld into the final image.
-<code>
+This is where we remove compiler and other no-more used part.
-WITHOUT_DEBUG_FILES=
-WITHOUT_TOOLCHAIN=
+The [[https://github.com/ocochard/BSDRP/blob/master/poudriere.etc/poudriere.d/image-BSDRPj-src.conf|image-BSDRPj-src.conf]] is on github.
-# Still 26M in /usr/includes, need to exclude them with the excludefiles
-WITHOUT_INCLUDES=
-WITHOUT_KERNEL_SYMBOLS=
-WITHOUT_INSTALLLIB=
-WITHOUT_FDT=
-WITHOUT_SERVICESDB=
-</code>
 ==== poudriere.d/BSDRPj-make.conf ====
-This file contains configuration parameters common for all ports.
+This file contains build parameters for the ports.
-<code>
-OPTIONS_UNSET+=DOCS EXAMPLES INFO NLS X11 DOXYGEN
-lang_perl5.32_UNSET+=DTRACE
-textproc_expat2_SET+=STATIC
-net_frr9_SET+=MULTIPATH
-net_openldap25-client_UNSET+=GSSAPI
-security_ipsec-tools_SET+=RC5 IDEA RADIUS LDAP
-security_strongswan_SET+=MEDIATION GCM
-security_strongswan_UNSET+=EAPAKA3GPP2 EAPSIMFILE SQLITE UNBOUND LOADTESTER TESTVECTOR
-security_openvpn_SET+=DCO
-benchmarks_netperf_UNSET+=OMNI
-sysutils_flashrom_UNSET+=DMIDECODE FTDI
-sysutils_mstflint_SET+=FWMANAGER ADAB
-net_mtr_UNSET+=JSON
-ftp_curl_SET+=GSSAPI_NONE
-ftp_curl_UNSET+=GSSAPI_BASE IMAP GOPHER HTTP2 LIBSSH2 POP3 PSL RTSP SMTP TELNET
-</code>
+The [[https://github.com/ocochard/BSDRP/blob/master/poudriere.etc/poudriere.d/BSDRPj-make.conf|BSDRPj-make.conf]] is on github.
 ==== BSDRP-pkglist ====
-Now the list of package to be builded and added to the final image:
+This file includes the list of package to be builded and added to the final image.
+The [[https://github.com/ocochard/BSDRP/blob/master/poudriere.etc/poudriere.d/BSDRP-pkglist|BSDRP-pkglist]] is on github.
-<code>
-benchmarks/iperf
+==== excluded.files ====
-benchmarks/iperf3
-benchmarks/netperf
+List of files/directory that WITHOUT_ wasn't able to prevent to be on the final image.
-editors/vim@tiny
-emulators/open-vm-tools@nox11
+The [[https://github.com/ocochard/BSDRP/blob/master/poudriere.etc/poudriere.d/excluded.files|excluded.files ]] is on github.
-lang/perl5.32
-lang/python
-net-mgmt/bgpq4
-net-mgmt/bsnmp-regex
-net-mgmt/bsnmp-ucd
-net-mgmt/nrpe3
-net-mgmt/pmacct
-net-mgmt/rtrlib
-net/arping
-net/bird2@netlink
-net/dhcp6
-net/dhcprelya
-net/exabgp4
-net/freevrrpd
-net/frr8
-net/frr8-pythontools
-net/graphpath
-net/isc-dhcp44-server
-net/ixl_unlock
-net/mlvpn
-net/mpd5
-net/mrouted
-net/mrtparse
-net/mtr
-net/nc
-net/netmap-fwd
-net/ntraceroute
-net/pimd
-net/pkt-gen
-net/quagga-bgp-netgen
-net/realtek-re-kmod
-net/tayga
-net/trafshow
-net/ucarp
-net/wireguard-tools
-ports-mgmt/pkg
-security/ca_root_nss
-security/ipsec-tools
-security/openvpn-devel
-security/strongswan
-security/sudo
-security/tinc
-sysutils/devcpu-data
-sysutils/dtrace-toolkit
-sysutils/flashrom
-sysutils/fswatch-mon
-sysutils/intel-pcm
-sysutils/ipmitool
-sysutils/monit
-sysutils/mstflint-lite
-sysutils/tmux
-sysutils/x86info
-</code>
@@ Line 444: / Line 219: @@
 The simplest solution is to re-use already existing BSDRP patched source tree: specific kernel configuration files can be installed into these source tree and use after.
-Start by only patching BSDRP sources (sources and ports) using the BSDRP make.sh script:
+Start by only patching BSDRP sources (sources and ports) using the [[https://github.com/ocochard/BSDRP/blob/master/make.sh|BSDRP make.sh]] script:
 <code>
 ./make.sh -U
@@ Line 456: / Line 231: @@
 <code>
-poudriere jail -c -j BSDRPj -a amd64 -b -m src=/usr/local/BSDRP/BSDRP/FreeBSD/src -K amd64
+poudriere jail -c -j BSDRPj -b -m src=/usr/local/BSDRP/BSDRP/FreeBSD/src -K amd64
 </code>
 Command line details:
@@ Line 463: / Line 238: @@
   * -j: SHORT name for the jail (I can't use BSDRP-amd64-10.3R here because later it will generate a long directory name and long name aren't well supported)
   * -m src=: Path to the patched source branch we want to use
-  * -K: The kernel configuration file, was copied here during patching BSDRP code trees
+  * -K: The kernel configuration file (was copied here during patching BSDRP code tree)
 ===== Creating port tree =====
@@ Line 482: / Line 257: @@
 ===== Generating firmware image =====
-Here I'm instructing to build a 4GB image using the previous sets, jail, port-tree.
+Here I'm instructing to build a 2GB image using the previous sets, jail, port-tree.
 <code>
-poudriere image -t firmware -s 4g -j BSDRPj -p BSDRPp -n BSDRP -h router.bsdrp.net -c /usr/local/BSDRP/BSDRP/Files/ -f /usr/local/etc/poudriere.d/BSDRP-pkglist
+poudriere image -t firmware -s 2g \
+    -j BSDRPj -p BSDRPp -n BSDRP -h router.bsdrp.net \
+    -c BSDRP/Files/ \
+    -f poudriere.etc/poudriere.d/BSDRP-pkglist \
+    -X poudriere.etc/poudriere.d/excluded.files \
+    -A poudriere.etc/poudriere.d/post-script.sh
 </code>
 Command line explanation:
   * -s: Size of full image size (same as the flash media)
+  * -j: The jail we just generated
+  * -p: The poudriere port tree, we just generated its packages
   * -n: Image name, will be use as the partition name too
   * -h: Hostname configured on the image
+  * -c: Directory tree to be copied on the image (that should include a pkg.conf with the FILES_IGNORE_GLOB)
   * -f: List of package to be installed on the image
-  * -c: Directory tree to be copied on the image
+  * -X: List of file to be excluded from the installworld
+  * -A: The post-script, executed at the end, to do the last image tuning (like an mtree or other)
-FIXME: Needs to add a post-script to be added with option "-A post-script" for advanced task like generating an mtree (used for host-IDS) or specific user creation.