Differences

This shows you the differences between two versions of the page.

--- documentation:technical_docs:poudriere [2019/03/02 14:33] – external edit 127.0.0.1
+++ documentation:technical_docs:poudriere [2024/04/04 12:19] (current) – [Features matrix comparison] olivier
@@ Line 21: / Line 21: @@
 But once you get a clean jail in one side, and a list of fresh generated package in other side, why not mix them together in a "nanobsd like" firmware ?
-This is the "poudriere image" feature includes in poudriere-devel-3.2.99.20180601
+This is the "poudriere image" feature includes in poudriere-git-3.3.99.20220713 that is presented here.
-that is presented here.
 ===== Images generated by Poudriere =====
 Poudriere can generate multiple "image" types (default is iso+zmfs):
-  * iso: An ISO 9660 format image
+  * iso: ISO 9660 format image
-  * iso+mfs: An ISO 9660 format image where the root filesystem is MFS mounted
+    * iso+mfs: ISO 9660 variant where the root filesystem is MFS mounted
-  * iso+zmfs (default): An ISO 9660 format image where the root filesystem is LZ77 compressed and is MFS mounted.
+    * iso+zmfs (default): ISO 9660 variant where the root filesystem is LZ77 compressed and is MFS mounted.
-  * usb: A GPT-layout prepared UFS2 image containing a UEFI boot loader.
+  * usb: GPT-layout prepared UFS2 image containing a UEFI boot loader.
-  * usb+mfs : A GPT-layout prepared UFS2 image containing a UEFI boot loader where the root filesystem is MFS mounted
+    * usb+mfs : variant  where the root filesystem is MFS mounted
-  * usb+zmfs: A GPT-layout prepared UFS2 image containing a UEFI boot loader where the root filesystem is LZ77 compressed and is MFS mounted.
+    * usb+zmfs: variant  where the root filesystem is LZ77 compressed and is MFS mounted.
-  * firmware: A NanoBSD style image with a GPT partitions and a UEFI boot loader
+  * rawdisk: raw UFS2, softupdates-enabled, disk image
-  * rawfirmware: A raw disk image (Update image that includes only one system partition of the firmware?)
+  * zrawdisk: raw ZFS disk image
-  * rawdisk: A raw UFS2, softupdates-enabled, disk image
+  * tar: XZ-compressed tarball
-  * zrawdisk: A raw ZFS disk image
+  * firmware: NanoBSD style image with a GPT partitions and a UEFI boot loader
-  * tar: An XZ-compressed tarball
+  * rawfirmware: raw disk image (Update image that includes only one system partition of the firmware?)
-  * embedded: Create a u-boot ready embedded image
+  * embedded: u-boot ready embedded image
+  * zsnapshot: zfs snapshot full and incremental to be used in a jail
 ===== The 6 minimum steps to build a poudriere firmware image =====
@@ Line 45: / Line 45: @@
   - Install poudriere and configure it: <code>pkg install poudriere-devel
 echo "ZPOOL="`zpool list -H | cut -f1` >> /usr/local/etc/poudriere.conf</code>
-  - Create a poudriere jail WITH a GENERIC kernel (by default kernel is not build & installed):  <code>poudriere jail -c -j router -v 12.0-RELEASE -K GENERIC</code>
+  - Create a poudriere jail WITH a GENERIC kernel (by default kernel is not build & installed), here named "router":  <code>poudriere jail -c -j router -v 13.2-RELEASE -K GENERIC</code>
   - Create a port-tree using "poudriere ports":<code>poudriere ports -c -p router-ports</code>
   - Generate list of ports to be build & added into the firmware image:<code>
 cat > ~/router-pkglist <<EOF
 sysutils/tmux
-net/frr6
+net/frr9
-net/bird
+net/bird2
 net/mpd5
 EOF</code>
-  - Build them using "poudriere bulk":<code>poudriere bulk -j router -p router-ports -f ~/router-pkglist</code>
+  - Build the ports (ie: generate binary packages) from the corresponding jail using "poudriere bulk":<code>poudriere bulk -j router -p router-ports -f ~/router-pkglist</code>
   - Generate your disk image (4Gb total, because 2 systems partitions of 2Gb) using "poudriere image": <code>
 poudriere image -t firmware -j router -s 4g -p router-ports -h router -n router -f ~/router-pkglist
 (...)
-[00:00:40] Image available at: /usr/local/poudriere/data/images//router.img</code>
+[00:00:15] Creating ESP image
+[00:00:15] ESP Image created
+[00:00:21] Image available at: /usr/local/poudriere/data/images/router.img</code>
 ===== Comparing poudriere firmware image and nanobsd image =====
@@ Line 66: / Line 68: @@
 Start by checking poudriere firmware file size:
 <code>
-root@lame4:~ # # ls -alh /usr/local/poudriere/data/images/router.img
+# ls -alh /usr/local/poudriere/data/images/router.img
--rw-r--r--  1 root  wheel   3.6G Feb 19 23:48 /usr/local/poudriere/data/images/router.img
+-rw-r--r--  1 root  wheel   3.8G Jul 22 19:24 /usr/local/poudriere/data/images/router.img
 </code>
-We've obtained a 3.6GiB disk image file... which fit into a [[https://github.com/freebsd/poudriere/pull/638|marketed-size 4GB flash disk]].
+We've obtained a 3.8GiB disk image file... which fit into a [[https://github.com/freebsd/poudriere/pull/638|marketed-size 4GB flash disk]].
@@ Line 77: / Line 78: @@
 The resulting images partition layout will have the same behavior than a nanobsd:
-  * GPT partition with EFI bootloader (nanobsd uses a MBR scheme with BIOS bootloader)
+  * 10M GPT partition with EFI bootloader (nanobsd uses a MBR scheme with BIOS bootloader)
   * first 991M (calculated from user input) system partition called gpt/${IMAGENAME}1
   * second system partition called gpt/${IMAGENAME}2
@@ Line 84: / Line 85: @@
 <code>
-root@router:~ # gpart show -l
+# mdconfig -a -t vnode -f /usr/local/poudriere/data/images/router.img
-=>      4  4191926  vtbd0  GPT  (2.0G)
+md0
-     1600      1  (null)  (800K)
+# gpart show -l md0
-      118      2  (null)  (59K)
+=>      4  7995515  md0  GPT  (3.8G)
-  2029568      3  router1  (991M)
+    20480    1  (null)  (10M)
-  2031290  2029568      4  router2  (991M)
+      123    2  (null)  (62K)
-  4060858    65536      5  cfg  (32M)
+  3921920    3  router1  (1.9G)
-  4126394    65536      6  data  (32M)
+  3942527  3921920    4  router2  (1.9G)
+  7864447    65536    5  cfg  (32M)
-=>      4  4191926  diskid/DISK-BHYVE-59FF-34DA-1F19  GPT  (2.0G)
+  7929983    65536    6  data  (32M)
-     1600                                 1  (null)  (800K)
-      118                                 2  (null)  (59K)
+# mount /dev/gpt/router1 /mnt/
-  2029568                                 3  router1  (991M)
+# df -h /mnt
-  2031290  2029568                                 4  router2  (991M)
-  4060858    65536                                 5  cfg  (32M)
-  4126394    65536                                 6  data  (32M)
-root@router:~ # df -h
 Filesystem          Size    Used   Avail Capacity  Mounted on
-/dev/gpt/router1    1.8G    1.2G    424M    75%    /
+/dev/gpt/router1    1.8G    1.5G    103M    94%    /mnt
-devfs               1.0K    1.0K      0B   100%    /dev
-tmpfs                32M    3.2M     29M    10%    /etc
-tmpfs                32M    2.7M     29M     8%    /var
 </code>
 ==== /etc ram disk ====
@@ Line 129: / Line 122: @@
 ==== fstab ====
-fstab is compliant to nanobsd too:
+poudriere's fstab is using gpt labels, while nanobsd one using ufs labels:
 <code>
@@ Line 155: / Line 148: @@
 ^ BSDRP customized nanobsd usage  ^ poudriere image     ^ Purpose ^
 | Support differents src.conf: One for buildworld and another for installword | src.conf used for buildworld and installworld, image-JAILNAME[-SET]-src.conf added for installworld/delete-old. Allow to use the -X exclude_list too | Using WITHOUT_INCLUDES or WITHOUT_DEBUG just for installworld but not for buildworld |
-| Downloading a specific source revision of a stable/releng/head   | use svn url@rev (or custom source tree with '-b -m src=/usr/src') | Allow reproducing the same build on different systems |
+| Downloading a specific source revision of a stable/releng/head   | use svn url@rev (or custom source tree with '-b -m src=/usr/src') or using branches | Allow reproducing the same build on different systems |
 | Build a specific kernel file  | Just had to install custom kernel int the custom source tree | Customized kernel |
-| Build only list of kernel modules | FIXME How to do that? | Customized module list |
+| Build only list of kernel modules | Declaring MODULES_OVERRIDE in -src.conf | Customized module list |
-| Advanced scripting for building non-ports softwares | FIXME Not available, no idea of how to cleanly add this feature | Need to build some of /usr/src/tools |
+| Advanced scripting for building non-ports softwares | Solution should be to create a port | Need to build some of /usr/src/tools |
-| Advanced tunning of final image | FIXME Need to add a hook | Generating a mtree (for host-IDS), creating specific users |
+| Advanced tuning of final image | -A post-script and -B pre-script | Generating a mtree (for host-IDS), creating specific users |
 | Building ports using own (outdated) embedded script | NATIVE role of poudriere | Adding ports to image |
 | System upgrade by changing MBR active mode on system partition | System upgrade by setting "bootonce" attribute on system partition (and need to be removed from older?) | Upgrading system partition (new/old)|
+===== poudriere-image patches =====
+List of mandatory patches for poudriere in Pull-request review:
+  * [[https://github.com/freebsd/poudriere/pull/1139|Need to replace loader.efi by gptboot.efi to use GPT attribute bootonce and bootme]]
+  * [[https://github.com/freebsd/poudriere/pull/1140|Need to generate the upgrade image too]]
+List of tuning patches in Pull-request review:
+  * [[https://github.com/freebsd/poudriere/pull/1141|Optimize disk space for space]]
+Merged patches:
+  * [[https://github.com/freebsd/poudriere/commit/2fa915c41d2786aad80b8e59ba07a4f0161df794|Fix default permissions to cfg and data partitions]]
+  * [[https://github.com/freebsd/poudriere/commit/6b07d209c579ddf01a4fab947c4efd9683e6778a|Add bytes to bibytes conversion regarding image size]]
+  * [[https://github.com/freebsd/poudriere/commit/48d15c2a0aff88816ad255d5beefc9ca0c04727b|Generate /etc/os-release]]
+  * [[https://github.com/freebsd/poudriere/commit/32086a1c130380832c872b5d8eb31553e78e9242|Fix excludelist path]]
 ====== Customized poudriere image for BSDRP ======
-How to manually (without a "wrapper" script) configure poudriere for generating a BSDRP firmware image.
+How to configure poudriere to generate a BSDRP firmware image.
 ===== Set of configuration files =====
-We need to start creating a set of configuration files, named BSDRP:
+To be able to reproduce the highly customized BSDRP firmware image, we need multiples configuration files.
-  * poudriere.d/BSDRP-src.conf : Include all src.conf parameters used for reference jail buildworld/installworld
-  * poudriere.d/BSDRP-make.conf : Include all common ports parameters
+Poudriere will requiere jail and port so prepending j and p to avoid confusion:
-  * poudriere.d/BSDRP-options/$CATEGORY_$PORTNAME/options : Include specific options for $CATEGORY/$PORTNAME
+  * BSDRPj for the jail name
-  * poudriere.d/image-$JAILNAME[-$SETNAME]-src.conf : parameters added for installworld (followed by a delete-old)
+  * BSDRPp for the port tree name
+We need to start creating a set of configuration files, named prefixed with the name BSDRP-:
+  * poudriere.d/BSDRPj-src.conf : Include all src.conf parameters used for reference jail buildworld/installworld
+  * poudriere.d/BSDRPj-make.conf : Include all common ports parameters (and ports build options)
+  * poudriere.d/image-BSDRPj-src.conf : parameters added for installworld (followed by a delete-old)
 Then need other configuration files:
   * BSDRP-pkglist : List of packages to be build and included in the final image
+  * A kernel configuration file: I'm using the [[https://github.com/ocochard/BSDRP/blob/master/BSDRP/kernels/amd64|BSDRP amd64 configuration]]
-==== poudriere.d/BSDRP-src.conf ====
+  * excluded.files: A list of file we want to be exculed during the installworld
+  * [[https://github.com/ocochard/BSDRP/blob/master/BSDRP/Files/usr/local/etc/pkg.conf|overlaydir/usr/local/etc/pkg.conf]]: with a FILES_IGNORE_GLOB list that will exclude files from being extracted during packages installation
+==== poudriere.d/BSDRPj-src.conf ====
 The previous section of the NanoBSD configuration files found in variables CONF_BUILD and CONF_WORLD in file [[https://github.com/ocochard/BSDRP/blob/4febbb26dad24a38275eba344b85f05bc123e59f/BSDRP/BSDRP.nano|BSDRP/BSDRP.nano]] should be copied in this file.
-As for the BSDRP example, this give this file:
+Notice this jail will be used to build the port, so compiler should be kept here.
-<code>
-MALLOC_PRODUCTION=
-BOOT_BOOT0_COMCONSOLE_SPEED=0
-WITHOUT_ACCT=
-WITHOUT_AMD=
-WITHOUT_APM=
-WITHOUT_ASSERT_DEBUG=
-WITHOUT_ATF=
-WITHOUT_ATM=
-WITHOUT_AUDIT=
-WITHOUT_AUTHPF=
-WITHOUT_AUTOFS=
-WITHOUT_BHYVE=
-WITHOUT_BLUETOOTH=
-WITHOUT_BOOTPARAMD=
-WITHOUT_BOOTPD=
-WITHOUT_BSDINSTALL=
-WITHOUT_CALENDAR=
-WITHOUT_CCD=
-WITHOUT_CTM=
-WITHOUT_CVS=
-WITHOUT_DICT=
-WITHOUT_EE=
-WITHOUT_EXAMPLES=
-WITHOUT_FINGER=
-WITHOUT_FLOPPY=
-WITHOUT_FREEBSD_UPDATE=
-WITHOUT_GAMES=
-WITHOUT_GCOV=
-WITHOUT_GNUCXX=
-WITHOUT_GPIB=
-WITHOUT_GPIO=
-WITHOUT_GROFF=
-WITHOUT_HAST=
-WITHOUT_HTML=
-WITHOUT_ICONV=
-WITHOUT_INFO=
-WITHOUT_IPX=
-WITHOUT_IPX_SUPPORT=
-WITHOUT_ISCSI=
-WITHOUT_LIB32=
-WITHOUT_LINT=
-WITHOUT_LOADER_FIREWIRE=
-WITHOUT_LOADER_GELI=
-WITHOUT_LOCATE=
-WITHOUT_LPR=
-WITHOUT_NCP=
-WITHOUT_NDIS=
-WITHOUT_NETCAT=
-WITHOUT_NIS=
-WITHOUT_NLS=
-WITHOUT_NLS_CATALOGS=
-WITHOUT_NS_CACHING=
-WITHOUT_PC_SYSINSTALL=
-WITHOUT_PORTSNAP=
-WITHOUT_PROFILE=
-WITHOUT_QUOTAS=
-WITHOUT_RBOOTD=
-WITHOUT_RCMDS=
-WITHOUT_RCS=
-WITHOUT_RESCUE=
-WITHOUT_ROUTED=
-WITHOUT_SENDMAIL=
-WITHOUT_SERVICESDB=
-WITHOUT_SHAREDOCS=
-WITHOUT_SVNLITE=
-WITHOUT_SYSCONS=
-WITHOUT_SYSINSTALL=
-WITHOUT_TALK=
-WITHOUT_TESTS=
-WITHOUT_TESTS_SUPPORT=
-WITHOUT_TFTP=
-WITHOUT_TIMED=
-WITHOUT_UNBOUND=
-WITHOUT_USB_GADGET_EXAMPLES=
-WITHOUT_WIRELESS=
-WITHOUT_WPA_SUPPLICANT_EAPOL=
-WITHOUT_ZFS=
-WITH_IDEA=
-WITH_OFED=
-WITH_DEBUG_FILES=
-WITH_REPRODUCIBLE_BUILD=
-WITH_DIRDEPS_BUILD=
-WITH_RETPOLINE=
-</code>
-==== poudriere.d/image-JAILNAME-src.conf ====
+The [[https://github.com/ocochard/BSDRP/blob/master/poudriere.etc/poudriere.d/BSDRPj-src.conf|BSDRPj-src.conf]] is on github.
+==== poudriere.d/image-BSDRPj-src.conf ====
-Allow to ADD WITHOUT that will be removed during installworld
+Allow to ADD WITHOUT_ knob that will be removed during installworld into the final image.
-<code>
+This is where we remove compiler and other no-more used part.
-cat <<EOF > /usr/local/etc/poudriere.d/image-BSDRP-src.conf
-WITHOUT_DEBUG_FILES=
-WITHOUT_TOOLCHAIN=
-WITHOUT_INCLUDES=
-EOF
-</code>
-==== poudriere.d/BSDRP-make.conf ====
-This file contains configuration parameters common for all ports.
+The [[https://github.com/ocochard/BSDRP/blob/master/poudriere.etc/poudriere.d/image-BSDRPj-src.conf|image-BSDRPj-src.conf]] is on github.
+==== poudriere.d/BSDRPj-make.conf ====
-For BSDRP, it is simple:
-<code>
-cat <<EOF > /usr/local/etc/poudriere.d/BSDRP-make.conf
-OPTIONS_UNSET+= DOCS NLS X11 EXAMPLES
-EOF
-</code>
-==== poudriere.d/BSDRP-options/$CATEGORY_$PORTNAME/options ====
+This file contains build parameters for the ports.
-If the ports builded need to use specific options, they need to be declared.
+The [[https://github.com/ocochard/BSDRP/blob/master/poudriere.etc/poudriere.d/BSDRPj-make.conf|BSDRPj-make.conf]] is on github.
-Using the command line "poudriere option -z BSDRP CATEGORY/PORTNAME" is the way of doing this easly.
-Or you can do this:
-<code>
-rm -rf /var/db/ports/*
-cd /usr/ports/net/bird
-make config
-cd ../frr
-make config
-cd ../../security/ipsec-tools/
-make config
-cd ../strongswan
-make config
-cd ../../sysutils/flashrom/
-make config
-cp -r /var/db/ports/* poudriere.d/BSDRP-options/
-</code>
 ==== BSDRP-pkglist ====
-Now the list of package to be builded and added to the final image:
+This file includes the list of package to be builded and added to the final image.
-<code>
+The [[https://github.com/ocochard/BSDRP/blob/master/poudriere.etc/poudriere.d/BSDRP-pkglist|BSDRP-pkglist]] is on github.
-security/ca_root_nss                                                                                                               [15/9237]
-net-mgmt/bsnmp-regex
-net-mgmt/bsnmp-ucd
-lang/python36
-lang/python3
+==== excluded.files ====
-lang/python
-devel/py-setuptools
+List of files/directory that WITHOUT_ wasn't able to prevent to be on the final image.
-net-mgmt/rtrlib
-net/frr6
+The [[https://github.com/ocochard/BSDRP/blob/master/poudriere.etc/poudriere.d/excluded.files|excluded.files ]] is on github.
-net/bird2
-net/freevrrpd
-net/openldap24-client
-security/ipsec-tools
-security/strongswan
-net-mgmt/pmacct
-net/ucarp
-net/arping
-net/smcroute
-net/pim6-tools
-net/pim6dd
-net/pim6sd
-net/mrouted
-net/pimdd
-net/pimd
-net/tayga
-net/isc-dhcp44-server
-net/dhcprelya
-net/dhcp6
-sysutils/fswatch-mon
-sysutils/monit
-sysutils/tmux
-sysutils/ipmitool
-security/sudo
-net/mpd5
-net/mlvpn
-security/easy-rsa
-security/openvpn
-benchmarks/iperf3
-net/exabgp
-sysutils/flashrom
-sysutils/x86info
-sysutils/devcpu-data
-sysutils/intel-pcm
-net/ntraceroute
-net-mgmt/bgpq3
-net/ixl_unlock
-net/graphpath
-net/quagga-bgp-netgen
-</code>
@@ Line 373: / Line 234: @@
 The simplest solution is to re-use already existing BSDRP patched source tree: specific kernel configuration files can be installed into these source tree and use after.
-Start by only patching BSDRP sources (sources and ports) using the BSDRP make.sh script:
+Start by only patching BSDRP sources (sources and ports) using the [[https://github.com/ocochard/BSDRP/blob/master/make.sh|BSDRP make.sh]] script:
 <code>
 ./make.sh -U
@@ Line 385: / Line 246: @@
 <code>
-poudriere jail -c -j BSDRP -a amd64 -z BSDRP -b -m src=/usr/local/BSDRP/BSDRP/FreeBSD/src -K amd64
+poudriere jail -c -j BSDRPj -b -m src=/usr/local/BSDRP/BSDRP/FreeBSD/src -K amd64
 </code>
 Command line details:
@@ Line 392: / Line 253: @@
   * -j: SHORT name for the jail (I can't use BSDRP-amd64-10.3R here because later it will generate a long directory name and long name aren't well supported)
   * -m src=: Path to the patched source branch we want to use
-  * -z: Configuration set name, used for loading the BSDRP-src.conf
+  * -K: The kernel configuration file (was copied here during patching BSDRP code tree)
-  * -K: The kernel configuration file, was copied here during patching BSDRP code trees
 ===== Creating port tree =====
@@ Line 400: / Line 260: @@
 <code>
-poudriere ports -c -p BSDRP-ports -m null -M /usr/local/BSDRP/BSDRP/FreeBSD/ports
+poudriere ports -c -p BSDRPp -m null -M /usr/local/BSDRP/BSDRP/FreeBSD/ports
 </code>
 ===== Build packages =====
-poudriere native role, we just give the jail name, sets name and port-tree name to use then the list of packages.
+poudriere native role, we just give the jail name and port-tree name to use then the list of packages.
 <code>
-poudriere bulk -j BSDRP -z BSDRP -p BSDRP-ports -f /usr/local/etc/poudriere.d/BSDRP-pkglist
+poudriere bulk -j BSDRPj -p BSDRPp -f /usr/local/etc/poudriere.d/BSDRP-pkglist
 </code>
 ===== Generating firmware image =====
-Here I'm instructing to build a 4GB image using the previous sets, jail, port-tree.
+Here I'm instructing to build a 2GB image using the previous sets, jail, port-tree.
 <code>
-poudriere image -t firmware -s 4g -j BSDRP -p BSDRP-ports -z BSDRP -n BSDRP -h router.bsdrp.net -c /usr/local/BSDRP/BSDRP/Files/ -f /usr/local/etc/poudriere.d/BSDRP-pkglist
+poudriere image -t firmware -s 2g \
+    -j BSDRPj -p BSDRPp -n BSDRP -h router.bsdrp.net \
+    -c BSDRP/Files/ \
+    -f poudriere.etc/poudriere.d/BSDRP-pkglist \
+    -X poudriere.etc/poudriere.d/excluded.files \
+    -A poudriere.etc/poudriere.d/post-script.sh
 </code>
 Command line explanation:
   * -s: Size of full image size (same as the flash media)
+  * -j: The jail we just generated
+  * -p: The poudriere port tree, we just generated its packages
   * -n: Image name, will be use as the partition name too
   * -h: Hostname configured on the image
+  * -c: Directory tree to be copied on the image (that should include a pkg.conf with the FILES_IGNORE_GLOB)
   * -f: List of package to be installed on the image
-  * -c: Directory tree to be copied on the image
+  * -X: List of file to be excluded from the installworld
+  * -A: The post-script, executed at the end, to do the last image tuning (like an mtree or other)
-FIXME: It needs a hook at the end of image generation for advanced task like generating an mtree (used for host-IDS) or specific user creation.