Differences

This shows you the differences between two versions of the page.

--- documentation:technical_docs:poudriere [2023/10/10 01:16] – [Building the jail] olivier
+++ documentation:technical_docs:poudriere [2024/04/04 12:19] (current) – [Features matrix comparison] olivier
@@ Line 50: / Line 50: @@
 cat > ~/router-pkglist <<EOF
 sysutils/tmux
-net/frr8
+net/frr9
 net/bird2
 net/mpd5
@@ Line 151: / Line 151: @@
 | Build a specific kernel file  | Just had to install custom kernel int the custom source tree | Customized kernel |
 | Build only list of kernel modules | Declaring MODULES_OVERRIDE in -src.conf | Customized module list |
-| Advanced scripting for building non-ports softwares | FIXME Not available, no idea of how to cleanly add this feature | Need to build some of /usr/src/tools |
+| Advanced scripting for building non-ports softwares | Solution should be to create a port | Need to build some of /usr/src/tools |
 | Advanced tuning of final image | -A post-script and -B pre-script | Generating a mtree (for host-IDS), creating specific users |
 | Building ports using own (outdated) embedded script | NATIVE role of poudriere | Adding ports to image |
 | System upgrade by changing MBR active mode on system partition | System upgrade by setting "bootonce" attribute on system partition (and need to be removed from older?) | Upgrading system partition (new/old)|
+===== poudriere-image patches =====
+List of mandatory patches for poudriere in Pull-request review:
+  * [[https://github.com/freebsd/poudriere/pull/1139|Need to replace loader.efi by gptboot.efi to use GPT attribute bootonce and bootme]]
+  * [[https://github.com/freebsd/poudriere/pull/1140|Need to generate the upgrade image too]]
+List of tuning patches in Pull-request review:
+  * [[https://github.com/freebsd/poudriere/pull/1141|Optimize disk space for space]]
+Merged patches:
+  * [[https://github.com/freebsd/poudriere/commit/2fa915c41d2786aad80b8e59ba07a4f0161df794|Fix default permissions to cfg and data partitions]]
+  * [[https://github.com/freebsd/poudriere/commit/6b07d209c579ddf01a4fab947c4efd9683e6778a|Add bytes to bibytes conversion regarding image size]]
+  * [[https://github.com/freebsd/poudriere/commit/48d15c2a0aff88816ad255d5beefc9ca0c04727b|Generate /etc/os-release]]
+  * [[https://github.com/freebsd/poudriere/commit/32086a1c130380832c872b5d8eb31553e78e9242|Fix excludelist path]]
 ====== Customized poudriere image for BSDRP ======
@@ Line 174: / Line 189: @@
 Then need other configuration files:
   * BSDRP-pkglist : List of packages to be build and included in the final image
-  * A kernel configuration file: I'm using the BSDRP amd64 configuration
+  * A kernel configuration file: I'm using the [[https://github.com/ocochard/BSDRP/blob/master/BSDRP/kernels/amd64|BSDRP amd64 configuration]]
   * excluded.files: A list of file we want to be exculed during the installworld
-  * overlaydir/usr/local/etc/pkg.conf: with a FILES_IGNORE_GLOB list that will exclude files from being extracted during packages installation
+  * [[https://github.com/ocochard/BSDRP/blob/master/BSDRP/Files/usr/local/etc/pkg.conf|overlaydir/usr/local/etc/pkg.conf]]: with a FILES_IGNORE_GLOB list that will exclude files from being extracted during packages installation
 ==== poudriere.d/BSDRPj-src.conf ====
 The previous section of the NanoBSD configuration files found in variables CONF_BUILD and CONF_WORLD in file [[https://github.com/ocochard/BSDRP/blob/4febbb26dad24a38275eba344b85f05bc123e59f/BSDRP/BSDRP.nano|BSDRP/BSDRP.nano]] should be copied in this file.
-As for the BSDRP example, this give this file, that will include the MODULES_OVERRIDE list too
+Notice this jail will be used to build the port, so compiler should be kept here.
-<code>
-cat <<EOF > /usr/local/etc/poudriere.d/BSDRPj-src.conf
-BOOT_BOOT0_COMCONSOLE_SPEED=0
-WITHOUT_ACCT=
-WITHOUT_AMD=
-WITHOUT_APM=
-WITHOUT_ASSERT_DEBUG=
-WITHOUT_ATF=
-WITHOUT_ATM=
-WITHOUT_AUDIT=
-WITHOUT_AUTHPF=
-WITHOUT_AUTOFS=
-WITHOUT_BHYVE=
-WITHOUT_BLUETOOTH=
-WITHOUT_BOOTPARAMD=
-WITHOUT_BOOTPD=
-WITHOUT_BSDINSTALL=
-WITHOUT_CALENDAR=
-WITHOUT_CCD=
-WITHOUT_CROSS_COMPILER=
-WITHOUT_CTM=
-WITHOUT_CVS=
-WITHOUT_DICT=
-WITHOUT_EE=
-WITHOUT_EXAMPLES=
-WITHOUT_FINGER=
-WITHOUT_FLOPPY=
-WITHOUT_FREEBSD_UPDATE=
-WITHOUT_GAMES=
-WITHOUT_GCOV=
-WITHOUT_GNUCXX=
-WITHOUT_GPIB=
-WITHOUT_GPIO=
-WITHOUT_GROFF=
-WITHOUT_HAST=
-WITHOUT_HTML=
-WITHOUT_INFO=
-WITHOUT_IPX=
-WITHOUT_IPX_SUPPORT=
-WITHOUT_ISCSI=
-WITHOUT_KERBEROS=
-WITHOUT_LIB32=
-WITHOUT_LINT=
-WITHOUT_LLVM_ASSERTIONS=
-WITHOUT_LLVM_TARGET_ALL=
-WITHOUT_LOADER_FIREWIRE=
-WITHOUT_LOADER_GELI=
-WITHOUT_LOCATE=
-WITHOUT_LPR=
-WITHOUT_NCP=
-WITHOUT_NDIS=
-WITHOUT_NIS=
-WITHOUT_NLS=
-WITHOUT_NLS_CATALOGS=
-WITHOUT_NS_CACHING=
-WITHOUT_PC_SYSINSTALL=
-WITHOUT_PORTSNAP=
-WITHOUT_PROFILE=
-WITHOUT_QUOTAS=
-WITHOUT_RBOOTD=
-WITHOUT_RCMDS=
-WITHOUT_RCS=
-WITHOUT_RESCUE=
-WITHOUT_ROUTED=
-WITHOUT_SENDMAIL=
-WITHOUT_SERVICESDB=
-WITHOUT_SHAREDOCS=
-WITHOUT_SVNLITE=
-WITHOUT_SYSCONS=
-WITHOUT_SYSINSTALL=
-WITHOUT_TALK=
-WITHOUT_TESTS=
-WITHOUT_TESTS_SUPPORT=
-WITHOUT_TFTP=
-WITHOUT_TIMED=
-WITHOUT_UNBOUND=
-WITHOUT_USB_GADGET_EXAMPLES=
-WITHOUT_WIRELESS=
-WITHOUT_WPA_SUPPLICANT_EAPOL=
-WITHOUT_ZFS=
-WITH_IDEA=
-WITH_OFED=
-WITH_DEBUG_FILES=
-WITH_RETPOLINE=
-WITH_REPRODUCIBLE_BUILD=
-WITH_MALLOC_PRODUCTION=
-WITH_OPENSSL_KTLS=
-MODULES_OVERRIDE= \
-        backlight \
-        blake2 \
-        bridgestp \
-        carp \
-        dtrace \
-        dummynet \
-        fdescfs \
-        if_bridge \
-        if_disc \
-        if_epair \
-        if_gre \
-        if_infiniband \
-        if_lagg \
-        if_stf \
-        if_tuntap \
-        if_vxlan \
-        ipdivert \
-        ipfilter \
-        ipfw \
-        ipfw_nat \
-        ipfw_nat64 \
-        ipfw_pmod \
-        ipfw_nptv6 \
-        ipsec \
-        i2c \
-        fib_dxr \
-        ksyms \
-        libalias \
-        mlx4 \
-        mlx4en \
-        netgraph \
-        nullfs \
-        opensolaris \
-        pf \
-        pfsync \
-        pflog \
-        rc4 \
-        unionfs \
-        usb/uether \
-        usb/urndis \
-        amdsbwd \
-        amdsmn \
-        amdtemp \
-        cpuctl \
-        coretemp \
-        dpdk_lpm4 \
-        dpdk_lpm6 \
-        ena \
-        ichwd \
-        ioat \
-        ipmi \
-        ispfw \
-        hifn \
-        hyperv \
-        qat \
-        qatfw \
-        qat_c2xxx \
-        hwpmc \
-        padlock \
-        qlxgb \
-        qlxgbe \
-        safe \
-        vmware
-EOF
-</code>
+The [[https://github.com/ocochard/BSDRP/blob/master/poudriere.etc/poudriere.d/BSDRPj-src.conf|BSDRPj-src.conf]] is on github.
 ==== poudriere.d/image-BSDRPj-src.conf ====
-Allow to ADD WITHOUT that will be removed during installworld
+Allow to ADD WITHOUT_ knob that will be removed during installworld into the final image.
-<code>
+This is where we remove compiler and other no-more used part.
-WITHOUT_DEBUG_FILES=
-WITHOUT_TOOLCHAIN=
+The [[https://github.com/ocochard/BSDRP/blob/master/poudriere.etc/poudriere.d/image-BSDRPj-src.conf|image-BSDRPj-src.conf]] is on github.
-# Still 26M in /usr/includes, need to exclude them with the excludefiles
-WITHOUT_INCLUDES=
-WITHOUT_KERNEL_SYMBOLS=
-WITHOUT_INSTALLLIB=
-WITHOUT_FDT=
-WITHOUT_SERVICESDB=
-</code>
 ==== poudriere.d/BSDRPj-make.conf ====
-This file contains configuration parameters common for all ports.
+This file contains build parameters for the ports.
-<code>
-OPTIONS_UNSET+=DOCS EXAMPLES INFO NLS X11 DOXYGEN
-lang_perl5.32_UNSET+=DTRACE
-textproc_expat2_SET+=STATIC
-net_frr9_SET+=MULTIPATH
-net_openldap25-client_UNSET+=GSSAPI
-security_ipsec-tools_SET+=RC5 IDEA RADIUS LDAP
-security_strongswan_SET+=MEDIATION GCM
-security_strongswan_UNSET+=EAPAKA3GPP2 EAPSIMFILE SQLITE UNBOUND LOADTESTER TESTVECTOR
-security_openvpn_SET+=DCO
-benchmarks_netperf_UNSET+=OMNI
-sysutils_flashrom_UNSET+=DMIDECODE FTDI
-sysutils_mstflint_SET+=FWMANAGER ADAB
-net_mtr_UNSET+=JSON
-ftp_curl_SET+=GSSAPI_NONE
-ftp_curl_UNSET+=GSSAPI_BASE IMAP GOPHER HTTP2 LIBSSH2 POP3 PSL RTSP SMTP TELNET
-</code>
+The [[https://github.com/ocochard/BSDRP/blob/master/poudriere.etc/poudriere.d/BSDRPj-make.conf|BSDRPj-make.conf]] is on github.
 ==== BSDRP-pkglist ====
-Now the list of package to be builded and added to the final image:
+This file includes the list of package to be builded and added to the final image.
-<code>
+The [[https://github.com/ocochard/BSDRP/blob/master/poudriere.etc/poudriere.d/BSDRP-pkglist|BSDRP-pkglist]] is on github.
-benchmarks/iperf
-benchmarks/iperf3
-benchmarks/netperf
-editors/vim@tiny
-emulators/open-vm-tools@nox11
+==== excluded.files ====
-lang/perl5.32
-lang/python
+List of files/directory that WITHOUT_ wasn't able to prevent to be on the final image.
-net-mgmt/bgpq4
-net-mgmt/bsnmp-regex
+The [[https://github.com/ocochard/BSDRP/blob/master/poudriere.etc/poudriere.d/excluded.files|excluded.files ]] is on github.
-net-mgmt/bsnmp-ucd
-net-mgmt/nrpe3
-net-mgmt/pmacct
-net-mgmt/rtrlib
-net/arping
-net/bird2@netlink
-net/dhcp6
-net/dhcprelya
-net/exabgp4
-net/freevrrpd
-net/frr8
-net/frr8-pythontools
-net/graphpath
-net/isc-dhcp44-server
-net/ixl_unlock
-net/mlvpn
-net/mpd5
-net/mrouted
-net/mrtparse
-net/mtr
-net/nc
-net/netmap-fwd
-net/ntraceroute
-net/pimd
-net/pkt-gen
-net/quagga-bgp-netgen
-net/realtek-re-kmod
-net/tayga
-net/trafshow
-net/ucarp
-net/wireguard-tools
-ports-mgmt/pkg
-security/ca_root_nss
-security/ipsec-tools
-security/openvpn-devel
-security/strongswan
-security/sudo
-security/tinc
-sysutils/devcpu-data
-sysutils/dtrace-toolkit
-sysutils/flashrom
-sysutils/fswatch-mon
-sysutils/intel-pcm
-sysutils/ipmitool
-sysutils/monit
-sysutils/mstflint-lite
-sysutils/tmux
-sysutils/x86info
-</code>
@@ Line 482: / Line 272: @@
 ===== Generating firmware image =====
-Here I'm instructing to build a 4GB image using the previous sets, jail, port-tree.
+Here I'm instructing to build a 2GB image using the previous sets, jail, port-tree.
 <code>
 poudriere image -t firmware -s 2g \