documentation:technical_docs:poudriere
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
documentation:technical_docs:poudriere [2023/10/10 01:16] – [Building the jail] olivier | documentation:technical_docs:poudriere [2024/04/04 12:19] (current) – [Features matrix comparison] olivier | ||
---|---|---|---|
Line 50: | Line 50: | ||
cat > ~/ | cat > ~/ | ||
sysutils/ | sysutils/ | ||
- | net/frr8 | + | net/frr9 |
net/bird2 | net/bird2 | ||
net/mpd5 | net/mpd5 | ||
Line 151: | Line 151: | ||
| Build a specific kernel file | Just had to install custom kernel int the custom source tree | Customized kernel | | | Build a specific kernel file | Just had to install custom kernel int the custom source tree | Customized kernel | | ||
| Build only list of kernel modules | Declaring MODULES_OVERRIDE in -src.conf | Customized module list | | | Build only list of kernel modules | Declaring MODULES_OVERRIDE in -src.conf | Customized module list | | ||
- | | Advanced scripting for building non-ports softwares | FIXME Not available, no idea of how to cleanly add this feature | + | | Advanced scripting for building non-ports softwares | Solution should be to create a port | Need to build some of / |
| Advanced tuning of final image | -A post-script and -B pre-script | Generating a mtree (for host-IDS), creating specific users | | | Advanced tuning of final image | -A post-script and -B pre-script | Generating a mtree (for host-IDS), creating specific users | | ||
| Building ports using own (outdated) embedded script | NATIVE role of poudriere | Adding ports to image | | | Building ports using own (outdated) embedded script | NATIVE role of poudriere | Adding ports to image | | ||
| System upgrade by changing MBR active mode on system partition | System upgrade by setting " | | System upgrade by changing MBR active mode on system partition | System upgrade by setting " | ||
+ | |||
+ | ===== poudriere-image patches ===== | ||
+ | |||
+ | List of mandatory patches for poudriere in Pull-request review: | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
+ | List of tuning patches in Pull-request review: | ||
+ | * [[https:// | ||
+ | |||
+ | Merged patches: | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
====== Customized poudriere image for BSDRP ====== | ====== Customized poudriere image for BSDRP ====== | ||
Line 174: | Line 189: | ||
Then need other configuration files: | Then need other configuration files: | ||
* BSDRP-pkglist : List of packages to be build and included in the final image | * BSDRP-pkglist : List of packages to be build and included in the final image | ||
- | * A kernel configuration file: I'm using the BSDRP amd64 configuration | + | * A kernel configuration file: I'm using the [[https:// |
* excluded.files: | * excluded.files: | ||
- | * overlaydir/ | + | * [[https:// |
==== poudriere.d/ | ==== poudriere.d/ | ||
The previous section of the NanoBSD configuration files found in variables CONF_BUILD and CONF_WORLD in file [[https:// | The previous section of the NanoBSD configuration files found in variables CONF_BUILD and CONF_WORLD in file [[https:// | ||
- | As for the BSDRP example, | + | Notice |
- | < | + | |
- | cat <<EOF > / | + | |
- | BOOT_BOOT0_COMCONSOLE_SPEED=0 | + | |
- | WITHOUT_ACCT= | + | |
- | WITHOUT_AMD= | + | |
- | WITHOUT_APM= | + | |
- | WITHOUT_ASSERT_DEBUG= | + | |
- | WITHOUT_ATF= | + | |
- | WITHOUT_ATM= | + | |
- | WITHOUT_AUDIT= | + | |
- | WITHOUT_AUTHPF= | + | |
- | WITHOUT_AUTOFS= | + | |
- | WITHOUT_BHYVE= | + | |
- | WITHOUT_BLUETOOTH= | + | |
- | WITHOUT_BOOTPARAMD= | + | |
- | WITHOUT_BOOTPD= | + | |
- | WITHOUT_BSDINSTALL= | + | |
- | WITHOUT_CALENDAR= | + | |
- | WITHOUT_CCD= | + | |
- | WITHOUT_CROSS_COMPILER= | + | |
- | WITHOUT_CTM= | + | |
- | WITHOUT_CVS= | + | |
- | WITHOUT_DICT= | + | |
- | WITHOUT_EE= | + | |
- | WITHOUT_EXAMPLES= | + | |
- | WITHOUT_FINGER= | + | |
- | WITHOUT_FLOPPY= | + | |
- | WITHOUT_FREEBSD_UPDATE= | + | |
- | WITHOUT_GAMES= | + | |
- | WITHOUT_GCOV= | + | |
- | WITHOUT_GNUCXX= | + | |
- | WITHOUT_GPIB= | + | |
- | WITHOUT_GPIO= | + | |
- | WITHOUT_GROFF= | + | |
- | WITHOUT_HAST= | + | |
- | WITHOUT_HTML= | + | |
- | WITHOUT_INFO= | + | |
- | WITHOUT_IPX= | + | |
- | WITHOUT_IPX_SUPPORT= | + | |
- | WITHOUT_ISCSI= | + | |
- | WITHOUT_KERBEROS= | + | |
- | WITHOUT_LIB32= | + | |
- | WITHOUT_LINT= | + | |
- | WITHOUT_LLVM_ASSERTIONS= | + | |
- | WITHOUT_LLVM_TARGET_ALL= | + | |
- | WITHOUT_LOADER_FIREWIRE= | + | |
- | WITHOUT_LOADER_GELI= | + | |
- | WITHOUT_LOCATE= | + | |
- | WITHOUT_LPR= | + | |
- | WITHOUT_NCP= | + | |
- | WITHOUT_NDIS= | + | |
- | WITHOUT_NIS= | + | |
- | WITHOUT_NLS= | + | |
- | WITHOUT_NLS_CATALOGS= | + | |
- | WITHOUT_NS_CACHING= | + | |
- | WITHOUT_PC_SYSINSTALL= | + | |
- | WITHOUT_PORTSNAP= | + | |
- | WITHOUT_PROFILE= | + | |
- | WITHOUT_QUOTAS= | + | |
- | WITHOUT_RBOOTD= | + | |
- | WITHOUT_RCMDS= | + | |
- | WITHOUT_RCS= | + | |
- | WITHOUT_RESCUE= | + | |
- | WITHOUT_ROUTED= | + | |
- | WITHOUT_SENDMAIL= | + | |
- | WITHOUT_SERVICESDB= | + | |
- | WITHOUT_SHAREDOCS= | + | |
- | WITHOUT_SVNLITE= | + | |
- | WITHOUT_SYSCONS= | + | |
- | WITHOUT_SYSINSTALL= | + | |
- | WITHOUT_TALK= | + | |
- | WITHOUT_TESTS= | + | |
- | WITHOUT_TESTS_SUPPORT= | + | |
- | WITHOUT_TFTP= | + | |
- | WITHOUT_TIMED= | + | |
- | WITHOUT_UNBOUND= | + | |
- | WITHOUT_USB_GADGET_EXAMPLES= | + | |
- | WITHOUT_WIRELESS= | + | |
- | WITHOUT_WPA_SUPPLICANT_EAPOL= | + | |
- | WITHOUT_ZFS= | + | |
- | WITH_IDEA= | + | |
- | WITH_OFED= | + | |
- | WITH_DEBUG_FILES= | + | |
- | WITH_RETPOLINE= | + | |
- | WITH_REPRODUCIBLE_BUILD= | + | |
- | WITH_MALLOC_PRODUCTION= | + | |
- | WITH_OPENSSL_KTLS= | + | |
- | MODULES_OVERRIDE= \ | + | |
- | backlight \ | + | |
- | blake2 \ | + | |
- | bridgestp \ | + | |
- | carp \ | + | |
- | dtrace \ | + | |
- | dummynet \ | + | |
- | fdescfs \ | + | |
- | if_bridge \ | + | |
- | if_disc \ | + | |
- | if_epair \ | + | |
- | if_gre \ | + | |
- | if_infiniband \ | + | |
- | if_lagg \ | + | |
- | if_stf \ | + | |
- | if_tuntap \ | + | |
- | if_vxlan \ | + | |
- | ipdivert \ | + | |
- | ipfilter \ | + | |
- | ipfw \ | + | |
- | ipfw_nat \ | + | |
- | ipfw_nat64 \ | + | |
- | ipfw_pmod \ | + | |
- | ipfw_nptv6 \ | + | |
- | ipsec \ | + | |
- | i2c \ | + | |
- | fib_dxr \ | + | |
- | ksyms \ | + | |
- | libalias \ | + | |
- | mlx4 \ | + | |
- | mlx4en \ | + | |
- | netgraph \ | + | |
- | nullfs \ | + | |
- | opensolaris \ | + | |
- | pf \ | + | |
- | pfsync \ | + | |
- | pflog \ | + | |
- | rc4 \ | + | |
- | unionfs \ | + | |
- | usb/uether \ | + | |
- | usb/urndis \ | + | |
- | amdsbwd \ | + | |
- | amdsmn \ | + | |
- | amdtemp \ | + | |
- | cpuctl \ | + | |
- | coretemp \ | + | |
- | dpdk_lpm4 \ | + | |
- | dpdk_lpm6 \ | + | |
- | ena \ | + | |
- | ichwd \ | + | |
- | ioat \ | + | |
- | ipmi \ | + | |
- | ispfw \ | + | |
- | hifn \ | + | |
- | hyperv \ | + | |
- | qat \ | + | |
- | qatfw \ | + | |
- | qat_c2xxx \ | + | |
- | hwpmc \ | + | |
- | padlock \ | + | |
- | qlxgb \ | + | |
- | qlxgbe \ | + | |
- | safe \ | + | |
- | vmware | + | |
- | EOF | + | |
- | </ | + | |
+ | The [[https:// | ||
==== poudriere.d/ | ==== poudriere.d/ | ||
- | Allow to ADD WITHOUT | + | Allow to ADD WITHOUT_ knob that will be removed during installworld |
- | < | + | This is where we remove compiler and other no-more used part. |
- | WITHOUT_DEBUG_FILES= | + | |
- | WITHOUT_TOOLCHAIN= | + | The [[https://github.com/ |
- | # Still 26M in /usr/includes, need to exclude them with the excludefiles | + | |
- | WITHOUT_INCLUDES= | + | |
- | WITHOUT_KERNEL_SYMBOLS= | + | |
- | WITHOUT_INSTALLLIB= | + | |
- | WITHOUT_FDT= | + | |
- | WITHOUT_SERVICESDB= | + | |
- | </code> | + | |
==== poudriere.d/ | ==== poudriere.d/ | ||
- | This file contains | + | This file contains |
- | + | ||
- | < | + | |
- | OPTIONS_UNSET+=DOCS EXAMPLES INFO NLS X11 DOXYGEN | + | |
- | lang_perl5.32_UNSET+=DTRACE | + | |
- | textproc_expat2_SET+=STATIC | + | |
- | net_frr9_SET+=MULTIPATH | + | |
- | net_openldap25-client_UNSET+=GSSAPI | + | |
- | security_ipsec-tools_SET+=RC5 IDEA RADIUS LDAP | + | |
- | security_strongswan_SET+=MEDIATION GCM | + | |
- | security_strongswan_UNSET+=EAPAKA3GPP2 EAPSIMFILE SQLITE UNBOUND LOADTESTER TESTVECTOR | + | |
- | security_openvpn_SET+=DCO | + | |
- | benchmarks_netperf_UNSET+=OMNI | + | |
- | sysutils_flashrom_UNSET+=DMIDECODE FTDI | + | |
- | sysutils_mstflint_SET+=FWMANAGER ADAB | + | |
- | net_mtr_UNSET+=JSON | + | |
- | ftp_curl_SET+=GSSAPI_NONE | + | |
- | ftp_curl_UNSET+=GSSAPI_BASE IMAP GOPHER HTTP2 LIBSSH2 POP3 PSL RTSP SMTP TELNET | + | |
- | </ | + | |
+ | The [[https:// | ||
==== BSDRP-pkglist ==== | ==== BSDRP-pkglist ==== | ||
- | Now the list of package to be builded and added to the final image: | + | This file includes |
- | < | + | The [[https://github.com/ocochard/BSDRP/blob/master/poudriere.etc/poudriere.d/BSDRP-pkglist|BSDRP-pkglist]] is on github. |
- | benchmarks/iperf | + | |
- | benchmarks/iperf3 | + | |
- | benchmarks/ | + | |
- | editors/ | + | |
- | emulators/ | + | ==== excluded.files ==== |
- | lang/perl5.32 | + | |
- | lang/python | + | List of files/directory that WITHOUT_ wasn't able to prevent to be on the final image. |
- | net-mgmt/bgpq4 | + | |
- | net-mgmt/bsnmp-regex | + | The [[https://github.com/ocochard/BSDRP/blob/master/poudriere.etc/poudriere.d/excluded.files|excluded.files ]] is on github. |
- | net-mgmt/bsnmp-ucd | + | |
- | net-mgmt/nrpe3 | + | |
- | net-mgmt/pmacct | + | |
- | net-mgmt/rtrlib | + | |
- | net/ | + | |
- | net/ | + | |
- | net/dhcp6 | + | |
- | net/ | + | |
- | net/ | + | |
- | net/ | + | |
- | net/frr8 | + | |
- | net/frr8-pythontools | + | |
- | net/ | + | |
- | net/isc-dhcp44-server | + | |
- | net/ | + | |
- | net/mlvpn | + | |
- | net/mpd5 | + | |
- | net/mrouted | + | |
- | net/ | + | |
- | net/mtr | + | |
- | net/nc | + | |
- | net/ | + | |
- | net/ntraceroute | + | |
- | net/pimd | + | |
- | net/pkt-gen | + | |
- | net/quagga-bgp-netgen | + | |
- | net/realtek-re-kmod | + | |
- | net/tayga | + | |
- | net/trafshow | + | |
- | net/ucarp | + | |
- | net/wireguard-tools | + | |
- | ports-mgmt/ | + | |
- | security/ | + | |
- | security/ | + | |
- | security/ | + | |
- | security/ | + | |
- | security/ | + | |
- | security/ | + | |
- | sysutils/ | + | |
- | sysutils/ | + | |
- | sysutils/ | + | |
- | sysutils/ | + | |
- | sysutils/ | + | |
- | sysutils/ | + | |
- | sysutils/ | + | |
- | sysutils/ | + | |
- | sysutils/ | + | |
- | sysutils/ | + | |
- | </ | + | |
Line 482: | Line 272: | ||
===== Generating firmware image ===== | ===== Generating firmware image ===== | ||
- | Here I'm instructing to build a 4GB image using the previous sets, jail, port-tree. | + | Here I'm instructing to build a 2GB image using the previous sets, jail, port-tree. |
< | < | ||
poudriere image -t firmware -s 2g \ | poudriere image -t firmware -s 2g \ |
documentation/technical_docs/poudriere.1696893378.txt.gz · Last modified: 2023/10/10 01:16 by olivier