From owner-freebsd-ports@freebsd.org Mon Nov 26 21:12:33 2018 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 98ACD11449D6 for ; Mon, 26 Nov 2018 21:12:33 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 00B846B51E for ; Mon, 26 Nov 2018 21:12:33 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id B7B6411449D4; Mon, 26 Nov 2018 21:12:32 +0000 (UTC) Delivered-To: ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 94FAB11449D3 for ; Mon, 26 Nov 2018 21:12:32 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-it1-x129.google.com (mail-it1-x129.google.com [IPv6:2607:f8b0:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EC14B6B518 for ; Mon, 26 Nov 2018 21:12:31 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-it1-x129.google.com with SMTP id x124so136188itd.1 for ; Mon, 26 Nov 2018 13:12:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=HzXSPaZ5qy9fADIHb9AgpkPmm7fzTtcDUNEqNMenGfc=; b=d5T6KjbwQespZaSgphXu3eXyKQ+HuMOd/sYs/fbKQYQH+iN3p2EPPxY4j7HQiYgqEG hk+9t/Xhhd4fYswoQCnxD+e0ng2VaRNp+JoR4+tEJ5qsgYOvALFCuaAGo95RASiHuNP9 /JqGirXkwsufl80/Om8M1opu6pOzOSWX2FqaJVl2G3/wbO/qIz6IcuOaJG6c0ktcIjtm i+7QAkxfrPr81WfeVFCCjjtCk2Uxky7atwcAFEedRK23n3TO8bU5NxmiqnGA0+vzS/Y8 HNaiAZX3or+7MJUwW/Blwiof3FdVn6TvNXomJFqQFh2HlRhniARsjIwK5sNizNY49/vg txEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=HzXSPaZ5qy9fADIHb9AgpkPmm7fzTtcDUNEqNMenGfc=; b=LRULIduRJyPU130fRjNGlYZXKF2mW6QhxRkY681ueGghLmEak61IhEqxhApjmR2koh uIcul+la2lBEN9GwfDLCIwsATcJsd7lW6UWkvOUiEehM6dTo+8GrRvXRaT7SUoMYtc5v htJtEk4mznp5CFXKPDEHYp2SZWIOeBVxpaFiAzKI2xG5t96xoqacEzqOkOhrSTT7Ji8d 6RFUZRuwHanpEO4agNggsGYfbvaDfYX+CX53VB939gflGYYcKs1y6r4wcaVzV0QLdTMQ By0okufgnw5WjS01p9cIEg+4DhIEEvfGKdeBSbzpi/0BIao2mC9GVqbF9gZo4m7u+Zyp wCRg== X-Gm-Message-State: AA+aEWYjObXOK0EBSEFk9QLYvJqFTCftSsOMkgcxbrI3K69gUvQGXPEq otPUZSD0H6AX5oE2rDBTWRBFG5tC X-Google-Smtp-Source: AFSGD/WfnYsu6AGrh9btIC/Pf5N13u+ev4/PnuSbrJdBBL38ktKtFVvh/GodPXf0FGgVEG4Ohs6mfw== X-Received: by 2002:a02:8c4a:: with SMTP id j10mr17551602jal.129.1543266751313; Mon, 26 Nov 2018 13:12:31 -0800 (PST) Received: from [10.0.10.7] (cpe-65-25-48-31.neo.res.rr.com. [65.25.48.31]) by smtp.googlemail.com with ESMTPSA id c10sm491930iok.23.2018.11.26.13.12.29 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Nov 2018 13:12:30 -0800 (PST) Message-ID: <5BFC61BE.2070100@gmail.com> Date: Mon, 26 Nov 2018 16:12:30 -0500 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: "Michael W. Lucas" CC: ports@freebsd.org Subject: Re: packages and base jails References: <20181126202407.GA95942@mail.michaelwlucas.com> In-Reply-To: <20181126202407.GA95942@mail.michaelwlucas.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 00B846B51E X-Spamd-Result: default: False [-8.03 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; FORGED_RECIPIENTS_FORWARDING(0.00)[]; FORWARDED(0.00)[ports@mailman.ysv.freebsd.org]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; SPF_FAIL_FORWARDING(0.00)[]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; R_SPF_SOFTFAIL(0.00)[~all]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(0.00)[gmail.com,none]; RCVD_IN_DNSWL_MED(-0.20)[5.0.0.0.0.5.0.0.0.0.0.0.0.0.0.0.a.6.0.2.4.5.2.2.0.0.9.1.1.0.0.2.list.dnswl.org : 127.0.9.2]; DMARC_POLICY_ALLOW_WITH_FAILURES(-0.50)[]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(-3.64)[ip: (-9.87), ipnet: 2001:1900:2254::/48(-4.70), asn: 10310(-3.55), country: US(-0.09)]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:10310, ipnet:2001:1900:2254::/48, country:US]; FORGED_RECIPIENTS(0.00)[mwlucas@michaelwlucas.com ..,freebsd-ports@freebsd.org]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com]; RCVD_COUNT_FIVE(0.00)[6]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_SHORT(-0.98)[-0.975,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2018 21:12:33 -0000 Michael W. Lucas wrote: > Hi, > > I'm writing a book on jails and am looking for BCP. I'd like to > present either "This is the approved solution and should work" or > "these are the gotchas with any of these, choose your pain." > > Folks want base jails to include packages, but also want to install > additional packages--which won't happen if /usr/local is mounted > read-only in the base jail. Trawling around the Net I see a couple > options. Both involve the primary jail using a different package > repo. The overlay jail uses the standard package repo. > > 1) primary jail uses a repo with PREFIX=/usr/pkg or /opt. Works in my > simple use cases once I set ldconfig directories in rc.conf, but I'm > told programs like pkgconfig can go sideways. > > 2) base jail repo uses with PREFIX=/. Utterly violates separation of > base and pkg, but everything should find everything out of the > box. Again, seems to work in my wimpy use cases. > > Is there an option that should work? Or is a matter of choosing > between horrors? > > Thanks, > ==ml > > > I use a common base jail mounted read only and the jail /usr/local & /etc mounted r/w. From the jail console bootstrap pkg and every thing works just like on the host. Now the ports tree is totally different, I create the ports tree normally on the host. And then if I need the ports tree in a jail I issue the mv command to move from host to jail and when its not needed any more I mv it back to the host. Only one ports tree for host and all jails. Haven't had the need to do that since new pkg works so good now. Saw this is how qjail does it so used that concept in my own manual jail system.