Date: Mon, 27 Oct 2025 23:40:08 +0100 From: vermaden <vermaden@interia.pl> To: freebsd-stable@FreeBSD.org, freebsd-current@freebsd.org Subject: Poudriere in Highly Secure Environment with Proxy Access Message-ID: <ntmvcsvhroliyweunxqo@mtzr>
next in thread | raw e-mail | index | archive | help
Hi, I need to use Poudriere in a highly secured environment without direct Internet connection and without DNS that reaches out to the outside world. To setup the Poudriere Jails the env(1) settings work. ``` # \ env HTTP_PROXY="http://proxy.freebsd.xyz:3128/" \ HTTPS_PROXY="https://proxy.freebsd.xyz:3128/" \ FTP_PROXY="http://proxy.freebsd.xyz:3128/" \ poudriere jail -c -j 14-3-R-amd64 -v 14.3-RELEASE ``` To fetch Ports tree git(1) option does the job - while env(1) method does not work. ``` # git config --system http.proxy http://proxy.freebsd.xyz:3128/ # poudriere ports -c -p default [00:00:00] Creating default fs at /var/local/poudriere/ports/default... done [00:00:00] Cloning the ports tree... ``` Now - while the above steps work - I am not able to make poudriere bulk to work. None of the methods above work. Bare metal FreeBSD host in the same environment needs these settings to make pkg(8) do bootstrap and work. This PKG_ENV at the end of /usr/local/etc/pkg.conf file: ``` # tail -6 /usr/local/etc/pkg.conf PKG_ENV { HTTP_PROXY: "http://proxy.freebsd.xyz:3128" HTTPS_PROXY: "https://proxy.freebsd.xyz:3128" FTP_PROXY: "http://proxy.freebsd.xyz:3128" } ``` But that is not all. The pkg+ prefix needs to be removed from url: and mirror_type: needs to be changed from srv to none. After these changes pkg(8) works. ``` - url: "pkg+https://pkg.FreeBSD.org/${ABI}/latest", + url: "https://pkg.FreeBSD.org/${ABI}/latest", - mirror_type: "srv", + mirror_type: "none", ``` Now - my questions: Which part of Poudriere I need to modify that: I will have this custom pkg.conf inside FreeBSD Jail before the build bulk process. I will have git(1) option http.proxy defined as http://proxy.freebsd.xyz:3128 value. I assume it should be put somewhere just after Jail start and before bulk process of building packages. This is how it fails 'live': - https://github.com/user-attachments/assets/f2304bdf-c56f-4d7b-82df-b460f140ca1c I also created the same on pkg(8) GitHub: - https://github.com/freebsd/poudriere/issues/1279 Thanks for help. Regards, vermaden
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ntmvcsvhroliyweunxqo>