Date: Mon, 26 Nov 2018 23:18:16 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> To: Ernie Luzar <luzar722@gmail.com> Cc: ports@freebsd.org Subject: Re: packages and base jails Message-ID: <708c6c1d-81a6-d86d-6bc0-03d282757612@quip.cz> In-Reply-To: <5BFC61BE.2070100@gmail.com> References: <20181126202407.GA95942@mail.michaelwlucas.com> <5BFC61BE.2070100@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ernie Luzar wrote on 2018/11/26 22:12: > Michael W. Lucas wrote: >> Hi, >> >> I'm writing a book on jails and am looking for BCP. I'd like to >> present either "This is the approved solution and should work" or >> "these are the gotchas with any of these, choose your pain." >> >> Folks want base jails to include packages, but also want to install >> additional packages--which won't happen if /usr/local is mounted >> read-only in the base jail. Trawling around the Net I see a couple >> options. Both involve the primary jail using a different package >> repo. The overlay jail uses the standard package repo. >> >> 1) primary jail uses a repo with PREFIX=/usr/pkg or /opt. Works in my >> simple use cases once I set ldconfig directories in rc.conf, but I'm >> told programs like pkgconfig can go sideways. >> >> 2) base jail repo uses with PREFIX=/. Utterly violates separation of >> base and pkg, but everything should find everything out of the >> box. Again, seems to work in my wimpy use cases. >> >> Is there an option that should work? Or is a matter of choosing >> between horrors? >> >> Thanks, >> ==ml >> >> >> > I use a common base jail mounted read only and the jail /usr/local & > /etc mounted r/w. From the jail console bootstrap pkg and every thing > works just like on the host. Now the ports tree is totally different, I > create the ports tree normally on the host. And then if I need the ports > tree in a jail I issue the mv command to move from host to jail and when > its not needed any more I mv it back to the host. Only one ports tree > for host and all jails. Haven't had the need to do that since new pkg > works so good now. Saw this is how qjail does it so used that concept in > my own manual jail system. You don't need to move ports tree in and out, you can use nullfs mount of a directory, probably read only in jail with some tweaks in make.conf in jail: WRKDIRPREFIX= /var/ports DISTDIR= /var/ports/distfiles PACKAGES= /var/ports/packages INDEXDIR= /var/ports Or you can share distfiles between host and jail. Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?708c6c1d-81a6-d86d-6bc0-03d282757612>