Project

General

Profile

Support #740

Install a Poudriere Package Build System on FreeBSD

Added by Daniel Curtis almost 9 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Package Management
Target version:
Start date:
02/04/2016
Due date:
% Done:

60%

Estimated time:
8.00 h
Spent time:

Description

This is a guide on how I set up poudriere to build packages on FreeBSD 9.

Prepare the Environment

  • Make sure the system is up to date:
    pkg update && pkg upgrade
    
  • Update the ports tree:
    portsnap fetch extract
    

Install Nginx

  • Install nginx:
    pkg install nginx
    
  • Start and enable nginx at boot:
    echo 'nginx_enable="YES"' >> /etc/rc.conf
    service nginx start
    
  • Create a configuration directory to make managing individual server blocks easier
    mkdir /usr/local/etc/nginx/conf.d
    
  • Edit the main nginx config file:
    vi /usr/local/etc/nginx/nginx.conf
    
    • And strip down the config file and add the include statement at the end to make it easier to handle various server blocks:
      worker_processes  1;
      error_log  /var/log/nginx-error.log;
      
      events {
          worker_connections  1024;
      }
      
      http {
          include       mime.types;
          default_type  application/octet-stream;
          sendfile        on;
          keepalive_timeout  65;
      
          # nginx may need to resolve domain names at run time
          resolver 208.67.222.222 208.67.220.220;
      
          # Load config files from the /etc/nginx/conf.d directory
          include /usr/local/etc/nginx/conf.d/*.conf;
      }
      

SSL Certificate

  • Generate a strong SSL key and a CSR to send for signing by a CA:
    cd /usr/local/etc/nginx
    openssl req -sha512 -out build.example.com.csr -new -newkey rsa:4096 -nodes -keyout build.example.com.key
    
  • Next, generate a 4096 bit key called poudriere.key:
    openssl genrsa -out /usr/local/etc/poudriere.key 4096
    
  • After the key is generated, create a public cert from it by typing:
    openssl rsa -in /usr/local/etc/poudriere.key -pubout -out /usr/local/etc/poudriere.crt
    

Install Poudriere

  • Install poudriere and portmaster:
    pkg install poudriere portmaster screen
    
  • Edit the main poudriere configuration file:
    vi /usr/local/etc/poudriere.conf
    
    • We are using UFS, and must set the NO_ZFS flag to "yes". Find and uncomment this option within the file:
      NO_ZFS=yes
      #ZPOOL=tank
      #ZROOTFS=/poudriere
      
    • Change the to the default FREEBSD_HOST location or use a closer mirror if you know of one:
      FREEBSD_HOST=ftp://ftp.freebsd.org
      
    • Next, make sure that the data directory within the poudriere root with the POUDRIERE_DATA option:
      POUDRIERE_DATA=${BASEFS}/data
      
    • Then uncomment the CHECK_CHANGED_OPTIONS and CHECK_CHANGED_DEPS options. The first option tells poudriere to rebuild packages when the options for it have changed. The second option tells tells poudriere to rebuild packages when dependencies have changed since the last compilation:
      CHECK_CHANGED_OPTIONS=verbose
      CHECK_CHANGED_DEPS=yes
      
    • Point poudriere to the SSL key that we created so that it can sign packages as it builds. The option used to specify this is called PKG_REPO_SIGNING_KEY:
      PKG_REPO_SIGNING_KEY=/usr/local/etc/poudriere.key
      
    • Finally, set the URL_BASE string to the domain name or IP address where your server can be reached:
      URL_BASE=http://build.example.com
      

Create the Build Environment

Create FreeBSD 9.3 RELEASE Jail

  • Create the FreeBSD 9.3 jail:
    poudriere jail -c -j freebsd_9-3x64 -v 9.3-RELEASE
    
  • This will take awhile to complete, so be patient. When you are finished, you can see the installed jail by typing:
    poudriere jail -l
    
  • Create the list of ports to build:
    vi /usr/local/etc/poudriere.d/port-list
    
    • And add ports to build:
      www/nginx
      www/rubygem-passenger
      php56
      
  • Use a custom make.conf file for the freebsd_9-3x64 jail:
    vi /usr/local/etc/poudriere.d/freebsd_9-3x64-make.conf
    
    • You can put any options you would like to use when building your ports. For instance, if you do not want to build any documentation, native language support, or X11 support you can set and set passenger:
      OPTIONS_UNSET+= APACHE22 DOCS NLS X11 EXAMPLES
      OPTIONS_SET+= PASSENGER SYMLINK NGINX
      

Running the Build Process

  • Update the jail:
    poudriere jail -u -j freebsd_9-3x64
    
  • Create a default ports tree:
    poudriere ports -c
    
  • To start the build, use the bulk command and point to all of our individual pieces that we have been configuring:
    sudo poudriere bulk -j freebsd_9-3x64 -p default -f /usr/local/etc/poudriere.d/port-list
    
  • At any time during the build process, you can get information about the progress by holding the CTRL key and hitting t:
    CTRL-t
    
  • If you need to step away, you can detach the screen session by hitting CTRL with a to move control to screen, followed by the d key to detach the session:
    CTRL-a d
    
  • When you wish to return to the session you can type:
    screen -r
    

Configure Poudriere Web Frontend

  • Edit the nginx mime.types file:
    sudo vi /usr/local/etc/nginx/mime.types
    
    • Find the entry that specifies the text/plain content type and append log to the end of the current list of filetypes, separated by a space:
      text/plain                          txt log;
      
  • Add a default site server block:
    vi /usr/local/etc/nginx/conf.d/poudriere.example.com.conf
    • Add the following:
      server {
          listen       80 default_server;
          server_name  poudriere.example.com;
      
          access_log  /var/log/poudriere.example.com.log  main;
          root   /usr/local/share/poudriere/html;
      
          location /data {
              alias /usr/local/poudriere/data/logs/bulk;
              autoindex on;
          }
      
          location /packages {
              root /usr/local/poudriere/data;
              autoindex on;
          }
      }
      
  • Restart nginx:
    service nginx restart
    

Resources

Also available in: Atom PDF