Ernie Luzar wrote on 2018/11/26 22:12:
Michael W. Lucas wrote:
Hi,
I'm writing a book on jails and am looking for BCP. I'd like to
present either "This is the approved solution and should work" or
"these are the gotchas with any of these, choose your pain."
Folks want base jails to include packages, but also want to install
additional packages--which won't happen if /usr/local is mounted
read-only in the base jail. Trawling around the Net I see a couple
options. Both involve the primary jail using a different package
repo. The overlay jail uses the standard package repo.
1) primary jail uses a repo with PREFIX=/usr/pkg or /opt. Works in my
simple use cases once I set ldconfig directories in rc.conf, but I'm
told programs like pkgconfig can go sideways.
2) base jail repo uses with PREFIX=/. Utterly violates separation of
base and pkg, but everything should find everything out of the
box. Again, seems to work in my wimpy use cases.
Is there an option that should work? Or is a matter of choosing
between horrors?
Thanks,
==ml
I use a common base jail mounted read only and the jail /usr/local &
/etc mounted r/w. From the jail console bootstrap pkg and every thing
works just like on the host. Now the ports tree is totally different, I
create the ports tree normally on the host. And then if I need the ports
tree in a jail I issue the mv command to move from host to jail and when
its not needed any more I mv it back to the host. Only one ports tree
for host and all jails. Haven't had the need to do that since new pkg
works so good now. Saw this is how qjail does it so used that concept in
my own manual jail system.
You don't need to move ports tree in and out, you can use nullfs mount
of a directory, probably read only in jail with some tweaks in make.conf
in jail:
WRKDIRPREFIX= /var/ports
DISTDIR= /var/ports/distfiles
PACKAGES= /var/ports/packages
INDEXDIR= /var/ports
Or you can share distfiles between host and jail.
Miroslav Lachman
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[email protected]"
