It’s time.
All my hosts are on 15.0 and on pkgbase.
Next, let’s move a jail to pkgbase.
In this post:
- FreeBSD 15.0
- the jail is named empty
I’m following instructions based on the official docs and copying from a previous post: Running pkgbasify on FreeBSD 15.0
snapshot, not bectl
Because it’a jail, I’m doing this for the filesystem of the jail. The commands are run on the jail host.
data01/jails/empty 18.3G 7.08T 15.4G /jails/empty [23:48 r730-03 dvl ~] % sudo zfs snapshot data01/jails/empty@before-pkgbasify [23:57 r730-03 dvl ~] %
Over in the jail
Over in the jail, I did this:
[23:49 empty root ~] # fetch https://github.com/FreeBSDFoundation/pkgbasify/raw/refs/heads/main/pkgbasify.lua
pkgbasify.lua 21 kB 8695 kBps 00s
[23:49 empty root ~] # chmod +x ./pkgbasify.lua
[23:49 empty root ~] # tmux
root@empty:~ # ./pkgbasify.lua
Running this tool will irreversibly modify your system to use pkgbase.
This tool and pkgbase are experimental and may result in a broken system.
It is highly recommended to backup your system before proceeding.
Do you accept this risk and wish to continue? (y/n) y
Updating local repository catalogue...
[empty.int.unixathome.org] Fetching meta.conf: 100% 179 B 0.2 kB/s 00:01
[empty.int.unixathome.org] Fetching data: 100% 358 KiB 366.9 kB/s 00:01
Processing entries: 100%
local repository update completed. 970 packages processed.
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD-ports repository catalogue...
[empty.int.unixathome.org] Fetching meta.conf: 100% 179 B 0.2 kB/s 00:01
[empty.int.unixathome.org] Fetching data: 100% 10 MiB 11.0 MB/s 00:01
Processing entries: 100%
FreeBSD-ports repository update completed. 37066 packages processed.
Updating FreeBSD-ports-kmods repository catalogue...
[empty.int.unixathome.org] Fetching meta.conf: 100% 179 B 0.2 kB/s 00:01
[empty.int.unixathome.org] Fetching data: 100% 35 KiB 35.9 kB/s 00:01
Processing entries: 100%
FreeBSD-ports-kmods repository update completed. 240 packages processed.
Updating FreeBSD-base repository catalogue...
[empty.int.unixathome.org] Fetching meta.conf: 100% 179 B 0.2 kB/s 00:01
[empty.int.unixathome.org] Fetching data: 100% 81 KiB 82.5 kB/s 00:01
Processing entries: 100%
FreeBSD-base repository update completed. 496 packages processed.
All repositories are up to date.
Creating //usr/local/etc/pkg/repos/FreeBSD-base.conf
Adding BACKUP_LIBRARIES=yes to /usr/local/etc/pkg.conf
Updating FreeBSD-base repository catalogue...
[empty.int.unixathome.org] Fetching meta.conf: 100% 179 B 0.2 kB/s 00:01
[empty.int.unixathome.org] Fetching data: 100% 81 KiB 82.5 kB/s 00:01
Processing entries: 100%
FreeBSD-base repository update completed. 496 packages processed.
FreeBSD-base is up to date.
The following 312 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
FreeBSD-acct: 15.0 [FreeBSD-base]
FreeBSD-acpi: 15.0 [FreeBSD-base]
...
FreeBSD-zlib-lib32: 15.0 [FreeBSD-base]
FreeBSD-zoneinfo: 15.0p7 [FreeBSD-base]
Number of packages to be installed: 312
The process will require 1 GiB more space.
370 MiB to be downloaded.
[empty.int.unixathome.org] [ 1/312] Fetching FreeBSD-libmilter-dev-15.0p10: 100% 86 KiB 87.8 kB/s 00:01
[empty.int.unixathome.org] [ 2/312] Fetching FreeBSD-libsqlite3-dev-15.0: 100% 2144 KiB 2.2 MB/s 00:01
...
[empty.int.unixathome.org] [311/312] Fetching FreeBSD-smbutils-dev-lib32-15.0: 100% 85 KiB 87.2 kB/s 00:01
[empty.int.unixathome.org] [312/312] Fetching FreeBSD-ctf-dev-15.0: 100% 138 KiB 141.6 kB/s 00:01
Checking integrity... done (0 conflicting)
pkg: Package FreeBSD-cron has files with flags that cannot be managed in this jail. Set allow.chflags in the jail configuration.
Fetching packages failed, try again? (y/n)
Because I needed to stop this jail, I replied no:
Fetching packages failed, try again? (y/n) Fetching packages failed, try again? (y/n) Fetching packages failed, try again? (y/n) Fetching packages failed, try again? (y/n) Fetching packages failed, try again? (y/n) n Canceled
I added this parameter to the /etc/jail.conf entry for the empty:
# added for pkgbasify
allow.chflags;
Then I restarted that jail:
[0:02 r730-03 dvl ~] % sudo service jail restart empty Stopping jails: empty. Starting jails: empty. [0:03 r730-03 dvl ~] %
Back into the jail to try again:
[0:03 empty root ~] # ./pkgbasify.lua ... Processing entries: 100% FreeBSD-base repository update completed. 496 packages processed. All repositories are up to date. Overwrite //usr/local/etc/pkg/repos/FreeBSD-base.conf? (y/n) y ... [empty.int.unixathome.org] [ 19/312] Extracting FreeBSD-bmake-15.0: 100% [empty.int.unixathome.org] [ 20/312] Reinstalling FreeBSD-bootloader-15.0... [empty.int.unixathome.org] [ 20/312] Extracting FreeBSD-bootloader-15.0: 9% pkg: openat(boot/device.hints): No such file or directory [empty.int.unixathome.org] [ 20/312] Extracting FreeBSD-bootloader-15.0: 100% [empty.int.unixathome.org] [ 21/312] Reinstalling FreeBSD-bootloader-dev-15.0... [empty.int.unixathome.org] [ 21/312] Extracting FreeBSD-bootloader-dev-15.0: 100% ... [empty.int.unixathome.org] [ 32/312] Extracting FreeBSD-clibs-15.0p11: 100% Cannot install /lib/libc.so.7, installed as /lib/libc.so.7.pkgnew pkg: Failed to chflags /lib/libc.so.7:Operation not permitted Error: exit Restarting sshd Performing sanity check on sshd configuration. Stopping sshd. Waiting for PIDS: 34877. Performing sanity check on sshd configuration. Starting sshd. An error occurred during conversion leaving the system in a partially converted state. Please determine and resolve the root cause of the error. When you believe the error will not happen again, run pkgbasify with the --force argument to try and complete the conversion.
Well. OK then, let’s try:
[0:04 empty root ~] # ./pkgbasify.lua Error: The system is already using pkgbase. Pass --force to run pkgbasify anyway, for example to fix a partial conversion. [0:06 empty root ~] # ./pkgbasify.lua --force Running this tool will irreversibly modify your system to use pkgbase. This tool and pkgbase are experimental and may result in a broken system. It is highly recommended to backup your system before proceeding. Do you accept this risk and wish to continue? (y/n) y ... Processing entries: 100% FreeBSD-base repository update completed. 496 packages processed. All repositories are up to date. Overwrite //usr/local/etc/pkg/repos/FreeBSD-base.conf? (y/n) y ... An error occurred during conversion leaving the system in a partially converted state. Please determine and resolve the root cause of the error. When you believe the error will not happen again, run pkgbasify with the --force argument to try and complete the conversion.
Hmm.
It seems everything is installed:
[0:08 empty root ~] # pkg info -x FreeBSD | wc -l
312
That value matches with the host system.
Let’s restart the jail.
After restarting the jail
After restarting the jail, we have:
[0:09 empty dvl ~] % pkg repos -e
FreeBSD-base: {
url : "pkg+https://pkg.FreeBSD.org/FreeBSD:15:amd64/base_release_0",
enabled : yes,
priority : 0,
mirror_type : "SRV",
signature_type : "FINGERPRINTS",
fingerprints : "/usr/share/keys/pkgbase-15"
}
local: {
url : "http://fedex.int.unixathome.org/packages/FreeBSD:15:amd64",
enabled : yes,
priority : 0,
signature_type : "PUBKEY",
pubkey : "/etc/ssl/slocum.unixathome.org.cert"
}
[0:09 empty dvl ~] %
That seems right to me.
How about a pkg-upgrade?
[0:09 empty dvl ~] % sudo pkg upgrade Updating FreeBSD-base repository catalogue... FreeBSD-base repository is up to date. Updating local repository catalogue... local repository is up to date. All repositories are up to date. Checking for upgrades (13 candidates): 100% Processing candidates (13 candidates): 100% The following 12 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: bind-tools: 9.20.23 -> 9.20.24 [local] curl: 8.20.0 -> 8.21.0 [local] jq: 1.8.1 -> 1.8.2 [local] libcbor: 0.13.0 -> 0.14.0 [local] libcjson: 1.7.19 -> 1.7.19_1 [local] libffi: 3.5.2 -> 3.6.0 [local] libpsl: 0.21.5_2 -> 0.22.0 [local] libssh2: 1.11.1,3 -> 1.11.1_1,3 [local] mosquitto: 2.1.2_2 -> 2.1.2_3 [local] p5-IO-Socket-SSL: 2.098 -> 2.099 [local] rsync: 3.4.4 -> 3.4.4_1 [local] zsh: 5.9_5 -> 5.9.1 [local] Number of packages to be upgraded: 12 10 MiB to be downloaded. Proceed with this action? [y/N]: y [empty.int.unixathome.org] [ 1/12] Fetching mosquitto-2.1.2_3: 100% 476 KiB 487.7 kB/s 00:01 [empty.int.unixathome.org] [ 2/12] Fetching libcbor-0.14.0: 100% 83 KiB 85.4 kB/s 00:01 [empty.int.unixathome.org] [ 3/12] Fetching jq-1.8.2: 100% 340 KiB 348.5 kB/s 00:01 [empty.int.unixathome.org] [ 4/12] Fetching bind-tools-9.20.24: 100% 1579 KiB 1.6 MB/s 00:01 [empty.int.unixathome.org] [ 5/12] Fetching libpsl-0.22.0: 100% 66 KiB 68.1 kB/s 00:01 [empty.int.unixathome.org] [ 6/12] Fetching libcjson-1.7.19_1: 100% 39 KiB 39.5 kB/s 00:01 [empty.int.unixathome.org] [ 7/12] Fetching p5-IO-Socket-SSL-2.099: 100% 198 KiB 202.5 kB/s 00:01 [empty.int.unixathome.org] [ 8/12] Fetching rsync-3.4.4_1: 100% 401 KiB 410.3 kB/s 00:01 [empty.int.unixathome.org] [ 9/12] Fetching curl-8.21.0: 100% 1850 KiB 1.9 MB/s 00:01 [empty.int.unixathome.org] [10/12] Fetching zsh-5.9.1: 100% 5046 KiB 5.2 MB/s 00:01 [empty.int.unixathome.org] [11/12] Fetching libffi-3.6.0: 100% 50 KiB 51.0 kB/s 00:01 [empty.int.unixathome.org] [12/12] Fetching libssh2-1.11.1_1,3: 100% 244 KiB 249.6 kB/s 00:01 Checking integrity... done (0 conflicting) [empty.int.unixathome.org] [ 1/12] Upgrading bind-tools from 9.20.23 to 9.20.24... [empty.int.unixathome.org] [ 1/12] Extracting bind-tools-9.20.24: 100% [empty.int.unixathome.org] [ 2/12] Upgrading jq from 1.8.1 to 1.8.2... [empty.int.unixathome.org] [ 2/12] Extracting jq-1.8.2: 100% [empty.int.unixathome.org] [ 3/12] Upgrading libcbor from 0.13.0 to 0.14.0... [empty.int.unixathome.org] [ 3/12] Extracting libcbor-0.14.0: 100% [empty.int.unixathome.org] [ 4/12] Upgrading libcjson from 1.7.19 to 1.7.19_1... [empty.int.unixathome.org] [ 4/12] Extracting libcjson-1.7.19_1: 100% [empty.int.unixathome.org] [ 5/12] Upgrading libffi from 3.5.2 to 3.6.0... [empty.int.unixathome.org] [ 5/12] Extracting libffi-3.6.0: 100% [empty.int.unixathome.org] [ 6/12] Upgrading libpsl from 0.21.5_2 to 0.22.0... [empty.int.unixathome.org] [ 6/12] Extracting libpsl-0.22.0: 100% [empty.int.unixathome.org] [ 7/12] Upgrading libssh2 from 1.11.1,3 to 1.11.1_1,3... [empty.int.unixathome.org] [ 7/12] Extracting libssh2-1.11.1_1,3: 100% [empty.int.unixathome.org] [ 8/12] Upgrading curl from 8.20.0 to 8.21.0... [empty.int.unixathome.org] [ 8/12] Extracting curl-8.21.0: 100% [empty.int.unixathome.org] [ 9/12] Upgrading mosquitto from 2.1.2_2 to 2.1.2_3... ===> Creating users Using existing user 'nobody' [empty.int.unixathome.org] [ 9/12] Extracting mosquitto-2.1.2_3: 100% [empty.int.unixathome.org] [10/12] Upgrading p5-IO-Socket-SSL from 2.098 to 2.099... [empty.int.unixathome.org] [10/12] Extracting p5-IO-Socket-SSL-2.099: 100% [empty.int.unixathome.org] [11/12] Upgrading rsync from 3.4.4 to 3.4.4_1... [empty.int.unixathome.org] [11/12] Extracting rsync-3.4.4_1: 100% [empty.int.unixathome.org] [12/12] Upgrading zsh from 5.9_5 to 5.9.1... [empty.int.unixathome.org] [12/12] Extracting zsh-5.9.1: 100% You may need to manually remove /usr/local/etc/mosquitto/mosquitto.conf if it is no longer needed.
That seems good too.
So, what went wrong?
But wait, that error!
I just noticed this error, which appears in both of the last runs:
[empty.int.unixathome.org] [ 32/312] Extracting FreeBSD-clibs-15.0p11: 100% Cannot install /lib/libc.so.7, installed as /lib/libc.so.7.pkgnew pkg: Failed to chflags /lib/libc.so.7:Operation not permitted Error: exit Restarting sshd
I think chflags is still an issue.
Let’s try adding this to the jail configuration and restart it:
securelevel = -1;
This is the full run:
[0:29 empty root ~] # ./pkgbasify.lua --force Running this tool will irreversibly modify your system to use pkgbase. This tool and pkgbase are experimental and may result in a broken system. It is highly recommended to backup your system before proceeding. Do you accept this risk and wish to continue? (y/n) y Updating FreeBSD-base repository catalogue... FreeBSD-base repository is up to date. Updating local repository catalogue... local repository is up to date. All repositories are up to date. Checking integrity... done (0 conflicting) Your packages are up to date. Updating FreeBSD-ports repository catalogue... [empty.int.unixathome.org] Fetching meta.conf: 100% 179 B 0.2 kB/s 00:01 [empty.int.unixathome.org] Fetching data: 100% 10 MiB 11.0 MB/s 00:01 Processing entries: 100% FreeBSD-ports repository update completed. 37066 packages processed. Updating FreeBSD-ports-kmods repository catalogue... [empty.int.unixathome.org] Fetching meta.conf: 100% 179 B 0.2 kB/s 00:01 [empty.int.unixathome.org] Fetching data: 100% 35 KiB 35.9 kB/s 00:01 Processing entries: 100% FreeBSD-ports-kmods repository update completed. 240 packages processed. Updating FreeBSD-base repository catalogue... [empty.int.unixathome.org] Fetching meta.conf: 100% 179 B 0.2 kB/s 00:01 [empty.int.unixathome.org] Fetching data: 100% 81 KiB 82.5 kB/s 00:01 Processing entries: 100% FreeBSD-base repository update completed. 496 packages processed. All repositories are up to date. Overwrite //usr/local/etc/pkg/repos/FreeBSD-base.conf? (y/n) y Overwriting //usr/local/etc/pkg/repos/FreeBSD-base.conf Updating FreeBSD-base repository catalogue... FreeBSD-base repository is up to date. FreeBSD-base is up to date. Checking integrity... done (0 conflicting) The most recent versions of packages are already installed Checking integrity... done (0 conflicting) The most recent versions of packages are already installed Checking integrity... done (0 conflicting) The following 312 package(s) will be affected (of 0 checked): Installed packages to be REINSTALLED: FreeBSD-acct-15.0 [FreeBSD-base] ... FreeBSD-zoneinfo-15.0p7 [FreeBSD-base] Number of packages to be reinstalled: 312 [empty.int.unixathome.org] [ 1/312] Reinstalling FreeBSD-acct-15.0... [empty.int.unixathome.org] [ 1/312] Extracting FreeBSD-acct-15.0: 100% ... [empty.int.unixathome.org] [215/312] Reinstalling FreeBSD-caroot-15.0... [empty.int.unixathome.org] [215/312] Extracting FreeBSD-caroot-15.0: 100% certctl: legacy directory /etc/ssl/blacklisted can safely be deleted [empty.int.unixathome.org] [216/312] Reinstalling FreeBSD-openssl-dev-15.0p10... ... [empty.int.unixathome.org] [311/312] Extracting FreeBSD-tests-dbg-15.0p11: 100% [empty.int.unixathome.org] [312/312] Reinstalling FreeBSD-set-tests-15.0... ==> Running trigger: mandoc.ucl ===== Message from FreeBSD-local-unbound-15.0p10: -- After upgrading local-unbound, the configuration file should be regenerated by running "service local_unbound setup" before restarting the service. Restarting sshd Performing sanity check on sshd configuration. Stopping sshd. Waiting for PIDS: 50722. Performing sanity check on sshd configuration. Starting sshd. Conversion finished. Please verify that the contents of the following critical files are as expected: /etc/master.passwd /etc/group /etc/ssh/sshd_config After verifying those files, restart the system.
I raised an issue.











