I run poudriere in a jail on FreeBSD – it really is becoming the thing-to-do with all the cool kids. Everyone’s doing it. It is nifty.
I will provide only the jail configuration, and not any file system configuration. That is left for you. I think these links might be most helpful:
- Using poudriere to create a custom FreeBSD repository for package installation
- Moving poudriere from the host into a jail
In this post:
- FreeBSD 14
- poudriere-3.4.1
The jail configuration
This is what I run with
[15:49 r730-01 dvl ~] % cat /etc/jail.conf.d/pkg01.conf
pkg01 {
#
# start of standard settings for each jail
#
$bridge = "bridge0";
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
path = /jails/$name;
allow.raw_sockets;
#securelevel = 2;
host.hostname = "$name.int.unixathome.org";
exec.consolelog="/var/tmp/jail-console-$name.log";
persist;
#
# end of standard settings for each jail
#
allow.mlock; # came in with poudriere upgraded: 3.4.0 -> 3.4.1
allow.chflags;
allow.mount.devfs;
allow.mount.fdescfs;
allow.mount.linprocfs;
allow.mount.nullfs;
allow.mount.procfs;
allow.mount.tmpfs;
allow.mount.zfs=true;
allow.mount=true;
allow.raw_sockets;
allow.socket_af;
children.max=200;
enforce_statfs=1;
exec.created+="zfs jail $name data03/poudriere";
exec.created+="zfs set jailed=on data03/poudriere";
exec.poststart += "jail -m allow.mount.linprocfs=1 name=$name";
host.domainname=none;
sysvmsg=new;
sysvsem=new;
sysvshm=new;
vnet;
# from https://codeberg.org/pkgbase/website/src/branch/main/howto/jails.md
$gw = "10.0.0.1";
$gw6 = "2001:470:[redacted]:0";
$id = "29";
$jepair = "epair${id}b";
$ipaddr = "10.0.0.${id}/24";
$ip6addr = "2001:470:[redacted]:${id}/64";
vnet.interface = "$jepair";
exec.prestart = "ifconfig epair${id} create up";
exec.prestart += "ifconfig epair${id}a up descr vnet-${name}";
exec.prestart += "ifconfig $bridge addm epair${id}a up";
exec.start = "/sbin/ifconfig lo0 127.0.0.1 up";
exec.start += "/sbin/ifconfig epair${id}b ${ipaddr}";
exec.start += "/sbin/ifconfig epair${id}b inet6 ${ip6addr}";
exec.start += "/sbin/route add default ${gw}";
exec.start += "/bin/sh /etc/rc";
exec.prestop = "ifconfig epair${id}b -vnet ${name}";
exec.poststop = "ifconfig $bridge deletem epair${id}a";
exec.poststop += "ifconfig epair${id}a destroy";
}
The filesystems
This is what I have in the jail:
[16:45 pkg01 dan ~] % zfs list NAME USED AVAIL REFER MOUNTPOINT data03 1.62T 5.50T 96K none data03/poudriere 166G 5.50T 96K /usr/local/poudriere data03/poudriere/ccache 17.4M 5.50T 104K /var/ccache data03/poudriere/ccache/ccache.13amd64 208K 5.50T 96K /var/ccache/ccache.13amd64 data03/poudriere/ccache/ccache.amd64 16.4M 5.50T 16.3M /var/ccache/ccache.amd64 data03/poudriere/data 51.5G 5.50T 14.5G /usr/local/poudriere/data data03/poudriere/data/cache 531M 5.50T 162M /usr/local/poudriere/data/cache data03/poudriere/data/cronjob-logs 5.18M 5.50T 1.82M /usr/local/poudriere/data/cronjob-logs data03/poudriere/data/packages 35.9G 5.50T 24.0G /usr/local/poudriere/data/packages data03/poudriere/distfiles 90.2G 5.50T 90.1G /usr/ports/distfiles data03/poudriere/jails 5.46G 5.50T 96K /usr/local/poudriere/jails data03/poudriere/jails/124amd64 1.44G 5.50T 1.44G /usr/local/poudriere/jails/124amd64 data03/poudriere/jails/132amd64 1.42G 5.50T 1.42G /usr/local/poudriere/jails/132amd64 data03/poudriere/jails/132i386 1.21G 5.50T 1.21G /usr/local/poudriere/jails/132i386 data03/poudriere/jails/140amd64 1.39G 5.50T 1.39G /usr/local/poudriere/jails/140amd64 data03/poudriere/ports 19.1G 5.50T 3.25G /usr/local/poudriere/ports data03/poudriere/ports/2022Q3 847M 5.50T 847M /usr/local/poudriere/ports/2022Q3 data03/poudriere/ports/2023Q2 879M 5.50T 879M /usr/local/poudriere/ports/2023Q2 data03/poudriere/ports/default 5.06G 5.50T 2.50G /usr/local/poudriere/ports/default data03/poudriere/ports/main 2.14G 5.50T 1.60G /usr/local/poudriere/ports/main data03/poudriere/ports/testing 6.49G 5.50T 2.54G /usr/local/poudriere/ports/testing data03/poudriere/test 152K 5.50T 96K /usr/local/poudriere/test [16:45 pkg01 dan ~] %
I hope this helps.
