Running pkgbasify on a FreeBSD 15.0 jail

It’s time.

All my hosts are on 15.0 and on pkgbase.

Next, let’s move a jail to pkgbase.

In this post:

  • FreeBSD 15.0
  • the jail is named empty

I’m following instructions based on the official docs and copying from a previous post: Running pkgbasify on FreeBSD 15.0

snapshot, not bectl

Because it’a jail, I’m doing this for the filesystem of the jail. The commands are run on the jail host.

data01/jails/empty                            18.3G  7.08T  15.4G  /jails/empty
[23:48 r730-03 dvl ~] % sudo zfs snapshot data01/jails/empty@before-pkgbasify
[23:57 r730-03 dvl ~] % 

Over in the jail

Over in the jail, I did this:

[23:49 empty root ~] # fetch https://github.com/FreeBSDFoundation/pkgbasify/raw/refs/heads/main/pkgbasify.lua
pkgbasify.lua                                           21 kB 8695 kBps    00s
[23:49 empty root ~] # chmod +x ./pkgbasify.lua
[23:49 empty root ~] # tmux
root@empty:~ # ./pkgbasify.lua
Running this tool will irreversibly modify your system to use pkgbase.
This tool and pkgbase are experimental and may result in a broken system.
It is highly recommended to backup your system before proceeding.
Do you accept this risk and wish to continue? (y/n) y
Updating local repository catalogue...
[empty.int.unixathome.org] Fetching meta.conf: 100%     179 B   0.2 kB/s    00:01    
[empty.int.unixathome.org] Fetching data: 100%   358 KiB 366.9 kB/s    00:01    
Processing entries: 100%
local repository update completed. 970 packages processed.
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD-ports repository catalogue...
[empty.int.unixathome.org] Fetching meta.conf: 100%     179 B   0.2 kB/s    00:01    
[empty.int.unixathome.org] Fetching data: 100%    10 MiB  11.0 MB/s    00:01    
Processing entries: 100%
FreeBSD-ports repository update completed. 37066 packages processed.
Updating FreeBSD-ports-kmods repository catalogue...
[empty.int.unixathome.org] Fetching meta.conf: 100%     179 B   0.2 kB/s    00:01    
[empty.int.unixathome.org] Fetching data: 100%    35 KiB  35.9 kB/s    00:01    
Processing entries: 100%
FreeBSD-ports-kmods repository update completed. 240 packages processed.
Updating FreeBSD-base repository catalogue...
[empty.int.unixathome.org] Fetching meta.conf: 100%     179 B   0.2 kB/s    00:01    
[empty.int.unixathome.org] Fetching data: 100%    81 KiB  82.5 kB/s    00:01    
Processing entries: 100%
FreeBSD-base repository update completed. 496 packages processed.
All repositories are up to date.
Creating //usr/local/etc/pkg/repos/FreeBSD-base.conf
Adding BACKUP_LIBRARIES=yes to /usr/local/etc/pkg.conf
Updating FreeBSD-base repository catalogue...
[empty.int.unixathome.org] Fetching meta.conf: 100%     179 B   0.2 kB/s    00:01    
[empty.int.unixathome.org] Fetching data: 100%    81 KiB  82.5 kB/s    00:01    
Processing entries: 100%
FreeBSD-base repository update completed. 496 packages processed.
FreeBSD-base is up to date.
The following 312 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        FreeBSD-acct: 15.0 [FreeBSD-base]
        FreeBSD-acpi: 15.0 [FreeBSD-base]
...
        FreeBSD-zlib-lib32: 15.0 [FreeBSD-base]
        FreeBSD-zoneinfo: 15.0p7 [FreeBSD-base]

Number of packages to be installed: 312

The process will require 1 GiB more space.
370 MiB to be downloaded.
[empty.int.unixathome.org] [  1/312] Fetching FreeBSD-libmilter-dev-15.0p10: 100%    86 KiB  87.8 kB/s    00:01    
[empty.int.unixathome.org] [  2/312] Fetching FreeBSD-libsqlite3-dev-15.0: 100%  2144 KiB   2.2 MB/s    00:01    
...
[empty.int.unixathome.org] [311/312] Fetching FreeBSD-smbutils-dev-lib32-15.0: 100%    85 KiB  87.2 kB/s    00:01    
[empty.int.unixathome.org] [312/312] Fetching FreeBSD-ctf-dev-15.0: 100%   138 KiB 141.6 kB/s    00:01    
Checking integrity... done (0 conflicting)
pkg: Package FreeBSD-cron has files with flags that cannot be managed in this jail. Set allow.chflags in the jail configuration.
Fetching packages failed, try again? (y/n) 

Because I needed to stop this jail, I replied no:

Fetching packages failed, try again? (y/n) Fetching packages failed, try again? (y/n) Fetching packages failed, try again? (y/n) Fetching packages failed, try again? (y/n) Fetching packages failed, try again? (y/n) n  
Canceled

I added this parameter to the /etc/jail.conf entry for the empty:

    # added for pkgbasify
    allow.chflags;

Then I restarted that jail:

[0:02 r730-03 dvl ~] % sudo service jail restart empty   
Stopping jails: empty.
Starting jails: empty.
[0:03 r730-03 dvl ~] % 

Back into the jail to try again:

[0:03 empty root ~] # ./pkgbasify.lua 
...
Processing entries: 100%
FreeBSD-base repository update completed. 496 packages processed.
All repositories are up to date.
Overwrite //usr/local/etc/pkg/repos/FreeBSD-base.conf? (y/n) y
...
[empty.int.unixathome.org] [ 19/312] Extracting FreeBSD-bmake-15.0: 100%
[empty.int.unixathome.org] [ 20/312] Reinstalling FreeBSD-bootloader-15.0...
[empty.int.unixathome.org] [ 20/312] Extracting FreeBSD-bootloader-15.0:   9%
pkg: openat(boot/device.hints): No such file or directory
[empty.int.unixathome.org] [ 20/312] Extracting FreeBSD-bootloader-15.0: 100%
[empty.int.unixathome.org] [ 21/312] Reinstalling FreeBSD-bootloader-dev-15.0...
[empty.int.unixathome.org] [ 21/312] Extracting FreeBSD-bootloader-dev-15.0: 100%
...
[empty.int.unixathome.org] [ 32/312] Extracting FreeBSD-clibs-15.0p11: 100%
Cannot install /lib/libc.so.7, installed as /lib/libc.so.7.pkgnew
pkg: Failed to chflags /lib/libc.so.7:Operation not permitted
Error: exit
Restarting sshd
Performing sanity check on sshd configuration.
Stopping sshd.
Waiting for PIDS: 34877.
Performing sanity check on sshd configuration.
Starting sshd.
An error occurred during conversion leaving the system in a partially
converted state.

Please determine and resolve the root cause of the error.

When you believe the error will not happen again, run pkgbasify with
the --force argument to try and complete the conversion.

Well. OK then, let’s try:

[0:04 empty root ~] # ./pkgbasify.lua
Error: The system is already using pkgbase.
Pass --force to run pkgbasify anyway, for example to fix a partial conversion.
[0:06 empty root ~] # ./pkgbasify.lua --force
Running this tool will irreversibly modify your system to use pkgbase.
This tool and pkgbase are experimental and may result in a broken system.
It is highly recommended to backup your system before proceeding.
Do you accept this risk and wish to continue? (y/n) y
...
Processing entries: 100%
FreeBSD-base repository update completed. 496 packages processed.
All repositories are up to date.
Overwrite //usr/local/etc/pkg/repos/FreeBSD-base.conf? (y/n) y
...
An error occurred during conversion leaving the system in a partially
converted state.

Please determine and resolve the root cause of the error.

When you believe the error will not happen again, run pkgbasify with
the --force argument to try and complete the conversion.

Hmm.

It seems everything is installed:

[0:08 empty root ~] # pkg info -x FreeBSD | wc -l
     312

That value matches with the host system.

Let’s restart the jail.

After restarting the jail

After restarting the jail, we have:

[0:09 empty dvl ~] % pkg repos -e
FreeBSD-base: { 
    url             : "pkg+https://pkg.FreeBSD.org/FreeBSD:15:amd64/base_release_0",
    enabled         : yes,
    priority        : 0,
    mirror_type     : "SRV",
    signature_type  : "FINGERPRINTS",
    fingerprints    : "/usr/share/keys/pkgbase-15"
  }
local: { 
    url             : "http://fedex.int.unixathome.org/packages/FreeBSD:15:amd64",
    enabled         : yes,
    priority        : 0,
    signature_type  : "PUBKEY",
    pubkey          : "/etc/ssl/slocum.unixathome.org.cert"
  }
[0:09 empty dvl ~] % 

That seems right to me.

How about a pkg-upgrade?

[0:09 empty dvl ~] % sudo pkg upgrade
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating local repository catalogue...
local repository is up to date.
All repositories are up to date.
Checking for upgrades (13 candidates): 100%
Processing candidates (13 candidates): 100%
The following 12 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
	bind-tools: 9.20.23 -> 9.20.24 [local]
	curl: 8.20.0 -> 8.21.0 [local]
	jq: 1.8.1 -> 1.8.2 [local]
	libcbor: 0.13.0 -> 0.14.0 [local]
	libcjson: 1.7.19 -> 1.7.19_1 [local]
	libffi: 3.5.2 -> 3.6.0 [local]
	libpsl: 0.21.5_2 -> 0.22.0 [local]
	libssh2: 1.11.1,3 -> 1.11.1_1,3 [local]
	mosquitto: 2.1.2_2 -> 2.1.2_3 [local]
	p5-IO-Socket-SSL: 2.098 -> 2.099 [local]
	rsync: 3.4.4 -> 3.4.4_1 [local]
	zsh: 5.9_5 -> 5.9.1 [local]

Number of packages to be upgraded: 12

10 MiB to be downloaded.

Proceed with this action? [y/N]: y
[empty.int.unixathome.org] [ 1/12] Fetching mosquitto-2.1.2_3: 100%   476 KiB 487.7 kB/s    00:01    
[empty.int.unixathome.org] [ 2/12] Fetching libcbor-0.14.0: 100%    83 KiB  85.4 kB/s    00:01    
[empty.int.unixathome.org] [ 3/12] Fetching jq-1.8.2: 100%   340 KiB 348.5 kB/s    00:01    
[empty.int.unixathome.org] [ 4/12] Fetching bind-tools-9.20.24: 100%  1579 KiB   1.6 MB/s    00:01    
[empty.int.unixathome.org] [ 5/12] Fetching libpsl-0.22.0: 100%    66 KiB  68.1 kB/s    00:01    
[empty.int.unixathome.org] [ 6/12] Fetching libcjson-1.7.19_1: 100%    39 KiB  39.5 kB/s    00:01    
[empty.int.unixathome.org] [ 7/12] Fetching p5-IO-Socket-SSL-2.099: 100%   198 KiB 202.5 kB/s    00:01    
[empty.int.unixathome.org] [ 8/12] Fetching rsync-3.4.4_1: 100%   401 KiB 410.3 kB/s    00:01    
[empty.int.unixathome.org] [ 9/12] Fetching curl-8.21.0: 100%  1850 KiB   1.9 MB/s    00:01    
[empty.int.unixathome.org] [10/12] Fetching zsh-5.9.1: 100%  5046 KiB   5.2 MB/s    00:01    
[empty.int.unixathome.org] [11/12] Fetching libffi-3.6.0: 100%    50 KiB  51.0 kB/s    00:01    
[empty.int.unixathome.org] [12/12] Fetching libssh2-1.11.1_1,3: 100%   244 KiB 249.6 kB/s    00:01    
Checking integrity... done (0 conflicting)
[empty.int.unixathome.org] [ 1/12] Upgrading bind-tools from 9.20.23 to 9.20.24...
[empty.int.unixathome.org] [ 1/12] Extracting bind-tools-9.20.24: 100%
[empty.int.unixathome.org] [ 2/12] Upgrading jq from 1.8.1 to 1.8.2...
[empty.int.unixathome.org] [ 2/12] Extracting jq-1.8.2: 100%
[empty.int.unixathome.org] [ 3/12] Upgrading libcbor from 0.13.0 to 0.14.0...
[empty.int.unixathome.org] [ 3/12] Extracting libcbor-0.14.0: 100%
[empty.int.unixathome.org] [ 4/12] Upgrading libcjson from 1.7.19 to 1.7.19_1...
[empty.int.unixathome.org] [ 4/12] Extracting libcjson-1.7.19_1: 100%
[empty.int.unixathome.org] [ 5/12] Upgrading libffi from 3.5.2 to 3.6.0...
[empty.int.unixathome.org] [ 5/12] Extracting libffi-3.6.0: 100%
[empty.int.unixathome.org] [ 6/12] Upgrading libpsl from 0.21.5_2 to 0.22.0...
[empty.int.unixathome.org] [ 6/12] Extracting libpsl-0.22.0: 100%
[empty.int.unixathome.org] [ 7/12] Upgrading libssh2 from 1.11.1,3 to 1.11.1_1,3...
[empty.int.unixathome.org] [ 7/12] Extracting libssh2-1.11.1_1,3: 100%
[empty.int.unixathome.org] [ 8/12] Upgrading curl from 8.20.0 to 8.21.0...
[empty.int.unixathome.org] [ 8/12] Extracting curl-8.21.0: 100%
[empty.int.unixathome.org] [ 9/12] Upgrading mosquitto from 2.1.2_2 to 2.1.2_3...
===> Creating users
Using existing user 'nobody'
[empty.int.unixathome.org] [ 9/12] Extracting mosquitto-2.1.2_3: 100%
[empty.int.unixathome.org] [10/12] Upgrading p5-IO-Socket-SSL from 2.098 to 2.099...
[empty.int.unixathome.org] [10/12] Extracting p5-IO-Socket-SSL-2.099: 100%
[empty.int.unixathome.org] [11/12] Upgrading rsync from 3.4.4 to 3.4.4_1...
[empty.int.unixathome.org] [11/12] Extracting rsync-3.4.4_1: 100%
[empty.int.unixathome.org] [12/12] Upgrading zsh from 5.9_5 to 5.9.1...
[empty.int.unixathome.org] [12/12] Extracting zsh-5.9.1: 100%
You may need to manually remove /usr/local/etc/mosquitto/mosquitto.conf if it is no longer needed.

That seems good too.

So, what went wrong?

But wait, that error!

I just noticed this error, which appears in both of the last runs:

[empty.int.unixathome.org] [ 32/312] Extracting FreeBSD-clibs-15.0p11: 100%
Cannot install /lib/libc.so.7, installed as /lib/libc.so.7.pkgnew
pkg: Failed to chflags /lib/libc.so.7:Operation not permitted
Error: exit
Restarting sshd

I think chflags is still an issue.

Let’s try adding this to the jail configuration and restart it:

    securelevel = -1;

This is the full run:

[0:29 empty root ~] # ./pkgbasify.lua --force
Running this tool will irreversibly modify your system to use pkgbase.
This tool and pkgbase are experimental and may result in a broken system.
It is highly recommended to backup your system before proceeding.
Do you accept this risk and wish to continue? (y/n) y
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating local repository catalogue...
local repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD-ports repository catalogue...
[empty.int.unixathome.org] Fetching meta.conf: 100%     179 B   0.2 kB/s    00:01    
[empty.int.unixathome.org] Fetching data: 100%    10 MiB  11.0 MB/s    00:01    
Processing entries: 100%
FreeBSD-ports repository update completed. 37066 packages processed.
Updating FreeBSD-ports-kmods repository catalogue...
[empty.int.unixathome.org] Fetching meta.conf: 100%     179 B   0.2 kB/s    00:01    
[empty.int.unixathome.org] Fetching data: 100%    35 KiB  35.9 kB/s    00:01    
Processing entries: 100%
FreeBSD-ports-kmods repository update completed. 240 packages processed.
Updating FreeBSD-base repository catalogue...
[empty.int.unixathome.org] Fetching meta.conf: 100%     179 B   0.2 kB/s    00:01    
[empty.int.unixathome.org] Fetching data: 100%    81 KiB  82.5 kB/s    00:01    
Processing entries: 100%
FreeBSD-base repository update completed. 496 packages processed.
All repositories are up to date.
Overwrite //usr/local/etc/pkg/repos/FreeBSD-base.conf? (y/n) y
Overwriting //usr/local/etc/pkg/repos/FreeBSD-base.conf
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
FreeBSD-base is up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Checking integrity... done (0 conflicting)
The following 312 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
	FreeBSD-acct-15.0 [FreeBSD-base]
...
	FreeBSD-zoneinfo-15.0p7 [FreeBSD-base]

Number of packages to be reinstalled: 312
[empty.int.unixathome.org] [  1/312] Reinstalling FreeBSD-acct-15.0...
[empty.int.unixathome.org] [  1/312] Extracting FreeBSD-acct-15.0: 100%
...
[empty.int.unixathome.org] [215/312] Reinstalling FreeBSD-caroot-15.0...
[empty.int.unixathome.org] [215/312] Extracting FreeBSD-caroot-15.0: 100%
certctl: legacy directory /etc/ssl/blacklisted can safely be deleted
[empty.int.unixathome.org] [216/312] Reinstalling FreeBSD-openssl-dev-15.0p10...
...
[empty.int.unixathome.org] [311/312] Extracting FreeBSD-tests-dbg-15.0p11: 100%
[empty.int.unixathome.org] [312/312] Reinstalling FreeBSD-set-tests-15.0...
==> Running trigger: mandoc.ucl
=====
Message from FreeBSD-local-unbound-15.0p10:

--
After upgrading local-unbound, the configuration file should be regenerated
by running "service local_unbound setup" before restarting the service.
Restarting sshd
Performing sanity check on sshd configuration.
Stopping sshd.
Waiting for PIDS: 50722.
Performing sanity check on sshd configuration.
Starting sshd.
Conversion finished.

Please verify that the contents of the following critical files are as expected:
/etc/master.passwd
/etc/group
/etc/ssh/sshd_config

After verifying those files, restart the system.

I raised an issue.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Leave a Comment

Scroll to Top