Bastille jail: to build and test builds

sidetone

Daemon

Reaction score: 909
Messages: 1,864

Install sysutils/bastille, net/gitup and x11-servers/xorg-nestserver on host through either ports or packages.

Bastille jail in the example or instruction will be named "myjail". I'll use an alias IP and network card as an example. doas or sudo can be used from your host system, depending on your setup.


Bootstrapping Bastille and installing jail
bastille bootstrap 13.0-RELEASE update
This sets up the jail directory, along with the base system for jails.
bastille create myjail 13.0-RELEASE 192.168.1.100 re0
This uses an example IP and network card to set up a jail along with a set alias IP. Loopback lo1 as an IP uses different instructions for the jail.
Acceptable IP ranges for jail:
Code:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
bastille start myjail


From Host
Setting up rc.conf or rc.conf.local is optional, or only needed if the jail needs to be started on bootup:
Code:
bastille_enable="YES"
bastille_list="jail1 jail2"

/usr/local/bastille/bastille.conf can be edited, but to set up a basic Bastille jail, it can be left alone.

Use gitup from host to install ports into a Bastille jail. /usr/local/etc/gitup.conf
Code:
 "jail" : {
                "repository_path"  : "/ports.git",
                "branch"           : "main",
        "target_directory" : "/usr/local/bastille/jails/[myjail]/root/usr/ports",
                "ignores"          : [
                        "distfiles",
                        "packages",
                        "INDEX-11",
                        "INDEX-12",
                        "INDEX-13",
                        "INDEX-14",
                ],
        },
gitup can also be installed inside the jail, and configured there.

To give /dev/ access:
cd /usr/local/bastille/jails/myjail/
vi jail.conf or bastille config myjail set devfs_ruleset=[#]
Change the number in the line devfs_ruleset= ;
From /etc/defaults/devfs.rules, ruleset 4 is the default for jails, so it a good starting point.

If your jail was started, restart it: bastille restart myjail
Thread jails-accessing-devices-from-bastille.79781

Turn on Xnest server as a nonroot user on the host system, that X11 programs from the jail can use:
Xnest :1 -listen tcp
Thread executing-x11-program-built-in-bastille-jail.82138


Using Bastille
bastille list
bastille console myjail

Inside Bastille jail console
setenv DISPLAY :1
This sets the output to display :1 started from the host system via Xnest. To make this permanent, insert this line into /root/.cshrc. For use one time, for xterm, for example use xterm -display :1.

Now you can build ports within a Bastille jail. First update the jail and its ports. Make sure the package tree in /etc/pkg/FreeBSD.conf matches the one for ports. You can make custom directories in /root or /opt, to copy original makefiles to from the ports tree in your jail, then run make commands there. This will use the rest of the jail's ports tree. Make a copy of the original Makefile, to Makefile.orig. Then, use diff -u Makefile.orig Makefile after editing, to note the differences. See: https://docs.freebsd.org/en/books/porters-handbook/.

If you're using ports-mgmt/psearch inside the jail, an index will need to be created in the ports tree:
cd /usr/ports
make index


Mounting considerations for jail
mounting /usr/local/bastille in its own partition.
tunefs partition to give partition a label.
Use of tmpfs partitions inside jail for build directories.


Removing jail
Backup files if you choose.
bastille stop myjail
bastille destroy myjail
Edit rc.conf or rc.conf.local if there's a jail listing.


Removing Bastille
pkg remove bastille
(unmount mountpoints containing bastille jails)
cd /usr/local/bastille
chflags -R noschg
Use rm command carefully.


(Edit - correction to Xnest command to listen on jail)
 
Last edited:

angry_vincent

New Member

Reaction score: 4
Messages: 9

i planning to play with bastille but i found no information if i could use it with making jails from source (i.e via buildworld and installworld where jail planned to live). perhaps i could try default documented steps first.
 
OP
sidetone

sidetone

Daemon

Reaction score: 909
Messages: 1,864

This can be used for a general purpose Bastille installation and use, and it is further tailored to building and testing builds including on X11. The writing is clarified and explained to make it easier to set up, and it has additional instructions, including for building inside the jail, unhiding basic devices, and using Xnest to display on the host desktop.

Additional interesting jail howtos
 
OP
sidetone

sidetone

Daemon

Reaction score: 909
Messages: 1,864

i found no information if i could use it with making jails from source (i.e via buildworld and installworld where jail planned to live). perhaps i could try default documented steps first.
For installing the core (release or base) of the jail, or release, this command (also above) is relevant:
bastille bootstrap 13.0-RELEASE update

In /usr/local/etc/bastille/bastille.conf, there's a few important sections: default paths, bootstrap archives, bootstrap urls. There's also a section on templates which could also help: they are in /usr/local/share/bastille/templates/ which is hotlinked from /usr/local/bastille/templates/.

It's possible to build a release from the /usr/src/ directory: there's a few make commands for this.

I was also wondering if Minibsd could be bootstrapped, as the bootstrap url and bootstrap archives for this jail.
Now I'm wondering if it's possible in the future to bootstrap other BSD's as long as they play well with FreeBSD's kernel. Building [another OS] from source on FreeBSD likely won't work.

Here are 2 How-tos on bootstrapping Linux and one on a FreeBSD from scratch (for comparison of the possibility of bootstrapping other BSD's or custom FreeBSD builds) for a FreeBSD jail:
From these, ideas would have to be taken from them, because the processes are so different.


Actually, I wanted to run another BSD OS in an environment on my computer. I'm entertaining the idea of trying MidnightBSD in a jail. Which this is something I'm unsure of if it can be done, or if it can, I would come back to trying maybe years later.
 

angry_vincent

New Member

Reaction score: 4
Messages: 9

Yes, i am familiar with make release
however, what is unclear for me how do i point to generated base.txz in bastille config
 

angry_vincent

New Member

Reaction score: 4
Messages: 9

ok, the way to deal with custom base.txz is to put into cache/$RELEASE, then bastille would use it to create jail.
 
Top