jails FreeBSD-set-base-jail FreeBSD-jail FreeBSD-set-minimal-jail FreeBSD-set-optional-jail

Have a look at tools like ezjail or bastille. Maybe they use it.
Also there are three jail types : thick , thin and in a separate package optional-jail.
Personally i only use thick jails. I create them manually no tools. Just unpack base.txz
 
Thank you. my question is, do i need to install the above package to use jails? what do the above differ with ezjail or bastile etc?
 
Skip ezjail, it's terribly old and hasn't been updated/improved in years[*]. Bastille is good, easy to use and allows the creation of different version base jails (ezjail can't handle this and royally messes up if you try).

[*] Its developer walked away, never to return.
 
These are stripped down package sets for jails: jail is not a full host system, therefore it does not make sense to install everything in it compared to the host system.

- FreeBSD-set-base-jail - pretty much "thick" jail. It includes FreeBSD-set-minimal-jail-db and FreeBSD-set-devel-dbg.

- FreeBSD-set-minimal-jail - lean, minimal set of packages to run a jail. It misses tons of libraries, tools, etc. For example, sysrc(1), cc(1), etc. are not included.

Here is a comparison of fresh install of the sets into different datasets:
Code: 
# zfs list -r zroot/usr/jail | grep '15.0-'
zroot/usr/jail/15.0-base        557M  1.74T   557M  /usr/jail/15.0-base
zroot/usr/jail/15.0-base-jail   518M  1.74T   518M  /usr/jail/15.0-base-jail
zroot/usr/jail/15.0-min         130M  1.74T   130M  /usr/jail/15.0-min
zroot/usr/jail/15.0-min-jail   88.7M  1.74T  88.7M  /usr/jail/15.0-min-jail
 
skhal
Would you kindly give me the step-by-step as to how you created those populated datasets, please? The handbook is not helpful and nor have Google searches or even AI inquiries been of any help.

I've been stymied by repeated "pkg: Error opening the trusted directory /usr/share/keys/pkg/trusted" errors of various flavors.

Thank you.
 
Bucky said:
skhal
Would you kindly give me the step-by-step as to how you created those populated datasets, please? The handbook is not helpful and nor have Google searches or even AI inquiries been of any help.

I've been stymied by repeated "pkg: Error opening the trusted directory /usr/share/keys/pkg/trusted" errors of various flavors.

Thank you.
Click to expand...
Which method are you using to make the jails? I haven't tried the handbook way, but it looks to be the most manual way available. I personally use bastille, but the other instructions from the projects can be found here: https://docs.freebsd.org/en/books/handbook/jails/#jail-managers-and-containers

As far as your problem, take a look at this post. https://forums.freebsd.org/threads/solved-pkg-keys-thanks-pkubaj.44370/

Should fix the issue. Although, you'll probably be happier switching to Bastille or one of the other utlities to help with management.
 
I prefer not to use a jail manager and use the standard toolset instead. The link to the pkg keys solution is 10 years old. Instead I made sure the keys match those released with with FreeBSD15.0. And made sure they are in the correct directories and even copied them over to the jail directory after creation. No joy.

Using zfs here.

I have no trouble making jails and getting them up and running under the non-pkgbase method. But this pkgbase mechanism has me baffled. I'll take another look at Vermaden's method though it seems obtuse: https://vermaden.wordpress.com/2025/10/20/brave-new-pkgbase-world/

If skhal has found a way to do it using the standard toolset I'm all ears.
 
Bucky said:
skhal
Would you kindly give me the step-by-step as to how you created those populated datasets, please?
Click to expand...
I'm curiouse myself.

The following command is how I populate a jail (or PXE NFSROOTDIR) with pkgbase metapackages (sets).

Use pkg(8) -r (--rootdir) to specify where to install the packages, and pkg-install(8) -r ( --repository) to specify the package repository to fetch the packages from.
Code: 
pkg -r /usr/jail/15.0-base-jail install -r FreeBSD-base FreeBSD-set-base-jail
 
Thanks T-Daemon. Your CLI command is slightly different than what I've seen bandied about and different from what is described in the pkgbase manpage as well.

I'll experiment with it.
 
Bucky said:
I've been stymied by repeated "pkg: Error opening the trusted directory /usr/share/keys/pkg/trusted" errors of various flavors.
Click to expand...

This is what I do, I am not saying that is the solution though.
pkg requires some missing files in the jail, just copy them directly into the jail.
Code: 
mkdir -p "$path_to_jail"/usr/share/keys/pkg/trusted
cp /usr/share/keys/pkg/trusted/* "$path_to_jail"/usr/share/keys/pkg/trusted/

mkdir -p "$path_to_jail"/var/db/pkg
cp -r /var/db/pkg/repos "$path_to_jail"/var/db/pkg/

This is how I do create pkgbase jails currently:
1. create the jail dataset
2. copy files from host to jail as explained above.
3. Install jail package FreeBSD-set-base-jail or FreeBSD-set-minimal-jail

Steps 1 and 2 should not be a problem so I skip them.
Code: 
pkg -r "$path_to_jail" install -y FreeBSD-set-minimal-jail

As expected with FreeBSD-set-base-jail you get a bigger jail than with FreeBSD-set-minimal-jail
Code: 
 ~ > zfs list -r zroot/jails/basejail
NAME                      USED  AVAIL  REFER  MOUNTPOINT
zroot/jails/basejail   561M  7.86G   561M  /usr/local/jails/basejail
 ~ >
 ~ > zfs list -r zroot/jails/minimaljail 
NAME                         USED  AVAIL  REFER  MOUNTPOINT
zroot/jails/minimaljail   132M  7.86G   132M  /usr/local/jails/minimaljail
 
Thank you, gotnull. That seems to work. It is SIGNIFICANTLY different than anything else I've read and thank you.

I'll need to experiment with it some more.
 
Bucky You're welcome mate
skhal brought some good info too about difference between both packages minimal and base, thanks to him.
I came to the same conclusion, at this point thin jails do not exist anymore unless someone come with a solid workaround.
On the other hand, upgrades should be easier by using thick jails, but also significantly longer, especially if there are a bunch of jails to upgrade.
 
gotnull, agree with you. Did the setup as you described and both basejail and minimaljail up and running with no troubles. Shoutout to skhal as well.

Now to figure out when to use the minimal jail vs the basejail in production.

Thank you!
 
Bucky said:
Thank you, gotnull. That seems to work. It is SIGNIFICANTLY different than anything else I've read and thank you.
Click to expand...
Just to be clear, I did not invent anything I mostly borrowed ideas from the the wiki page and this how-to.

Bucky said:
Now to figure out when to use the minimal jail vs the basejail in production.
Click to expand...
For my usage FreeBSD-set-basejail is my go to.
FreeBSD-set-minimal-jail seems for very specific case, command like sysrc doesn't work for example and I bet many other things are missing too.
 
Thank you just the same. The wiki link I hadn't seen before. The how-to I had just glanced at previously. I'll study both now.

I suppose all this can change when FreeBSD v16.0 is released.

Thanks again!
 
The instructions are pretty much along the following lines (discussed at https://forums.freebsd.org/threads/minimal-pkgbase-jails-chroots-docker-oci-like.99512/#post-731756):

Code: 
-- create a dataset
# zfs create zroot/jail/template/$(freebsd-version)

-- Copy pkg(8) keys to access repositories
# mkdir -vp /jail/template/$(freebsd-version)/usr/share/keys
# cp -vrn /usr/share/keys/pkg* /jail/template/$(freebsd-version)/usr/share/keys/

-- Prepare file hierarchy for pkg(8) database
# mkdir -vp /jail/template/$(freebsd-version)/var/db/pkg/repos

-- Mount tmpfs(4) for metadata cache:
# mount -vt tmpfs tmpfs /jail/template/$(freebsd-version)/var/db/pkg/repos

-- Install minimal set of packages designed for jails
# pkg -r /jail/template/15.0-minimal install FreeBSD-set-minimal-jail

-- verify work
# chroot /jail/template/$(freebsd-version)/ freebsd-version -u
15.0-RELEASE

You may repeat the steps by installing different distribution sets.
 
You must log in or register to reply here.
Back
Top