Solved Getting started with poudriere – with latest packages and OpenZFS

[grahamperrin]

Some errors:

Focus on the first line that signifies wrongness:

pkg: file:///usr/local/poudriere/data/packages/bsd13-default/meta.txz: No such file or directory

– the bsd13 part of the line, in particular.

---

Getting started with poudriere – with latest packages and OpenZFS​

<https://old.reddit.com/r/freebsd/comments/vab4yt/-/>

𡀓– see step 4.

Compare what's there (what's suggested), with the content of your own file:

/usr/local/etc/pkg/repos/poudriere.conf

 

[Lamia]

To a separate topic, please

My apologies Sir.

 

[Sivan!]

Focus on the first line that signifies wrongness:



– the bsd13 part of the line, in particular.

poudriere jail -l
JAILNAME VERSION ARCH METHOD TIMESTAMP PATH
bsd13 13.0-RELEASE-p11 amd64 http 2022-05-11 01:59:59 /usr/local/poudriere/jails/kde

I replaced the jail name thirteen-default to the bsd13-default.

---

Getting started with poudriere – with latest packages and OpenZFS​

𡀓– see step 4.

Compare what's there (what's suggested), with the content of your own file:

/usr/local/etc/pkg/repos/poudriere.conf

grahamperrin@ It is exactly as you suggested, I copied and pasted it, but changed thirteen-default to bsd13-default

pkg install does not work for any package. The problem seems to be that poudriere is looking for
///usr/local/poudriere/data/packages/bsd13-default/meta.txz and returns the error: No such file or directory

The directory structure seems to be different from what poudriere expects. I don't know what happened:

cd /usr/local/poudriere/data/packages/bsd13-default
/usr/local/poudriere/data/packages/bsd13-default: No such file or directory.
# cd /usr/local/poudriere/data/packages/
/usr/local/poudriere/data/packages/: No such file or directory.
# ls /usr/local/poudriere/
data jails ports
# ls /usr/local/poudriere/data
queue
# ls /usr/local/poudriere/jails
kde

 

[SirDice]

Did you do a poudriere bulk ... yet? Because that's what creates those package directories.

 

[Sivan!]

Did you do a poudriere bulk ... yet? Because that's what creates those package directories.

Thank you SirDice. I hadn't gone as far as bulk due to the errors as above, tried now:

git clone https://github.com/freebsd/poudriere

Cloning into 'poudriere'...
remote: Enumerating objects: 48150, done.
remote: Counting objects: 100% (4414/4414), done.
remote: Compressing objects: 100% (1467/1467), done.
remote: Total 48150 (delta 2964), reused 4265 (delta 2888), pack-reused 43736
Receiving objects: 100% (48150/48150), 16.70 MiB | 7.49 MiB/s, done.
Resolving deltas: 100% (30312/30312), done.

doas poudriere ports -u

[00:00:00] Updating portstree "default" with git+https... done

$ doas poudriere bulk -j bsd13 -Ct /usr/ports/mail/alpine

[00:00:00] Error: kern.securelevel >= 1. Poudriere requires no securelevel to be able to handle schg flags. USE_TMPFS with 'localbase' or 'all' values can avoid this.

 

[SirDice]

Lower your securelevel or change the USE_TMPFS settings in poudriere.conf.

Note that setting USE_TMPFS to all can use quite a lot of memory, so make sure you have enough to spare.

 

[jbo@]

Sivan! If you're just getting started and want to get something up and running without too much customization, you might find this "complete" getting started guide helpful: https://blog.insane.engineer/post/freebsd_poudriere_guide

 

[Sivan!]

SirDice Took option 2 and changed "yes" to USE_TMPFS="localbase wrkdir data" Also compared examples entries from insane engineer's blogpost shared by jbodenmann uncommented or changed my config file.

doas poudriere bulk -j bsd13 -Ct /usr/ports/mail/alpine

kldload: can't load nullfs: Operation not permitted
[00:00:00] Error: Required kernel module 'nullfs' not found

This probably shows that I should have taken both option 1 and option 2 and must have lowered kernel security level? How?

Thank you.

 

[jbo@]

As of today, I'm no pro at this but poudriere certainly needs some permissions to spawn jails, mount filesystems, create ZFS datasets and so on.
Personally, I run poudriere as root in a VM. This provides me with the flexibility that fits my requirements - YMMV.

What kind of setup are you trying to run poudriere on? Messing with kernel security levels should not be necessary on a regular install.

Also, unless I'm mistaken, the port(s) argument(s) should just be in the form of category/port instead of the path to their location in the ports tree.
Speaking of which: You might also want to specify the ports tree to use with the -p option.

 

[grahamperrin]

… category/port instead of the path to their location in the ports tree. …

True.

<https://github.com/freebsd/poudriere/wiki/poudriere-bulk.8-devel#examples>

 

[grahamperrin]

Also: /usr/ports is a (copy of the) ports tree, however it is not used for getting started.

 

[grahamperrin]

git clone https://github.com/freebsd/poudriere

Not necessary.

Step 1 was installation.

 

[Sivan!]

As of today, I'm no pro at this but poudriere certainly needs some permissions to spawn jails, mount filesystems, create ZFS datasets and so on.
Personally, I run poudriere as root in a VM. This provides me with the flexibility that fits my requirements - YMMV.

What kind of setup are you trying to run poudriere on? Messing with kernel security levels should not be necessary on a regular install.

Also, unless I'm mistaken, the port(s) argument(s) should just be in the form of category/port instead of the path to their location in the ports tree.
Speaking of which: You might also want to specify the ports tree to use with the -p option.

I am trying to set up poudriere in a desktop computer without an equivalent alternative nor data back up, a computer that at the moment I can't live without. I ran bsdhardening and set the kernel security level to 3 taking various hints following requests for help from the forum thread and didn't quite get it right, at least I couldn't merge related config files right:

grahamperrin@ tried the example, didn't work, not surprising with all the possible mix up in the config files attached.

doas poudriere bulk accessibility/sct /mail/alpine

[00:00:00] Error: Don't know on which jail to run please specify -j

[/usr/ports/mail]$ doas poudriere bulk -j bsd13 accessibility/sct /mail/alpine

kldload: can't load nullfs: Operation not permitted
[00:00:00] Error: Required kernel module 'nullfs' not found

 

[jbo@]

I am trying to set up poudriere in a desktop computer without an equivalent alternative nor data back up, a computer that at the moment I can't live without.

Did you consider running poudriere in a VM? Setting up a bhyve VM is pretty straight forward. There are also a number of tools out there to increase quality-of-life such as sysutils/cbsd.

 

[SirDice]

must have lowered kernel security level?

Remove kern.securelevel from /boot/loader.conf and reboot.

 

[Sivan!]

/boot/olader.conf didn't have that entry, /etc/rc.conf had those entries, removed them, rebooting.

Update:

doas poudriere bulk -j bsd13 accessibility/sct /mail/alpine

Built ports: ports-mgmt/pkg
[00:03:18] Fetched ports: textproc/aspell devel/gmake x11/libXrandr devel/gettext-runtime mail/alpine accessibility/sct x11/libX11 devel/gettext-tools devel/pkgconf x11/libXrender x11/libXext devel/xorg-macros print/indexinfo x11/libxcb devel/libpthread-stubs devel/libtextstyle x11/xtrans lang/perl5.32 x11/xorgproto x11/libXdmcp x11/libXau devel/libffi math/mpdecimal lang/python38 textproc/libxml2 x11/xcb-proto devel/readline
[bsd13-default] [2022-06-15_14h21m30s] [committing:] Queued: 28 Built: 1 Failed: 0 Skipped: 0 Ignored: 0 Fetched: 27 Tobuild: 0 Time: 00:03:11

Thank you SirDice Now what do I do about hardening? Is there a way to restore kern.Securelevel and then run Poudriere with a parameter that says, lower kern.securelevel, run your program, restore kern.securelevel?

 

[SirDice]

You cannot lower the securelevel on a running system, that would defeat it's purpose.

 

[Sivan!]

You cannot lower the securelevel on a running system, that would defeat it's purpose.

Thank you SirDice My needs are lighter, I install a package or two once a month, the solution could be that I restore the Security level, lower it only when I have to run Poudriere, then revert back to the desired Security level. This is not difficult for me, except that routine every day package updates, if performed by Poudriere might not happen automatically.

I ran /usr/libexec/bsdinstall/hardening and chose every option and then changed /etc/rc.conf to include

kern_securelevel_enable="Yes"
kern_securelevel="3"

Rebooting now to see if the computer boots. Update: All well.

Thank you.

 

[jbo@]

Thank you SirDice My needs are lighter, I install a package or two once a month, the solution could be that I restore the Security level, lower it only when I have to run Poudriere, then revert back to the desired Security level. This is not difficult for me, except that routine every day package updates, if performed by Poudriere might not happen automatically.

Or you could think about this:

Did you consider running poudriere in a VM? Setting up a bhyve VM is pretty straight forward. There are also a number of tools out there to increase quality-of-life such as sysutils/cbsd.

 

[Sivan!]

Did you consider running poudriere in a VM? Setting up a bhyve VM is pretty straight forward. There are also a number of tools out there to increase quality-of-life such as sysutils/cbsd.

jbodenmann I was drafting a reply to you at the exact moment you quoted your recommendation again. I notice that Bhyve client has certain specific hardware requirement, if it matches a 2010 Server with a noisy fan, I will install server in one machine and the server in another. A friend sometime ago helped me install VM on CentOs platform and its client on a computer, had to revert back to being a dumb user despite the fact that the VM installation in CentOS was a thorough installation, except for my hardware limitations at that point of time. I will try Bhyve now. Thank you.

jbodenmann Please take a look at this thread. Thank you

P.S. Have always been wondering if it is possible to run a VM client INSIDE the 'server', i.e Client software and Server software, both in one machine, to run the client in one 'compartment' accessing resources in another, not sure if Bhyve has such an unusual feature in any case I will power up the Server with the noisy fan.

 

[SirDice]

I ran /usr/libexec/bsdinstall/hardening and chose every option

Don't enable (or disable) those options if you don't know or understand what the implications are.

 

[Sivan!]

Don't enable (or disable) those options if you don't know or understand what the implications are.

SirDice Thank you. My computer works with all options and kernel security level as 3 for the past two or three months, YouTube works, audio works, browser brings web pages, gmail sends and receives email, it is all well with all enabled even when I don't know what these options do. Going by your advice I will not fix what ain't broken, and leave everything as enabled !

 

[Lamia]

Apparently, some applications requiring changing the kern.securelevel to as low as zero or lower. Poudriere is one of them. That is why one may run it in a jail.