======================================= freebsd poudriere package server ======================================= A poudriere server can only create packages for the os release that it is currently running or an earlier release. Check here for the os releases which have images and the ones that do not. https://www.freebsd.org/security/ https://www.freebsd.org/security/unsupported/ The EOL date will closely represent the final year and quarter of the ports tree for the os release version. ======================================= update the server --------------------------------------- freebsd-version -kru freebsd-update fetch freebsd-update install shutdown -r now ======================================= install poudriere --------------------------------------- pkg install poudriere ======================================= /usr/local/etc/poudriere.conf --------------------------------------- ZPOOL=tank ZROOTFS=/poudriere BASEFS=/export/poudriere DISTFILES_CACHE=/export/poudriere/distfiles CCACHE_DIR=/export/poudriere/ccache PKG_REPO_SIGNING_KEY=/usr/local/etc/ssl/keys/poudriere.key FREEBSD_HOST=https://download.freebsd.org RESOLV_CONF=/etc/resolv.conf USE_PORTLINT=no USE_TMPFS=yes TMPFS_LIMIT=8 MAX_MEMORY=8 MAX_FILES=1024 MAX_EXECUTION_TIME=86400 PARALLEL_JOBS=1 PREPARE_PARALLEL_JOBS=1 CHECK_CHANGED_OPTIONS=verbose CHECK_CHANGED_DEPS=yes NO_FORCE_PACKAGE=yes NO_PACKAGE_BUILDING=yes ALLOW_MAKE_JOBS=yes TIMESTAMP_LOGS=yes BUILDER_HOSTNAME=pkg.freebsd.org USE_COLORS=yes DETERMINE_BUILD_FAILURE_REASON=yes URL_BASE=http://192.168.99.100/poudriere HTML_TYPE="hosted" HTML_TRACK_REMAINING=yes ======================================= create poudriere directories --------------------------------------- zpool create -f -m /export -o autoexpand=off -O compression=lz4 -O checksum=sha512 -O atime=on tank ada1 zfs create tank/poudriere zfs create tank/poudriere/ccache zfs get sync tank/poudriere/ccache zfs set sync=disabled tank/poudriere/ccache zfs get sync tank/poudriere/ccache mkdir /export/poudriere/distfiles ======================================= prepare a repo signing key --------------------------------------- mkdir -p /usr/local/etc/ssl/certs mkdir /usr/local/etc/ssl/keys openssl genrsa -out /usr/local/etc/ssl/keys/poudriere.key 4096 chmod 0600 /usr/local/etc/ssl/keys chmod 0600 /usr/local/etc/ssl/keys/poudriere.key openssl rsa -in /usr/local/etc/ssl/keys/poudriere.key -pubout -out /usr/local/etc/ssl/certs/poudriere.cert ======================================= install ccache-static --------------------------------------- pkg install ccache-static ======================================= get the ports tree --------------------------------------- pkg install git ======================================= create poudriere jails for os releases that have images --------------------------------------- poudriere jails -c -a amd64 -j 141amd64 -v 14.1-RELEASE poudriere jails -c -a amd64 -j 142amd64 -v 14.2-RELEASE ======================================= build your own poudriere jails for eol or bleeding edge os releases that do not have imges --------------------------------------- time -p idprio 0 poudriere jails -c -a amd64 -j 140amd64 -v releng/14.0 \ -b -J 60 -D -m git+https -U https://git.freebsd.org/src.git > /export/poudriere/140amd64.log 2>&1 time -p idprio 0 poudriere jails -c -a amd64 -j 14Samd64 -v stable/14 \ -b -J 60 -D -m git+https -U https://git.freebsd.org/src.git > /export/poudriere/14Samd64.log 2>&1 --------------------------------------- poudriere jails -l JAILNAME VERSION ARCH METHOD TIMESTAMP PATH 140amd64 14.0-RELEASE-p11 1400097 f10e328cb192 amd64 git+https 2025-02-27 23:38:19 /export/poudriere/jails/140amd64 141amd64 14.1-RELEASE-p8 amd64 http 2025-02-24 00:24:59 /export/poudriere/jails/141amd64 142amd64 14.2-RELEASE-p2 amd64 http 2025-02-28 03:17:39 /export/poudriere/jails/142amd64 14Samd64 14.2-STABLE 1402503 db06c8fd7f5b amd64 git+https 2025-02-28 00:41:29 /export/poudriere/jails/14Samd64 ======================================= crazy way to get a list of available ports trees ...because i really do not know what is going on here --------------------------------------- mkdir /tmp/foo git clone ssh://anongit@git.freebsd.org/ports.git /tmp/foo cd /tmp/foo ls .git git pull origin main From ssh://git.freebsd.org/ports * branch main -> FETCH_HEAD Already up to date. git remote show origin * remote origin Fetch URL: ssh://anongit@git.freebsd.org/ports.git Push URL: ssh://anongit@git.freebsd.org/ports.git HEAD branch: main Remote branches: 2014Q1 tracked 2014Q2 tracked 2014Q3 tracked 2014Q4 tracked 2015Q1 tracked 2015Q2 tracked 2015Q3 tracked 2015Q4 tracked 2016Q1 tracked 2016Q2 tracked 2016Q3 tracked 2016Q4 tracked 2017Q1 tracked 2017Q2 tracked 2017Q3 tracked 2017Q4 tracked 2018Q1 tracked 2018Q2 tracked 2018Q3 tracked 2018Q4 tracked 2019Q1 tracked 2019Q2 tracked 2019Q3 tracked 2019Q4 tracked 2020Q1 tracked 2020Q2 tracked 2020Q3 tracked 2020Q4 tracked 2021Q1 tracked 2021Q2 tracked 2021Q3 tracked 2021Q4 tracked 2022Q1 tracked 2022Q2 tracked 2022Q3 tracked 2022Q4 tracked 2023Q1 tracked 2023Q2 tracked 2023Q3 tracked 2023Q4 tracked 2024Q1 tracked 2024Q2 tracked 2024Q3 tracked 2024Q4 tracked 2025Q1 tracked main tracked Local branch configured for 'git pull': main merges with remote main Local ref configured for 'git push': main pushes to main (up to date) --------------------------------------- https://cgit.freebsd.org/ports/refs/ <---- just go here instead --------------------------------------- generally speaking you can simply pick a year and quarter such as 2025Q1 ======================================= create poudriere ports tree --------------------------------------- poudriere ports -c -p 2025Q1 -m git+https -B 2025Q1 poudriere ports -l PORTSTREE METHOD TIMESTAMP PATH 2025Q1 git+https 2025-02-24 01:00:53 /export/poudriere/ports/2025Q1 ======================================= create list of currently installed packages for sample test packages to build --------------------------------------- pkg query -a '%o %a' | awk '$NF == 0 { print $1 }' | tee /export/poudriere/141_pkg_list.txt ======================================= start building packages --------------------------------------- poudriere jails -u -j 141amd64 poudriere ports -u -p 2025Q1 # -n dry run # -c clean all previously built packages and logs # -t test the ports # -r recursively test all dependencies as well # -j run the bulk build on the named jail # -p the ports tree the bulk build will be done # -f build ports listed in this file # -a build everything poudriere bulk -t -r -j 141amd64 -p 2025Q1 -a poudriere bulk -t -r -j 141amd64 -p 2025Q1 -f /export/poudriere/141_pkg_list.txt poudriere bulk -t -r -j 141amd64 -p 2025Q1 sysutils/neofetch devel/git ctrl-t <---- get some feedback during the poudriere bulk build progress ======================================= poudriere utilities --------------------------------------- poudriere jail poudriere jails poudriere jails -d -j 141amd64 poudriere ports -d -p 2025Q1 poudriere ports -u -p 2025Q1 poudriere testport -j 141amd64 -p 2025Q1 -o sysutils/neofetch poudriere bulk poudriere options poudriere distclean -p 2025Q1 sysutils/neofetch poudriere logclean poudriere pkgclean poudriere status -a cd /export/poudriere/ports/2025Q1 git log -n 1 CCACHE_DIR=/export/poudriere/ccache ccache -s zfs list -r tank NAME USED AVAIL REFER MOUNTPOINT tank 45.4M 9.16G 24K /export tank/poudriere 44.9M 9.16G 26K /export/poudriere tank/poudriere/ccache 24K 9.16G 24K /export/poudriere/ccache tank/poudriere/data 170K 9.16G 26K /export/poudriere/data tank/poudriere/data/.m 24K 9.16G 24K /export/poudriere/data/.m tank/poudriere/data/cache 24K 9.16G 24K /export/poudriere/data/cache tank/poudriere/data/images 24K 9.16G 24K /export/poudriere/data/images tank/poudriere/data/logs 24K 9.16G 24K /export/poudriere/data/logs tank/poudriere/data/packages 24K 9.16G 24K /export/poudriere/data/packages tank/poudriere/data/wrkdirs 24K 9.16G 24K /export/poudriere/data/wrkdirs tank/poudriere/jails 44.7M 9.16G 24K /export/poudriere/jails tank/poudriere/jails/141amd64 44.7M 9.16G 44.7M /export/poudriere/jails/141amd64 tank/poudriere/ports 24K 9.16G 24K /export/poudriere/ports ======================================= basic apache server setup for poudriere server monitoring and package serving ======================================= pkg install apache24 ======================================= /etc/rc.conf --------------------------------------- apache24_enable="YES" ======================================= /etc/hosts --------------------------------------- 192.168.99.100 hostname ======================================= /usr/local/etc/apache24/Includes/poudriere.conf --------------------------------------- Alias /poudriere/FreeBSD:13:amd64 "/export/poudriere/data/packages/134amd64-2025Q1" Alias /poudriere/FreeBSD:14:amd64 "/export/poudriere/data/packages/141amd64-2025Q1" Alias /poudriere/FreeBSD:15:amd64 "/export/poudriere/data/packages/150amd64-2025Q1" Alias /poudriere/packages "/export/poudriere/data/packages" Alias /poudriere/data "/export/poudriere/data/logs/bulk" Alias /poudriere "/usr/local/share/poudriere/html" Options Indexes Require all granted --------------------------------------- apachectl configtest apachectl start --------------------------------------- http://192.168.99.100/ http://hostname/ http://192.168.99.100/poudriere ======================================= poudriere client setup ======================================= ======================================= /etc/pkg/FreeBSD.conf --------------------------------------- # # To disable this repository, instead of modifying or removing this file, # create a /usr/local/etc/pkg/repos/FreeBSD.conf file: # # mkdir -p /usr/local/etc/pkg/repos # echo "FreeBSD: { enabled: no }" > /usr/local/etc/pkg/repos/FreeBSD.conf #jails freebsd-version show FreeBSD: { url: "pkg+https://pkg.freebsd.org/${ABI}/quarterly", mirror_type: "srv", signature_type: "fingerprints", fingerprints: "/usr/share/keys/pkg", enabled: yes } ======================================= /usr/local/etc/pkg/repos/FreeBSD.conf --------------------------------------- mkdir -p /usr/local/etc/pkg/repos echo "FreeBSD: { enabled: no }" > /usr/local/etc/pkg/repos/FreeBSD.conf ======================================== /usr/local/etc/pkg/repos/myrepo.conf ---------------------------------------- myrepo: { url: "http://192.168.99.100/poudriere/packages/141amd64-2025Q1/", mirror_type: "http", signature_type: "pubkey", pubkey: "/usr/local/etc/ssl/certs/poudriere.cert", priority: 1, enabled: yes } --------------------------------------- myrepo_base: { url: "http://192.168.99.100/poudriere/${ABI}", mirror_type: "http", signature_type: "pubkey", pubkey: "/usr/local/etc/ssl/certs/poudriere.cert", priority: 0, enabled: yes } --------------------------------------- # this will do when the server is also a client myrepo: { url: "file:///export/poudriere/data/packages/141amd64-2025Q1/" } ---------------------------------------- # this will connect the client to the server when not using a signing key myrepo: { url: "http://192.168.99.100/poudriere/packages/141amd64-2025Q1/" } ======================================= installing packages from poudriere --------------------------------------- pkg query -a '%t %a %k %R %o %v' | sort pkg update pkg search neofetch pkg install neofetch pkg clean -ya <---- do this once (when tranisitioning to poudriere) pkg upgrade -n -f -y pkg upgrade -Ffy pkg upgrade -fy pkg info -r neofetch pkg info -d neofetch pkg info -l neofetch pkg query -a '%t %a %k %R %o %v' | sort pkg info -i pkg ======================================= references --------------------------------------- https://man.freebsd.org/cgi/man.cgi?query=pkg&sektion=8&apropos=0&manpath=FreeBSD+14.2-RELEASE+and+Ports https://man.freebsd.org/cgi/man.cgi?query=pkg.conf&sektion=5&apropos=0&manpath=FreeBSD+14.2-RELEASE+and+Ports https://man.freebsd.org/cgi/man.cgi?query=pkg-repo&sektion=8&apropos=0&manpath=FreeBSD+14.2-RELEASE+and+Ports https://man.freebsd.org/cgi/man.cgi?query=pkg-repository&sektion=5&apropos=0&manpath=FreeBSD+14.2-RELEASE+and+Ports https://man.freebsd.org/cgi/man.cgi?query=poudriere&sektion=8&apropos=0&manpath=FreeBSD+14.2-RELEASE+and+Ports https://cgit.freebsd.org/ports/refs/ ======================================= notes --------------------------------------- # Path to the RSA key to sign the PKG repo with. See pkg-repo(8)jails freebsd-version show # This produces a repo that supports SIGNATURE_TYPE=PUBKEY # Default: not set #PKG_REPO_SIGNING_KEY=/etc/ssl/keys/repo.key # Command to sign the PKG repo with. See pkg-repo(8) # This produces a repo that supports SIGNATURE_TYPE=FINGERPRINTS # Default: not set #SIGNING_COMMAND=ssh signing-server sign.sh # Repo signing command execution context # If SIGNING_COMMAND is set, run pkg-repo(8) on the host? # no - Run in the jail # yes - Run on the host # Default: no #PKG_REPO_FROM_HOST=yes --------------------------------------- REPOSITORY CONFIGURATION To use a repository you will need at least one repository configuration file. Repository configuration files are searched for in order of the direc- tories listed in the REPOS_DIR array, which defaults to /etc/pkg/ and /usr/local/etc/pkg/repos/. Filenames are arbitrary, but should end in `.conf'. For example /usr/local/etc/pkg/repos/myrepo.conf. A repository file is in UCL format and has the following form: myrepo: ENV: object A list of key value entries that will be passed as environment variable for the bundled fetch(3), per repository. URL: string URL for this repository only. ENABLED: boolean The repository will be used only if this option is enabled. Default: YES. MIRROR_TYPE: string MIRROR_TYPE for this repository only. Default: NONE. Any of HTTP or SRV or NONE. SIGNATURE_TYPE: string Specifies what type of signature this repository uses. Can be one of NONE, PUBKEY or FINGERPRINTS. (default: NONE) PUBKEY: string This should be set to a path containing public key for this repository only. (de- fault: NONE) FINGERPRINTS: string This should be set to a path containing known signatures for the repository. IP_VERSION: integer Restrict network access to specified IP version. 4 will only allow IPv4 and 6 will only allow IPv6. Any other value will use the system default. This option overrides the global setting with the same name and can be overwritten by a command line option. Default: 0. PRIORITY: integer Set the priority of the repository. Higher values are preferred. Default: 0. For a MIRROR_TYPE of NONE, any of the following URL schemes: http://, https://, file://, ssh://, tcp://. Where MIRROR_TYPE is SRV, you should use a pkg+http:// or pkg+https:// (etc.) URL scheme. Using an http:// URL implies that the hostname part is a simple hostname accord- ing to RFC 2616, and is no longer accepted. When SIGNATURE_TYPE is NONE, then no signature checking will be done on the repository. When SIGNATURE_TYPE is PUBKEY, then the PUBKEY option will be used for signature verification. This option is for use with the built-in signing support. When SIGNATURE_TYPE is FINGERPRINTS, then the FINGERPRINTS option will be used for signature verification. This option is for use with an external signing command. See pkg-repo(8) for more discussion on signature types. If FINGERPRINTS is set to /usr/local/etc/pkg/fingerprints/myrepo, then the directories /usr/local/etc/pkg/fingerprints/myrepo/trusted and /usr/local/etc/pkg/fingerprints/myrepo/revoked should exist with known good and bad fingerprints, respectively. Files in those directories should be in the format: function: sha256 fingerprint: sha256_representation_of_the_public_key The repository tag myrepo is an arbitrary string. Reusing the reposi- tory tag will cause those items defined in configuration files later on the REPOS_DIR search path to overwrite the equivalent settings for the same tag earlier on the search path. Hence the very common idiom, used to turn off the default FreeBSD configuration shipped in /etc/pkg/FreeBSD.conf. Rather than editing that file directly, create /usr/local/etc/pkg/repos/FreeBSD.conf with this content: FreeBSD: { enabled: NO } Repositories are processed in the order they are found on the REPOS_DIR search path, with individual repository configuration files in the same directory processed in alphabetical order. Settings from files later in the search path will override those from earlier ones. Packages are selected preferentially out of all the repositories that contain them from the repository with the highest priority, so long as they are suitable to solve the necessary dependency requirements. However, this preference may be overruled when CONSERVATIVE_UPGRADE is set to true, in which case a package will as far as possible always be upgraded from the same repository the older installed version came from, as given in the repository annotation of the installed package. See pkg-repository(5) for details. It is possible to specify more than one repository per file. --------------------------------------- REPOSITORY MIRRORING Multiple copies of a repository can be provided for resilience or to scale up site capacity. Two schemes are provided to auto-discover sets of mirrors given a single repository URL. HTTP The repository URL should download a text document containing a sequence of lines beginning with `URL:' followed by any amount of white space and one URL for a repository mirror. Any lines not matching this pattern are ignored. Mirrors are tried in the or- der listed until a download succeeds. SRV For an SRV mirrored repository where the URL is specified as http://pkgrepo.example.org/ SRV records should be set up in the DNS: $ORIGIN example.com _http._tcp.pkgrepo IN SRV 10 1 80 mirror0 IN SRV 20 1 80 mirror1 where the SRV priority and weight parameters are used to control search order and traffic weighting between sites, and the port number and hostname are used to construct the individual mirror URLs. Mirrored repositories are assumed to have identical content, and only one copy of the repository catalogue will be downloaded to apply to all mirror sites. --------------------------------------- pkg -vv pkg config abi pkg config osversion pkg audit -F --------------------------------------- ABI = "FreeBSD:14:amd64"; ALTABI = "freebsd:14:x86:64"; OSVERSION = 1401000; ======================================= done =======================================