Updated 2019-Nov-11: Elaborated on options.
Ports are awesome but not when you have to apply an update and take a production system down for the time it takes to recompile a binary. Poudriere to the rescue!
pkg-ng
, for the most part, contains the binary files I need with the proper options enabled, but not all...
- nginx with GeoIP
- Postfix with mySQL support
- Dovecot with mySQL support
(yes, I know a few of these have "full" packages but I don't need all those features)
Here's how to get started with hosting your own custom pkg repository:
- Install:
pkg install poudriere
- Create a zvol for poudriere to work in:
zfs create /jails/poudriere
- Configure poudriere:
vim /usr/local/etc/pkg/poudriere.conf ZPOOL=jails ZROOTFS=/poudriere FREEBSD_HOST=https://download.FreeBSD.org RESOLV_CONF=/etc/resolv.conf BASEFS=/usr/local/poudriere USE_PORTLINT=no USE_TMPFS=yes DISTFILES_CACHE=/usr/ports/distfiles PARALLEL_JOBS=4
- Create a new jail:
poudriere jail -c -j 11-1-amd64 -v 11.1-RELEASE
-c
Create a jail-j
Jail name-v
Version of FreeBSD to use in the jail
- Create a corresponding ports tree:
poudriere ports -c -p local
-c
Create a ports tree-p
Portstree name
- Create a package list (this can be in your home directory):
vim 11-1-amd64-local-mail_servers-pkglist
and include a list of the ports you want to build:mail/postfix-sasl mail/dovecot
- Configure the port's options:
poudriere options -j 11-1-amd64 -p local -z mail_servers -f 11-1-amd64-local-mail_server-pkglist
-j
Name of jail created earlier-p
Name of portstree created earlier-z
This lets you set custom options for different set of flavor of the package. For instance, I want nginx built with RTMP on one server but with GeoIP on another. I would simply set different options under each-z foo
.-f
This is the package list file created in step 6.
- Finally, build the package:
poudriere bulk -j 11-1-amd64 -p local -z mail_servers -f 11-1-amd64-local-mail_server-pkglist
- The only difference between #7 and #8 is the subcommand
bulk
. This starts the build process. PressingCtrl-t
will show the progress.
- The only difference between #7 and #8 is the subcommand
If updates arrive, run poudriere ports -u -p local
and poudriere jail -u -j 11-1-amd64
. This will update the ports tree and the build jail.
Also, some helpful commands:
poudriere jails -l
lists all jails.
poudriere ports -l
lists all portstrees.
Client configuration
-
Since my poudriere repository is hosted behind a Let'sEncrypt TLS cert, I needed to install the
ca_root_nss
package usingpkg install ca_root_nss
. -
Create a file (
/usr/local/etc/pkg/repos/custom.conf
) and add the following (changing the url):poudriere_mail: { url: "https://pkg.fqdn/packages/11-1-amd64-local-mail_servers/", enabled: yes, priority: 100, }