Giter VIP home page Giter VIP logo

Comments (3)

DtxdF avatar DtxdF commented on June 15, 2024

Hi @xorander00,

Thank you for considering AppJail as your solution.

PkgBase is a great way to reduce the jail size, although at the moment it is experimental and needs testing, but I think this project will have a great future.

I have been using PkgBase using the alpha.pkgbase.live repository since I have cheap and old hardware and can't compile all the stuff in a reasonable time. Although at the moment this repository is down.

Although I can't test it, the following files are needed to build a jail with PkgBase:

Makejail:

OPTION start
OPTION overwrite
OPTION type=thick
OPTION copydir=files
OPTION file=/usr/local/etc/pkg/repos/base.conf
OPTION file=/usr/share/keys/pkg/trusted/alpha.pkgbase.live.pub
OPTION template=template.conf

CMD pkg update -yr FreeBSD-base
CMD pkg install -yg 'FreeBSD-*'

template.conf:

persist
allow.chflags
exec.start: "/bin/sh /etc/rc"
exec.stop: "/bin/sh /etc/rc.shutdown"

files/usr/local/etc/pkg/repos/base.conf:

FreeBSD-base: {
        url: "https://alpha.pkgbase.live/release/${ABI}/latest",
        signature_type: "pubkey",
        pubkey: "/usr/share/keys/pkg/trusted/alpha.pkgbase.live.pub",
        enabled: yes
}

files/usr/share/keys/pkg/trusted/alpha.pkgbase.live.pub:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+EUrsACRuVAdJPt1TCm
lVcG52td5aREstDDxAtWlLJFL8HtNwtbMpNQnJDz7fzlFsw5B7LisQi1ciX6hB/u
Svx2szVyijpm6EGClK3SDvLv56DEkPjankFCziY9VLTIR+kRLcczwNhJh4QPOLjb
KMuIjU0QKzuJI2lOjuBq6JBSJe42/7nbVK9Yih06BS5MpkXTV6JkQU8AAO+89E0R
zd49b8wZy4JAVxAongJAtwBTSIwBP4d+TEzT5VVkSnE1jvT//3e9nsEcMlDcDlKH
/9OV3r0mMDE6cXpcR3V1v45IScY31/xw8nl/1HXP6F+ZSsUSai61JQcwZZPpg6j9
mQIDAQAB
-----END PUBLIC KEY-----

Tree structure:

# tree -pug
[drwxr-x--- root     wheel   ]  .
├── [-rw-r----- root     wheel   ]  Makejail
├── [drwxr-x--- root     wheel   ]  files
│   └── [drwxr-x--- root     wheel   ]  usr
│       ├── [drwxr-x--- root     wheel   ]  local
│       │   └── [drwxr-x--- root     wheel   ]  etc
│       │       └── [drwxr-x--- root     wheel   ]  pkg
│       │           └── [drwxr-x--- root     wheel   ]  repos
│       │               └── [-rw-r----- root     wheel   ]  base.conf
│       └── [drwxr-x--- root     wheel   ]  share
│           └── [drwxr-x--- root     wheel   ]  keys
│               └── [drwxr-x--- root     wheel   ]  pkg
│                   └── [drwxr-x--- root     wheel   ]  trusted
│                       └── [-rw-r----- root     wheel   ]  alpha.pkgbase.live.pub
└── [-rw-r----- root     wheel   ]  template.conf

11 directories, 4 files

Therefore, you only have to execute the following command (as root):

# appjail makejail -j pkgbase

As I said, I can't guarantee that the above will work because the repository is down, but when it is active again I will test it to confirm. Although, if you have a custom repository change the URL and remove the things you don't need.

from appjail.

DtxdF avatar DtxdF commented on June 15, 2024

This issue has been closed due to inactivity. You can reopen it if you wish.

from appjail.

xorander00 avatar xorander00 commented on June 15, 2024

Sorry, been busy.

Ah, that makes sense. I didn't realize it was as simple as just adding the required files to configure pkg & then install the FreeBSD-* packages as desired. I build & use an internal repository, so I can test this out later when I get the chance. It's on my agenda for the coming week.

I did notice one other thing which I think might require a modification. I'll mention it here and can open a separate issue for it when I look at it again. I moved to using netgraph from epair quite a while ago and I like it. It started with using jng, and then I wrote up a script to handle node create/destroy + hooks myself. I don't remember the exact details currently, but there was a bug in naming nodes (that I'm pretty sure has been fixed now), and I also wanted predictable names. It's not exactly obvious, but node names need to be <16 characters, so originally I was using a truncated hash of the hostname + jailname + instance number to avoid collisions but make it predictable. I transitioned to an orchestrator last year, which provides me with a full UUID per instance as well as a unique 8-character short id that is derived from that, so I just use ng0_{8_CHAR_ID} now. From what I saw, there's no easy way to set that as the code currently stands (though I could be wrong).

Anyway, I'll keep an eye on this repo and try to work with it when my schedule clears up a bit. Thanks!

from appjail.

Related Issues (10)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.