Comments (3)
Hi @xorander00,
Thank you for considering AppJail as your solution.
PkgBase is a great way to reduce the jail size, although at the moment it is experimental and needs testing, but I think this project will have a great future.
I have been using PkgBase using the alpha.pkgbase.live repository since I have cheap and old hardware and can't compile all the stuff in a reasonable time. Although at the moment this repository is down.
Although I can't test it, the following files are needed to build a jail with PkgBase:
Makejail:
OPTION start
OPTION overwrite
OPTION type=thick
OPTION copydir=files
OPTION file=/usr/local/etc/pkg/repos/base.conf
OPTION file=/usr/share/keys/pkg/trusted/alpha.pkgbase.live.pub
OPTION template=template.conf
CMD pkg update -yr FreeBSD-base
CMD pkg install -yg 'FreeBSD-*'
template.conf:
persist
allow.chflags
exec.start: "/bin/sh /etc/rc"
exec.stop: "/bin/sh /etc/rc.shutdown"
files/usr/local/etc/pkg/repos/base.conf:
FreeBSD-base: {
url: "https://alpha.pkgbase.live/release/${ABI}/latest",
signature_type: "pubkey",
pubkey: "/usr/share/keys/pkg/trusted/alpha.pkgbase.live.pub",
enabled: yes
}
files/usr/share/keys/pkg/trusted/alpha.pkgbase.live.pub:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+EUrsACRuVAdJPt1TCm
lVcG52td5aREstDDxAtWlLJFL8HtNwtbMpNQnJDz7fzlFsw5B7LisQi1ciX6hB/u
Svx2szVyijpm6EGClK3SDvLv56DEkPjankFCziY9VLTIR+kRLcczwNhJh4QPOLjb
KMuIjU0QKzuJI2lOjuBq6JBSJe42/7nbVK9Yih06BS5MpkXTV6JkQU8AAO+89E0R
zd49b8wZy4JAVxAongJAtwBTSIwBP4d+TEzT5VVkSnE1jvT//3e9nsEcMlDcDlKH
/9OV3r0mMDE6cXpcR3V1v45IScY31/xw8nl/1HXP6F+ZSsUSai61JQcwZZPpg6j9
mQIDAQAB
-----END PUBLIC KEY-----
Tree structure:
# tree -pug
[drwxr-x--- root wheel ] .
├── [-rw-r----- root wheel ] Makejail
├── [drwxr-x--- root wheel ] files
│ └── [drwxr-x--- root wheel ] usr
│ ├── [drwxr-x--- root wheel ] local
│ │ └── [drwxr-x--- root wheel ] etc
│ │ └── [drwxr-x--- root wheel ] pkg
│ │ └── [drwxr-x--- root wheel ] repos
│ │ └── [-rw-r----- root wheel ] base.conf
│ └── [drwxr-x--- root wheel ] share
│ └── [drwxr-x--- root wheel ] keys
│ └── [drwxr-x--- root wheel ] pkg
│ └── [drwxr-x--- root wheel ] trusted
│ └── [-rw-r----- root wheel ] alpha.pkgbase.live.pub
└── [-rw-r----- root wheel ] template.conf
11 directories, 4 files
Therefore, you only have to execute the following command (as root):
# appjail makejail -j pkgbase
As I said, I can't guarantee that the above will work because the repository is down, but when it is active again I will test it to confirm. Although, if you have a custom repository change the URL and remove the things you don't need.
from appjail.
This issue has been closed due to inactivity. You can reopen it if you wish.
from appjail.
Sorry, been busy.
Ah, that makes sense. I didn't realize it was as simple as just adding the required files to configure pkg & then install the FreeBSD-* packages as desired. I build & use an internal repository, so I can test this out later when I get the chance. It's on my agenda for the coming week.
I did notice one other thing which I think might require a modification. I'll mention it here and can open a separate issue for it when I look at it again. I moved to using netgraph from epair quite a while ago and I like it. It started with using jng, and then I wrote up a script to handle node create/destroy + hooks myself. I don't remember the exact details currently, but there was a bug in naming nodes (that I'm pretty sure has been fixed now), and I also wanted predictable names. It's not exactly obvious, but node names need to be <16 characters, so originally I was using a truncated hash of the hostname + jailname + instance number to avoid collisions but make it predictable. I transitioned to an orchestrator last year, which provides me with a full UUID per instance as well as a unique 8-character short id that is derived from that, so I just use ng0_{8_CHAR_ID} now. From what I saw, there's no easy way to set that as the code currently stands (though I could be wrong).
Anyway, I'll keep an eye on this repo and try to work with it when my schedule clears up a bit. Thanks!
from appjail.
Related Issues (10)
- any jail i try to make using nat options gives error HOT 13
- Man pages could be handy. HOT 1
- [QUESTION] OCI, CRI support? HOT 1
- INCLUDE statement in Makejail file fails with file not found error despite file existence HOT 3
- missing doas dependency HOT 3
- Add `pot` to the comparison page, maybe HOT 1
- Documentation online only HOT 2
- The network performance is somehow disastrous. HOT 7
- Linux jail with alias cannot communicate with other FreeBSD jails without alias in the same virtual network. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from appjail.