Skip to content

Instantly share code, notes, and snippets.

@dlangille
Last active October 17, 2021 20:05
Show Gist options
  • Save dlangille/924507ce545de8fbbe78b50b752997ce to your computer and use it in GitHub Desktop.
Save dlangille/924507ce545de8fbbe78b50b752997ce to your computer and use it in GitHub Desktop.
Hook for nullfs mounting an extra patches directory in the master jail - see https://dan.langille.org/2019/08/10/poudriere-hooks/
#!/bin/sh
# /usr/local/etc/poudriere.d/hooks/jail.sh
status="$1"
# NOTE: mount is invoked before start: re https://github.com/freebsd/poudriere/wiki/hooks
if [ "$status" = "mount" ] && [ -d /usr/local/etc/poudriere.d/local-patches ]; then
mntpath="$2"
# The local-patches directory is created only if it does not already exist.
# If it does not already exist, it means we are doing this on the master jail
if [ ! -d "${mntpath}/local-patches" ]; then
/bin/mkdir "${mntpath}/local-patches"
fi
# mount our patches to that location
/sbin/mount -t nullfs -o ro /usr/local/etc/poudriere.d/local-patches "${mntpath}/local-patches"
fi
exit 0
The jail.sh hook can be used on conjunction with an entry in
/usr/local/etc/poudriere.d/make.conf (or similar) such as this
.if ${.CURDIR:M*/net-mgmt/nagios}
EXTRA_PATCHES+= /local-patches/webserver/nagios.patch
.endif
@derekmarcotte
Copy link

@derekmarcotte
Copy link

Also, adding && [ -d /usr/local/etc/poudriere.d/local-patches ] on https://gist.github.com/dlangille/924507ce545de8fbbe78b50b752997ce#file-jail-sh-L7 ?

@dlangille
Copy link
Author

Love this, but I wonder about adding -o ro to https://gist.github.com/dlangille/924507ce545de8fbbe78b50b752997ce#file-jail-sh-L17 ?

Isn't nullfs RO by default?

@derekmarcotte
Copy link

Love this, but I wonder about adding -o ro to https://gist.github.com/dlangille/924507ce545de8fbbe78b50b752997ce#file-jail-sh-L17 ?

Isn't nullfs RO by default?

Doesn't look like it? Not on 12.2 anyhow. 🤷

@dlangille
Copy link
Author

I agree now, after reading my own code:

create-jail-directories.sh:/usr/share/mk ${JAILBASE}/usr/share/mk nullfs ro,nosuid,noexec 0 0

I was setting things up with RO and I guess I just assumed it was. Oops.

@dlangille
Copy link
Author

The RO patch works:

[pkg01 dan ~] % mount | grep patch
/usr/local/etc/poudriere.d/local-patches on /usr/local/poudriere/data/.m/13amd64-dvl/ref/local-patches (nullfs, local, noatime, read-only, nfsv4acls)
/usr/local/etc/poudriere.d/local-patches on /usr/local/poudriere/data/.m/13amd64-dvl/02/local-patches (nullfs, local, noatime, read-only, nfsv4acls)
/usr/local/etc/poudriere.d/local-patches on /usr/local/poudriere/data/.m/13amd64-dvl/03/local-patches (nullfs, local, noatime, read-only, nfsv4acls)
/usr/local/etc/poudriere.d/local-patches on /usr/local/poudriere/data/.m/13amd64-dvl/01/local-patches (nullfs, local, noatime, read-only, nfsv4acls)
[pkg01 dan ~] %                                                                                                                                                         21:05:12

@dlangille
Copy link
Author

And testing the -d:

[pkg01 dan /usr/local/etc/poudriere.d/hooks] % sudo mv /usr/local/etc/poudriere.d/local-patches /usr/local/etc/poudriere.d/local-patches.disabled

Then run a testport:

[pkg01 dan ~] % mount | grep patch                                                                                                                                      21:05:12
[pkg01 dan ~] % mount | grep patch                                                                                                                                      21:07:15
[pkg01 dan ~] % mount | grep patch                                                                                                                                      21:07:16
[pkg01 dan ~] % mount | grep patch                                                                                                                                      21:07:17
[pkg01 dan ~] % mount | grep patch                                                                                                                                      21:07:17

@dlangille
Copy link
Author

Move that directory back, another testport:

[pkg01 dan ~] % mount | grep patch                                                                                                                                      21:08:50
/usr/local/etc/poudriere.d/local-patches on /usr/local/poudriere/data/.m/13amd64-dvl/ref/local-patches (nullfs, local, noatime, read-only, nfsv4acls)

Success!

@dlangille
Copy link
Author

gist updated. Thank you @derekmarcotte - good suggestions.

@derekmarcotte
Copy link

Thanks for adding them. This little snippet is immensely helpful, thanks for blogging it, and making it available! Vastly improves an existing workflow. Maybe upstream would be interested in including it in the example hooks?

@dlangille
Copy link
Author

I am happy that it's useful to you. I have used it dozens of times daily for over two years.

See freebsd/poudriere#928

@jlduran
Copy link

jlduran commented Oct 17, 2021

Hi Dan!, if you don't mind, what is the difference/advantage between this approach and creating a local-patches poudriere-ports tree and using it as an overlay for poudriere-bulk?

@dlangille
Copy link
Author

This approach was created 2 years ago, before I'd heard of poudriere overlays.

I looked at overlay and could not figure out how to get it work.

Do you see any advantages?

@jlduran
Copy link

jlduran commented Oct 17, 2021

Do you see any advantages?

I see an advantage with this hook, it is closer to having a unionfs-mounted overlay (instead of the current nullfs-mounted one). I have not tested exhaustively, but from my initial tests, you would need to have all the port files + patches, instead of just the diff from the ports tree (local patches).

I looked at overlay and could not figure out how to get it work.

Here is my sample repo: https://github.com/jlduran/test-poudriere-overlay. It basically uses the category/port directory from the overlay instead of the default one. If you're using git, this approach might be a bit excessive for my needs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment