FreeBSD Package Compilation and Distribution
What will you learn in this guide?
In this guide, a centralized and automatic package production infrastructure will be established for FreeBSD servers.
Inconsistencies resulting from manual compilation processes will be eliminated.
All servers will use the same, signed and secure packages.
Preliminary Preparations
Before starting the installation, the following should be ready:
- A server running FreeBSD 11.2 or above
- At least 10 GB free disk space
- Installed Buildbot Master and Worker structure
- A second FreeBSD server to use packages
1. Poudriere Installation (Worker Jail)
Packages are compiled in isolated environments.
sudo jexec buildbot-worker0 csh
pkg install poudriere
- This command installs the Poudriere tool into the Buildbot worker jail.
2. Generating a Package Signing Key (Recommended)
- This step ensures package integrity.
openssl genrsa -out /usr/local/etc/poudriere.key 4096
chmod 0600 /usr/local/etc/poudriere.key
openssl rsa -in /usr/local/etc/poudriere.key -pubout -out /tmp/poudriere.pub
- This key is used for packet verification of client servers.
3. ZFS Configuration (Optional)
- Using ZFS significantly reduces compilation time.
sudo zfs create zroot/pdr
sudo zfs create zroot/pdr/w0
sudo zfs set jailed=on zroot/pdr/w0
- This structure provides snapshot and fast jail management.
4. Poudriere and Jail Configuration
- Configuration is made so that Poudriere can work in a jailed environment.
FREEBSD_HOST=https://download.FreeBSD.org
BASEFS=/pdr
PKG_REPO_SIGNING_KEY=/usr/local/etc/poudriere.key
CCACHE_DIR=/var/cache/ccache
NOLINUX=yes
LOIP4=127.0.0.3
- These settings stabilize the build environment.
5. Build Jail and Ports Tree
- The compilation environment is prepared.
poudriere jail -c -j 112amd64 -v 11.2-RELEASE -a amd64
poudriere ports -c -p 2019Q2 -m svn+https -B branches/2019Q2
- This process downloads the FreeBSD base and ports tree.
6. First Manual Test Build
- It is verified that the system is working correctly.
poudriere bulk -j 112amd64 -p 2019Q2 ports-mgmt/pkg
- When successful, packages are automatically added to the repository.
7. Publishing a Package Repository with Nginx
- Packages and build logs are made accessible on the web.
location /packages/ {
alias /usr/jails/buildbot-worker0/pdr/data/packages;
autoindex on;
}
location /logs/ {
alias /usr/jails/buildbot-worker0/pdr/data/logs/bulk;
autoindex on;
}
- This structure provides centralized package access.
8. Automated Build (CI) with Buildbot
- Automatic compilation is triggered when the ports tree changes.
steps.ShellCommand(
command=['sudo','poudriere','bulk','-j','112amd64','-p','2019Q2','shells/bash']
)
- Buildbot manages this process centrally.
9. Client Server Configuration
- Servers retrieve packages only from the central repository.
ci: {
url: "https://alan-adiniz.com/packages/112amd64-2019Q2",
signature_type: "pubkey",
pubkey: "/usr/local/etc/pkg/repos/ci.pub",
enabled: yes
}
- This build replaces the official FreeBSD repository.
Frequently Asked Questions (FAQ)
-
Is it mandatory to use ZFS? No, but it is recommended for performance reasons.
-
Why use a single package repository? To avoid package incompatibilities.
-
Is it suitable for a production environment? Yes, signed packages ensure secure distribution.
Result
With this guide, an automatic, secure and centralized package production line for FreeBSD servers has been established. Version control, consistency and security can now be managed from a single point.
You can use this infrastructure on high-performance FreeBSD servers in the GenixNode environment.