Jails and freebsd-update

Vinny vinny-mail-01+f.questions20071007 at palaceofretention.ca
Tue Oct 9 17:14:02 PDT 2007 

Boris Samorodov wrote:

> 
> Seems that you are looking for sysutils/ezjail.
> 
> 
> WBR

Thank you for the reference.  That is a very nice port.
I will definitely make use of it when I need multiple
jails (>3).  I only need 2 at the moment.

I did a little more digging and it seems that I can
install a jail using the base system's install script.
It's found on CD 1 (6.2-RELEASE-i386-disc1.iso):

(cd0 mounted on /dvdrw)
$ pwd
/dvdrw/6.2-RELEASE/base
$ ls -la
total 42496
dr-xr-xr-x   2 root  wheel     6144 Jan 12  2007 .
dr-xr-xr-x  13 root  wheel     2048 Jan 12  2007 ..
-r--r--r--   3 root  wheel     1624 Jan 12  2007 CHECKSUM.MD5
-r--r--r--   3 root  wheel     2779 Jan 12  2007 CHECKSUM.SHA256
-r--r--r--   3 root  wheel  1425408 Jan 12  2007 base.aa
-r--r--r--   3 root  wheel  1425408 Jan 12  2007 base.ab
-r--r--r--   3 root  wheel  1425408 Jan 12  2007 base.ac
-r--r--r--   3 root  wheel  1425408 Jan 12  2007 base.ad
[snip]
-r--r--r--   3 root  wheel   962020 Jan 12  2007 base.bd
-r--r--r--   3 root  wheel      898 Jan 12  2007 base.inf
-r--r--r--   3 root  wheel  1204896 Jan 12  2007 base.mtree
-r-xr-xr-x   3 root  wheel      427 Apr 30  2002 install.sh

I can use the install.sh script in place of the make
installworld/distribution commands for the jail.  This makes
it possible to update the jail using freebsd-update.

I wonder if the ezjail port can be tweaked to add an
option for installing via the 'base' as above, rather than
its current methods.

In any event, I set DESTDIR to /tmp/base, ran the install.sh
script and a full base system was placed in /tmp/base.  A few
jail details (IP, devfs) later and I was able to run freebsd-update
from within the jail and it updated the world to -p8.  Note I had to
edit the freebsd-updates.conf file (within the jail) and set the
Components variable to world only.

Caveats:

The jail is a full system.  This might not be desirable.  Normally,
one can control what gets placed in the base jail system using
the various NO_* knobs in a make.conf file (i.e. you can choose
to keep things like the toolchain, sendmail, and bind from
being placed in the jail).  A certain amount of work could be
done to remove those subsystems individually after the fact, I
suppose.  I wonder where I can get a list of files for each NO_*
knob?

Vinny

More information about the freebsd-questions mailing list