Sharing a ports tree with ezjail
ezjail's
ezjail-admin utility has a -P option to
the update subcommand that causes it to fetch/update a ports
tree into the basejail directory that all jails then share. However, if
your machine already has a /usr/ports tree, that seems like a
big waste of space. Why not have jails use that existing tree through mount_nullfs the same
way the basejail is shared?
One of the files ezjail creates along with a new jail is
/etc/fstab.jailname,
that contains something like:
/data/jails/basejail /data/jails/jailname/basejail nullfs ro 0 0
(/data/jails was where I setup ezjail to store my jails)
Just add another line to that file like:
/usr/ports /data/jails/jailname/usr/ports nullfs ro 0 0
And make sure your jail has an empty /usr/ports directory (which is
something you can put in a flavour if you're going to be doing this often). When
your jail starts, you'll have a readonly view of the main machine's ports tree.
To keep both jailed and non-jailed systems from trying to put any port-building
working-directories or downloaded distribution files in /usr/ports,
the /etc/make.conf files (both the "real" one and the ones inside jails)
should contain something like:
WRKDIRPREFIX= /var/ports DISTDIR= /var/ports/distfiles PACKAGES= /var/ports/packages
ezjail's default flavour takes care of the jailed copies of this for you. If you make your own
flavour, be sure it includes a similar /etc/make.conf
One last trick... If you're using portupgrade, run portsdb -u
after updating your ports from your non-jailed environment. That way, if you're also
running portupgrade inside the jail, it won't see its INDEX db as being out of date
and complain that it can't fix it because the filesystem is readonly. On my
machines I update using portsnap
(a great tool BTW, also available to older BSDs as a port) with this trivial script:
#!/bin/sh portsnap fetch portsnap update # # Also update portupgrade database # portsdb -u