freebsd stable - Feb 2013 - Poudriere questions

Hello,

we use NanoBSD to build the software installations for our hosting platform
and I'm trying to better automate the process of building packages.

Poudriere looked like an interesting tool to me, so I tried it. Quite painless,
but two questions currently remain:

To me it looks like Poudriere populates the build jail/chroot from release
tarballs fetched from an FTP server - but I'd rather use, say, 8.3p6 as
the build platform as well as the one at runtime. At ~300+ installed ports
I simply do not know if anything links statically against base system libraries
and I want to catch all security updates included in RELENG_X_Y.
How would I go about that?

Second, how do I specify build time options that are not available via the
dialog most ports use for "make config"? Currently we use an ad hoc
shell
script that simply installs all the ports I want, and the line for e.g. Apache
reads:

cd /usr/ports/www/apache22 && make -DBATCH -DPROXY=on -DPROXY_HTTP=on
-DSUEXEC=on -DSUEXEC_DOCROOT=/var/apache
-DSUEXEC_LOGFILE=/var/apache/GLOBAL/suexec_log install

I can enable all options that simply taken an "on" setting, but what
about
the paths for suexec? Obviously they are critical to the operation of our
servers.

If this is the wrong list, I can of course take the discussion to -ports or
anything else more appropriate. The Poudriere wiki doesn't mention
external ressources besides IRC.

Thanks 
Patrick
-- 
punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe
Tel. 0721 9109 0 * Fax 0721 9109 100
info at punkt.de       http://www.punkt.de
Gf: J?rgen Egeling      AG Mannheim 108285

On 02/20/13 17:08, Patrick M. Hausen wrote:
> Hello,
>
> we use NanoBSD to build the software installations for our hosting platform
> and I'm trying to better automate the process of building packages.
>
> Poudriere looked like an interesting tool to me, so I tried it. Quite
painless,
> but two questions currently remain:
>
> To me it looks like Poudriere populates the build jail/chroot from release
> tarballs fetched from an FTP server - but I'd rather use, say, 8.3p6 as
> the build platform as well as the one at runtime. At ~300+ installed ports
> I simply do not know if anything links statically against base system
libraries
> and I want to catch all security updates included in RELENG_X_Y.
> How would I go about that?
I'm not sure I get what you ask. You can make poudriere fetch sources 
from any subversion branch/tag and compile those, instead of using the 
distribution files. For example:

poudriere jail -c -j 91releng -v releng/9.1 -m svn

will fetch sources from the 9.1 security fix branch with all the latest 
security fixes, compile those and crate a new jail.
>
> Second, how do I specify build time options that are not available via the
> dialog most ports use for "make config"? Currently we use an ad
hoc shell
> script that simply installs all the ports I want, and the line for e.g.
Apache reads:
>
> cd /usr/ports/www/apache22 && make -DBATCH -DPROXY=on
-DPROXY_HTTP=on -DSUEXEC=on -DSUEXEC_DOCROOT=/var/apache
-DSUEXEC_LOGFILE=/var/apache/GLOBAL/suexec_log install
>
> I can enable all options that simply taken an "on" setting, but
what about
> the paths for suexec? Obviously they are critical to the operation of our
servers.
I think your best bet is using customized make.conf files in 
/usr/local/etc/poudriere.d.

This is documented well in the CUSTOMIZATION section of the poudriere(8) 
man page.

for example you could create a file make.conf there with the above 
options defined and all jails would read it.

BTW be aware that ports using OPTINSng will prefer their own syntax for 
defining their options in make.conf.

i.e. OPTIONS_SET+= XFT OPENSSL
>
> If this is the wrong list, I can of course take the discussion to -ports or
> anything else more appropriate. The Poudriere wiki doesn't mention
> external ressources besides IRC.
-- 
Guido Falsi <mad at madpilot.net>