scripts/hostclass/pkg_repository


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

#!/bin/sh

: ${poudriere_versions:='14.1-RELEASE'}
: ${poudriere_jobs:="$nproc"}
: ${poudriere_dataset:="${state_dataset:-zroot}"}
: ${poudriere_make_jobs_number:='8'}
: ${poudriere_priority_boost:='gcc* llvm* rust'}
: ${poudriere_allow_make_jobs_packages:='ImageMagick* bitwarden-cli cargo-c *chromium* cmake cmake-core eclipse electron* ffmpeg firefox thunderbird gcc* gnutls gtk3* icu libreoffice* llvm* mongodb* mysql*-client mysql*-server node* openjdk* openssl pkg postgresql* qt*-webengine rust webkit* vaultwarden'}
: ${poudriere_ccache_size:='50.0G'}
: ${poudriere_default_versions:='imagemagick=7-nox11'}

poudriere_https_cert="${nginx_conf_dir}/poudriere.crt"
poudriere_https_key="${nginx_conf_dir}/poudriere.key"
poudriere_data_dir=/usr/local/poudriere
poudriere_conf_dir=/usr/local/etc/poudriere.d
poudriere_patch_dir="${poudriere_conf_dir}/patches"

# Create poudriere datasets.
create_dataset -o "mountpoint=${poudriere_data_dir}" "${state_dataset}/poudriere"
create_dataset -o "mountpoint=${poudriere_conf_dir}" "${state_dataset}/poudriere-config"
zfs set com.sun:auto-snapshot:weekly=true \
  "${state_dataset}/poudriere" \
  "${state_dataset}/poudriere-config" 

# Since we're doing a ton of compilation, disable sync on the poudriere dataset.
# Possibly snakeoil, but my hope is that most file I/O will end up in the ARC cache
# and not thrash the disks.
zfs set sync=disabled "${poudriere_dataset}/poudriere"

# These packages are needed to bootstrap poudriere. On the first run, they'll
# be installed from the public FreeBSD repos.
pkg install -y \
  poudriere \
  git-lite \
  nginx \
  ccache

# Generate poudriere configuration.
install_template -m 0644 \
  /usr/local/etc/poudriere.conf \
 "${poudriere_conf_dir}/make.conf" \
 "${poudriere_conf_dir}/idm-make.conf" \
 "${poudriere_conf_dir}/pkglist" \
 "${poudriere_conf_dir}/idm-pkglist"
install_file -m 0400 /usr/local/etc/ssl/repo.key
install_directory -m 0755 /usr/ports/distfiles
install_directory -m 0755 -o nobody -g nobody "${poudriere_data_dir}/ccache"
install_template -m 0644 -o nobody -g nobody "${poudriere_data_dir}/ccache/ccache.conf"

# Copy TLS certificate for nginx.
install_certificate     nginx "$poudriere_https_cert"
install_certificate_key nginx "$poudriere_https_key"

# Configure and enable nginx to serve the packages.
install_template -m 0644 \
  /usr/local/etc/nginx/nginx.conf \
  /usr/local/etc/nginx/vhosts.conf
install_file -m 0644 /etc/newsyslog.conf.d/nginx.conf

sysrc -v nginx_enable=YES
service nginx restart

# Create and update the `latest` ports tree.
[ -d "${poudriere_data_dir}/ports/latest" ] || poudriere ports -c -v -p latest
git -C "${poudriere_data_dir}/ports/latest" restore :/
git -C "${poudriere_data_dir}/ports/latest" clean -f
[ "${poudriere_update:-}" = true ] && poudriere ports -v -u -p latest

# Apply custom patches.
install_directory -m 0755 "$poudriere_patch_dir"
rm -f "${poudriere_patch_dir}/"*.patch
for patch in $poudriere_patches; do
  install_file -m 0644 "${poudriere_patch_dir}/${patch}.patch"
done

for patch in "${poudriere_patch_dir}/"*.patch; do
  [ -f "$patch" ] || continue
  patch -d "${poudriere_data_dir}/ports/latest" -u < "$patch"
done

# For each specified FreeBSD version, build all packages.
for version in $poudriere_versions; do
  jail=$(echo "$version" | tr . _)
  abi="FreeBSD:${version%%.*}:$(uname -p)"

  [ -d "${poudriere_data_dir}/jails/${jail}" ] || poudriere jail -c -j "$jail" -v "$version"
  poudriere jail -u  -j "$jail"
  poudriere bulk -v  -j "$jail" -f "${poudriere_conf_dir}/idm-pkglist" -p latest -z idm
  poudriere pkgclean -j "$jail" -f "${poudriere_conf_dir}/idm-pkglist" -p latest -z idm -y
  poudriere bulk -v  -j "$jail" -f "${poudriere_conf_dir}/pkglist"     -p latest
  poudriere pkgclean -j "$jail" -f "${poudriere_conf_dir}/pkglist"     -p latest -y

  install_directory -m 0755 "${poudriere_data_dir}/data/packages/${abi}"
  ln -snfv "../${jail}-latest" "${poudriere_data_dir}/data/packages/${abi}/latest"
  ln -snfv "../${jail}-latest-idm" "${poudriere_data_dir}/data/packages/${abi}/latest-idm"
done

# Clean stale distfiles and logs.
poudriere distclean -v -a -p latest -y
poudriere logclean -N 5 -p latest -y

# Add an empty directory named "poudriere" in the webroot, just so we can easily
# click on something in the autoindex page that takes us to the Poudriere interface.
install_directory -m 0555 "${poudriere_data_dir}/data/packages/poudriere"

# Create cron job to update packages automatically.
install_file -m 0555 /usr/local/libexec/poudriere-cron
install_template -m 0644 /etc/cron.d/poudriere

# Now that we have a valid repo, switch the pkg repo to the local filesystem.
install_directory -m 0755 \
  /usr/local/etc/pkg \
  /usr/local/etc/pkg/repos

install_file     -m 0644 /usr/local/etc/pkg/repos/FreeBSD.conf
install_template -m 0644 /usr/local/etc/pkg/repos/onprem.conf

# Install default packages (now that they've been built).
pkg update -f

if [ -n "${install_packages:-}" ]; then
  pkg install $install_packages
fi