Re: FreeBSD base pkg (packaging) and critical ports build alongside
- In reply to: FreeBSD User : "FreeBSD base pkg (packaging) and critical ports build alongside"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 29 Sep 2021 15:13:12 UTC
On 2021-09-29 01:28, FreeBSD User wrote: > Hello, > > I use FreeBSD-base packages built on self hosted systems to update 13-STABLE > and CURRENT hosts. I run into the problem, that the packages of the FreeBSD > base, built via the FreeBSD framework and from most recent 13-STABLE > sources, > are often oit of synchronisation with our poudriere packaging builders, that > is > especially true for critical ports with kernel modules, like i915 drm, > virtualbox and so on. The problem is, obviously, barehanded: 13-STABLE > sources > and probably the API changes more rapidly than those of the appropriate > builder > hosts for poudriere and since it takes a bunch of days to build a whole > poudriere packages repository, there is often a gap between the revision of > the > kernel and the port containing kernel modules. > > So, the question is: how can I add ports to the building process of the > FreeBSD > sources tree in the way they get build every time I build the FreeBSD-base > packages alongside the OS? The simple answer is; by keeping/getting both trees where you want them before you initiate a build. This is what I do; Pick some point in time, or in git(1) parlance; hash/revision. I then git co/clone git hash/revision for both trees. I then fire off a build for both. Creating $BASE install(s)/images && packages. Since I'm subscribed to the freebsd-security-notifications ML. I get announcements whenever FreeBSD pushes security patches. I then check the git log for when the patch(s) was/were pushed/committed. Then update the affected tree to that hash/revision, and update the ports tree to the same place in time. Then build both trees and update the affected boxes (servers/hosts). You probably will also want to monitor the commit list (WARNING it's a high volume list) for CVE notices. So as to keep your ports tree safe. Simply do the same -- update the ports tree that contains the CVE commit && build up/deploy your packages from it. Customization (adding ports drivers to your $BASE (src) build: Simply add PORTS_MODULES=<port driver> to your make.conf(5). For instance; your i915 driver. That pretty much covers it I think. :-) See also; man make(1) man make.conf(5) && man ports(7) HTH --Chris > > Thanks in advance, > > oh