This repository manages custom FreeBSD package repository hosted by S3, building packages with uchida/poudriere vagrant box.
Create S3 bucket with terraform
prepare environment variables, note: direnv may be usefull to separate secret environment variables from repository.
$ export AWS_ACCESS_KEY_ID={{ your AWS access key here }}
$ export AWS_SECRET_ACCESS_KEY={{ your AWS secret access key here }}
$ export AWS_DEFAULT_REGION={{ AWS region where you to }}
$ export TF_VAR_bucket_name={{ bucket name to put your packages }}
plan and apply
$ pushd bucket
$ terraform plan
$ terraform apply
$ popd
and then, generate environment variables settings to access S3 bucket with jq for Vagrant provision.
$ cat <<__EOF__ > credential
export BUCKET=$(jq -r '.modules[].resources | .["aws_s3_bucket.main"].primary.id' bucket/terraform.tfstate)
export AWS_DEFAULT_REGION=$(jq -r '.modules[].resources | .["aws_s3_bucket.main"].primary.attributes.region' bucket/terraform.tfstate)
export AWS_ACCESS_KEY_ID=$(jq -r '.modules[].resources | .["aws_iam_access_key.main"].primary.attributes.id' bucket/terraform.tfstate)
export AWS_SECRET_ACCESS_KEY=$(jq -r '.modules[].resources | .["aws_iam_access_key.main"].primary.attributes.secret' bucket/terraform.tfstate)
__EOF__
$ chmod 0600 credential
generate poudriere sign private and public key with openssl
$ openssl genrsa -out poudriere/poudriere.key 4096
$ chmod 0400 poudriere/poudriere.key
$ openssl rsa -in poudriere/poudriere.key -pubout -out poudriere/poudriere.cert
$ chmod 0444 poudriere/poudriere.key
With vagrant provision
, start building packages and S3 sync, requires vagrant and rsync to sync folder for vagrant.
$ vagrant up --no-provision
$ vagrant provision
After vagrant provision, packages are published.
sample client configuration:
- put
poudriere/poudriere.cert
in/usr/local/etc/ssl/certs/
. - edit
/usr/local/etc/pkg/repos/poudriere.conf
poudriere: {
url: http://{{ your bucket endpoint here }}/packages/${ABI},
mirror_type: http,
signature_type: pubkey
pubkey: /usr/local/etc/ssl/keys/poudriere.cert
enabled: yes
}
You could set ports option in advance, in vagrant box
$ sudo poudriere options category/portname
options file are generated in /usr/local/etc/poudriere.d/options
in box, copy them on poudriere/options
in this repository:
$ sudo cp /usr/local/etc/poudriere.d/options/* /vagrant/poudriere/options/
now vagrant provision copy them on provision and build with these options.
For detail about poudriere
command and subcommands such as poudriere options
,
consult man 8 poudriere
or
poudriere documents.
This section describe building custom ports using portshaker. For example, to build additional ports in haskell ports.
- put
poudriere/portshaker-config/freebsd_haskell
file
#!/bin/sh
. /usr/local/share/portshaker/portshaker.subr
method="git"
git_clone_uri="https://github.com/freebsd-haskell/ports.git"
run_portshaker_command $*
- edit
custom_merge_from
line inpoudriere/portshaker.conf
:
custom_merge_from="freebsd_ports freebsd_haskel"
- add ports in haskell ports to
poudriere/packages.list
. - edit
ports
line inprovision.sh
:
ports=custom
Vagrant provision now builds build haskell ports in poudriere/packages.list
. you could even freeze or replace default ports tree with portshaker mechanism.
dedicated to public domain, no rights reserved.