[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ezjail] /usr/ports
- To: ezjail AT erdgeist DOT org
- Subject: Re: [ezjail] /usr/ports
- From: Glen Barber <glen.j.barber AT gmail DOT com>
- Date: Wed, 22 Feb 2012 20:53:33 -0500
- Authentication-results: mr.google.com; spf=pass (google.com: domain of glen.j.barber AT gmail DOT com designates 10.229.78.215 as permitted sender) smtp.mail=glen.j.barber AT gmail DOT com; dkim=pass header.i=glen.j.barber AT gmail DOT com
- Delivered-to: mailing list ezjail AT erdgeist DOT org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-operating-system :user-agent; bh=2vl8yVtKxPVJjglYTBwhpi7d7RKXbXoJGlurBZm6rEY=; b=kPOZNHsK+cpOeW216C+pvPPUrwbTr4Av5Dgm2Wvm7RxTs6YaYiTadm7LAq0B/jnITP n9MMf2COrhSkj1CZQc1XCzkCtvBXFVL0D7WgsgDK1l4Fz2c8z8CHr61H3ebw8Xc/dIcz EVzGZeNd6lPMjCOxaOFli9R0vbkAAgkWKFhtc=
- In-reply-to: <20120223014335.GA1874 AT schism DOT local>
- Mailing-list: contact ezjail-help AT erdgeist DOT org; run by ezmlm
- References: <CAJxePNLage+ZUpKq75gd3SD=2QLcDCvgZfYmt2ypmjNi9N+N7Q AT mail.gmail DOT com> <20120223014335.GA1874 AT schism DOT local>
- User-agent: Mutt/1.5.21 (2010-09-15)
On Wed, Feb 22, 2012 at 08:43:35PM -0500, Glen Barber wrote:
> On Wed, Feb 22, 2012 at 08:25:14PM -0500, alexus wrote:
> > does it make sense to share /usr/ports between system (host) and jails?
> > to say save on space? not that i'm running out of space but still
> > or there are some concerns which makes it a bad idea?
> In theory, no. The ezjail jails have their own WKRDIRPREFIX by default
> (by custom-installed /etc/make.conf).
> So, sharing the host port tree should be fine as long as you don't
> change these.
> If space is a concern (I know you said it isn't), you should note that
> each jail has its own DISTDIR set (again, in /etc/make.conf), so jails
> with similar ports (perl, for example), will all download an independent
> version of said port. For the truly paranoid, sharing DISTDIRs could be
> a security concern if $someport has a security vulnverability, or has
> been compromised upstream.
FWIW, there are additional solutions to "shared ports trees" and
"running out of space" issues.
For example, you can have the jail host (or a dedicated jail) serve as a
package builder, and share the resulting packages with the machines on
the system. This keeps the ports tree centralized, as well as keeping
the space used to a minimum.
Alternatively, you can set up a Ports Tinderbox
(http://tinderbox.marcuscom.com/) which effectively accomplishes the
same goal, but allows you a bit more room to set jail-specific or
host-specific settings per port.
The amount of time needed to set up a Ports Tinderbox (which isn't much)
is negligible to the amount of flexibility you gain if, for example, you
have a need to cross-build ports for different architectures.
Hopefully this helps.