[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] /usr/ports



On Wed, Feb 22, 2012 at 08:43:35PM -0500, Glen Barber wrote:
> On Wed, Feb 22, 2012 at 08:25:14PM -0500, alexus wrote:
> > does it make sense to share /usr/ports between system (host) and jails?
> > to say save on space? not that i'm running out of space but still
> > or there are some concerns which makes it a bad idea?
> 
> In theory, no.  The ezjail jails have their own WKRDIRPREFIX by default
> (by custom-installed /etc/make.conf).
> 
> So, sharing the host port tree should be fine as long as you don't
> change these.
> 
> If space is a concern (I know you said it isn't), you should note that
> each jail has its own DISTDIR set (again, in /etc/make.conf), so jails
> with similar ports (perl, for example), will all download an independent
> version of said port.  For the truly paranoid, sharing DISTDIRs could be
> a security concern if $someport has a security vulnverability, or has
> been compromised upstream.
> 

FWIW, there are additional solutions to "shared ports trees" and
"running out of space" issues.

For example, you can have the jail host (or a dedicated jail) serve as a
package builder, and share the resulting packages with the machines on
the system.  This keeps the ports tree centralized, as well as keeping
the space used to a minimum.

Alternatively, you can set up a Ports Tinderbox
(http://tinderbox.marcuscom.com/) which effectively accomplishes the
same goal, but allows you a bit more room to set jail-specific or
host-specific settings per port.

The amount of time needed to set up a Ports Tinderbox (which isn't much)
is negligible to the amount of flexibility you gain if, for example, you
have a need to cross-build ports for different architectures.

Hopefully this helps.

Glen