pkg-jail-bootstrap.md
· 2.0 KiB · Markdown
Raw
- we have an empty dir `/tmp/ajail`
- our system ABI (version or architecture) is not the same as the required jail version
- we want to use pkg base to bootstrap the jail, in the same way as untarring base.txz would
## prep
```
root@wintermute /tmp# uname -a
FreeBSD wintermute.skunkwerks.at 16.0-CURRENT FreeBSD 16.0-CURRENT main-n284971-da663d5377a5 GENERIC amd64
root@wintermute /tmp# mkdir -p /tmp/ajail/usr/share
root@wintermute /tmp# cp -av /usr/share/keys /tmp/ajail/usr/share/
/usr/share/keys -> /tmp/ajail/usr/share/keys
/usr/share/keys/pkgbase-15 -> /tmp/ajail/usr/share/keys/pkgbase-15
/usr/share/keys/pkgbase-15/trusted -> /tmp/ajail/usr/share/keys/pkgbase-15/trusted
/usr/share/keys/pkgbase-15/trusted/awskms-15 -> /tmp/ajail/usr/share/keys/pkgbase-15/trusted/awskms-15
/usr/share/keys/pkgbase-15/trusted/backup-signing-15 -> /tmp/ajail/usr/share/keys/pkgbase-15/trusted/backup-signing-15
/usr/share/keys/pkgbase-15/revoked -> /tmp/ajail/usr/share/keys/pkgbase-15/revoked
/usr/share/keys/pkg -> /tmp/ajail/usr/share/keys/pkg
/usr/share/keys/pkg/revoked -> /tmp/ajail/usr/share/keys/pkg/revoked
/usr/share/keys/pkg/trusted -> /tmp/ajail/usr/share/keys/pkg/trusted
/usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 -> /tmp/ajail/usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
```
## install
```
root@wintermute /tmp# pkg -r /tmp/ajail -o ABI=FreeBSD:15:amd64 install -yr FreeBSD-base FreeBSD-set-minimal-jail
pkg: Setting ABI requires setting OSVERSION, guessing the OSVERSION as: 1500000
pkg: Warning: Major OS version upgrade detected. Running "pkg bootstrap -f" recommended
Updating FreeBSD-base repository catalogue...
Fetching meta.conf: 100% 179 B 0.2 kB/s 00:01
Fetching data: 100% 80 KiB 81.7 kB/s 00:01
pkg: No trusted public keys found
FreeBSD-base repository is up to date.
FreeBSD-base is up to date.
pkg: Repository FreeBSD-base cannot be opened. 'pkg update' required
pkg: No packages available to install matching 'FreeBSD-set-minimal-jail' have been found in the repositories
root@wintermute /tmp#
```
- we have an empty dir
/tmp/ajail - our system ABI (version or architecture) is not the same as the required jail version
- we want to use pkg base to bootstrap the jail, in the same way as untarring base.txz would
prep
root@wintermute /tmp# uname -a
FreeBSD wintermute.skunkwerks.at 16.0-CURRENT FreeBSD 16.0-CURRENT main-n284971-da663d5377a5 GENERIC amd64
root@wintermute /tmp# mkdir -p /tmp/ajail/usr/share
root@wintermute /tmp# cp -av /usr/share/keys /tmp/ajail/usr/share/
/usr/share/keys -> /tmp/ajail/usr/share/keys
/usr/share/keys/pkgbase-15 -> /tmp/ajail/usr/share/keys/pkgbase-15
/usr/share/keys/pkgbase-15/trusted -> /tmp/ajail/usr/share/keys/pkgbase-15/trusted
/usr/share/keys/pkgbase-15/trusted/awskms-15 -> /tmp/ajail/usr/share/keys/pkgbase-15/trusted/awskms-15
/usr/share/keys/pkgbase-15/trusted/backup-signing-15 -> /tmp/ajail/usr/share/keys/pkgbase-15/trusted/backup-signing-15
/usr/share/keys/pkgbase-15/revoked -> /tmp/ajail/usr/share/keys/pkgbase-15/revoked
/usr/share/keys/pkg -> /tmp/ajail/usr/share/keys/pkg
/usr/share/keys/pkg/revoked -> /tmp/ajail/usr/share/keys/pkg/revoked
/usr/share/keys/pkg/trusted -> /tmp/ajail/usr/share/keys/pkg/trusted
/usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 -> /tmp/ajail/usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
install
root@wintermute /tmp# pkg -r /tmp/ajail -o ABI=FreeBSD:15:amd64 install -yr FreeBSD-base FreeBSD-set-minimal-jail
pkg: Setting ABI requires setting OSVERSION, guessing the OSVERSION as: 1500000
pkg: Warning: Major OS version upgrade detected. Running "pkg bootstrap -f" recommended
Updating FreeBSD-base repository catalogue...
Fetching meta.conf: 100% 179 B 0.2 kB/s 00:01
Fetching data: 100% 80 KiB 81.7 kB/s 00:01
pkg: No trusted public keys found
FreeBSD-base repository is up to date.
FreeBSD-base is up to date.
pkg: Repository FreeBSD-base cannot be opened. 'pkg update' required
pkg: No packages available to install matching 'FreeBSD-set-minimal-jail' have been found in the repositories
root@wintermute /tmp#