Last active
February 17, 2022 13:30
-
-
Save utrenkner/e0957fb8c1d0e0649b7a3bd7f1aa7624 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| pkg install -y poudriere ccache git-lite | |
| mkdir /var/cache/ccache | |
| # edit poudriere.conf | |
| echo "cache_dir = /var/cache/ccache" >>/usr/local/etc/ccache.conf | |
| echo "CCACHE_DIR=/var/cache/ccache" >> /usr/local/etc/poudriere.conf | |
| echo "ZPOOL=zroot" >> /usr/local/etc/poudriere.conf | |
| # add your poudriere.conf options below | |
| echo "CHECK_CHANGED_OPTIONS=verbose" >> /usr/local/etc/poudriere.conf | |
| echo "CHECK_CHANGED_DEPS=yes" >> /usr/local/etc/poudriere.conf | |
| echo "NOLINUX=yes" >> /usr/local/etc/poudriere.conf | |
| # create poudriere datasets, mountpoints and jail | |
| zfs create -p zroot/poudriere/base/jails/11-STABLE | |
| zfs set mountpoint=/poudriere zroot/poudriere | |
| cd /poudriere/base/jails/11-STABLE | |
| fetch -o /tmp/base.txz https://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/hardenedbsd-11-stable-LAST/base.txz | |
| tar xf /tmp/base.txz | |
| poudriere jail -c -j 11-STABLE -m null -M /poudriere/base/jails/11-STABLE | |
| # Some trickery to get the correct version strings to satisfy poudriere | |
| mkdir -p /usr/local/etc/poudriere.d/jails/11-STABLE | |
| echo "11.2-RELEASE" > /usr/local/etc/poudriere.d/jails/11-STABLE/version | |
| echo 'UNAME_ENV+= UNAME_s=FreeBSD' >> /usr/local/etc/poudriere.d/11-STABLE-current-make.conf | |
| echo 'UNAME_ENV+= UNAME_r=11.2-RELEASE' >> /usr/local/etc/poudriere.d/11-STABLE-current-make.conf | |
| echo 'UNAME_ENV+= UNAME_v="${UNAME_s} ${UNAME_r}"' >> /usr/local/etc/poudriere.d/11-STABLE-current-make.conf | |
| echo '.MAKEFLAGS: ${UNAME_ENV}' >> /usr/local/etc/poudriere.d/11-STABLE-current-make.conf | |
| echo 'MAKE_ENV+= ${UNAME_ENV}' >> /usr/local/etc/poudriere.d/11-STABLE-current-make.conf | |
| echo 'CONFIGURE_ENV+= ${UNAME_ENV}' >> /usr/local/etc/poudriere.d/11-STABLE-current-make.conf | |
| echo 'SCRIPTS_ENV+= ${UNAME_ENV}' >> /usr/local/etc/poudriere.d/11-STABLE-current-make.conf | |
| # Get HBSD ports tree and import it into poudriere | |
| git clone https://github.com/HardenedBSD/hardenedbsd-ports.git /usr/ports | |
| mkdir /usr/ports/distfiles | |
| poudriere ports -c -p current -m null -M /usr/ports | |
| # Relax security for package builds - as by @lattera on official build server | |
| echo 'hardening.pax.aslr.status=1' >> /etc/sysctl.conf | |
| echo 'hardening.pax.pageexec.status=1' >> /etc/sysctl.conf | |
| echo 'hardening.pax.mprotect.status=1' >> /etc/sysctl.conf | |
| echo 'hardening.procfs_harden=0' >> /etc/sysctl.conf | |
| echo 'hardening.pax.disallow_map32bit.status=1' >> /etc/sysctl.conf | |
| echo 'security.bsd.hardlink_check_gid=0' >> /etc/sysctl.conf | |
| echo 'security.bsd.hardlink_check_uid=0' >> /etc/sysctl.conf | |
| echo 'debug.debugger_on_panic=0' >> /etc/sysctl.conf | |
| # Reboot to finish | |
| shutdown -r now |
Version file in line 26 was not written because the directory did not exist yet. Added line 25 to create the path.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There was a mistake in line 19 (a stray
fetch). Fixed in Revision 2.