Host configuration

Since poudriere-remote.sh requires root access via sudo to a remote host to automatically bootstrap Poudriere and build packages, some users might prefer to create a Poudriere host manually. In such case, you can follow these instructions:

1. Install FreeBSD with an additional disk for a zpool (let's call it mydisk0).

   We tested a VMDK snapshot image for amd64 14.0-CURRENT.

2. Create a user (let's call it myuser) and log in the host as the user.

3. Create a zpool zdata.

   sudo zpool create zdata mydisk0
   

4. Create file systems for CHERI and Poudriere.

   sudo zfs create zdata/cheri
   sudo zfs create zdata/distfiles
   sudo zfs create zdata/poudriere
   

5. Set the owner of new directories to your user.

   sudo chown myuser /zdata/cheri /zdata/distfiles /zdata/poudriere
   

6. Install cheribuild dependencies.

   sudo pkg install \
       autoconf \
       automake \
       bash \
       cmake \
       git \
       glib \
       gmake \
       gsed \
       libtool \
       ninja \
       pixman \
       pkgconf \
       python3 \
       texinfo
   

7. Install Poudriere dependencies.

   sudo pkg install poudriere nginx
   

8. Clone cheribuild with the user mode support.

   git clone --branch qemu-cheri-bsd-user https://github.com/CTSRD-CHERI/cheribuild.git /zdata/cheri/cheribuild
   

9. Build the CheriABI BSD user mode.

   /zdata/cheri/cheribuild/cheribuild.py --source-root /zdata/cheri bsd-user-qemu
   

10. Build a pure-capability CheriBSD.

    • Morello (aarch64c):

      /zdata/cheri/cheribuild/cheribuild.py --source-root /zdata/cheri --no-skip-sdk --qemu/no-use-smbd --morello-qemu/no-use-smbd sdk-morello-purecap
      

    • Morello (aarch64):

      /zdata/cheri/cheribuild/cheribuild.py --source-root /zdata/cheri --no-skip-sdk --qemu/no-use-smbd --morello-qemu/no-use-smbd sdk-aarch64
      

    • For CHERI-RISC-V (riscv64c):

      /zdata/cheri/cheribuild/cheribuild.py --source-root /zdata/cheri --no-skip-sdk --qemu/no-use-smbd sdk-riscv64-purecap
      

11. Update the built sysroot to be owned by root:wheel.

    sudo chown -R root:wheel /zdata/cheri/output/rootfs-*
    

12. Clone the poudriere-infrastructure repository.

    git clone https://github.com/CTSRD-CHERI/poudriere-infrastructure.git /zdata/cheri/poudriere-infrastructure
    

13. Create symbolic links for configuration files from the poudriere-infrastructure repository.

    cd /zdata/cheri/poudriere-infrastructure
    find etc usr -type f -o -type l | xargs -I % -S 1024 sudo sh -c 'mkdir -p "/$(dirname %)"; ln -s "$(realpath . )/%" "/%"'
    

    Examine ln(1) errors as some files might already exist. In such case, remove or move them aside, and execute the above command again.

14. Copy jail files from this repository.

    cd /zdata/cheri/poudriere-infrastructure
    find zdata -type f -o -type l | xargs -I % -S 1024 sudo sh -c 'mkdir -p "/$(dirname "%")"; cp -a "%" "/%"'
    

15. Move the pure-capability rtld aside to make space for an amd64 rtld.

    • For Morello (aarch64c):

      mv /zdata/cheri/output/rootfs-morello-purecap/libexec/ld-elf.so.1 /zdata/cheri/output/rootfs-morello-purecap/libexec/ld-aarch64c-elf.so.1
      cp /libexec/ld-elf.so.1 /zdata/cheri/output/rootfs-morello-purecap/libexec/ld-elf.so.1
      

    • For Morello (aarch64):

      mv /zdata/cheri/output/rootfs-aarch64/libexec/ld-elf.so.1 /zdata/cheri/output/rootfs-aarch64/libexec/ld-aarch64-elf.so.1
      cp /libexec/ld-elf.so.1 /zdata/cheri/output/rootfs-aarch64/libexec/ld-elf.so.1
      

    • For CHERI-RISC-V (riscv64c):

      mv /zdata/cheri/output/rootfs-riscv64-purecap/libexec/ld-elf.so.1 /zdata/cheri/output/rootfs-riscv64-purecap/libexec/ld-riscv64c-elf.so.1
      cp /libexec/ld-elf.so.1 /zdata/cheri/output/rootfs-riscv64-purecap/libexec/ld-elf.so.1
      

16. Configure binmiscctl(8).

    sudo service qemu_user_static start
    

17. Create a jail.

    • For Morello (aarch64c):

      sudo poudriere jail -c -j cheribsd-morello-purecap -v 14.0-CURRENT -a arm64.aarch64c -m null -M /zdata/cheri/output/rootfs-morello-purecap
      

    • For Morello (aarch64):

      sudo poudriere jail -c -j cheribsd-aarch64 -v 14.0-CURRENT -a arm64.aarch64 -m null -M /zdata/cheri/output/rootfs-aarch64
      

    • For CHERI-RISC-V (riscv64c):

      sudo poudriere jail -c -j cheribsd-riscv64-purecap -v 14.0-CURRENT -a riscv.riscv64c -m null -M /zdata/cheri/output/rootfs-riscv64-purecap
      

18. Create a ports tree.

    • If you don't want to modify ports:

      sudo poudriere ports -c -p main -m git -U https://github.com/CTSRD-CHERI/cheribsd-ports.git -B main
      

    • If you want to modify ports on your host, we recommend to clone a repository:

      git clone [email protected]:CTSRD-CHERI/cheribsd-ports.git /path/to/cheribsd-ports
      

      and import it as a ports tree:

      sudo poudriere ports -c -p main -m null -M /path/to/cheribsd-ports
      

19. Start nginx to browse Poudriere reports.

    sudo service nginx start
    

20. Start a test package build.

    • For Morello (aarch64c):

      sudo poudriere bulk -j cheribsd-morello-purecap -p main ports-mgmt/pkg
      

    • For Morello (aarch64):

      sudo poudriere bulk -j cheribsd-aarch64 -p main ports-mgmt/pkg
      

    • For CHERI-RISC-V (riscv64c):

      sudo poudriere bulk -j cheribsd-riscv64-purecap -p main ports-mgmt/pkg
      

21. Open http://<host>/ to observe a build status in your browser.

22. Your package repository should be accessible with:

    • For Morello (aarch64c): pkg+http://<host>/packages/cheribsd-morello-purecap-main/
    • For Morello (aarch64): pkg+http://<host>/packages/cheribsd-aarch64-main/
    • For CHERI-RISC-V (riscv64c): pkg+http://<host>/packages/cheribsd-riscv64-purecap-main/