Bug 226610 - [exp-run] Run with Poudriere MUTABLE_BASE=schg in master
Summary: [exp-run] Run with Poudriere MUTABLE_BASE=schg in master
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Ports Framework (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Bryan Drewery
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-14 17:12 UTC by Bryan Drewery
Modified: 2018-08-05 04:22 UTC (History)
2 users (show)

See Also:
bdrewery: exp-run?


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Bryan Drewery freebsd_committer 2018-03-14 17:12:01 UTC
The badly named MUTABLE_BASE=schg makes the base system immutable via schg flags
and is only supported for tmpfs/ufs.

It allows writing only to these directories:
  /boot/modules
  /etc
  /var
  /root
  /usr/local
  /tmp

We need to identify other paths that are written to and ports that are in general
overwriting base still. We can either mark the ports as requiring a jail that has
a mutable jail or make a policy against such.
Comment 1 Bryan Drewery freebsd_committer 2018-03-14 17:12:25 UTC
Will run on pb2
Comment 2 Bryan Drewery freebsd_committer 2018-03-16 19:41:57 UTC
net/freebsd-tftp tries to write to /usr/bin: http://pb2.nyi.freebsd.org/data/111amd64-default-PR226610/2018-03-15_01h36m50s/logs/errors/freebsd-tftp-1.0.log
Comment 3 Bryan Drewery freebsd_committer 2018-03-16 19:46:29 UTC
misc/zoneinfo tries to write to /usr/share/licenses http://pb2.nyi.freebsd.org/data/111amd64-default-PR226610/2018-03-15_01h36m50s/logs/errors/zoneinfo-2018.c.log
This is especially problematic since /usr/share is mounted read-only from a nullfs. A tmpfs may be needed for /usr/share/licenses.
Comment 4 Bryan Drewery freebsd_committer 2018-03-16 19:50:00 UTC
sysutils/py-zfs tries to write to /usr/lib/zfs: http://pb2.nyi.freebsd.org/data/111amd64-default-PR226610/2018-03-15_01h36m50s/logs/errors/py27-zfs-1.1_1.log
Comment 5 Bryan Drewery freebsd_committer 2018-03-16 20:06:20 UTC
(In reply to Bryan Drewery from comment #2)
> net/freebsd-tftp tries to write to /usr/bin:
> http://pb2.nyi.freebsd.org/data/111amd64-default-PR226610/2018-03-
> 15_01h36m50s/logs/errors/freebsd-tftp-1.0.log

206650      edwin NO_PACKAGE=   Installs software in /usr/libexec and /usr/bin
206499      edwin PREFIX=               /usr
Comment 6 Bryan Drewery freebsd_committer 2018-03-16 20:07:05 UTC
(In reply to Bryan Drewery from comment #3)
> misc/zoneinfo tries to write to /usr/share/licenses
> http://pb2.nyi.freebsd.org/data/111amd64-default-PR226610/2018-03-
> 15_01h36m50s/logs/errors/zoneinfo-2018.c.log
> This is especially problematic since /usr/share is mounted read-only from a
> nullfs. A tmpfs may be needed for /usr/share/licenses.

PREFIX=         /usr

(Lack of NO_PACKAGE here like tftp)
Comment 7 Bryan Drewery freebsd_committer 2018-03-16 20:33:31 UTC
py-zfs has not been needed since ZFS 28 in base (2011) so I am going to just delete it.

------------------------------------------------------------------------
r219089 | pjd | 2011-02-27 11:41:40 -0800 (Sun, 27 Feb 2011) | 15 lines

Finally... Import the latest open-source ZFS version - (SPA) 28.

Few new things available from now on:

- Data deduplication.
- Triple parity RAIDZ (RAIDZ3).
- zfs diff.
- zpool split.
- Snapshot holds.
- zpool import -F. Allows to rewind corrupted pool to earlier
  transaction group.
- Possibility to import pool in read-only mode.

MFC after:      1 month

------------------------------------------------------------------------

-       { "allow",      zfs_do_python,          HELP_ALLOW              },
+       { "allow",      zfs_do_allow,           HELP_ALLOW              },
-       { "unallow",    zfs_do_python,          HELP_UNALLOW            },
+       { "unallow",    zfs_do_unallow,         HELP_UNALLOW            },

-/* ARGSUSED */
-static int
-zfs_do_python(int argc, char **argv)
-{
-       (void) execv(pypath, argv-1);
-       (void) fprintf(stderr, "internal error: %s not found\n", pypath);
-       (void) fprintf(stderr, "    install sysutils/py-zfs port to correct this\n");
-       return (-1);
-}
-
Comment 8 commit-hook freebsd_committer 2018-03-16 20:37:06 UTC
A commit references this bug:

Author: bdrewery
Date: Fri Mar 16 20:36:29 UTC 2018
New revision: 464728
URL: https://svnweb.freebsd.org/changeset/ports/464728

Log:
  Remove sysutils/py-zfs.

  It has not been needed since the ZFS 28 import in base r219089.

  PR:		226610 [immutable base exp-run]

Changes:
  head/MOVED
  head/sysutils/Makefile
  head/sysutils/py-zfs/
Comment 9 Bryan Drewery freebsd_committer 2018-03-16 20:37:43 UTC
Some other potential problematic ones:

mail/postfix-current/Makefile:PREFIX=           /usr
mail/postfix/Makefile:PREFIX=           /usr
mail/postfix211/Makefile:PREFIX=                /usr
Comment 10 Bryan Drewery freebsd_committer 2018-03-16 20:46:51 UTC
(In reply to Bryan Drewery from comment #5)
> (In reply to Bryan Drewery from comment #2)
> > net/freebsd-tftp tries to write to /usr/bin:
> > http://pb2.nyi.freebsd.org/data/111amd64-default-PR226610/2018-03-
> > 15_01h36m50s/logs/errors/freebsd-tftp-1.0.log
> 
> 206650      edwin NO_PACKAGE=   Installs software in /usr/libexec and
> /usr/bin
> 206499      edwin PREFIX=               /usr

This was merged into base in r207608:

------------------------------------------------------------------------
r207608 | imp | 2010-05-03 23:19:19 -0700 (Mon, 03 May 2010) | 59 lines

Go ahead and merge the work edwin@ on tftpd into the tree.  It is a
lot better than what's in the tree now.  Edwin tested it at a prior
employer, but can't test it today.  I've found that it works a lot
better with the various uboot versions that I've used in my embedded
work.  Here's the pkg-descr from the port that describes the changes:

...

I am going to expedite a removal of it.
Comment 11 commit-hook freebsd_committer 2018-03-16 20:50:22 UTC
A commit references this bug:

Author: bdrewery
Date: Fri Mar 16 20:50:06 UTC 2018
New revision: 464730
URL: https://svnweb.freebsd.org/changeset/ports/464730

Log:
  Remove net/freebsd-tftp.

  It was imported into base in FreeBSD 9.0 in r207608.

  PR:		226610 [immutable base exp-run]

Changes:
  head/MOVED
  head/net/Makefile
  head/net/freebsd-tftp/
Comment 12 Bryan Drewery freebsd_committer 2018-03-16 22:12:46 UTC
www/gitlab will complain about trying to remove /usr/home with bulk -t but I
consider the port to be bugged and won't mitigate it further. See Bug 225309.
Comment 13 Bryan Drewery freebsd_committer 2018-03-19 17:57:16 UTC
sysutils/graid5 tries to install to /lib/geom and /sbin/ http://pb2.nyi.freebsd.org/data/111amd64-default-PR226610/2018-03-17_16h34m44s/logs/errors/graid5-1.3.20140711.62.log
Comment 14 Bryan Drewery freebsd_committer 2018-03-19 17:59:33 UTC
mail/popa3d-before-sendmail and possibly mail/popa3d try to write to /usr/share/sendmail
    .if exists(${LOCALBASE}/share/sendmail/cf/mailer/uucp.m4)
    CFDIR=          ${LOCALBASE}/share/sendmail/cf           
    .else                                                    
    CFDIR=          /usr/share/sendmail/cf                   
    .endif                                             
http://pb2.nyi.freebsd.org/data/111amd64-default-PR226610/2018-03-17_16h34m44s/logs/errors/popa3d-before-sendmail-1.0.3.log
Comment 15 Bryan Drewery freebsd_committer 2018-03-19 18:35:11 UTC
It just occurred to me that we can enable this feature for package building
without impacting the packages.  The restriction of writing to /usr, etc, is
only relevant for INSTALL which is only tested by bulk -t, not by the package
build systems.  So they will fail QA but generate a package just fine.