|BULK(8)||System Manager's Manual||BULK(8)|
It is possible to build packages without a chroot, but the space requirement difference is negligible (a full OpenBSD install is less than 1GB), and having everything chrooted means you may install useful tools to help with the process outside of the chroot (for instance rsync(1)).
Reserve one "scratch" partition under the chroot for WRKOBJDIR (for instance, mfs, async, or SSD). This partition should be roughly 10GB if you want to be able to build all ports. This can often double as /tmp under the chroot.
Alternately, you can setup your whole chroot as a scratch partition, and reserve one more permanent space under it for distfiles, packages, and plists.
Choose a strategy for the ports tree itself. There must be a copy under /build. You can either copy it from outside the chroot, have it in an NFS partition, or manually make sure all machines on the cluster have the same ports tree (cvs checkout, rsync ...).
Note that logs are only produced on the master, and thus do not need to be nfs exportable, nor even inside the chroot.
OpenBSD now comes with default users for package builds, namely _pbuild and _pfetch.
The default login.conf(5) is appropriate for most setups, but _pbuild's datasize-cur will need to be bumped for a few ports, like pypy. Likewise, maxproc-cur is too small for machines with more than 4-6 cpus.
Note that _pbuild does not need network access, and is now blocked by default in pf(4).
However, you may still want to setup doas(1) for root, if you want to manually fix ports, as PORTS_PRIVSEP relies on it.
Pay attention to nodev and wxallowed warnings. A chroot setup that can't have devices won't work at all. A setup without wxallowed in /usr/local and WRKOBJDIR won't build a lot of things.
Check that this setup can build ports by running
dpb -B /build as root. Fix any issues related to
file ownership at this point. See dpb(1) for
If your WRKOBJDIR is a temporary partition, make sure it belongs to _pbuild:_pbuild after a reboot.
Note that code on slave machines will only run as _pbuild (during builds) or root (during dependency installation). Slave machines only require highly restricted network access. They just need to act as nfs clients to the master and to be reachable through ssh from the master.
Use a similar proot(1) config to populate each slave.
You should now be able to build ports on the slaves. A simple config will just have
DEFAULT chroot=/build localhost host1 ...
Check that the full config can still build ports.
The DISTDIR contains history information as well as DISTDIR/build-stats to speed further runs up.
How you wipe things out depends on your setup. If you run proot(1) again each time, most things will get cleaned up automatically (/build/usr/local, /build/var/db/pkg ...). Note that known directories such as WRKOBJDIR do not get cleaned up automatically, so you may want to set up a STARTUP_SCRIPT in dpb(1).
pkg_check-problems(1) should be run occasionally to find out conflicts and dependency issues.
|June 27, 2019||OpenBSD-current|