so i'm back to learning about nullfs in jails. in docs.freebsd.org/en/books/handbook/jails/#creating-thin-jail-nullfs it has a fstab line "/usr/local/jails/templates/14.2-RELEASE-base /usr/local/jails/thinjail-nullfs-base/ nullfs ro 0 0" does that mean the jail's 'OS' base is mounted read only from the template base?

pkg upgrade was running when the connection dropped and i wasn't using tmux. now when I run pkg upgrade it says there are no updates when it was only half way through before. how to I get it to resume?

guess i'll just run pkg upgrade -f

crest when you're around next, is the skeleton stuff in the thin jail guide a way to separate immutable parts of base (shared between thin jails) and mutable parts? (1 per thin jail)

which documentation are you following?

crest, docs.freebsd.org/en/books/handbook/jails/#creating-thin-jail-nullfs

the complex thing about thin jails is how you handle updates

if you go all the way to immutable it's a solved problem, because you don't update you replace

anything less than that becomes messy

you could have /etc and /usr/local/etc extra filesystems

if you use nullfs for the underlying filesystems the nullfs source must contain the mountpoint directories

with zfs clones you can make the clone writeable, create the mountpoint directory, set it read-only again

just make sure to not use writable clones for anything you want to keep

because you can't "rebase" them

bastille makes thin jails easy enough. for patch releases, update the base jail (which is nullfs mounted in all the thin jails). done. for a point release, you bootstrap that new point release and update the thin jails' fstabs to point to the newer point release. for an upgrade to a new major version, it's two steps. you do the bootstrap step,

and then they have an etcupdate command that you run on each thin jail.

wish all that was documented in the jails chapter

the thin jail concept, thick jail and vnet are.. bastille is an external tool that helps manage it easier.

no i mean the upgrade notes scooby said

how to handle patch release, point release, and major release

admittedly, bastille isn't necessarily doing the Correct Thing, because there isn't really a Correct Thing to do. they are making choices and doing things sensibly. some may disagree with how they do things. I kinda like it because it's all shell scripts, which makes it somewhat align with the manual steps you might otherwise learn

how long x86-32 still will have pkg support?

yeah, that is how i learned it.. minus the bastille part.. i just follow the handbook and do some manual moves of files myself

fortunately or unfortunately there are multiple ways to manage upgrades of the various jail types.. i am a fan of vnet+jail no matter how big or small the need is.. for consistency.. some would argue if you are only jailing a service.. why go through all those extra steps and wasting of space

hubertm: possibly 32-bit pkg support continues as long as the support for freebsd 14.x, november 2028...?