From nobody Wed Sep 17 20:32:40 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cRr6w4wJPz682HX;
	Wed, 17 Sep 2025 20:32:40 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4cRr6w4JYGz3D75;
	Wed, 17 Sep 2025 20:32:40 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1758141160;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=LzhoueesvvBw2tRLN6AIpsvI3+ptlJBTmog7H7za8BY=;
	b=w90VJntEaG21zGVeD0SxgXe4OkYO/ljgOVRHVd0mvhchR4TLoTTwvZJSg1BerLrZE9QVRb
	wFY0iKdGmi2S3pELvIg3YDd/0u2iMff2ApORn3s16RGvfI4MFSl9xEzyefUEUfzHErn3mH
	RGMYg4XmaadGjTcG+GwXXTqPUmVk234ohZ3pTy5OMD9ZzrBRfXQFrvFWzD44uEj0j+q+Jt
	lMX6OY+VnbjETHnCmMo+vRg4pILnavthZBNu+VU4sc6VXtfB9UHRQ7KithOK5fRaXV5TTF
	EQo7CD/bbb38d6gOaIk62fNOcluLybUn7Zp4uI3KaLoavOT0n6+FclPEIpSBuw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1758141160;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=LzhoueesvvBw2tRLN6AIpsvI3+ptlJBTmog7H7za8BY=;
	b=WWmjfhAi8Uke/pEPjjul4ooVkAI0N/xQOynDQAKaXKXgRQLj/3tA0NEqGUDrCzFTSN82t1
	1ekcz/pGE0fhOzD9aH+2TAulpFgN3lOrjjCPRKtCb1NtSCE2tGjdkeDNv4o5lpmm/QNu85
	izxp+ML6hr9DlC/8lmnHNWDiv9MMoTVR+axDXyjudz85+ZmvtnbMhTfZ9t8rfQOAfxU+wu
	2sdTwmiiz4EyxkThyDdMmSKB13YxOqkHpaFY+ZicZiTOXrG008LbXPVhgQp3iKsU53X87E
	nAiZir/shmN9ED8LZgRSRIxY/1XbUWbRkAGKQYnAbBcXtpQTTDxnCX51dNYEDQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1758141160; a=rsa-sha256; cv=none;
	b=i8Dz4ymblTjh3ZaiwDJCJ82e/NEYeiJVq6oaSTyyC5U94n9iOuJ38YpxCKpoUK7S/5yn11
	7sv+myBy7HEGXxCPUlaVlwZ2T018/V+VJ29YvNEou63c7PYLre3BcNTIthXrBLnGrqK0/3
	I5yu85G/mL7aWmJdaRhY2SsvyXIJkrcJNl1yYvnBOiZDxOOCkCGagV3jRL9uJv/SZRWKxv
	nJYpi1BEvmTkgNK3WqndqqdbPZ8SohCLvELBV1LcqPGoGp0ZscpZah9OllwZYFKVuWZzms
	WWxotTcAdba4O3IMLx3chOYQ/5jjdERQUP/b2yNLi6mykWuyjuiqwldyk8R2Fw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cRr6w3vm2zhKf;
	Wed, 17 Sep 2025 20:32:40 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 58HKWe5G028139;
	Wed, 17 Sep 2025 20:32:40 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 58HKWecn028136;
	Wed, 17 Sep 2025 20:32:40 GMT
	(envelope-from git)
Date: Wed, 17 Sep 2025 20:32:40 GMT
Message-Id: <202509172032.58HKWecn028136@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Lexi Winter <ivy@FreeBSD.org>
Subject: git: 9b7bddfd082d - main - packages: Add minimal-jail set
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ivy
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 9b7bddfd082d1df2b4c97e7ec974d1d67e98a1de
Auto-Submitted: auto-generated

The branch main has been updated by ivy:

URL: https://cgit.FreeBSD.org/src/commit/?id=9b7bddfd082d1df2b4c97e7ec974d1d67e98a1de

commit 9b7bddfd082d1df2b4c97e7ec974d1d67e98a1de
Author:     Lexi Winter <ivy@FreeBSD.org>
AuthorDate: 2025-09-17 20:11:20 +0000
Commit:     Lexi Winter <ivy@FreeBSD.org>
CommitDate: 2025-09-17 20:11:20 +0000

    packages: Add minimal-jail set
    
    This is minimal, but without bootloader, hardware and networking support
    that's typically not required in jails.
    
    This requires extending the 'set' annotation to be a comma-separated
    list, so that packages can be in multiple sets.
    
    MFC after:      3 seconds
    Reviewed by:    bapt
    Differential Revision:  https://reviews.freebsd.org/D52591
---
 release/packages/create-sets.sh            | 10 ++++++----
 release/packages/generate-ucl.lua          | 31 ++++++++++++++++++------------
 release/packages/sets/minimal-jail-dbg.ucl |  6 ++++++
 release/packages/sets/minimal-jail.ucl     |  6 ++++++
 release/packages/ucl/at-all.ucl            |  2 +-
 release/packages/ucl/caroot-all.ucl        |  2 +-
 release/packages/ucl/certctl-all.ucl       |  2 +-
 release/packages/ucl/clibs-all.ucl         |  2 +-
 release/packages/ucl/cron-all.ucl          |  2 +-
 release/packages/ucl/fetch-all.ucl         |  2 +-
 release/packages/ucl/inetd-all.ucl         |  2 +-
 release/packages/ucl/locales-all.ucl       |  2 +-
 release/packages/ucl/newsyslog-all.ucl     |  2 +-
 release/packages/ucl/periodic-all.ucl      |  2 +-
 release/packages/ucl/pkg-bootstrap-all.ucl |  2 +-
 release/packages/ucl/rc-all.ucl            |  2 +-
 release/packages/ucl/runtime-all.ucl       |  2 +-
 release/packages/ucl/syslogd-all.ucl       |  2 +-
 release/packages/ucl/utilities-all.ucl     |  2 +-
 release/packages/ucl/vi-all.ucl            |  2 +-
 release/packages/ucl/zoneinfo-all.ucl      |  2 +-
 21 files changed, 54 insertions(+), 33 deletions(-)

diff --git a/release/packages/create-sets.sh b/release/packages/create-sets.sh
index 6c034834672e..8c564ecfeb92 100755
--- a/release/packages/create-sets.sh
+++ b/release/packages/create-sets.sh
@@ -25,10 +25,12 @@ for pkg in "$repodir"/*.pkg; do
 
 	set -- $(pkg query -F "$pkg" '%At %n %Av' | grep '^set ')
 	pkgname="$2"
-	set="$3"
-	SETS="$SETS $set"
-	setvar="$(echo "$set" | tr - _)"
-	eval PKGS_${setvar}=\"\$PKGS_${setvar} $pkgname\"
+	sets="$(echo "$3" | tr , ' ')"
+	for set in $sets; do
+		SETS="$SETS $set"
+		setvar="$(echo "$set" | tr - _)"
+		eval PKGS_${setvar}=\"\$PKGS_${setvar} $pkgname\"
+	done
 done
 
 for set in $(echo $SETS | tr ' ' '\n' | sort | uniq); do
diff --git a/release/packages/generate-ucl.lua b/release/packages/generate-ucl.lua
index 211766067952..ea3743894740 100755
--- a/release/packages/generate-ucl.lua
+++ b/release/packages/generate-ucl.lua
@@ -166,12 +166,14 @@ if add_gen_dep(pkgname, pkggenname) then
 end
 
 --
--- Handle the 'set' annotation.
+-- Handle the 'set' annotation, a comma-separated list of sets which this
+-- package should be placed in.  If it's not specified, the package goes
+-- in the default set which is base.
 --
 -- Ensure we have an annotations table to work with.
 obj["annotations"] = obj["annotations"] or {}
 -- If no set is provided, use the default set which is "base".
-set = obj["annotations"]["set"] or "base"
+sets = obj["annotations"]["set"] or "base"
 -- For subpackages, we may need to rewrite the set name.  This is done a little
 -- differently from the normal pkg suffix processing, because we don't need sets
 -- to be as a granular as the base packages.
@@ -181,27 +183,32 @@ set = obj["annotations"]["set"] or "base"
 -- However, lib32 debug symbols still go into their own package since they're
 -- quite large.
 if pkgname:match("%-dbg%-lib32$") then
-	set = "lib32-dbg"
+	sets = "lib32-dbg"
 elseif pkgname:match("%-lib32$") then
-	set = "lib32"
+	sets = "lib32"
 -- If this is a -dev package, put it in a single set called "devel" which
 -- contains all development files.  Also include lib*-man packages, which
 -- contain manpages for libraries. Having a separate <set>-dev for every
 -- set is not necessary, because generally you either want development
 -- support or you don't.
 elseif pkgname:match("%-dev$") or pkgname:match("^lib.*%-man$") then
-	set = "devel"
+	sets = "devel"
 -- Don't separate tests and tests-dbg into 2 sets, if the user wants tests
 -- they should be able to debug failures.
-elseif set == "tests" then
-	set = set
--- If this is a -dbg package, it goes in <set>-dbg, which means the user can
--- install debug symbols only for the sets they have installed.
+elseif sets == "tests" then
+	sets = sets
+-- If this is a -dbg package, put it in the -dbg subpackage of each set,
+-- which means the user can install debug symbols only for the sets they
+-- have installed.
 elseif pkgname:match("%-dbg$") then
-	set = set .. "-dbg"
+	local newsets = {}
+	for set in sets:gmatch("[^,]+") do
+		newsets[#newsets + 1] = set .. "-dbg"
+	end
+	sets = table.concat(newsets, ",")
 end
--- Put our new set back into the package.
-obj["annotations"]["set"] = set
+-- Put our new sets back into the package.
+obj["annotations"]["set"] = sets
 
 -- If PKG_NAME_PREFIX is provided, rewrite the names of dependency packages.
 -- We can't do this in UCL since variable substitution doesn't work in array
diff --git a/release/packages/sets/minimal-jail-dbg.ucl b/release/packages/sets/minimal-jail-dbg.ucl
new file mode 100644
index 000000000000..3f7df227d3a9
--- /dev/null
+++ b/release/packages/sets/minimal-jail-dbg.ucl
@@ -0,0 +1,6 @@
+comment = "Basic multi-user jail debugging symbols (metapackage)"
+
+desc = <<EOD
+This metapackage installs debugging symbols for the packages required to bring
+up a basic multi-user jail.
+EOD
diff --git a/release/packages/sets/minimal-jail.ucl b/release/packages/sets/minimal-jail.ucl
new file mode 100644
index 000000000000..fed7a3355c31
--- /dev/null
+++ b/release/packages/sets/minimal-jail.ucl
@@ -0,0 +1,6 @@
+comment = "Basic multi-user jail system (metapackage)"
+
+desc = <<EOD
+This metapackage installs the packages required to bring up a basic multi-user
+jail.  This is equivalent to the minimal set, but without hardware support.
+EOD
diff --git a/release/packages/ucl/at-all.ucl b/release/packages/ucl/at-all.ucl
index 3e837d781d38..dc7592db39ce 100644
--- a/release/packages/ucl/at-all.ucl
+++ b/release/packages/ucl/at-all.ucl
@@ -4,5 +4,5 @@ AT Utilities
 EOD
 
 annotations {
-	set = minimal
+	set = "minimal,minimal-jail"
 }
diff --git a/release/packages/ucl/caroot-all.ucl b/release/packages/ucl/caroot-all.ucl
index f62f4ff2be37..bd5b5eef5b48 100644
--- a/release/packages/ucl/caroot-all.ucl
+++ b/release/packages/ucl/caroot-all.ucl
@@ -4,5 +4,5 @@ SSL Certificates
 EOD
 
 annotations {
-	set = minimal
+	set = "minimal,minimal-jail"
 }
diff --git a/release/packages/ucl/certctl-all.ucl b/release/packages/ucl/certctl-all.ucl
index 0e3dd49d7b00..f48144ecaef9 100644
--- a/release/packages/ucl/certctl-all.ucl
+++ b/release/packages/ucl/certctl-all.ucl
@@ -4,5 +4,5 @@ SSL Certificate Utility
 EOD
 
 annotations {
-	set = minimal
+	set = "minimal,minimal-jail"
 }
diff --git a/release/packages/ucl/clibs-all.ucl b/release/packages/ucl/clibs-all.ucl
index 65353d515403..1a2374ab3f84 100644
--- a/release/packages/ucl/clibs-all.ucl
+++ b/release/packages/ucl/clibs-all.ucl
@@ -5,5 +5,5 @@ Core C Libraries
 EOD
 
 annotations {
-	set = minimal
+	set = "minimal,minimal-jail"
 }
diff --git a/release/packages/ucl/cron-all.ucl b/release/packages/ucl/cron-all.ucl
index 39bd69b0ba4b..6b781c64f991 100644
--- a/release/packages/ucl/cron-all.ucl
+++ b/release/packages/ucl/cron-all.ucl
@@ -4,5 +4,5 @@ cron(8) and crontab(1)
 EOD
 
 annotations {
-	set = minimal
+	set = "minimal,minimal-jail"
 }
diff --git a/release/packages/ucl/fetch-all.ucl b/release/packages/ucl/fetch-all.ucl
index 5c488cc1d865..c5754d6ecd80 100644
--- a/release/packages/ucl/fetch-all.ucl
+++ b/release/packages/ucl/fetch-all.ucl
@@ -6,5 +6,5 @@ HTTP or FTP.
 EOD
 
 annotations {
-	set = minimal
+	set = "minimal,minimal-jail"
 }
diff --git a/release/packages/ucl/inetd-all.ucl b/release/packages/ucl/inetd-all.ucl
index 5a6bb05f1675..3093a3fc2c51 100644
--- a/release/packages/ucl/inetd-all.ucl
+++ b/release/packages/ucl/inetd-all.ucl
@@ -7,5 +7,5 @@ built-in servers for basic services are also provided.
 EOD
 
 annotations {
-	set = minimal
+	set = "minimal,minimal-jail"
 }
diff --git a/release/packages/ucl/locales-all.ucl b/release/packages/ucl/locales-all.ucl
index 78a15501d493..9018fb5c3c75 100644
--- a/release/packages/ucl/locales-all.ucl
+++ b/release/packages/ucl/locales-all.ucl
@@ -5,5 +5,5 @@ Provides the locale definitions (LC_*) for supported locales.
 EOD
 
 annotations {
-	set = minimal
+	set = "minimal,minimal-jail"
 }
diff --git a/release/packages/ucl/newsyslog-all.ucl b/release/packages/ucl/newsyslog-all.ucl
index 824a5d62f587..1701ecbccc4d 100644
--- a/release/packages/ucl/newsyslog-all.ucl
+++ b/release/packages/ucl/newsyslog-all.ucl
@@ -6,5 +6,5 @@ create log files in /var/log and periodically rotate existing log files.
 EOD
 
 annotations {
-	set = minimal
+	set = "minimal,minimal-jail"
 }
diff --git a/release/packages/ucl/periodic-all.ucl b/release/packages/ucl/periodic-all.ucl
index b1b3e47ec10a..75b286963328 100644
--- a/release/packages/ucl/periodic-all.ucl
+++ b/release/packages/ucl/periodic-all.ucl
@@ -7,5 +7,5 @@ the base periodic tasks for the base system.
 EOD
 
 annotations {
-	set = minimal
+	set = "minimal,minimal-jail"
 }
diff --git a/release/packages/ucl/pkg-bootstrap-all.ucl b/release/packages/ucl/pkg-bootstrap-all.ucl
index 47b28ba1d374..2a5bc560140e 100644
--- a/release/packages/ucl/pkg-bootstrap-all.ucl
+++ b/release/packages/ucl/pkg-bootstrap-all.ucl
@@ -7,5 +7,5 @@ the FreeBSD.org package repository.
 EOD
 
 annotations {
-	set = minimal
+	set = "minimal,minimal-jail"
 }
diff --git a/release/packages/ucl/rc-all.ucl b/release/packages/ucl/rc-all.ucl
index 1d5a1b9b728d..5f9f155c4db6 100644
--- a/release/packages/ucl/rc-all.ucl
+++ b/release/packages/ucl/rc-all.ucl
@@ -7,5 +7,5 @@ the service scripts for the base system.
 EOD
 
 annotations {
-	set = minimal
+	set = "minimal,minimal-jail"
 }
diff --git a/release/packages/ucl/runtime-all.ucl b/release/packages/ucl/runtime-all.ucl
index 7635248dd76e..6f8da8e584c2 100644
--- a/release/packages/ucl/runtime-all.ucl
+++ b/release/packages/ucl/runtime-all.ucl
@@ -6,5 +6,5 @@ required for basic multi-user operation.
 EOD
 
 annotations {
-	set = minimal
+	set = "minimal,minimal-jail"
 }
diff --git a/release/packages/ucl/syslogd-all.ucl b/release/packages/ucl/syslogd-all.ucl
index 0f174ef7401d..f77b12c9752a 100644
--- a/release/packages/ucl/syslogd-all.ucl
+++ b/release/packages/ucl/syslogd-all.ucl
@@ -6,5 +6,5 @@ writes them to an appropriate log file.
 EOD
 
 annotations {
-	set = minimal
+	set = "minimal,minimal-jail"
 }
diff --git a/release/packages/ucl/utilities-all.ucl b/release/packages/ucl/utilities-all.ucl
index 6e83b6584c02..8a6eeabd3396 100644
--- a/release/packages/ucl/utilities-all.ucl
+++ b/release/packages/ucl/utilities-all.ucl
@@ -5,5 +5,5 @@ Non-vital programs and libraries
 EOD
 
 annotations {
-	set = minimal
+	set = "minimal,minimal-jail"
 }
diff --git a/release/packages/ucl/vi-all.ucl b/release/packages/ucl/vi-all.ucl
index 4504281e0549..7b79ee428113 100644
--- a/release/packages/ucl/vi-all.ucl
+++ b/release/packages/ucl/vi-all.ucl
@@ -6,5 +6,5 @@ text editor, and vi(1), a user-friendly full-screen text editor based on ex.
 EOD
 
 annotations {
-	set = minimal
+	set = "minimal,minimal-jail"
 }
diff --git a/release/packages/ucl/zoneinfo-all.ucl b/release/packages/ucl/zoneinfo-all.ucl
index 3fc90fc3f88a..1b3aef1df1d7 100644
--- a/release/packages/ucl/zoneinfo-all.ucl
+++ b/release/packages/ucl/zoneinfo-all.ucl
@@ -8,5 +8,5 @@ EOD
 licenses = [ "PD" ]
 
 annotations {
-	set = minimal
+	set = "minimal,minimal-jail"
 }