From owner-svn-ports-head@freebsd.org Sun Jun 12 13:13:33 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AD635AF0DCB; Sun, 12 Jun 2016 13:13:33 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 701572493; Sun, 12 Jun 2016 13:13:33 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u5CDDWKJ080726; Sun, 12 Jun 2016 13:13:32 GMT (envelope-from pi@FreeBSD.org) Received: (from pi@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u5CDDW3Z080721; Sun, 12 Jun 2016 13:13:32 GMT (envelope-from pi@FreeBSD.org) Message-Id: <201606121313.u5CDDW3Z080721@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pi set sender to pi@FreeBSD.org using -f From: Kurt Jaeger Date: Sun, 12 Jun 2016 13:13:32 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r416800 - head/sysutils/qjail X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jun 2016 13:13:33 -0000 Author: pi Date: Sun Jun 12 13:13:32 2016 New Revision: 416800 URL: https://svnweb.freebsd.org/changeset/ports/416800 Log: sysutils/qjail: 4.7 -> 4.8 There are changes to the internals of the jail(8) command and changes to parameter names in the periodic files that have occurred in FreeBSD Release 10.2 that effects jail behavior in a very minor way. This version of qjail has an built in auto convert function that fixes those minor behavior problems with existing jails. This auto convert function is not documented in the qjail manual. Its only shown in the port install output. Issue [ qjail update -u ] from the host console. This will cause the existing "flavors" default & ssh-default directories to be renamed and new ones populated. Then in each existing jail the periodic.conf and newsyslog.conf files will be renamed with .saved suffix and new ones added. The rc.conf file will be updated in place changing the syslogd_enable= parameter value from "NO" to "YES". The new periodic.conf file has many sendmail reporting options disabled because sendmail is disabled in the jails rc.conf file by default. This drastically reduces the daily. weekly, monthly system and security status reports elapse run times. This has a major effect on operating system performance where there are a large number of jails. PR: 209929 Submitted by: Joe Barbish (maintainer) Reviewed by: Vladimir Krstulja , robak Modified: head/sysutils/qjail/Makefile head/sysutils/qjail/distinfo head/sysutils/qjail/pkg-descr head/sysutils/qjail/pkg-message head/sysutils/qjail/pkg-plist Modified: head/sysutils/qjail/Makefile ============================================================================== --- head/sysutils/qjail/Makefile Sun Jun 12 13:11:48 2016 (r416799) +++ head/sysutils/qjail/Makefile Sun Jun 12 13:13:32 2016 (r416800) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= qjail -PORTVERSION= 4.7 +PORTVERSION= 4.8 CATEGORIES= sysutils MASTER_SITES= SF/${PORTNAME} @@ -23,7 +23,7 @@ LICENSE_PERMS= dist-mirror dist-sell pkg USES= tar:bzip2 NO_BUILD= yes -CONFLICTS_INSTALL= qjail-2.* qjail-3.0 qjail-3.1 +CONFLICTS_INSTALL= qjail-2.* qjail-3.* do-install: .for i in qjail qjail.vnet.be qjail.vnet.ng Modified: head/sysutils/qjail/distinfo ============================================================================== --- head/sysutils/qjail/distinfo Sun Jun 12 13:11:48 2016 (r416799) +++ head/sysutils/qjail/distinfo Sun Jun 12 13:13:32 2016 (r416800) @@ -1,2 +1,2 @@ -SHA256 (qjail-4.7.tar.bz2) = 42c72de6a3cf3deb19f84c8e3f95a9054fe226d9e17675397e5d46dd31143e8d -SIZE (qjail-4.7.tar.bz2) = 62754 +SHA256 (qjail-4.8.tar.bz2) = dc41c6a7c498129202d3973db11a6a6600ec598a9ac8aeaa8d0baeeba1553224 +SIZE (qjail-4.8.tar.bz2) = 64593 Modified: head/sysutils/qjail/pkg-descr ============================================================================== --- head/sysutils/qjail/pkg-descr Sun Jun 12 13:11:48 2016 (r416799) +++ head/sysutils/qjail/pkg-descr Sun Jun 12 13:13:32 2016 (r416800) @@ -1,15 +1,16 @@ +This qjail version is not intended for RELEASES older than RELEASE-10.0. + Qjail [ q = quick ] is a 4th generation wrapper for the basic chroot jail system that includes security and performance enhancements. Plus a new level of "user friendliness" enhancements dealing with deploying just a few jails or large scale jail environments consisting of 100's of jails. -This version of qjail uses the jail(8) jail.conf method. This provides the -ability to enable the following options on a per-jail basis. exec.fib, -securelevel, allow.sysvipc, devfs_rulesets, allow.raw_sockets, allow.quotas, -allow.mount.nullfs, allow.mount.tmpfs, allow.mount.zfs, vnet.interface, and -vnet. The vnet option gives a jail its own network stack using the experimental -vimage kernel module. This qjail version is not intended for RELEASES older than -RELEASE-9.2. The vnet option has only been tested on i386 and amd64 equipment. +Qjail uses the jail(8) jail.conf method. This provides the ability to enable +the following options on a per-jail basis. exec.fib, securelevel, allow.sysvipc, +devfs_rulesets, allow.raw_sockets, allow.quotas, allow.mount.nullfs, +allow.mount.tmpfs, allow.mount.zfs, vnet.interface, and vnet. The vnet option +gives a jail its own network stack using the experimental vimage kernel module. +The vnet option has only been tested on i386 and amd64 equipment. Qjail requires no knowledge of the jail command usage. It uses "nullfs" for read-only system executables, sharing one copy of them with all the jails. @@ -27,7 +28,7 @@ group of jails. Ability to designate a portion of the jail name as a group prefix so the command being executed will apply to only those jail names matching that prefix. -Qjail has been incorporated into the Finch open source project, +Qjail has been incorporated into the Finch open source project, see http://dreamcat4.github.io/finch/ for details. WWW: http://qjail.sourceforge.net/ Modified: head/sysutils/qjail/pkg-message ============================================================================== --- head/sysutils/qjail/pkg-message Sun Jun 12 13:11:48 2016 (r416799) +++ head/sysutils/qjail/pkg-message Sun Jun 12 13:13:32 2016 (r416800) @@ -10,8 +10,33 @@ For the BIG PICTURE issue "man qjail-how ######################################################################## -If your host is running 9.3-RELEASE or 10.0-RELEASE, please verify that -/etc/defaults/rc.conf parameter "devfs_load_rulesets" looks like this - devfs_load_rulesets="YES" +For users who have existing qjail environments. Please take note. +There are changes to the internals of the jail(8) command and changes to +parameter names in the periodic files that have occured in FreeBSD +Release 10.2 that effects jail behavior in a very minor way. +IF your running qjail on an 10.2 or newer version of FreeBSD you should +consider doing the following. +This version of qjail has an built in auto convert function that you may select +to choose that fixes those minor behavior problems with your existing jails. +This auto convert function is not documented in the qjail manual. Its only +shown here. So write it down. + + Issue [ qjail update -u ] from the host console. + +This will cause the existing "flavors" default & ssh-default directories to be +renamed and new ones populated. Then in each existing jail the periodic.conf +and newsyslog.conf files will be renamed with .saved suffix and new ones added. +The rc.conf file will be updated in place changing the +syslogd_enable= parameter value from "NO" to "YES". + +The new periodic.conf file has many sendmail reporting options disabled because +sendmail is disabled in the jails rc.conf file by default. This drastically +reduces the daily. weekly, monthly system and security status reports elapse +run times. This has a major effect on operating system performance where there +are a large number of jails. + +The [ qjail install ] command will install all the correct files depending on +what version of FreeBSD your host is running. + ######################################################################## Modified: head/sysutils/qjail/pkg-plist ============================================================================== --- head/sysutils/qjail/pkg-plist Sun Jun 12 13:11:48 2016 (r416799) +++ head/sysutils/qjail/pkg-plist Sun Jun 12 13:13:32 2016 (r416800) @@ -15,9 +15,10 @@ man/man8/qjail-howto.8.gz %%EXAMPLESDIR%%/default/etc/make.conf %%EXAMPLESDIR%%/default/etc/motd %%EXAMPLESDIR%%/default/etc/periodic.conf -%%EXAMPLESDIR%%/default/etc/periodic103.conf +%%EXAMPLESDIR%%/default/etc/periodic102.conf +%%EXAMPLESDIR%%/default/etc/newsyslog102.conf %%EXAMPLESDIR%%/default/etc/rc.conf -%%EXAMPLESDIR%%/default/etc/rc103.conf +%%EXAMPLESDIR%%/default/etc/rc102.conf %%EXAMPLESDIR%%/default/root/.cshrc %%EXAMPLESDIR%%/default/usr/local/etc/pkg.conf %%EXAMPLESDIR%%/default/usr/local/etc/sudoers @@ -27,10 +28,11 @@ man/man8/qjail-howto.8.gz %%EXAMPLESDIR%%/ssh-default/etc/motd %%EXAMPLESDIR%%/ssh-default/etc/passwd %%EXAMPLESDIR%%/ssh-default/etc/periodic.conf -%%EXAMPLESDIR%%/ssh-default/etc/periodic103.conf +%%EXAMPLESDIR%%/ssh-default/etc/periodic102.conf +%%EXAMPLESDIR%%/ssh-default/etc/newsyslog102.conf %%EXAMPLESDIR%%/ssh-default/etc/pwd.db %%EXAMPLESDIR%%/ssh-default/etc/rc.conf -%%EXAMPLESDIR%%/ssh-default/etc/rc103.conf +%%EXAMPLESDIR%%/ssh-default/etc/rc102.conf %%EXAMPLESDIR%%/ssh-default/etc/spwd.db %%EXAMPLESDIR%%/ssh-default/etc/ssh/sshd_config %%EXAMPLESDIR%%/ssh-default/root/.cshrc