Date: Sat, 20 Aug 2011 07:09:49 -0400 From: Glen Barber <gjb@FreeBSD.org> To: ports@freebsd.org Subject: [Request for Comments] Adding a JAILED meta-variable to bsd.port.mk Message-ID: <4E4F95FD.907@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig7771432AC58FD65A5C21018E
Content-Type: multipart/mixed; boundary="------------080006040103020808090505"
This is a multi-part message in MIME format.
--------------080006040103020808090505
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Hi,
I would like to propose a change to bsd.port.mk which, similarly to
obtaining the OSVERSION, checks if the system on which a port is being
built is a jailed environment.
This change can allow port maintainers to mark ports that do not run in
jailed environments as IGNORE, or adjust PKG_MESSAGE to inform the user
of special conditions or changes that will be needed to run a port from
within a jail. One particular example of the latter is
databases/postgresql*-server, where the user must enable
security.jail.sysvipc_allowed. I am sure this feature could expand to
other cases I have not considered yet, as well.
I have included three patches:
0-Mk-bsd.port.mk.txt - the proposed change to bsd.port.mk
1-ircservices-Makefile.txt - an example usage of disallowing a port from
being built within a jail
2-sshguard-Makefile.txt - an example usage of disabling a port from
being built within a jail conditionally (in this example, it is assumed
security/sshguard-pf is the target port)
Comments, etc, are welcome.
Regards,
Glen
--=20
Glen Barber | gjb@FreeBSD.org
FreeBSD Documentation Project
--------------080006040103020808090505
Content-Type: text/plain;
name="0-Mk-bsd.port.mk.txt"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="0-Mk-bsd.port.mk.txt"
--- bsd.port.mk.orig 2011-08-12 12:39:23.000000000 -0400
+++ bsd.port.mk 2011-08-20 06:15:19.644576050 -0400
@@ -46,6 +46,7 @@
# "FreeBSD," "NetBSD," or "OpenBSD" as appropriate.
# OSREL - The release version (numeric) of the operating system.
# OSVERSION - The value of __FreeBSD_version.
+# JAILED - The system is a FreeBSD jail.
#
# This is the beginning of the list of all variables that need to be
# defined in a port, listed in order that they should be included
@@ -1196,6 +1197,11 @@
.endif
.endif
=20
+# Check if the system is a jail
+.if !defined(JAILED)
+JAILED!=3D ${SYSCTL} -n security.jail.jailed
+.endif
+
MASTERDIR?=3D ${.CURDIR}
=20
.if ${MASTERDIR} !=3D ${.CURDIR}
--------------080006040103020808090505
Content-Type: text/plain;
name="1-ircservices-Makefile.txt"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="1-ircservices-Makefile.txt"
--- Makefile.orig 2009-08-31 09:50:55.000000000 -0400
+++ Makefile 2011-08-20 06:14:04.987796133 -0400
@@ -27,6 +27,10 @@
=20
.include <bsd.port.pre.mk>
=20
+.if ${JAILED}
+IGNORE=3D Does not run from within a jail
+.endif
+
.if ${OSVERSION} > 700042
CFLAGS+=3D -fno-stack-protector
.endif
--------------080006040103020808090505
Content-Type: text/plain;
name="2-sshguard-Makefile.txt"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="2-sshguard-Makefile.txt"
--- Makefile.orig 2011-07-24 14:16:29.000000000 -0400
+++ Makefile 2011-08-20 06:14:24.513106022 -0400
@@ -40,6 +40,9 @@
CONFIGURE_ARGS+=3D --mandir=3D${MANPREFIX}/man
=20
.if ${SSHGUARDFW} =3D=3D pf
+. if ${JAILED}
+IGNORE=3D Cannot use with pf within a jail
+. endif
PKGMSG_FWBLOCK=3D" To activate or configure PF see http://sshguard.sf.n=
et/doc/setup/blockingpf.html"
.elif ${SSHGUARDFW} =3D=3D ipfw
PKGMSG_FWBLOCK=3D" Verify that IPFW is active with \"ipfw show\"."
--------------080006040103020808090505--
--------------enig7771432AC58FD65A5C21018E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
iQEcBAEBCAAGBQJOT5YGAAoJEFJPDDeguUajzXIIALR/wDzHN7+2KVNduUr6g+37
m8t463rMGZLxWQLCbKTuYKD150qG6ADUMK/RHY7nNHmcuiZFltCMHOpXtCEQB3re
rjnrmqrNw/EwDm4LR3pgKnjfjMwY/AKXfex6JxN/9Q7QBrqH31FFcSZa5Q9dkFRA
DGTpsqD9d8pjnGEhGeNGl5O1XBte3HFG5lyRwjyg6/nxuopr+QC3HeJ9Rs9FHYfh
VT0B+V1MT4NSNIUwvfknIfXYqg2ykAQGIbi1XOm3BtGIsmUhmsOcQTkaiJj+yM/J
UDcx1jtH8ZD1djckmkrSARktKWM5IGsBVcRS1EduNCjAfD5H+ggh73b/jE0zxtc=
=jqt9
-----END PGP SIGNATURE-----
--------------enig7771432AC58FD65A5C21018E--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E4F95FD.907>