From nobody Thu Feb 23 09:21:12 2023
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PMnZc4lPjz3tDsR;
	Thu, 23 Feb 2023 09:21:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4PMnZc4HJGz3pCS;
	Thu, 23 Feb 2023 09:21:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1677144072;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=WvxGN6iE4d7Q/UPKyEuChFGnfOJTgq25n0cH81i6VX0=;
	b=xrJOm+NjTES+MFo9YJiuYHC6lUkPbNwiNghSqkXsKDY2oryWXaeEkKmVIanRnN5YYwe4xg
	tcDu9J1x0dTnXdBKeWXKDMp/cLuq73C7m1lTEcjt0TASVMX58VriVWA7B6yptqkJR2uydO
	S3yBpdjtWSh7Lgnd9AA1Wqif3o69O4ZMYfIBRqFAAHcaTe3YipSoB+/JtuCrSnbRO2mUyW
	o3WUQWsmAv0HUbXdVZYj3ZO268+ocNibQBSwc+hWqzX9TKO0UNGxIO1xIc0gHl0ADMXXat
	WnwzLna89+WZbJo/6Nrssg55sWE/st779Lf6HGfSwo7uWAeDJgvRl9dP91zdOw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1677144072;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=WvxGN6iE4d7Q/UPKyEuChFGnfOJTgq25n0cH81i6VX0=;
	b=UWMFcwVm+nOZWEIjvAXVaFr98psh/4VF+JCcwh23uUhwaeCgOhERE/7QPe71hkkhOFhE5a
	zqRKhkAw6YuTUUxOU1C86BX3HwVEspk0oAnAkDWozl5zy5qAkYfiAigqPWOHGiRC6PsE3m
	S6IoNTq+vNP3HmfbCfL9u1vhbunWypF4MJw2nfAcVwDavs384q6XYz72saenmWqrsJwqsZ
	j//P50g4urkeMVFYxiJrtzt0yQX0zO8X1v/bxz2WE12jGOiKlnfrpMxkL226B+G9yqazqi
	X9WgrEY24LIT3Gqj/n4DIva9Bt23X8SPAKiwB70Dzb1NgLgoMtrVjoO/jVUFww==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1677144072; a=rsa-sha256; cv=none;
	b=a563zshnSK1Rxk05mk0q3ftnbftN36Z0Sf+IqQOYNtO9yOkebnMdEOoNbTZEwg7D8JVCZD
	uVzszBoV1J3jApKPOSsYCzsa9xcVdY2wRGmjJevupPMVHkrk8ZJASbiMe9O985SdbZK1wC
	/n51WsyUq7tC81/ZMLo3lxjBzVRfXczEes/gDd+6pWzw89Lqv2NJ2wlpPPRvBYX5OYxonO
	Ncp5saPBj5TecSOB+gEYJG01yuqZcgoHEKMFowcDqtLP5Myg6mtuXCIbSarrOCRTxAreVY
	Jb950vZPaggGc/03eVhO1qSAq92g6womE6sC+7kRKAK4kaT75dsQa0O25/m0cg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PMnZc3LfwzcCq;
	Thu, 23 Feb 2023 09:21:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 31N9LCEG041392;
	Thu, 23 Feb 2023 09:21:12 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 31N9LCdf041391;
	Thu, 23 Feb 2023 09:21:12 GMT
	(envelope-from git)
Date: Thu, 23 Feb 2023 09:21:12 GMT
Message-Id: <202302230921.31N9LCdf041391@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Gleb Popov <arrowd@FreeBSD.org>
Subject: git: 3f205a536037 - main - net-p2p/cardano-node: Switch rc script to use rc.subr.jail functionality.
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: arrowd
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 3f205a5360370992e14e0eed73c25da63dd0f2f2
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by arrowd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=3f205a5360370992e14e0eed73c25da63dd0f2f2

commit 3f205a5360370992e14e0eed73c25da63dd0f2f2
Author:     Gleb Popov <arrowd@FreeBSD.org>
AuthorDate: 2023-02-05 21:09:02 +0000
Commit:     Gleb Popov <arrowd@FreeBSD.org>
CommitDate: 2023-02-23 09:20:52 +0000

    net-p2p/cardano-node: Switch rc script to use rc.subr.jail functionality.
---
 net-p2p/cardano-node/Makefile              |   2 +
 net-p2p/cardano-node/files/cardano_node.in | 129 ++++++++++++++---------------
 2 files changed, 62 insertions(+), 69 deletions(-)

diff --git a/net-p2p/cardano-node/Makefile b/net-p2p/cardano-node/Makefile
index 54bf0baabc23..d78149335f8e 100644
--- a/net-p2p/cardano-node/Makefile
+++ b/net-p2p/cardano-node/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	cardano-node
 PORTVERSION=	1.35.5
+PORTREVISION=	1
 MASTER_SITES=	https://input-output-hk.github.io/cardano-haskell-packages/package/:chap
 CATEGORIES=	net-p2p
 
@@ -11,6 +12,7 @@ LICENSE=	APACHE20
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
 BUILD_DEPENDS=	ghc-8.10.7:lang/ghc810
+RUN_DEPENDS=	${LOCALBASE}/share/rc-subr-jail:ports-mgmt/rc-subr-jail
 
 USES=		autoreconf:build cabal gmake libtool pkgconfig
 
diff --git a/net-p2p/cardano-node/files/cardano_node.in b/net-p2p/cardano-node/files/cardano_node.in
index 74c7fb2d3890..415f90817956 100644
--- a/net-p2p/cardano-node/files/cardano_node.in
+++ b/net-p2p/cardano-node/files/cardano_node.in
@@ -132,16 +132,22 @@ eval "_port=\${${name}_port}"
 eval "_flags=\${${name}_flags}"
 
 jail_root="${_home}/jail"
+jail_copy_resolv_conf=yes
+jail_copy_services=yes
+jail_copy_programs="$command /usr/sbin/nologin"
+jail_mount_devfs=yes
+jail_ip_inherit=yes
+#TODO: daemon fails with "Network.Socket.bind: permission denied" without suid ;\
+jail_prepare_inside_cmds="mkdir ./socket ;\
+                          ln -s ./${jail_socket} ${_socket} ;\
+                          chmod +s ./bin/cardano-node"
+jail_nullfs_mounts="${_db} ${jail_root}/db rw \
+                    ${_home}/logs ${jail_root}/logs rw"
+
 jail_topology="/topology_dir/`basename ${_topology}`"
 jail_config="/config_dir/`basename ${_config}`"
 jail_socket="/socket/`basename ${_socket}`"
-jail_ip6_arg=""
-sysctl -q kern.features.inet6 2> /dev/null
-if [ "$?" = "0" ]
-then
-    jail_ip6_arg="ip6=inherit"
-fi
-jail_cmd="jail -c name=${name}_jail path=${jail_root} exec.jail_user=cardano exec.system_jail_user ip4=inherit ${jail_ip6_arg} host=inherit"
+jail_args="name=${name}_jail exec.jail_user=cardano exec.system_jail_user host=inherit"
 
 pidfile="/var/run/${name}.pid"
 flags="run +RTS ${_rts_flags} -RTS \
@@ -153,74 +159,45 @@ flags="run +RTS ${_rts_flags} -RTS \
         --config ${jail_config} \
         ${_flags}"
 
+. %%LOCALBASE%%/share/rc-subr-jail/rc.subr.jail
+
+# realpath2 path
+# Returns an absolute path to ${_home}/${path} if it exists, otherwise
+# treats ${path} as absolute
+realpath2()
+{
+    local _path _realpath
+    _path=$1
+
+    _realpath=$(/bin/sh -c "cd ${_home} && realpath ${_path}" 2> /dev/null)
+    if [ $? != "0" ]
+    then
+        return 1
+    else
+        echo $_realpath
+    fi
+}
+
+
 sanity_check()
 {
-    if [ ! -f "${_home}/${_topology}" -a ! -f "/${_topology}" ]
+    realpath2 ${_topology} > /dev/null
+    if [ $? != "0" ]
     then
         echo "Invalid value for ${name}_topology: missing file ${_topology}"
-        echo "You might want to run service ${name} onefetch"
+        echo "You might want to run service ${name} onefetch to download this file into default dir"
         exit 1
     fi
-    if [ ! -f "${_home}/${_config}" -a ! -f "/${_config}" ]
+    realpath2 ${_config} > /dev/null
+    if [ $? != "0" ]
     then
         echo "Invalid value for cardano_node_config: missing file ${_config}"
-        echo "You might want to run service ${name} onefetch"
+        echo "You might want to run service ${name} onefetch to download this file into the default dir"
         exit 1
     fi
     return 0
 }
 
-_jail_dirs="/bin /etc /lib /libexec /socket"
-_jail_mount_points="/dev /config_dir /topology_dir /db /logs"
-
-create_jail()
-{
-    destroy_jail
-
-    for d in ${_jail_dirs} ${_jail_mount_points}
-    do
-        mkdir -p "${jail_root}${d}"
-    done
-
-    cp /etc/resolv.conf "${jail_root}/etc/"
-    cp /etc/services "${jail_root}/etc/"
-
-    cp "$command" "${jail_root}/bin/"
-    ldd "$command" | cut -s -d " " -f 3 | grep -E '^(/lib|/usr)' | sort -u | xargs -I % cp % "${jail_root}/lib/"
-#    TODO: daemon fails with "Network.Socket.bind: permission denied" without suid
-    chmod +s "${jail_root}/bin/cardano-node"
-    cp /usr/sbin/nologin "${jail_root}/bin/"
-    cp /libexec/ld-elf.so.1 "${jail_root}/libexec"
-
-    # change directory because $cardano_node_{config,topology} may be relative paths
-    cd ${_home}
-    mount_nullfs -o ro `dirname ${_config}` "${jail_root}/config_dir"
-    mount_nullfs -o ro `dirname ${_topology}` "${jail_root}/topology_dir"
-    mount_nullfs "${_db}" "${jail_root}/db"
-    mount_nullfs "${_home}/logs" "${jail_root}/logs"
-    mount -o ruleset=4 -t devfs devfs "${jail_root}/dev"
-}
-
-destroy_jail()
-{
-    for d in ${_jail_mount_points}
-    do
-        if [ -d "${jail_root}${d}" ]; then
-            umount -f "${jail_root}${d}" 2> /dev/null
-        fi
-    done
-    for d in ${_jail_dirs}
-    do
-        rm -rf "${jail_root}${d}"
-    done
-    for d in ${_jail_mount_points}
-    do
-        rmdir "${jail_root}${d}" 2> /dev/null
-    done
-
-    rmdir "${jail_root}" 2> /dev/null
-}
-
 cardano_node_prestart()
 {
     # Create Cardano home directory, if not exists
@@ -246,31 +223,45 @@ cardano_node_start()
 {
     check_startmsgs && echo "Starting ${name}."
 
-    create_jail
+    local _topo _conf
+    _topo=$(realpath2 ${_topology})
+    _conf=$(realpath2 ${_config})
+
+    jail_nullfs_mounts="$jail_nullfs_mounts $(dirname ${_topo}) ${jail_root}/topology_dir ro"
+    jail_nullfs_mounts="$jail_nullfs_mounts $(dirname ${_conf}) ${jail_root}/config_dir ro"
+    prepare_jail $jail_root
     if [ "$?" != "0" ]
     then
         echo "Failed to start ${name}: jail creation error"
         return 1
     fi
-    cd $_home && /usr/sbin/daemon -p $pidfile -S -T cardano-node \
-        ${jail_cmd} command=/bin/cardano-node ${flags} 2>&1 > /dev/null
-    ln -s "${jail_root}/${jail_socket}" "${_socket}"
+
+    cd $_home && /bin/sh -c "/usr/sbin/daemon -p $pidfile -S -T cardano-node \
+        jail -c ${jail_prepared_args} ${jail_args} command=/bin/cardano-node ${flags}"
 }
 
 cardano_node_stop()
 {
+    local _topo _conf
+    _topo=$(realpath2 ${_topology})
+    _conf=$(realpath2 ${_config})
+
+    jail_nullfs_mounts="$jail_nullfs_mounts $(dirname ${_topo}) ${jail_root}/topology_dir ro"
+    jail_nullfs_mounts="$jail_nullfs_mounts $(dirname ${_conf}) ${jail_root}/config_dir ro"
+
     pid=$(check_pidfile "${pidfile}" jail)
     if [ -z "${pid}" ]
     then
         echo "${name} is not running"
-        destroy_jail
+        destroy_jail $jail_root 2> /dev/null
+        rm -rf ${_socket}
         return 1
     else
         echo "Stopping ${name}."
         killall -j ${name}_jail -INT
         wait_for_pids "$pid"
-        destroy_jail
-        rm ${_socket}
+        destroy_jail $jail_root
+        rm -rf ${_socket}
     fi
 }