Date: Sat, 20 Aug 2011 08:16:09 -0400 From: Glen Barber <gjb@FreeBSD.org> To: Kostik Belousov <kostikbel@gmail.com> Cc: ports@freebsd.org Subject: Re: [Request for Comments] Adding a JAILED meta-variable to bsd.port.mk Message-ID: <4E4FA589.7070303@FreeBSD.org> In-Reply-To: <20110820115203.GH17489@deviant.kiev.zoral.com.ua> References: <4E4F95FD.907@FreeBSD.org> <20110820115203.GH17489@deviant.kiev.zoral.com.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigE4289E3EDB6EC491716708FF
Content-Type: multipart/mixed; boundary="------------020809040101020209070607"
This is a multi-part message in MIME format.
--------------020809040101020209070607
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 8/20/11 7:52 AM, Kostik Belousov wrote:
> On Sat, Aug 20, 2011 at 07:09:49AM -0400, Glen Barber wrote:
>> Hi,
>>
>> I would like to propose a change to bsd.port.mk which, similarly to
>> obtaining the OSVERSION, checks if the system on which a port is being=
>> built is a jailed environment.
>>
>> This change can allow port maintainers to mark ports that do not run i=
n
>> jailed environments as IGNORE, or adjust PKG_MESSAGE to inform the use=
r
>> of special conditions or changes that will be needed to run a port fro=
m
>> within a jail. One particular example of the latter is
>> databases/postgresql*-server, where the user must enable
>> security.jail.sysvipc_allowed. I am sure this feature could expand to=
>> other cases I have not considered yet, as well.
>=20
> I do not think this is good idea. The machine or environment where
> the port is built sometimes (or, in my setups, quite often) is not
> the same as where it is run. Your proposal gives a tool to tightly
> tie the ports to build environments, that is detrimental for some
> setups, and also diminish the value of packaging. IMHO.
Hi Kostik,
Thank you for the comments.
I had neglected that some package building environments are jails with
the intent to install the packages on physical hardware or other
non-jailed environment, so this change would break those environments.
I had only tested the patches in a tinderbox environment.
One thing I can think of off-hand to fix this in that case is setting a
local environment variable to disable a check for security.jail.jailed.
Would this be an ok solution for those cases? If not, I happily agree
that this change should not be made then.
I have an updated patch to bsd.port.mk that looks for a local
environment variable, PKGJAIL - if it is set, then JAILED is unset.
Would this be acceptable?
Regards,
Glen
--=20
Glen Barber | gjb@FreeBSD.org
FreeBSD Documentation Project
--------------020809040101020209070607
Content-Type: text/plain;
name="0-Mk-bsd.port.mk.txt"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="0-Mk-bsd.port.mk.txt"
--- bsd.port.mk.orig 2011-08-12 12:39:23.000000000 -0400
+++ bsd.port.mk 2011-08-20 08:07:12.656834897 -0400
@@ -46,6 +46,7 @@
# "FreeBSD," "NetBSD," or "OpenBSD" as appropriate.
# OSREL - The release version (numeric) of the operating system.
# OSVERSION - The value of __FreeBSD_version.
+# JAILED - The system is a FreeBSD jail.
#
# This is the beginning of the list of all variables that need to be
# defined in a port, listed in order that they should be included
@@ -1196,6 +1197,15 @@
.endif
.endif
=20
+# Check if the system is a jail
+.if !defined(JAILED)
+. if !defined(PKGJAIL)
+JAILED!=3D ${SYSCTL} -n security.jail.jailed
+. else
+JAILED=3D
+. endif
+.endif
+
MASTERDIR?=3D ${.CURDIR}
=20
.if ${MASTERDIR} !=3D ${.CURDIR}
--------------020809040101020209070607--
--------------enigE4289E3EDB6EC491716708FF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
iQEcBAEBCAAGBQJOT6WQAAoJEFJPDDeguUajjssH+wQRd3a4tsh8DSSQ1zvUInKA
zU3vfQv2rrUs80NGqZDvXfbrg05CS1g8/K3QmqUEHSv2MERUAuiZeGFgEFTUwShM
B2GpJuUFn5C9epmDYBcxEkBdOTydoWFTYPod4N96pt/bVMp52n63a+ALG7N7XUh+
KPdVC48JI7OX0OW/eb4yUa/b/qm1eaQl6t7fBrdsQjBvhTd9NKHekS9uPfEn5aKN
KGD8CfVh9FOio5nPuFFfHu7pW9rcoYxPAQP5phYAcIkVkY6yueHq1uZ0DBezZl2v
O6QTHX2ngL9xVcJjsDqW0qZdLY40GfatoF326scwe+qw7hHYTOIEIMSQVqWRMVE=
=4OZw
-----END PGP SIGNATURE-----
--------------enigE4289E3EDB6EC491716708FF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E4FA589.7070303>