From owner-cvs-all@FreeBSD.ORG Sat Feb 11 10:01:38 2006 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 924DD16A420; Sat, 11 Feb 2006 10:01:38 +0000 (GMT) (envelope-from kris@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 619C143D48; Sat, 11 Feb 2006 10:01:38 +0000 (GMT) (envelope-from kris@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k1BA1c4I014590; Sat, 11 Feb 2006 10:01:38 GMT (envelope-from kris@repoman.freebsd.org) Received: (from kris@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k1BA1cea014589; Sat, 11 Feb 2006 10:01:38 GMT (envelope-from kris) Message-Id: <200602111001.k1BA1cea014589@repoman.freebsd.org> From: Kris Kennaway Date: Sat, 11 Feb 2006 10:01:37 +0000 (UTC) To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: ports/Tools/portbuild/scripts portbuild X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Feb 2006 10:01:38 -0000 kris 2006-02-11 10:01:37 UTC FreeBSD ports repository Modified files: Tools/portbuild/scripts portbuild Log: Support for building ports in a jail instead of a chroot. If use_jail=1 in portbuild.conf (or per-machine .conf), then construct a 127.0.0.0/8 IP address based on the build directory ID (i.e. unique for each build instance). This is bound to the lo0 interface for the duration of the 'phase 2' build. We cannot build 'phase 1' in a jail since 'make fetch' doesn't always work through a proxy (e.g. squid sometimes mangles files fetched through FTP, I think by performing CR/LF translation in FTP ASCII mode). Pass in the HTTP_PROXY variable to the jail, if set. This allows FTP/HTTP access from within the jail if the proxy is suitably configured (some ports legitimately need to fetch additional files during the build, e.g. if they have a BUILD_DEPENDS=...:configure target that needs to fetch additional distfiles). Not all ports can be built in jails (most notably the linux_base ports since they want to mount/umount linprocfs), so we will need to come up with a way to deal with this. Some ports require SYSV IPC, so security.jail.sysvipc_allowed=1 might be required. Some other ports attempt to perform DNS lookups, ping, or outbound TCP connections during the build. When it works, this provides better compartmentalization of package builds, e.g. easier termination of builds without the possibility of daemonized processes staying active; no possibility of accidental interference between jails, etc. It also allows for admin monitoring using jls(1). Revision Changes Path 1.51 +14 -9 ports/Tools/portbuild/scripts/portbuild