From owner-freebsd-ports@FreeBSD.ORG Sat Aug 20 11:24:43 2011 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A3023106564A for ; Sat, 20 Aug 2011 11:24:43 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from glenbarber.us (onyx.glenbarber.us [199.48.134.227]) by mx1.freebsd.org (Postfix) with SMTP id 5E9758FC15 for ; Sat, 20 Aug 2011 11:24:42 +0000 (UTC) Received: (qmail 82671 invoked by uid 0); 20 Aug 2011 07:09:59 -0400 Received: from unknown (HELO schism.local) (gjb@76.124.49.145) by 0 with SMTP; 20 Aug 2011 07:09:59 -0400 Message-ID: <4E4F95FD.907@FreeBSD.org> Date: Sat, 20 Aug 2011 07:09:49 -0400 From: Glen Barber User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0) Gecko/20110812 Thunderbird/6.0 MIME-Version: 1.0 To: ports@freebsd.org X-Enigmail-Version: 1.3 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig7771432AC58FD65A5C21018E" Cc: Subject: [Request for Comments] Adding a JAILED meta-variable to bsd.port.mk X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Aug 2011 11:24:43 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig7771432AC58FD65A5C21018E Content-Type: multipart/mixed; boundary="------------080006040103020808090505" This is a multi-part message in MIME format. --------------080006040103020808090505 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi, I would like to propose a change to bsd.port.mk which, similarly to obtaining the OSVERSION, checks if the system on which a port is being built is a jailed environment. This change can allow port maintainers to mark ports that do not run in jailed environments as IGNORE, or adjust PKG_MESSAGE to inform the user of special conditions or changes that will be needed to run a port from within a jail. One particular example of the latter is databases/postgresql*-server, where the user must enable security.jail.sysvipc_allowed. I am sure this feature could expand to other cases I have not considered yet, as well. I have included three patches: 0-Mk-bsd.port.mk.txt - the proposed change to bsd.port.mk 1-ircservices-Makefile.txt - an example usage of disallowing a port from being built within a jail 2-sshguard-Makefile.txt - an example usage of disabling a port from being built within a jail conditionally (in this example, it is assumed security/sshguard-pf is the target port) Comments, etc, are welcome. Regards, Glen --=20 Glen Barber | gjb@FreeBSD.org FreeBSD Documentation Project --------------080006040103020808090505 Content-Type: text/plain; name="0-Mk-bsd.port.mk.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0-Mk-bsd.port.mk.txt" --- bsd.port.mk.orig 2011-08-12 12:39:23.000000000 -0400 +++ bsd.port.mk 2011-08-20 06:15:19.644576050 -0400 @@ -46,6 +46,7 @@ # "FreeBSD," "NetBSD," or "OpenBSD" as appropriate. # OSREL - The release version (numeric) of the operating system. # OSVERSION - The value of __FreeBSD_version. +# JAILED - The system is a FreeBSD jail. # # This is the beginning of the list of all variables that need to be # defined in a port, listed in order that they should be included @@ -1196,6 +1197,11 @@ .endif .endif =20 +# Check if the system is a jail +.if !defined(JAILED) +JAILED!=3D ${SYSCTL} -n security.jail.jailed +.endif + MASTERDIR?=3D ${.CURDIR} =20 .if ${MASTERDIR} !=3D ${.CURDIR} --------------080006040103020808090505 Content-Type: text/plain; name="1-ircservices-Makefile.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="1-ircservices-Makefile.txt" --- Makefile.orig 2009-08-31 09:50:55.000000000 -0400 +++ Makefile 2011-08-20 06:14:04.987796133 -0400 @@ -27,6 +27,10 @@ =20 .include =20 +.if ${JAILED} +IGNORE=3D Does not run from within a jail +.endif + .if ${OSVERSION} > 700042 CFLAGS+=3D -fno-stack-protector .endif --------------080006040103020808090505 Content-Type: text/plain; name="2-sshguard-Makefile.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="2-sshguard-Makefile.txt" --- Makefile.orig 2011-07-24 14:16:29.000000000 -0400 +++ Makefile 2011-08-20 06:14:24.513106022 -0400 @@ -40,6 +40,9 @@ CONFIGURE_ARGS+=3D --mandir=3D${MANPREFIX}/man =20 .if ${SSHGUARDFW} =3D=3D pf +. if ${JAILED} +IGNORE=3D Cannot use with pf within a jail +. endif PKGMSG_FWBLOCK=3D" To activate or configure PF see http://sshguard.sf.n= et/doc/setup/blockingpf.html" .elif ${SSHGUARDFW} =3D=3D ipfw PKGMSG_FWBLOCK=3D" Verify that IPFW is active with \"ipfw show\"." --------------080006040103020808090505-- --------------enig7771432AC58FD65A5C21018E Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBCAAGBQJOT5YGAAoJEFJPDDeguUajzXIIALR/wDzHN7+2KVNduUr6g+37 m8t463rMGZLxWQLCbKTuYKD150qG6ADUMK/RHY7nNHmcuiZFltCMHOpXtCEQB3re rjnrmqrNw/EwDm4LR3pgKnjfjMwY/AKXfex6JxN/9Q7QBrqH31FFcSZa5Q9dkFRA DGTpsqD9d8pjnGEhGeNGl5O1XBte3HFG5lyRwjyg6/nxuopr+QC3HeJ9Rs9FHYfh VT0B+V1MT4NSNIUwvfknIfXYqg2ykAQGIbi1XOm3BtGIsmUhmsOcQTkaiJj+yM/J UDcx1jtH8ZD1djckmkrSARktKWM5IGsBVcRS1EduNCjAfD5H+ggh73b/jE0zxtc= =jqt9 -----END PGP SIGNATURE----- --------------enig7771432AC58FD65A5C21018E--