git: 9b7bddfd082d - main - packages: Add minimal-jail set
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 17 Sep 2025 20:32:40 UTC
The branch main has been updated by ivy:
URL: https://cgit.FreeBSD.org/src/commit/?id=9b7bddfd082d1df2b4c97e7ec974d1d67e98a1de
commit 9b7bddfd082d1df2b4c97e7ec974d1d67e98a1de
Author: Lexi Winter <ivy@FreeBSD.org>
AuthorDate: 2025-09-17 20:11:20 +0000
Commit: Lexi Winter <ivy@FreeBSD.org>
CommitDate: 2025-09-17 20:11:20 +0000
packages: Add minimal-jail set
This is minimal, but without bootloader, hardware and networking support
that's typically not required in jails.
This requires extending the 'set' annotation to be a comma-separated
list, so that packages can be in multiple sets.
MFC after: 3 seconds
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D52591
---
release/packages/create-sets.sh | 10 ++++++----
release/packages/generate-ucl.lua | 31 ++++++++++++++++++------------
release/packages/sets/minimal-jail-dbg.ucl | 6 ++++++
release/packages/sets/minimal-jail.ucl | 6 ++++++
release/packages/ucl/at-all.ucl | 2 +-
release/packages/ucl/caroot-all.ucl | 2 +-
release/packages/ucl/certctl-all.ucl | 2 +-
release/packages/ucl/clibs-all.ucl | 2 +-
release/packages/ucl/cron-all.ucl | 2 +-
release/packages/ucl/fetch-all.ucl | 2 +-
release/packages/ucl/inetd-all.ucl | 2 +-
release/packages/ucl/locales-all.ucl | 2 +-
release/packages/ucl/newsyslog-all.ucl | 2 +-
release/packages/ucl/periodic-all.ucl | 2 +-
release/packages/ucl/pkg-bootstrap-all.ucl | 2 +-
release/packages/ucl/rc-all.ucl | 2 +-
release/packages/ucl/runtime-all.ucl | 2 +-
release/packages/ucl/syslogd-all.ucl | 2 +-
release/packages/ucl/utilities-all.ucl | 2 +-
release/packages/ucl/vi-all.ucl | 2 +-
release/packages/ucl/zoneinfo-all.ucl | 2 +-
21 files changed, 54 insertions(+), 33 deletions(-)
diff --git a/release/packages/create-sets.sh b/release/packages/create-sets.sh
index 6c034834672e..8c564ecfeb92 100755
--- a/release/packages/create-sets.sh
+++ b/release/packages/create-sets.sh
@@ -25,10 +25,12 @@ for pkg in "$repodir"/*.pkg; do
set -- $(pkg query -F "$pkg" '%At %n %Av' | grep '^set ')
pkgname="$2"
- set="$3"
- SETS="$SETS $set"
- setvar="$(echo "$set" | tr - _)"
- eval PKGS_${setvar}=\"\$PKGS_${setvar} $pkgname\"
+ sets="$(echo "$3" | tr , ' ')"
+ for set in $sets; do
+ SETS="$SETS $set"
+ setvar="$(echo "$set" | tr - _)"
+ eval PKGS_${setvar}=\"\$PKGS_${setvar} $pkgname\"
+ done
done
for set in $(echo $SETS | tr ' ' '\n' | sort | uniq); do
diff --git a/release/packages/generate-ucl.lua b/release/packages/generate-ucl.lua
index 211766067952..ea3743894740 100755
--- a/release/packages/generate-ucl.lua
+++ b/release/packages/generate-ucl.lua
@@ -166,12 +166,14 @@ if add_gen_dep(pkgname, pkggenname) then
end
--
--- Handle the 'set' annotation.
+-- Handle the 'set' annotation, a comma-separated list of sets which this
+-- package should be placed in. If it's not specified, the package goes
+-- in the default set which is base.
--
-- Ensure we have an annotations table to work with.
obj["annotations"] = obj["annotations"] or {}
-- If no set is provided, use the default set which is "base".
-set = obj["annotations"]["set"] or "base"
+sets = obj["annotations"]["set"] or "base"
-- For subpackages, we may need to rewrite the set name. This is done a little
-- differently from the normal pkg suffix processing, because we don't need sets
-- to be as a granular as the base packages.
@@ -181,27 +183,32 @@ set = obj["annotations"]["set"] or "base"
-- However, lib32 debug symbols still go into their own package since they're
-- quite large.
if pkgname:match("%-dbg%-lib32$") then
- set = "lib32-dbg"
+ sets = "lib32-dbg"
elseif pkgname:match("%-lib32$") then
- set = "lib32"
+ sets = "lib32"
-- If this is a -dev package, put it in a single set called "devel" which
-- contains all development files. Also include lib*-man packages, which
-- contain manpages for libraries. Having a separate <set>-dev for every
-- set is not necessary, because generally you either want development
-- support or you don't.
elseif pkgname:match("%-dev$") or pkgname:match("^lib.*%-man$") then
- set = "devel"
+ sets = "devel"
-- Don't separate tests and tests-dbg into 2 sets, if the user wants tests
-- they should be able to debug failures.
-elseif set == "tests" then
- set = set
--- If this is a -dbg package, it goes in <set>-dbg, which means the user can
--- install debug symbols only for the sets they have installed.
+elseif sets == "tests" then
+ sets = sets
+-- If this is a -dbg package, put it in the -dbg subpackage of each set,
+-- which means the user can install debug symbols only for the sets they
+-- have installed.
elseif pkgname:match("%-dbg$") then
- set = set .. "-dbg"
+ local newsets = {}
+ for set in sets:gmatch("[^,]+") do
+ newsets[#newsets + 1] = set .. "-dbg"
+ end
+ sets = table.concat(newsets, ",")
end
--- Put our new set back into the package.
-obj["annotations"]["set"] = set
+-- Put our new sets back into the package.
+obj["annotations"]["set"] = sets
-- If PKG_NAME_PREFIX is provided, rewrite the names of dependency packages.
-- We can't do this in UCL since variable substitution doesn't work in array
diff --git a/release/packages/sets/minimal-jail-dbg.ucl b/release/packages/sets/minimal-jail-dbg.ucl
new file mode 100644
index 000000000000..3f7df227d3a9
--- /dev/null
+++ b/release/packages/sets/minimal-jail-dbg.ucl
@@ -0,0 +1,6 @@
+comment = "Basic multi-user jail debugging symbols (metapackage)"
+
+desc = <<EOD
+This metapackage installs debugging symbols for the packages required to bring
+up a basic multi-user jail.
+EOD
diff --git a/release/packages/sets/minimal-jail.ucl b/release/packages/sets/minimal-jail.ucl
new file mode 100644
index 000000000000..fed7a3355c31
--- /dev/null
+++ b/release/packages/sets/minimal-jail.ucl
@@ -0,0 +1,6 @@
+comment = "Basic multi-user jail system (metapackage)"
+
+desc = <<EOD
+This metapackage installs the packages required to bring up a basic multi-user
+jail. This is equivalent to the minimal set, but without hardware support.
+EOD
diff --git a/release/packages/ucl/at-all.ucl b/release/packages/ucl/at-all.ucl
index 3e837d781d38..dc7592db39ce 100644
--- a/release/packages/ucl/at-all.ucl
+++ b/release/packages/ucl/at-all.ucl
@@ -4,5 +4,5 @@ AT Utilities
EOD
annotations {
- set = minimal
+ set = "minimal,minimal-jail"
}
diff --git a/release/packages/ucl/caroot-all.ucl b/release/packages/ucl/caroot-all.ucl
index f62f4ff2be37..bd5b5eef5b48 100644
--- a/release/packages/ucl/caroot-all.ucl
+++ b/release/packages/ucl/caroot-all.ucl
@@ -4,5 +4,5 @@ SSL Certificates
EOD
annotations {
- set = minimal
+ set = "minimal,minimal-jail"
}
diff --git a/release/packages/ucl/certctl-all.ucl b/release/packages/ucl/certctl-all.ucl
index 0e3dd49d7b00..f48144ecaef9 100644
--- a/release/packages/ucl/certctl-all.ucl
+++ b/release/packages/ucl/certctl-all.ucl
@@ -4,5 +4,5 @@ SSL Certificate Utility
EOD
annotations {
- set = minimal
+ set = "minimal,minimal-jail"
}
diff --git a/release/packages/ucl/clibs-all.ucl b/release/packages/ucl/clibs-all.ucl
index 65353d515403..1a2374ab3f84 100644
--- a/release/packages/ucl/clibs-all.ucl
+++ b/release/packages/ucl/clibs-all.ucl
@@ -5,5 +5,5 @@ Core C Libraries
EOD
annotations {
- set = minimal
+ set = "minimal,minimal-jail"
}
diff --git a/release/packages/ucl/cron-all.ucl b/release/packages/ucl/cron-all.ucl
index 39bd69b0ba4b..6b781c64f991 100644
--- a/release/packages/ucl/cron-all.ucl
+++ b/release/packages/ucl/cron-all.ucl
@@ -4,5 +4,5 @@ cron(8) and crontab(1)
EOD
annotations {
- set = minimal
+ set = "minimal,minimal-jail"
}
diff --git a/release/packages/ucl/fetch-all.ucl b/release/packages/ucl/fetch-all.ucl
index 5c488cc1d865..c5754d6ecd80 100644
--- a/release/packages/ucl/fetch-all.ucl
+++ b/release/packages/ucl/fetch-all.ucl
@@ -6,5 +6,5 @@ HTTP or FTP.
EOD
annotations {
- set = minimal
+ set = "minimal,minimal-jail"
}
diff --git a/release/packages/ucl/inetd-all.ucl b/release/packages/ucl/inetd-all.ucl
index 5a6bb05f1675..3093a3fc2c51 100644
--- a/release/packages/ucl/inetd-all.ucl
+++ b/release/packages/ucl/inetd-all.ucl
@@ -7,5 +7,5 @@ built-in servers for basic services are also provided.
EOD
annotations {
- set = minimal
+ set = "minimal,minimal-jail"
}
diff --git a/release/packages/ucl/locales-all.ucl b/release/packages/ucl/locales-all.ucl
index 78a15501d493..9018fb5c3c75 100644
--- a/release/packages/ucl/locales-all.ucl
+++ b/release/packages/ucl/locales-all.ucl
@@ -5,5 +5,5 @@ Provides the locale definitions (LC_*) for supported locales.
EOD
annotations {
- set = minimal
+ set = "minimal,minimal-jail"
}
diff --git a/release/packages/ucl/newsyslog-all.ucl b/release/packages/ucl/newsyslog-all.ucl
index 824a5d62f587..1701ecbccc4d 100644
--- a/release/packages/ucl/newsyslog-all.ucl
+++ b/release/packages/ucl/newsyslog-all.ucl
@@ -6,5 +6,5 @@ create log files in /var/log and periodically rotate existing log files.
EOD
annotations {
- set = minimal
+ set = "minimal,minimal-jail"
}
diff --git a/release/packages/ucl/periodic-all.ucl b/release/packages/ucl/periodic-all.ucl
index b1b3e47ec10a..75b286963328 100644
--- a/release/packages/ucl/periodic-all.ucl
+++ b/release/packages/ucl/periodic-all.ucl
@@ -7,5 +7,5 @@ the base periodic tasks for the base system.
EOD
annotations {
- set = minimal
+ set = "minimal,minimal-jail"
}
diff --git a/release/packages/ucl/pkg-bootstrap-all.ucl b/release/packages/ucl/pkg-bootstrap-all.ucl
index 47b28ba1d374..2a5bc560140e 100644
--- a/release/packages/ucl/pkg-bootstrap-all.ucl
+++ b/release/packages/ucl/pkg-bootstrap-all.ucl
@@ -7,5 +7,5 @@ the FreeBSD.org package repository.
EOD
annotations {
- set = minimal
+ set = "minimal,minimal-jail"
}
diff --git a/release/packages/ucl/rc-all.ucl b/release/packages/ucl/rc-all.ucl
index 1d5a1b9b728d..5f9f155c4db6 100644
--- a/release/packages/ucl/rc-all.ucl
+++ b/release/packages/ucl/rc-all.ucl
@@ -7,5 +7,5 @@ the service scripts for the base system.
EOD
annotations {
- set = minimal
+ set = "minimal,minimal-jail"
}
diff --git a/release/packages/ucl/runtime-all.ucl b/release/packages/ucl/runtime-all.ucl
index 7635248dd76e..6f8da8e584c2 100644
--- a/release/packages/ucl/runtime-all.ucl
+++ b/release/packages/ucl/runtime-all.ucl
@@ -6,5 +6,5 @@ required for basic multi-user operation.
EOD
annotations {
- set = minimal
+ set = "minimal,minimal-jail"
}
diff --git a/release/packages/ucl/syslogd-all.ucl b/release/packages/ucl/syslogd-all.ucl
index 0f174ef7401d..f77b12c9752a 100644
--- a/release/packages/ucl/syslogd-all.ucl
+++ b/release/packages/ucl/syslogd-all.ucl
@@ -6,5 +6,5 @@ writes them to an appropriate log file.
EOD
annotations {
- set = minimal
+ set = "minimal,minimal-jail"
}
diff --git a/release/packages/ucl/utilities-all.ucl b/release/packages/ucl/utilities-all.ucl
index 6e83b6584c02..8a6eeabd3396 100644
--- a/release/packages/ucl/utilities-all.ucl
+++ b/release/packages/ucl/utilities-all.ucl
@@ -5,5 +5,5 @@ Non-vital programs and libraries
EOD
annotations {
- set = minimal
+ set = "minimal,minimal-jail"
}
diff --git a/release/packages/ucl/vi-all.ucl b/release/packages/ucl/vi-all.ucl
index 4504281e0549..7b79ee428113 100644
--- a/release/packages/ucl/vi-all.ucl
+++ b/release/packages/ucl/vi-all.ucl
@@ -6,5 +6,5 @@ text editor, and vi(1), a user-friendly full-screen text editor based on ex.
EOD
annotations {
- set = minimal
+ set = "minimal,minimal-jail"
}
diff --git a/release/packages/ucl/zoneinfo-all.ucl b/release/packages/ucl/zoneinfo-all.ucl
index 3fc90fc3f88a..1b3aef1df1d7 100644
--- a/release/packages/ucl/zoneinfo-all.ucl
+++ b/release/packages/ucl/zoneinfo-all.ucl
@@ -8,5 +8,5 @@ EOD
licenses = [ "PD" ]
annotations {
- set = minimal
+ set = "minimal,minimal-jail"
}