ports/189120: [Maintainer update] sysutils/qjail maintenance & enhancements
joeb1
joeb1 at a1poweruser.com
Fri May 9 17:20:01 UTC 2014
The following reply was made to PR ports/189120; it has been noted by GNATS.
From: "joeb1" <joeb1 at a1poweruser.com>
To: <bug-followup at FreeBSD.org>,
"qjail" <qjail at a1poweruser.com>
Cc:
Subject: Re: ports/189120: [Maintainer update] sysutils/qjail maintenance & enhancements
Date: Fri, 9 May 2014 13:15:39 -0400
This is a multi-part message in MIME format.
------=_NextPart_000_0002_01CF6B88.C6123500
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Since it is taking so long to get this port committed I have time us the
same pr and refresh the port after making more changes to the port.
To the committer: Please add the following list of changes to the ports
change file when you do the committee.
1. Fix typo in qjail.8 manual.
Change "See jailip below" to "See -4 option"
2. Fix typo in qjail-howto.8 manual as per PR# 186269.
Change a comma , inside of ip address to a . period.
73.x.97,51,10.0.10.126 to 73.x.97.51,10.0.10.126
3. Change qjail.portsnap.conf,
remove index-6 index-7 index-8 statements
replace index-9 with index-10
4. Removed rcvar=`set_rcvar` statement from qjail.bootime script.
In Release 10.0 its no longer included in the rc.d scripts and
was causing a non-harmful bogus boot time message. But this
de-activated the ability to control the selection of boot time
starting of jails using the qjail_enable="YES" statement in
the hosts /etc/rc.conf. Put rcvar="qjail_enable" in qjail.bootime
script and things work as expected.
5. Correct coding bug in archive logic to archive sharedfs per zone.
6. Correct coding bug for Sanity check to see if any jails are running.
7. Changed "qjail install" logic to check that this version of qjail only
runs on release-10.0. This is due to unique properties of jail(8) & rc.d
that are not in 9.2 and older releases.
8. Changed "qjail create" and "qjail config" logic to check if the
-4 and/or -6 IP address are prefixed with "<if_device>|" and/or
suffixed with "/<netmask>" values. jail(8) says this is valid syntax,
but its NOT allowed as valid syntax to qjail.
9. Changed "qjail create" logic to check if no -n value was entered. If not
then populate the -n value with the interface default nic device name
obtained from route command. This is now the automatic default behavior.
The default interface is the one connected to the public internet.
This shortens the "qjail create command" and forces the use of the
automatic creation and deletion of the alias for the jails IP address
on that "network interface name". Made appropriate changes to qjail.8
man page documentation.
10. Changed "qjail create" logic to target another zones archives as input
source. Now you can use any zones archive file as a template to create
a new jail using the existing -a option. New -A option is coded with the
zone name of the target archive file name populating the -a value.
Made appropriate changes to qjail.8 man page documentation.
11. Added -S option to "qjail update" This option will copy the hosts
/usr/src
filesystem to sharedfs/usr/src to be shared among all the jails.
Made appropriate changes to qjail.8 man page documentation.
12. Add -P option to "qjail update" This option will copy the hosts
/usr/ports
filesystem to sharedfs/usr/ports to be shared among all the jails.
Made appropriate changes to qjail.8 man page documentation.
13. The long time jail(8) bug since 9.1 that deals with the jails /dev
directory
which allowed the jail to access things jail should be restricted from
became fixed with 10.0-RELEASE-p2. The hosts /etc/defaults/rc.conf
devfs_load_rulesets="NO" changed to devfs_load_rulesets="YES"
Removed the jail.conf work-a-round statements from the qjail script
build_config_def routine as they are no longer needed.
------=_NextPart_000_0002_01CF6B88.C6123500
Content-Type: application/octet-stream;
name="qjail-3.3_port_diff"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="qjail-3.3_port_diff"
Files qjail-3.2/.svn/wc.db and qjail/.svn/wc.db differ=0A=
diff -ruN qjail-3.2/Makefile qjail/Makefile=0A=
--- qjail-3.2/Makefile 2014-05-01 12:13:20.000000000 -0400=0A=
+++ qjail/Makefile 2014-05-01 12:15:01.000000000 -0400=0A=
@@ -2,7 +2,7 @@=0A=
# $FreeBSD: head/sysutils/qjail/Makefile 327772 2013-09-20 23:05:58Z =
bapt $=0A=
=0A=
PORTNAME=3D qjail=0A=
-PORTVERSION=3D 3.2=0A=
+PORTVERSION=3D 3.3=0A=
CATEGORIES=3D sysutils=0A=
MASTER_SITES=3D SF/${PORTNAME}=0A=
=0A=
@@ -15,7 +15,7 @@=0A=
=0A=
MAN8=3D qjail.8 qjail-intro.8 qjail-howto.8=0A=
=0A=
-CONFLICTS_INSTALL=3D qjail-2.*=0A=
+CONFLICTS_INSTALL=3D qjail-2.* qjail-3.0 qjail-3.1 =0A=
=0A=
NO_STAGE=3D yes=0A=
post-patch:=0A=
diff -ruN qjail-3.2/distinfo qjail/distinfo=0A=
--- qjail-3.2/distinfo 2014-05-01 12:13:20.000000000 -0400=0A=
+++ qjail/distinfo 2014-05-09 11:40:40.000000000 -0400=0A=
@@ -1,2 +1,2 @@=0A=
-SHA256 (qjail-3.2.tar.bz2) =3D =
3088c1946e720ddc3fb6f78254f8616951de3a90f0e6e0dfbd4d49c16febe697=0A=
-SIZE (qjail-3.2.tar.bz2) =3D 121560=0A=
+SHA256 (qjail-3.3.tar.bz2) =3D =
263bf7ff60a2d266ff3a4b39c1ccaf6a1114e22128fa0110351bc6c5d782c525=0A=
+SIZE (qjail-3.3.tar.bz2) =3D 61485=0A=
diff -ruN qjail-3.2/files/pkg-message.in qjail/files/pkg-message.in=0A=
--- qjail-3.2/files/pkg-message.in 2014-05-01 12:13:20.000000000 -0400=0A=
+++ qjail/files/pkg-message.in 2014-05-09 11:42:20.000000000 -0400=0A=
@@ -10,9 +10,13 @@=0A=
=0A=
########################################################################=0A=
=0A=
+If your host is running 10.0-RELEASE be sure you apply system security =0A=
+update. You need to be at 10.0-RELEASE-p2. Run the following commands=0A=
+to apply system security updates.=0A=
+ freebsd-update fetch =0A=
+ freebsd-update install=0A=
=0A=
-For instructions on upgrading jail filesystems=0A=
-Read %%EXAMPLESDIR%%/upgrade-info.txt=0A=
+########################################################################=0A=
=0A=
=0A=
=0A=
diff -ruN qjail-3.2/pkg-descr qjail/pkg-descr=0A=
--- qjail-3.2/pkg-descr 2014-05-01 12:13:20.000000000 -0400=0A=
+++ qjail/pkg-descr 2014-04-29 18:06:14.000000000 -0400=0A=
@@ -1,16 +1,17 @@=0A=
Qjail [ q =3D quick ] is a 4th generation wrapper for the basic chroot =
jail=0A=
system that includes security and performance enhancements. Plus a new =
level=0A=
of "user friendliness" enhancements dealing with deploying just a few =
jails or=0A=
-large jail environments consisting of 100's of jails.=0A=
+large scale jail environments consisting of 100's of jails.=0A=
=0A=
This version of qjail has been converted from using the legacy =
rc.d-method as =0A=
used in all previous versions of qjail, to using the jail(8) =
jail.conf-method =0A=
-available in RELEASE-9.1. This upgrade provides the ability to enable =
the =0A=
-following new options on a per-jail basis. exec.fib, allow.raw_sockets, =0A=
-allow.quotas, allow.mount.nullfs, allow.mount.zfs, cpuset.id, =
securelevel, =0A=
+available in RELEASE-9.1 which contained many bugs, some that were =
fixed in=0A=
+RELEASE-9.2 and others fixed in RELEASE-10.0. This upgrade provides the =
ability=0A=
+to enable the following new options on a per-jail basis. exec.fib, =
securelevel,=0A=
+allow.raw_sockets, allow.quotas, allow.mount.nullfs, allow.mount.zfs, =
cpuset.id,=0A=
vnet.interface, and vnet. The vnet option gives a jail its own network =
stack =0A=
-using the experimental vimage software. This qjail version is not =
functional =0A=
-for RELEASES older than RELEASE-9.1. The vnet option has only been =
tested on =0A=
+using the experimental vimage software. This qjail version is not =
intended=0A=
+for RELEASES older than RELEASE-10.0. The vnet option has only been =
tested on =0A=
i386 and amd64 equipment.=0A=
=0A=
Qjail requires no knowledge of the jail command usage. It uses "nullfs" =
for=0A=
diff -ruN qjail-3.2/pkg-plist qjail/pkg-plist=0A=
--- qjail-3.2/pkg-plist 2014-05-01 12:13:20.000000000 -0400=0A=
+++ qjail/pkg-plist 2014-04-29 18:01:18.000000000 -0400=0A=
@@ -3,9 +3,6 @@=0A=
bin/qjail.vnet.ng=0A=
etc/qjail.portsnap.conf=0A=
etc/rc.d/qjail.bootime=0A=
-%%EXAMPLESDIR%%/upgrade-info.txt=0A=
-%%EXAMPLESDIR%%/vnet/jail.amd64=0A=
-%%EXAMPLESDIR%%/vnet/jail.i386=0A=
%%EXAMPLESDIR%%/vnet/ipfw.rules.host=0A=
%%EXAMPLESDIR%%/vnet/ipfw.rules.vnet=0A=
%%EXAMPLESDIR%%/vnet/ipf.rules.host=0A=
------=_NextPart_000_0002_01CF6B88.C6123500--
More information about the freebsd-ports-bugs
mailing list