[Request for Comments] Adding a JAILED meta-variable to
bsd.port.mk
Chris Rees
crees at freebsd.org
Sat Aug 20 18:18:46 UTC 2011
On 20 August 2011 18:46, Jason Helfman <jhelfman at e-e.com> wrote:
>> On 8/20/11 8:44 AM, Kostik Belousov wrote:
>>>> One thing I can think of off-hand to fix this in that case is setting a
>>>> local environment variable to disable a check for security.jail.jailed.
>>>> Would this be an ok solution for those cases? If not, I happily agree
>>>> that this change should not be made then.
>>>>
>>>> I have an updated patch to bsd.port.mk that looks for a local
>>>> environment variable, PKGJAIL - if it is set, then JAILED is unset.
>>>> Would this be acceptable?
>>> The change would require user to do a configuration for a thing that
>>> previously just worked. What is the point ?
>>>
>>
>> I suppose the specific problem I am trying to solve is a case where a
>> user builds a port within a jail with the expectation that the port will
>> in fact run within the jail with little or no changes. Perhaps
>> security/sshguard-pf and databases/postgresql*-server are not the most
>> ideal examples of where this would be relevant.
>>
>> I agree that a configuration change for something that worked before is
>> not the best solution. So, I retract this change proposal.
>>
>> Again, thank you for the feedback and pointing out that this would have
>> had negative impact on those using jails for package building.
>>
>> Regards,
>>
>> Glen
>>
> I, myself, have not installed or built enough packages in jails to find
> this issue, however I am using tinderbox for maintaining my ports,
> submitting ports, or patches, as well as maintaining a local ports tree.
>
> In doing this, and maintaining our operational environment, I am finding
> may conditions where you may want to do one thing or another, and the
> possibilities I have found can be endless, so it could be argued to not
> introduce global functionality for the X number of ports/packages that
> need it, however to code the port to be aware of these conditions in the
> packaging scripts.
>
> For example, you could test for values of sysctl, or another condition.
> Based on the result, perform X action. Although, I haven't done this
> specifically for a jail, I don't see why the same practice couldn't be
> exercised.
>
> These, I believe, can all be take taken advantage of in subsequent pkg-*
> files.
>
Hm, not a fan of getting output of sysctl for many ports -- that'd
take forever in INDEX generation for example.
Perhaps we could just introduce a JAILED variable and leave it at that?
Chris
More information about the freebsd-ports
mailing list