[Request for Comments] Adding a JAILED meta-variable to bsd.port.mk

Sat, 20 Aug 2011 04:25:24 -0700 

Hi,

I would like to propose a change to bsd.port.mk which, similarly to
obtaining the OSVERSION, checks if the system on which a port is being
built is a jailed environment.

This change can allow port maintainers to mark ports that do not run in
jailed environments as IGNORE, or adjust PKG_MESSAGE to inform the user
of special conditions or changes that will be needed to run a port from
within a jail.  One particular example of the latter is
databases/postgresql*-server, where the user must enable
security.jail.sysvipc_allowed.  I am sure this feature could expand to
other cases I have not considered yet, as well.

I have included three patches:

0-Mk-bsd.port.mk.txt - the proposed change to bsd.port.mk

1-ircservices-Makefile.txt - an example usage of disallowing a port from
being built within a jail

2-sshguard-Makefile.txt - an example usage of disabling a port from
being built within a jail conditionally (in this example, it is assumed
security/sshguard-pf is the target port)

Comments, etc, are welcome.

Regards,

Glen

-- 
Glen Barber | g...@freebsd.org
FreeBSD Documentation Project

--- bsd.port.mk.orig    2011-08-12 12:39:23.000000000 -0400
+++ bsd.port.mk 2011-08-20 06:15:19.644576050 -0400
@@ -46,6 +46,7 @@
 #                                "FreeBSD," "NetBSD," or "OpenBSD" as 
appropriate.
 # OSREL                        - The release version (numeric) of the 
operating system.
 # OSVERSION            - The value of __FreeBSD_version.
+# JAILED               - The system is a FreeBSD jail.
 #
 # This is the beginning of the list of all variables that need to be
 # defined in a port, listed in order that they should be included
@@ -1196,6 +1197,11 @@
 .endif
 .endif
 
+# Check if the system is a jail
+.if !defined(JAILED)
+JAILED!=       ${SYSCTL} -n security.jail.jailed
+.endif
+
 MASTERDIR?=    ${.CURDIR}
 
 .if ${MASTERDIR} != ${.CURDIR}

--- Makefile.orig       2009-08-31 09:50:55.000000000 -0400
+++ Makefile    2011-08-20 06:14:04.987796133 -0400
@@ -27,6 +27,10 @@
 
 .include <bsd.port.pre.mk>
 
+.if ${JAILED}
+IGNORE=                Does not run from within a jail
+.endif
+
 .if ${OSVERSION} > 700042
 CFLAGS+=       -fno-stack-protector
 .endif

--- Makefile.orig       2011-07-24 14:16:29.000000000 -0400
+++ Makefile    2011-08-20 06:14:24.513106022 -0400
@@ -40,6 +40,9 @@
 CONFIGURE_ARGS+=       --mandir=${MANPREFIX}/man
 
 .if ${SSHGUARDFW} == pf
+. if ${JAILED}
+IGNORE=                Cannot use with pf within a jail
+. endif
 PKGMSG_FWBLOCK="  To activate or configure PF see 
http://sshguard.sf.net/doc/setup/blockingpf.html";
 .elif ${SSHGUARDFW} == ipfw
 PKGMSG_FWBLOCK="  Verify that IPFW is active with \"ipfw show\"."

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to