From e6ab439f0f4b3c0e6018155d76606e869435d52f Mon Sep 17 00:00:00 2001
From: Thomas von Dein <tom@izb.net>
Date: Fri, 27 Nov 2020 08:52:58 +0100
Subject: [PATCH] Several modifications to ports support

- ports are only mounted to a build chroot if it uses a buildbase
- added building of a buildbase with jaildk base $name rw
- added a separate internal rcd-function jaildk_rc_ports for
  mounting and umounting ports, which ONLY operates in buld mode
- added som documentation about this in the README
---
 README.md |  36 ++++++++++++++++++
 jaildk    | 110 ++++++++++++++++++++++++++++++++++++------------------
 2 files changed, 109 insertions(+), 37 deletions(-)

diff --git a/README.md b/README.md
index 8423467..c7bb4e4 100644
--- a/README.md
+++ b/README.md
@@ -122,6 +122,42 @@ vi /usr/local/etc/nginx/nginx.conf
 Since  the build  chroot  is  writable you  can  install packages  and
 configure everything as needed.
 
+### Using the ports collection
+
+There might be cases when using pre build binary packages are not your
+thing. In such a case you want to use the [FreeBSD Ports Collection](https://www.freebsd.org/ports/).
+
+*jaildk* supports this, here are the steps required:
+
+#### Create a buildbase
+
+A  normal base  directory cannot  be  used with  the ports  collection
+because  jaildk removes  libraries and  binaries for  security reasons
+from normal bases. To create a build base, execute:
+
+`jaildk base 12-RELEASE-build rw`
+
+Next, add  the following entry  to the  configuration of you  jail. To
+stay with our example, edit `/jail/etc/myjail/jail.conf` and add:
+
+`buildbase=12-RELEASE-build`
+
+Then install the build jail as usual:
+
+`jaildk build myjail`
+
+Finally, install the current ports collection:
+
+`jaildk fetch`
+
+Now you can enter the build jail and install ports the traditional way:
+
+```
+jaildk blogin myjail
+cd /usr/ports/shells/bash
+make config-recursive install clean
+```
+
 ### When done, install and start the jail
 
 ```
diff --git a/jaildk b/jaildk
index 7d69e5a..9e698a9 100644
--- a/jaildk
+++ b/jaildk
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-version=1.04
+version=1.05
 
 usage_jaildk() {
     beg=`tput -T ${TERM:-cons25} md`
@@ -95,13 +95,17 @@ jaildk_build() {
     base=$3
     version=$4
 
+    load-jail-config $jail
+
     if test -z "$mode"; then
         echo "Usage: $0 build <jail name> <start|stop|status> [<base>] [<version>]"
         exit 1
     fi
 
-    if test -z "$base"; then
-        # default: latest
+    if test -n "buildbase"; then
+        base="$j/$buildbase"
+    elif test -z "$base"; then
+        # not configured, use default: latest
         base=`ls $j/base | tail -1`
     fi
 
@@ -109,6 +113,37 @@ jaildk_build() {
     
 }
 
+jaildk_rc_ports() {
+    jail=$1
+    mode=$2
+    rw=$3
+    BASE=$4
+    VERSION=$5
+    rcscript=ports
+
+    load-jail-config $jail
+
+    if test -n "$buildbase" -a -n "$rw"; then
+        # we only support ports if a buildbase is configured
+        case $mode in
+            start)
+                if mount -v | grep -q " $j/build/$jail/usr/ports "; then
+                    bold "$j/build/$jail/usr/ports already mounted!"
+                else
+                    ex mount -t nullfs -o rw $j/ports/$version $j/build/$jail/usr/ports
+                fi
+                ;;
+            stop)
+                if mount -v | grep -q " $j/build/$jail/usr/ports "; then
+                    ex umount $j/build/$jail/usr/ports
+                else
+                    bold "$j/build/$jail/usr/ports not mounted!"
+                fi
+                ;;
+        esac
+    fi
+}
+
 jaildk_rc_mount() {
     jail=$1
     mode=$2
@@ -223,6 +258,7 @@ jaildk_install_usage() {
     err "Usage: $0 install <jail> [[<rc.d-script>] <start|stop|restart|status>]"
     err "If <rc.d-script> is 'all' every script will be executed in rc-order."
     err "If <rc.d-script> is not specified, just execute all scripts with <start>."
+    err "Available rc.d-scripts: $RCSCRIPTS"
     exit 1
 }
         
@@ -261,7 +297,7 @@ jaildk_install() {
     die_if_not_exist $jail
 
     if test "$rcd" = "all"; then
-        rcscripts="jaildk_rc_mount"
+        rcscripts="$RCSCRIPTS"
     else
         rcscripts="jaildk_rc_${rcd}"
         if ! type "$rcscripts" > /dev/null 2>&1; then
@@ -275,24 +311,12 @@ jaildk_install() {
             ;;
         stop)
             bold "Unstalling jail $jail"
-            if mount -v | grep " $j/build/$jail/usr/ports " > /dev/null ; then
-                if [ ! -z $rw ]; then
-                    echo "mount - umount $j/build/$jail/usr/ports"
-                    umount $j/build/$jail/usr/ports
-                fi
-            else
-                bold "$j/build/$jail/usr/ports not mounted!"
-            fi
             ;;
     esac
 
     for rcscript in $rcscripts; do
         $rcscript $jail $mode $rw $base $version
     done
-    if [ $mode = "start" ]; then
-        ex mount -t nullfs -o rw $j/ports/$version $run/$jail/usr/ports
-    fi
-
 }
 
 jaildk_uninstall() {
@@ -316,10 +340,13 @@ jaildk_uninstall() {
 
 jaildk_base() {
     base=$1
-    if echo "$base" | egrep -vq "^/"; then
-        basedir=$j/base/$base
-    else
-        basedir=$base
+    rw=$2
+
+    if test -z "$base"; then
+        err "Usage: $0 base <basename|basedir> [<rw>]"
+        err "If the <rw> has been set, the base will not cleaned up"
+        err "and will contain compilers and other build stuff. Use"
+        err "this if you want to use the ports collection."
     fi
 
     removelist="tests
@@ -382,8 +409,11 @@ rescue
 media
 mnt
 boot"
-    if test -z "$basedir"; then
-        die "Usage: $0 base <base dir>"
+
+    if echo "$base" | egrep -vq "^/"; then
+        basedir=$j/base/$base
+    else
+        basedir=$base
     fi
 
     if test -d "$basedir"; then
@@ -392,12 +422,15 @@ boot"
     else
         ex mkdir -p $basedir
         DISTRIBUTIONS="base.txz" bsdinstall jail $basedir
-        for file in $removelist; do
-            ex rm -rf $basedir/$file
-        done
 
-        ex mkdir -p $basedir/usr/ports
-        
+        if test -n "$rw"; then
+            for file in $removelist; do
+                ex rm -rf $basedir/$file
+            done
+
+            ex mkdir -p $basedir/usr/ports
+        fi
+
         ex rm -rf $basedir/var/db
         ex ln -s /usr/local/db $basedir/var/db
     fi
@@ -906,7 +939,7 @@ endif
     esac
 }
 
-jaildk_fetch() {
+jaildk_fetch_ports() {
     version=`date +%Y%m%d`
     if [ -d "$j/ports/$version" ]; then
         echo "Ports dir $version already exist. Do you want to recreate it? [y/N]"
@@ -914,7 +947,7 @@ jaildk_fetch() {
         case $yesno in
             y|Y|yes|YES)
                 rm -rf $j/ports/$version
-                jaildk_fetch_exec
+                jaildk_fetch_ports_exec
                 ;;
         esac
     else
@@ -922,14 +955,14 @@ jaildk_fetch() {
     fi
 }
 
-jaildk_fetch_exec() {
-            fetch -o $j/ports/$version.tar.gz http://ftp.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz
-            mkdir -p $j/ports/$version
-            tar xzfC $j/ports/$version.tar.gz $j/ports/$version
-            cd $j/ports/$version/
-            mv ports/* .
-            cd -
-            rm -rf $j/ports/$version.tar.gz  $j/ports/$version/ports
+jaildk_fetch_ports_exec() {
+    fetch -o $j/ports/$version.tar.gz http://ftp.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz
+    mkdir -p $j/ports/$version
+    tar xzfC $j/ports/$version.tar.gz $j/ports/$version
+    cd $j/ports/$version/
+    mv ports/* .
+    cd -
+    rm -rf $j/ports/$version.tar.gz  $j/ports/$version/ports
 }
 
 ##########################
@@ -939,6 +972,9 @@ jaildk_fetch_exec() {
 # will be modified during installation
 JAILDIR=/jail
 
+# install modules
+RCSCRIPTS="jaildk_rc_mount jaildk_rc_ports"
+
 # globals
 j=$JAILDIR
 rcdir=$j/bin