scip/jaildk
1
0
Fork 0
mirror of https://codeberg.org/scip/jaildk.git synced 2025-12-17 04:31:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Several modifications to ports support

Browse Source 
- ports are only mounted to a build chroot if it uses a buildbase
- added building of a buildbase with jaildk base $name rw
- added a separate internal rcd-function jaildk_rc_ports for
  mounting and umounting ports, which ONLY operates in buld mode
- added som documentation about this in the README
This commit is contained in:
Thomas von Dein
2020-11-27 08:52:58 +01:00
parent fd855c560b
commit e6ab439f0f
2 changed files with 109 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
README.md
View File

@@ -122,6 +122,42 @@ vi /usr/local/etc/nginx/nginx.conf
Since the build chroot is writable you can install packages and Since the build chroot is writable you can install packages and
configure everything as needed. configure everything as needed.
### Using the ports collection
There might be cases when using pre build binary packages are not your
thing. In such a case you want to use the [FreeBSD Ports Collection](https://www.freebsd.org/ports/).
*jaildk* supports this, here are the steps required:
#### Create a buildbase
A normal base directory cannot be used with the ports collection
because jaildk removes libraries and binaries for security reasons
from normal bases. To create a build base, execute:
`jaildk base 12-RELEASE-build rw`
Next, add the following entry to the configuration of you jail. To
stay with our example, edit `/jail/etc/myjail/jail.conf` and add:
`buildbase=12-RELEASE-build`
Then install the build jail as usual:
`jaildk build myjail`
Finally, install the current ports collection:
`jaildk fetch`
Now you can enter the build jail and install ports the traditional way:
```
jaildk blogin myjail
cd /usr/ports/shells/bash
make config-recursive install clean
```
### When done, install and start the jail ### When done, install and start the jail
``` ```

110
jaildk
View File

@@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
version=1.04 version=1.05
usage_jaildk() { usage_jaildk() {
beg=`tput -T ${TERM:-cons25} md` beg=`tput -T ${TERM:-cons25} md`
@@ -95,13 +95,17 @@ jaildk_build() {
base=$3 base=$3
version=$4 version=$4
load-jail-config $jail
if test -z "$mode"; then if test -z "$mode"; then
echo "Usage: $0 build <jail name> <start|stop|status> [<base>] [<version>]" echo "Usage: $0 build <jail name> <start|stop|status> [<base>] [<version>]"
exit 1 exit 1
fi fi
if test -z "$base"; then if test -n "buildbase"; then
# default: latest base="$j/$buildbase"
elif test -z "$base"; then
# not configured, use default: latest
base=`ls $j/base | tail -1` base=`ls $j/base | tail -1`
fi fi
@@ -109,6 +113,37 @@ jaildk_build() {
} }
jaildk_rc_ports() {
jail=$1
mode=$2
rw=$3
BASE=$4
VERSION=$5
rcscript=ports
load-jail-config $jail
if test -n "$buildbase" -a -n "$rw"; then
# we only support ports if a buildbase is configured
case $mode in
start)
if mount -v | grep -q " $j/build/$jail/usr/ports "; then
bold "$j/build/$jail/usr/ports already mounted!"
else
ex mount -t nullfs -o rw $j/ports/$version $j/build/$jail/usr/ports
fi
;;
stop)
if mount -v | grep -q " $j/build/$jail/usr/ports "; then
ex umount $j/build/$jail/usr/ports
else
bold "$j/build/$jail/usr/ports not mounted!"
fi
;;
esac
fi
}
jaildk_rc_mount() { jaildk_rc_mount() {
jail=$1 jail=$1
mode=$2 mode=$2
@@ -223,6 +258,7 @@ jaildk_install_usage() {
err "Usage: $0 install <jail> [[<rc.d-script>] <start|stop|restart|status>]" err "Usage: $0 install <jail> [[<rc.d-script>] <start|stop|restart|status>]"
err "If <rc.d-script> is 'all' every script will be executed in rc-order." err "If <rc.d-script> is 'all' every script will be executed in rc-order."
err "If <rc.d-script> is not specified, just execute all scripts with <start>." err "If <rc.d-script> is not specified, just execute all scripts with <start>."
err "Available rc.d-scripts: $RCSCRIPTS"
exit 1 exit 1
} }
@@ -261,7 +297,7 @@ jaildk_install() {
die_if_not_exist $jail die_if_not_exist $jail
if test "$rcd" = "all"; then if test "$rcd" = "all"; then
rcscripts="jaildk_rc_mount" rcscripts="$RCSCRIPTS"
else else
rcscripts="jaildk_rc_${rcd}" rcscripts="jaildk_rc_${rcd}"
if ! type "$rcscripts" > /dev/null 2>&1; then if ! type "$rcscripts" > /dev/null 2>&1; then
@@ -275,24 +311,12 @@ jaildk_install() {
;; ;;
stop) stop)
bold "Unstalling jail $jail" bold "Unstalling jail $jail"
if mount -v | grep " $j/build/$jail/usr/ports " > /dev/null ; then
if [ ! -z $rw ]; then
echo "mount - umount $j/build/$jail/usr/ports"
umount $j/build/$jail/usr/ports
fi
else
bold "$j/build/$jail/usr/ports not mounted!"
fi
;; ;;
esac esac
for rcscript in $rcscripts; do for rcscript in $rcscripts; do
$rcscript $jail $mode $rw $base $version $rcscript $jail $mode $rw $base $version
done done
if [ $mode = "start" ]; then
ex mount -t nullfs -o rw $j/ports/$version $run/$jail/usr/ports
fi
} }
jaildk_uninstall() { jaildk_uninstall() {
@@ -316,10 +340,13 @@ jaildk_uninstall() {
jaildk_base() { jaildk_base() {
base=$1 base=$1
if echo "$base" | egrep -vq "^/"; then rw=$2
basedir=$j/base/$base
else if test -z "$base"; then
basedir=$base err "Usage: $0 base <basename|basedir> [<rw>]"
err "If the <rw> has been set, the base will not cleaned up"
err "and will contain compilers and other build stuff. Use"
err "this if you want to use the ports collection."
fi fi
removelist="tests removelist="tests
@@ -382,8 +409,11 @@ rescue
media media
mnt mnt
boot" boot"
if test -z "$basedir"; then
die "Usage: $0 base <base dir>" if echo "$base" | egrep -vq "^/"; then
basedir=$j/base/$base
else
basedir=$base
fi fi
if test -d "$basedir"; then if test -d "$basedir"; then
@@ -392,12 +422,15 @@ boot"
else else
ex mkdir -p $basedir ex mkdir -p $basedir
DISTRIBUTIONS="base.txz" bsdinstall jail $basedir DISTRIBUTIONS="base.txz" bsdinstall jail $basedir
for file in $removelist; do
ex rm -rf $basedir/$file
done
ex mkdir -p $basedir/usr/ports if test -n "$rw"; then
for file in $removelist; do
ex rm -rf $basedir/$file
done
ex mkdir -p $basedir/usr/ports
fi
ex rm -rf $basedir/var/db ex rm -rf $basedir/var/db
ex ln -s /usr/local/db $basedir/var/db ex ln -s /usr/local/db $basedir/var/db
fi fi
@@ -906,7 +939,7 @@ endif
esac esac
} }
jaildk_fetch() { jaildk_fetch_ports() {
version=`date +%Y%m%d` version=`date +%Y%m%d`
if [ -d "$j/ports/$version" ]; then if [ -d "$j/ports/$version" ]; then
echo "Ports dir $version already exist. Do you want to recreate it? [y/N]" echo "Ports dir $version already exist. Do you want to recreate it? [y/N]"
@@ -914,7 +947,7 @@ jaildk_fetch() {
case $yesno in case $yesno in
y|Y|yes|YES) y|Y|yes|YES)
rm -rf $j/ports/$version rm -rf $j/ports/$version
jaildk_fetch_exec jaildk_fetch_ports_exec
;; ;;
esac esac
else else
@@ -922,14 +955,14 @@ jaildk_fetch() {
fi fi
} }
jaildk_fetch_exec() { jaildk_fetch_ports_exec() {
fetch -o $j/ports/$version.tar.gz http://ftp.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz fetch -o $j/ports/$version.tar.gz http://ftp.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz
mkdir -p $j/ports/$version mkdir -p $j/ports/$version
tar xzfC $j/ports/$version.tar.gz $j/ports/$version tar xzfC $j/ports/$version.tar.gz $j/ports/$version
cd $j/ports/$version/ cd $j/ports/$version/
mv ports/* . mv ports/* .
cd - cd -
rm -rf $j/ports/$version.tar.gz $j/ports/$version/ports rm -rf $j/ports/$version.tar.gz $j/ports/$version/ports
} }
########################## ##########################
@@ -939,6 +972,9 @@ jaildk_fetch_exec() {
# will be modified during installation # will be modified during installation
JAILDIR=/jail JAILDIR=/jail
# install modules
RCSCRIPTS="jaildk_rc_mount jaildk_rc_ports"
# globals # globals
j=$JAILDIR j=$JAILDIR
rcdir=$j/bin rcdir=$j/bin