Qjail [ q = quick ] is a 4th generation wrapper for the basic chroot jail system that includes security and performance enhancements. Plus a new level of "user friendliness" enhancements dealing with deploying just a few jails or large jail environments consisting of 100's of jails. Qjail requires no knowledge of the jail command usage. It uses "nullfs" for read-only system binaries, sharing one copy of them with all the jails. Uses "mdconfig" to create sparse image jails. Sparse image jails provide a method to limit the total disk space a jail can consume, while only occupying disk space of the sum size of the files in the image jail. Ability to assign ip address with their network device name, so aliases are auto created on jail start and auto removed on jail stop. Ability to create "ZONE"s of identical qjail systems, each with their own group of jails. Ability to designate a portion of the jail name as a group prefix so the command being executed will apply to only those jail names matching that prefix. Qjail reduces the complexities of large jail deployments to the novice level. Qjail has a fully documented manpage written for easy comprehension, which is a rarity in the "open source" world. Details are given to felicitate the use of qjail's capabilities to the fullest extent possible. Fix: Patch attached with submission follows:
Responsible Changed From-To: freebsd-ports-bugs->makc I'll take it.
What is the holdup about adding this simple port to the port system?
Responsible Changed From-To: makc->freebsd-ports-bugs Run out of time, sorry.
Read the Porter's Handbook again, and look at the pointers here: I suggest you remove the redundant DISTFILES line, and then read http://www.freebsd.org/doc/en/books/porters-handbook/plist-config.html Also don't use spaces in Makefiles; use tabs. That's an error. Then read: http://www.freebsd.org/doc/en/books/porters-handbook/rc-scripts.html Also don't edit files not in PREFIX; you can't be messing with /etc/rc.d Run make makesum when you're done -- you must have a distinfo Take the & out of the COMMENT and replace it with and (you have enough space) Why are you using ${CP} and ${INSTALL_DATA}? Why not just the one? Also; X ${CP} ${WRKSRC}/qjail.8 ${PREFIX}/man/man8/ X ${CP} ${WRKSRC}/qjail-intro.8 ${PREFIX}/man/man8/ X ${CP} ${WRKSRC}/qjail.conf.8 ${PREFIX}/man/man8/ you should be using ${MANPREFIX} here. pkg-descr is quite long; and you should remove the newlines at the end of pkg-descr Take out the extraneous newlines in the COMMENT/MAINTAINER block. Then run portlint -A over it (you should obviously install portlint first). Good luck! Chris
Chris Rees Thanks for the feedback. Every thing in this port was copied from ports already in the ports system. Even with the makefile having spaces it does install without any problems. It does not generate any errors like you say it will. When you talk about "redundant DISTFILES line" please be more detailed because I cannot determine what you are referring to. Even if you think the makefile DISTFILES= line is redundant it is not invalid and was put there as documentation. There are many existing ports with no distinfo so I fail to see why you think this is an error. This was done on purpose so I can update the dist file with fixes or enactments without having to wait for months to get the update commented because the makesum values have changed. This technique is communally used when the port make files will never change but allows the maintainer to maintain the product without delays in moving updates into the existing port. You are incorrect, my makefile does not use ${INSTALL_DATA} it uses do-install: and post-install: What you call extraneous newlines in the COMMENT/MAINTAINER block, I call visual spacing so it looks nice when shown. If you run the port as is you will see how the "extraneous newlines" end up presenting a professional look in the output of the installed port. And when it comes to the messing with /etc/rc.d/jail file I was told by the jail maintainer that he was addressing the bugs I pointed out in a up coming release and that I should just replace it with my corrected one as part of my port. So that is what I am doing. Now that I have addressed all your concerns, which resulted in no changes to the submitted port, lets get this port committed. Thanks for your help and interest. Joe -----Original Message----- From: Chris Rees [mailto:utisoft@gmail.com] Sent: Saturday, November 20, 2010 10:40 AM To: bug-followup@freebsd.org; joeb@a1poweruser.com Subject: Re: ports/148777: [New Port] sysutils/qjail: Utility to deploy large number of jails quickly Read the Porter's Handbook again, and look at the pointers here: I suggest you remove the redundant DISTFILES line, and then read http://www.freebsd.org/doc/en/books/porters-handbook/plist-config.html Also don't use spaces in Makefiles; use tabs. That's an error. Then read: http://www.freebsd.org/doc/en/books/porters-handbook/rc-scripts.html Also don't edit files not in PREFIX; you can't be messing with /etc/rc.d Run make makesum when you're done -- you must have a distinfo Take the & out of the COMMENT and replace it with and (you have enough space) Why are you using ${CP} and ${INSTALL_DATA}? Why not just the one? Also; X ${CP} ${WRKSRC}/qjail.8 ${PREFIX}/man/man8/ X ${CP} ${WRKSRC}/qjail-intro.8 ${PREFIX}/man/man8/ X ${CP} ${WRKSRC}/qjail.conf.8 ${PREFIX}/man/man8/ you should be using ${MANPREFIX} here. pkg-descr is quite long; and you should remove the newlines at the end of pkg-descr Take out the extraneous newlines in the COMMENT/MAINTAINER block. Then run portlint -A over it (you should obviously install portlint first). Good luck! Chris
"joeb" <joeb@a1poweruser.com> writes: > There are many existing ports with no distinfo so I fail to see why you > think this is an error. This was done on purpose so I can update the dist > file with fixes or enactments without having to wait for months to get the > update commented because the makesum values have changed. This technique is > communally used when the port make files will never change but allows the > maintainer to maintain the product without delays in moving updates into the > existing port. Then mark it RESTRICTED as the distfile may not be identical across ftp mirrors and CDROM. > And when it comes to the messing with /etc/rc.d/jail file I was told by the > jail maintainer that he was addressing the bugs I pointed out in a up coming > release and that I should just replace it with my corrected one as part of > my port. So that is what I am doing. Have you tried to rename it and install into PREFIX/etc/rc.d? The port fails to restore original /etc/rc.d/jail upon deinstall and jail.original ends up overwritten after second install.
On 20 November 2010 17:30, joeb <joeb@a1poweruser.com> wrote: > Chris Rees > > Thanks for the feedback. > > Every thing in this port was copied from ports already in the ports syste= m. > Even with the makefile having spaces it does install without any problems= . > It does not generate any errors like you say it will. > > When you talk about "redundant DISTFILES line" please be more detailed > because I cannot determine what you are referring to. =A0Even if you thin= k the > makefile DISTFILES=3D line is redundant it is not invalid and was put the= re as > documentation. > > There are many existing ports with no distinfo so I fail to see why you > think this is an error. This was done on purpose so I can update the dist > file with fixes or enactments without having to wait for months to get th= e > update commented because the makesum values have changed. =A0This techniq= ue is > communally used when the port make files will never change but allows the > maintainer to maintain the product without delays in moving updates into = the > existing port. > > You are incorrect, my makefile does not use =A0${INSTALL_DATA} it uses > do-install: and post-install: > > What you call extraneous newlines in the COMMENT/MAINTAINER block, I call > visual spacing so it looks nice when shown. > > If you run the port as is you will see how the "extraneous newlines" end = up > presenting a professional look in the output of the installed port. > > And when it comes to the messing with /etc/rc.d/jail file I was told by t= he > jail maintainer that he was addressing the bugs I pointed out in a up com= ing > release and that I should just replace it with my corrected one as part o= f > my port. So that is what I am doing. > > Now that I have addressed all your concerns, which resulted in no changes= to > the submitted port, lets get this port committed. > > Thanks for your help and interest. > My concerns have not all been addressed. Your missing distinfo is not permitted: Section 12.18 of the Porter's handb= ook. You can't change your distfiles without going through a committer. It's the rules; the source MUST be trusted, and by the users, not you. There are specific rules in how Makefiles should be laid out, and your stylistic newlines are also not encouraged. It's to make the job easier for the committers, and to make a consistent tree which is _really_ important for readability. Following the established rules is the 'professional' thing to do. You don't like it, start a discussion on the lists about changing policy, but until then you need to follow it. The spaces-instead-of-tabs are an error on many versions of make, and just because it works for you doesn't make it right. You still haven't run portlint -A In the do-install section, your port _does_ use ${INSTALL_DATA}. This is fine, but why are you using that then ${CP} underneath? Your PREFIX for the manpages is wrong. You can't write outside PREFIX, so no, your /etc modifications are _not_ OK. Some people have / on a read-only filesystem. Your port will work fine without the DISTFILES line, so it can be taken out. It's unnecessary, and will cause problems when updating the port; you'll have to change the filename manually. Again, I suggest you look at how you install the rc.d scripts in the handbook; you've done it wrong. rc.d scripts don't go in pkg-plist You should not list configuration files in pkg-plist; they get clobbered when upgrading. *Please* read the parts of the handbook linked above and THEN RUN portlint -A, as I suggested. The port 'working' for you does not make it acceptable for inclusion. You asked for guidelines, a committer will give you the same, or ignore the port as they have been. THAT is why it's been untouched for months, and the previous volunteer gave up on it. Properly made PRs are committed fairly quickly; http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dports/148208 Chris
The updated attached port shar file contains fixes to the port makefiles. Please review and commit. Thanks
Responsible Changed From-To: freebsd-ports-bugs->rea Will process this PR after concerns raised in http://lists.freebsd.org/pipermail/freebsd-ports/2011-January/065407.html will be addressed.
State Changed From-To: open->feedback Waiting for originator's feedback.
Hi! Sorry about sail in, but i feel that we need such port, and that it hangs in gnats too long. I seems fixed all the issues that Eygene pointed out, beside rc-scripts - i don't really know how to handle this properly. The only user-visible changes is: - pkg-descr shortened to a paragraph - shortened pkg-message Joe, do you have any objections? I believe that having port in the tree with shortened description is better then not having port at all. -- Regards, Ruslan
Ruslan, good day. Mon, Jan 31, 2011 at 10:40:10AM +0000, Ruslan Mahmatkhanov wrote: > Sorry about sail in, but i feel that we need such port, and that it > hangs in gnats too long. I seems fixed all the issues that Eygene > pointed out, beside rc-scripts - i don't really know how to handle this > properly. True, it fixed most points, but rc.d stuff, thanks! As for rc.d scripts, I am in doubt, because qjail provides its own rc.d scripts and automated installation with USE_RC_ORDER requires templates for the rc.d scripts to be in the files/ subdirectory. We can use the stock scripts, but they are not ${PREFIX}-safe -- they rely on the fact that we're always living in the /usr/local. We can use something like this (and, just now, it is the best way to proceed without tracking of the qjail source by the port itself), {{{ --- qjail.orig/Makefile 2011-01-31 16:55:16.000000000 +0300 +++ qjail/Makefile 2011-01-31 17:44:05.000000000 +0300 @@ -18,6 +18,10 @@ MAN8= qjail.8 qjail.conf.8 qjail-intro.8 +post-extract: + ${REINPLACE_CMD} -e's|\(qjail_prefix\)=/usr/local|\1=${PREFIX}|g' \ + ${WRKSRC}/qjail ${WRKSRC}/qjail2 + do-install: ${INSTALL_SCRIPT} ${WRKSRC}/qjail ${PREFIX}/bin ${INSTALL_SCRIPT} ${WRKSRC}/qjail2 ${PREFIX}/etc/rc.d }}} for the qjail2 and for the qjail itself, but what came to my attention is that the comment in the qjail2, {{{ # Please do not change this file, configure in /usr/local/etc/qjail.conf }}} seems to be misleading, because there is no processing of the etc/qjail.conf in the rc.d file, but rather qjail_config="${qjail_jailprops}/${qjail}" is used instead. I see that etc/qjail.conf is used in the main qjail script, so may be this comment is some artefact of the old days. Of course, I can just miss something important here. One more thing I had noticed during the grep session over the qjail script: it installs the own jail2 script as /etc/rc.d/jail. It is not the Good Thing (TM), as it is better not to mess with the base system: - upgrades will either overwrite the /etc/rc.d/ script or one can lose the important new functionality; [1] - questions like "who messed with my /etc/rc.d/jail" can arise and administrator may have hard time finding who's guilty here. Perhaps the better way to proceed, if anyone wants its own jail rc.d script, is to install it to /usr/local/etc/rc.d/ and use _that_ script, not touching the base one. Perhaps the script's name can be changed, but if it is variable-compatible with the /etc/rc.d/ one, then no rename is needed. And one more thing: qjail_uglyperlhack seems to be on by-default and it symlinks /usr/local/bin/perl to the jail's /usr/bin/perl at the 'install' command of qjail. I see no signs of the description of that variable in the manual pages, but my gut feeling says that it is some equivalent of the USE_PERL knob in the devel/perlN.M ports. Is it really needed or it is another artefact? If it is needed, may be it will be good to document it. Otherwise, the port is now close to its perfection. Thanks for your work! [1] One can use by-line merging offered by the mergemaster, but in this case this should be rather error-prone task. -- Eygene Ryabinkin ,,,^..^,,, [ Life's unfair - but root password helps! | codelabs.ru ] [ 82FE 06BC D497 C0DE 49EC 4FF0 16AF 9EAE 8152 ECFB | freebsd.org ]
Item One: - pkg-descr shortened to a paragraph - shortened pkg-message I object to shorting these external visible elements. There size fits within the max size allowable as defined in "portlint -A" I see no place in the port documentation that limits these elements to shorter sizes. I am at a lose to understand why this is a sticking port for the committer. Item Two: When it comes to replacing /etc/jail with qjail2 the /usr/local/etc/rc.d does not function correctly. The /etc/jail script is executed every time a jail is started or closed. The current /etc/jail script has major problems with issuing started/stopped jail messages for large numbers of jails and the qjail2 script corrects this faulty function. As stated previously, the author of /etc/jail has been informed of this problem and my fixes were provided to him. I was told by the author just to replace /etc/jail with my corrected code until he releases the new code he is developing for a future base release of Freebsd. Item Three: qjail.conf You are incorrect about everything you wrote about qjail.conf. Far better you read deeper into the qjail script code to understand fully how just simply its handed. Or better yet just install qjail and see just where in the directory tree it lives. Item Four; symlinks /usr/local/bin/perl This is the same thing the perl port does and since the qjail environment is a clone of the host running system it gets the same handling as the host gets when perl is installed. Item Five: About the examples provided. The examples are mandatory. The NOPORTEXAMPLES switch in the port make file has to be removed. I never authorized its addition. Item Six: Why am I not receiving copies of submitted follow ups? I had to lookup the ports/148777 ticket before I knew there were additional postings.
Here is the updated Makefile.
This port is ready to be committed. Can someone please move this port into the ports system.
Responsible Changed From-To: rea->freebsd-ports-bugs Assigning back to the pool -- ENOTIME now, sorry.
Joseph Atkinson, This port needs a port committer who really has time and will take an interest in getting it committed. Someone who will email me directly with their questions and comments so an exchange of info will facilitate moving this long over due port into the port system. This port currently has no port committer sponsor. Are you willing?
Hi Joe, I understand your frustration at the port taking a while to be committed, but you simply can't expect things to be committed when advice is ignored. Why are you still using ${CP} when you should be using ${INSTALL_DATA}, and ${CP} -r when you should be using ${COPYTREE_SHARE}? Why is the DISTFILES line commented rather than removed? Why aren't you handling configuration files properly [1]? Why have you included the WRKDIR in the shar? Why have you _still_ not run portlint? Also, your mailer is messing up the shar. You're better off putting it up on a site somewhere, I'll be happy to host a correct shar for you if you email it to me as a tar. You will not get this committed until you've actually done it properly, it's as simple as that. Chris [1] http://www.freebsd.org/doc/en/books/porters-handbook/book.html#PLIST-CONFIG
Perhaps the shar at [1] will suffice, I believe it addresses all the concerns brought up so far. There isn't a problem with just installing rc scripts; it's done in tinderbox [2] (by a member of portmgr I may add). Joe, have a look. Is it OK? Chris [1] http://www.bayofrum.net/~crees/patches/qjail.shar [2] http://www.freebsd.org/cgi/cvsweb.cgi/ports/ports-mgmt/tinderbox/Makefile.diff?r1=1.46;r2=1.47;f=h
On 24 May 2011 17:48, <joeb@a1poweruser.com> wrote: > From: =A0 =A0 Chris Rees <utisoft@gmail.com> CMR> Hi Joe, CMR> CMR> I understand your frustration at the port taking a while to be CMR> committed, but you simply can't expect things to be committed when CMR> advice is ignored. CMR> CMR> Why are you still using ${CP} when you should be using CMR> ${INSTALL_DATA}, and ${CP} -r when you should be using CMR> ${COPYTREE_SHARE}? CMR> CMR> Why is the DISTFILES line commented rather than removed? CMR> CMR> Why aren't you handling configuration files properly [1]? CMR> CMR> Why have you included the WRKDIR in the shar? CMR> CMR> Why have you _still_ not run portlint? CMR> CMR> Also, your mailer is messing up the shar. You're better off putting it CMR> up on a site somewhere, I'll be happy to host a correct shar for you CMR> if you email it to me as a tar. > > > > > ################################################################ > > I dont know how you came to write the above. > If you read the last shar post to ports/148777 you will see that all thos= e > items have been corrected. Hands up, I'm sorry, you have corrected _two_ (not all) of the issues -- the WRKDIR in shar issue. You still haven't run portlint, aren't handling config files properly, nor have you used the correct method of installing a tree of files. I've fixed these issues for you, please approve [1]. Also, please fix your mailer to not use quoted-printable -- it upsets GNATS and means I have to cartwheel with sed and tr on your patches. Chris [1] http://www.bayofrum.net/~crees/patches/qjail.shar
>> > >I dont know how you came to write the above. > >If you read the last shar post to ports/148777 you will see that all those > >items have been corrected. > >Hands up, I'm sorry, you have corrected _two_ (not all) of the issues >-- the WRKDIR in shar issue. > >You still haven't run portlint, aren't handling config files properly, >nor have you used the correct method of installing a tree of files. > >I've fixed these issues for you, please approve [1]. > >Also, please fix your mailer to not use quoted-printable -- it upsets >GNATS and means I have to cartwheel with sed and tr on your patches. > >Chris > >[1] http://www.bayofrum.net/~crees/patches/qjail.shar > I have run "portlint -A" many times. So if you think I have not then please explain what you are talking about. I think what ever is happening with the attached "shar" file when it is posted to the GNATS reporting system is what is causing the portlint errors you may be seeing. On the subject of the conf file. I don't see what is wrong with the way I handle it. The config is installed as a conf.sample by design. The qjail man page says the user is only to remove the ".sample" suffix from the qjail.conf file if permanently changing the defaults. The qjail.conf file is NOT necessary for qjail to run. So I can not see what you think is wrong with the way I install the conf file. pkg-message has no need for this comment that was added by someone other that me. In order to avoid conflicts with the base /etc/rc.d/jail script it is advised to disable it; # chmod 0000 /etc/rc.d/jail Qjail is designed and tested to function outside of the native jail environment. A mix of native jails which use /etc/rc.d/jail for launching jails has no conflicts with qjail which uses /usr/local/etc/rc.d/qjail2 and qjail-jail2 for launching qjail jails so those comments are not needed and are misleading. Nor have you used the correct method of installing a tree of files. X# note examples are mandatory. qjail will not function without them X @${MKDIR} ${EXAMPLESDIR} X @(cd ${WRKSRC}/examples/ \ X && ${COPYTREE_SHARE} \* ${EXAMPLESDIR}) X I have tested using the your code above and get this make install error "find: */user/local/share/examples/qjail: No such file or directory". Now on the other hand, I get warning messages from "portlint -A" that says "If and only if your port is EXAMPLESDIR-SAFE (that is a user can override EXAMPLESDIR when building this port and the port will still work correctly) consider using the examplesdir macro. " Well since in this ports case it's NOT EXAMPLESDIR-SAFE, because the examples are mandatory, I should NOT use the examplesdir macro because someone may try overriding it creating a un-workable qjail environment. So the way I have it coded is the correct way. ${MKDIR} ${PREFIX}/share/examples/qjail ${CP} -rfp ${WRKSRC}/examples/ ${PREFIX}/share/examples/qjail/ If you have any other items that needs explaining so you will understand what is happening in the qjail make file just email me back with your questions. Joe
Responsible Changed From-To: freebsd-ports-bugs->crees I'll take it
On 6 June 2011 18:59, Chris Rees <utisoft@gmail.com> wrote: > On 6 June 2011 18:39, joeb1 <joeb1@a1poweruser.com> wrote: >> Chris >> Now that the PR is updated with the corrected shar file >> how do I get a committer to commit it? > Hey Joe, I've Tinderboxed [1] my changes, and I'm happy with this (pending approval from rene@) if the shar at [2] is OK for you. Chris [1] http://www.bayofrum.net/tb/index.php?action=describe_port&id=492 [2] http://www.bayofrum.net/~crees/patches/qjail_2.shar
-----Original Message----- From: utisoft@gmail.com [mailto:utisoft@gmail.com]On Behalf Of Chris Rees Sent: Saturday, June 11, 2011 9:39 AM To: joeb1@a1poweruser.com; bug-followup@freebsd.org; Rene Ladan Subject: Re: ports/148777: [New Port] sysutils/qjail: Utility to deploy large number of jails quickly On 6 June 2011 18:59, Chris Rees <utisoft@gmail.com> wrote: > On 6 June 2011 18:39, joeb1 <joeb1@a1poweruser.com> wrote: >> Chris >> Now that the PR is updated with the corrected shar file >> how do I get a committer to commit it? > Hey Joe, I've Tinderboxed [1] my changes, and I'm happy with this (pending approval from rene@) if the shar at [2] is OK for you. Chris [1] http://www.bayofrum.net/tb/index.php?action=describe_port&id=492 [2] http://www.bayofrum.net/~crees/patches/qjail_2.shar Chris At this point its been almost a year since I posted this port for addition to the ports collection. I no longer care what the Makefile statements look like, Lets just get it committed so people can have access to it. Joe
State Changed From-To: feedback->open Submitter has indicated that he will approve any changes
This is a multi-part message in MIME format.
crees 2011-06-11 21:22:20 UTC FreeBSD ports repository Modified files: sysutils Makefile Added files: sysutils/qjail Makefile distinfo pkg-descr pkg-message pkg-plist Log: Qjail [ q = quick ] is a 4th generation wrapper for the basic chroot jail system that includes security and performance enhancements. Plus a new level of "user friendliness" enhancements dealing with deploying just a few jails or large jail environments consisting of 100's of jails. Qjail requires no knowledge of the jail command usage. It uses "nullfs" for read-only system binaries, sharing one copy of them with all the jails. Uses "mdconfig" to create sparse image jails. Sparse image jails provide a method to limit the total disk space a jail can consume, while only occupying the physical disk space of the sum size of the files in the image jail. Ability to assign ip address with their network device name, so aliases are auto created on jail start and auto removed on jail stop. Ability to create "ZONE"s of identical qjail systems, each with their own group of jails. Ability to designate a portion of the jail name as a group prefix so the command being executed will apply to only those jail names matching that prefix. WWW: http://sourceforge.net/projects/qjail/ http://qjail.sourceforge.net/ PR: ports/148777 Submitted by: Joe Barbish <joeb@a1poweruser.com> Approved by: rene (mentor) Revision Changes Path 1.1298 +1 -0 ports/sysutils/Makefile 1.1 +43 -0 ports/sysutils/qjail/Makefile (new) 1.1 +2 -0 ports/sysutils/qjail/distinfo (new) 1.1 +23 -0 ports/sysutils/qjail/pkg-descr (new) 1.1 +5 -0 ports/sysutils/qjail/pkg-message (new) 1.1 +26 -0 ports/sysutils/qjail/pkg-plist (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed. Thanks!