Created attachment 240238 [details]
appjail-2.2.0.patch

Description:

* Update to 2.2.0

ChangeLog: https://github.com/DtxdF/AppJail/releases/tag/v2.2.0

* Makejail: RUN & USER:
  - Some complex applications cannot run very well unless the environment is
adapted to a full login, so instead of using su -m, su -l is used.
Environment variables are used in the su(1) subprocess to pass them to
sh(1). This new change has been tested against x11-wm/nscde and
www/badwolf with success. Applications using the nobody user may not
work since su(1) requires certain information that the nobody user
does not provide.
* README:
  - Adapt the examples to not use user nobody.
* appjail version:
  - Bump version to 2.2.0.

QA:

* portlint:
  - WARN: /usr/ports-devel/sysutils/appjail/pkg-plist: [121]: If and only if your port is EXAMPLESDIR-safe (that is, a user can override EXAMPLESDIR when building this port and the port will still work correctly) consider using EXAMPLESDIR macro; if you are unsure if this port is EXAMPLESDIR-safe, then ignore this warning
  - WARN: /usr/ports-devel/sysutils/appjail/pkg-plist: [122]: If and only if your port is EXAMPLESDIR-safe (that is, a user can override EXAMPLESDIR when building this port and the port will still work correctly) consider using EXAMPLESDIR macro; if you are unsure if this port is EXAMPLESDIR-safe, then ignore this warning
  - WARN: /usr/ports-devel/sysutils/appjail/pkg-plist: [123]: If and only if your port is EXAMPLESDIR-safe (that is, a user can override EXAMPLESDIR when building this port and the port will still work correctly) consider using EXAMPLESDIR macro; if you are unsure if this port is EXAMPLESDIR-safe, then ignore this warning
  - WARN: /usr/ports-devel/sysutils/appjail/pkg-plist: [124]: If and only if your port is EXAMPLESDIR-safe (that is, a user can override EXAMPLESDIR when building this port and the port will still work correctly) consider using EXAMPLESDIR macro; if you are unsure if this port is EXAMPLESDIR-safe, then ignore this warning
* testport: OK (poudriere: 13.1-RELEASE, amd64, GIT tested)

Created attachment 240370 [details]
appjail-2.2.0.patch

Description:

* Change PORTNAME=AppJail to PORTNAME=appjail
* Add GH_PROJECT=AppJail
* Regenerate pkg-plist

QA:

* portlint: OK (looks fine.)
* testport: OK (poudriere: 13.1-RELEASE, amd64, GIT tested)

Thanks to the effort in PR 269584, debootstrap(8) is currently working and has been tested using AppJail.

Created attachment 240582 [details]
appjail-2.3.0.patch

Description:

* Update to 2.3.0

ChangeLog: https://github.com/DtxdF/AppJail/releases/tag/v2.3.0

* MAKEJAIL: Add user-defined stage feature:
  - The user-defined stage is a very useful feature. It simplifies the design of a Makejail that includes many Makejails, so the stage used in one does not overlap the other unless they are the same.
* Add network fix [all|addr|dup] commands:
  - Commands to simplify the resolution of some problems such as duplicate IP addresses or IP addresses in invalid ranges.
* appjail jail:
  - Fix clone+release to pass its arguments correctly: When the function responsible for creating the jail from a cloned release is called, the arguments provided by the -I parameter are not passed, but the snapshot name is incorrectly using the first argument (-a), so the snapshot is called -a and the user argument is ignored.
  - Fix clone+release when using with a linux+debootstrap jail: When using the clone+release installation method no post-installation is executed, so a jail is created with nothing.
* appjail quick:
  - Add new installation methods to create new instances of a jail: To take advantage of appjail quick, the following installation methods have been implemented: clone+jail, clone+release, tiny+import, copy, import+jail, import+root, zfs+import+jail and zfs+import+root. This is very useful for creating instances of a jail but with different options.
  - Force the reservation of an IP address when using virtualnets: This is important for installation methods that have duplicate or incorrect information, such as a copy, a clone or import, so that the IP address problem has no effect.
* appjail makejail:
  - Add -o parameter: To pass options to appjail quick from the command-line when using appjail makejail so that there is not need to create a separate Makejail file to simply pass some options.
  - Add missing command to force the execution of OPTION.
* rc scripts:
  - Remove unnecessary title line.
* README:
  - Add command to create private bridge: Since dnsmasq requires an IP address, the private bridge must be created first.
  - Fix typos.
  - Add suggestion to put the kernel modules in loader.conf(5).
* appjail version:
  - Bump version to 2.3.0

QA:

* portlint: OK (looks fine.)
* testport: OK (poudriere: 13.1-RELEASE, amd64, DEBOOTSTRAP GIT tested)

Comment 5 Felix Palmen 2023-03-09 11:32:11 UTC

Looks interesting!

Please shorten the pkg install message a bit, according to this guideline:
https://docs.freebsd.org/en/books/porters-handbook/book/#porting-message

I would assume most of the info should be in the README you mention, but this isn't installed ... shouldn't it be installed with DOCS=ON?

Also, the port currently creates an empty directory /usr/local/appjail. Isn't this pointless? Possibly a bug in the upstream install, as it's created that way in the stagedir?

Finally a question: Can the software be used in a sane way without git? If so, I'd suggest not to make this option a default. If I understand it correctly, the user can always just install both git and debootstrap himself and appjail can make use of it?

Created attachment 240700 [details]
appjail-2.3.1.patch

Description:

* Update to 2.3.1
* Add DOCS/PORTDOCS
* Make GIT option not to a default option
* Make short pkg-message

ChangeLog: https://github.com/DtxdF/AppJail/releases/tag/v2.3.1

* MAKEFILE: Remove unnecessary creation of the data directory.
* appjail version: Bump version to 2.3.1

QA:

* portlint: OK (looks fine.)
* testport: OK (poudriere: 13.1-RELEASE, amd64, DEBOOTSTRAP DOCS GIT tested)

(In reply to Felix Palmen from comment #5)

> Looks interesting!

Thank you!

> Also, the port currently creates an empty directory /usr/local/appjail. Isn't this pointless? Possibly a bug in the upstream install, as it's created that way in the stagedir?

Yes, it does not make sense. It was required by previous versions, but is currently invalid since AppJail commands will create it anyway.

> Finally a question: Can the software be used in a sane way without git? If so, I'd suggest not to make this option a default. If I understand it correctly, the user can always just install both git and debootstrap himself and appjail can make use of it?

Yes, devel/git is not necessary unless the user wants to include a Makejail that is in a git repository, for example:

```
INCLUDE gh+AppJail-makejails/python
```

But AppJail only complains when devel/git is not installed. Also, git is only used in the Makejail files, and Makejail is just a feature of AppJail, it is not the only way to use it.

Comment 8 Felix Palmen 2023-03-09 15:24:08 UTC

(In reply to Jesús Daniel Colmenares Oviedo from comment #7)

Thanks, looking good!

Just one thing, now the pkg install message doesn't really say anything. In that case, it should be removed completely. Or otherwise if you think something is indeed "vital to setup and operation" in the sense of the handbook, just add that bit of information. Up to you to decide, you know the software better than me. The whole point is to keep it relatively short and only mention what's absolutely necessary, mostly because there are potentially lots of these messages displayed after an install :)

Comment 9 Felix Palmen 2023-03-09 15:50:14 UTC

Oh, I just noticed a severe issue:

You're installing pre-built binaries below %%DATADIR%%/util – this can't work for a port. You definitely need to add a build step for that.

Also note that %%DATADIR%% is not the correct location to install (helper) binaries. The best match for them would probably be libexec/${PORTNAME}.

Created attachment 240707 [details]
appjail-2.4.0.patch

Description:

* Update to 2.4.0
* Remove pkg-message
* Update pkg-plist to match the new release

ChangeLog: https://github.com/DtxdF/AppJail/releases/tag/v2.4.0

* Remove precompiled binaries: Utilities must be compiled on the user's machine and not distributed as precompiled binaries.
* Change share/appjail/util to libexec/appjail: To respect hier(7), the utilities directory has been changed to
libexec/appjail.
* Add .gitignore to ignore binaries.
* appjail network: Fix fixed path to the network utility.
* MAKEFILE: Add clean and utils-clean targets.
* UTILITIES: Change printf(3) to errx(3).
* appjail version: Bump version to 2.4.0.

QA:

* portlint: OK (looks fine.)
* testport: OK (poudriere: 13.1-RELEASE, amd64, DEBOOTSTRAP DOCS GIT tested)

(In reply to Felix Palmen from comment #8)

Yes, you are right, pkg-message doesn't say anything useful in this case. I think the README is enough.

(In reply to Felix Palmen from comment #9)

Thanks for reporting this, I have fixed it.

Comment 12 Felix Palmen 2023-03-09 17:57:06 UTC

(In reply to Jesús Daniel Colmenares Oviedo from comment #11)
Didn't test it yet, but I still wonder how this works with NO_BUILD=yes still present?

Also, I think the subdirs below libexec/appjail aren't really needed, but that's a stylistic nitpick.

Thanks for your fast reaction though, I will have a closer look later!

(In reply to Felix Palmen from comment #12)

> Didn't test it yet, but I still wonder how this works with NO_BUILD=yes still present?

This works because the `install` target depends on the `utils-strip` [1] target giving the responsibility to the rest of the Makejails in libexec.

[1] https://github.com/DtxdF/AppJail/blob/v2.4.0/Makefile#L46

> Also, I think the subdirs below libexec/appjail aren't really needed, but that's a stylistic nitpick.

At the moment, they are not really necessary, but in the future, new utilities may be in the same directory. It is just for consistency.

> Thanks for your fast reaction though, I will have a closer look later!

Thanks!

Comment 14 Felix Palmen 2023-03-09 18:39:18 UTC

(In reply to Jesús Daniel Colmenares Oviedo from comment #13)
> This works because the `install` target depends on the `utils-strip` [1]
> target giving the responsibility to the rest of the Makejails in libexec.
I see. It's common practice install targets actually depend on the respective build targets.

But in a port, build and install (stage) phases should be clearly separated.

I guess it wouldn't be much of a problem to do that here, just setting ALL_TARGET to "utils-strip" should be enough at a first glance (and, of course, remove NO_BUILD).

Created attachment 240709 [details]
appjail-2.4.0.patch

Description:

* Remove NO_BUILD=yes
* Add ALL_TARGET=utils-strip

QA:

* portlint: OK (looks fine.)
* testport: OK (poudriere: 13.1-RELEASE, amd64, DEBOOTSTRAP DOCS GIT tested)

Comment 16 Felix Palmen 2023-03-09 21:04:28 UTC

(In reply to Jesús Daniel Colmenares Oviedo from comment #15)

Thanks again, you're really fast ;-)
I'll do a few testbuilds tomorrow just to be sure.

(In reply to Felix Palmen from comment #16)

Thanks for taking a moment to review my port!

Comment 18 commit-hook 2023-03-11 10:56:41 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=36dcf70ddc9dced5f83c4b5b31ab80a81d52f164

commit 36dcf70ddc9dced5f83c4b5b31ab80a81d52f164
Author:     Jesús Daniel Colmenares Oviedo <DtxdF@disroot.org>
AuthorDate: 2023-03-09 19:46:28 +0000
Commit:     Felix Palmen <zirias@FreeBSD.org>
CommitDate: 2023-03-11 10:54:50 +0000

    sysutils/appjail: Add new port

    AppJail is an open source framework entirely written in sh(1) and
    C to create isolated, portable and easy to deploy environments using
    FreeBSD jails that behave like an application.

    PR:                     269631
    Approved by:            tcberner (mentor)
    Differential Revision:  https://reviews.freebsd.org/D39008

 sysutils/Makefile                |   1 +
 sysutils/appjail/Makefile (new)  |  29 ++++++++++
 sysutils/appjail/distinfo (new)  |   3 +
 sysutils/appjail/pkg-descr (new) |   3 +
 sysutils/appjail/pkg-plist (new) | 119 +++++++++++++++++++++++++++++++++++++++
 5 files changed, 155 insertions(+)

Comment 19 Felix Palmen 2023-03-11 10:58:04 UTC

Committed, thanks!

Side note, removed WWW as it's implicit now via USE_GITHUB (which was news to me as well...)