Bug 250696

Summary: sysutils/qjail [Maintainer update] fix bugs & vnet, qjail-5.5
Product: Ports & Packages Reporter: Joe Barbish <qjail1>
Component: Individual Port(s)Assignee: Li-Wen Hsu <lwhsu>
Status: In Progress ---    
Severity: Affects Many People CC: adamw, lwhsu, qjail1
Priority: --- Keywords: buildisok
Version: LatestFlags: qjail1: merge-quarterly?
Hardware: Any   
OS: Any   
Bug Depends on:    
Bug Blocks: 239066, 246466    
Attachments:
Description Flags
port_make_diff
none
qjail-conflicts.diff qjail1: maintainer-approval+

Description Joe Barbish 2020-10-28 15:04:23 UTC
Created attachment 219170 [details]
port_make_diff

Special instructions;
Bugs number 246466 & 239066 can be closed as fixed by this update.

Leave qjail-5.4 in port system as it only works for the RELEASE 11 series.

This update qjail-5.5 is for RELEASE 12 and newer.

Please place the following change log into the Log of /head/sysutils/qjail

1.  Change default ftp site to ftp from ftp12.
2.  Remove config -w and -W [Set vnet.interface NIC]
3.  Add -f flag to unmount command when releasing memory disc.
4.  Change so this version of qjail only runs on 12.0 and newer
    because pf is vimage aware now.
5.  If local install [-f] jump around stable, current check logic.
6.  Change/add logic & code to implement bridge/epair method for vnet jails.
7.  Change qjail.8 about vimage no longer having to be compiled into kernel 12.0
8.  Change "config -v logic to setup vnet jail with pf, ipf, ipf firewall.
9.  Add start vnet code to qjail script to check for host/vnet jail
    firewall mis-match.
10. Add start vnet code to boottime script to check for host/vnet jail 
    firewall mis-match.
11. Update all the manuals to reflect the about changes.
12. Add check to "config" so no ipv4 change for vnet jails.
12. Block config ip address changes for vnet jail because of 
    class c ip allocations.
14. Change verify_ip subroutine to include check for private ip address and 
    127.x.x.x addresses and put on lo0 interface to make that jail local only.
14. Change verify_ip subroutine to include check for vnet class c 
    address range. 
15. Create non-vnet jail using 127.x.x.x ip4 address to make that jail
    local access only. When config -v to change jail to vnet jail it becomes
    local access only also.
16. Change "config" -4 & -6 to remove the ip address when the word "none" is
    used as in -4 none.
17. Change install to check for amd64 & i386 platform architecture and use
    path with amd62/amd64 and a single architecture path for all other 
    platforms.
18. On "qjail install -f /usr/base.txz" option fixed so it works. 
19. Diff options changed between 12.1 and 12.2, Removed the -u.
Comment 1 Automation User 2020-10-28 15:19:31 UTC
Build and package info is available at https://gitlab.com/swills/freebsd-ports/pipelines/208791433
Comment 2 Li-Wen Hsu freebsd_committer 2020-10-28 16:55:59 UTC
(In reply to Joe Barbish from comment #0)
> Leave qjail-5.4 in port system as it only works for the RELEASE 11 series.
> This update qjail-5.5 is for RELEASE 12 and newer.

I want to confirm this, do you mean that we need to copy current sysutils/qjail to sysutils/qjail54 because 11.x needs it?
Comment 3 Joe Barbish 2020-10-28 18:16:25 UTC
The current version qjail-5.4 needs to stay in the ports system. I don't care what you name it. It's supports the RELEASE 11+ range of OS. This new updated version qjail-5.5 supports the 12+ RELEASE and newer.
Comment 4 commit-hook freebsd_committer 2020-10-29 19:01:01 UTC
A commit references this bug:

Author: lwhsu
Date: Thu Oct 29 19:00:19 UTC 2020
New revision: 553633
URL: https://svnweb.freebsd.org/changeset/ports/553633

Log:
  Copy sysutils/qjail to sysutils/qjail54

  This is preparing for qjail 5.5 update, keep 5.4 for 11.x jails.

  PR:		250696
  Submitted by:	Joe Barbish <qjail1@a1poweruser.com> (maintainer)

Changes:
  head/sysutils/Makefile
  head/sysutils/qjail54/
  head/sysutils/qjail54/Makefile
Comment 5 commit-hook freebsd_committer 2020-10-29 19:04:02 UTC
A commit references this bug:

Author: lwhsu
Date: Thu Oct 29 19:03:53 UTC 2020
New revision: 553634
URL: https://svnweb.freebsd.org/changeset/ports/553634

Log:
  sysutils/qjail: Updaet to 5.5

  1.  Change default ftp site to ftp from ftp12.
  2.  Remove config -w and -W [Set vnet.interface NIC]
  3.  Add -f flag to unmount command when releasing memory disc.
  4.  Change so this version of qjail only runs on 12.0 and newer
      because pf is vimage aware now.
  5.  If local install [-f] jump around stable, current check logic.
  6.  Change/add logic & code to implement bridge/epair method for vnet jails.
  7.  Change qjail.8 about vimage no longer having to be compiled into kernel 12.0
  8.  Change "config -v logic to setup vnet jail with pf, ipf, ipf firewall.
  9.  Add start vnet code to qjail script to check for host/vnet jail
      firewall mis-match.
  10. Add start vnet code to boottime script to check for host/vnet jail
      firewall mis-match.
  11. Update all the manuals to reflect the about changes.
  12. Add check to "config" so no ipv4 change for vnet jails.
  12. Block config ip address changes for vnet jail because of
      class c ip allocations.
  14. Change verify_ip subroutine to include check for private ip address and
      127.x.x.x addresses and put on lo0 interface to make that jail local only.
  14. Change verify_ip subroutine to include check for vnet class c
      address range.
  15. Create non-vnet jail using 127.x.x.x ip4 address to make that jail
      local access only. When config -v to change jail to vnet jail it becomes
      local access only also.
  16. Change "config" -4 & -6 to remove the ip address when the word "none" is
      used as in -4 none.
  17. Change install to check for amd64 & i386 platform architecture and use
      path with amd62/amd64 and a single architecture path for all other
      platforms.
  18. On "qjail install -f /usr/base.txz" option fixed so it works.
  19. Diff options changed between 12.1 and 12.2, Removed the -u.

  PR:		250696
  Submitted by:	Joe Barbish <qjail1@a1poweruser.com> (maintainer)
  MFH:		2020Q4

Changes:
  head/sysutils/qjail/Makefile
  head/sysutils/qjail/distinfo
  head/sysutils/qjail/pkg-message
  head/sysutils/qjail/pkg-plist
Comment 6 Li-Wen Hsu freebsd_committer 2020-11-03 03:04:23 UTC
Created attachment 219317 [details]
qjail-conflicts.diff

Hi Joe,

It's suggested by Adam that setting CONFLICTS for the both ports and mark IGNORE_FreeBSD_11 for qjail, as we cannot have 12 jail on 11. Please check the attached patch. Thanks!
Comment 7 Joe Barbish 2020-11-06 15:20:47 UTC
I understand what you mean by the "conflicts" clause. But I an unclear what you what me to do about it. This is what I am thinking.

To the qjail54 release 11 and older you can place the (conflicts) clause into the MAKEFILE.

On the subject of qjail-5.5. I have a bug report dealing with someone who has ipfilter compiled into the kernel. I did not consider that as I used the kldstat command to determine if ipfw, pf, ipfilter is running on the host as it deals with running a firewall in side of a vnet jail. I have fixed this and will be submitting qjail-5.6 to deal with this fix. I will add the conflict clause to the MAKEFILE. 

As a side note the qjail script it self has code to determine which release its running on and stops if its NOT 12+. The conflict method stops the qjail package install happening even closer to the start of things.