Created attachment 219170 [details] port_make_diff Special instructions; Bugs number 246466 & 239066 can be closed as fixed by this update. Leave qjail-5.4 in port system as it only works for the RELEASE 11 series. This update qjail-5.5 is for RELEASE 12 and newer. Please place the following change log into the Log of /head/sysutils/qjail 1. Change default ftp site to ftp from ftp12. 2. Remove config -w and -W [Set vnet.interface NIC] 3. Add -f flag to unmount command when releasing memory disc. 4. Change so this version of qjail only runs on 12.0 and newer because pf is vimage aware now. 5. If local install [-f] jump around stable, current check logic. 6. Change/add logic & code to implement bridge/epair method for vnet jails. 7. Change qjail.8 about vimage no longer having to be compiled into kernel 12.0 8. Change "config -v logic to setup vnet jail with pf, ipf, ipf firewall. 9. Add start vnet code to qjail script to check for host/vnet jail firewall mis-match. 10. Add start vnet code to boottime script to check for host/vnet jail firewall mis-match. 11. Update all the manuals to reflect the about changes. 12. Add check to "config" so no ipv4 change for vnet jails. 12. Block config ip address changes for vnet jail because of class c ip allocations. 14. Change verify_ip subroutine to include check for private ip address and 127.x.x.x addresses and put on lo0 interface to make that jail local only. 14. Change verify_ip subroutine to include check for vnet class c address range. 15. Create non-vnet jail using 127.x.x.x ip4 address to make that jail local access only. When config -v to change jail to vnet jail it becomes local access only also. 16. Change "config" -4 & -6 to remove the ip address when the word "none" is used as in -4 none. 17. Change install to check for amd64 & i386 platform architecture and use path with amd62/amd64 and a single architecture path for all other platforms. 18. On "qjail install -f /usr/base.txz" option fixed so it works. 19. Diff options changed between 12.1 and 12.2, Removed the -u.
Build and package info is available at https://gitlab.com/swills/freebsd-ports/pipelines/208791433
(In reply to Joe Barbish from comment #0) > Leave qjail-5.4 in port system as it only works for the RELEASE 11 series. > This update qjail-5.5 is for RELEASE 12 and newer. I want to confirm this, do you mean that we need to copy current sysutils/qjail to sysutils/qjail54 because 11.x needs it?
The current version qjail-5.4 needs to stay in the ports system. I don't care what you name it. It's supports the RELEASE 11+ range of OS. This new updated version qjail-5.5 supports the 12+ RELEASE and newer.
A commit references this bug: Author: lwhsu Date: Thu Oct 29 19:00:19 UTC 2020 New revision: 553633 URL: https://svnweb.freebsd.org/changeset/ports/553633 Log: Copy sysutils/qjail to sysutils/qjail54 This is preparing for qjail 5.5 update, keep 5.4 for 11.x jails. PR: 250696 Submitted by: Joe Barbish <qjail1@a1poweruser.com> (maintainer) Changes: head/sysutils/Makefile head/sysutils/qjail54/ head/sysutils/qjail54/Makefile
A commit references this bug: Author: lwhsu Date: Thu Oct 29 19:03:53 UTC 2020 New revision: 553634 URL: https://svnweb.freebsd.org/changeset/ports/553634 Log: sysutils/qjail: Updaet to 5.5 1. Change default ftp site to ftp from ftp12. 2. Remove config -w and -W [Set vnet.interface NIC] 3. Add -f flag to unmount command when releasing memory disc. 4. Change so this version of qjail only runs on 12.0 and newer because pf is vimage aware now. 5. If local install [-f] jump around stable, current check logic. 6. Change/add logic & code to implement bridge/epair method for vnet jails. 7. Change qjail.8 about vimage no longer having to be compiled into kernel 12.0 8. Change "config -v logic to setup vnet jail with pf, ipf, ipf firewall. 9. Add start vnet code to qjail script to check for host/vnet jail firewall mis-match. 10. Add start vnet code to boottime script to check for host/vnet jail firewall mis-match. 11. Update all the manuals to reflect the about changes. 12. Add check to "config" so no ipv4 change for vnet jails. 12. Block config ip address changes for vnet jail because of class c ip allocations. 14. Change verify_ip subroutine to include check for private ip address and 127.x.x.x addresses and put on lo0 interface to make that jail local only. 14. Change verify_ip subroutine to include check for vnet class c address range. 15. Create non-vnet jail using 127.x.x.x ip4 address to make that jail local access only. When config -v to change jail to vnet jail it becomes local access only also. 16. Change "config" -4 & -6 to remove the ip address when the word "none" is used as in -4 none. 17. Change install to check for amd64 & i386 platform architecture and use path with amd62/amd64 and a single architecture path for all other platforms. 18. On "qjail install -f /usr/base.txz" option fixed so it works. 19. Diff options changed between 12.1 and 12.2, Removed the -u. PR: 250696 Submitted by: Joe Barbish <qjail1@a1poweruser.com> (maintainer) MFH: 2020Q4 Changes: head/sysutils/qjail/Makefile head/sysutils/qjail/distinfo head/sysutils/qjail/pkg-message head/sysutils/qjail/pkg-plist
Created attachment 219317 [details] qjail-conflicts.diff Hi Joe, It's suggested by Adam that setting CONFLICTS for the both ports and mark IGNORE_FreeBSD_11 for qjail, as we cannot have 12 jail on 11. Please check the attached patch. Thanks!
I understand what you mean by the "conflicts" clause. But I an unclear what you what me to do about it. This is what I am thinking. To the qjail54 release 11 and older you can place the (conflicts) clause into the MAKEFILE. On the subject of qjail-5.5. I have a bug report dealing with someone who has ipfilter compiled into the kernel. I did not consider that as I used the kldstat command to determine if ipfw, pf, ipfilter is running on the host as it deals with running a firewall in side of a vnet jail. I have fixed this and will be submitting qjail-5.6 to deal with this fix. I will add the conflict clause to the MAKEFILE. As a side note the qjail script it self has code to determine which release its running on and stops if its NOT 12+. The conflict method stops the qjail package install happening even closer to the start of things.
Ping, should the second patch be committed?
Friendly reminder.