Your diff is unusable, it is word-wrapped.
On 2020/04/09 23:38, Aisha Tammy wrote:
> a much larger diff for correcting upstream errors
> I have contacted the dev, but it might be a while and this will only
> come in the next release
>
> comments? ok?
>
> aisha
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/security/jailkit/Makefile,v
> retrieving revision 1.15
> diff -u -p -r1.15 Makefile
> --- Makefile 12 Jul 2019 20:49:03 -0000 1.15
> +++ Makefile 10 Apr 2020 03:35:29 -0000
> @@ -2,7 +2,7 @@
>
> COMMENT= utilities for jailing a user or process
>
> -DISTNAME= jailkit-2.19
> +DISTNAME= jailkit-2.21
> CATEGORIES= security sysutils
>
> HOMEPAGE= http://olivier.sessink.nl/jailkit/
> @@ -13,6 +13,9 @@ MASTER_SITES= http://olivier.sessink.nl
> PERMIT_PACKAGE= Yes
>
> MODULES= lang/python
> +
> +MODPY_VERSION= ${MODPY_DEFAULT_VERSION_3}
> +
> WANTLIB += c pthread
>
> NO_TEST= Yes
> @@ -34,9 +37,9 @@ pre-configure:
> ${SUBST_CMD} ${WRKSRC}/man/$${i}; done
>
> post-install:
> - # recreate the .pyc file, otherwise it would change
> - # after installation
> + # remove the .pyc file, as we are in python 3
> rm ${PREFIX}/share/jailkit/jk_lib.pyc
> + # now compile the new file so that it is added
> ${MODPY_BIN} ${MODPY_LIBDIR}/compileall.py \
> ${PREFIX}/share/jailkit
>
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/security/jailkit/distinfo,v
> retrieving revision 1.8
> diff -u -p -r1.8 distinfo
> --- distinfo 20 Dec 2015 15:43:46 -0000 1.8
> +++ distinfo 10 Apr 2020 03:35:29 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (jailkit-2.19.tar.gz) = /ZYS3Vf0o5q/zeZHxCBhbFyjf1mCuMB6j7XLNSSU/Ig=
> -SIZE (jailkit-2.19.tar.gz) = 142280
> +SHA256 (jailkit-2.21.tar.gz) = egIOB635OGDFOPDZgZauoz1GG6vbqLs+3fcIHleinBQ=
> +SIZE (jailkit-2.21.tar.gz) = 141341
> Index: patches/patch-ini_jk_init_ini
> ===================================================================
> RCS file: /cvs/ports/security/jailkit/patches/patch-ini_jk_init_ini,v
> retrieving revision 1.3
> diff -u -p -r1.3 patch-ini_jk_init_ini
> --- patches/patch-ini_jk_init_ini 26 Mar 2014 17:38:27 -0000 1.3
> +++ patches/patch-ini_jk_init_ini 10 Apr 2020 03:35:29 -0000
> @@ -1,32 +1,10 @@
> -$OpenBSD: patch-ini_jk_init_ini,v 1.3 2014/03/26 17:38:27 gonzalo Exp $
> +$OpenBSD: patch-ini_jk_init_ini,v 1.4 2020/04/08 18:43:53 aisha Exp $
>
> -fix some default paths in the jail creation configuration file
> +A lot of additions to fixing installation directories and fixing line
> numbers
>
> ---- ini/jk_init.ini.orig Mon Dec 23 06:02:42 2013
> -+++ ini/jk_init.ini Wed Dec 25 16:04:26 2013
> -@@ -2,18 +2,18 @@
> - # this section probably needs adjustment on 64bit systems
> - # or non-Linux systems
> - comment = common files for all jails that need user/group information
> --paths = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2,
> /lib64/libnss*.so.2, /lib/i386-linux-gnu/libnsl.so.1,
> /lib/i386-linux-gnu/libnss*.so.2, /lib/x86_64-linux-gnu/libnsl.so.1,
> /lib/x86_64-linux-gnu/libnss*.so.2, /etc/nsswitch.conf, /etc/ld.so.conf
> -+paths = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2,
> /lib64/libnss*.so.2, /lib/i386-linux-gnu/libnsl.so.1,
> /lib/i386-linux-gnu/libnss*.so.2, /lib/x86_64-linux-gnu/libnsl.so.1,
> /lib/x86_64-linux-gnu/libnss*.so.2, ${SYSCONFDIR}/nsswitch.conf,
> ${SYSCONFDIR}/ld.so.conf
> - # Solaris needs
> --# paths = /etc/default/nss, /lib/libnsl.so.1, /usr/lib/nss_*.so.1,
> /etc/nsswitch.conf
> -+# paths = ${SYSCONFDIR}/default/nss, /lib/libnsl.so.1,
> /usr/lib/nss_*.so.1, ${SYSCONFDIR}/nsswitch.conf
> -
> - [netbasics]
> - comment = common files for all jails that need any internet connectivity
> --paths = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2,
> /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols, /etc/services
> -+paths = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2,
> ${SYSCONFDIR}/resolv.conf, ${SYSCONFDIR}/host.conf, ${SYSCONFDIR}/hosts,
> ${SYSCONFDIR}/protocols, ${SYSCONFDIR}/services
> - # on Solaris devices /dev/udp and /dev/tcp might be needed too, not sure
> -
> - [logbasics]
> - comment = timezone information and log sockets
> --paths = /etc/localtime
> -+paths = ${SYSCONFDIR}/localtime
> - need_logsocket = 1
> - # Solaris does not need logsocket
> - # but needs
> +Index: ini/jk_init.ini
> +--- ini/jk_init.ini.orig
> ++++ ini/jk_init.ini
> @@ -21,7 +21,7 @@ need_logsocket = 1
>
> [jk_lsh]
> @@ -68,7 +46,7 @@ fix some default paths in the jail creat
>
> [netutils]
> comment = several internet utilities like wget, ftp, rsync, scp, ssh
> -@@ -110,7 +110,7 @@ includesections = extendedshell, netutils, apacheutils
> +@@ -110,17 +110,16 @@ includesections = extendedshell, netutils,
> apacheutils
>
> [openvpn]
> comment = jail for the openvpn daemon
> @@ -76,8 +54,10 @@ fix some default paths in the jail creat
> +paths = ${LOCALBASE}/sbin/openvpn
> users = root,nobody
> groups = root,nogroup
> - includesections = netbasics
> -@@ -120,7 +120,7 @@ need_logsocket = 1
> +-includesections = netbasics
> + devices = /dev/urandom, /dev/random, /dev/net/tun
> + includesections = netbasics, uidbasics
> + need_logsocket = 1
>
> [apache]
> comment = the apache webserver, very basic setup, probably too limited
> for you
> @@ -86,7 +66,7 @@ fix some default paths in the jail creat
> users = root, www-data
> groups = root, www-data
> includesections = netbasics, uidbasics
> -@@ -131,16 +131,16 @@ paths = perl, /usr/lib/perl, /usr/lib/perl5,
> /usr/shar
> +@@ -131,16 +130,16 @@ paths = perl, /usr/lib/perl, /usr/lib/perl5,
> /usr/shar
>
> [xauth]
> comment = getting X authentication to work
> @@ -106,7 +86,7 @@ fix some default paths in the jail creat
> includesections = xclients
>
> [ping]
> -@@ -149,5 +149,5 @@ paths_w_setuid = /bin/ping
> +@@ -149,5 +148,5 @@ paths_w_setuid = /bin/ping
>
> #[xterm]
> #comment = xterm
> Index: patches/patch-man_Makefile_in
> ===================================================================
> RCS file: /cvs/ports/security/jailkit/patches/patch-man_Makefile_in,v
> retrieving revision 1.1.1.1
> diff -u -p -r1.1.1.1 patch-man_Makefile_in
> --- patches/patch-man_Makefile_in 20 Sep 2010 07:15:30 -0000 1.1.1.1
> +++ patches/patch-man_Makefile_in 10 Apr 2020 03:35:29 -0000
> @@ -1,7 +1,11 @@
> -$OpenBSD: patch-man_Makefile_in,v 1.1.1.1 2010/09/20 07:15:30 sebastia
> Exp $
> ---- man/Makefile.in.orig Mon Oct 20 00:03:54 2008
> -+++ man/Makefile.in Mon Oct 20 00:05:31 2008
> -@@ -21,7 +21,7 @@ SRCS = \
> +$OpenBSD: patch-man_Makefile_in,v 1.1.1.1 2020/04/08 16:41:32 aisha Exp $
> +
> +Fixed line numbering for previous patch
> +
> +Index: man/Makefile.in
> +--- man/Makefile.in.orig
> ++++ man/Makefile.in
> +@@ -20,7 +20,7 @@ SRCS = \
>
> @HAVEPROCMAIL_TRUE@SRCS += jk_procmailwrapper.8
>
> Index: patches/patch-man_jailkit_8
> ===================================================================
> RCS file: /cvs/ports/security/jailkit/patches/patch-man_jailkit_8,v
> retrieving revision 1.2
> diff -u -p -r1.2 patch-man_jailkit_8
> --- patches/patch-man_jailkit_8 26 Mar 2014 17:38:27 -0000 1.2
> +++ patches/patch-man_jailkit_8 10 Apr 2020 03:35:29 -0000
> @@ -1,6 +1,10 @@
> -$OpenBSD: patch-man_jailkit_8,v 1.2 2014/03/26 17:38:27 gonzalo Exp $
> ---- man/jailkit.8.orig Sat Dec 21 18:05:22 2013
> -+++ man/jailkit.8 Wed Dec 25 16:01:05 2013
> +$OpenBSD: patch-man_jailkit_8,v 1.2 2020/04/08 16:38:22 aisha Exp $
> +
> +FIxed line numbering for previous patch
> +
> +Index: man/jailkit.8
> +--- man/jailkit.8.orig
> ++++ man/jailkit.8
> @@ -36,7 +36,7 @@ This section gives summary sketches of the various pro
>
> .BR jk_init
> @@ -53,7 +57,7 @@ $OpenBSD: patch-man_jailkit_8,v 1.2 2014
> .
>
> .BR jk_list
> -@@ -127,9 +127,9 @@ tail /var/log/daemon.log /var/log/auth.log
> +@@ -129,9 +129,9 @@ journalctl --since=-1h
> .SH FILES
>
> The jailkit configuration files are located in
> Index: patches/patch-py_jk_lib_py
> ===================================================================
> RCS file: /cvs/ports/security/jailkit/patches/patch-py_jk_lib_py,v
> retrieving revision 1.3
> diff -u -p -r1.3 patch-py_jk_lib_py
> --- patches/patch-py_jk_lib_py 24 Apr 2013 12:47:39 -0000 1.3
> +++ patches/patch-py_jk_lib_py 10 Apr 2020 03:35:29 -0000
> @@ -1,18 +1,73 @@
> -$OpenBSD: patch-py_jk_lib_py,v 1.3 2013/04/24 12:47:39 gonzalo Exp $
> +$OpenBSD: patch-py_jk_lib_py,v 1.4 2020/04/08 16:36:23 aisha Exp $
>
> -Fix running jk_init trying to create a jail the first time
> +More checks for directory creation, handling edge cases
> +A lot more streamlined major/minor handling
>
> ---- py/jk_lib.py.orig Thu Aug 2 14:55:28 2012
> -+++ py/jk_lib.py Tue Apr 23 06:35:23 2013
> -@@ -461,7 +461,10 @@ def create_parent_path(chroot,path,be_verbose=0, copy_
> +Index: py/jk_lib.py
> +--- py/jk_lib.py.orig
> ++++ py/jk_lib.py
> +@@ -404,7 +404,11 @@ def OLD_create_parent_path(chroot, path, be_verbose=0,
> + chrootname =
> resolve_realpath(chroot+directory[:indx],chroot)
> + if (be_verbose):
> + print('Creating directory '+chrootname)
> +- os.mkdir(chrootname, dir_mode)
> ++ try:
> ++ os.mkdir(chrootname, dir_mode)
> ++ except OSError as e:
> ++ _, stderror = e.args
> ++ sys.stderr.write('ERROR: failed to make
> directory
> "'+chrootname+'": ' + stderror + '\n')
> + if (copy_permissions):
> + try:
> +
> copy_time_and_permissions(directory[:indx], chrootname,
> be_verbose, allow_suid, copy_ownership)
> +@@ -482,7 +486,11 @@ def create_parent_path(chroot,path,be_verbose=0, copy_
> if (stat.S_ISDIR(sb.st_mode)):
> if (be_verbose):
> - print 'Create directory '+jailpath
> -- os.mkdir(jailpath, 0755)
> + print('Create directory '+jailpath)
> +- os.mkdir(jailpath, dir_mode)
> + try:
> -+ os.mkdir(jailpath, 0755)
> -+ except OSError, (errno,strerror):
> -+ sys.stderr.write('NOTE: Jail directory already
> existed:\n')
> ++ os.mkdir(jailpath, dir_mode)
> ++ except OSError as e:
> ++ _, stderror = e.args
> ++ sys.stderr.write('ERROR: failed to make
> directory "'+jailpath+'":
> ' + stderror + '\n')
> if (copy_permissions):
> try:
> copy_time_and_permissions(origpath,
> jailpath, be_verbose,
> allow_suid, copy_ownership)
> +@@ -515,7 +523,11 @@ def copy_dir_with_permissions_and_owner(srcdir,dstdir,
> + try:
> + if (be_verbose):
> + print('Creating directory'+dstdir)
> +- os.mkdir(dstdir)
> ++ try:
> ++ os.mkdir(dstdir, dir_mode)
> ++ except OSError as e:
> ++ _, stderror = e.args
> ++ sys.stderr.write('ERROR: failed to make directory
> "'+dstdir+'": ' +
> stderror + '\n')
> + copy_time_and_permissions(srcdir, dstdir, be_verbose,
> allow_suid=0,
> copy_ownership=1)
> + except (IOError, OSError) as e:
> + _, strerror = e.args
> +@@ -575,22 +587,10 @@ def copy_device(chroot, path, be_verbose=1,
> retain_own
> + if (os.path.exists(chrootpath)):
> + print('Device '+chrootpath+' does exist already')
> + return
> +- sb = os.stat(path)
> ++ sb = os.lstat(path)
> + try:
> +- if (sys.platform[:5] == 'linux'):
> +- major = sb.st_rdev / 256 #major = st_rdev divided by
> 256 (8bit
> reserved for the minor number)
> +- minor = sb.st_rdev % 256 #minor = remainder of st_rdev
> divided by 256
> +- elif (sys.platform == 'sunos5'):
> +- if (sys.maxint == 2147483647):
> +- major = sb.st_rdev / 262144 #major = st_rdev
> divided by 256 (18
> bits reserved for the minor number)
> +- minor = sb.st_rdev % 262144 #minor = remainder
> of st_rdev divided
> by 256
> +- else:
> +- #64 bit solaris has 32 bit minor/32bit major
> +- major = sb.st_rdev / 2147483647
> +- minor = sb.st_rdev % 2147483647
> +- else:
> +- major = sb.st_rdev / 256 #major = st_rdev divided by 256
> +- minor = sb.st_rdev % 256 #minor = remainder of st_rdev
> divided by 256
> ++ major=os.major(sb.st_rdev)
> ++ minor=os.minor(sb.st_rdev)
> + if (stat.S_ISCHR(sb.st_mode)):
> + mode = 'c'
> + elif (stat.S_ISBLK(sb.st_mode)):
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/security/jailkit/pkg/PLIST,v
> retrieving revision 1.1.1.1
> diff -u -p -r1.1.1.1 PLIST
> --- pkg/PLIST 20 Sep 2010 07:15:30 -0000 1.1.1.1
> +++ pkg/PLIST 10 Apr 2020 03:35:29 -0000
> @@ -3,7 +3,6 @@
> @bin bin/jk_uchroot
> @mode
> @man man/man8/jailkit.8
> -@man man/man8/jk_addjailuser.8
> @man man/man8/jk_check.8
> @man man/man8/jk_chrootlaunch.8
> @man man/man8/jk_chrootsh.8
> @@ -16,7 +15,6 @@
> @man man/man8/jk_socketd.8
> @man man/man8/jk_uchroot.8
> @man man/man8/jk_update.8
> -sbin/jk_addjailuser
> sbin/jk_check
> @bin sbin/jk_chrootlaunch
> @mode 4755
> @@ -50,4 +48,5 @@ share/examples/jailkit/jk_update.ini
> @sample /etc/jailkit/jk_update.ini
> share/jailkit/
> share/jailkit/jk_lib.py
> -share/jailkit/jk_lib.pyc
> +share/jailkit/__pycache__/
> +share/jailkit/__pycache__/jk_lib.cpython-37.pyc
>
