Hi Stuart, Dope comments, thanks a lot! The plist was the sickest, it even did the __pycache__ :O I totally did not expect so much complexity from just plist, I did read it but like thought it was just going to do what I did, like, just add and subtract 1 or 2 lines. Next time I'm just gonna keep running all possible commands.
I am in totally love with make clean patch/build/fake, repeat. Its a hugely productive pipeline, makes life so much simpler. I wish gentoo was as simple, but emerge is also super dope. I really like how their stuff is so similar to ports :D :D I should stop rambling, I have a habit of just going on and on and on. I have handled all of the comments, hopefully not adding any more mistakes. Lemme know if I need to make more changes, this process of porting is super fun. jailkit is dank, I'm doing all my cancerous nodejs and django self hosting in chroots now. I'm also writing up common inits on github, maybe I can also add that to the pkg-readme if I get time. Maybe someday we can have actualy jails, but till then i can get my daily fix from this :D Cheers, Aisha Index: Makefile =================================================================== RCS file: /cvs/ports/security/jailkit/Makefile,v retrieving revision 1.15 diff -u -p -r1.15 Makefile --- Makefile 12 Jul 2019 20:49:03 -0000 1.15 +++ Makefile 10 Apr 2020 13:10:05 -0000 @@ -2,18 +2,21 @@ COMMENT= utilities for jailing a user or process -DISTNAME= jailkit-2.19 +DISTNAME= jailkit-2.21 CATEGORIES= security sysutils -HOMEPAGE= http://olivier.sessink.nl/jailkit/ +HOMEPAGE= https://olivier.sessink.nl/jailkit/ -MASTER_SITES= http://olivier.sessink.nl/jailkit/ +MASTER_SITES= https://olivier.sessink.nl/jailkit/ # BSD - LGPLv2 -PERMIT_PACKAGE= Yes +PERMIT_PACKAGE= Yes MODULES= lang/python -WANTLIB += c pthread + +MODPY_VERSION= ${MODPY_DEFAULT_VERSION_3} + +WANTLIB+= c pthread NO_TEST= Yes @@ -34,9 +37,8 @@ pre-configure: ${SUBST_CMD} ${WRKSRC}/man/$${i}; done post-install: - # recreate the .pyc file, otherwise it would change - # after installation - rm ${PREFIX}/share/jailkit/jk_lib.pyc + # compile the jailkit python files so that they + # are removed correctly when uninstalling ${MODPY_BIN} ${MODPY_LIBDIR}/compileall.py \ ${PREFIX}/share/jailkit Index: distinfo =================================================================== RCS file: /cvs/ports/security/jailkit/distinfo,v retrieving revision 1.8 diff -u -p -r1.8 distinfo --- distinfo 20 Dec 2015 15:43:46 -0000 1.8 +++ distinfo 10 Apr 2020 13:10:05 -0000 @@ -1,2 +1,2 @@ -SHA256 (jailkit-2.19.tar.gz) = /ZYS3Vf0o5q/zeZHxCBhbFyjf1mCuMB6j7XLNSSU/Ig= -SIZE (jailkit-2.19.tar.gz) = 142280 +SHA256 (jailkit-2.21.tar.gz) = egIOB635OGDFOPDZgZauoz1GG6vbqLs+3fcIHleinBQ= +SIZE (jailkit-2.21.tar.gz) = 141341 Index: patches/patch-ini_jk_init_ini =================================================================== RCS file: /cvs/ports/security/jailkit/patches/patch-ini_jk_init_ini,v retrieving revision 1.3 diff -u -p -r1.3 patch-ini_jk_init_ini --- patches/patch-ini_jk_init_ini 26 Mar 2014 17:38:27 -0000 1.3 +++ patches/patch-ini_jk_init_ini 10 Apr 2020 13:10:05 -0000 @@ -1,32 +1,10 @@ -$OpenBSD: patch-ini_jk_init_ini,v 1.3 2014/03/26 17:38:27 gonzalo Exp $ +$OpenBSD: patch-ini_jk_init_ini,v 1.4 2020/04/08 18:43:53 aisha Exp $ -fix some default paths in the jail creation configuration file +fix installation directories and default paths in the jail creation configuration file ---- ini/jk_init.ini.orig Mon Dec 23 06:02:42 2013 -+++ ini/jk_init.ini Wed Dec 25 16:04:26 2013 -@@ -2,18 +2,18 @@ - # this section probably needs adjustment on 64bit systems - # or non-Linux systems - comment = common files for all jails that need user/group information --paths = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, /lib64/libnss*.so.2, /lib/i386-linux-gnu/libnsl.so.1, /lib/i386-linux-gnu/libnss*.so.2, /lib/x86_64-linux-gnu/libnsl.so.1, /lib/x86_64-linux-gnu/libnss*.so.2, /etc/nsswitch.conf, /etc/ld.so.conf -+paths = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, /lib64/libnss*.so.2, /lib/i386-linux-gnu/libnsl.so.1, /lib/i386-linux-gnu/libnss*.so.2, /lib/x86_64-linux-gnu/libnsl.so.1, /lib/x86_64-linux-gnu/libnss*.so.2, ${SYSCONFDIR}/nsswitch.conf, ${SYSCONFDIR}/ld.so.conf - # Solaris needs --# paths = /etc/default/nss, /lib/libnsl.so.1, /usr/lib/nss_*.so.1, /etc/nsswitch.conf -+# paths = ${SYSCONFDIR}/default/nss, /lib/libnsl.so.1, /usr/lib/nss_*.so.1, ${SYSCONFDIR}/nsswitch.conf - - [netbasics] - comment = common files for all jails that need any internet connectivity --paths = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2, /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols, /etc/services -+paths = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2, ${SYSCONFDIR}/resolv.conf, ${SYSCONFDIR}/host.conf, ${SYSCONFDIR}/hosts, ${SYSCONFDIR}/protocols, ${SYSCONFDIR}/services - # on Solaris devices /dev/udp and /dev/tcp might be needed too, not sure - - [logbasics] - comment = timezone information and log sockets --paths = /etc/localtime -+paths = ${SYSCONFDIR}/localtime - need_logsocket = 1 - # Solaris does not need logsocket - # but needs +Index: ini/jk_init.ini +--- ini/jk_init.ini.orig ++++ ini/jk_init.ini @@ -21,7 +21,7 @@ need_logsocket = 1 [jk_lsh] @@ -68,7 +46,7 @@ fix some default paths in the jail creat [netutils] comment = several internet utilities like wget, ftp, rsync, scp, ssh -@@ -110,7 +110,7 @@ includesections = extendedshell, netutils, apacheutils +@@ -110,17 +110,16 @@ includesections = extendedshell, netutils, apacheutils [openvpn] comment = jail for the openvpn daemon @@ -76,8 +54,10 @@ fix some default paths in the jail creat +paths = ${LOCALBASE}/sbin/openvpn users = root,nobody groups = root,nogroup - includesections = netbasics -@@ -120,7 +120,7 @@ need_logsocket = 1 +-includesections = netbasics + devices = /dev/urandom, /dev/random, /dev/net/tun + includesections = netbasics, uidbasics + need_logsocket = 1 [apache] comment = the apache webserver, very basic setup, probably too limited for you @@ -86,7 +66,7 @@ fix some default paths in the jail creat users = root, www-data groups = root, www-data includesections = netbasics, uidbasics -@@ -131,16 +131,16 @@ paths = perl, /usr/lib/perl, /usr/lib/perl5, /usr/shar +@@ -131,16 +130,16 @@ paths = perl, /usr/lib/perl, /usr/lib/perl5, /usr/shar [xauth] comment = getting X authentication to work @@ -106,7 +86,7 @@ fix some default paths in the jail creat includesections = xclients [ping] -@@ -149,5 +149,5 @@ paths_w_setuid = /bin/ping +@@ -149,5 +148,5 @@ paths_w_setuid = /bin/ping #[xterm] #comment = xterm Index: patches/patch-man_Makefile_in =================================================================== RCS file: /cvs/ports/security/jailkit/patches/patch-man_Makefile_in,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 patch-man_Makefile_in --- patches/patch-man_Makefile_in 20 Sep 2010 07:15:30 -0000 1.1.1.1 +++ patches/patch-man_Makefile_in 10 Apr 2020 13:10:05 -0000 @@ -1,7 +1,11 @@ -$OpenBSD: patch-man_Makefile_in,v 1.1.1.1 2010/09/20 07:15:30 sebastia Exp $ ---- man/Makefile.in.orig Mon Oct 20 00:03:54 2008 -+++ man/Makefile.in Mon Oct 20 00:05:31 2008 -@@ -21,7 +21,7 @@ SRCS = \ +$OpenBSD: patch-man_Makefile_in,v 1.1.1.2 2020/04/08 16:41:32 aisha Exp $ + +fix adding man pages without gzip + +Index: man/Makefile.in +--- man/Makefile.in.orig ++++ man/Makefile.in +@@ -20,7 +20,7 @@ SRCS = \ @HAVEPROCMAIL_TRUE@SRCS += jk_procmailwrapper.8 Index: patches/patch-man_jailkit_8 =================================================================== RCS file: /cvs/ports/security/jailkit/patches/patch-man_jailkit_8,v retrieving revision 1.2 diff -u -p -r1.2 patch-man_jailkit_8 --- patches/patch-man_jailkit_8 26 Mar 2014 17:38:27 -0000 1.2 +++ patches/patch-man_jailkit_8 10 Apr 2020 13:10:05 -0000 @@ -1,6 +1,10 @@ -$OpenBSD: patch-man_jailkit_8,v 1.2 2014/03/26 17:38:27 gonzalo Exp $ ---- man/jailkit.8.orig Sat Dec 21 18:05:22 2013 -+++ man/jailkit.8 Wed Dec 25 16:01:05 2013 +$OpenBSD: patch-man_jailkit_8,v 1.3 2020/04/08 16:38:22 aisha Exp $ + +give proper locations to ini files in the man pages + +Index: man/jailkit.8 +--- man/jailkit.8.orig ++++ man/jailkit.8 @@ -36,7 +36,7 @@ This section gives summary sketches of the various pro .BR jk_init @@ -53,7 +57,7 @@ $OpenBSD: patch-man_jailkit_8,v 1.2 2014 . .BR jk_list -@@ -127,9 +127,9 @@ tail /var/log/daemon.log /var/log/auth.log +@@ -129,9 +129,9 @@ journalctl --since=-1h .SH FILES The jailkit configuration files are located in Index: patches/patch-py_jk_lib_py =================================================================== RCS file: /cvs/ports/security/jailkit/patches/patch-py_jk_lib_py,v retrieving revision 1.3 diff -u -p -r1.3 patch-py_jk_lib_py --- patches/patch-py_jk_lib_py 24 Apr 2013 12:47:39 -0000 1.3 +++ patches/patch-py_jk_lib_py 10 Apr 2020 13:10:05 -0000 @@ -1,18 +1,73 @@ -$OpenBSD: patch-py_jk_lib_py,v 1.3 2013/04/24 12:47:39 gonzalo Exp $ +$OpenBSD: patch-py_jk_lib_py,v 1.4 2020/04/08 16:36:23 aisha Exp $ -Fix running jk_init trying to create a jail the first time +checks for directory creation, handling edge cases, in initial jail creation +streamlined major/minor handling for creating /dev/ nodes ---- py/jk_lib.py.orig Thu Aug 2 14:55:28 2012 -+++ py/jk_lib.py Tue Apr 23 06:35:23 2013 -@@ -461,7 +461,10 @@ def create_parent_path(chroot,path,be_verbose=0, copy_ +Index: py/jk_lib.py +--- py/jk_lib.py.orig ++++ py/jk_lib.py +@@ -404,7 +404,11 @@ def OLD_create_parent_path(chroot, path, be_verbose=0, + chrootname = resolve_realpath(chroot+directory[:indx],chroot) + if (be_verbose): + print('Creating directory '+chrootname) +- os.mkdir(chrootname, dir_mode) ++ try: ++ os.mkdir(chrootname, dir_mode) ++ except OSError as e: ++ _, stderror = e.args ++ sys.stderr.write('ERROR: failed to make directory "'+chrootname+'": ' + stderror + '\n') + if (copy_permissions): + try: + copy_time_and_permissions(directory[:indx], chrootname, be_verbose, allow_suid, copy_ownership) +@@ -482,7 +486,11 @@ def create_parent_path(chroot,path,be_verbose=0, copy_ if (stat.S_ISDIR(sb.st_mode)): if (be_verbose): - print 'Create directory '+jailpath -- os.mkdir(jailpath, 0755) + print('Create directory '+jailpath) +- os.mkdir(jailpath, dir_mode) + try: -+ os.mkdir(jailpath, 0755) -+ except OSError, (errno,strerror): -+ sys.stderr.write('NOTE: Jail directory already existed:\n') ++ os.mkdir(jailpath, dir_mode) ++ except OSError as e: ++ _, stderror = e.args ++ sys.stderr.write('ERROR: failed to make directory "'+jailpath+'": ' + stderror + '\n') if (copy_permissions): try: copy_time_and_permissions(origpath, jailpath, be_verbose, allow_suid, copy_ownership) +@@ -515,7 +523,11 @@ def copy_dir_with_permissions_and_owner(srcdir,dstdir, + try: + if (be_verbose): + print('Creating directory'+dstdir) +- os.mkdir(dstdir) ++ try: ++ os.mkdir(dstdir, dir_mode) ++ except OSError as e: ++ _, stderror = e.args ++ sys.stderr.write('ERROR: failed to make directory "'+dstdir+'": ' + stderror + '\n') + copy_time_and_permissions(srcdir, dstdir, be_verbose, allow_suid=0, copy_ownership=1) + except (IOError, OSError) as e: + _, strerror = e.args +@@ -575,22 +587,10 @@ def copy_device(chroot, path, be_verbose=1, retain_own + if (os.path.exists(chrootpath)): + print('Device '+chrootpath+' does exist already') + return +- sb = os.stat(path) ++ sb = os.lstat(path) + try: +- if (sys.platform[:5] == 'linux'): +- major = sb.st_rdev / 256 #major = st_rdev divided by 256 (8bit reserved for the minor number) +- minor = sb.st_rdev % 256 #minor = remainder of st_rdev divided by 256 +- elif (sys.platform == 'sunos5'): +- if (sys.maxint == 2147483647): +- major = sb.st_rdev / 262144 #major = st_rdev divided by 256 (18 bits reserved for the minor number) +- minor = sb.st_rdev % 262144 #minor = remainder of st_rdev divided by 256 +- else: +- #64 bit solaris has 32 bit minor/32bit major +- major = sb.st_rdev / 2147483647 +- minor = sb.st_rdev % 2147483647 +- else: +- major = sb.st_rdev / 256 #major = st_rdev divided by 256 +- minor = sb.st_rdev % 256 #minor = remainder of st_rdev divided by 256 ++ major=os.major(sb.st_rdev) ++ minor=os.minor(sb.st_rdev) + if (stat.S_ISCHR(sb.st_mode)): + mode = 'c' + elif (stat.S_ISBLK(sb.st_mode)): Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/security/jailkit/pkg/PLIST,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 PLIST --- pkg/PLIST 20 Sep 2010 07:15:30 -0000 1.1.1.1 +++ pkg/PLIST 10 Apr 2020 13:10:05 -0000 @@ -3,7 +3,6 @@ @bin bin/jk_uchroot @mode @man man/man8/jailkit.8 -@man man/man8/jk_addjailuser.8 @man man/man8/jk_check.8 @man man/man8/jk_chrootlaunch.8 @man man/man8/jk_chrootsh.8 @@ -16,7 +15,6 @@ @man man/man8/jk_socketd.8 @man man/man8/jk_uchroot.8 @man man/man8/jk_update.8 -sbin/jk_addjailuser sbin/jk_check @bin sbin/jk_chrootlaunch @mode 4755 @@ -32,22 +30,23 @@ sbin/jk_list @mode @bin sbin/jk_socketd sbin/jk_update -@sample /etc/jailkit/ +@sample ${SYSCONFDIR}/jailkit/ share/examples/jailkit/ share/examples/jailkit/jk_check.ini -@sample /etc/jailkit/jk_check.ini +@sample ${SYSCONFDIR}/jailkit/jk_check.ini share/examples/jailkit/jk_chrootsh.ini -@sample /etc/jailkit/jk_chrootsh.ini +@sample ${SYSCONFDIR}/jailkit/jk_chrootsh.ini share/examples/jailkit/jk_init.ini -@sample /etc/jailkit/jk_init.ini +@sample ${SYSCONFDIR}/jailkit/jk_init.ini share/examples/jailkit/jk_lsh.ini -@sample /etc/jailkit/jk_lsh.ini +@sample ${SYSCONFDIR}/jailkit/jk_lsh.ini share/examples/jailkit/jk_socketd.ini -@sample /etc/jailkit/jk_socketd.ini +@sample ${SYSCONFDIR}/jailkit/jk_socketd.ini share/examples/jailkit/jk_uchroot.ini -@sample /etc/jailkit/jk_uchroot.ini +@sample ${SYSCONFDIR}/jailkit/jk_uchroot.ini share/examples/jailkit/jk_update.ini -@sample /etc/jailkit/jk_update.ini +@sample ${SYSCONFDIR}/jailkit/jk_update.ini share/jailkit/ +${MODPY_COMMENT}share/jailkit/${MODPY_PYCACHE}/ +share/jailkit/${MODPY_PYCACHE}jk_lib.${MODPY_PYC_MAGIC_TAG}pyc share/jailkit/jk_lib.py -share/jailkit/jk_lib.pyc
