Hi Gonzalo, I've not managed to apply your diff yet, but it seems like your patch is not patching up the jk_lib.py to properly handle `/dev/*` creation. The authors program is a bit borked and doesn't manage to create devs.
This is noticeable when you try to chroot into the directory and terminal complains that /dev/tty is not a device. Currently the program asks you to manually make them, but I've managed to simplify and patch it up. Could you let me know if you are able to create the /dev/s using jailkit? I'll test it out then. Thanks a lot for the work! Totally lit. Aisha On 4/12/20 12:37 PM, Gonzalo L. Rodriguez wrote: > On Fri, 10 Apr 2020 at 09:26:02 -0400, Aisha Tammy wrote: >> Hi Stuart, >> Dope comments, thanks a lot! >> The plist was the sickest, it even did the __pycache__ :O >> I totally did not expect so much complexity from just plist, I did read it >> but like thought it was just going to do what I did, like, just add and >> subtract 1 or 2 lines. >> Next time I'm just gonna keep running all possible commands. >> >> I am in totally love with make clean patch/build/fake, repeat. Its a hugely >> productive pipeline, makes life so much simpler. >> I wish gentoo was as simple, but emerge is also super dope. I really like >> how their stuff is so similar to ports :D :D >> >> I should stop rambling, I have a habit of just going on and on and on. >> >> I have handled all of the comments, hopefully not adding any more mistakes. >> Lemme know if I need to make more changes, this process of porting is super >> fun. >> jailkit is dank, I'm doing all my cancerous nodejs and django self hosting >> in chroots now. >> I'm also writing up common inits on github, maybe I can also add that to the >> pkg-readme if I get time. >> Maybe someday we can have actualy jails, but till then i can get my daily >> fix from this :D >> >> Cheers, >> Aisha >> >> Index: Makefile >> =================================================================== >> RCS file: /cvs/ports/security/jailkit/Makefile,v >> retrieving revision 1.15 >> diff -u -p -r1.15 Makefile >> --- Makefile 12 Jul 2019 20:49:03 -0000 1.15 >> +++ Makefile 10 Apr 2020 13:10:05 -0000 >> @@ -2,18 +2,21 @@ >> >> COMMENT= utilities for jailing a user or process >> >> -DISTNAME= jailkit-2.19 >> +DISTNAME= jailkit-2.21 >> CATEGORIES= security sysutils >> >> -HOMEPAGE= http://olivier.sessink.nl/jailkit/ >> +HOMEPAGE= https://olivier.sessink.nl/jailkit/ >> >> -MASTER_SITES= http://olivier.sessink.nl/jailkit/ >> +MASTER_SITES= https://olivier.sessink.nl/jailkit/ >> >> # BSD - LGPLv2 >> -PERMIT_PACKAGE= Yes >> +PERMIT_PACKAGE= Yes >> >> MODULES= lang/python >> -WANTLIB += c pthread >> + >> +MODPY_VERSION= ${MODPY_DEFAULT_VERSION_3} >> + >> +WANTLIB+= c pthread >> >> NO_TEST= Yes >> >> @@ -34,9 +37,8 @@ pre-configure: >> ${SUBST_CMD} ${WRKSRC}/man/$${i}; done >> >> post-install: >> - # recreate the .pyc file, otherwise it would change >> - # after installation >> - rm ${PREFIX}/share/jailkit/jk_lib.pyc >> + # compile the jailkit python files so that they >> + # are removed correctly when uninstalling >> ${MODPY_BIN} ${MODPY_LIBDIR}/compileall.py \ >> ${PREFIX}/share/jailkit >> >> Index: distinfo >> =================================================================== >> RCS file: /cvs/ports/security/jailkit/distinfo,v >> retrieving revision 1.8 >> diff -u -p -r1.8 distinfo >> --- distinfo 20 Dec 2015 15:43:46 -0000 1.8 >> +++ distinfo 10 Apr 2020 13:10:05 -0000 >> @@ -1,2 +1,2 @@ >> -SHA256 (jailkit-2.19.tar.gz) = /ZYS3Vf0o5q/zeZHxCBhbFyjf1mCuMB6j7XLNSSU/Ig= >> -SIZE (jailkit-2.19.tar.gz) = 142280 >> +SHA256 (jailkit-2.21.tar.gz) = egIOB635OGDFOPDZgZauoz1GG6vbqLs+3fcIHleinBQ= >> +SIZE (jailkit-2.21.tar.gz) = 141341 >> Index: patches/patch-ini_jk_init_ini >> =================================================================== >> RCS file: /cvs/ports/security/jailkit/patches/patch-ini_jk_init_ini,v >> retrieving revision 1.3 >> diff -u -p -r1.3 patch-ini_jk_init_ini >> --- patches/patch-ini_jk_init_ini 26 Mar 2014 17:38:27 -0000 1.3 >> +++ patches/patch-ini_jk_init_ini 10 Apr 2020 13:10:05 -0000 >> @@ -1,32 +1,10 @@ >> -$OpenBSD: patch-ini_jk_init_ini,v 1.3 2014/03/26 17:38:27 gonzalo Exp $ >> +$OpenBSD: patch-ini_jk_init_ini,v 1.4 2020/04/08 18:43:53 aisha Exp $ >> >> -fix some default paths in the jail creation configuration file >> +fix installation directories and default paths in the jail creation >> configuration file >> >> ---- ini/jk_init.ini.orig Mon Dec 23 06:02:42 2013 >> -+++ ini/jk_init.ini Wed Dec 25 16:04:26 2013 >> -@@ -2,18 +2,18 @@ >> - # this section probably needs adjustment on 64bit systems >> - # or non-Linux systems >> - comment = common files for all jails that need user/group information >> --paths = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, >> /lib64/libnss*.so.2, /lib/i386-linux-gnu/libnsl.so.1, >> /lib/i386-linux-gnu/libnss*.so.2, /lib/x86_64-linux-gnu/libnsl.so.1, >> /lib/x86_64-linux-gnu/libnss*.so.2, /etc/nsswitch.conf, /etc/ld.so.conf >> -+paths = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, >> /lib64/libnss*.so.2, /lib/i386-linux-gnu/libnsl.so.1, >> /lib/i386-linux-gnu/libnss*.so.2, /lib/x86_64-linux-gnu/libnsl.so.1, >> /lib/x86_64-linux-gnu/libnss*.so.2, ${SYSCONFDIR}/nsswitch.conf, >> ${SYSCONFDIR}/ld.so.conf >> - # Solaris needs >> --# paths = /etc/default/nss, /lib/libnsl.so.1, /usr/lib/nss_*.so.1, >> /etc/nsswitch.conf >> -+# paths = ${SYSCONFDIR}/default/nss, /lib/libnsl.so.1, >> /usr/lib/nss_*.so.1, ${SYSCONFDIR}/nsswitch.conf >> - >> - [netbasics] >> - comment = common files for all jails that need any internet connectivity >> --paths = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2, /etc/resolv.conf, >> /etc/host.conf, /etc/hosts, /etc/protocols, /etc/services >> -+paths = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2, >> ${SYSCONFDIR}/resolv.conf, ${SYSCONFDIR}/host.conf, ${SYSCONFDIR}/hosts, >> ${SYSCONFDIR}/protocols, ${SYSCONFDIR}/services >> - # on Solaris devices /dev/udp and /dev/tcp might be needed too, not sure >> - >> - [logbasics] >> - comment = timezone information and log sockets >> --paths = /etc/localtime >> -+paths = ${SYSCONFDIR}/localtime >> - need_logsocket = 1 >> - # Solaris does not need logsocket >> - # but needs >> +Index: ini/jk_init.ini >> +--- ini/jk_init.ini.orig >> ++++ ini/jk_init.ini >> @@ -21,7 +21,7 @@ need_logsocket = 1 >> >> [jk_lsh] >> @@ -68,7 +46,7 @@ fix some default paths in the jail creat >> >> [netutils] >> comment = several internet utilities like wget, ftp, rsync, scp, ssh >> -@@ -110,7 +110,7 @@ includesections = extendedshell, netutils, apacheutils >> +@@ -110,17 +110,16 @@ includesections = extendedshell, netutils, apacheutils >> >> [openvpn] >> comment = jail for the openvpn daemon >> @@ -76,8 +54,10 @@ fix some default paths in the jail creat >> +paths = ${LOCALBASE}/sbin/openvpn >> users = root,nobody >> groups = root,nogroup >> - includesections = netbasics >> -@@ -120,7 +120,7 @@ need_logsocket = 1 >> +-includesections = netbasics >> + devices = /dev/urandom, /dev/random, /dev/net/tun >> + includesections = netbasics, uidbasics >> + need_logsocket = 1 >> >> [apache] >> comment = the apache webserver, very basic setup, probably too limited for >> you >> @@ -86,7 +66,7 @@ fix some default paths in the jail creat >> users = root, www-data >> groups = root, www-data >> includesections = netbasics, uidbasics >> -@@ -131,16 +131,16 @@ paths = perl, /usr/lib/perl, /usr/lib/perl5, /usr/shar >> +@@ -131,16 +130,16 @@ paths = perl, /usr/lib/perl, /usr/lib/perl5, /usr/shar >> >> [xauth] >> comment = getting X authentication to work >> @@ -106,7 +86,7 @@ fix some default paths in the jail creat >> includesections = xclients >> >> [ping] >> -@@ -149,5 +149,5 @@ paths_w_setuid = /bin/ping >> +@@ -149,5 +148,5 @@ paths_w_setuid = /bin/ping >> >> #[xterm] >> #comment = xterm >> Index: patches/patch-man_Makefile_in >> =================================================================== >> RCS file: /cvs/ports/security/jailkit/patches/patch-man_Makefile_in,v >> retrieving revision 1.1.1.1 >> diff -u -p -r1.1.1.1 patch-man_Makefile_in >> --- patches/patch-man_Makefile_in 20 Sep 2010 07:15:30 -0000 1.1.1.1 >> +++ patches/patch-man_Makefile_in 10 Apr 2020 13:10:05 -0000 >> @@ -1,7 +1,11 @@ >> -$OpenBSD: patch-man_Makefile_in,v 1.1.1.1 2010/09/20 07:15:30 sebastia Exp $ >> ---- man/Makefile.in.orig Mon Oct 20 00:03:54 2008 >> -+++ man/Makefile.in Mon Oct 20 00:05:31 2008 >> -@@ -21,7 +21,7 @@ SRCS = \ >> +$OpenBSD: patch-man_Makefile_in,v 1.1.1.2 2020/04/08 16:41:32 aisha Exp $ >> + >> +fix adding man pages without gzip >> + >> +Index: man/Makefile.in >> +--- man/Makefile.in.orig >> ++++ man/Makefile.in >> +@@ -20,7 +20,7 @@ SRCS = \ >> >> @HAVEPROCMAIL_TRUE@SRCS += jk_procmailwrapper.8 >> >> Index: patches/patch-man_jailkit_8 >> =================================================================== >> RCS file: /cvs/ports/security/jailkit/patches/patch-man_jailkit_8,v >> retrieving revision 1.2 >> diff -u -p -r1.2 patch-man_jailkit_8 >> --- patches/patch-man_jailkit_8 26 Mar 2014 17:38:27 -0000 1.2 >> +++ patches/patch-man_jailkit_8 10 Apr 2020 13:10:05 -0000 >> @@ -1,6 +1,10 @@ >> -$OpenBSD: patch-man_jailkit_8,v 1.2 2014/03/26 17:38:27 gonzalo Exp $ >> ---- man/jailkit.8.orig Sat Dec 21 18:05:22 2013 >> -+++ man/jailkit.8 Wed Dec 25 16:01:05 2013 >> +$OpenBSD: patch-man_jailkit_8,v 1.3 2020/04/08 16:38:22 aisha Exp $ >> + >> +give proper locations to ini files in the man pages >> + >> +Index: man/jailkit.8 >> +--- man/jailkit.8.orig >> ++++ man/jailkit.8 >> @@ -36,7 +36,7 @@ This section gives summary sketches of the various pro >> >> .BR jk_init >> @@ -53,7 +57,7 @@ $OpenBSD: patch-man_jailkit_8,v 1.2 2014 >> . >> >> .BR jk_list >> -@@ -127,9 +127,9 @@ tail /var/log/daemon.log /var/log/auth.log >> +@@ -129,9 +129,9 @@ journalctl --since=-1h >> .SH FILES >> >> The jailkit configuration files are located in >> Index: patches/patch-py_jk_lib_py >> =================================================================== >> RCS file: /cvs/ports/security/jailkit/patches/patch-py_jk_lib_py,v >> retrieving revision 1.3 >> diff -u -p -r1.3 patch-py_jk_lib_py >> --- patches/patch-py_jk_lib_py 24 Apr 2013 12:47:39 -0000 1.3 >> +++ patches/patch-py_jk_lib_py 10 Apr 2020 13:10:05 -0000 >> @@ -1,18 +1,73 @@ >> -$OpenBSD: patch-py_jk_lib_py,v 1.3 2013/04/24 12:47:39 gonzalo Exp $ >> +$OpenBSD: patch-py_jk_lib_py,v 1.4 2020/04/08 16:36:23 aisha Exp $ >> >> -Fix running jk_init trying to create a jail the first time >> +checks for directory creation, handling edge cases, in initial jail creation >> +streamlined major/minor handling for creating /dev/ nodes >> >> ---- py/jk_lib.py.orig Thu Aug 2 14:55:28 2012 >> -+++ py/jk_lib.py Tue Apr 23 06:35:23 2013 >> -@@ -461,7 +461,10 @@ def create_parent_path(chroot,path,be_verbose=0, copy_ >> +Index: py/jk_lib.py >> +--- py/jk_lib.py.orig >> ++++ py/jk_lib.py >> +@@ -404,7 +404,11 @@ def OLD_create_parent_path(chroot, path, be_verbose=0, >> + chrootname = >> resolve_realpath(chroot+directory[:indx],chroot) >> + if (be_verbose): >> + print('Creating directory '+chrootname) >> +- os.mkdir(chrootname, dir_mode) >> ++ try: >> ++ os.mkdir(chrootname, dir_mode) >> ++ except OSError as e: >> ++ _, stderror = e.args >> ++ sys.stderr.write('ERROR: failed to make >> directory "'+chrootname+'": ' + stderror + '\n') >> + if (copy_permissions): >> + try: >> + >> copy_time_and_permissions(directory[:indx], chrootname, be_verbose, >> allow_suid, copy_ownership) >> +@@ -482,7 +486,11 @@ def create_parent_path(chroot,path,be_verbose=0, copy_ >> if (stat.S_ISDIR(sb.st_mode)): >> if (be_verbose): >> - print 'Create directory '+jailpath >> -- os.mkdir(jailpath, 0755) >> + print('Create directory '+jailpath) >> +- os.mkdir(jailpath, dir_mode) >> + try: >> -+ os.mkdir(jailpath, 0755) >> -+ except OSError, (errno,strerror): >> -+ sys.stderr.write('NOTE: Jail directory already >> existed:\n') >> ++ os.mkdir(jailpath, dir_mode) >> ++ except OSError as e: >> ++ _, stderror = e.args >> ++ sys.stderr.write('ERROR: failed to make >> directory "'+jailpath+'": ' + stderror + '\n') >> if (copy_permissions): >> try: >> copy_time_and_permissions(origpath, >> jailpath, be_verbose, allow_suid, copy_ownership) >> +@@ -515,7 +523,11 @@ def copy_dir_with_permissions_and_owner(srcdir,dstdir, >> + try: >> + if (be_verbose): >> + print('Creating directory'+dstdir) >> +- os.mkdir(dstdir) >> ++ try: >> ++ os.mkdir(dstdir, dir_mode) >> ++ except OSError as e: >> ++ _, stderror = e.args >> ++ sys.stderr.write('ERROR: failed to make directory >> "'+dstdir+'": ' + stderror + '\n') >> + copy_time_and_permissions(srcdir, dstdir, be_verbose, >> allow_suid=0, copy_ownership=1) >> + except (IOError, OSError) as e: >> + _, strerror = e.args >> +@@ -575,22 +587,10 @@ def copy_device(chroot, path, be_verbose=1, retain_own >> + if (os.path.exists(chrootpath)): >> + print('Device '+chrootpath+' does exist already') >> + return >> +- sb = os.stat(path) >> ++ sb = os.lstat(path) >> + try: >> +- if (sys.platform[:5] == 'linux'): >> +- major = sb.st_rdev / 256 #major = st_rdev divided by >> 256 (8bit reserved for the minor number) >> +- minor = sb.st_rdev % 256 #minor = remainder of st_rdev >> divided by 256 >> +- elif (sys.platform == 'sunos5'): >> +- if (sys.maxint == 2147483647): >> +- major = sb.st_rdev / 262144 #major = st_rdev >> divided by 256 (18 bits reserved for the minor number) >> +- minor = sb.st_rdev % 262144 #minor = remainder >> of st_rdev divided by 256 >> +- else: >> +- #64 bit solaris has 32 bit minor/32bit major >> +- major = sb.st_rdev / 2147483647 >> +- minor = sb.st_rdev % 2147483647 >> +- else: >> +- major = sb.st_rdev / 256 #major = st_rdev divided by 256 >> +- minor = sb.st_rdev % 256 #minor = remainder of st_rdev >> divided by 256 >> ++ major=os.major(sb.st_rdev) >> ++ minor=os.minor(sb.st_rdev) >> + if (stat.S_ISCHR(sb.st_mode)): >> + mode = 'c' >> + elif (stat.S_ISBLK(sb.st_mode)): >> Index: pkg/PLIST >> =================================================================== >> RCS file: /cvs/ports/security/jailkit/pkg/PLIST,v >> retrieving revision 1.1.1.1 >> diff -u -p -r1.1.1.1 PLIST >> --- pkg/PLIST 20 Sep 2010 07:15:30 -0000 1.1.1.1 >> +++ pkg/PLIST 10 Apr 2020 13:10:05 -0000 >> @@ -3,7 +3,6 @@ >> @bin bin/jk_uchroot >> @mode >> @man man/man8/jailkit.8 >> -@man man/man8/jk_addjailuser.8 >> @man man/man8/jk_check.8 >> @man man/man8/jk_chrootlaunch.8 >> @man man/man8/jk_chrootsh.8 >> @@ -16,7 +15,6 @@ >> @man man/man8/jk_socketd.8 >> @man man/man8/jk_uchroot.8 >> @man man/man8/jk_update.8 >> -sbin/jk_addjailuser >> sbin/jk_check >> @bin sbin/jk_chrootlaunch >> @mode 4755 >> @@ -32,22 +30,23 @@ sbin/jk_list >> @mode >> @bin sbin/jk_socketd >> sbin/jk_update >> -@sample /etc/jailkit/ >> +@sample ${SYSCONFDIR}/jailkit/ >> share/examples/jailkit/ >> share/examples/jailkit/jk_check.ini >> -@sample /etc/jailkit/jk_check.ini >> +@sample ${SYSCONFDIR}/jailkit/jk_check.ini >> share/examples/jailkit/jk_chrootsh.ini >> -@sample /etc/jailkit/jk_chrootsh.ini >> +@sample ${SYSCONFDIR}/jailkit/jk_chrootsh.ini >> share/examples/jailkit/jk_init.ini >> -@sample /etc/jailkit/jk_init.ini >> +@sample ${SYSCONFDIR}/jailkit/jk_init.ini >> share/examples/jailkit/jk_lsh.ini >> -@sample /etc/jailkit/jk_lsh.ini >> +@sample ${SYSCONFDIR}/jailkit/jk_lsh.ini >> share/examples/jailkit/jk_socketd.ini >> -@sample /etc/jailkit/jk_socketd.ini >> +@sample ${SYSCONFDIR}/jailkit/jk_socketd.ini >> share/examples/jailkit/jk_uchroot.ini >> -@sample /etc/jailkit/jk_uchroot.ini >> +@sample ${SYSCONFDIR}/jailkit/jk_uchroot.ini >> share/examples/jailkit/jk_update.ini >> -@sample /etc/jailkit/jk_update.ini >> +@sample ${SYSCONFDIR}/jailkit/jk_update.ini >> share/jailkit/ >> +${MODPY_COMMENT}share/jailkit/${MODPY_PYCACHE}/ >> +share/jailkit/${MODPY_PYCACHE}jk_lib.${MODPY_PYC_MAGIC_TAG}pyc >> share/jailkit/jk_lib.py >> -share/jailkit/jk_lib.pyc >> > > Can you try my diff? > > https://marc.info/?l=openbsd-ports&m=157910623302514&w=2 >
