Index: head/sysutils/iocage/Makefile =================================================================== --- head/sysutils/iocage/Makefile (revision 523919) +++ head/sysutils/iocage/Makefile (revision 523920) @@ -1,53 +1,53 @@ # $FreeBSD$ PORTNAME= iocage PORTVERSION= 1.2 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= sysutils python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} -MAINTAINER= araujo@FreeBSD.org +MAINTAINER= grembo@FreeBSD.org COMMENT= FreeBSD jail manager written in Python3 LICENSE= BSD2CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pytest-runner>=2.0.0:devel/py-pytest-runner@${PY_FLAVOR} RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}netifaces>0:net/py-netifaces@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}click>=6.7:devel/py-click@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}tqdm>=4.10.0:misc/py-tqdm@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}coloredlogs>0:devel/py-coloredlogs@${PY_FLAVOR} \ ca_root_nss>0:security/ca_root_nss \ ${PYTHON_PKGNAMEPREFIX}texttable>=0.8.7:textproc/py-texttable@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytest-runner>=2.0.0:devel/py-pytest-runner@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}requests>=2.11.1:www/py-requests@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}libzfs>=1.0.2:devel/py-libzfs@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}dnspython>0:dns/py-dnspython@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}GitPython>0:devel/py-gitpython@${PY_FLAVOR} \ merge:devel/rcs57 USES= python:3.6+ USE_GITHUB= yes USE_PYTHON= autoplist distutils CONFLICTS= py27-iocage-[0-9]* NO_ARCH= yes PLIST_FILES= ${PYTHON_SITELIBDIR}/${PORTNAME}_lib-${PORTVERSION}-py${PYTHON_VER}.egg-info/PKG-INFO \ ${PYTHON_SITELIBDIR}/${PORTNAME}_lib-${PORTVERSION}-py${PYTHON_VER}.egg-info/SOURCES.txt \ ${PYTHON_SITELIBDIR}/${PORTNAME}_lib-${PORTVERSION}-py${PYTHON_VER}.egg-info/dependency_links.txt \ ${PYTHON_SITELIBDIR}/${PORTNAME}_lib-${PORTVERSION}-py${PYTHON_VER}.egg-info/entry_points.txt \ ${PYTHON_SITELIBDIR}/${PORTNAME}_lib-${PORTVERSION}-py${PYTHON_VER}.egg-info/requires.txt \ ${PYTHON_SITELIBDIR}/${PORTNAME}_lib-${PORTVERSION}-py${PYTHON_VER}.egg-info/top_level.txt OPTIONS_DEFAULT= GIT OPTIONS_RADIO= GIT_PACKAGE OPTIONS_RADIO_GIT_PACKAGE= GIT GIT_LITE GIT_DESC= depend on devel/git GIT_LITE_DESC= depend on devel/git-lite (bare minimum git experience) GIT_RUN_DEPENDS=git:devel/git GIT_LITE_RUN_DEPENDS=git:devel/git-lite .include Index: head/sysutils/iocage/files/patch-iocage__lib_ioc__common.py =================================================================== --- head/sysutils/iocage/files/patch-iocage__lib_ioc__common.py (nonexistent) +++ head/sysutils/iocage/files/patch-iocage__lib_ioc__common.py (revision 523920) @@ -0,0 +1,73 @@ +Originates here +https://github.com/iocage/iocage/commit/753b2f35731423597d7f51f33427b6d619fcd0b5 +https://github.com/iocage/iocage/pull/1106 +and most likely can be removed on the next release of iocage. +--- iocage_lib/ioc_common.py.orig 2019-09-26 07:23:24 UTC ++++ iocage_lib/ioc_common.py +@@ -44,6 +44,9 @@ import iocage_lib.ioc_exceptions + import iocage_lib.ioc_exec + + INTERACTIVE = False ++# 4 is a magic number for default and doesn't refer ++# to the actual ruleset 4 in devfs.rules(!) ++IOCAGE_DEVFS_RULESET = 4 + + + def callback(_log, callback_exception): +@@ -737,7 +740,7 @@ def generate_devfs_ruleset(conf, paths=N + Will add a per jail devfs ruleset with the specified rules, + specifying defaults that equal devfs_ruleset 4 + """ +- ruleset = conf['devfs_ruleset'] ++ configured_ruleset = conf['devfs_ruleset'] + devfs_includes = [] + devfs_rulesets = su.run( + ['devfs', 'rule', 'showsets'], +@@ -745,22 +748,26 @@ def generate_devfs_ruleset(conf, paths=N + ) + ruleset_list = [int(i) for i in devfs_rulesets.stdout.splitlines()] + +- if ruleset != '4': +- if int(ruleset) in ruleset_list: +- return str(ruleset) +- +- logit({ +- "level": "INFO", +- "message": f'* Ruleset {ruleset} does not exist, using defaults' +- }, +- _callback=callback, +- silent=silent) +- +- ruleset = 5 # 0-4 is always reserved ++ ruleset = int(conf["min_dyn_devfs_ruleset"]) + while ruleset in ruleset_list: + ruleset += 1 + ruleset = str(ruleset) + ++ # Custom devfs_ruleset configured, clone to dynamic ruleset ++ if int(configured_ruleset) != IOCAGE_DEVFS_RULESET: ++ if int(configured_ruleset) not in ruleset_list: ++ return (True, configured_ruleset, '0') ++ rules = su.run( ++ ['devfs', 'rule', '-s', configured_ruleset, 'show'], ++ stdout=su.PIPE, universal_newlines=True ++ ) ++ for rule in rules.stdout.splitlines(): ++ su.run(['devfs', 'rule', '-s', ruleset, 'add'] + ++ rule.split(' ')[1:], stdout=su.PIPE) ++ ++ return (True, configured_ruleset, ruleset) ++ ++ # Create default ruleset + devfs_dict = dict((dev, None) for dev in ( + 'hide', 'null', 'zero', 'crypto', 'random', 'urandom', 'ptyp*', + 'ptyq*', 'ptyr*', 'ptys*', 'ptyP*', 'ptyQ*', 'ptyR*', 'ptyS*', 'ptyl*', +@@ -812,7 +819,7 @@ def generate_devfs_ruleset(conf, paths=N + + su.run(['devfs', 'rule', '-s', ruleset] + path, stdout=su.PIPE) + +- return ruleset ++ return (False, configured_ruleset, ruleset) + + + def runscript(script): Property changes on: head/sysutils/iocage/files/patch-iocage__lib_ioc__common.py ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sysutils/iocage/files/patch-iocage__lib_ioc__json.py =================================================================== --- head/sysutils/iocage/files/patch-iocage__lib_ioc__json.py (nonexistent) +++ head/sysutils/iocage/files/patch-iocage__lib_ioc__json.py (revision 523920) @@ -0,0 +1,74 @@ +Originates here +https://github.com/iocage/iocage/commit/753b2f35731423597d7f51f33427b6d619fcd0b5 +https://github.com/iocage/iocage/pull/1106 +and most likely can be removed on the next release of iocage. +--- iocage_lib/ioc_json.py.orig 2019-09-26 07:23:24 UTC ++++ iocage_lib/ioc_json.py +@@ -671,7 +671,7 @@ class IOCConfiguration(IOCZFS): + @staticmethod + def get_version(): + """Sets the iocage configuration version.""" +- version = '26' ++ version = '27' + + return version + +@@ -1104,6 +1104,10 @@ class IOCConfiguration(IOCZFS): + if conf.get(option) == 'none': + conf[option] = 'auto' + ++ # Version 27 key ++ if not conf.get('min_dyn_devfs_ruleset'): ++ conf['min_dyn_devfs_ruleset'] = '1000' ++ + if not default: + conf.update(jail_conf) + +@@ -1321,7 +1325,7 @@ class IOCConfiguration(IOCZFS): + 'vnet2_mac': 'none', + 'vnet3_mac': 'none', + 'vnet_default_interface': 'auto', +- 'devfs_ruleset': '4', ++ 'devfs_ruleset': str(iocage_lib.ioc_common.IOCAGE_DEVFS_RULESET), + 'exec_start': '/bin/sh /etc/rc', + 'exec_stop': '/bin/sh /etc/rc.shutdown', + 'exec_prestart': '/usr/bin/true', +@@ -1432,6 +1436,7 @@ class IOCConfiguration(IOCZFS): + 'nat_forwards': 'none', + 'plugin_name': 'none', + 'plugin_repository': 'none', ++ 'min_dyn_devfs_ruleset': '1000', + } + + def check_default_config(self): +@@ -2369,6 +2374,7 @@ class IOCJson(IOCConfiguration): + 'nat_forwards': ('string', ), + 'plugin_name': ('string', ), + 'plugin_repository': ('string', ), ++ 'min_dyn_devfs_ruleset': ('string', ), + } + + zfs_props = { +@@ -2648,6 +2654,22 @@ class IOCJson(IOCConfiguration): + silent=self.silent, + exception=ioc_exceptions.ValidationFailed + ) ++ elif key in ('devfs_ruleset', 'min_dyn_devfs_ruleset'): ++ try: ++ intval = int(value) ++ if intval <= 0: ++ raise ValueError() ++ conf[key] = str(intval) ++ except ValueError: ++ iocage_lib.ioc_common.logit( ++ { ++ 'level': 'EXCEPTION', ++ 'message': f'Invalid {key} value: {value}' ++ }, ++ _callback=self.callback, ++ silent=self.silent, ++ exception=ioc_exceptions.ValidationFailed ++ ) + + return value, conf + else: Property changes on: head/sysutils/iocage/files/patch-iocage__lib_ioc__json.py ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sysutils/iocage/files/patch-iocage__lib_ioc__start.py =================================================================== --- head/sysutils/iocage/files/patch-iocage__lib_ioc__start.py (nonexistent) +++ head/sysutils/iocage/files/patch-iocage__lib_ioc__start.py (revision 523920) @@ -0,0 +1,104 @@ +Originates here +https://github.com/iocage/iocage/commit/753b2f35731423597d7f51f33427b6d619fcd0b5 +https://github.com/iocage/iocage/pull/1106 +and most likely can be removed on the next release of iocage. +--- iocage_lib/ioc_start.py.orig 2019-09-26 07:23:24 UTC ++++ iocage_lib/ioc_start.py +@@ -145,7 +145,6 @@ class IOCStart(object): + allow_quotas = self.conf["allow_quotas"] + allow_socket_af = self.conf["allow_socket_af"] + allow_vmm = self.conf["allow_vmm"] +- devfs_ruleset = iocage_lib.ioc_common.generate_devfs_ruleset(self.conf) + exec_prestart = self.conf["exec_prestart"] + exec_poststart = self.conf["exec_poststart"] + exec_clean = self.conf["exec_clean"] +@@ -486,16 +485,8 @@ class IOCStart(object): + _callback=self.callback, + silent=self.silent) + +- if wants_dhcp and self.conf['type'] != 'pluginv2' \ +- and self.conf['devfs_ruleset'] != '4': +- iocage_lib.ioc_common.logit({ +- "level": "WARNING", +- "message": f" {self.uuid} is not using the devfs_ruleset" +- f" of 4, not generating a ruleset for the jail," +- " DHCP may not work." +- }, +- _callback=self.callback, +- silent=self.silent) ++ devfs_paths = None ++ devfs_includes = None + + if self.conf['type'] == 'pluginv2' and os.path.isfile( + os.path.join(self.path, f'{self.conf["plugin_name"]}.json') +@@ -509,17 +500,51 @@ class IOCStart(object): + plugin_name = self.conf['plugin_name'] + plugin_devfs = devfs_json[ + "devfs_ruleset"][f"plugin_{plugin_name}"] +- plugin_devfs_paths = plugin_devfs['paths'] +- +- plugin_devfs_includes = None if 'includes' not in \ ++ devfs_paths = plugin_devfs['paths'] ++ devfs_includes = None if 'includes' not in \ + plugin_devfs else plugin_devfs['includes'] + +- devfs_ruleset = \ +- iocage_lib.ioc_common.generate_devfs_ruleset( +- self.conf, +- paths=plugin_devfs_paths, +- includes=plugin_devfs_includes +- ) ++ # Generate dynamic devfs ruleset from configured one ++ (manual_devfs_config, configured_devfs_ruleset, devfs_ruleset) \ ++ = iocage_lib.ioc_common.generate_devfs_ruleset( ++ self.conf, devfs_paths, devfs_includes) ++ ++ if int(devfs_ruleset) <= 0: ++ iocage_lib.ioc_common.logit({ ++ "level": "ERROR", ++ "message": f"{self.uuid} devfs_ruleset" ++ f" {configured_devfs_ruleset} does not exist!" ++ " - Not starting jail" ++ }, ++ _callback=self.callback, ++ silent=self.silent) ++ return ++ ++ # Manually configured devfs_ruleset doesn't support all iocage features ++ if manual_devfs_config: ++ if devfs_paths is not None or devfs_includes is not None: ++ iocage_lib.ioc_common.logit({ ++ "level": "WARNING", ++ "message": f" {self.uuid} is not using the devfs_ruleset" ++ " of " ++ f"{iocage_lib.ioc_common.IOCAGE_DEVFS_RULESET}" ++ ", devices and includes from plugin not added" ++ ", some features of the plugin may not work." ++ }, ++ _callback=self.callback, ++ silent=self.silent) ++ ++ if wants_dhcp and self.conf['type'] != 'pluginv2': ++ iocage_lib.ioc_common.logit({ ++ "level": "WARNING", ++ "message": f" {self.uuid} is not using the devfs_ruleset" ++ " of " ++ f"{iocage_lib.ioc_common.IOCAGE_DEVFS_RULESET}" ++ ", not generating a ruleset for the jail," ++ " DHCP may not work." ++ }, ++ _callback=self.callback, ++ silent=self.silent) + + parameters = [ + fdescfs, _allow_mlock, tmpfs, +@@ -619,6 +644,9 @@ class IOCStart(object): + iocage_lib.ioc_common.logit({ + 'level': 'INFO', + 'message': f' + Using devfs_ruleset: {devfs_ruleset}' ++ + (' (cloned from devfs_ruleset ' ++ f'{configured_devfs_ruleset})' if manual_devfs_config ++ else ' (iocage generated default)') + }, + _callback=self.callback, + silent=self.silent) Property changes on: head/sysutils/iocage/files/patch-iocage__lib_ioc__start.py ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property