diff options
| author | Kris Kennaway <kris@FreeBSD.org> | 2006-02-11 10:01:37 +0000 |
|---|---|---|
| committer | Kris Kennaway <kris@FreeBSD.org> | 2006-02-11 10:01:37 +0000 |
| commit | 50a3a73c61c9124b5a7e773813919033e7b8b278 (patch) | |
| tree | aab85e6a94366f8d615a33b25771b5eaf1ad9c29 /Tools | |
| parent | 624d76fbca1e731be33c4d8f3e6183a6aed12e37 (diff) | |
| download | ports-50a3a73c61c9124b5a7e773813919033e7b8b278.tar.gz ports-50a3a73c61c9124b5a7e773813919033e7b8b278.zip | |
Support for building ports in a jail instead of a chroot. If use_jail=1
in portbuild.conf (or per-machine .conf), then construct a 127.0.0.0/8
IP address based on the build directory ID (i.e. unique for each
build instance). This is bound to the lo0 interface for the duration
of the 'phase 2' build.
We cannot build 'phase 1' in a jail since 'make fetch' doesn't always
work through a proxy (e.g. squid sometimes mangles files fetched through
FTP, I think by performing CR/LF translation in FTP ASCII mode).
Pass in the HTTP_PROXY variable to the jail, if set. This allows FTP/HTTP
access from within the jail if the proxy is suitably configured (some ports
legitimately need to fetch additional files during the build, e.g. if they
have a BUILD_DEPENDS=...:configure target that needs to fetch additional
distfiles).
Not all ports can be built in jails (most notably the linux_base ports
since they want to mount/umount linprocfs), so we will need to come up
with a way to deal with this.
Some ports require SYSV IPC, so security.jail.sysvipc_allowed=1 might be
required. Some other ports attempt to perform DNS lookups, ping, or
outbound TCP connections during the build.
When it works, this provides better compartmentalization of package builds,
e.g. easier termination of builds without the possibility of daemonized
processes staying active; no possibility of accidental interference
between jails, etc. It also allows for admin monitoring using jls(1).
Notes
Notes:
svn path=/head/; revision=155729
Diffstat (limited to 'Tools')
| -rwxr-xr-x | Tools/portbuild/scripts/portbuild | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/Tools/portbuild/scripts/portbuild b/Tools/portbuild/scripts/portbuild index a832c2d6a293..a64381c0ca41 100755 --- a/Tools/portbuild/scripts/portbuild +++ b/Tools/portbuild/scripts/portbuild @@ -244,11 +244,13 @@ if [ -f ${chroot}/.notready ]; then touch ${chroot}/.ready fi -# Figure out jail IP addr -#chrootpid=$(basename ${chroot}) -#ip1=$(($chrootpid /(256*256))) -#ip2=$((($chrootpid - ($ip1*256*256)) /256)) -#ip3=$((($chrootpid - ($ip1*256*256) - ($ip2*256)))) +if [ "${use_jail}" = "1" ]; then + # Figure out jail IP addr + chrootpid=$(basename ${chroot}) + ip1=$(($chrootpid /(256*256))) + ip2=$((($chrootpid - ($ip1*256*256)) /256)) + ip3=$((($chrootpid - ($ip1*256*256) - ($ip2*256)))) +fi # Set up desired uname version echo ${OSREL}-${BRANCH} > ${chroot}/usr/bin/UNAME_VERSION @@ -363,10 +365,13 @@ if [ "${error}" = 0 ]; then # phase 2, make package ln -sf ${pkgname}.log2 ${chroot}/tmp/make.log -# ifconfig lo0 alias 10.${ip1}.${ip2}.${ip3}/32 -# jail ${chroot} jail-${chroot} 10.${ip1}.${ip2}.${ip3} /usr/bin/nice -n $nice /buildscript ${dirname} 2 > ${chroot}/tmp/${pkgname}.log2 2>&1 -# ifconfig lo0 delete 10.${ip1}.${ip2}.${ip3} - chroot ${chroot} /usr/bin/nice -n $nice /buildscript ${dirname} 2 "$ED" "$PD" "$FD" "$BD" "$RD" > ${chroot}/tmp/${pkgname}.log2 2>&1 + if [ "${use_jail}" = 1 ]; then + ifconfig lo0 alias 127.${ip1}.${ip2}.${ip3}/32 + jail -J ${chroot}/tmp/jail.id ${chroot} jail-${chrootpid} 127.${ip1}.${ip2}.${ip3} /usr/bin/env HTTP_PROXY=${http_proxy} /usr/bin/nice -n $nice /buildscript ${dirname} 2 "$ED" "$PD" "$FD" "$BD" "$RD" > ${chroot}/tmp/${pkgname}.log2 2>&1 + ifconfig lo0 delete 127.${ip1}.${ip2}.${ip3} + else + chroot ${chroot} /usr/bin/nice -n $nice /buildscript ${dirname} 2 "$ED" "$PD" "$FD" "$BD" "$RD" > ${chroot}/tmp/${pkgname}.log2 2>&1 + fi grep pnohang ${chroot}/tmp/${pkgname}.log2 cat ${chroot}/tmp/${pkgname}.log2 >> ${chroot}/tmp/${pkgname}.log |