1 files changed, 72 insertions, 0 deletions
diff --git a/rcynic/README b/rcynic/README
index 0f94f9df..5ff0d60e 100644
--- a/rcynic/README
+++ b/rcynic/README
@@ -318,3 +318,75 @@ To Do:
 
 - autoconf?  probably not, unless we run into portability issues
   serious enough to require it.
+
+
+
+# Sample script to create a jail for rcynic under FreeBSD.
+
+#!/bin/sh -
+# $Id$
+#
+# Create a chroot jail for rcynic.  You need to build staticly linked
+# rcynic and rsync binaries and install them in the jail yourself.
+#
+# Cobbled together from bits and pieces of existing system scripts,
+# mostly /usr/ports/mail/postfix/pkg-install and /etc/rc.d/named.
+
+jaildir="/var/rcynic"
+jailuser="rcynic"
+jailgroup="rcynic"
+
+if /usr/sbin/pw groupshow "${jailgroup}" 2>/dev/null; then
+    echo "You already have a group \"${jailgroup}\", so I will use it."
+elif /usr/sbin/pw groupadd ${jailgroup}; then
+    echo "Added group \"${jailgroup}\"."
+else
+    echo "Adding group \"${jailgroup}\" failed..."
+    echo "Please create it, and try again."
+    exit 1
+fi
+
+if /usr/sbin/pw usershow "${jailuser}" 2>/dev/null; then
+    echo "You already have a user \"${jailuser}\", so I will use it."
+elif /usr/sbin/pw useradd ${jailuser} -g ${jailgroup} -h - -d /nonexistant -s /usr/sbin/nologin -c "RPKI validation system"; then
+    echo "Added user \"${jailuser}\"."
+else
+    echo "Adding user \"${jailuser}\" failed..."
+    echo "Please create it, and try again."
+    exit 1
+fi
+
+if ! /bin/test -d "${jaildir}"; then
+    /bin/mkdir "${jaildir}"
+fi
+
+/usr/sbin/mtree -deU -p "${jaildir}" <<EOF
+
+    /set type=dir uname=root gname=wheel mode=0555
+    .
+	bin
+	..
+	dev
+	..
+	etc
+	    trust-anchors
+	    ..
+	..
+	data	uname=$jailuser gname=$jailgroup mode=0755
+	..
+    ..
+
+EOF
+
+/sbin/umount "${jaildir}/dev" 2>/dev/null
+if ! /sbin/mount -t devfs dev "${jaildir}/dev"; then
+    echo "Mounting devfs on ${jaildir}/dev failed..."
+    exit 1
+fi
+/sbin/devfs -m "${jaildir}/dev" rule apply hide
+/sbin/devfs -m "${jaildir}/dev" rule apply path null unhide
+/sbin/devfs -m "${jaildir}/dev" rule apply path random unhide
+
+if /bin/test -r /etc/localtime && ! /usr/bin/cmp -s /etc/localtime "${jaildir}/etc/localtime"; then
+    /bin/cp -p /etc/localtime "${jaildir}/etc/localtime"
+fi