Merge pull request 'usr/local/share/bastille/common.sh aktualisiert' (#1 ) from matthiasberner-patch-1 into master

Reviewed-on: #1
usr/local/share/bastille/common.sh aktualisiert
2024-10-09 18:36:18 +02:00 · 2024-10-09 18:34:33 +02:00 · 2024-07-14 23:14:33 -05:00 · 2024-07-14 18:32:32 -05:00 · 2024-07-14 15:46:29 -05:00 · 2024-07-14 15:45:03 -05:00
10 changed files with 46 additions and 16 deletions
--- a/docs/chapters/subcommands/bootstrap.rst
+++ b/docs/chapters/subcommands/bootstrap.rst
@@ -47,7 +47,7 @@ EOL Releases
 ------------

 It is sometimes necessary to run end-of-life releases for testing or legacy
-application support. Dy default Bastille will only install supported releases
+application support. By default Bastille will only install supported releases
 but you can bootstrap EOL / unsupported releases with a simple trick.

 .. code-block:: shell
--- a/usr/local/bin/bastille
+++ b/usr/local/bin/bastille
@@ -158,6 +158,18 @@ clone|config|cmd|console|convert|cp|edit|htop|limits|mount|pkg|rcp|rename|servic
        TARGET="${1}"
        shift

+        # This is needed to handle the special case of 'bastille rcp' and 'bastille cp' with the '-q' or '--quiet'
+        # option specified before the TARGET. Also seems the cp and rcp commands does not support ALL as a target, so
+        # that's why is handled here. Maybe this behaviour needs an improvement later. -- yaazkal
+        if { [ "${CMD}" = 'rcp' ] || [ "${CMD}" = 'cp' ]; } && \
+           { [ "${TARGET}" = '-q' ] || [ "${TARGET}" = '--quiet' ]; }; then
+          TARGET="${1}"
+          JAILS="${TARGET}"
+          OPTION="-q"
+          export OPTION
+          shift
+        fi
+
        if [ "${TARGET}" = 'ALL' ]; then
            target_all_jails
        elif [ "${CMD}" = "pkg" ] && [ "${TARGET}" = '-H' ] || [ "${TARGET}" = '--host' ]; then
--- a/usr/local/etc/bastille/bastille.conf.sample
+++ b/usr/local/etc/bastille/bastille.conf.sample
@@ -41,7 +41,7 @@ bastille_url_midnightbsd="https://www.midnightbsd.org/ftp/MidnightBSD/releases/"
 ## ZFS options
 bastille_zfs_enable=""                                                ## default: ""
 bastille_zfs_zpool=""                                                 ## default: ""
-bastille_zfs_prefix="bastille"                                        ## default: "${bastille_zfs_zpool}/bastille"
+bastille_zfs_prefix="${bastille_zfs_zpool}/bastille"                  ## default: "${bastille_zfs_zpool}/bastille"
 bastille_zfs_options="-o compress=lz4 -o atime=off"                   ## default: "-o compress=lz4 -o atime=off"

 ## Export/Import options
--- a/usr/local/etc/rc.d/bastille
+++ b/usr/local/etc/rc.d/bastille
@@ -3,7 +3,7 @@
 # Bastille jail startup script
 #
 # PROVIDE: bastille
-# REQUIRE: NETWORKING
+# REQUIRE: jail
 # KEYWORD: shutdown

 # Add the following to /etc/rc.conf[.local] to enable this service
@@ -41,7 +41,7 @@ restart_cmd="bastille_stop && bastille_start"
 rcordered_list() {
    local _jailsdir
    _jailsdir=$(. $bastille_conf; echo $bastille_jailsdir)
-    bastille_ordered_list=$(rcorder -s nostart ${_jailsdir}/*/jail.conf | xargs dirname | xargs basename | tr "\n" " ")
+    bastille_ordered_list=$(rcorder -s nostart ${_jailsdir}/*/jail.conf | xargs dirname | xargs basename -a | tr "\n" " ")
 }

 bastille_start()
--- a/usr/local/share/bastille/bootstrap.sh
+++ b/usr/local/share/bastille/bootstrap.sh
@@ -346,7 +346,7 @@ debootstrap_release() {
                ;;
            esac
        else
-            # If already set in /boot/loader.conf, check and try to load the module. 
+            # If already set in /boot/loader.conf, check and try to load the module.
            if ! kldstat -m ${_req_kmod} >/dev/null 2>&1; then
                info "Loading kernel module: ${_req_kmod}"
                kldload -v ${_req_kmod}
--- a/usr/local/share/bastille/common.sh
+++ b/usr/local/share/bastille/common.sh
@@ -79,7 +79,8 @@ generate_vnet_jail_netblock() {
    ## define uniq_epair
    local jail_list=$(bastille list jails)
    if [ -n "${jail_list}" ]; then
-        local list_jails_num=$(echo "${jail_list}" | wc -l | awk '{print $1}')
+        # local list_jails_num=$(echo "${jail_list}" | wc -l | awk '{print $1}')
+        local list_jails_num=$(grep -e "e[0-9]b_bastille" "${bastille_jailsdir}"/*/jail.conf | grep -Eo '(bastille)([0-9]{1,3});' | grep -Eo '[0-9]{1,2}' | wc -l | awk '{print $1}')
        local num_range=$((list_jails_num + 1))
        for _num in $(seq 0 "${num_range}"); do
            if ! grep -q "e[0-9]b_bastille${_num}" "${bastille_jailsdir}"/*/jail.conf; then
@@ -112,7 +113,7 @@ EOF
  vnet;
  vnet.interface = e0b_${uniq_epair};
  exec.prestart += "jib addm ${uniq_epair} ${external_interface}";
-  exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${jail_name}\"";
+  exec.prestart += "ifconfig e0a_${uniq_epair} description \'vnet host interface for Bastille jail ${jail_name}\'";
  exec.poststop += "jib destroy ${uniq_epair}";
 EOF
    fi
--- a/usr/local/share/bastille/console.sh
+++ b/usr/local/share/bastille/console.sh
@@ -82,6 +82,7 @@ for _jail in ${JAILS}; do
    if [ -n "${USER}" ]; then
        validate_user
    else
+        check_fib
        LOGIN="$(jexec -l "${_jail}" which login)"
        ${_setfib} jexec -l "${_jail}" $LOGIN -f root
    fi
--- a/usr/local/share/bastille/create.sh
+++ b/usr/local/share/bastille/create.sh
@@ -165,10 +165,15 @@ EOF
 }

 generate_jail_conf() {
+    if [ "$(sysctl -n security.jail.jailed)" -eq 1 ]; then
+        devfs_ruleset_value=0
+    else
+        devfs_ruleset_value=4
+    fi
    cat << EOF > "${bastille_jail_conf}"
 ${NAME} {
-  devfs_ruleset = 4;
  enforce_statfs = 2;
+  devfs_ruleset = ${devfs_ruleset_value};
  exec.clean;
  exec.consolelog = ${bastille_jail_log};
  exec.start = '/bin/sh /etc/rc';
@@ -189,12 +194,17 @@ EOF
 }

 generate_linux_jail_conf() {
+    if [ "$(sysctl -n security.jail.jailed)" -eq 1 ]; then
+        devfs_ruleset_value=0
+    else
+        devfs_ruleset_value=4
+    fi
    cat << EOF > "${bastille_jail_conf}"
 ${NAME} {
  host.hostname = ${NAME};
  mount.fstab = ${bastille_jail_fstab};
  path = ${bastille_jail_path};
-  devfs_ruleset = 4;
+  devfs_ruleset = ${devfs_ruleset_value};
  enforce_statfs = 1;

  exec.start = '/bin/true';
@@ -212,11 +222,16 @@ EOF
 }

 generate_vnet_jail_conf() {
+    if [ "$(sysctl -n security.jail.jailed)" -eq 1 ]; then
+        devfs_ruleset_value=0
+    else
+        devfs_ruleset_value=13
+    fi
    NETBLOCK=$(generate_vnet_jail_netblock "$NAME" "${VNET_JAIL_BRIDGE}" "${bastille_jail_conf_interface}")
    cat << EOF > "${bastille_jail_conf}"
 ${NAME} {
-  devfs_ruleset = 13;
  enforce_statfs = 2;
+  devfs_ruleset = ${devfs_ruleset_value};
  exec.clean;
  exec.consolelog = ${bastille_jail_log};
  exec.start = '/bin/sh /etc/rc';
--- a/usr/local/share/bastille/export.sh
+++ b/usr/local/share/bastille/export.sh
@@ -212,7 +212,7 @@ if [ -n "${TXZ_EXPORT}" -o -n "${TGZ_EXPORT}" ] && [ -n "${SAFE_EXPORT}" ]; then
    error_exit "Error: Simple archive modes with safe ZFS export can't be used together."
 fi

-if checkyesno bastille_zfs_enable; then
+if ! checkyesno bastille_zfs_enable; then
    if [ -n "${GZIP_EXPORT}" -o -n "${RAW_EXPORT}" -o -n "${SAFE_EXPORT}" -o "${OPT_ZSEND}" = "-Rv" ]; then
        error_exit "Options --gz, --raw, --safe, --verbose are valid for ZFS configured systems only."
    fi
--- a/usr/local/share/bastille/setup.sh
+++ b/usr/local/share/bastille/setup.sh
@@ -28,8 +28,9 @@
 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

+bastille_config="/usr/local/etc/bastille/bastille.conf"
 . /usr/local/share/bastille/common.sh
-. /usr/local/etc/bastille/bastille.conf
+. ${bastille_config}

 usage() {
    error_exit "Usage: bastille setup [pf|bastille0|zfs|vnet]"
@@ -78,8 +79,8 @@ if [ ! -f "${bastille_pf_conf}" ]; then
    local ext_if
    ext_if=$(netstat -rn | awk '/default/ {print $4}' | head -n1)
    info "Determined default network interface: ($ext_if)"
-    info "${bastille_pf_conf} does not exist: creating..." 
-    
+    info "${bastille_pf_conf} does not exist: creating..."
+
    ## creating pf.conf
    cat << EOF > ${bastille_pf_conf}
 ## generated by bastille setup
@@ -111,8 +112,8 @@ configure_zfs() {
    else
        ## attempt to determine bastille_zroot from `zpool list`
        bastille_zroot=$(zpool list | grep -v NAME | awk '{print $1}')
-        sysrc -f "${bastille_prefix}/bastille.conf" bastille_zfs_enable=YES
-        sysrc -f "${bastille_prefix}/bastille.conf" bastille_zfs_zpool="${bastille_zroot}"
+        sysrc -f "${bastille_config}" bastille_zfs_enable=YES
+        sysrc -f "${bastille_config}" bastille_zfs_zpool="${bastille_zroot}"
    fi
 }
Author	SHA1	Message	Date
matthiasberner	c49c2bbaeb	Merge pull request 'usr/local/share/bastille/common.sh aktualisiert' (#1 ) from matthiasberner-patch-1 into master Reviewed-on: #1	2024-10-09 18:36:18 +02:00
matthiasberner	6bb3d7110a	usr/local/share/bastille/common.sh aktualisiert	2024-10-09 18:34:33 +02:00
Juan David Hurtado G	cee6f20aa5	Merge pull request #711 from yaazkal/fix-conf-zpool [FIX] correctly use bastille_zfs_prefix to also work on pools != zroot	2024-07-14 23:14:33 -05:00
yaazkal	1a27a7e0d4	[FIX] correctly use bastille_zfs_prefix to also work on pools different than zroot see PR #685	2024-07-14 18:32:32 -05:00
Juan David Hurtado G	c7f46c3fbb	Merge pull request #710 from yaazkal/fix-cp-rcp [FIX] cp and rcp commands not handling the quiet option correctly	2024-07-14 15:46:29 -05:00
yaazkal	bfe413e8ec	[FIX] cp and rcp commands not handling the quiet option correctly	2024-07-14 15:45:03 -05:00
Juan David Hurtado G	9aeb0ea10c	Merge pull request #643 from draga79/master Adjust devfs_ruleset for hierarchical jails compatibility	2024-07-14 09:00:54 -05:00
Juan David Hurtado G	9f2cf6651b	Merge pull request #686 from deadbeef2000/master [FIX] Fixed rcorder startup	2024-07-13 21:05:59 -05:00
Juan David Hurtado G	cb5697acdd	Merge pull request #709 from yaazkal/bastille-day-24 Review for PR#650	2024-07-13 17:32:19 -05:00
yaazkal	09dcdd0ec7	[REF] clean code for PR#650	2024-07-13 17:29:30 -05:00
Juan David Hurtado G	b7b2efca12	Merge pull request #650 from em-winterschon/fbsd-140R-setup-bootstrap-fixes diff patches applied to resolve errors on setup.sh and bootstrap.sh	2024-07-13 17:20:23 -05:00
Juan David Hurtado G	e441850f81	Merge pull request #665 from andrewhotlab/master restore check_fib() call	2024-07-13 08:01:20 -05:00
Juan David Hurtado G	87febb6407	Merge pull request #689 from Vertalo/work/bugfix_zfs_export Fix to correctly check ZFS on/off closes #661	2024-07-08 20:26:27 -05:00
Juan David Hurtado G	3fff3d371d	Merge pull request #649 from tedhen/master Fix one letter spelling mistake.	2024-07-08 08:32:34 -05:00
Stefano Marinelli	7750a1b927	Merge pull request #1 from BastilleBSD/master Sync from original repo	2024-06-30 14:52:43 +02:00
Juan David Hurtado G	ee96a206aa	Merge pull request #705 from yaazkal/fix-rc-depends [FIX] bastille rc script to require jail closes #698	2024-06-14 12:14:34 -05:00
yaazkal	6568a28c15	[FIX] bastille rc script to require jail closes #698	2024-06-05 22:33:38 -05:00
Martin Stoyanov	4859b56050	fix for https://github.com/BastilleBSD/bastille/issues/661	2024-03-13 10:24:54 -05:00
Christopher Kepes	1d14badc4a	Fixed rcorder startup (added -a to basename)	2024-02-29 11:40:55 +01:00
Andrew	5faac5e7a4	restore check_fib() calls This is needed to respect the "exec.fib" parameter in bastille "console" command, which has been deleted by commit `b997be5`	2024-01-18 19:55:58 +01:00
Eva Winterschön	19c8c021c4	diff patches applied to resolve errors on setup.sh and bootstrap.sh	2023-12-25 11:39:02 -08:00
Ted Henriksson	9d55c2ceb0	Fix one letter spelling mistake.	2023-12-25 18:36:02 +01:00
Stefano Marinelli	6ca8ea578e	Adjust devfs_ruleset for hierarchical jails compatibility Hierarchical jails inherit the parent jail's permissions and don't support setting devfs_ruleset to a non-zero value. This update adds a check to determine if the script is running inside a jail. If so, it sets devfs_ruleset to 0 to comply with this constraint.	2023-11-27 18:45:09 +01:00