Merge pull request #17 from cedwards/master

0.3.2018112002 bugfix release

.gitignore

@@ -0,0 +1 @@
+docs/_build

README.md

@@ -4,9 +4,25 @@ Bastille is a jail automation framework that allows you to quickly and
 easily create and manage FreeBSD jail.
 
 
+Installation
+------------
+Bastille is not (yet) in the official ports tree, but I have built and verified
+binary packages.
+
+To install using one of the BETA binary packages, copy the URL for the latest
+release here (TXZ file): https://github.com/bastillebsd/bastille/releases
+
+Then, install via `pkg`. 
+Example:
+
+```shell
+pkg add https://github.com/BastilleBSD/bastille/releases/download/0.3.20181114/bastille-0.3.20181114.txz
+```
+
+
 Basic Usage
 -----------
-```
+```shell
 ishmael ~ # bastille -h
 Usage:
   bastille command [ALL|glob] [args]
@@ -52,7 +68,7 @@ the firewall, permitting and denying traffic as needed.
 First, create the loopback interface:
 
 ```shell
-ishmael ~ # sysrc cloned_interfaces="lo1"
+ishmael ~ # sysrc cloned_interfaces+=lo1
 ishmael ~ # service netif cloneup
 ```
 
@@ -473,7 +489,9 @@ work as expected. This table outlines those requirements:
 | PRE/CMD | /bin/sh command  | /usr/bin/chsh -s /usr/local/bin/zsh  |
 | CONFIG  | path             | etc root usr                         |
 | PKG     | port/pkg name(s) | vim-console zsh git-lite tree htop   |
-| SYSRC   | sysrc command(s) | nginx_enable="YES" nginx_flags="..." |
+| SYSRC   | sysrc command(s) | nginx_enable=YES                     |
+
+Note: SYSRC requires NO quotes or that quotes (`"`) be escaped. ie; `\"`)
 
 In addition to supporting template hooks, Bastille supports overlaying files
 into the jail. This is done by placing the files in their full path, using the
@@ -838,8 +856,25 @@ rdr pass inet proto tcp from any to any port 8081 -> 10.7.6.5 port 8080
 rdr pass inet proto tcp from any to any port 8181 -> 10.7.6.5 port 443
 ```
 
-Tip: Initially I spent time worrying about what IP addresses to assign. In the
+Tip #3:
+-------
+Don't worry too much about IP assignments.
+Initially I spent time worrying about what IP addresses to assign. In the
 end I've come to the conclusion that it _really_ doesn't matter. Pick *any*
 private address and be done with it. These are all isolated networks. In the
 end, what matters is you can map host:port to jail:port reliably, and we
 can.
+
+
+Community Support
+=================
+We would love to hear your feedback on Bastille! Please join us on the
+[BastilleBSD Chat Server](https://chat.bastillebsd.org) and let us know what
+you think. Registration is currently open pending email verification. 
+
+Be mindful of the [Bastille Code of
+Conduct](https://github.com/BastilleBSD/bastille/blob/master/CODE-OF-CONDUCT.md)
+when participating in the chat rooms.
+
+If you've found a bug in Bastille, please submit it to the [Bastille Issue
+Tracker](https://github.com/bastillebsd/bastille/issues/new).

docs/Makefile

@@ -0,0 +1,19 @@
+# Minimal makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line.
+SPHINXOPTS    =
+SPHINXBUILD   = sphinx-build
+SOURCEDIR     = .
+BUILDDIR      = _build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+	@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+.PHONY: help Makefile
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile
+	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)

docs/README.md

@@ -0,0 +1 @@
+../README.md

docs/conf.py

@@ -0,0 +1,185 @@
+# -*- coding: utf-8 -*-
+#
+# Configuration file for the Sphinx documentation builder.
+#
+# This file does only contain a selection of the most common options. For a
+# full list see the documentation:
+# http://www.sphinx-doc.org/en/master/config
+
+# -- Path setup --------------------------------------------------------------
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#
+# import os
+# import sys
+# sys.path.insert(0, os.path.abspath('.'))
+
+import os
+on_rtd = os.environ.get('READTHEDOCS') == 'True'
+if on_rtd:
+    html_theme = 'default'
+else:
+    html_theme = 'sphinx_rtd_theme'
+
+# -- Project information -----------------------------------------------------
+
+project = 'Bastille'
+copyright = '2018, Christer Edwards'
+author = 'Christer Edwards'
+
+# The short X.Y version
+version = '0.3'
+# The full version, including alpha/beta/rc tags
+release = 'beta'
+
+
+# -- General configuration ---------------------------------------------------
+
+# If your documentation needs a minimal Sphinx version, state it here.
+#
+# needs_sphinx = '1.0'
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = [
+]
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# The suffix(es) of source filenames.
+# You can specify multiple suffix as a list of string:
+#
+# source_suffix = ['.rst', '.md']
+source_suffix = '.md'
+
+from recommonmark.parser import CommonMarkParser
+source_parsers = {
+    '.md': CommonMarkParser,
+}
+
+# The master toctree document.
+master_doc = 'README'
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+#
+# This is also used if you do content translation via gettext catalogs.
+# Usually you set "language" from the command line for these cases.
+language = None
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+# This pattern also affects html_static_path and html_extra_path.
+exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = None
+
+
+# -- Options for HTML output -------------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
+#
+##html_theme = 'alabaster'
+
+# Theme options are theme-specific and customize the look and feel of a theme
+# further.  For a list of options available for each theme, see the
+# documentation.
+#
+# html_theme_options = {}
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = ['_static']
+
+# Custom sidebar templates, must be a dictionary that maps document names
+# to template names.
+#
+# The default sidebars (for documents that don't match any pattern) are
+# defined by theme itself.  Builtin themes are using these templates by
+# default: ``['localtoc.html', 'relations.html', 'sourcelink.html',
+# 'searchbox.html']``.
+#
+# html_sidebars = {}
+
+
+# -- Options for HTMLHelp output ---------------------------------------------
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = 'Bastilledoc'
+
+
+# -- Options for LaTeX output ------------------------------------------------
+
+latex_elements = {
+    # The paper size ('letterpaper' or 'a4paper').
+    #
+    # 'papersize': 'letterpaper',
+
+    # The font size ('10pt', '11pt' or '12pt').
+    #
+    # 'pointsize': '10pt',
+
+    # Additional stuff for the LaTeX preamble.
+    #
+    # 'preamble': '',
+
+    # Latex figure (float) alignment
+    #
+    # 'figure_align': 'htbp',
+}
+
+# Grouping the document tree into LaTeX files. List of tuples
+# (source start file, target name, title,
+#  author, documentclass [howto, manual, or own class]).
+latex_documents = [
+    (master_doc, 'Bastille.tex', 'Bastille Documentation',
+     'Christer Edwards', 'manual'),
+]
+
+
+# -- Options for manual page output ------------------------------------------
+
+# One entry per manual page. List of tuples
+# (source start file, name, description, authors, manual section).
+man_pages = [
+    (master_doc, 'bastille', 'Bastille Documentation',
+     [author], 1)
+]
+
+
+# -- Options for Texinfo output ----------------------------------------------
+
+# Grouping the document tree into Texinfo files. List of tuples
+# (source start file, target name, title, author,
+#  dir menu entry, description, category)
+texinfo_documents = [
+    (master_doc, 'Bastille', 'Bastille Documentation',
+     author, 'Bastille', 'One line description of project.',
+     'Miscellaneous'),
+]
+
+
+# -- Options for Epub output -------------------------------------------------
+
+# Bibliographic Dublin Core info.
+epub_title = project
+
+# The unique identifier of the text. This can be a ISBN number
+# or the project homepage.
+#
+# epub_identifier = ''
+
+# A unique identification for the text.
+#
+# epub_uid = ''
+
+# A list of files that should not be packed into the epub file.
+epub_exclude_files = ['search.html']
+

docs/index.rst.sample

@@ -0,0 +1,20 @@
+.. Bastille documentation master file, created by
+   sphinx-quickstart on Tue Nov 20 20:48:22 2018.
+   You can adapt this file completely to your liking, but it should at least
+   contain the root `toctree` directive.
+
+Welcome to Bastille's documentation!
+====================================
+
+.. toctree::
+   :maxdepth: 2
+   :caption: Contents:
+
+
+
+Indices and tables
+==================
+
+* :ref:`genindex`
+* :ref:`modindex`
+* :ref:`search`

usr/local/bin/bastille

@@ -28,14 +28,11 @@
 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-SAVED_TERM=$TERM
-
 . /usr/local/share/bastille/colors.pre.sh
 . /usr/local/etc/bastille/bastille.conf
 
 ## version
-BASTILLE_VERSION="0.3.20181114"
+BASTILLE_VERSION="0.3.20181120"
-
 
 usage() {
     cat << EOF
@@ -103,7 +100,6 @@ bootstrap|update|upgrade)
 	;;
 esac
 
-
 SCRIPTPATH="${bastille_sharedir}/${CMD}.sh"
 
 : ${UMASK:=022}

usr/local/share/bastille/create.sh

@@ -126,8 +126,10 @@ create_jail() {
     if [ "${RELEASE}" == "11.2-RELEASE" ]; then cp -a "${bastille_releasesdir}/${RELEASE}/usr/tests" "${bastille_jail_path}"; fi
 
     ## rc.conf.local & resolv.conf
+    ## cron_flags="-J 60" ## cedwards 20181118
     if [ ! -f "${bastille_jail_rc_conf}" ]; then
         echo -e "syslogd_flags=\"-ss\"\nsendmail_enable=\"NONE\"" > ${bastille_jail_rc_conf}
+	echo -e "cron_flags=\"-J 60\"" >> ${bastille_jail_rc_conf}
     fi
 
     if [ ! -f "${bastille_jail_resolv_conf}" ]; then

usr/local/share/bastille/freebsd_dist_fetch.sh

@@ -2,8 +2,6 @@
 # https://pastebin.com/T6eThbKu
 
 DEVICE_SELF_SCAN_ALL=NO
-DIALOG_BACKTITLE="BastilleBSD"
-DIALOG_TITLE="bootstrap"
 [ "$_SCRIPT_SUBR" ] || . /usr/share/bsdconfig/script.subr
 usage(){ echo "Usage: ${0##*/} [-r releaseName] [dists ...]" >&2; exit 1; }
 while getopts hr: flag; do
@@ -24,13 +22,13 @@ REL_DIST=/usr/local/bastille/cache/$releaseName
 download() # $src to $dest
 {
 	size=$( f_device_get device_media "$1" $PROBE_SIZE )
-	f_device_get device_media "$1" | dpv -kb "$DIALOG_BACKTITLE" \
+	f_device_get device_media "$1" | dpv -kb "BastilleBSD" \
-		-t "$DIALOG_TITLE" -p "Downloading $releaseName" \
+		-t "bootstrap" -p "Downloading $releaseName" \
 		-o "$3" "$size:$1"
 }
 sign() # $file
 {
-	dpv -kb "$DIALOG_BACKTITLE" -t "$DIALOG_TITLE" \
+	dpv -kb "BastilleBSD" -t "bootstrap" \
 		-p "Signing $releaseName" -mx "sha256 >&2" \
 		"$size:${1##*/}" "$1" 2>&1 >&$TERMINAL_STDOUT_PASSTHRU
 }

usr/local/share/bastille/template.sh

@@ -63,8 +63,7 @@ for _jail in ${JAILS}; do
     ## pre
     if [ -s "${bastille_template}/PRE" ]; then
         echo -e "${COLOR_GREEN}Executing PRE-command(s).${COLOR_RESET}"
-        bastille_templatepre=$(cat "${bastille_template}/PRE")
+        jexec -l ${_jail} /bin/sh < "${bastille_template}/PRE"
-        jexec -l "${_jail}" /bin/sh "${bastille_templatepre}"
     fi
 
     ## config
@@ -80,12 +79,14 @@ for _jail in ${JAILS}; do
     if [ -s "${bastille_template}/FSTAB" ]; then
         bastille_templatefstab=$(cat "${bastille_template}/FSTAB")
         echo -e "${COLOR_GREEN}Updating fstab.${COLOR_RESET}"
+        echo -e "${COLOR_GREEN}NOT YET IMPLEMENTED.${COLOR_RESET}"
     fi
 
     ## pf
     if [ -s "${bastille_template}/PF" ]; then
         bastille_templatepf=$(cat "${bastille_template}/PF")
         echo -e "${COLOR_GREEN}Generating PF profile.${COLOR_RESET}"
+        echo -e "${COLOR_GREEN}NOT YET IMPLEMENTED.${COLOR_RESET}"
     fi
 
     ## pkg (bootstrap + pkg)
@@ -94,23 +95,23 @@ for _jail in ${JAILS}; do
         echo -e "${COLOR_GREEN}Installing packages.${COLOR_RESET}"
         jexec -l ${_jail} env ASSUME_ALWAYS_YES="YES" /usr/sbin/pkg bootstrap
         jexec -l ${_jail} env ASSUME_ALWAYS_YES="YES" /usr/sbin/pkg audit -F
-        jexec -l ${_jail} env ASSUME_ALWAYS_YES="YES" /usr/sbin/pkg install -y ${bastille_templatepkg}
+        jexec -l ${_jail} env ASSUME_ALWAYS_YES="YES" /usr/sbin/pkg install ${bastille_templatepkg}
     fi
 
     ## sysrc
     if [ -s "${bastille_template}/SYSRC" ]; then
-        bastille_templatesys=$(cat "${bastille_template}/SYSRC")
         echo -e "${COLOR_GREEN}Updating services.${COLOR_RESET}"
-        jexec -l ${_jail} /usr/sbin/sysrc ${bastille_templatesys}
+        IFS=''
+        while read _sysrc; do
+            jexec -l ${_jail} /usr/sbin/sysrc "${_sysrc}"
+        done < "${bastille_template}/SYSRC"
     fi
 
     ## cmd
     if [ -s "${bastille_template}/CMD" ]; then
-        bastille_templatecmd=$(cat "${bastille_template}/CMD")
         echo -e "${COLOR_GREEN}Executing final command(s).${COLOR_RESET}"
-        jexec -l ${_jail} ${bastille_templatecmd}
+        jexec -l ${_jail} /bin/sh < "${bastille_template}/CMD"
     fi
     echo -e "${COLOR_GREEN}Template Complete.${COLOR_RESET}"
     echo
-    echo
 done

usr/local/share/bastille/update.sh

@@ -49,7 +49,7 @@ fi
 
 RELEASE=$1
 
-echo -e "${COLOR_RED}Targeting specified release.${COLOR_RESET}"
+echo -e "${COLOR_GREEN}Targeting specified release.${COLOR_RESET}"
 echo -e "${RELEASE}"
 echo
 if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then