From 026499262d4436a19c004b9997eb49ca2e614ee7 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sun, 23 Feb 2025 23:31:57 -0700 Subject: [PATCH] bootstrap: Add debug mode --- usr/local/share/bastille/bootstrap.sh | 360 ++++++++++++++------------ 1 file changed, 189 insertions(+), 171 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index b981e9ab..74219638 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -34,49 +34,16 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille bootstrap [release|template] [update|arch]" + error_notify "Usage: bastille bootstrap [option(s)] [RELEASE|TEMPLATE] [update|arch]" + cat << EOF + Options: + + -x | --debug Enable debug mode. + +EOF + exit 1 } -# Handle special-case commands first. -case "$1" in -help|-h|--help) - usage - ;; -esac - -bastille_root_check - -#Validate if ZFS is enabled in rc.conf and bastille.conf. -if [ "$(sysrc -n zfs_enable)" = "YES" ] && ! checkyesno bastille_zfs_enable; then - warn "ZFS is enabled in rc.conf but not bastille.conf. Do you want to continue? (N|y)" - read answer - case $answer in - no|No|n|N|"") - error_exit "ERROR: Missing ZFS parameters. See bastille_zfs_enable." - ;; - yes|Yes|y|Y) ;; - esac -fi - -# Validate ZFS parameters. -if checkyesno bastille_zfs_enable; then - ## check for the ZFS pool and bastille prefix - if [ -z "${bastille_zfs_zpool}" ]; then - error_exit "ERROR: Missing ZFS parameters. See bastille_zfs_zpool." - elif [ -z "${bastille_zfs_prefix}" ]; then - error_exit "ERROR: Missing ZFS parameters. See bastille_zfs_prefix." - elif ! zfs list "${bastille_zfs_zpool}" > /dev/null 2>&1; then - error_exit "ERROR: ${bastille_zfs_zpool} is not a ZFS pool." - fi - - ## check for the ZFS dataset prefix if already exist - if [ -d "/${bastille_zfs_zpool}/${bastille_zfs_prefix}" ]; then - if ! zfs list "${bastille_zfs_zpool}/${bastille_zfs_prefix}" > /dev/null 2>&1; then - error_exit "ERROR: ${bastille_zfs_zpool}/${bastille_zfs_prefix} is not a ZFS dataset." - fi - fi -fi - validate_release_url() { ## check upstream url, else warn user if [ -n "${NAME_VERIFY}" ]; then @@ -451,9 +418,64 @@ bootstrap_template() { bastille verify "${_user}/${_repo}" } +# Handle options. +while [ "$#" -gt 0 ]; do + case "${1}" in + -h|--help|help) + usage + ;; + -x|--debug) + enable_debug + shift + ;; + -*) + error_exit "Unknown Option: \"${1}\"" + ;; + *) + break + ;; + esac +done + +RELEASE="${1}" +OPTION="${2}" +NOCACHEDIR= HW_MACHINE=$(sysctl hw.machine | awk '{ print $2 }') HW_MACHINE_ARCH=$(sysctl hw.machine_arch | awk '{ print $2 }') +bastille_root_check + +#Validate if ZFS is enabled in rc.conf and bastille.conf. +if [ "$(sysrc -n zfs_enable)" = "YES" ] && ! checkyesno bastille_zfs_enable; then + warn "ZFS is enabled in rc.conf but not bastille.conf. Do you want to continue? (N|y)" + read answer + case $answer in + no|No|n|N|"") + error_exit "ERROR: Missing ZFS parameters. See bastille_zfs_enable." + ;; + yes|Yes|y|Y) ;; + esac +fi + +# Validate ZFS parameters. +if checkyesno bastille_zfs_enable; then + ## check for the ZFS pool and bastille prefix + if [ -z "${bastille_zfs_zpool}" ]; then + error_exit "ERROR: Missing ZFS parameters. See bastille_zfs_zpool." + elif [ -z "${bastille_zfs_prefix}" ]; then + error_exit "ERROR: Missing ZFS parameters. See bastille_zfs_prefix." + elif ! zfs list "${bastille_zfs_zpool}" > /dev/null 2>&1; then + error_exit "ERROR: ${bastille_zfs_zpool} is not a ZFS pool." + fi + + ## check for the ZFS dataset prefix if already exist + if [ -d "/${bastille_zfs_zpool}/${bastille_zfs_prefix}" ]; then + if ! zfs list "${bastille_zfs_zpool}/${bastille_zfs_prefix}" > /dev/null 2>&1; then + error_exit "ERROR: ${bastille_zfs_zpool}/${bastille_zfs_prefix} is not a ZFS dataset." + fi + fi +fi + # bootstrapping from aarch64/arm64 Debian or Ubuntu require a different value for ARCH # create a new variable if [ "${HW_MACHINE_ARCH}" = "aarch64" ]; then @@ -462,10 +484,6 @@ else HW_MACHINE_ARCH_LINUX=${HW_MACHINE_ARCH} fi -NOCACHEDIR= -RELEASE="${1}" -OPTION="${2}" - # Alternate RELEASE/ARCH fetch support(experimental) if [ -n "${OPTION}" ] && [ "${OPTION}" != "${HW_MACHINE}" ] && [ "${OPTION}" != "update" ]; then # Supported architectures @@ -484,133 +502,133 @@ fi ## Filter sane release names case "${1}" in -2.[0-9]*) - ## check for MidnightBSD releases name - NAME_VERIFY=$(echo "${RELEASE}") - UPSTREAM_URL="${bastille_url_midnightbsd}${HW_MACHINE_ARCH}/${NAME_VERIFY}" - PLATFORM_OS="MidnightBSD" - validate_release_url - ;; -*-CURRENT|*-current) - ## check for FreeBSD releases name - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-CURRENT)$' | tr '[:lower:]' '[:upper:]') - UPSTREAM_URL=$(echo "${bastille_url_freebsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_VERIFY}" | sed 's/releases/snapshots/') - PLATFORM_OS="FreeBSD" - validate_release_url - ;; -*-RELEASE|*-release|*-RC[1-9]|*-rc[1-9]|*-BETA[1-9]) - ## check for FreeBSD releases name - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([0-9]{1,2})\.[0-9](-RELEASE|-RC[1-9]|-BETA[1-9])$' | tr '[:lower:]' '[:upper:]') - UPSTREAM_URL="${bastille_url_freebsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_VERIFY}" - PLATFORM_OS="FreeBSD" - validate_release_url - ;; -*-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST) - ## check for HardenedBSD releases name(previous infrastructure, keep for reference) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})(-stable-last)$' | sed 's/STABLE/stable/g' | sed 's/last/LAST/g') - UPSTREAM_URL="${bastille_url_hardenedbsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/hardenedbsd-${NAME_VERIFY}" - PLATFORM_OS="HardenedBSD" - validate_release_url - ;; -*-stable-build-[0-9]*|*-STABLE-BUILD-[0-9]*) - ## check for HardenedBSD(specific stable build releases) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build)-([0-9]{1,3})$' | sed 's/BUILD/build/g' | sed 's/STABLE/stable/g') - NAME_RELEASE=$(echo "${NAME_VERIFY}" | sed 's/-build-[0-9]\{1,3\}//g') - NAME_BUILD=$(echo "${NAME_VERIFY}" | sed 's/[0-9]\{1,2\}-stable-//g') - UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_BUILD}" - PLATFORM_OS="HardenedBSD" - validate_release_url - ;; -*-stable-build-latest|*-stable-BUILD-LATEST|*-STABLE-BUILD-LATEST) - ## check for HardenedBSD(latest stable build release) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') - NAME_RELEASE=$(echo "${NAME_VERIFY}" | sed 's/-BUILD-LATEST//g') - NAME_BUILD=$(echo "${NAME_VERIFY}" | sed 's/[0-9]\{1,2\}-stable-BUILD-//g') - UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/installer/${NAME_BUILD}" - PLATFORM_OS="HardenedBSD" - validate_release_url - ;; -current-build-[0-9]*|CURRENT-BUILD-[0-9]*) - ## check for HardenedBSD(specific current build releases) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build)-([0-9]{1,3})' | sed 's/BUILD/build/g' | sed 's/CURRENT/current/g') - NAME_RELEASE=$(echo "${NAME_VERIFY}" | sed 's/current-.*/current/g') - NAME_BUILD=$(echo "${NAME_VERIFY}" | sed 's/current-//g') - UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_BUILD}" - PLATFORM_OS="HardenedBSD" - validate_release_url - ;; -current-build-latest|current-BUILD-LATEST|CURRENT-BUILD-LATEST) - ## check for HardenedBSD(latest current build release) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build-latest)' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') - NAME_RELEASE=$(echo "${NAME_VERIFY}" | sed 's/current-.*/current/g') - NAME_BUILD=$(echo "${NAME_VERIFY}" | sed 's/current-BUILD-//g') - UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/installer/${NAME_BUILD}" - PLATFORM_OS="HardenedBSD" - validate_release_url - ;; -http?://*/*/*) - BASTILLE_TEMPLATE_URL=${1} - BASTILLE_TEMPLATE_USER=$(echo "${1}" | awk -F / '{ print $4 }') - BASTILLE_TEMPLATE_REPO=$(echo "${1}" | awk -F / '{ print $5 }') - bootstrap_template - ;; -git@*:*/*) - BASTILLE_TEMPLATE_URL=${1} - git_repository=$(echo "${1}" | awk -F : '{ print $2 }') - BASTILLE_TEMPLATE_USER=$(echo "${git_repository}" | awk -F / '{ print $1 }') - BASTILLE_TEMPLATE_REPO=$(echo "${git_repository}" | awk -F / '{ print $2 }') - bootstrap_template - ;; -#adding Ubuntu Bionic as valid "RELEASE" for POC @hackacad -ubuntu_bionic|bionic|ubuntu-bionic) - PLATFORM_OS="Ubuntu/Linux" - LINUX_FLAVOR="bionic" - DIR_BOOTSTRAP="Ubuntu_1804" - ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX} - debootstrap_release - ;; -ubuntu_focal|focal|ubuntu-focal) - PLATFORM_OS="Ubuntu/Linux" - LINUX_FLAVOR="focal" - DIR_BOOTSTRAP="Ubuntu_2004" - ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX} - debootstrap_release - ;; -ubuntu_jammy|jammy|ubuntu-jammy) - PLATFORM_OS="Ubuntu/Linux" - LINUX_FLAVOR="jammy" - DIR_BOOTSTRAP="Ubuntu_2204" - ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX} - debootstrap_release - ;; -debian_buster|buster|debian-buster) - PLATFORM_OS="Debian/Linux" - LINUX_FLAVOR="buster" - DIR_BOOTSTRAP="Debian10" - ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX} - debootstrap_release - ;; -debian_bullseye|bullseye|debian-bullseye) - PLATFORM_OS="Debian/Linux" - LINUX_FLAVOR="bullseye" - DIR_BOOTSTRAP="Debian11" - ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX} - debootstrap_release - ;; -debian_bookworm|bookworm|debian-bookworm) - PLATFORM_OS="Debian/Linux" - LINUX_FLAVOR="bookworm" - DIR_BOOTSTRAP="Debian12" - ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX} - debootstrap_release - ;; -*) - usage - ;; + 2.[0-9]*) + ## check for MidnightBSD releases name + NAME_VERIFY=$(echo "${RELEASE}") + UPSTREAM_URL="${bastille_url_midnightbsd}${HW_MACHINE_ARCH}/${NAME_VERIFY}" + PLATFORM_OS="MidnightBSD" + validate_release_url + ;; + *-CURRENT|*-current) + ## check for FreeBSD releases name + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-CURRENT)$' | tr '[:lower:]' '[:upper:]') + UPSTREAM_URL=$(echo "${bastille_url_freebsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_VERIFY}" | sed 's/releases/snapshots/') + PLATFORM_OS="FreeBSD" + validate_release_url + ;; + *-RELEASE|*-release|*-RC[1-9]|*-rc[1-9]|*-BETA[1-9]) + ## check for FreeBSD releases name + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([0-9]{1,2})\.[0-9](-RELEASE|-RC[1-9]|-BETA[1-9])$' | tr '[:lower:]' '[:upper:]') + UPSTREAM_URL="${bastille_url_freebsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_VERIFY}" + PLATFORM_OS="FreeBSD" + validate_release_url + ;; + *-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST) + ## check for HardenedBSD releases name(previous infrastructure, keep for reference) + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})(-stable-last)$' | sed 's/STABLE/stable/g' | sed 's/last/LAST/g') + UPSTREAM_URL="${bastille_url_hardenedbsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/hardenedbsd-${NAME_VERIFY}" + PLATFORM_OS="HardenedBSD" + validate_release_url + ;; + *-stable-build-[0-9]*|*-STABLE-BUILD-[0-9]*) + ## check for HardenedBSD(specific stable build releases) + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build)-([0-9]{1,3})$' | sed 's/BUILD/build/g' | sed 's/STABLE/stable/g') + NAME_RELEASE=$(echo "${NAME_VERIFY}" | sed 's/-build-[0-9]\{1,3\}//g') + NAME_BUILD=$(echo "${NAME_VERIFY}" | sed 's/[0-9]\{1,2\}-stable-//g') + UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_BUILD}" + PLATFORM_OS="HardenedBSD" + validate_release_url + ;; + *-stable-build-latest|*-stable-BUILD-LATEST|*-STABLE-BUILD-LATEST) + ## check for HardenedBSD(latest stable build release) + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') + NAME_RELEASE=$(echo "${NAME_VERIFY}" | sed 's/-BUILD-LATEST//g') + NAME_BUILD=$(echo "${NAME_VERIFY}" | sed 's/[0-9]\{1,2\}-stable-BUILD-//g') + UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/installer/${NAME_BUILD}" + PLATFORM_OS="HardenedBSD" + validate_release_url + ;; + current-build-[0-9]*|CURRENT-BUILD-[0-9]*) + ## check for HardenedBSD(specific current build releases) + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build)-([0-9]{1,3})' | sed 's/BUILD/build/g' | sed 's/CURRENT/current/g') + NAME_RELEASE=$(echo "${NAME_VERIFY}" | sed 's/current-.*/current/g') + NAME_BUILD=$(echo "${NAME_VERIFY}" | sed 's/current-//g') + UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_BUILD}" + PLATFORM_OS="HardenedBSD" + validate_release_url + ;; + current-build-latest|current-BUILD-LATEST|CURRENT-BUILD-LATEST) + ## check for HardenedBSD(latest current build release) + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build-latest)' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') + NAME_RELEASE=$(echo "${NAME_VERIFY}" | sed 's/current-.*/current/g') + NAME_BUILD=$(echo "${NAME_VERIFY}" | sed 's/current-BUILD-//g') + UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/installer/${NAME_BUILD}" + PLATFORM_OS="HardenedBSD" + validate_release_url + ;; + http?://*/*/*) + BASTILLE_TEMPLATE_URL=${1} + BASTILLE_TEMPLATE_USER=$(echo "${1}" | awk -F / '{ print $4 }') + BASTILLE_TEMPLATE_REPO=$(echo "${1}" | awk -F / '{ print $5 }') + bootstrap_template + ;; + git@*:*/*) + BASTILLE_TEMPLATE_URL=${1} + git_repository=$(echo "${1}" | awk -F : '{ print $2 }') + BASTILLE_TEMPLATE_USER=$(echo "${git_repository}" | awk -F / '{ print $1 }') + BASTILLE_TEMPLATE_REPO=$(echo "${git_repository}" | awk -F / '{ print $2 }') + bootstrap_template + ;; + #adding Ubuntu Bionic as valid "RELEASE" for POC @hackacad + ubuntu_bionic|bionic|ubuntu-bionic) + PLATFORM_OS="Ubuntu/Linux" + LINUX_FLAVOR="bionic" + DIR_BOOTSTRAP="Ubuntu_1804" + ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX} + debootstrap_release + ;; + ubuntu_focal|focal|ubuntu-focal) + PLATFORM_OS="Ubuntu/Linux" + LINUX_FLAVOR="focal" + DIR_BOOTSTRAP="Ubuntu_2004" + ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX} + debootstrap_release + ;; + ubuntu_jammy|jammy|ubuntu-jammy) + PLATFORM_OS="Ubuntu/Linux" + LINUX_FLAVOR="jammy" + DIR_BOOTSTRAP="Ubuntu_2204" + ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX} + debootstrap_release + ;; + debian_buster|buster|debian-buster) + PLATFORM_OS="Debian/Linux" + LINUX_FLAVOR="buster" + DIR_BOOTSTRAP="Debian10" + ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX} + debootstrap_release + ;; + debian_bullseye|bullseye|debian-bullseye) + PLATFORM_OS="Debian/Linux" + LINUX_FLAVOR="bullseye" + DIR_BOOTSTRAP="Debian11" + ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX} + debootstrap_release + ;; + debian_bookworm|bookworm|debian-bookworm) + PLATFORM_OS="Debian/Linux" + LINUX_FLAVOR="bookworm" + DIR_BOOTSTRAP="Debian12" + ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX} + debootstrap_release + ;; + *) + usage + ;; esac case "${OPTION}" in -update) - bastille update "${RELEASE}" - ;; + update) + bastille update "${RELEASE}" + ;; esac