From baa362c69b1bc43812c06f3ccce561a68001e7cd Mon Sep 17 00:00:00 2001 From: Bike Dude Date: Sun, 14 Feb 2021 17:29:29 +0100 Subject: [PATCH 01/15] allow boostrapping BETA build --- usr/local/share/bastille/bootstrap.sh | 2 +- usr/local/share/bastille/create.sh | 2 +- usr/local/share/bastille/destroy.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 7cb6c08b..d8238668 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -370,7 +370,7 @@ case "${1}" in PLATFORM_OS="FreeBSD" validate_release_url ;; -*-RELEASE|*-release|*-RC1|*-rc1|*-RC2|*-rc2) +*-RELEASE|*-release|*-RC1|*-rc1|*-RC2|*-rc2|*-BETA1|*-BETA2|*-BETA3|*-BETA4|*-BETA5) ## check for FreeBSD releases name NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2])$' | tr '[:lower:]' '[:upper:]') UPSTREAM_URL="${bastille_url_freebsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_VERIFY}" diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index a92b41e6..774244cc 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -486,7 +486,7 @@ if [ -z "${EMPTY_JAIL}" ]; then NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-CURRENT|-CURRENT-i386)$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') validate_release ;; - *-RELEASE|*-RELEASE-I386|*-RELEASE-i386|*-release|*-RC1|*-rc1|*-RC2|*-rc2) + *-RELEASE|*-RELEASE-I386|*-RELEASE-i386|*-release|*-RC1|*-rc1|*-RC2|*-rc2|*-BETA1|*-BETA2|*-BETA3|*-BETA4|*-BETA5) ## check for FreeBSD releases name NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-2])$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') validate_release diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index a3ff4a68..e1e04dcb 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -200,7 +200,7 @@ case "${TARGET}" in NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})\.[0-9](-CURRENT|-CURRENT-i386)$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') destroy_rel ;; -*-RELEASE|*-RELEASE-I386|*-RELEASE-i386|*-release|*-RC1|*-rc1|*-RC2|*-rc2) +*-RELEASE|*-RELEASE-I386|*-RELEASE-i386|*-release|*-RC1|*-rc1|*-RC2|*-rc2|*-BETA1|*-BETA2|*-BETA3|*-BETA4|*-BETA5) ## check for FreeBSD releases name NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-2])$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') destroy_rel From e35024508e5a04e663a0910e627a936906c18911 Mon Sep 17 00:00:00 2001 From: Bike Dude Date: Sun, 14 Feb 2021 17:35:23 +0100 Subject: [PATCH 02/15] allow boostrapping BETA build --- usr/local/share/bastille/bootstrap.sh | 2 +- usr/local/share/bastille/create.sh | 2 +- usr/local/share/bastille/destroy.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index d8238668..e0d2cf76 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -372,7 +372,7 @@ case "${1}" in ;; *-RELEASE|*-release|*-RC1|*-rc1|*-RC2|*-rc2|*-BETA1|*-BETA2|*-BETA3|*-BETA4|*-BETA5) ## check for FreeBSD releases name - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2])$' | tr '[:lower:]' '[:upper:]') + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2]|-BETA[1-5])$' | tr '[:lower:]' '[:upper:]') UPSTREAM_URL="${bastille_url_freebsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_VERIFY}" PLATFORM_OS="FreeBSD" validate_release_url diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 774244cc..1562d600 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -488,7 +488,7 @@ if [ -z "${EMPTY_JAIL}" ]; then ;; *-RELEASE|*-RELEASE-I386|*-RELEASE-i386|*-release|*-RC1|*-rc1|*-RC2|*-rc2|*-BETA1|*-BETA2|*-BETA3|*-BETA4|*-BETA5) ## check for FreeBSD releases name - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-2])$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-2]|-BETA[1-5])$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') validate_release ;; *-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST) diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index e1e04dcb..f73509d3 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -202,7 +202,7 @@ case "${TARGET}" in ;; *-RELEASE|*-RELEASE-I386|*-RELEASE-i386|*-release|*-RC1|*-rc1|*-RC2|*-rc2|*-BETA1|*-BETA2|*-BETA3|*-BETA4|*-BETA5) ## check for FreeBSD releases name - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-2])$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-2]|-BETA[1-5])$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') destroy_rel ;; *-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST) From 214a3e9894acfdf2736e2a57318a2fae935f36ad Mon Sep 17 00:00:00 2001 From: Daniel Ziltener Date: Thu, 18 Feb 2021 20:13:28 +0100 Subject: [PATCH 03/15] Added option to have CP be quiet --- usr/local/share/bastille/cp.sh | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/cp.sh b/usr/local/share/bastille/cp.sh index 6c96f099..8253f8d3 100644 --- a/usr/local/share/bastille/cp.sh +++ b/usr/local/share/bastille/cp.sh @@ -32,7 +32,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille cp TARGET HOST_PATH CONTAINER_PATH" + error_exit "Usage: bastille cp TARGET HOST_PATH CONTAINER_PATH [CP_OPTIONS]" } # Handle special-case commands first. @@ -48,11 +48,21 @@ fi CPSOURCE="${1}" CPDEST="${2}" +OPTION="${3}" + +case "${OPTION}" in + -q|--quiet) + OPTION="-a" + ;; + *) + OPTION="-av" + ;; +esac for _jail in ${JAILS}; do info "[${_jail}]:" bastille_jail_path="${bastille_jailsdir}/${_jail}/root" - cp -av "${CPSOURCE}" "${bastille_jail_path}/${CPDEST}" + cp "${OPTION}" "${CPSOURCE}" "${bastille_jail_path}/${CPDEST}" RETURN="$?" if [ "${TARGET}" = "ALL" ]; then # Display the return status for reference From 39990b584b7bc93ddc9d1278d10e3d875f571089 Mon Sep 17 00:00:00 2001 From: Phil Krylov Date: Fri, 19 Feb 2021 17:34:34 +0300 Subject: [PATCH 04/15] Reflect bastille_zfs_mountpoint deprecation in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 891300e5..bfe1bfbf 100644 --- a/README.md +++ b/README.md @@ -215,7 +215,7 @@ Two values are required for Bastille to use ZFS. The default values in the bastille_zfs_enable="" ## default: "" bastille_zfs_zpool="" ## default: "" bastille_zfs_prefix="bastille" ## default: "${bastille_zfs_zpool}/bastille" -bastille_zfs_mountpoint=${bastille_prefix} ## default: "${bastille_prefix}" +bastille_prefix="/bastille" ## default: "/usr/local/bastille". ${bastille_zfs_prefix} gets mounted here bastille_zfs_options="-o compress=lz4 -o atime=off" ## default: "-o compress=lz4 -o atime=off" ``` From 2aa92042fd88d333d9654af1f850eb942f475ecb Mon Sep 17 00:00:00 2001 From: Daniel Ziltener Date: Fri, 19 Feb 2021 17:11:19 +0100 Subject: [PATCH 05/15] Adjustment for consistency --- usr/local/share/bastille/cp.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/usr/local/share/bastille/cp.sh b/usr/local/share/bastille/cp.sh index 8253f8d3..2d486ece 100644 --- a/usr/local/share/bastille/cp.sh +++ b/usr/local/share/bastille/cp.sh @@ -32,24 +32,28 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille cp TARGET HOST_PATH CONTAINER_PATH [CP_OPTIONS]" + error_exit "Usage: bastille cp [OPTION] TARGET HOST_PATH CONTAINER_PATH" } +CPSOURCE="${1}" +CPDEST="${2}" + # Handle special-case commands first. case "$1" in help|-h|--help) usage ;; +-q|--quiet) + OPTION="${1}" + CPSOURCE="${2}" + CPDEST="${3}" + ;; esac if [ $# -ne 2 ]; then usage fi -CPSOURCE="${1}" -CPDEST="${2}" -OPTION="${3}" - case "${OPTION}" in -q|--quiet) OPTION="-a" From 1710a09f6aa9ebd6d750b8777a5db22f61cea2cc Mon Sep 17 00:00:00 2001 From: Lucas Holt Date: Fri, 26 Feb 2021 16:55:56 -0500 Subject: [PATCH 06/15] Add preliminary support for MidnightBSD. --- usr/local/etc/bastille/bastille.conf.sample | 1 + usr/local/share/bastille/bootstrap.sh | 7 +++++++ usr/local/share/bastille/create.sh | 5 +++++ usr/local/share/bastille/pkg.sh | 6 +++++- usr/local/share/bastille/update.sh | 5 +++++ usr/local/share/bastille/upgrade.sh | 5 +++++ usr/local/share/bastille/verify.sh | 4 ++++ 7 files changed, 32 insertions(+), 1 deletion(-) diff --git a/usr/local/etc/bastille/bastille.conf.sample b/usr/local/etc/bastille/bastille.conf.sample index 344268e1..08bbfb0f 100644 --- a/usr/local/etc/bastille/bastille.conf.sample +++ b/usr/local/etc/bastille/bastille.conf.sample @@ -33,6 +33,7 @@ bastille_resolv_conf="/etc/resolv.conf" ## default ## bootstrap urls bastille_url_freebsd="http://ftp.freebsd.org/pub/FreeBSD/releases/" ## default: "http://ftp.freebsd.org/pub/FreeBSD/releases/" bastille_url_hardenedbsd="http://installer.hardenedbsd.org/pub/hardenedbsd/" ## default: "https://installer.hardenedbsd.org/pub/HardenedBSD/releases/" +bastille_url_midnightbsd="https://www.midnightbsd.org/ftp/MidnightBSD/releases/" ## default: "https://www.midnightbsd.org/pub/MidnightBSD/releases/" ## ZFS options bastille_zfs_enable="" ## default: "" diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index e0d2cf76..bac958c9 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -363,6 +363,13 @@ fi ## Filter sane release names case "${1}" in +2.[0-9]*) + ## check for MidnightBSD releases name + NAME_VERIFY=$(echo ${RELEASE}) + UPSTREAM_URL="${bastille_url_midnightbsd}${HW_MACHINE_ARCH}/${NAME_VERIFY}" + PLATFORM_OS="MidnightBSD" + validate_release_url + ;; *-CURRENT|*-current) ## check for FreeBSD releases name NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-CURRENT)$' | tr '[:lower:]' '[:upper:]') diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 1562d600..c0c81d41 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -481,6 +481,11 @@ fi if [ -z "${EMPTY_JAIL}" ]; then ## verify release case "${RELEASE}" in + 2.[0-9]*) + ## check for MidnightBSD releases name + NAME_VERIFY=$(echo "${RELEASE}") + validate_release + ;; *-CURRENT|*-CURRENT-I386|*-CURRENT-i386|*-current) ## check for FreeBSD releases name NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-CURRENT|-CURRENT-i386)$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') diff --git a/usr/local/share/bastille/pkg.sh b/usr/local/share/bastille/pkg.sh index 03e82702..dd70cd49 100644 --- a/usr/local/share/bastille/pkg.sh +++ b/usr/local/share/bastille/pkg.sh @@ -47,6 +47,10 @@ fi for _jail in ${JAILS}; do info "[${_jail}]:" - jexec -l "${_jail}" /usr/sbin/pkg "$@" + if [ -f ${_jail}/usr/sbin/pkg ]; then + jexec -l "${_jail}" /usr/sbin/pkg "$@" + else + jexec -l "${_jail}" /usr/sbin/mport "$@" + fi echo done diff --git a/usr/local/share/bastille/update.sh b/usr/local/share/bastille/update.sh index 848f12d6..9a56628e 100644 --- a/usr/local/share/bastille/update.sh +++ b/usr/local/share/bastille/update.sh @@ -64,6 +64,11 @@ if [ "${TARGET}" = "ALL" ]; then error_exit "Batch upgrade is unsupported." fi +if [ -f /bin/midnightbsd-version ]; then + echo -e "${COLOR_RED}Not yet supported on MidnightBSD.${COLOR_RESET}" + exit 1 +fi + if freebsd-version | grep -qi HBSD; then error_exit "Not yet supported on HardenedBSD." fi diff --git a/usr/local/share/bastille/upgrade.sh b/usr/local/share/bastille/upgrade.sh index 52c9c295..41e4ae57 100644 --- a/usr/local/share/bastille/upgrade.sh +++ b/usr/local/share/bastille/upgrade.sh @@ -55,6 +55,11 @@ if [ "${TARGET}" = "ALL" ]; then error_exit "Batch upgrade is unsupported." fi +if [ -f /bin/midnightbsd-version ]; then + echo -e "${COLOR_RED}Not yet supported on MidnightBSD.${COLOR_RESET}" + exit 1 +fi + if freebsd-version | grep -qi HBSD; then error_exit "Not yet supported on HardenedBSD." fi diff --git a/usr/local/share/bastille/verify.sh b/usr/local/share/bastille/verify.sh index 35be046b..da88ee5e 100644 --- a/usr/local/share/bastille/verify.sh +++ b/usr/local/share/bastille/verify.sh @@ -36,6 +36,10 @@ bastille_usage() { } verify_release() { + if [ -f /bin/midnightbsd-version ]; then + echo -e "${COLOR_RED}Not yet supported on MidnightBSD.${COLOR_RESET}" + exit 1 + fi if freebsd-version | grep -qi HBSD; then error_exit "Not yet supported on HardenedBSD." fi From 54697cf77a88404e8469af582aa354aede7126b9 Mon Sep 17 00:00:00 2001 From: Lucas Holt Date: Sat, 27 Feb 2021 00:13:01 -0500 Subject: [PATCH 07/15] Fix the file test for FreeBSD/HBSD --- usr/local/share/bastille/pkg.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/pkg.sh b/usr/local/share/bastille/pkg.sh index dd70cd49..989c1906 100644 --- a/usr/local/share/bastille/pkg.sh +++ b/usr/local/share/bastille/pkg.sh @@ -47,7 +47,7 @@ fi for _jail in ${JAILS}; do info "[${_jail}]:" - if [ -f ${_jail}/usr/sbin/pkg ]; then + if [ -f /usr/sbin/pkg ]; then jexec -l "${_jail}" /usr/sbin/pkg "$@" else jexec -l "${_jail}" /usr/sbin/mport "$@" From f5e93e4b1ab40b30e78570cc1127847745e3dc08 Mon Sep 17 00:00:00 2001 From: Christer Edwards Date: Sun, 28 Feb 2021 13:08:42 -0700 Subject: [PATCH 08/15] revert default template link; error->notify for bootstrap --- usr/local/share/bastille/bootstrap.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index e0d2cf76..643e4ae0 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -178,7 +178,6 @@ bootstrap_directories() { else mkdir -p "${bastille_templatesdir}" fi - ln -s "${bastille_sharedir}/templates/default" "${bastille_templatesdir}/default" fi ## ${bastille_releasesdir} @@ -216,7 +215,7 @@ bootstrap_release() { ## check if release already bootstrapped, else continue bootstrapping if [ -z "${bastille_bootstrap_archives}" ]; then - error_exit "Bootstrap appears complete." + error_notify "Bootstrap appears complete." else info "Bootstrapping additional distfiles..." fi From dd3b2e8e62f19d2c276a0b19a3b1267c4520dfcf Mon Sep 17 00:00:00 2001 From: Daniel Dowse Date: Wed, 3 Mar 2021 15:20:16 +0100 Subject: [PATCH 09/15] If dual stack ip6 gw will be last will be the last output line of netstat ... comand in _gateway --- usr/local/share/bastille/create.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 1562d600..abdb215f 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -383,7 +383,11 @@ create_jail() { if [ -n "${bastille_network_gateway}" ]; then _gateway="${bastille_network_gateway}" else - _gateway="$(netstat -rn | awk '/default/ {print $2}')" + if [ -z ${ip6} ]; then + _gateway="$(netstat -4rn | awk '/default/ {print $2}')" + else + _gateway="$(netstat -6rn | awk '/default/ {print $2}')" + fi fi fi bastille template "${NAME}" ${bastille_template_vnet} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}" --arg EPAIR="${uniq_epair}" --arg GATEWAY="${_gateway}" --arg IFCONFIG="${_ifconfig}" From 296236f79300e3ebe7c60d2f6a919ec87c0b3077 Mon Sep 17 00:00:00 2001 From: Daniel Dowse Date: Wed, 3 Mar 2021 18:56:24 +0100 Subject: [PATCH 10/15] Tabs to spaces --- usr/local/share/bastille/create.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index abdb215f..d18e574c 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -383,11 +383,11 @@ create_jail() { if [ -n "${bastille_network_gateway}" ]; then _gateway="${bastille_network_gateway}" else - if [ -z ${ip6} ]; then - _gateway="$(netstat -4rn | awk '/default/ {print $2}')" - else - _gateway="$(netstat -6rn | awk '/default/ {print $2}')" - fi + if [ -z ${ip6} ]; then + _gateway="$(netstat -4rn | awk '/default/ {print $2}')" + else + _gateway="$(netstat -6rn | awk '/default/ {print $2}')" + fi fi fi bastille template "${NAME}" ${bastille_template_vnet} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}" --arg EPAIR="${uniq_epair}" --arg GATEWAY="${_gateway}" --arg IFCONFIG="${_ifconfig}" From 15ef0053371b1e7e6733a6992e6252321b7d3c1f Mon Sep 17 00:00:00 2001 From: Bike Dude Date: Thu, 18 Mar 2021 14:00:21 +0100 Subject: [PATCH 11/15] IPv6 hint for pf.conf --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index bfe1bfbf..5d6841a7 100644 --- a/README.md +++ b/README.md @@ -138,6 +138,8 @@ pass in inet proto tcp from any to any port ssh flags S/SA keep state ## make sure you also open up ports that you are going to use for dynamic rdr # pass in inet proto tcp from any to any port : flags S/SA keep state # pass in inet proto udp from any to any port : flags S/SA keep state +## for IPv6 networks please uncomment the following rule +#pass inet6 proto icmp6 icmp6-type { echoreq, routersol, routeradv, neighbradv, neighbrsol } ``` From b5044a2ddb8f573247d17c6ed5f707ab8e2577d2 Mon Sep 17 00:00:00 2001 From: Bike Dude Date: Thu, 18 Mar 2021 14:01:57 +0100 Subject: [PATCH 12/15] IPv6 hint for pf.conf --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5d6841a7..07865bac 100644 --- a/README.md +++ b/README.md @@ -139,7 +139,7 @@ pass in inet proto tcp from any to any port ssh flags S/SA keep state # pass in inet proto tcp from any to any port : flags S/SA keep state # pass in inet proto udp from any to any port : flags S/SA keep state ## for IPv6 networks please uncomment the following rule -#pass inet6 proto icmp6 icmp6-type { echoreq, routersol, routeradv, neighbradv, neighbrsol } +# pass inet6 proto icmp6 icmp6-type { echoreq, routersol, routeradv, neighbradv, neighbrsol } ``` From 53ae7fe744c7eb58d01935819151f3b13fe78c05 Mon Sep 17 00:00:00 2001 From: Bike Dude Date: Mon, 22 Mar 2021 20:48:50 +0100 Subject: [PATCH 13/15] Warn if fstab exists --- usr/local/share/bastille/mount.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index 550257a6..82147350 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -110,6 +110,7 @@ for _jail in ${JAILS}; do fi echo "Added: ${_fstab_entry}" else + warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" egrep "[[:blank:]]${_jailpath}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" fi mount -F "${bastille_jailsdir}/${_jail}/fstab" -a From f0d41580b8e54bb28fb62b4fde4feb8dca0b7e0e Mon Sep 17 00:00:00 2001 From: Bike Dude Date: Sat, 3 Apr 2021 17:47:50 +0200 Subject: [PATCH 14/15] add RC3/4 support --- usr/local/share/bastille/bootstrap.sh | 4 ++-- usr/local/share/bastille/destroy.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 82d03923..2fe60d77 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -376,9 +376,9 @@ case "${1}" in PLATFORM_OS="FreeBSD" validate_release_url ;; -*-RELEASE|*-release|*-RC1|*-rc1|*-RC2|*-rc2|*-BETA1|*-BETA2|*-BETA3|*-BETA4|*-BETA5) +*-RELEASE|*-release|*-RC1|*-rc1|*-RC2|*-rc2|*-RC3|*-rc3|*-RC4|*-rc4|*-BETA1|*-BETA2|*-BETA3|*-BETA4|*-BETA5) ## check for FreeBSD releases name - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2]|-BETA[1-5])$' | tr '[:lower:]' '[:upper:]') + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-4]|-BETA[1-5])$' | tr '[:lower:]' '[:upper:]') UPSTREAM_URL="${bastille_url_freebsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_VERIFY}" PLATFORM_OS="FreeBSD" validate_release_url diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index f73509d3..dee625fc 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -200,9 +200,9 @@ case "${TARGET}" in NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})\.[0-9](-CURRENT|-CURRENT-i386)$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') destroy_rel ;; -*-RELEASE|*-RELEASE-I386|*-RELEASE-i386|*-release|*-RC1|*-rc1|*-RC2|*-rc2|*-BETA1|*-BETA2|*-BETA3|*-BETA4|*-BETA5) +*-RELEASE|*-RELEASE-I386|*-RELEASE-i386|*-release|*-RC1|*-rc1|*-RC2|*-rc2|*-RC3|*-rc3|*-RC4|*-rc4|*-BETA1|*-BETA2|*-BETA3|*-BETA4|*-BETA5) ## check for FreeBSD releases name - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-2]|-BETA[1-5])$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-4]|-BETA[1-5])$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') destroy_rel ;; *-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST) From 2278b3b4d5022b5c575840117dbe069ee0c0705a Mon Sep 17 00:00:00 2001 From: Bike Dude Date: Sat, 3 Apr 2021 18:01:29 +0200 Subject: [PATCH 15/15] RC5 --- usr/local/share/bastille/bootstrap.sh | 4 ++-- usr/local/share/bastille/destroy.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 2fe60d77..15e5cf8d 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -376,9 +376,9 @@ case "${1}" in PLATFORM_OS="FreeBSD" validate_release_url ;; -*-RELEASE|*-release|*-RC1|*-rc1|*-RC2|*-rc2|*-RC3|*-rc3|*-RC4|*-rc4|*-BETA1|*-BETA2|*-BETA3|*-BETA4|*-BETA5) +*-RELEASE|*-release|*-RC1|*-rc1|*-RC2|*-rc2|*-RC3|*-rc3|*-RC4|*-rc4|*-RC5|*-rc5|*-BETA1|*-BETA2|*-BETA3|*-BETA4|*-BETA5) ## check for FreeBSD releases name - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-4]|-BETA[1-5])$' | tr '[:lower:]' '[:upper:]') + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-5]|-BETA[1-5])$' | tr '[:lower:]' '[:upper:]') UPSTREAM_URL="${bastille_url_freebsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_VERIFY}" PLATFORM_OS="FreeBSD" validate_release_url diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index dee625fc..bc47aa5b 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -200,9 +200,9 @@ case "${TARGET}" in NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})\.[0-9](-CURRENT|-CURRENT-i386)$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') destroy_rel ;; -*-RELEASE|*-RELEASE-I386|*-RELEASE-i386|*-release|*-RC1|*-rc1|*-RC2|*-rc2|*-RC3|*-rc3|*-RC4|*-rc4|*-BETA1|*-BETA2|*-BETA3|*-BETA4|*-BETA5) +*-RELEASE|*-RELEASE-I386|*-RELEASE-i386|*-release|*-RC1|*-rc1|*-RC2|*-rc2|*-RC3|*-rc3|*-RC4|*-rc4|*-RC5|*-rc5|*-BETA1|*-BETA2|*-BETA3|*-BETA4|*-BETA5) ## check for FreeBSD releases name - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-4]|-BETA[1-5])$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-5]|-BETA[1-5])$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') destroy_rel ;; *-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST)