From 84cc8cb103a1e06f0e9f1a87af6bfab420253fcc Mon Sep 17 00:00:00 2001 From: Jose Date: Sat, 8 Feb 2020 09:10:17 -0400 Subject: [PATCH 1/7] Cleanup unused code, display related platform OS while bootstrapping for reference --- usr/local/share/bastille/bootstrap.sh | 21 ++++++++++++++------- usr/local/share/bastille/create.sh | 10 +++++----- usr/local/share/bastille/destroy.sh | 10 +++++----- 3 files changed, 24 insertions(+), 17 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index c9fb8694..f6b6969f 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -74,6 +74,7 @@ validate_release_url() { echo -e "${COLOR_RED}Unable to fetch MANIFEST, See 'bootstrap urls'.${COLOR_RESET}" exit 1 fi + echo -e "${COLOR_GREEN}Bootstrapping ${PLATFORM_OS} distfiles...${COLOR_RESET}" bootstrap_directories bootstrap_release else @@ -426,44 +427,50 @@ case "${1}" in ## check for FreeBSD releases name NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2])$' | tr '[:lower:]' '[:upper:]') UPSTREAM_URL="${bastille_url_freebsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_VERIFY}" + PLATFORM_OS="FreeBSD" validate_release_url ;; *-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST) ## check for HardenedBSD releases name(previous infrastructure, keep for reference) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})(-stable-LAST|-STABLE-last|-stable-last|-STABLE-LAST)$' | sed 's/STABLE/stable/g' | sed 's/last/LAST/g') + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})(-stable-last)$' | sed 's/STABLE/stable/g' | sed 's/last/LAST/g') UPSTREAM_URL="${bastille_url_hardenedbsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/hardenedbsd-${NAME_VERIFY}" + PLATFORM_OS="HardenedBSD" validate_release_url ;; *-stable-build-[0-9]*|*-STABLE-BUILD-[0-9]*) ## check for HardenedBSD(specific stable build releases) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build|-STABLE-BUILD)-([0-9]{1,3})$' | sed 's/BUILD/build/g' | sed 's/STABLE/stable/g') + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build)-([0-9]{1,3})$' | sed 's/BUILD/build/g' | sed 's/STABLE/stable/g') NAME_RELEASE=$(echo ${NAME_VERIFY} | sed 's/-build-[0-9]\{1,2\}//g') NAME_BUILD=$(echo ${NAME_VERIFY} | sed 's/[0-9]\{1,2\}-stable-//g') UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_BUILD}" + PLATFORM_OS="HardenedBSD" validate_release_url ;; *-stable-build-latest|*-STABLE-BUILD-LATEST) ## check for HardenedBSD(latest stable build release) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build-latest|-STABLE-BUILD-LATEST)$' | sed 's/STABLE/stable/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') NAME_RELEASE=$(echo ${NAME_VERIFY} | sed 's/-BUILD-LATEST//g') NAME_BUILD=$(echo ${NAME_VERIFY} | sed 's/[0-9]\{1,2\}-stable-//g') UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_BUILD}" + PLATFORM_OS="HardenedBSD" validate_release_url ;; -current-build-[0-9]*|*-CURRENT-BUILD-[0-9]*) +current-build-[0-9]*|CURRENT-BUILD-[0-9]*) ## check for HardenedBSD(specific current build releases) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build|-CURRENT-BUILD)-([0-9]{1,3})' | sed 's/BUILD/build/g' | sed 's/CURRENT/current/g') + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build)-([0-9]{1,3})' | sed 's/BUILD/build/g' | sed 's/CURRENT/current/g') NAME_RELEASE=$(echo ${NAME_VERIFY} | sed 's/current-.*/current/g') NAME_BUILD=$(echo ${NAME_VERIFY} | sed 's/current-//g') UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_BUILD}" + PLATFORM_OS="HardenedBSD" validate_release_url ;; -current-build-latest|*-CURRENT-BUILD-LATEST) +current-build-latest|CURRENT-BUILD-LATEST) ## check for HardenedBSD(latest current build release) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build-latest|-CURRENT-BUILD-LATEST)' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build-latest)' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') NAME_RELEASE=$(echo ${NAME_VERIFY} | sed 's/current-.*/current/g') NAME_BUILD=$(echo ${NAME_VERIFY} | sed 's/current-//g') UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_BUILD}" + PLATFORM_OS="HardenedBSD" validate_release_url ;; http?://github.com/*/*|http?://gitlab.com/*/*) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 106a2292..e8db3e85 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -346,27 +346,27 @@ case "${RELEASE}" in ;; *-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST) ## check for HardenedBSD releases name(previous infrastructure) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})(-stable-LAST|-STABLE-last|-stable-last|-STABLE-LAST)$' | sed 's/STABLE/stable/g' | sed 's/last/LAST/g') + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})(-stable-last)$' | sed 's/STABLE/stable/g' | sed 's/last/LAST/g') validate_release ;; *-stable-build-[0-9]*|*-STABLE-BUILD-[0-9]*) ## check for HardenedBSD(specific stable build releases) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build|-STABLE-BUILD)-([0-9]{1,3})$' | sed 's/BUILD/build/g' | sed 's/STABLE/stable/g') + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build)-([0-9]{1,3})$' | sed 's/BUILD/build/g' | sed 's/STABLE/stable/g') validate_release ;; *-stable-build-latest|*-STABLE-BUILD-LATEST) ## check for HardenedBSD(latest stable build release) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build-latest|-STABLE-BUILD-LATEST)$' | sed 's/STABLE/stable/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') validate_release ;; current-build-[0-9]*|CURRENT-BUILD-[0-9]*) ## check for HardenedBSD(specific current build releases) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build|-CURRENT-BUILD)-([0-9]{1,3})' | sed 's/BUILD/build/g' | sed 's/CURRENT/current/g') + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build)-([0-9]{1,3})' | sed 's/BUILD/build/g' | sed 's/CURRENT/current/g') validate_release ;; current-build-latest|CURRENT-BUILD-LATEST) ## check for HardenedBSD(latest current build release) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build-latest|-CURRENT-BUILD-LATEST)' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build-latest)' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') validate_release ;; *) diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index b9b07091..63983eb6 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -184,27 +184,27 @@ case "${TARGET}" in ;; *-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST) ## check for HardenedBSD releases name - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})(-stable-LAST|-STABLE-last|-stable-last|-STABLE-LAST)$' | sed 's/STABLE/stable/g' | sed 's/last/LAST/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})(-stable-last)$' | sed 's/STABLE/stable/g' | sed 's/last/LAST/g') destroy_rel ;; *-stable-build-[0-9]*|*-STABLE-BUILD-[0-9]*) ## check for HardenedBSD(specific stable build releases) - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '([0-9]{1,2})(-stable-build|-STABLE-BUILD)-([0-9]{1,3})$' | sed 's/BUILD/build/g' | sed 's/STABLE/stable/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '([0-9]{1,2})(-stable-build)-([0-9]{1,3})$' | sed 's/BUILD/build/g' | sed 's/STABLE/stable/g') destroy_rel ;; *-stable-build-latest|*-STABLE-BUILD-LATEST) ## check for HardenedBSD(latest stable build release) - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '([0-9]{1,2})(-stable-build-latest|-STABLE-BUILD-LATEST)$' | sed 's/STABLE/stable/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') destroy_rel ;; current-build-[0-9]*|CURRENT-BUILD-[0-9]*) ## check for HardenedBSD(specific current build releases) - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(current-build|-CURRENT-BUILD)-([0-9]{1,3})' | sed 's/BUILD/build/g' | sed 's/CURRENT/current/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(current-build)-([0-9]{1,3})' | sed 's/BUILD/build/g' | sed 's/CURRENT/current/g') destroy_rel ;; current-build-latest|CURRENT-BUILD-LATEST) ## check for HardenedBSD(latest current build release) - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(current-build-latest|-CURRENT-BUILD-LATEST)$' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(current-build-latest)$' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') destroy_rel ;; *) From 206d6a59e9920e84adace8f3803d555523e3f624 Mon Sep 17 00:00:00 2001 From: Jose Date: Mon, 10 Feb 2020 14:03:28 -0400 Subject: [PATCH 2/7] Ability to rename containers in both ZFS and UFS platforms --- usr/local/bin/bastille | 3 +- usr/local/share/bastille/rename.sh | 127 +++++++++++++++++++++++++++++ 2 files changed, 129 insertions(+), 1 deletion(-) create mode 100644 usr/local/share/bastille/rename.sh diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index 936d08df..9298b906 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -94,6 +94,7 @@ Available Commands: list List containers (running and stopped). pkg Manipulate binary packages within targeted container(s). See pkg(8). rdr Redirect host port to container port. + rename Rename a container. restart Restart a running container. service Manage services within targeted container(s). start Start a stopped container. @@ -135,7 +136,7 @@ bootstrap|cmd|console|convert|cp|create) ;; destroy|export|htop|import|limits|list) ;; -pkg|rdr|restart|service|start|stop|sysrc) +pkg|rdr|rename|restart|service|start|stop|sysrc) ;; template|top|update|upgrade|verify|zfs) ;; diff --git a/usr/local/share/bastille/rename.sh b/usr/local/share/bastille/rename.sh new file mode 100644 index 00000000..f0838398 --- /dev/null +++ b/usr/local/share/bastille/rename.sh @@ -0,0 +1,127 @@ +#!/bin/sh +# +# Copyright (c) 2018-2020, Christer Edwards +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# * Neither the name of the copyright holder nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +. /usr/local/share/bastille/colors.pre.sh +. /usr/local/etc/bastille/bastille.conf + +usage() { + echo -e "${COLOR_RED}Usage: bastille rename [TARGET] [NEW_NAME].${COLOR_RESET}" + exit 1 +} + +error_notify() { + # Notify message on error and exit + echo -e "$*" >&2 + exit 1 +} + +# Handle special-case commands first +case "$1" in +help|-h|--help) + usage + ;; +esac + +if [ $# -gt 2 ] || [ $# -lt 2 ]; then + usage +fi + +TARGET="${1}" +NEWNAME="${2}" +shift + +update_jailconf() { + # Update jail.conf + JAIL_CONFIG="${bastille_jailsdir}/${NEWNAME}/jail.conf" + if [ -f "${JAIL_CONFIG}" ]; then + if ! grep -qw "path = ${bastille_jailsdir}/${NEWNAME}/root;" ${JAIL_CONFIG}; then + sed -i '' "s|host.hostname = ${TARGET};|host.hostname = ${NEWNAME};|" ${JAIL_CONFIG} + sed -i '' "s|exec.consolelog = .*;|exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log;|" ${JAIL_CONFIG} + sed -i '' "s|path = .*;|path = ${bastille_jailsdir}/${NEWNAME}/root;|" ${JAIL_CONFIG} + sed -i '' "s|mount.fstab = .*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" ${JAIL_CONFIG} + sed -i '' "s|${TARGET} {|${NEWNAME} {|" ${JAIL_CONFIG} + fi + fi +} + +update_fstab() { + # Update fstab .bastille mountpoint on thin containers only + # Set some variables + FSTAB_CONFIG="${bastille_jailsdir}/${NEWNAME}/fstab" + FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2]|-stable-build-[0-9]{1,3})' ${FSTAB_CONFIG}) + FSTAB_CURRENT=$(grep -w ".*/releases/.*/jails/${TARGET}/root/.bastille" ${FSTAB_CONFIG}) + FSTAB_NEWCONF="${bastille_releasesdir}/${FSTAB_RELEASE} ${bastille_jailsdir}/${NEWNAME}/root/.bastille nullfs ro 0 0" + if [ -n "${FSTAB_CURRENT}" ] && [ -n "${FSTAB_NEWCONF}" ]; then + # If both variables are set, update as needed + if ! grep -qw "${bastille_releasesdir}/${FSTAB_RELEASE}.*${bastille_jailsdir}/${NEWNAME}/root/.bastille" ${FSTAB_CONFIG}; then + sed -i '' "s|${FSTAB_CURRENT}|${FSTAB_NEWCONF}|" ${FSTAB_CONFIG} + fi + fi +} + +change_name() { + # Attempt container name change + if [ -d "${bastille_jailsdir}/${TARGET}" ]; then + echo -e "${COLOR_GREEN}Attempting to rename '${TARGET}' to ${NEWNAME}...${COLOR_RESET}" + if [ "${bastille_zfs_enable}" = "YES" ]; then + if [ ! -z "${bastille_zfs_zpool}" ]; then + # Rename ZFS dataset and mount points accordingly + zfs rename ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET} ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NEWNAME} + zfs set mountpoint=${bastille_jailsdir}/${NEWNAME}/root ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NEWNAME}/root + fi + else + # Just rename the jail directory + mv ${bastille_jailsdir}/${TARGET} ${bastille_jailsdir}/${NEWNAME} + fi + else + error_notify "${COLOR_RED}${TARGET} not found. See bootstrap.${COLOR_RESET}" + fi + + # Update jail configuration files accordingly + update_jailconf + update_fstab + + # Remove the old jail directory if exist + if [ -d "${bastille_jailsdir}/${TARGET}" ]; then + rm -r ${bastille_jailsdir}/${TARGET} + fi + if [ $? -ne 0 ]; then + error_notify "${COLOR_RED}An error has occurred while attempting to rename '${TARGET}'.${COLOR_RESET}" + else + echo -e "${COLOR_GREEN}Renamed '${TARGET}' to '${NEWNAME}' successfully.${COLOR_RESET}" + fi +} + +# Check if container is running +if [ -n "$(jls name | awk "/^${TARGET}$/")" ]; then + error_notify "${COLOR_RED}${TARGET} is running, See `bastille stop`.${COLOR_RESET}" +fi + +change_name From 0e93832a302151ef5d8b704a97aa0fae43ef7d3d Mon Sep 17 00:00:00 2001 From: Jose Date: Mon, 10 Feb 2020 14:10:00 -0400 Subject: [PATCH 3/7] Minor change, update comment --- usr/local/share/bastille/rename.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/usr/local/share/bastille/rename.sh b/usr/local/share/bastille/rename.sh index f0838398..8e08ba0e 100644 --- a/usr/local/share/bastille/rename.sh +++ b/usr/local/share/bastille/rename.sh @@ -72,8 +72,7 @@ update_jailconf() { } update_fstab() { - # Update fstab .bastille mountpoint on thin containers only - # Set some variables + # Update fstab to use the new name FSTAB_CONFIG="${bastille_jailsdir}/${NEWNAME}/fstab" FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2]|-stable-build-[0-9]{1,3})' ${FSTAB_CONFIG}) FSTAB_CURRENT=$(grep -w ".*/releases/.*/jails/${TARGET}/root/.bastille" ${FSTAB_CONFIG}) From d1709b71996ddd2702845939b521fa6aadb05e73 Mon Sep 17 00:00:00 2001 From: Jose Date: Mon, 10 Feb 2020 15:22:41 -0400 Subject: [PATCH 4/7] Add HardenedBSD support for convert, import and rename commands --- usr/local/share/bastille/convert.sh | 7 +------ usr/local/share/bastille/create.sh | 4 ++-- usr/local/share/bastille/import.sh | 2 +- usr/local/share/bastille/rename.sh | 2 +- 4 files changed, 5 insertions(+), 10 deletions(-) diff --git a/usr/local/share/bastille/convert.sh b/usr/local/share/bastille/convert.sh index b56df2d7..554cfea9 100644 --- a/usr/local/share/bastille/convert.sh +++ b/usr/local/share/bastille/convert.sh @@ -115,7 +115,7 @@ start_convert() { echo -e "${COLOR_GREEN}Converting '${TARGET}' into a thickjail, this may take a while...${COLOR_RESET}" # Set some variables - RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2])' ${bastille_jailsdir}/${TARGET}/fstab) + RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2])|([0-9]{1,2}-stable-build-[0-9]{1,3})|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)|(current-BUILD-LATEST)' ${bastille_jailsdir}/${TARGET}/fstab) FSTABMOD=$(grep -w "${bastille_releasesdir}/${RELEASE} ${bastille_jailsdir}/${TARGET}/root/.bastille" ${bastille_jailsdir}/${TARGET}/fstab) SYMLINKS="bin boot lib libexec rescue sbin usr/bin usr/include usr/lib usr/lib32 usr/libdata usr/libexec usr/ports usr/sbin usr/share usr/src" @@ -139,11 +139,6 @@ start_convert() { fi } -# Check compatibility -if [ -n "$(freebsd-version | grep -i HBSD)" ]; then - error_notify "${COLOR_RED}Not yet supported on HardenedBSD.${COLOR_RESET}" -fi - # Check if container is running if [ -n "$(jls name | awk "/^${TARGET}$/")" ]; then error_notify "${COLOR_RED}${TARGET} is running, See `bastille stop`.${COLOR_RESET}" diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index e8db3e85..ba502f9e 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -354,7 +354,7 @@ case "${RELEASE}" in NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build)-([0-9]{1,3})$' | sed 's/BUILD/build/g' | sed 's/STABLE/stable/g') validate_release ;; -*-stable-build-latest|*-STABLE-BUILD-LATEST) +*-stable-build-latest|*-stable-BUILD-LATEST|*-STABLE-BUILD-LATEST) ## check for HardenedBSD(latest stable build release) NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') validate_release @@ -364,7 +364,7 @@ current-build-[0-9]*|CURRENT-BUILD-[0-9]*) NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build)-([0-9]{1,3})' | sed 's/BUILD/build/g' | sed 's/CURRENT/current/g') validate_release ;; -current-build-latest|CURRENT-BUILD-LATEST) +current-build-latest|current-BUILD-LATEST|CURRENT-BUILD-LATEST) ## check for HardenedBSD(latest current build release) NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build-latest)' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') validate_release diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index 4e886df8..0c1c34a4 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -97,7 +97,7 @@ update_fstab() { # Update fstab .bastille mountpoint on thin containers only # Set some variables FSTAB_CONFIG="${bastille_jailsdir}/${TARGET_TRIM}/fstab" - FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2]|-stable-build-[0-9]{1,3})' ${FSTAB_CONFIG}) + FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2])|([0-9]{1,2}-stable-build-[0-9]{1,3})|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)|(current-BUILD-LATEST)' ${FSTAB_CONFIG}) FSTAB_CURRENT=$(grep -w ".*/releases/.*/jails/${TARGET_TRIM}/root/.bastille" ${FSTAB_CONFIG}) FSTAB_NEWCONF="${bastille_releasesdir}/${FSTAB_RELEASE} ${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille nullfs ro 0 0" if [ -n "${FSTAB_CURRENT}" ] && [ -n "${FSTAB_NEWCONF}" ]; then diff --git a/usr/local/share/bastille/rename.sh b/usr/local/share/bastille/rename.sh index 8e08ba0e..49f3709a 100644 --- a/usr/local/share/bastille/rename.sh +++ b/usr/local/share/bastille/rename.sh @@ -74,7 +74,7 @@ update_jailconf() { update_fstab() { # Update fstab to use the new name FSTAB_CONFIG="${bastille_jailsdir}/${NEWNAME}/fstab" - FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2]|-stable-build-[0-9]{1,3})' ${FSTAB_CONFIG}) + FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2])|([0-9]{1,2}-stable-build-[0-9]{1,3})|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)|(current-BUILD-LATEST)' ${FSTAB_CONFIG}) FSTAB_CURRENT=$(grep -w ".*/releases/.*/jails/${TARGET}/root/.bastille" ${FSTAB_CONFIG}) FSTAB_NEWCONF="${bastille_releasesdir}/${FSTAB_RELEASE} ${bastille_jailsdir}/${NEWNAME}/root/.bastille nullfs ro 0 0" if [ -n "${FSTAB_CURRENT}" ] && [ -n "${FSTAB_NEWCONF}" ]; then From fe012c44f0ee1975d7acbac3dd4bf1077c3f81fd Mon Sep 17 00:00:00 2001 From: Jose Date: Mon, 10 Feb 2020 15:39:14 -0400 Subject: [PATCH 5/7] Update HardenedBSD options in destroy command too --- usr/local/share/bastille/destroy.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index 63983eb6..cffd83ff 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -192,7 +192,7 @@ case "${TARGET}" in NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '([0-9]{1,2})(-stable-build)-([0-9]{1,3})$' | sed 's/BUILD/build/g' | sed 's/STABLE/stable/g') destroy_rel ;; -*-stable-build-latest|*-STABLE-BUILD-LATEST) +*-stable-build-latest|*-stable-BUILD-LATEST|*-STABLE-BUILD-LATEST) ## check for HardenedBSD(latest stable build release) NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') destroy_rel @@ -202,7 +202,7 @@ current-build-[0-9]*|CURRENT-BUILD-[0-9]*) NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(current-build)-([0-9]{1,3})' | sed 's/BUILD/build/g' | sed 's/CURRENT/current/g') destroy_rel ;; -current-build-latest|CURRENT-BUILD-LATEST) +current-build-latest|current-BUILD-LATEST|CURRENT-BUILD-LATEST) ## check for HardenedBSD(latest current build release) NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(current-build-latest)$' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') destroy_rel From bf0bffd30fbb1276cbc2fc0b95bf0091be1b1bb5 Mon Sep 17 00:00:00 2001 From: Jose Date: Tue, 11 Feb 2020 17:27:02 -0400 Subject: [PATCH 6/7] Update HardenedBSD options in bootstrap command too --- usr/local/share/bastille/bootstrap.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index f6b6969f..41f9d325 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -446,7 +446,7 @@ case "${1}" in PLATFORM_OS="HardenedBSD" validate_release_url ;; -*-stable-build-latest|*-STABLE-BUILD-LATEST) +*-stable-build-latest|*-stable-BUILD-LATEST|*-STABLE-BUILD-LATEST) ## check for HardenedBSD(latest stable build release) NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') NAME_RELEASE=$(echo ${NAME_VERIFY} | sed 's/-BUILD-LATEST//g') @@ -464,7 +464,7 @@ current-build-[0-9]*|CURRENT-BUILD-[0-9]*) PLATFORM_OS="HardenedBSD" validate_release_url ;; -current-build-latest|CURRENT-BUILD-LATEST) +current-build-latest|current-BUILD-LATEST|CURRENT-BUILD-LATEST) ## check for HardenedBSD(latest current build release) NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build-latest)' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') NAME_RELEASE=$(echo ${NAME_VERIFY} | sed 's/current-.*/current/g') From 1d1ea761fe32f62dcc7f2d522ec5094074efc1bd Mon Sep 17 00:00:00 2001 From: Jose Date: Tue, 11 Feb 2020 17:43:52 -0400 Subject: [PATCH 7/7] Display corresponding platform OS while extracting distfiles --- usr/local/share/bastille/bootstrap.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 41f9d325..62beef6c 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -300,7 +300,7 @@ bootstrap_release() { ## check if the dist files already exists then extract FETCH_VALIDATION="0" if [ -f "${bastille_cachedir}/${RELEASE}/${_archive}.txz" ]; then - echo -e "${COLOR_GREEN}Extracting FreeBSD ${RELEASE} ${_archive}.txz.${COLOR_RESET}" + echo -e "${COLOR_GREEN}Extracting ${PLATFORM_OS} ${RELEASE} ${_archive}.txz.${COLOR_RESET}" /usr/bin/tar -C "${bastille_releasesdir}/${RELEASE}" -xf "${bastille_cachedir}/${RELEASE}/${_archive}.txz" if [ $? -ne 0 ]; then echo -e "${COLOR_RED}Failed to extract ${_archive}.txz.${COLOR_RESET}" @@ -364,7 +364,7 @@ bootstrap_release() { ## extract the fetched dist files if [ -f "${bastille_cachedir}/${RELEASE}/${_archive}.txz" ]; then - echo -e "${COLOR_GREEN}Extracting FreeBSD ${RELEASE} ${_archive}.txz.${COLOR_RESET}" + echo -e "${COLOR_GREEN}Extracting ${PLATFORM_OS} ${RELEASE} ${_archive}.txz.${COLOR_RESET}" /usr/bin/tar -C "${bastille_releasesdir}/${RELEASE}" -xf "${bastille_cachedir}/${RELEASE}/${_archive}.txz" if [ $? -ne 0 ]; then echo -e "${COLOR_RED}Failed to extract ${_archive}.txz.${COLOR_RESET}"