From 03ab9fd203cbfa567aaeff2cb24ac56f6b84729f Mon Sep 17 00:00:00 2001 From: Bike Dude Date: Tue, 5 Jan 2021 20:38:08 +0100 Subject: [PATCH 01/21] Thick Upgrade --- README.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 629c7695..9393d9c6 100644 --- a/README.md +++ b/README.md @@ -916,11 +916,21 @@ bastille upgrade This sub-command lets you upgrade a release to a new release. Depending on the workflow this can be similar to a `bootstrap`. +For standard containers you need to upgrade the shared base jail: ```shell -ishmael ~ # bastille upgrade 11.3-RELEASE 12.0-RELEASE +ishmael ~ # bastille upgrade 12.1-RELEASE 12.2-RELEASE ... ``` +For thick jails you need to upgrade every single container (according the freebsd-update procedure): +```shell +ishmael ~ # bastille upgrade folsom 12.2-RELEASE +ishmael ~ # bastille upgrade folsom install +... +ishmael ~ # bastille restart folsom +ishmael ~ # bastille upgrade folsom install +``` + bastille verify --------------- From 8cb20e44579480ad88a7fc3fa748bf59ce9973d8 Mon Sep 17 00:00:00 2001 From: Daniel Dowse Date: Wed, 3 Mar 2021 00:30:17 +0100 Subject: [PATCH 02/21] Help output to show real value for options instead of [options] --- usr/local/share/bastille/console.sh | 2 +- usr/local/share/bastille/create.sh | 2 +- usr/local/share/bastille/destroy.sh | 2 +- usr/local/share/bastille/export.sh | 6 +++--- usr/local/share/bastille/import.sh | 2 +- usr/local/share/bastille/update.sh | 2 +- usr/local/share/bastille/upgrade.sh | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/usr/local/share/bastille/console.sh b/usr/local/share/bastille/console.sh index 51299075..afe66c2f 100644 --- a/usr/local/share/bastille/console.sh +++ b/usr/local/share/bastille/console.sh @@ -32,7 +32,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille console TARGET [user]'" + error_exit "Usage: bastille console TARGET [user]" } # Handle special-case commands first. diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 1562d600..cb1d7528 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -32,7 +32,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille create [option] name release ip [interface]" + error_exit "Usage: bastille create [empty|thick|vnet] name release ip [interface]" } running_jail() { diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index f73509d3..63fbb9bd 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -32,7 +32,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille destroy [option] | [container|release]" + error_exit "Usage: bastille destroy [force] | [container|release]" } destroy_jail() { diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index 03977857..1a0a1d50 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -32,7 +32,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille export TARGET [option] | PATH" + error_exit "Usage: bastille export TARGET [safe|tarball] | PATH" } # Handle special-case commands first @@ -57,12 +57,12 @@ SAFE_EXPORT= # Handle some options if [ -n "${OPTION}" ]; then - if [ "${OPTION}" = "-t" -o "${OPTION}" = "--txz" ]; then + if [ "${OPTION}" = "-t" -o "${OPTION}" = "--txz" -o ${OPTION} = "tarball" ]; then if [ "${bastille_zfs_enable}" = "YES" ]; then # Temporarily disable ZFS so we can create a standard backup archive bastille_zfs_enable="NO" fi - elif [ "${OPTION}" = "-s" -o "${OPTION}" = "--safe" ]; then + elif [ "${OPTION}" = "-s" -o "${OPTION}" = "--safe" -o ${OPTION} = "safe" ]; then SAFE_EXPORT="1" elif echo "${OPTION}" | grep -q "\/"; then if [ -d "${OPTION}" ]; then diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index 4a773525..fa542ba2 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -32,7 +32,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille import file [option]" + error_exit "Usage: bastille import file [force]" } # Handle special-case commands first diff --git a/usr/local/share/bastille/update.sh b/usr/local/share/bastille/update.sh index 848f12d6..54f515b1 100644 --- a/usr/local/share/bastille/update.sh +++ b/usr/local/share/bastille/update.sh @@ -32,7 +32,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille update [release|container] | [option]" + error_exit "Usage: bastille update [release|container] | [force]" } # Handle special-case commands first. diff --git a/usr/local/share/bastille/upgrade.sh b/usr/local/share/bastille/upgrade.sh index 52c9c295..c880e8aa 100644 --- a/usr/local/share/bastille/upgrade.sh +++ b/usr/local/share/bastille/upgrade.sh @@ -32,7 +32,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille upgrade release newrelease | target newrelease | target install | [option]" + error_exit "Usage: bastille upgrade release newrelease | target newrelease | target install | [force]" } # Handle special-case commands first. From 2bfa5abedb13a0d9babeeea89b20df76d9ef4203 Mon Sep 17 00:00:00 2001 From: noracenofun <62801810+noracenofun@users.noreply.github.com> Date: Mon, 19 Apr 2021 23:19:32 +0200 Subject: [PATCH 03/21] new option -a (aka all, --all) the new option -a lists all jails, show state 'Up' or 'Down', published ports (rdr) and release, used command jls -j to collect infos for active jails and the files jail.conf, rdr.conf for inactive jails --- usr/local/share/bastille/list.sh | 53 +++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 817ba00b..a73dab60 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -32,7 +32,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille list [-j] [release|template|(jail|container)|log|limit|(import|export|backup)]" + error_exit "Usage: bastille list [-j][-a] [release|template|(jail|container)|log|limit|(import|export|backup)]" } if [ $# -eq 0 ]; then @@ -50,6 +50,57 @@ if [ $# -gt 0 ]; then help|-h|--help) usage ;; + all|-a|--all) + if [ -d "${bastille_jailsdir}" ]; then + DEFAULT_VALUE="-" + SPACER=4 + MAX_LENGTH_JAIL_NAME=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf | sed "s/^.*\/\(.*\)\/jail.conf$/\1/" | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_NAME=${MAX_LENGTH_JAIL_NAME:-3} + if [ ${MAX_LENGTH_JAIL_NAME} -lt 3 ]; then MAX_LENGTH_JAIL_NAME=3; fi + MAX_LENGTH_JAIL_IP=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec sed -n "s/^[ ]*ip4.addr[ ]*=[ ]*\(.*\);$/\1/p" {} \; | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_IP:-10} + if [ ${MAX_LENGTH_JAIL_IP} -lt 10 ]; then MAX_LENGTH_JAIL_IP=10; fi + MAX_LENGTH_JAIL_HOSTNAME=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec sed -n "s/^[ ]*host.hostname[ ]*=[ ]*\(.*\);$/\1/p" {} \; | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_HOSTNAME=${MAX_LENGTH_JAIL_HOSTNAME:-8} + if [ ${MAX_LENGTH_JAIL_HOSTNAME} -lt 8 ]; then MAX_LENGTH_JAIL_HOSTNAME=8; fi + MAX_LENGTH_JAIL_PORTS=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name rdr.conf -exec awk '{ lines++; chars += length($0)} END { chars += lines - 1; print chars }' {} \; | sort -nr | head -n 1) + MAX_LENGTH_JAIL_PORTS=${MAX_LENGTH_JAIL_PORTS:-15} + if [ ${MAX_LENGTH_JAIL_PORTS} -lt 15 ]; then MAX_LENGTH_JAIL_PORTS=15; fi + if [ ${MAX_LENGTH_JAIL_PORTS} -gt 30 ]; then MAX_LENGTH_JAIL_PORTS=30; fi + MAX_LENGTH_JAIL_RELEASE=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name fstab -exec sed "s/^.*releases\/\(.*\) \/.*$/\1/" {} \; | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_JAIL_RELEASE:-7} + if [ ${MAX_LENGTH_JAIL_RELEASE} -lt 7 ]; then MAX_LENGTH_JAIL_RELEASE=7; fi + printf " JID%*sState%*sIP Address%*sPublished Ports%*sHostname%*sRelease%*sPath\n" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 3))" "" "$((${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} + ${SPACER} - 10))" "" "$((${MAX_LENGTH_JAIL_PORTS} + ${SPACER} - 15))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} + ${SPACER} - 8))" "" "$((${MAX_LENGTH_JAIL_RELEASE} + ${SPACER} - 7))" "" + JAIL_LIST=$(ls "${bastille_jailsdir}" | sed "s/\n//g") + for _JAIL in ${JAIL_LIST}; do + if [ -f "${bastille_jailsdir}/${_JAIL}/jail.conf" ]; then + if [ "$(jls name | awk "/^${_JAIL}$/")" ]; then + JAIL_STATE="Up" + JAIL_IP=$(jls -j ${_JAIL} ip4.addr 2> /dev/null) + JAIL_HOSTNAME=$(jls -j ${_JAIL} host.hostname 2> /dev/null) + JAIL_PORTS=$(pfctl -a "rdr/${_JAIL}" -Psn 2> /dev/null | awk '{ printf "%s/%s:%s"",",$7,$14,$18 }' | sed "s/,$//") + JAIL_PATH=$(jls -j ${_JAIL} path 2> /dev/null) + else + JAIL_STATE=$(if [ "$(sed -n "/^${_JAIL} {$/,/^}$/p" "${bastille_jailsdir}/${_JAIL}/jail.conf" | awk '$0 ~ /^'${_JAIL}' \{|\}/ { printf "%s",$0 }')" == "${_JAIL} {}" ]; then echo "Down"; else echo "n/a"; fi) + JAIL_IP=$(sed -n "s/^[ ]*ip4.addr[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf") + JAIL_HOSTNAME=$(sed -n "s/^[ ]*host.hostname[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf") + if [ -f "${bastille_jailsdir}/${_JAIL}/rdr.conf" ]; then JAIL_PORTS=$(awk '$1 ~ /^[tcp|udp]/ { printf "%s/%s:%s,",$1,$2,$3 }' "${bastille_jailsdir}/${_JAIL}/rdr.conf" | sed "s/,$//"); else JAIL_PORTS=""; fi + JAIL_PATH=$(sed -n "s/^[ ]*path[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf") + fi + if [ ${#JAIL_PORTS} -gt ${MAX_LENGTH_JAIL_PORTS} ]; then JAIL_PORTS="$(echo ${JAIL_PORTS} | cut -c-$((${MAX_LENGTH_JAIL_PORTS} - 3)))..."; fi + if [ -f "${bastille_jailsdir}/${_JAIL}/fstab" ]; then JAIL_RELEASE=$(sed "s/^.*releases\/\(.*\) \/.*$/\1/" "${bastille_jailsdir}/${_JAIL}/fstab"); else JAIL_RELEASE=""; fi + JAIL_NAME=${JAIL_NAME:-${DEFAULT_VALUE}} + JAIL_STATE=${JAIL_STATE:-${DEFAULT_VALUE}} + JAIL_IP=${JAIL_IP:-${DEFAULT_VALUE}} + JAIL_PORTS=${JAIL_PORTS:-${DEFAULT_VALUE}} + JAIL_HOSTNAME=${JAIL_HOSTNAME:-${DEFAULT_VALUE}} + JAIL_RELEASE=${JAIL_RELEASE:-${DEFAULT_VALUE}} + JAIL_PATH=${JAIL_PATH:-${DEFAULT_VALUE}} + printf " ${_JAIL}%*s${JAIL_STATE}%*s${JAIL_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JAIL_NAME} - ${#_JAIL} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#JAIL_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" "" + fi + done + fi + ;; release|releases) if [ -d "${bastille_releasesdir}" ]; then REL_LIST=$(ls "${bastille_releasesdir}" | sed "s/\n//g") From 0fe341add8720dbf4bd05795bdb9ce1ce491dd6d Mon Sep 17 00:00:00 2001 From: noracenofun <62801810+noracenofun@users.noreply.github.com> Date: Tue, 20 Apr 2021 19:54:40 +0200 Subject: [PATCH 04/21] prevents multiline output trim multiline output in case additional lines included in fstab --- usr/local/share/bastille/list.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index a73dab60..6ea75bfc 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -32,7 +32,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille list [-j][-a] [release|template|(jail|container)|log|limit|(import|export|backup)]" + error_exit "Usage: bastille list [-j|-a] [release|template|(jail|container)|log|limit|(import|export|backup)]" } if [ $# -eq 0 ]; then @@ -88,7 +88,7 @@ if [ $# -gt 0 ]; then JAIL_PATH=$(sed -n "s/^[ ]*path[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf") fi if [ ${#JAIL_PORTS} -gt ${MAX_LENGTH_JAIL_PORTS} ]; then JAIL_PORTS="$(echo ${JAIL_PORTS} | cut -c-$((${MAX_LENGTH_JAIL_PORTS} - 3)))..."; fi - if [ -f "${bastille_jailsdir}/${_JAIL}/fstab" ]; then JAIL_RELEASE=$(sed "s/^.*releases\/\(.*\) \/.*$/\1/" "${bastille_jailsdir}/${_JAIL}/fstab"); else JAIL_RELEASE=""; fi + if [ -f "${bastille_jailsdir}/${_JAIL}/fstab" ]; then JAIL_RELEASE=$(sed -n "s/^.*releases\/\(.*\) \/.*$/\1/p" "${bastille_jailsdir}/${_JAIL}/fstab" | awk '!_[$0]++'); else JAIL_RELEASE=""; fi JAIL_NAME=${JAIL_NAME:-${DEFAULT_VALUE}} JAIL_STATE=${JAIL_STATE:-${DEFAULT_VALUE}} JAIL_IP=${JAIL_IP:-${DEFAULT_VALUE}} From e0f8848bd52269561a551dc26d7a78dc1eed9daa Mon Sep 17 00:00:00 2001 From: noracenofun <62801810+noracenofun@users.noreply.github.com> Date: Wed, 21 Apr 2021 01:57:20 +0200 Subject: [PATCH 05/21] added ip address of vnet jails ip address for running jails determined via jexec ifconfig and for stopped jails via jail rc.conf --- usr/local/share/bastille/list.sh | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 6ea75bfc..ef92273c 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -59,6 +59,9 @@ if [ $# -gt 0 ]; then if [ ${MAX_LENGTH_JAIL_NAME} -lt 3 ]; then MAX_LENGTH_JAIL_NAME=3; fi MAX_LENGTH_JAIL_IP=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec sed -n "s/^[ ]*ip4.addr[ ]*=[ ]*\(.*\);$/\1/p" {} \; | awk '{ print length($0) }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_IP:-10} + MAX_LENGTH_JAIL_VNET_IP=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec grep -l "vnet;" {} + | sed 's/\(.*\)jail.conf$/cat \1root\/etc\/rc.conf/' | sh | sed -n 's/^ifconfig_vnet0="inet \(.*\)\/.*$/\1/p' | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_VNET_IP=${MAX_LENGTH_JAIL_VNET_IP:-10} + if [ ${MAX_LENGTH_JAIL_VNET_IP} -gt ${MAX_LENGTH_JAIL_IP} ]; then MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_VNET_IP}; fi if [ ${MAX_LENGTH_JAIL_IP} -lt 10 ]; then MAX_LENGTH_JAIL_IP=10; fi MAX_LENGTH_JAIL_HOSTNAME=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec sed -n "s/^[ ]*host.hostname[ ]*=[ ]*\(.*\);$/\1/p" {} \; | awk '{ print length($0) }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_HOSTNAME=${MAX_LENGTH_JAIL_HOSTNAME:-8} @@ -76,13 +79,21 @@ if [ $# -gt 0 ]; then if [ -f "${bastille_jailsdir}/${_JAIL}/jail.conf" ]; then if [ "$(jls name | awk "/^${_JAIL}$/")" ]; then JAIL_STATE="Up" - JAIL_IP=$(jls -j ${_JAIL} ip4.addr 2> /dev/null) + if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${_JAIL}/jail.conf")" ]; then + JAIL_IP=$(jexec -l ${_JAIL} ifconfig -n vnet0 2> /dev/null | sed -n "/.inet /{s///;s/ .*//;p;}") + else + JAIL_IP=$(jls -j ${_JAIL} ip4.addr 2> /dev/null) + fi JAIL_HOSTNAME=$(jls -j ${_JAIL} host.hostname 2> /dev/null) JAIL_PORTS=$(pfctl -a "rdr/${_JAIL}" -Psn 2> /dev/null | awk '{ printf "%s/%s:%s"",",$7,$14,$18 }' | sed "s/,$//") JAIL_PATH=$(jls -j ${_JAIL} path 2> /dev/null) else JAIL_STATE=$(if [ "$(sed -n "/^${_JAIL} {$/,/^}$/p" "${bastille_jailsdir}/${_JAIL}/jail.conf" | awk '$0 ~ /^'${_JAIL}' \{|\}/ { printf "%s",$0 }')" == "${_JAIL} {}" ]; then echo "Down"; else echo "n/a"; fi) - JAIL_IP=$(sed -n "s/^[ ]*ip4.addr[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf") + if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${_JAIL}/jail.conf")" ]; then + JAIL_IP=$(sed -n 's/^ifconfig_vnet0="inet \(.*\)\/.*$/\1/p' "${bastille_jailsdir}/${_JAIL}/root/etc/rc.conf") + else + JAIL_IP=$(sed -n "s/^[ ]*ip4.addr[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf") + fi JAIL_HOSTNAME=$(sed -n "s/^[ ]*host.hostname[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf") if [ -f "${bastille_jailsdir}/${_JAIL}/rdr.conf" ]; then JAIL_PORTS=$(awk '$1 ~ /^[tcp|udp]/ { printf "%s/%s:%s,",$1,$2,$3 }' "${bastille_jailsdir}/${_JAIL}/rdr.conf" | sed "s/,$//"); else JAIL_PORTS=""; fi JAIL_PATH=$(sed -n "s/^[ ]*path[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf") From 71fd2a7ce75b47be50ebf340810971af770d87c9 Mon Sep 17 00:00:00 2001 From: noracenofun <62801810+noracenofun@users.noreply.github.com> Date: Wed, 21 Apr 2021 22:59:32 +0200 Subject: [PATCH 06/21] corrected length determination determination length of vnet ip address and release corrected --- usr/local/share/bastille/list.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index ef92273c..6f584374 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -59,7 +59,7 @@ if [ $# -gt 0 ]; then if [ ${MAX_LENGTH_JAIL_NAME} -lt 3 ]; then MAX_LENGTH_JAIL_NAME=3; fi MAX_LENGTH_JAIL_IP=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec sed -n "s/^[ ]*ip4.addr[ ]*=[ ]*\(.*\);$/\1/p" {} \; | awk '{ print length($0) }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_IP:-10} - MAX_LENGTH_JAIL_VNET_IP=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec grep -l "vnet;" {} + | sed 's/\(.*\)jail.conf$/cat \1root\/etc\/rc.conf/' | sh | sed -n 's/^ifconfig_vnet0="inet \(.*\)\/.*$/\1/p' | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_VNET_IP=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec grep -l "vnet;" {} + | sed 's/\(.*\)jail.conf$/cat \1root\/etc\/rc.conf/' | sh | sed -n 's/^ifconfig_vnet0="\(.*\)"$/\1/p' | awk '{ if ($1 == "inet") print length($2); else print 15; }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_VNET_IP=${MAX_LENGTH_JAIL_VNET_IP:-10} if [ ${MAX_LENGTH_JAIL_VNET_IP} -gt ${MAX_LENGTH_JAIL_IP} ]; then MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_VNET_IP}; fi if [ ${MAX_LENGTH_JAIL_IP} -lt 10 ]; then MAX_LENGTH_JAIL_IP=10; fi @@ -70,7 +70,7 @@ if [ $# -gt 0 ]; then MAX_LENGTH_JAIL_PORTS=${MAX_LENGTH_JAIL_PORTS:-15} if [ ${MAX_LENGTH_JAIL_PORTS} -lt 15 ]; then MAX_LENGTH_JAIL_PORTS=15; fi if [ ${MAX_LENGTH_JAIL_PORTS} -gt 30 ]; then MAX_LENGTH_JAIL_PORTS=30; fi - MAX_LENGTH_JAIL_RELEASE=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name fstab -exec sed "s/^.*releases\/\(.*\) \/.*$/\1/" {} \; | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_RELEASE=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name fstab -exec sed "s/^.*releases\/\(.*\) \/.*$/\1/" {} \; | tr -d " " | awk '{ print length($0) }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_JAIL_RELEASE:-7} if [ ${MAX_LENGTH_JAIL_RELEASE} -lt 7 ]; then MAX_LENGTH_JAIL_RELEASE=7; fi printf " JID%*sState%*sIP Address%*sPublished Ports%*sHostname%*sRelease%*sPath\n" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 3))" "" "$((${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} + ${SPACER} - 10))" "" "$((${MAX_LENGTH_JAIL_PORTS} + ${SPACER} - 15))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} + ${SPACER} - 8))" "" "$((${MAX_LENGTH_JAIL_RELEASE} + ${SPACER} - 7))" "" @@ -99,7 +99,7 @@ if [ $# -gt 0 ]; then JAIL_PATH=$(sed -n "s/^[ ]*path[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf") fi if [ ${#JAIL_PORTS} -gt ${MAX_LENGTH_JAIL_PORTS} ]; then JAIL_PORTS="$(echo ${JAIL_PORTS} | cut -c-$((${MAX_LENGTH_JAIL_PORTS} - 3)))..."; fi - if [ -f "${bastille_jailsdir}/${_JAIL}/fstab" ]; then JAIL_RELEASE=$(sed -n "s/^.*releases\/\(.*\) \/.*$/\1/p" "${bastille_jailsdir}/${_JAIL}/fstab" | awk '!_[$0]++'); else JAIL_RELEASE=""; fi + if [ -f "${bastille_jailsdir}/${_JAIL}/fstab" ]; then JAIL_RELEASE=$(sed -n "s/^.*releases\/\(.*\) \/.*$/\1/p" "${bastille_jailsdir}/${_JAIL}/fstab" | tr -d " " | awk '!_[$0]++'); else JAIL_RELEASE=""; fi JAIL_NAME=${JAIL_NAME:-${DEFAULT_VALUE}} JAIL_STATE=${JAIL_STATE:-${DEFAULT_VALUE}} JAIL_IP=${JAIL_IP:-${DEFAULT_VALUE}} From 32f861e67a37cc625e3cae7093151fbb219d92b9 Mon Sep 17 00:00:00 2001 From: noracenofun <62801810+noracenofun@users.noreply.github.com> Date: Thu, 22 Apr 2021 20:35:25 +0200 Subject: [PATCH 07/21] fixed issue no vnet ip address if jail down issue with no vnet ip address being displayed when jail is down fixed --- usr/local/share/bastille/list.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 6f584374..5c580903 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -90,7 +90,7 @@ if [ $# -gt 0 ]; then else JAIL_STATE=$(if [ "$(sed -n "/^${_JAIL} {$/,/^}$/p" "${bastille_jailsdir}/${_JAIL}/jail.conf" | awk '$0 ~ /^'${_JAIL}' \{|\}/ { printf "%s",$0 }')" == "${_JAIL} {}" ]; then echo "Down"; else echo "n/a"; fi) if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${_JAIL}/jail.conf")" ]; then - JAIL_IP=$(sed -n 's/^ifconfig_vnet0="inet \(.*\)\/.*$/\1/p' "${bastille_jailsdir}/${_JAIL}/root/etc/rc.conf") + JAIL_IP=$(sed -n 's/^ifconfig_vnet0="inet \(.*\)"$/\1/p' "${bastille_jailsdir}/${_JAIL}/root/etc/rc.conf") else JAIL_IP=$(sed -n "s/^[ ]*ip4.addr[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf") fi From 4690805dbc3fdda17c5f39ea74ac4c4b168bf521 Mon Sep 17 00:00:00 2001 From: noracenofun <62801810+noracenofun@users.noreply.github.com> Date: Fri, 23 Apr 2021 00:01:50 +0200 Subject: [PATCH 08/21] truncated netmask from ip addresses netmask from ip addresses truncated and displaying SYNCDHCP added --- usr/local/share/bastille/list.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 5c580903..58cb2e43 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -57,9 +57,9 @@ if [ $# -gt 0 ]; then MAX_LENGTH_JAIL_NAME=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf | sed "s/^.*\/\(.*\)\/jail.conf$/\1/" | awk '{ print length($0) }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_NAME=${MAX_LENGTH_JAIL_NAME:-3} if [ ${MAX_LENGTH_JAIL_NAME} -lt 3 ]; then MAX_LENGTH_JAIL_NAME=3; fi - MAX_LENGTH_JAIL_IP=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec sed -n "s/^[ ]*ip4.addr[ ]*=[ ]*\(.*\);$/\1/p" {} \; | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_IP=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec sed -n "s/^[ ]*ip4.addr[ ]*=[ ]*\(.*\);$/\1/p" {} \; | sed 's/\// /g' | awk '{ print length($1) }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_IP:-10} - MAX_LENGTH_JAIL_VNET_IP=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec grep -l "vnet;" {} + | sed 's/\(.*\)jail.conf$/cat \1root\/etc\/rc.conf/' | sh | sed -n 's/^ifconfig_vnet0="\(.*\)"$/\1/p' | awk '{ if ($1 == "inet") print length($2); else print 15; }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_VNET_IP=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec grep -l "vnet;" {} + | sed 's/\(.*\)jail.conf$/grep "ifconfig_vnet0=" \1root\/etc\/rc.conf/' | sh | sed -n 's/^ifconfig_vnet0="\(.*\)"$/\1/p' | sed 's/\// /g' | awk '{ if ($1 == "inet") print length($2); else print 15 }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_VNET_IP=${MAX_LENGTH_JAIL_VNET_IP:-10} if [ ${MAX_LENGTH_JAIL_VNET_IP} -gt ${MAX_LENGTH_JAIL_IP} ]; then MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_VNET_IP}; fi if [ ${MAX_LENGTH_JAIL_IP} -lt 10 ]; then MAX_LENGTH_JAIL_IP=10; fi @@ -90,9 +90,9 @@ if [ $# -gt 0 ]; then else JAIL_STATE=$(if [ "$(sed -n "/^${_JAIL} {$/,/^}$/p" "${bastille_jailsdir}/${_JAIL}/jail.conf" | awk '$0 ~ /^'${_JAIL}' \{|\}/ { printf "%s",$0 }')" == "${_JAIL} {}" ]; then echo "Down"; else echo "n/a"; fi) if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${_JAIL}/jail.conf")" ]; then - JAIL_IP=$(sed -n 's/^ifconfig_vnet0="inet \(.*\)"$/\1/p' "${bastille_jailsdir}/${_JAIL}/root/etc/rc.conf") + JAIL_IP=$(sed -n 's/^ifconfig_vnet0="\(.*\)"$/\1/p' "${bastille_jailsdir}/${_JAIL}/root/etc/rc.conf" | sed "s/\// /g" | awk '{ if ($1 == "inet") print $2; else print $1 }') else - JAIL_IP=$(sed -n "s/^[ ]*ip4.addr[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf") + JAIL_IP=$(sed -n "s/^[ ]*ip4.addr[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf" | sed "s/\// /g" | awk '{ print $1 }') fi JAIL_HOSTNAME=$(sed -n "s/^[ ]*host.hostname[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf") if [ -f "${bastille_jailsdir}/${_JAIL}/rdr.conf" ]; then JAIL_PORTS=$(awk '$1 ~ /^[tcp|udp]/ { printf "%s/%s:%s,",$1,$2,$3 }' "${bastille_jailsdir}/${_JAIL}/rdr.conf" | sed "s/,$//"); else JAIL_PORTS=""; fi From 70f567ec431cc67f5a2ce0d78633cfeb35cff3f7 Mon Sep 17 00:00:00 2001 From: noracenofun <62801810+noracenofun@users.noreply.github.com> Date: Wed, 28 Apr 2021 17:36:14 +0200 Subject: [PATCH 09/21] ignore additional mount points in the fstab ignore additional mount points in the fstab when determining the length and the value of release --- usr/local/share/bastille/list.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 58cb2e43..eee24388 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -70,7 +70,7 @@ if [ $# -gt 0 ]; then MAX_LENGTH_JAIL_PORTS=${MAX_LENGTH_JAIL_PORTS:-15} if [ ${MAX_LENGTH_JAIL_PORTS} -lt 15 ]; then MAX_LENGTH_JAIL_PORTS=15; fi if [ ${MAX_LENGTH_JAIL_PORTS} -gt 30 ]; then MAX_LENGTH_JAIL_PORTS=30; fi - MAX_LENGTH_JAIL_RELEASE=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name fstab -exec sed "s/^.*releases\/\(.*\) \/.*$/\1/" {} \; | tr -d " " | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_RELEASE=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name fstab -exec grep "/releases/" {} \; | sed -n "s/^.*\/releases\/\(.*\) \/.*$/\1/p" | tr -d " " | awk '{ print length($0) }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_JAIL_RELEASE:-7} if [ ${MAX_LENGTH_JAIL_RELEASE} -lt 7 ]; then MAX_LENGTH_JAIL_RELEASE=7; fi printf " JID%*sState%*sIP Address%*sPublished Ports%*sHostname%*sRelease%*sPath\n" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 3))" "" "$((${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} + ${SPACER} - 10))" "" "$((${MAX_LENGTH_JAIL_PORTS} + ${SPACER} - 15))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} + ${SPACER} - 8))" "" "$((${MAX_LENGTH_JAIL_RELEASE} + ${SPACER} - 7))" "" @@ -99,7 +99,7 @@ if [ $# -gt 0 ]; then JAIL_PATH=$(sed -n "s/^[ ]*path[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf") fi if [ ${#JAIL_PORTS} -gt ${MAX_LENGTH_JAIL_PORTS} ]; then JAIL_PORTS="$(echo ${JAIL_PORTS} | cut -c-$((${MAX_LENGTH_JAIL_PORTS} - 3)))..."; fi - if [ -f "${bastille_jailsdir}/${_JAIL}/fstab" ]; then JAIL_RELEASE=$(sed -n "s/^.*releases\/\(.*\) \/.*$/\1/p" "${bastille_jailsdir}/${_JAIL}/fstab" | tr -d " " | awk '!_[$0]++'); else JAIL_RELEASE=""; fi + if [ -f "${bastille_jailsdir}/${_JAIL}/fstab" ]; then JAIL_RELEASE=$(grep "/releases/" "${bastille_jailsdir}/${_JAIL}/fstab" | sed -n "s/^.*\/releases\/\(.*\) \/.*$/\1/p" | tr -d " " | awk '!_[$0]++'); else JAIL_RELEASE=""; fi JAIL_NAME=${JAIL_NAME:-${DEFAULT_VALUE}} JAIL_STATE=${JAIL_STATE:-${DEFAULT_VALUE}} JAIL_IP=${JAIL_IP:-${DEFAULT_VALUE}} From e5d2bc00a58a54f91a26e4e55025ff4d456dd979 Mon Sep 17 00:00:00 2001 From: noracenofun <62801810+noracenofun@users.noreply.github.com> Date: Sat, 1 May 2021 10:32:08 +0200 Subject: [PATCH 10/21] added ipv6 addresses displaying determine and display of ipv6 addresses for bastille0, host alias and vnet0 added --- usr/local/share/bastille/list.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index eee24388..72a27d47 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -53,13 +53,13 @@ if [ $# -gt 0 ]; then all|-a|--all) if [ -d "${bastille_jailsdir}" ]; then DEFAULT_VALUE="-" - SPACER=4 + SPACER=2 MAX_LENGTH_JAIL_NAME=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf | sed "s/^.*\/\(.*\)\/jail.conf$/\1/" | awk '{ print length($0) }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_NAME=${MAX_LENGTH_JAIL_NAME:-3} if [ ${MAX_LENGTH_JAIL_NAME} -lt 3 ]; then MAX_LENGTH_JAIL_NAME=3; fi - MAX_LENGTH_JAIL_IP=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec sed -n "s/^[ ]*ip4.addr[ ]*=[ ]*\(.*\);$/\1/p" {} \; | sed 's/\// /g' | awk '{ print length($1) }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_IP=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec sed -n "s/^[ ]*ip[4,6].addr[ ]*=[ ]*\(.*\);$/\1/p" {} \; | sed 's/\// /g' | awk '{ print length($1) }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_IP:-10} - MAX_LENGTH_JAIL_VNET_IP=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec grep -l "vnet;" {} + | sed 's/\(.*\)jail.conf$/grep "ifconfig_vnet0=" \1root\/etc\/rc.conf/' | sh | sed -n 's/^ifconfig_vnet0="\(.*\)"$/\1/p' | sed 's/\// /g' | awk '{ if ($1 == "inet") print length($2); else print 15 }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_VNET_IP=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec grep -l "vnet;" {} + | sed 's/\(.*\)jail.conf$/grep "ifconfig_vnet0=" \1root\/etc\/rc.conf/' | sh | sed -n 's/^ifconfig_vnet0="\(.*\)"$/\1/p' | sed 's/\// /g' | awk '{ if ($1 ~ /^[inet|inet6]/) print length($2); else print 15 }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_VNET_IP=${MAX_LENGTH_JAIL_VNET_IP:-10} if [ ${MAX_LENGTH_JAIL_VNET_IP} -gt ${MAX_LENGTH_JAIL_IP} ]; then MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_VNET_IP}; fi if [ ${MAX_LENGTH_JAIL_IP} -lt 10 ]; then MAX_LENGTH_JAIL_IP=10; fi @@ -80,9 +80,11 @@ if [ $# -gt 0 ]; then if [ "$(jls name | awk "/^${_JAIL}$/")" ]; then JAIL_STATE="Up" if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${_JAIL}/jail.conf")" ]; then - JAIL_IP=$(jexec -l ${_JAIL} ifconfig -n vnet0 2> /dev/null | sed -n "/.inet /{s///;s/ .*//;p;}") + JAIL_IP=$(jexec -l ${_JAIL} ifconfig -n vnet0 inet 2> /dev/null | sed -n "/.inet /{s///;s/ .*//;p;}") + if [ ! ${JAIL_IP} ]; then JAIL_IP=$(jexec -l ${_JAIL} ifconfig -n vnet0 inet6 2> /dev/null | awk '/inet6 / && (!/fe80::/ || !/%vnet0/)' | sed -n "/.inet6 /{s///;s/ .*//;p;}"); fi else JAIL_IP=$(jls -j ${_JAIL} ip4.addr 2> /dev/null) + if [ ${JAIL_IP} = "-" ]; then JAIL_IP=$(jls -j ${_JAIL} ip6.addr 2> /dev/null); fi fi JAIL_HOSTNAME=$(jls -j ${_JAIL} host.hostname 2> /dev/null) JAIL_PORTS=$(pfctl -a "rdr/${_JAIL}" -Psn 2> /dev/null | awk '{ printf "%s/%s:%s"",",$7,$14,$18 }' | sed "s/,$//") @@ -90,9 +92,9 @@ if [ $# -gt 0 ]; then else JAIL_STATE=$(if [ "$(sed -n "/^${_JAIL} {$/,/^}$/p" "${bastille_jailsdir}/${_JAIL}/jail.conf" | awk '$0 ~ /^'${_JAIL}' \{|\}/ { printf "%s",$0 }')" == "${_JAIL} {}" ]; then echo "Down"; else echo "n/a"; fi) if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${_JAIL}/jail.conf")" ]; then - JAIL_IP=$(sed -n 's/^ifconfig_vnet0="\(.*\)"$/\1/p' "${bastille_jailsdir}/${_JAIL}/root/etc/rc.conf" | sed "s/\// /g" | awk '{ if ($1 == "inet") print $2; else print $1 }') + JAIL_IP=$(sed -n 's/^ifconfig_vnet0="\(.*\)"$/\1/p' "${bastille_jailsdir}/${_JAIL}/root/etc/rc.conf" | sed "s/\// /g" | awk '{ if ($1 ~ /^[inet|inet6]/) print $2; else print $1 }') else - JAIL_IP=$(sed -n "s/^[ ]*ip4.addr[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf" | sed "s/\// /g" | awk '{ print $1 }') + JAIL_IP=$(sed -n "s/^[ ]*ip[4,6].addr[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf" | sed "s/\// /g" | awk '{ print $1 }') fi JAIL_HOSTNAME=$(sed -n "s/^[ ]*host.hostname[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf") if [ -f "${bastille_jailsdir}/${_JAIL}/rdr.conf" ]; then JAIL_PORTS=$(awk '$1 ~ /^[tcp|udp]/ { printf "%s/%s:%s,",$1,$2,$3 }' "${bastille_jailsdir}/${_JAIL}/rdr.conf" | sed "s/,$//"); else JAIL_PORTS=""; fi From 7bf605cf9f8461111aea7d367cf66fc44b29c3d6 Mon Sep 17 00:00:00 2001 From: noracenofun <62801810+noracenofun@users.noreply.github.com> Date: Sun, 2 May 2021 09:01:25 +0200 Subject: [PATCH 11/21] added release patch displaying determine and display of release patch added --- usr/local/share/bastille/list.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 72a27d47..4854207e 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -70,7 +70,8 @@ if [ $# -gt 0 ]; then MAX_LENGTH_JAIL_PORTS=${MAX_LENGTH_JAIL_PORTS:-15} if [ ${MAX_LENGTH_JAIL_PORTS} -lt 15 ]; then MAX_LENGTH_JAIL_PORTS=15; fi if [ ${MAX_LENGTH_JAIL_PORTS} -gt 30 ]; then MAX_LENGTH_JAIL_PORTS=30; fi - MAX_LENGTH_JAIL_RELEASE=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name fstab -exec grep "/releases/" {} \; | sed -n "s/^.*\/releases\/\(.*\) \/.*$/\1/p" | tr -d " " | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_RELEASE=$(jls path 2> /dev/null | awk '{ print "cat "$0"/etc/os-release" }' | sh | grep "^VERSION=" | sed -n "s/^VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1) + if [ ! ${MAX_LENGTH_JAIL_RELEASE} ]; then MAX_LENGTH_JAIL_RELEASE=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name fstab -exec grep "/releases/" {} \; | sed -n "s/^.*\/releases\/\(.*\) \/.*$/\1/p" | tr -d " " | awk '{ print length($0) }' | sort -nr | head -n 1); fi MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_JAIL_RELEASE:-7} if [ ${MAX_LENGTH_JAIL_RELEASE} -lt 7 ]; then MAX_LENGTH_JAIL_RELEASE=7; fi printf " JID%*sState%*sIP Address%*sPublished Ports%*sHostname%*sRelease%*sPath\n" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 3))" "" "$((${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} + ${SPACER} - 10))" "" "$((${MAX_LENGTH_JAIL_PORTS} + ${SPACER} - 15))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} + ${SPACER} - 8))" "" "$((${MAX_LENGTH_JAIL_RELEASE} + ${SPACER} - 7))" "" @@ -89,6 +90,7 @@ if [ $# -gt 0 ]; then JAIL_HOSTNAME=$(jls -j ${_JAIL} host.hostname 2> /dev/null) JAIL_PORTS=$(pfctl -a "rdr/${_JAIL}" -Psn 2> /dev/null | awk '{ printf "%s/%s:%s"",",$7,$14,$18 }' | sed "s/,$//") JAIL_PATH=$(jls -j ${_JAIL} path 2> /dev/null) + JAIL_RELEASE=$(sed -n "s/^VERSION=\(.*\)$/\1/p" "${JAIL_PATH}/etc/os-release") else JAIL_STATE=$(if [ "$(sed -n "/^${_JAIL} {$/,/^}$/p" "${bastille_jailsdir}/${_JAIL}/jail.conf" | awk '$0 ~ /^'${_JAIL}' \{|\}/ { printf "%s",$0 }')" == "${_JAIL} {}" ]; then echo "Down"; else echo "n/a"; fi) if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${_JAIL}/jail.conf")" ]; then @@ -99,6 +101,11 @@ if [ $# -gt 0 ]; then JAIL_HOSTNAME=$(sed -n "s/^[ ]*host.hostname[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf") if [ -f "${bastille_jailsdir}/${_JAIL}/rdr.conf" ]; then JAIL_PORTS=$(awk '$1 ~ /^[tcp|udp]/ { printf "%s/%s:%s,",$1,$2,$3 }' "${bastille_jailsdir}/${_JAIL}/rdr.conf" | sed "s/,$//"); else JAIL_PORTS=""; fi JAIL_PATH=$(sed -n "s/^[ ]*path[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf") + if [ -f "${JAIL_PATH}/etc/os-release" ]; then + JAIL_RELEASE=$(sed -n "s/^VERSION=\(.*\)$/\1/p" "${JAIL_PATH}/etc/os-release") + else + if [ -f "${bastille_jailsdir}/${_JAIL}/fstab" ]; then JAIL_RELEASE=$(grep "/releases/" "${bastille_jailsdir}/${_JAIL}/fstab" | sed -n "s/^.*\/releases\/\(.*\) \/.*$/\1/p" | tr -d " " | awk '!_[$0]++'); else JAIL_RELEASE=""; fi + fi fi if [ ${#JAIL_PORTS} -gt ${MAX_LENGTH_JAIL_PORTS} ]; then JAIL_PORTS="$(echo ${JAIL_PORTS} | cut -c-$((${MAX_LENGTH_JAIL_PORTS} - 3)))..."; fi if [ -f "${bastille_jailsdir}/${_JAIL}/fstab" ]; then JAIL_RELEASE=$(grep "/releases/" "${bastille_jailsdir}/${_JAIL}/fstab" | sed -n "s/^.*\/releases\/\(.*\) \/.*$/\1/p" | tr -d " " | awk '!_[$0]++'); else JAIL_RELEASE=""; fi From 9c4b39bb40eb84aa81a33b78eb4c4575bb13afb2 Mon Sep 17 00:00:00 2001 From: noracenofun <62801810+noracenofun@users.noreply.github.com> Date: Sun, 2 May 2021 12:29:33 +0200 Subject: [PATCH 12/21] corrected length and value determination determination of the width of the column 'Release' corrected and unnecessary line for determining the value of the release deleted --- usr/local/share/bastille/list.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 4854207e..cc23f62b 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -70,7 +70,7 @@ if [ $# -gt 0 ]; then MAX_LENGTH_JAIL_PORTS=${MAX_LENGTH_JAIL_PORTS:-15} if [ ${MAX_LENGTH_JAIL_PORTS} -lt 15 ]; then MAX_LENGTH_JAIL_PORTS=15; fi if [ ${MAX_LENGTH_JAIL_PORTS} -gt 30 ]; then MAX_LENGTH_JAIL_PORTS=30; fi - MAX_LENGTH_JAIL_RELEASE=$(jls path 2> /dev/null | awk '{ print "cat "$0"/etc/os-release" }' | sh | grep "^VERSION=" | sed -n "s/^VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_RELEASE=$(find -L ""${bastille_jailsdir}/*/root/etc"" -maxdepth 1 -type f -name os-release -exec sed -n "s/^VERSION=\(.*\)$/\1/p" {} \; | awk '{ print length($0) }' | sort -nr | head -n 1) if [ ! ${MAX_LENGTH_JAIL_RELEASE} ]; then MAX_LENGTH_JAIL_RELEASE=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name fstab -exec grep "/releases/" {} \; | sed -n "s/^.*\/releases\/\(.*\) \/.*$/\1/p" | tr -d " " | awk '{ print length($0) }' | sort -nr | head -n 1); fi MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_JAIL_RELEASE:-7} if [ ${MAX_LENGTH_JAIL_RELEASE} -lt 7 ]; then MAX_LENGTH_JAIL_RELEASE=7; fi @@ -108,7 +108,6 @@ if [ $# -gt 0 ]; then fi fi if [ ${#JAIL_PORTS} -gt ${MAX_LENGTH_JAIL_PORTS} ]; then JAIL_PORTS="$(echo ${JAIL_PORTS} | cut -c-$((${MAX_LENGTH_JAIL_PORTS} - 3)))..."; fi - if [ -f "${bastille_jailsdir}/${_JAIL}/fstab" ]; then JAIL_RELEASE=$(grep "/releases/" "${bastille_jailsdir}/${_JAIL}/fstab" | sed -n "s/^.*\/releases\/\(.*\) \/.*$/\1/p" | tr -d " " | awk '!_[$0]++'); else JAIL_RELEASE=""; fi JAIL_NAME=${JAIL_NAME:-${DEFAULT_VALUE}} JAIL_STATE=${JAIL_STATE:-${DEFAULT_VALUE}} JAIL_IP=${JAIL_IP:-${DEFAULT_VALUE}} From ac013848101032e428dca3a9c7532fe1f27cf533 Mon Sep 17 00:00:00 2001 From: noracenofun <62801810+noracenofun@users.noreply.github.com> Date: Wed, 5 May 2021 12:45:47 +0200 Subject: [PATCH 13/21] fixes issue #361 [BUG] IPv6 not respected when creating VNET jails #361 --- usr/local/share/bastille/create.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 59b84711..e46109e0 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -379,7 +379,11 @@ create_jail() { _gateway='' _ifconfig=SYNCDHCP if [ "${IP}" != "0.0.0.0" ]; then # not using DHCP, so set static address. - _ifconfig="inet ${IP}" + if [ -n "${ip6}" ]; then + _ifconfig="inet6 ${IP}" + else + _ifconfig="inet ${IP}" + fi if [ -n "${bastille_network_gateway}" ]; then _gateway="${bastille_network_gateway}" else From b0167028e800097290482823089eede6a69e6e89 Mon Sep 17 00:00:00 2001 From: noracenofun <62801810+noracenofun@users.noreply.github.com> Date: Sat, 15 May 2021 13:23:16 +0200 Subject: [PATCH 14/21] fixed displaying issue fixed wrong display if there are no jails existing --- usr/local/share/bastille/list.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index cc23f62b..91c7fbf6 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -70,7 +70,7 @@ if [ $# -gt 0 ]; then MAX_LENGTH_JAIL_PORTS=${MAX_LENGTH_JAIL_PORTS:-15} if [ ${MAX_LENGTH_JAIL_PORTS} -lt 15 ]; then MAX_LENGTH_JAIL_PORTS=15; fi if [ ${MAX_LENGTH_JAIL_PORTS} -gt 30 ]; then MAX_LENGTH_JAIL_PORTS=30; fi - MAX_LENGTH_JAIL_RELEASE=$(find -L ""${bastille_jailsdir}/*/root/etc"" -maxdepth 1 -type f -name os-release -exec sed -n "s/^VERSION=\(.*\)$/\1/p" {} \; | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_RELEASE=$(find -L ""${bastille_jailsdir}/*/root/etc"" -maxdepth 1 -type f -name os-release 2> /dev/null -exec sed -n "s/^VERSION=\(.*\)$/\1/p" {} \; | awk '{ print length($0) }' | sort -nr | head -n 1) if [ ! ${MAX_LENGTH_JAIL_RELEASE} ]; then MAX_LENGTH_JAIL_RELEASE=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name fstab -exec grep "/releases/" {} \; | sed -n "s/^.*\/releases\/\(.*\) \/.*$/\1/p" | tr -d " " | awk '{ print length($0) }' | sort -nr | head -n 1); fi MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_JAIL_RELEASE:-7} if [ ${MAX_LENGTH_JAIL_RELEASE} -lt 7 ]; then MAX_LENGTH_JAIL_RELEASE=7; fi @@ -118,6 +118,8 @@ if [ $# -gt 0 ]; then printf " ${_JAIL}%*s${JAIL_STATE}%*s${JAIL_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JAIL_NAME} - ${#_JAIL} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#JAIL_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" "" fi done + else + error_exit "unfortunately there are no jails here (${bastille_jailsdir})" fi ;; release|releases) From a3544343a876179fd3e9ed6e8145e0ccb222e71e Mon Sep 17 00:00:00 2001 From: noracenofun <62801810+noracenofun@users.noreply.github.com> Date: Sun, 16 May 2021 00:29:02 +0200 Subject: [PATCH 15/21] fixed displaying issue older releases release determination completely rebuilt --- usr/local/share/bastille/list.sh | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 91c7fbf6..5bab0486 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -70,9 +70,11 @@ if [ $# -gt 0 ]; then MAX_LENGTH_JAIL_PORTS=${MAX_LENGTH_JAIL_PORTS:-15} if [ ${MAX_LENGTH_JAIL_PORTS} -lt 15 ]; then MAX_LENGTH_JAIL_PORTS=15; fi if [ ${MAX_LENGTH_JAIL_PORTS} -gt 30 ]; then MAX_LENGTH_JAIL_PORTS=30; fi - MAX_LENGTH_JAIL_RELEASE=$(find -L ""${bastille_jailsdir}/*/root/etc"" -maxdepth 1 -type f -name os-release 2> /dev/null -exec sed -n "s/^VERSION=\(.*\)$/\1/p" {} \; | awk '{ print length($0) }' | sort -nr | head -n 1) - if [ ! ${MAX_LENGTH_JAIL_RELEASE} ]; then MAX_LENGTH_JAIL_RELEASE=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name fstab -exec grep "/releases/" {} \; | sed -n "s/^.*\/releases\/\(.*\) \/.*$/\1/p" | tr -d " " | awk '{ print length($0) }' | sort -nr | head -n 1); fi + MAX_LENGTH_JAIL_RELEASE=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name fstab 2> /dev/null -exec grep "/releases/.*/root/.bastille nullfs" {} \; | sed -n "s/^\(.*\) \/.*$/grep \"\^USERLAND_VERSION=\" \1\/bin\/freebsd-version 2\> \/dev\/null/p" | awk '!_[$0]++' | sh | sed -n "s/^USERLAND_VERSION=\"\(.*\)\"$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_JAIL_RELEASE:-7} + MAX_LENGTH_THICK_JAIL_RELEASE=$(find ""${bastille_jailsdir}/*/root/bin"" -maxdepth 1 -type f -name freebsd-version 2> /dev/null -exec grep "^USERLAND_VERSION=" {} \; | sed -n "s/^USERLAND_VERSION=\"\(.*\)\"$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_THICK_JAIL_RELEASE=${MAX_LENGTH_THICK_JAIL_RELEASE:-7} + if [ ${MAX_LENGTH_THICK_JAIL_RELEASE} -gt ${MAX_LENGTH_JAIL_RELEASE} ]; then MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_THICK_JAIL_RELEASE}; fi if [ ${MAX_LENGTH_JAIL_RELEASE} -lt 7 ]; then MAX_LENGTH_JAIL_RELEASE=7; fi printf " JID%*sState%*sIP Address%*sPublished Ports%*sHostname%*sRelease%*sPath\n" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 3))" "" "$((${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} + ${SPACER} - 10))" "" "$((${MAX_LENGTH_JAIL_PORTS} + ${SPACER} - 15))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} + ${SPACER} - 8))" "" "$((${MAX_LENGTH_JAIL_RELEASE} + ${SPACER} - 7))" "" JAIL_LIST=$(ls "${bastille_jailsdir}" | sed "s/\n//g") @@ -90,7 +92,7 @@ if [ $# -gt 0 ]; then JAIL_HOSTNAME=$(jls -j ${_JAIL} host.hostname 2> /dev/null) JAIL_PORTS=$(pfctl -a "rdr/${_JAIL}" -Psn 2> /dev/null | awk '{ printf "%s/%s:%s"",",$7,$14,$18 }' | sed "s/,$//") JAIL_PATH=$(jls -j ${_JAIL} path 2> /dev/null) - JAIL_RELEASE=$(sed -n "s/^VERSION=\(.*\)$/\1/p" "${JAIL_PATH}/etc/os-release") + JAIL_RELEASE=$(jexec -l ${_JAIL} freebsd-version -u 2> /dev/null) else JAIL_STATE=$(if [ "$(sed -n "/^${_JAIL} {$/,/^}$/p" "${bastille_jailsdir}/${_JAIL}/jail.conf" | awk '$0 ~ /^'${_JAIL}' \{|\}/ { printf "%s",$0 }')" == "${_JAIL} {}" ]; then echo "Down"; else echo "n/a"; fi) if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${_JAIL}/jail.conf")" ]; then @@ -101,10 +103,14 @@ if [ $# -gt 0 ]; then JAIL_HOSTNAME=$(sed -n "s/^[ ]*host.hostname[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf") if [ -f "${bastille_jailsdir}/${_JAIL}/rdr.conf" ]; then JAIL_PORTS=$(awk '$1 ~ /^[tcp|udp]/ { printf "%s/%s:%s,",$1,$2,$3 }' "${bastille_jailsdir}/${_JAIL}/rdr.conf" | sed "s/,$//"); else JAIL_PORTS=""; fi JAIL_PATH=$(sed -n "s/^[ ]*path[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf") - if [ -f "${JAIL_PATH}/etc/os-release" ]; then - JAIL_RELEASE=$(sed -n "s/^VERSION=\(.*\)$/\1/p" "${JAIL_PATH}/etc/os-release") + if [ ${JAIL_PATH} ]; then + if [ -f "${JAIL_PATH}/bin/freebsd-version" ]; then + JAIL_RELEASE=$(sed -n "s/^USERLAND_VERSION=\"\(.*\)\"$/\1/p" "${JAIL_PATH}/bin/freebsd-version") + else + JAIL_RELEASE=$(grep "/releases/.*/root/.bastille nullfs" "${bastille_jailsdir}/${_JAIL}/fstab" 2> /dev/null | sed -n "s/^\(.*\) \/.*$/grep \"\^USERLAND_VERSION=\" \1\/bin\/freebsd-version 2\> \/dev\/null/p" | awk '!_[$0]++' | sh | sed -n "s/^USERLAND_VERSION=\"\(.*\)\"$/\1/p") + fi else - if [ -f "${bastille_jailsdir}/${_JAIL}/fstab" ]; then JAIL_RELEASE=$(grep "/releases/" "${bastille_jailsdir}/${_JAIL}/fstab" | sed -n "s/^.*\/releases\/\(.*\) \/.*$/\1/p" | tr -d " " | awk '!_[$0]++'); else JAIL_RELEASE=""; fi + JAIL_RELEASE="" fi fi if [ ${#JAIL_PORTS} -gt ${MAX_LENGTH_JAIL_PORTS} ]; then JAIL_PORTS="$(echo ${JAIL_PORTS} | cut -c-$((${MAX_LENGTH_JAIL_PORTS} - 3)))..."; fi From 585fd76ae2580c586d84cce81204c4ee7cce28c5 Mon Sep 17 00:00:00 2001 From: Bike Dude Date: Tue, 18 May 2021 21:14:03 +0200 Subject: [PATCH 16/21] alternative git template servers --- usr/local/share/bastille/bootstrap.sh | 2 +- usr/local/share/bastille/template.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 82d03923..7dcf6a29 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -426,7 +426,7 @@ current-build-latest|current-BUILD-LATEST|CURRENT-BUILD-LATEST) PLATFORM_OS="HardenedBSD" validate_release_url ;; -http?://github.com/*/*|http?://gitlab.com/*/*) +http?://*/*/*) BASTILLE_TEMPLATE_URL=${1} BASTILLE_TEMPLATE_USER=$(echo "${1}" | awk -F / '{ print $4 }') BASTILLE_TEMPLATE_REPO=$(echo "${1}" | awk -F / '{ print $5 }') diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index 085704b2..07cfae12 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -173,7 +173,7 @@ if [ "${TARGET}" = '--convert' ]; then fi case ${TEMPLATE} in - http?://github.com/*/*|http?://gitlab.com/*/*) + http?://*/*/*) TEMPLATE_DIR=$(echo "${TEMPLATE}" | awk -F / '{ print $4 "/" $5 }') if [ ! -d "${bastille_templatesdir}/${TEMPLATE_DIR}" ]; then info "Bootstrapping ${TEMPLATE}..." From b2a4dcdd49833fc3349e8c6a3355f5806b816abe Mon Sep 17 00:00:00 2001 From: Bike Dude Date: Tue, 25 May 2021 12:29:06 +0200 Subject: [PATCH 17/21] add verify add verify.sh as well as in PR #383 --- usr/local/share/bastille/verify.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/verify.sh b/usr/local/share/bastille/verify.sh index da88ee5e..1246cc00 100644 --- a/usr/local/share/bastille/verify.sh +++ b/usr/local/share/bastille/verify.sh @@ -77,7 +77,7 @@ verify_template() { info "[${_hook}]:[${_include}]:" case ${_include} in - http?://github.com/*/*|http?://gitlab.com/*/*) + http?://*/*/*) bastille bootstrap "${_include}" ;; */*) From f8f508f6f6c7db5a18f04d84646c070b314c5cae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Go=CC=88tz=20Salzmann?= Date: Mon, 24 May 2021 13:28:18 +0200 Subject: [PATCH 18/21] Fix wrong mountpoint MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In ed50e3fa041b35f274a30e0f2ac425252485e7f0 _jailpath was updated to include the full path on the host. The test and if required mkdir were then done with the jail’s root pirectory perpended to that full path. --- usr/local/share/bastille/mount.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index 82147350..298d42a3 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -97,8 +97,8 @@ for _jail in ${JAILS}; do _fstab_entry="${_hostpath} ${_jailpath} ${_type} ${_perms} ${_checks}" ## Create mount point if it does not exist. -- cwells - if [ ! -d "${bastille_jailsdir}/${_jail}/root/${_jailpath}" ]; then - if ! mkdir -p "${bastille_jailsdir}/${_jail}/root/${_jailpath}"; then + if [ ! -d "${_jailpath}" ]; then + if ! mkdir -p "${_jailpath}"; then error_exit "Failed to create mount point inside jail." fi fi From 9347fd0eae49ec02d163e48b39a427ab2bf6c747 Mon Sep 17 00:00:00 2001 From: Egor Kuzmichev Date: Wed, 9 Jun 2021 11:03:03 +0300 Subject: [PATCH 19/21] Lint bootstrap.sh Lint with https://github.com/koalaman/shellcheck/wiki --- usr/local/share/bastille/bootstrap.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index ad97da4f..ffac5651 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -45,13 +45,13 @@ esac #Validate if ZFS is enabled in rc.conf and bastille.conf. if [ "$(sysrc -n zfs_enable)" = "YES" ] && [ ! "${bastille_zfs_enable}" = "YES" ]; then warn "ZFS is enabled in rc.conf but not bastille.conf. Do you want to continue? (N|y)" - read answer + read answer case $answer in no|No|n|N|"") error_exit "ERROR: Missing ZFS parameters. See bastille_zfs_enable." ;; yes|Yes|y|Y) - continue + # continue ;; esac fi @@ -85,7 +85,7 @@ validate_release_url() { info "Bootstrapping ${PLATFORM_OS} distfiles..." # Alternate RELEASE/ARCH fetch support - if [ "${OPTION}" = "--i386" -o "${OPTION}" = "--32bit" ]; then + if [ "${OPTION}" = "--i386" ] || [ "${OPTION}" = "--32bit" ]; then ARCH="i386" RELEASE="${RELEASE}-${ARCH}" fi @@ -253,12 +253,12 @@ bootstrap_release() { fi if [ -d "${bastille_cachedir}/${RELEASE}" ]; then if [ ! "$(ls -A "${bastille_cachedir}/${RELEASE}")" ]; then - rm -rf "${bastille_cachedir}/${RELEASE}" + rm -rf "${bastille_cachedir:?}/${RELEASE}" fi fi if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then if [ ! "$(ls -A "${bastille_releasesdir}/${RELEASE}")" ]; then - rm -rf "${bastille_releasesdir}/${RELEASE}" + rm -rf "${bastille_releasesdir:?}/${RELEASE}" fi fi error_exit "Bootstrap failed." @@ -266,8 +266,8 @@ bootstrap_release() { ## fetch for missing dist files if [ ! -f "${bastille_cachedir}/${RELEASE}/${_archive}.txz" ]; then - fetch "${UPSTREAM_URL}/${_archive}.txz" -o "${bastille_cachedir}/${RELEASE}/${_archive}.txz" - if [ "$?" -ne 0 ]; then + if ! fetch "${UPSTREAM_URL}/${_archive}.txz" -o "${bastille_cachedir}/${RELEASE}/${_archive}.txz"; + then ## alert only if unable to fetch additional dist files error_notify "Failed to fetch ${_archive}.txz." fi @@ -336,7 +336,7 @@ bootstrap_template() { $(which git) clone "${_url}" "${_template}" ||\ error_notify "Clone unsuccessful." elif [ -d "${_template}/.git" ]; then - cd "${_template}" && $(which git) pull ||\ + (cd "${_template}" && $(which git) pull) ||\ error_notify "Template update unsuccessful." fi fi @@ -352,7 +352,7 @@ OPTION="${2}" # Alternate RELEASE/ARCH fetch support(experimental) if [ -n "${OPTION}" ] && [ "${OPTION}" != "${HW_MACHINE}" ] && [ "${OPTION}" != "update" ]; then # Supported architectures - if [ "${OPTION}" = "--i386" -o "${OPTION}" = "--32bit" ]; then + if [ "${OPTION}" = "--i386" ] || [ "${OPTION}" = "--32bit" ]; then HW_MACHINE="i386" HW_MACHINE_ARCH="i386" else @@ -364,7 +364,7 @@ fi case "${1}" in 2.[0-9]*) ## check for MidnightBSD releases name - NAME_VERIFY=$(echo ${RELEASE}) + NAME_VERIFY=$(echo "${RELEASE}") UPSTREAM_URL="${bastille_url_midnightbsd}${HW_MACHINE_ARCH}/${NAME_VERIFY}" PLATFORM_OS="MidnightBSD" validate_release_url From 1a522cb3a87d66d25a7f0dafdf1ae0cb78c69513 Mon Sep 17 00:00:00 2001 From: Julien Dessaux Date: Wed, 9 Jun 2021 17:15:37 +0200 Subject: [PATCH 20/21] Fixes #338 Network access on jail startup --- usr/local/share/bastille/start.sh | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index d29a464c..9f2b095e 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -83,6 +83,8 @@ for _jail in ${JAILS}; do error_notify "Error: IP address (${ip}) already in use." continue fi + ## add ip4.addr to firewall table:jails + pfctl -q -t jails -T add "${ip}" fi ## start the container @@ -102,13 +104,6 @@ for _jail in ${JAILS}; do bastille rdr "${_jail}" ${_rules} done < "${bastille_jailsdir}/${_jail}/rdr.conf" fi - - ## add ip4.addr to firewall table:jails - if [ -n "${bastille_network_loopback}" ]; then - if grep -qw "interface.*=.*${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then - pfctl -q -t jails -T add "$(jls -j ${_jail} ip4.addr)" - fi - fi fi echo done From ad4c92055fee2a057aa5da385fcd727890f90993 Mon Sep 17 00:00:00 2001 From: Egor Kuzmichev Date: Sun, 13 Jun 2021 20:03:25 +0300 Subject: [PATCH 21/21] Update bootstrap.sh https://github.com/BastilleBSD/bastille/pull/390#discussion_r650394708 https://github.com/BastilleBSD/bastille/pull/390#discussion_r650396080 https://github.com/BastilleBSD/bastille/pull/390#discussion_r650396339 --- usr/local/share/bastille/bootstrap.sh | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index ffac5651..1a908758 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -50,9 +50,7 @@ if [ "$(sysrc -n zfs_enable)" = "YES" ] && [ ! "${bastille_zfs_enable}" = "YES" no|No|n|N|"") error_exit "ERROR: Missing ZFS parameters. See bastille_zfs_enable." ;; - yes|Yes|y|Y) - # continue - ;; + yes|Yes|y|Y) ;; esac fi @@ -266,8 +264,7 @@ bootstrap_release() { ## fetch for missing dist files if [ ! -f "${bastille_cachedir}/${RELEASE}/${_archive}.txz" ]; then - if ! fetch "${UPSTREAM_URL}/${_archive}.txz" -o "${bastille_cachedir}/${RELEASE}/${_archive}.txz"; - then + if ! fetch "${UPSTREAM_URL}/${_archive}.txz" -o "${bastille_cachedir}/${RELEASE}/${_archive}.txz"; then ## alert only if unable to fetch additional dist files error_notify "Failed to fetch ${_archive}.txz." fi @@ -328,15 +325,15 @@ bootstrap_template() { _template=${bastille_templatesdir}/${_user}/${_repo} ## support for non-git - if [ ! -x "$(which git)" ]; then + if ! which -s git; then error_notify "Git not found." error_exit "Not yet implemented." - elif [ -x "$(which git)" ]; then + else if [ ! -d "${_template}/.git" ]; then - $(which git) clone "${_url}" "${_template}" ||\ + git clone "${_url}" "${_template}" ||\ error_notify "Clone unsuccessful." elif [ -d "${_template}/.git" ]; then - (cd "${_template}" && $(which git) pull) ||\ + git -C "${_template}" pull ||\ error_notify "Template update unsuccessful." fi fi