From 3c19c5b18346e2fea13a50f238f3b7cc8073a257 Mon Sep 17 00:00:00 2001 From: Jose Date: Fri, 24 Jul 2020 10:47:28 -0400 Subject: [PATCH 1/4] Initial alternate architecture fetch/create support --- usr/local/share/bastille/bootstrap.sh | 26 ++++++++++++++++++++++++-- usr/local/share/bastille/clone.sh | 2 +- usr/local/share/bastille/convert.sh | 2 +- usr/local/share/bastille/create.sh | 4 ++-- usr/local/share/bastille/destroy.sh | 4 ++-- usr/local/share/bastille/import.sh | 2 +- 6 files changed, 31 insertions(+), 9 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index ad2eb3e1..8b423c13 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -32,7 +32,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - echo -e "${COLOR_RED}Usage: bastille bootstrap [release|template] [update].${COLOR_RESET}" + echo -e "${COLOR_RED}Usage: bastille bootstrap [release|template] [update|arch].${COLOR_RESET}" exit 1 } @@ -58,7 +58,7 @@ if [ "${bastille_zfs_enable}" = "YES" ]; then fi ## check for the ZFS dataset prefix if already exist - if [ -d "/${bastille_zfs_zpool}/${bastille_zfs_prefix}" ]; then + if [ -d "/${bastille_zfs_zpool}/${bastille_zfs_prefix}" ]; then if ! zfs list "${bastille_zfs_zpool}/${bastille_zfs_prefix}" > /dev/null 2>&1; then echo -e "${COLOR_RED}ERROR: ${bastille_zfs_zpool}/${bastille_zfs_prefix} is not a ZFS dataset.${COLOR_RESET}" exit 1 @@ -75,6 +75,13 @@ validate_release_url() { exit 1 fi echo -e "${COLOR_GREEN}Bootstrapping ${PLATFORM_OS} distfiles...${COLOR_RESET}" + + # Alternate RELEASE/ARCH fetch support + if [ "${ARCH}" = "--i386" -o "${ARCH}" = "--32bit" ]; then + ARCH="i386" + RELEASE="${RELEASE}-${ARCH}" + fi + bootstrap_directories bootstrap_release else @@ -337,6 +344,21 @@ bootstrap_template() { HW_MACHINE=$(sysctl hw.machine | awk '{ print $2 }') HW_MACHINE_ARCH=$(sysctl hw.machine_arch | awk '{ print $2 }') RELEASE="${1}" +ARCH="${2}" + +# Alternate RELEASE/ARCH fetch support(experimental) +if [ -n "${ARCH}" ] && [ "${ARCH}" != "${HW_MACHINE}" ]; then + # Supported architectures + if [ "${ARCH}" = "--i386" -o "${ARCH}" = "--32bit" ]; then + HW_MACHINE="i386" + HW_MACHINE_ARCH="i386" + else + echo -e "${COLOR_RED}Unsupported architecture.${COLOR_RESET}" + exit 1 + fi +else + ARCH="" +fi ## Filter sane release names case "${1}" in diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 4cf55990..b96ab792 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -140,7 +140,7 @@ update_fstab() { # Update fstab to use the new name FSTAB_CONFIG="${bastille_jailsdir}/${NEWNAME}/fstab" if [ -f "${FSTAB_CONFIG}" ]; then - FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2])|([0-9]{1,2}-stable-build-[0-9]{1,3})|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)|(current-BUILD-LATEST)' "${FSTAB_CONFIG}") + FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-2])|([0-9]{1,2}-stable-build-[0-9]{1,3})|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)|(current-BUILD-LATEST)' "${FSTAB_CONFIG}") FSTAB_CURRENT=$(grep -w ".*/releases/.*/jails/${TARGET}/root/.bastille" "${FSTAB_CONFIG}") FSTAB_NEWCONF="${bastille_releasesdir}/${FSTAB_RELEASE} ${bastille_jailsdir}/${NEWNAME}/root/.bastille nullfs ro 0 0" if [ -n "${FSTAB_CURRENT}" ] && [ -n "${FSTAB_NEWCONF}" ]; then diff --git a/usr/local/share/bastille/convert.sh b/usr/local/share/bastille/convert.sh index bfe22166..870ad74b 100644 --- a/usr/local/share/bastille/convert.sh +++ b/usr/local/share/bastille/convert.sh @@ -115,7 +115,7 @@ start_convert() { echo -e "${COLOR_GREEN}Converting '${TARGET}' into a thickjail, this may take a while...${COLOR_RESET}" # Set some variables - RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2])|([0-9]{1,2}-stable-build-[0-9]{1,3})|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)|(current-BUILD-LATEST)' "${bastille_jailsdir}/${TARGET}/fstab") + RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-2])|([0-9]{1,2}-stable-build-[0-9]{1,3})|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)|(current-BUILD-LATEST)' "${bastille_jailsdir}/${TARGET}/fstab") FSTABMOD=$(grep -w "${bastille_releasesdir}/${RELEASE} ${bastille_jailsdir}/${TARGET}/root/.bastille" "${bastille_jailsdir}/${TARGET}/fstab") SYMLINKS="bin boot lib libexec rescue sbin usr/bin usr/include usr/lib usr/lib32 usr/libdata usr/libexec usr/ports usr/sbin usr/share usr/src" diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index a9ea9b3d..ef149e7b 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -458,9 +458,9 @@ fi if [ -z "${EMPTY_JAIL}" ]; then ## verify release case "${RELEASE}" in - *-RELEASE|*-release|*-RC1|*-rc1|*-RC2|*-rc2) + *-RELEASE|*-RELEASE-I386|*-RELEASE-i386|*-release|*-RC1|*-rc1|*-RC2|*-rc2) ## check for FreeBSD releases name - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2])$' | tr '[:lower:]' '[:upper:]') + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-2])$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') validate_release ;; *-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST) diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index 71f1090f..d64ace92 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -193,9 +193,9 @@ fi ## check what should we clean case "${TARGET}" in -*-RELEASE|*-release|*-RC1|*-rc1|*-RC2|*-rc2) +*-RELEASE|*-RELEASE-I386|*-RELEASE-i386|*-release|*-RC1|*-rc1|*-RC2|*-rc2) ## check for FreeBSD releases name - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2])$' | tr '[:lower:]' '[:upper:]') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-2])$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') destroy_rel ;; *-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST) diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index 6b64f6d3..a35a9599 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -120,7 +120,7 @@ update_fstab() { # Update fstab .bastille mountpoint on thin containers only # Set some variables FSTAB_CONFIG="${bastille_jailsdir}/${TARGET_TRIM}/fstab" - FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2])|([0-9]{1,2}-stable-build-[0-9]{1,3})|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)|(current-BUILD-LATEST)' "${FSTAB_CONFIG}") + FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-2])|([0-9]{1,2}-stable-build-[0-9]{1,3})|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)|(current-BUILD-LATEST)' "${FSTAB_CONFIG}") FSTAB_CURRENT=$(grep -w ".*/releases/.*/jails/${TARGET_TRIM}/root/.bastille" "${FSTAB_CONFIG}") FSTAB_NEWCONF="${bastille_releasesdir}/${FSTAB_RELEASE} ${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille nullfs ro 0 0" if [ -n "${FSTAB_CURRENT}" ] && [ -n "${FSTAB_NEWCONF}" ]; then From 3872f930639fa6c2b8be9f3471f2ea463063bcbf Mon Sep 17 00:00:00 2001 From: Jose Date: Fri, 24 Jul 2020 15:37:50 -0400 Subject: [PATCH 2/4] Post-creation jail misc configuration --- usr/local/share/bastille/create.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index ef149e7b..7c31d0d8 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -388,6 +388,14 @@ create_jail() { ## Generate minimal configuration for empty jail generate_minimal_conf fi + + # Post-creation jail misc configuration + # Creates a dummy fstab file + # Disables adjkerntz, avoids spurious error messages + # Set strict permissions on the jail by default + touch "etc/fstab" + sed -i '' 's|[0-9],[0-9]\{2\}.*[0-9]-[0-9].*root.*kerntz -a|#& # Disabled by bastille|' "etc/crontab" + chmod 0700 "${bastille_jailsdir}/${NAME}" } # Handle special-case commands first. From 709f00a2ac8a9d5758a04ff649e3728cc4a5193f Mon Sep 17 00:00:00 2001 From: Jose Date: Fri, 31 Jul 2020 04:07:58 -0400 Subject: [PATCH 3/4] Improve bastille/cp return status --- usr/local/bin/bastille | 1 + usr/local/share/bastille/cp.sh | 9 +++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index afeb489c..24896c13 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -172,4 +172,5 @@ if [ -f "${SCRIPTPATH}" ]; then else bastille_colors_pre echo -e "${COLOR_RED}${SCRIPTPATH} not found.${COLOR_RESET}" 1>&2 + exit 1 fi diff --git a/usr/local/share/bastille/cp.sh b/usr/local/share/bastille/cp.sh index b56f955c..ad2faaa2 100644 --- a/usr/local/share/bastille/cp.sh +++ b/usr/local/share/bastille/cp.sh @@ -61,6 +61,11 @@ fi for _jail in ${JAILS}; do bastille_jail_path="$(jls -j "${_jail}" path)" echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}" - cp -av "${CPSOURCE}" "${bastille_jail_path}/${CPDEST}" - echo + # Add line break and return status + if cp -av "${CPSOURCE}" "${bastille_jail_path}/${CPDEST}"; then + echo + else + echo + false + fi done From a0b0eadc684acc2ba59866e245fe0b3ca00ce7d5 Mon Sep 17 00:00:00 2001 From: Jose Date: Fri, 31 Jul 2020 08:51:47 -0400 Subject: [PATCH 4/4] Display return status on bastille cp batch/loop --- usr/local/share/bastille/cp.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/cp.sh b/usr/local/share/bastille/cp.sh index ad2faaa2..83dbf0b8 100644 --- a/usr/local/share/bastille/cp.sh +++ b/usr/local/share/bastille/cp.sh @@ -61,11 +61,13 @@ fi for _jail in ${JAILS}; do bastille_jail_path="$(jls -j "${_jail}" path)" echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}" - # Add line break and return status - if cp -av "${CPSOURCE}" "${bastille_jail_path}/${CPDEST}"; then - echo + cp -av "${CPSOURCE}" "${bastille_jail_path}/${CPDEST}" + RETURN="$?" + if [ "${TARGET}" = "ALL" ]; then + # Display the return status for reference + echo -e "Returned: ${RETURN}\n" else echo - false + return "${RETURN}" fi done