Merge remote-tracking branch 'upstream/master'

2025-12-26 15:30:45 +01:00 · 2021-07-12 14:52:36 -04:00
parent 92e9579e04 8005dd2081
commit 4999f0968f
5 changed files with 136 additions and 4 deletions
--- a/README.md
+++ b/README.md
@@ -292,6 +292,37 @@ bootstrapping templates from GitHub or GitLab.
 See `bastille update` to ensure your bootstrapped releases include the latest
 patches.

+**Ubuntu Linux [new since 0.9]**
+
+The bootstrap process for Linux containers is very different from the *BSD process.
+You will need the package debootstrap and some kernel modules for that.
+But don't worry, Bastille will do that for that for you.
+
+```shell
+ishmael ~ # bastille bootstrap focal
+sysrc: unknown variable 'linprocfs_load'
+sysrc: unknown variable 'linsysfs_load'
+sysrc: unknown variable 'tmpfs_load'
+linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you?  (N|y)
+#y
+Loading modules
+Persisting modules
+linux_enable:  -> YES
+linprocfs_load:  -> YES
+linsysfs_load:  -> YES
+tmpfs_load:  -> YES
+Debootstrap not found. Should it be installed? (N|y)
+#y
+FreeBSD repository is up to date.
+All repositories are up to date.
+Checking integrity... done (0 conflicting)
+The following 1 package(s) will be affected (of 0 checked):
+
+New packages to be INSTALLED:
+        debootstrap: 1.0.123_4
+[...]
+```
+As of 0.9.20210714 Bastille supports Ubuntu 18.04 (bionic) and Ubuntu 20.04 (focal).

 bastille create
 ---------------
@@ -381,6 +412,15 @@ shared base container is a "thin").
 ishmael ~ # bastille create -T folsom 12.0-RELEASE 10.17.89.10
 ```

+**Linux**
+```shell
+ishmael ~ # bastille create folsom focal 10.17.89.10
+```
+
+Systemd is not supported due to the missing boot process.
+
+
+
 I recommend using private (rfc1918) ip address ranges for your containers.
 These ranges include:

--- a/usr/local/share/bastille/bootstrap.sh
+++ b/usr/local/share/bastille/bootstrap.sh
@@ -429,11 +429,88 @@ http?://*/*/*)
    BASTILLE_TEMPLATE_REPO=$(echo "${1}" | awk -F / '{ print $5 }')
    bootstrap_template
    ;;
+#adding Ubuntu Bionic as valid "RELEASE" for POC @hackacad
+ubuntu_bionic|bionic|ubuntu-bionic)
+    #check and install OS dependencies @hackacad
+    if [ ! "$(sysrc -f /boot/loader.conf -n linprocfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n linsysfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n tmpfs_load)" = "YES" ]; then
+        warn "linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you?  (N|y)"
+        read  answer
+        case $answer in
+            no|No|n|N|"")
+                error_exit "Exiting."
+                ;;
+            yes|Yes|y|Y)
+                info "Loading modules"
+                kldload linux linux64 linprocfs linsysfs tmpfs
+                info "Persisting modules"
+                sysrc linux_enable=YES
+                sysrc -f /boot/loader.conf linprocfs_load=YES
+                sysrc -f /boot/loader.conf linsysfs_load=YES
+                sysrc -f /boot/loader.conf tmpfs_load=YES
+                ;;
+        esac
+    fi
+    if which -s debootstrap; then
+        debootstrap --foreign --arch=amd64 --no-check-gpg bionic "${bastille_releasesdir}"/Ubuntu_1804
+    else
+        warn "Debootstrap not found. Should it be installed? (N|y)"
+        read  answer
+        case $answer in
+            no|No|n|N|"")
+                error_exit "Exiting. You need to install debootstap before boostrapping a Linux jail."
+                ;;
+            yes|Yes|y|Y)
+                pkg install -y debootstrap
+                debootstrap --foreign --arch=amd64 --no-check-gpg bionic "${bastille_releasesdir}"/Ubuntu_1804
+                ;;
+        esac
+    fi
+    echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/Ubuntu_1804/etc/apt/apt.conf.d/00aptitude
+    ;;
+ubuntu_focal|focal|ubuntu-focal)
+    #check and install OS dependencies @hackacad
+    #ToDo: add function 'linux_pre' for sysrc etc.
+    if [ ! "$(sysrc -f /boot/loader.conf -n linprocfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n linsysfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n tmpfs_load)" = "YES" ]; then
+        warn "linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you?  (N|y)"
+        read  answer
+        case $answer in
+            no|No|n|N|"")
+                error_exit "Exiting."
+                ;;
+            yes|Yes|y|Y)
+                info "Loading modules"
+                kldload linux linux64 linprocfs linsysfs tmpfs
+                info "Persisting modules"
+                sysrc linux_enable=YES
+                sysrc -f /boot/loader.conf linprocfs_load=YES
+                sysrc -f /boot/loader.conf linsysfs_load=YES
+                sysrc -f /boot/loader.conf tmpfs_load=YES
+                ;;
+        esac
+    fi
+    if which -s debootstrap; then
+        debootstrap --foreign --arch=amd64 --no-check-gpg focal "${bastille_releasesdir}"/Ubuntu_2004
+    else
+        warn "Debootstrap not found. Should it be installed? (N|y)"
+        read  answer
+        case $answer in
+            no|No|n|N|"")
+                error_exit "Exiting. You need to install debootstap before boostrapping a Linux jail."
+                ;;
+            yes|Yes|y|Y)
+                pkg install -y debootstrap
+                debootstrap --foreign --arch=amd64 --no-check-gpg focal "${bastille_releasesdir}"/Ubuntu_2004
+                ;;
+        esac
+    fi
+    ;;
 *)
    usage
    ;;
 esac

+
+
 case "${OPTION}" in
 update)
    bastille update "${RELEASE}"
--- a/usr/local/share/bastille/console.sh
+++ b/usr/local/share/bastille/console.sh
@@ -53,7 +53,7 @@ validate_user() {
        USER_SHELL="$(jexec -l "${_jail}" getent passwd "${USER}" | cut -d: -f7)"
        if [ -n "${USER_SHELL}" ]; then
            if jexec -l "${_jail}" grep -qwF "${USER_SHELL}" /etc/shells; then
-                jexec -l "${_jail}" /usr/bin/login -f "${USER}"
+                jexec -l "${_jail}" $LOGIN -f "${USER}"
            else
                echo "Invalid shell for user ${USER}"
            fi
@@ -76,11 +76,12 @@ check_fib() {

 for _jail in ${JAILS}; do
    info "[${_jail}]:"
+    LOGIN="$(jexec -l "${_jail}" which login)"
    if [ -n "${USER}" ]; then
        validate_user
    else
-        check_fib
-        ${_setfib} jexec -l "${_jail}" /usr/bin/login -f root
+        LOGIN="$(jexec -l "${_jail}" which login)"
+        ${_setfib} jexec -l "${_jail}" $LOGIN -f root
    fi
    echo
 done
--- a/usr/local/share/bastille/list.sh
+++ b/usr/local/share/bastille/list.sh
@@ -158,7 +158,7 @@ if [ $# -gt 0 ]; then
        rctl -h jail:
        ;;
    import|imports|export|exports|backup|backups)
-        ls "${bastille_backupsdir}" | grep -Ev "*.sha256"
+        ls "${bastille_backupsdir}" | grep -v ".sha256$"
    exit 0
    ;;
    *)
--- a/usr/local/share/bastille/templates/default/linux/Bastillefile
+++ b/usr/local/share/bastille/templates/default/linux/Bastillefile
@@ -0,0 +1,14 @@
+PRE mkdir -p home
+PRE mkdir -p tmp
+
+
+FSTAB devfs           root/dev      devfs           rw                      0       0
+FSTAB tmpfs           dev/shm  tmpfs           rw,size=1g,mode=1777    0       0
+FSTAB fdescfs         dev/fd   fdescfs         rw,linrdlnk             0       0
+FSTAB linprocfs       proc     linprocfs       rw                      0       0
+FSTAB linsysfs        sys      linsysfs        rw                      0       0
+FSTAB /tmp            tmp      nullfs          rw                      0       0
+FSTAB /home           home     nullfs          rw                      0       0
+
+CMD mkdir etc/apt/apt.conf.d/00aptitude
+CMD echo "APT::Cache-Start 251658240;" > etc/apt/apt.conf.d/00aptitude