From a3a7235da74b8ea96664ca6f8ca3941797317f9c Mon Sep 17 00:00:00 2001 From: tschettervictor Date: Tue, 2 Dec 2025 15:43:52 -0700 Subject: [PATCH 1/2] upgrade: many fixes --- usr/local/share/bastille/upgrade.sh | 62 ++++++++++++++++------------- 1 file changed, 34 insertions(+), 28 deletions(-) diff --git a/usr/local/share/bastille/upgrade.sh b/usr/local/share/bastille/upgrade.sh index 639ab4a6..710d71a9 100644 --- a/usr/local/share/bastille/upgrade.sh +++ b/usr/local/share/bastille/upgrade.sh @@ -104,7 +104,15 @@ thick_jail_check() { error_exit "Use [-a|--auto] to auto-start the jail." fi - if [ "${PLATFORM_OS}" = "FreeBSD" ]; then + # Verify PLATFORM_OS inside jail + JAIL_PLATFORM_OS="$(${bastille_jailsdir}/${TARGET}/root/bin/freebsd-version)" + if echo "${JAIL_PLATFORM_OS}" | grep -q "HBSD"; then + JAIL_PLATFORM_OS="HardenedBSD" + else + JAIL_PLATFORM_OS="FreeBSD" + fi + + if [ "${JAIL_PLATFORM_OS}" = "FreeBSD" ]; then # Set OLD_RELEASE OLD_RELEASE="$(${bastille_jailsdir}/${TARGET}/root/bin/freebsd-version 2>/dev/null)" @@ -117,13 +125,13 @@ thick_jail_check() { NEW_MAJOR_VERSION=$(echo ${NEW_RELEASE} | grep -Eo '^[0-9]+') # Validate PKGBASE or non-PKGBASE - if echo "${NEW_RELEASE}" | grep -oq "\-CURRENT"; then - FREEBSD_BRANCH="current" - else - FREEBSD_BRANCH="release" - fi if pkg -r "${bastille_jailsdir}/${TARGET}/root" which /usr/bin/uname > /dev/null 2>&1; then PKGBASE=1 + if echo "${NEW_RELEASE}" | grep -oq "\-CURRENT"; then + FREEBSD_BRANCH="current" + else + FREEBSD_BRANCH="release" + fi fi # Check if jail is already running NEW_RELEASE @@ -132,7 +140,7 @@ thick_jail_check() { error_exit "See 'bastille update TARGET' to update the jail." fi - elif [ "${PLATFORM_OS}" = "HardenedBSD" ]; then + elif [ "${JAIL_PLATFORM_OS}" = "HardenedBSD" ]; then # Set VERSION OLD_RELEASE="$(${bastille_jailsdir}/${TARGET}/root/bin/freebsd-version 2>/dev/null)" @@ -160,7 +168,7 @@ thin_jail_check() { error_exit "Use [-a|--auto] to auto-stop the jail." fi - # Set VERSION + # Set OLD_RELEASE OLD_RELEASE="$(bastille config ${TARGET} get osrelease)" if [ -z "${OLD_RELEASE}" ]; then error_exit "[ERROR]: Can't determine '${TARGET}' version." @@ -243,31 +251,29 @@ jail_upgrade() { else - if [ "${PLATFORM_OS}" = "FreeBSD" ]; then + if [ "${JAIL_PLATFORM_OS}" = "FreeBSD" ]; then local jailpath="${bastille_jailsdir}/${TARGET}/root" local work_dir="${jailpath}/var/db/freebsd-update" local freebsd_update_conf="${jailpath}/etc/freebsd-update.conf" # Upgrade a thick jail - env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron \ - --currently-running "${OLD_RELEASE}" \ - -j "${TARGET}" \ - -d "${work_dir}" \ - -f "${freebsd_update_conf}" \ - -r "${NEW_RELEASE}" upgrade + if env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron \ + --currently-running "${OLD_RELEASE}" \ + -j "${TARGET}" \ + -d "${work_dir}" \ + -f "${freebsd_update_conf}" \ + -r "${NEW_RELEASE}" upgrade; then - UPGRADED_RELEASE="$(${bastille_jailsdir}/${TARGET}/root/bin/freebsd-version 2>/dev/null)" - if [ "${OLD_RELEASE}" = "${UPGRADED_RELEASE}" ]; then - info "\nNo upgrades available.\n" - else # Update "osrelease" inside jail.conf using 'bastille config' bastille config ${TARGET} set osrelease ${UPGRADED_RELEASE} >/dev/null 2>/dev/null - warn "Please run 'bastille upgrade ${TARGET} install', restart the jail, then run 'bastille upgrade ${TARGET} install' again to finish installing updates." - echo + info "\nUpgraded ${TARGET}: ${OLD_RELEASE} > ${NEW_RELEASE}" + warn "\nPlease run 'bastille upgrade ${TARGET} install', restart the jail, then run 'bastille upgrade ${TARGET} install' again to finish installing the upgrade.\n" + else + info "\nNo upgrades available.\n" fi - elif [ "${PLATFORM_OS}" = "HardenedBSD" ]; then + elif [ "${JAIL_PLATFORM_OS}" = "HardenedBSD" ]; then local jailname="${TARGET}" local jailpath="${bastille_jailsdir}/${TARGET}/root" @@ -296,10 +302,10 @@ jail_upgrade() { -c "${hbsd_update_conf}" UPGRADED_RELEASE="$(${bastille_jailsdir}/${TARGET}/root/bin/freebsd-version 2>/dev/null)" - if [ "${OLD_RELEASE}" = "${UPGRADED_RELEASE}" ]; then - info "\nNo upgrades available.\n" - else + if [ "${OLD_RELEASE}" != "${UPGRADED_RELEASE}" ]; then info "\nUpgraded ${TARGET}: ${OLD_RELEASE} -> ${UPGRADED_RELEASE}\n" + else + info "\nNo upgrades available.\n" fi fi fi @@ -307,7 +313,7 @@ jail_upgrade() { jail_upgrade_pkgbase() { - if [ "${PLATFORM_OS}" = "FreeBSD" ]; then + if [ "${JAIL_PLATFORM_OS}" = "FreeBSD" ]; then local jailpath="${bastille_jailsdir}/${TARGET}/root" local abi="FreeBSD:${NEW_MAJOR_VERSION}:${HW_MACHINE_ARCH}" @@ -382,7 +388,7 @@ jail_upgrade_pkgbase() { jail_updates_install() { - if [ "${PLATFORM_OS}" = "FreeBSD" ]; then + if [ "${JAIL_PLATFORM_OS}" = "FreeBSD" ]; then local jailpath="${bastille_jailsdir}/${TARGET}/root" local work_dir="${jailpath}/var/db/freebsd-update" @@ -438,4 +444,4 @@ case ${NEW_RELEASE} in fi fi ;; -esac +esac \ No newline at end of file From 06f377c047d2c0139cc192042bd1bf3b92e06797 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 2 Dec 2025 15:46:44 -0700 Subject: [PATCH 2/2] conf: spacing and capitalization --- usr/local/etc/bastille/bastille.conf.sample | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/usr/local/etc/bastille/bastille.conf.sample b/usr/local/etc/bastille/bastille.conf.sample index da2c1a1f..7daae546 100644 --- a/usr/local/etc/bastille/bastille.conf.sample +++ b/usr/local/etc/bastille/bastille.conf.sample @@ -2,7 +2,7 @@ ## [ BastilleBSD ] ## ##################### -## default paths +## Default paths bastille_prefix="/usr/local/bastille" ## default: "/usr/local/bastille" bastille_backupsdir="${bastille_prefix}/backups" ## default: "${bastille_prefix}/backups" bastille_cachedir="${bastille_prefix}/cache" ## default: "${bastille_prefix}/cache" @@ -14,10 +14,10 @@ bastille_logsdir="/var/log/bastille" ## default ## pf configuration path bastille_pf_conf="/etc/pf.conf" ## default: "/etc/pf.conf" -## bastille scripts directory (assumed by bastille pkg) +## Bastille commands directory (assumed by bastille pkg) bastille_sharedir="/usr/local/share/bastille" ## default: "/usr/local/share/bastille" -## bootstrap archives, which components of the OS to install. +## Bootstrap archives, which components of the OS to install. ## base - The base OS, kernel + userland ## lib32 - Libraries for compatibility with 32 bit binaries ## ports - The FreeBSD ports (3rd party applications) tree @@ -27,7 +27,7 @@ bastille_sharedir="/usr/local/share/bastille" ## default ## bastille_bootstrap_archives="base lib32 ports src test" bastille_bootstrap_archives="base" ## default: "base" -## pkgbase package sets (used for FreeBSD 15+) +## Pkgbase package sets ## Any set with [-dbg] can be installed with debugging ## symbols by adding '-dbg' to the package set ## base[-dbg] - Base system @@ -45,16 +45,16 @@ bastille_bootstrap_archives="base" ## default ## bastille_pkgbase_packages="base-jail lib32-dbg src" bastille_pkgbase_packages="base-jail" ## default: "base-jail" -## default timezone +## Default timezone bastille_tzdata="" ## default: empty to use host's time zone -## default jail resolv.conf +## Default jail resolv.conf bastille_resolv_conf="/etc/resolv.conf" ## default: "/etc/resolv.conf" -## bootstrap urls -bastille_url_freebsd="http://ftp.freebsd.org/pub/FreeBSD/releases/" ## default: "http://ftp.freebsd.org/pub/FreeBSD/releases/" -bastille_url_hardenedbsd="https://installers.hardenedbsd.org/pub/" ## default: "https://installer.hardenedbsd.org/pub/HardenedBSD/releases/" -bastille_url_midnightbsd="https://www.midnightbsd.org/ftp/MidnightBSD/releases/" ## default: "https://www.midnightbsd.org/pub/MidnightBSD/releases/" +## Bootstrap URLs +bastille_url_freebsd="http://ftp.freebsd.org/pub/FreeBSD/releases/" ## default: "http://ftp.freebsd.org/pub/FreeBSD/releases/" +bastille_url_hardenedbsd="https://installers.hardenedbsd.org/pub/" ## default: "https://installer.hardenedbsd.org/pub/HardenedBSD/releases/" +bastille_url_midnightbsd="https://www.midnightbsd.org/ftp/MidnightBSD/releases/" ## default: "https://www.midnightbsd.org/pub/MidnightBSD/releases/" ## ZFS options bastille_zfs_enable="NO" ## default: "NO"