Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-18 00:00:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

finish refactor of line spacing

Browse Source
This commit is contained in:
tschettervictor
2025-05-01 17:39:50 -06:00
parent 8ffab02c85
commit 68f4aecddf
37 changed files with 399 additions and 319 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
usr/local/share/bastille/bootstrap.sh
View File

@@ -226,7 +226,7 @@ bootstrap_release() {
touch "${bastille_releasesdir}/${RELEASE}/root/.hushlogin"
touch "${bastille_releasesdir}/${RELEASE}/usr/share/skel/dot.hushlogin"
else
error_exit "Failed to extract ${_archive}.txz."
error_exit "[ERROR]: Failed to extract ${_archive}.txz."
fi
else
## get the manifest for dist files checksum validation
@@ -289,7 +289,7 @@ bootstrap_release() {
touch "${bastille_releasesdir}/${RELEASE}/root/.hushlogin"
touch "${bastille_releasesdir}/${RELEASE}/usr/share/skel/dot.hushlogin"
else
error_exit "Failed to extract ${_archive}.txz."
error_exit "[ERROR]: Failed to extract ${_archive}.txz."
fi
fi
fi
@@ -319,22 +319,22 @@ debootstrap_release() {
read answer
case "${answer}" in
[Nn][Oo]|[Nn]|"")
error_exit "Exiting."
error_exit "Cancelled, Exiting."
;;
[Yy][Ee][Ss]|[Yy])
# Skip already loaded known modules.
if ! kldstat -m ${_req_kmod} >/dev/null 2>&1; then
info "Loading kernel module: ${_req_kmod}"
info "\nLoading kernel module: ${_req_kmod}"
kldload -v ${_req_kmod}
fi
info "Persisting module: ${_req_kmod}"
info "\nPersisting module: ${_req_kmod}"
sysrc -f /boot/loader.conf ${_req_kmod}_load=YES
;;
esac
else
# If already set in /boot/loader.conf, check and try to load the module.
if ! kldstat -m ${_req_kmod} >/dev/null 2>&1; then
info "Loading kernel module: ${_req_kmod}"
info "\nLoading kernel module: ${_req_kmod}"
kldload -v ${_req_kmod}
fi
fi
@@ -343,10 +343,11 @@ debootstrap_release() {
# Mandatory Linux modules/rc.
for _lin_kmod in ${linuxarc_mods}; do
if ! kldstat -n ${_lin_kmod} >/dev/null 2>&1; then
info "Loading kernel module: ${_lin_kmod}"
info "\nLoading kernel module: ${_lin_kmod}"
kldload -v ${_lin_kmod}
fi
done
if [ ! "$(sysrc -qn linux_enable)" = "YES" ] && \
[ ! "$(sysrc -f /etc/rc.conf.local -qn linux_enable)" = "YES" ]; then
sysrc linux_enable=YES
@@ -357,7 +358,7 @@ debootstrap_release() {
read answer
case $answer in
[Nn][Oo]|[Nn]|"")
error_exit "Exiting. You need to install debootstap before boostrapping a Linux jail."
error_exit "[ERROR]: debootstrap is required for boostrapping a Linux jail."
;;
[Yy][Ee][Ss]|[Yy])
pkg install -y debootstrap
@@ -368,6 +369,7 @@ debootstrap_release() {
# Fetch the Linux flavor
info "\nFetching ${PLATFORM_OS} distfiles..."
if ! debootstrap --foreign --arch=${ARCH_BOOTSTRAP} --no-check-gpg ${LINUX_FLAVOR} "${bastille_releasesdir}"/${DIR_BOOTSTRAP}; then
## perform cleanup only for stale/empty directories on failure
if checkyesno bastille_zfs_enable; then
if [ -n "${bastille_zfs_zpool}" ]; then
@@ -376,6 +378,7 @@ debootstrap_release() {
fi
fi
fi
if [ -d "${bastille_releasesdir}/${DIR_BOOTSTRAP}" ]; then
if [ ! "$(ls -A "${bastille_releasesdir}/${DIR_BOOTSTRAP}")" ]; then
rm -rf "${bastille_releasesdir:?}/${DIR_BOOTSTRAP}"
@@ -463,7 +466,7 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
error_exit "Unknown Option: \"${1}\""
error_exit "[ERROR]: Unknown Option: \"${1}\""
;;
*)
break
@@ -491,7 +494,7 @@ if [ "$(sysrc -n zfs_enable)" = "YES" ] && ! checkyesno bastille_zfs_enable; the
esac
fi
# Validate ZFS parameters.
# Validate ZFS parameters
if checkyesno bastille_zfs_enable; then
## check for the ZFS pool and bastille prefix
if [ -z "${bastille_zfs_zpool}" ]; then
@@ -525,7 +528,7 @@ if [ -n "${OPTION}" ] && [ "${OPTION}" != "${HW_MACHINE}" ] && [ "${OPTION}" !=
HW_MACHINE="i386"
HW_MACHINE_ARCH="i386"
else
error_exit "Unsupported architecture."
error_exit "[ERROR]: Unsupported architecture."
fi
fi

34
usr/local/share/bastille/clone.sh
View File

@@ -76,7 +76,7 @@ while [ "$#" -gt 0 ]; do
a) AUTO=1 ;;
l) LIVE=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\""
*) error_exit "[ERROR]: Unknown Option: \"${1}\""
esac
done
shift
@@ -104,7 +104,7 @@ set_target_single "${TARGET}"
## don't allow for dots(.) in container names
if echo "${NEWNAME}" | grep -q "[.]"; then
error_exit "Container names may not contain a dot(.)!"
error_exit "[ERROR]: Jail names may not contain a dot(.)!"
fi
validate_ip() {
@@ -114,11 +114,16 @@ validate_ip() {
ip6=$(echo "${IP}" | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$))')
if [ -n "${ip6}" ]; then
info "\nValid: (${ip6})."
IP6_MODE="new"
elif { [ "${IP}" = "0.0.0.0" ] || [ "${IP}" = "DHCP" ]; } && [ "$(bastille config ${TARGET} get vnet)" = "enabled" ]; then
info "\nValid: (${IP})."
else
local IFS
if echo "${IP}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then
TEST_IP=$(echo "${IP}" | cut -d / -f1)
@@ -129,11 +134,13 @@ validate_ip() {
error_exit "Invalid: (${TEST_IP})"
fi
done
if ifconfig | grep -qwF "${TEST_IP}"; then
warn "\nWarning: IP address already in use (${TEST_IP})."
else
info "\nValid: (${IP})."
fi
else
error_exit "Invalid: (${IP})."
fi
@@ -223,6 +230,7 @@ update_jailconf_vnet() {
if echo ${_if} | grep -Eoq 'epair[0-9]+'; then
for _num in $(seq 0 "${_bastille_if_num_range}"); do
if ! echo "${_bastille_if_list}" | grep -oqswx "${_num}"; then
# Generate new epair name
if [ "$(echo -n "e${_num}a_${NEWNAME}" | awk '{print length}')" -lt 16 ]; then
local _new_host_epair="e${_num}a_${NEWNAME}"
@@ -231,6 +239,7 @@ update_jailconf_vnet() {
local _new_host_epair="epair${_num}a"
local _new_jail_epair="epair${_num}b"
fi
# Get epair name from TARGET
if grep -Eoq "e[0-9]+a_${TARGET}" "${_jail_conf}"; then
_target_host_epair="$(grep -Eo -m 1 "e[0-9]+a_${TARGET}" "${_jail_conf}")"
@@ -239,18 +248,22 @@ update_jailconf_vnet() {
_target_host_epair="${_if}a"
_target_jail_epair="${_if}b"
fi
# Replace host epair name in jail.conf
sed -i '' "s|up name ${_target_host_epair}|up name ${_new_host_epair}|g" "${_jail_conf}"
sed -i '' "s|${_target_host_epair} ether|${_new_host_epair} ether|g" "${_jail_conf}"
sed -i '' "s|deletem ${_target_host_epair}|deletem ${_new_host_epair}|g" "${_jail_conf}"
sed -i '' "s|${_target_host_epair} destroy|${_new_host_epair} destroy|g" "${_jail_conf}"
sed -i '' "s|${_target_host_epair} description|${_new_host_epair} description|g" "${_jail_conf}"
# Replace jail epair name in jail.conf
sed -i '' "s|= ${_target_jail_epair};|= ${_new_jail_epair};|g" "${_jail_conf}"
sed -i '' "s|up name ${_target_jail_epair}|up name ${_new_jail_epair}|g" "${_jail_conf}"
sed -i '' "s|${_target_jail_epair} ether|${_new_jail_epair} ether|g" "${_jail_conf}"
# Replace epair name in jail.conf
sed -i '' "s|${_if}|epair${_num}|g" "${_jail_conf}"
# If jail had a static MAC, generate one for clone
if grep -q ether ${_jail_conf}; then
local external_interface="$(grep "epair${_num}a" ${_jail_conf} | grep -o '[^ ]* addm' | awk '{print $1}')"
@@ -258,8 +271,10 @@ update_jailconf_vnet() {
sed -i '' "s|${_new_host_epair} ether.*:.*:.*:.*:.*:.*a\";|${_new_host_epair} ether ${macaddr}a\";|" "${_jail_conf}"
sed -i '' "s|${_new_jail_epair} ether.*:.*:.*:.*:.*:.*b\";|${_new_jail_epair} ether ${macaddr}b\";|" "${_jail_conf}"
fi
# Replace epair description
sed -i '' "/${_new_host_epair}/ s|vnet host interface for Bastille jail ${TARGET}|vnet host interface for Bastille jail ${NEWNAME}|g" "${_jail_conf}"
# Update /etc/rc.conf
local _jail_vnet="$(grep ${_target_jail_epair} "${_rc_conf}" | grep -Eo -m 1 "vnet[0-9]+")"
local _jail_vnet_vlan="$(grep "vlans_${_jail_vnet}" "${_rc_conf}" | sed 's/.*=//g')"
@@ -288,17 +303,21 @@ update_jailconf_vnet() {
break
fi
done
# Update VNET (non-bridged) config
elif echo ${_if} | grep -Eoq 'e[0-9]+b_bastille[0-9]+'; then
# Update VNET config
_if="$(echo ${_if} | grep -Eo 'bastille[0-9]+')"
for _num in $(seq 0 "${_bastille_if_num_range}"); do
if ! echo "${_bastille_if_list}" | grep -oqswx "${_num}"; then
# Update jail.conf epair name
local _jail_if="bastille${_num}"
local _jail_vnet="$(grep ${_if} "${_rc_conf}" | grep -Eo -m 1 "vnet[0-9]+")"
local _jail_vnet_vlan="$(grep "vlans_${_jail_vnet}" "${_rc_conf}" | sed 's/.*=//g')"
sed -i '' "s|${_if}|${_jail_if}|g" "${_jail_conf}"
# If jail had a static MAC, generate one for clone
if grep ether ${_jail_conf} | grep -qoc ${_jail_if}; then
local external_interface="$(grep ${_jail_if} ${_jail_conf} | grep -o 'addm.*' | awk '{print $3}' | sed 's/["|;]//g')"
@@ -307,6 +326,7 @@ update_jailconf_vnet() {
sed -i '' "s|${_jail_if} ether.*:.*:.*:.*:.*:.*b\";|${_jail_if} ether ${macaddr}b\";|" "${_jail_conf}"
fi
sed -i '' "/${_jail_if}/ s|vnet host interface for Bastille jail ${TARGET}|vnet host interface for Bastille jail ${NEWNAME}|g" "${_jail_conf}"
# Update /etc/rc.conf
sed -i '' "s|ifconfig_e0b_${_if}_name|ifconfig_e0b_${_jail_if}_name|" "${_rc_conf}"
if grep "vnet0" "${_rc_conf}" | grep -q ${_jail_if}; then
@@ -333,22 +353,26 @@ update_jailconf_vnet() {
break
fi
done
# Update netgraph VNET (non-bridged) config
elif echo ${_if} | grep -Eoq 'ng[0-9]+_bastille[0-9]+'; then
_if="$(echo ${_if} | grep -Eo 'bastille[0-9]+')"
for _num in $(seq 0 "${_bastille_if_num_range}"); do
if ! echo "${_bastille_if_list}" | grep -oqswx "${_num}"; then
# Update jail.conf epair name
local _jail_if="bastille${_num}"
local _jail_vnet="$(grep ${_if} "${_rc_conf}" | grep -Eo -m 1 "vnet[0-9]+")"
local _jail_vnet_vlan="$(grep "vlans_${_jail_vnet}" "${_rc_conf}" | sed 's/.*=//g')"
sed -i '' "s|${_if}|${_jail_if}|g" "${_jail_conf}"
# If jail had a static MAC, generate one for clone
if grep ether ${_jail_conf} | grep -qoc ${_jail_if}; then
local external_interface="$(grep ${_jail_if} ${_jail_conf} | grep -o 'jng bridge.*' | awk '{print $4}' | sed 's/["|;]//g')"
generate_static_mac "${NEWNAME}" "${external_interface}"
sed -i '' "s|${_jail_if} ether.*:.*:.*:.*:.*:.*a\";|${_jail_if} ether ${macaddr}a\";|" "${_jail_conf}"
fi
# Update /etc/rc.conf
sed -i '' "s|ifconfig_ng0_${_if}_name|ifconfig_ng0_${_jail_if}_name|" "${_rc_conf}"
if grep "vnet0" "${_rc_conf}" | grep -q ${_jail_if}; then
@@ -388,7 +412,7 @@ clone_jail() {
# Validate jail state
if [ "${LIVE}" -eq 1 ]; then
if ! check_target_is_running "${TARGET}"; then
error_exit "[-l|--live] can only be used with a running jail."
error_exit "[ERROR]: [-l|--live] can only be used with a running jail."
fi
elif ! check_target_is_stopped "${TARGET}"; then
if [ "${AUTO}" -eq 1 ]; then
@@ -436,7 +460,7 @@ clone_jail() {
fi
else
error_exit "${NEWNAME} already exists."
error_exit "[ERROR]: ${NEWNAME} already exists."
fi
# Generate jail configuration files
@@ -445,7 +469,7 @@ clone_jail() {
# Display exit status
if [ "$?" -ne 0 ]; then
error_exit "An error has occurred while attempting to clone '${TARGET}'."
error_exit "[ERROR]: An error has occurred while attempting to clone '${TARGET}'."
else
info "\nCloned '${TARGET}' to '${NEWNAME}' successfully."
fi

4
usr/local/share/bastille/cmd.sh
View File

@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -91,7 +91,7 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do
# Validate jail state before continuing
# Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
else

2
usr/local/share/bastille/config.sh
View File

@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
error_notify "Unknown Option: \"${1}\""
error_notify "[ERROR]: Unknown Option: \"${1}\""
usage
;;
*)

4
usr/local/share/bastille/console.sh
View File

@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in
x) enable_debug ;;
a) AUTO=1 ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -112,6 +112,7 @@ check_fib() {
local _jail="${1}"
fib=$(grep 'exec.fib' "${bastille_jailsdir}/${_jail}/jail.conf" | awk '{print $3}' | sed 's/\;//g')
if [ -n "${fib}" ]; then
_setfib="setfib -F ${fib}"
else
@@ -121,6 +122,7 @@ check_fib() {
for _jail in ${JAILS}; do
# Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
else

50
usr/local/share/bastille/convert.sh
View File

@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -82,7 +82,7 @@ CONVERT_RELEASE="${2}"
bastille_root_check
set_target_single "${TARGET}"
# Validate jail state before continuing
# Validate jail state
check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
bastille stop "${TARGET}"
else
@@ -91,17 +91,15 @@ else
error_exit "Use [-a|--auto] to auto-stop the jail."
fi
info "\n[${TARGET}]:"
validate_release_name() {
local _name=${1}
local _sanity="$(echo "${_name}" | tr -c -d 'a-zA-Z0-9-_')"
if [ -n "$(echo "${_sanity}" | awk "/^[-_].*$/" )" ]; then
error_exit "Release names may not begin with (-|_) characters!"
error_exit "[ERROR]: Release names may not begin with (-|_) characters!"
elif [ "${_name}" != "${_sanity}" ]; then
error_exit "Release names may not contain special characters!"
error_exit "[ERROR]: Release names may not contain special characters!"
fi
}
@@ -111,7 +109,7 @@ convert_jail_to_release() {
_jailname="${1}"
_release="${2}"
echo "Creating ${_release} from ${_jailname}..."
info "\nAttempting to create '${_release}' from '${_jailname}'..."
if checkyesno bastille_zfs_enable; then
if [ -n "${bastille_zfs_zpool}" ]; then
@@ -144,7 +142,7 @@ convert_jail_to_release() {
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${_release}"
error_exit "Failed to create release. Please retry!"
else
info "Created ${_release} from ${_jailname}"
info "\nCreated '${_release}' from '${_jailname}'\n"
fi
else
## copy all files for thick jails
@@ -152,9 +150,9 @@ convert_jail_to_release() {
if [ "$?" -ne 0 ]; then
## notify and clean stale files/directories
bastille destroy -af "${NAME}"
error_exit "Failed to create release. Please retry!"
error_exit "[ERROR]: Failed to create release. Please retry!"
else
info "Created ${_release} from ${_jailname}\n"
info "\nCreated '${_release}' from '${_jailname}'\n"
fi
fi
}
@@ -171,7 +169,7 @@ convert_symlinks() {
done
# Copy new files to destination jail
echo "Copying required base files to container..."
info "\nCopying required base files to container..."
for _link in ${SYMLINKS}; do
if [ ! -d "${_link}" ]; then
if [ -d "${bastille_releasesdir}/${RELEASE}/${_link}" ]; then
@@ -190,13 +188,13 @@ convert_symlinks() {
fi
done
else
error_exit "Release must be bootstrapped first. See 'bastille bootstrap'."
error_exit "[ERROR]: Release must be bootstrapped first. See 'bastille bootstrap'."
fi
}
revert_convert() {
# Revert the conversion on first cp error
error_notify "A problem has occurred while copying the files. Reverting changes..."
error_notify "[ERROR]: A problem has occurred while copying the files. Reverting changes..."
for _link in ${SYMLINKS}; do
if [ -d "${_link}" ]; then
chflags -R noschg "${bastille_jailsdir}/${TARGET}/root/${_link}"
@@ -214,10 +212,13 @@ revert_convert() {
}
start_convert() {
# Attempt container conversion and handle some errors
DATE=$(date)
if [ -d "${bastille_jailsdir}/${TARGET}" ]; then
info "Converting '${TARGET}' into a thickjail. This may take a while..."
info "\nConverting '${TARGET}' into a thickjail. This may take a while..."
# Set some variables
RELEASE=$(grep -w "${bastille_releasesdir}/.* ${bastille_jailsdir}/${TARGET}/root/.bastille" ${bastille_jailsdir}/${TARGET}/fstab | sed "s|${bastille_releasesdir}/||;s| .*||")
@@ -235,18 +236,18 @@ start_convert() {
sed -i '' -E "s|${FSTABMOD}|# Converted from thin to thick container on ${DATE}|g" "${bastille_jailsdir}/${TARGET}/fstab"
if [ -n "${HASPORTS}" ]; then
sed -i '' -E "s|${HASPORTS}|# Ports copied from base to container on ${DATE}|g" "${bastille_jailsdir}/${TARGET}/fstab"
info "Copying ports to container..."
info "\nCopying ports to container..."
cp -a "${bastille_releasesdir}/${RELEASE}/usr/ports" "${bastille_jailsdir}/${TARGET}/root/usr"
fi
mv "${bastille_jailsdir}/${TARGET}/root/.bastille" "${bastille_jailsdir}/${TARGET}/root/.bastille.old"
info "Conversion of '${TARGET}' completed successfully!\n"
info "\nConversion of '${TARGET}' completed successfully!\n"
exit 0
else
error_exit "Can't determine release version. See 'bastille bootstrap'."
error_exit "[ERROR]: Can't determine release version. See 'bastille bootstrap'."
fi
else
error_exit "${TARGET} not found. See 'bastille create'."
error_exit "[ERROR]: ${TARGET} not found. See 'bastille create'."
fi
}
@@ -256,15 +257,15 @@ if [ "$#" -eq 1 ]; then
# Check if jail is a thin jail
if [ ! -d "${bastille_jailsdir}/${TARGET}/root/.bastille" ]; then
error_exit "${TARGET} is not a thin container."
error_exit "[ERROR]: ${TARGET} is not a thin container."
elif ! grep -qw ".bastille" "${bastille_jailsdir}/${TARGET}/fstab"; then
error_exit "${TARGET} is not a thin container."
error_exit "[ERROR]: ${TARGET} is not a thin container."
fi
# Make sure the user agree with the conversion
# Be interactive here since this cannot be easily undone
while :; do
error_notify "Warning: container conversion from thin to thick can't be undone!"
warn "\n[WARNING]: Jail conversion from thin to thick can't be undone!\n"
# shellcheck disable=SC2162
# shellcheck disable=SC3045
read -p "Do you really wish to convert '${TARGET}' into a thick container? [y/N]:" yn
@@ -273,13 +274,16 @@ if [ "$#" -eq 1 ]; then
[Nn]) exit 0;;
esac
done
elif [ "$#" -eq 2 ]; then
# Check if jail is a thick jail
if [ -d "${bastille_jailsdir}/${TARGET}/root/.bastille" ]; then
error_exit "${TARGET} is not a thick jail."
error_exit "[ERROR]: ${TARGET} is not a thick jail."
elif grep -qw ".bastille" "${bastille_jailsdir}/${TARGET}/fstab"; then
error_exit "${TARGET} is not a thick jail."
error_exit "[ERROR]: ${TARGET} is not a thick jail."
fi
validate_release_name "${CONVERT_RELEASE}"
convert_jail_to_release "${TARGET}" "${CONVERT_RELEASE}"
else

6
usr/local/share/bastille/cp.sh
View File

@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in
q) OPTION="-a" ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -95,7 +95,9 @@ for _jail in ${JAILS}; do
jail_path="$(echo ${bastille_jailsdir}/${_jail}/root/${JAIL_PATH} | sed 's#//#/#g')"
if ! cp "${OPTION}" "${host_path}" "${jail_path}"; then
error_continue "CP failed: ${host_path} -> ${jail_path}"
error_continue "[ERROR]: CP failed: ${host_path} -> ${jail_path}"
fi
done
echo

31
usr/local/share/bastille/create.sh
View File

@@ -65,11 +65,11 @@ validate_name() {
local NAME_SANITY="$(echo "${NAME_VERIFY}" | tr -c -d 'a-zA-Z0-9-_')"
if [ -n "$(echo "${NAME_SANITY}" | awk "/^[-_].*$/" )" ]; then
error_exit "Container names may not begin with (-|_) characters!"
error_exit "[ERROR]: Jail names may not begin with (-|_) characters!"
elif [ "${NAME_VERIFY}" != "${NAME_SANITY}" ]; then
error_exit "Container names may not contain special characters!"
error_exit "[ERROR]: Jail names may not contain special characters!"
elif echo "${NAME_VERIFY}" | grep -qE '^[0-9]+$'; then
error_exit "Container names may not contain only digits."
error_exit "[ERROR]: Jail names may not contain only digits."
fi
}
@@ -79,11 +79,16 @@ validate_ip() {
_ip6=$(echo "${_ip}" | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$)|SLAAC)')
if [ -n "${_ip6}" ]; then
info "\nValid: (${_ip6})."
ipx_addr="ip6.addr"
else
if [ "${_ip}" = "inherit" ] || [ "${_ip}" = "ip_hostname" ] || [ "${_ip}" = "DHCP" ] || [ "${_ip}" = "SYNCDHCP" ]; then
info "\nValid: (${_ip})."
else
local IFS
if echo "${_ip}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then
@@ -177,7 +182,7 @@ validate_netif() {
if echo "${LIST_INTERFACES} VNET" | grep -qwo "${INTERFACE}"; then
info "\nValid: (${INTERFACE})."
else
error_exit "Invalid: (${INTERFACE})."
error_exit "[ERROR]: Invalid: (${INTERFACE})."
fi
}
@@ -446,7 +451,7 @@ create_jail() {
if ! cp -a "${bastille_releasesdir}/${RELEASE}/${files}" "${bastille_jail_path}/${files}"; then
## notify and clean stale files/directories
bastille destroy -af "${NAME}"
error_exit "Failed to copy release files. Please retry create!"
error_exit "[ERROR]: Failed to copy release files. Please retry create!"
fi
fi
done
@@ -466,9 +471,10 @@ create_jail() {
# Check and apply required settings.
post_create_jail
elif [ -n "${THICK_JAIL}" ]; then
info "\nCreating a thickjail. This may take a while...\n"
## perform release base replication
info "\nCreating a thickjail. This may take a while..."
## perform release base replication
## sane bastille zfs options
ZFS_OPTIONS=$(echo ${bastille_zfs_options} | sed 's/-o//g')
## send without -R if encryption is enabled
@@ -500,7 +506,7 @@ create_jail() {
if [ "$?" -ne 0 ]; then
## notify and clean stale files/directories
bastille destroy -af "${NAME}"
error_exit "Failed release base replication. Please retry create!"
error_exit "[ERROR]: Failed release base replication. Please retry create!"
fi
fi
else
@@ -588,7 +594,7 @@ create_jail() {
if [ -z "${EMPTY_JAIL}" ]; then
if ! check_target_is_running "${NAME}"; then
bastille destroy -af "${NAME}"
error_exit "[${NAME}]: Failed to create jail..."
error_exit "[ERROR]: Failed to create jail: ${NAME}"
fi
fi
@@ -601,6 +607,7 @@ create_jail() {
_gateway6=''
_ifconfig_inet=''
_ifconfig_inet6=''
if echo "${IP}" | grep -qE '(0[.]0[.]0[.]0|DHCP)'; then
# Enable DHCP if requested
_ifconfig_inet=SYNCDHCP
@@ -659,7 +666,7 @@ create_jail() {
fi
## Using templating function to fetch necessary packges @hackacad
elif [ -n "${LINUX_JAIL}" ]; then
info "Fetching packages..."
info "\nFetching packages..."
jexec -l "${NAME}" /bin/bash -c "DEBIAN_FRONTEND=noninteractive rm /var/cache/apt/archives/rsyslog*.deb"
jexec -l "${NAME}" /bin/bash -c "DEBIAN_FRONTEND=noninteractive dpkg --force-depends --force-confdef --force-confold -i /var/cache/apt/archives/*.deb"
jexec -l "${NAME}" /bin/bash -c "DEBIAN_FRONTEND=noninteractive dpkg --force-depends --force-confdef --force-confold -i /var/cache/apt/archives/*.deb"
@@ -786,7 +793,7 @@ while [ $# -gt 0 ]; do
T) THICK_JAIL=1 ;;
V) VNET_JAIL=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -804,7 +811,7 @@ if [ -n "${EMPTY_JAIL}" ]; then
fi
elif [ -n "${LINUX_JAIL}" ]; then
if [ -n "${EMPTY_JAIL}" ] || [ -n "${VNET_JAIL}" ] || [ -n "${THICK_JAIL}" ] || [ -n "${CLONE_JAIL}" ]; then
error_exit "Error: Linux jail option can't be used with other options."
error_exit "[ERROR]: Linux jail option can't be used with other options."
fi
elif [ -n "${CLONE_JAIL}" ] && [ -n "${THICK_JAIL}" ]; then
error_exit "[ERROR]: Clonejail and Thickjail can't be used together."

19
usr/local/share/bastille/destroy.sh
View File

@@ -73,7 +73,7 @@ destroy_jail() {
mount_points="$(mount | cut -d ' ' -f 3 | grep ${bastille_jail_base}/root/)"
if [ -n "${mount_points}" ]; then
error_notify "Failed to destroy jail: ${_jail}"
error_notify "[ERROR]: Failed to destroy jail: ${_jail}"
error_continue "Jail has mounted filesystems:\n$mount_points"
fi
@@ -139,10 +139,13 @@ destroy_rel() {
## check if this release have containers child
BASE_HASCHILD="0"
if [ -d "${bastille_jailsdir}" ]; then
JAIL_LIST=$(ls "${bastille_jailsdir}" | sed "s/\n//g")
for _jail in ${JAIL_LIST}; do
if grep -qwo "${TARGET}" "${bastille_jailsdir}/${_jail}/fstab" 2>/dev/null; then
error_notify "Notice: (${_jail}) depends on ${TARGET} base."
error_notify "[ERROR]: (${_jail}) depends on ${TARGET} base."
BASE_HASCHILD="1"
elif checkyesno bastille_zfs_enable; then
if [ -n "${bastille_zfs_zpool}" ]; then
@@ -154,7 +157,7 @@ destroy_rel() {
CLONE_JAIL=$(zfs list -H -o clones "${_snap_clone}" | tr ',' '\n')
CLONE_CHECK="${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}/root"
if echo "${CLONE_JAIL}" | grep -qw "${CLONE_CHECK}"; then
error_notify "Notice: (${_jail}) depends on ${TARGET} base."
error_notify "[ERROR]: (${_jail}) depends on ${TARGET} base."
BASE_HASCHILD="1"
fi
fi
@@ -166,10 +169,10 @@ destroy_rel() {
fi
if [ ! -d "${bastille_rel_base}" ]; then
error_exit "Release base not found."
error_exit "[ERROR]: Release base not found."
else
if [ "${BASE_HASCHILD}" -eq "0" ]; then
echo "Deleting base..."
echo "Deleting release base..."
if checkyesno bastille_zfs_enable; then
if [ -n "${bastille_zfs_zpool}" ]; then
if [ -n "${TARGET}" ]; then
@@ -202,7 +205,7 @@ destroy_rel() {
fi
fi
else
error_notify "Cannot destroy base with child containers."
error_notify "[ERROR]: Cannot destroy base with child containers."
fi
fi
}
@@ -239,7 +242,7 @@ while [ "$#" -gt 0 ]; do
c) NO_CACHE=1 ;;
f) FORCE=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -311,3 +314,5 @@ case "${TARGET}" in
destroy_jail "${JAILS}"
;;
esac
echo

2
usr/local/share/bastille/edit.sh
View File

@@ -55,7 +55,7 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
error_notify "Unknown Option: \"${1}\""
error_notify "[ERROR]: Unknown Option: \"${1}\""
usage
;;
*)

20
usr/local/share/bastille/etcupdate.sh
View File

@@ -52,7 +52,7 @@ bootstrap_etc_release() {
sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives=src
if ! bastille bootstrap "${_release}" > /dev/null; then
sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives="${_current}"
error_exit "Failed to bootstrap etcupdate: ${_release}"
error_exit "[ERROR]: Failed to bootstrap etcupdate: ${_release}"
else
sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives="${_current}"
fi
@@ -64,22 +64,22 @@ bootstrap_etc_tarball() {
local _release="${1}"
if [ ! -f ${bastille_cachedir}/${_release}.tbz2 ]; then
echo "Building tarball, please wait..."
info "\nBuilding tarball, please wait..."
if ! etcupdate build -d /tmp/etcupdate -s ${bastille_releasesdir}/${_release}/usr/src ${bastille_cachedir}/${_release}.tbz2; then
error_exit "Failed to build etcupdate tarball \"${_release}.tbz2\""
error_exit "[ERROR]: Failed to build etcupdate tarball \"${_release}.tbz2\""
else
info "Etcupdate bootstrap complete: ${_release}"
info "\nEtcupdate bootstrap complete: ${_release}"
fi
elif [ -f ${bastille_cachedir}/${_release}.tbz2 ] && [ "${FORCE}" -eq 1 ]; then
rm -f "${bastille_cachedir}/${_release}.tbz2"
echo "Building tarball, please wait..."
info "\nBuilding tarball, please wait..."
if ! etcupdate build -d /tmp/etcupdate -s ${bastille_releasesdir}/${_release}/usr/src ${bastille_cachedir}/${_release}.tbz2; then
error_exit "[ERROR]: Failed to build etcupdate tarball: ${_release}.tbz2"
else
info "Etcupdate bootstrap complete: ${_release}"
info "\nEtcupdate bootstrap complete: ${_release}"
fi
else
info "Etcupdate release has already been prepared for application: ${_release}"
info "\nEtcupdate release has already been prepared for application: ${_release}"
fi
}
@@ -113,7 +113,7 @@ update_jail_etc() {
local _release="${2}"
if [ ! -f ${bastille_cachedir}/${_release}.tbz2 ]; then
error_exit "Error: Please run \"bastille etcupdate bootstrap RELEASE\" first."
error_exit "[ERROR]: Please run 'bastille etcupdate bootstrap RELEASE' first."
fi
if [ "${DRY_RUN}" -eq 1 ]; then
echo "Running: etcupdate update --dry-run"
@@ -173,7 +173,7 @@ while [ "$#" -gt 0 ]; do
usage
else
RELEASE="${2}"
info "Attempting to bootstrap etcupdate release: ${RELEASE}..."
info "\nAttempting to bootstrap etcupdate release: ${RELEASE}..."
bootstrap_etc_release "${RELEASE}"
bootstrap_etc_tarball "${RELEASE}"
shift "$#"
@@ -206,7 +206,7 @@ while [ "$#" -gt 0 ]; do
fi
;;
*)
error_exit "Unknown action: \"${ACTION}\""
error_exit "[ERROR]: Unknown action: \"${ACTION}\""
;;
esac
;;

38
usr/local/share/bastille/export.sh
View File

@@ -119,7 +119,7 @@ if [ -n "${bastille_export_options}" ]; then
-v|--verbose)
OPT_ZSEND="-Rv"
shift;;
-*) error_notify "Unknown Option: \"${1}\""
-*) error_notify "[ERROR]: Unknown Option: \"${1}\""
usage;;
esac
done
@@ -170,7 +170,7 @@ else
shift
;;
-*)
error_notify "Unknown Option: \"${1}\""
error_notify "[ERROR]: Unknown Option: \"${1}\""
usage
;;
*)
@@ -198,11 +198,11 @@ info "\n[${_jail}]:"
# Validate for combined options
if [ "${COMP_OPTION}" -gt "1" ]; then
error_exit "Error: Only one compression format can be used during export."
error_exit "[ERROR]: Only one compression format can be used during export."
fi
if { [ -n "${TXZ_EXPORT}" ] || [ -n "${TGZ_EXPORT}" ]; } && [ -n "${SAFE_EXPORT}" ]; then
error_exit "Error: Simple archive modes with safe ZFS export can't be used together."
error_exit "[ERROR]: Simple archive modes with safe ZFS export can't be used together."
fi
if ! checkyesno bastille_zfs_enable; then
@@ -211,7 +211,7 @@ if ! checkyesno bastille_zfs_enable; then
[ -n "${RAW_EXPORT}" ] ||
[ -n "${SAFE_EXPORT}" ] ||
[ "${OPT_ZSEND}" = "-Rv" ]; then
error_exit "Options --xz, --gz, --raw, --safe, and --verbose are valid for ZFS configured systems only."
error_exit "[ERROR]: Options --xz, --gz, --raw, --safe, and --verbose are valid for ZFS configured systems only."
fi
fi
@@ -228,7 +228,7 @@ if [ -n "${DIR_EXPORT}" ]; then
# Set the user defined export directory
bastille_backupsdir="${DIR_EXPORT}"
else
error_exit "Error: Path not found."
error_exit "[ERROR]: Path not found."
fi
fi
@@ -243,7 +243,7 @@ fi
create_zfs_snap() {
# Take a recursive temporary snapshot
if [ -z "${USER_EXPORT}" ]; then
echo "Creating temporary ZFS snapshot for export..."
info "\nCreating temporary ZFS snapshot for export..."
fi
zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_${TARGET}_${DATE}"
}
@@ -279,7 +279,7 @@ export_check() {
EXPORT_INFO="to a compressed ${FILE_EXT} ${EXPORT_TYPE}"
fi
echo "${EXPORT_AS} '${TARGET}' ${EXPORT_INFO}..."
info "\n${EXPORT_AS} '${TARGET}' ${EXPORT_INFO}..."
fi
# Safely stop and snapshot the jail
@@ -293,7 +293,7 @@ export_check() {
if checkyesno bastille_zfs_enable; then
if [ -z "${USER_EXPORT}" ]; then
echo "Sending ZFS data stream..."
info "\nSending ZFS data stream..."
fi
fi
}
@@ -336,7 +336,7 @@ jail_export() {
# Quietly export the container recursively, user must redirect standard output
if ! zfs send ${OPT_ZSEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_${TARGET}_${DATE}"; then
clean_zfs_snap
error_notify "\nError: An export option is required, see 'bastille export, otherwise the user must redirect to standard output."
error_exit "[ERROR]: An export option is required, see 'bastille export, otherwise the user must redirect to standard output."
fi
fi
fi
@@ -345,28 +345,28 @@ jail_export() {
FILE_EXT=".tgz"
# Create standard tgz backup archive
echo "Exporting '${TARGET}' to a compressed ${FILE_EXT} archive..."
info "\nExporting '${TARGET}' to a compressed ${FILE_EXT} archive..."
cd "${bastille_jailsdir}" && tar -cf - "${TARGET}" | gzip ${bastille_compress_gz_options} > "${bastille_backupsdir}/${TARGET}_${DATE}${FILE_EXT}"
elif [ -n "${TXZ_EXPORT}" ]; then
FILE_EXT=".txz"
# Create standard txz backup archive
echo "Exporting '${TARGET}' to a compressed ${FILE_EXT} archive..."
info "\nExporting '${TARGET}' to a compressed ${FILE_EXT} archive..."
cd "${bastille_jailsdir}" && tar -cf - "${TARGET}" | xz ${bastille_compress_xz_options} > "${bastille_backupsdir}/${TARGET}_${DATE}${FILE_EXT}"
else
error_exit "Error: export option required"
error_exit "[ERROR]: export option required"
fi
fi
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then
error_exit "Failed to export '${TARGET}' container."
error_exit "[ERROR]: Failed to export '${TARGET}' container."
else
if [ -z "${USER_EXPORT}" ]; then
# Generate container checksum file
cd "${bastille_backupsdir}" || error_exit "Failed to change directory."
sha256 -q "${TARGET}_${DATE}${FILE_EXT}" > "${TARGET}_${DATE}.sha256"
echo "Exported '${bastille_backupsdir}/${TARGET}_${DATE}${FILE_EXT}' successfully."
info "\nExported '${bastille_backupsdir}/${TARGET}_${DATE}${FILE_EXT}' successfully."
fi
exit 0
fi
@@ -374,21 +374,23 @@ jail_export() {
# Check if backups directory/dataset exist
if [ ! -d "${bastille_backupsdir}" ]; then
error_exit "Backups directory/dataset does not exist. See 'bastille bootstrap'."
error_exit "[ERROR]: Backups directory/dataset does not exist. See 'bastille bootstrap'."
fi
if [ -n "${TARGET}" ]; then
if [ ! -d "${bastille_jailsdir}/${TARGET}" ]; then
error_exit "[${TARGET}]: Not found."
error_exit "[ERROR]: Jail not found: ${TARGET}"
fi
# Check if is a ZFS system
if ! checkyesno bastille_zfs_enable; then
# Check if container is running and ask for stop in non ZFS systems
if [ -n "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then
error_exit "${TARGET} is running. See 'bastille stop'."
error_exit "[ERROR]: ${TARGET} is running. See 'bastille stop'."
fi
fi
jail_export
fi
echo

4
usr/local/share/bastille/htop.sh
View File

@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\""
*) error_exit "[ERROR]: Unknown Option: \"${1}\""
esac
done
shift
@@ -96,7 +96,7 @@ fi
info "\n[${TARGET}]:"
if [ ! -x "${bastille_jailsdir}/${TARGET}/root/usr/local/bin/htop" ]; then
error_notify "htop not found on ${TARGET}."
error_exit "[ERROR]: htop not found on ${TARGET}."
elif [ -x "${bastille_jailsdir}/${TARGET}/root/usr/local/bin/htop" ]; then
jexec -l ${TARGET} /usr/local/bin/htop
fi

92
usr/local/share/bastille/import.sh
View File

@@ -84,7 +84,7 @@ while [ "$#" -gt 0 ]; do
M) OPT_STATIC_MAC=1 ;;
v) OPT_ZRECV="-u -v" ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -117,20 +117,20 @@ validate_archive() {
# Skip validation for unsupported archive
if [ -f "${bastille_backupsdir}/${TARGET}" ]; then
if [ -f "${bastille_backupsdir}/${FILE_TRIM}.sha256" ]; then
echo "Validating file: ${TARGET}..."
info "\nValidating file: ${TARGET}..."
SHA256_DIST=$(cat "${bastille_backupsdir}/${FILE_TRIM}.sha256")
SHA256_FILE=$(sha256 -q "${bastille_backupsdir}/${TARGET}")
if [ "${SHA256_FILE}" != "${SHA256_DIST}" ]; then
error_exit "Failed validation for ${TARGET}."
error_exit "[ERROR]: Failed validation for ${TARGET}."
else
echo "File validation successful!"
info "\nFile validation successful!"
fi
else
# Check if user opt to force import
if [ "${OPT_FORCE}" -eq 1 ]; then
warn "Warning: Skipping archive validation!"
warn "[WARNING]: Skipping archive validation!"
else
error_exit "Checksum file not found. See 'bastille import [option(s)] FILE'."
error_exit "[ERROR]: Checksum file not found. See 'bastille import [option(s)] FILE'."
fi
fi
fi
@@ -141,7 +141,7 @@ update_zfsmount() {
OLD_ZFS_MOUNTPOINT=$(zfs get -H mountpoint "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}/root" | awk '{print $3}')
NEW_ZFS_MOUNTPOINT="${bastille_jailsdir}/${TARGET_TRIM}/root"
if [ "${NEW_ZFS_MOUNTPOINT}" != "${OLD_ZFS_MOUNTPOINT}" ]; then
echo "Updating ZFS mountpoint..."
info "\nUpdating ZFS mountpoint..."
zfs set mountpoint="${bastille_jailsdir}/${TARGET_TRIM}/root" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}/root"
fi
@@ -155,11 +155,13 @@ update_zfsmount() {
}
update_jailconf() {
# Update jail.conf paths
JAIL_CONFIG="${bastille_jailsdir}/${TARGET_TRIM}/jail.conf"
if [ -f "${JAIL_CONFIG}" ]; then
if ! grep -qw "path = ${bastille_jailsdir}/${TARGET_TRIM}/root;" "${JAIL_CONFIG}"; then
echo "Updating jail.conf..."
info "\nUpdating jail.conf..."
sed -i '' "s|exec.consolelog.*=.*;|exec.consolelog = ${bastille_logsdir}/${TARGET_TRIM}_console.log;|" "${JAIL_CONFIG}"
sed -i '' "s|path.*=.*;|path = ${bastille_jailsdir}/${TARGET_TRIM}/root;|" "${JAIL_CONFIG}"
sed -i '' "s|mount.fstab.*=.*;|mount.fstab = ${bastille_jailsdir}/${TARGET_TRIM}/fstab;|" "${JAIL_CONFIG}"
@@ -173,16 +175,18 @@ update_jailconf() {
}
update_fstab_import() {
# Update fstab .bastille mountpoint on thin containers only
# Set some variables
FSTAB_CONFIG="${bastille_jailsdir}/${TARGET_TRIM}/fstab"
FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-9])|([0-9]{1,2}-stable-build-[0-9]{1,3})|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)|(current-BUILD-LATEST)' "${FSTAB_CONFIG}")
FSTAB_CURRENT=$(grep -w ".*/releases/.*/jails/${TARGET_TRIM}/root/.bastille" "${FSTAB_CONFIG}")
FSTAB_NEWCONF="${bastille_releasesdir}/${FSTAB_RELEASE} ${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille nullfs ro 0 0"
if [ -n "${FSTAB_CURRENT}" ] && [ -n "${FSTAB_NEWCONF}" ]; then
# If both variables are set, compare and update as needed
if ! grep -qw "${bastille_releasesdir}/${FSTAB_RELEASE}.*${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille" "${FSTAB_CONFIG}"; then
echo "Updating fstab..."
info "\nUpdating fstab..."
if [ -n "${RELEASE}" ]; then
FSTAB_NEWCONF="${RELEASE}"
fi
@@ -192,9 +196,10 @@ update_fstab_import() {
}
generate_config() {
# Attempt to read previous config file and set required variables accordingly
# If we can't get a valid interface, fallback to lo1 and warn user
echo "Generating jail.conf..."
info "\nGenerating jail.conf..."
DEVFS_RULESET=4
if [ "${FILE_EXT}" = ".zip" ]; then
@@ -369,7 +374,7 @@ EOF
if [ -z "${CONFIG_RELEASE}" ]; then
# Fallback to host version
CONFIG_RELEASE=$(freebsd-version | sed 's/\-[pP].*//')
warn "Warning: ${CONFIG_RELEASE} was set by default!"
warn "[WARNING]: ${CONFIG_RELEASE} was set by default!"
fi
mkdir "${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille"
echo "${bastille_releasesdir}/${CONFIG_RELEASE} ${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille nullfs ro 0 0" \
@@ -419,7 +424,7 @@ update_config() {
if [ -z "${CONFIG_RELEASE}" ]; then
# Fallback to host version
CONFIG_RELEASE=$(freebsd-version | sed 's/\-[pP].*//')
warn "Warning: ${CONFIG_RELEASE} was set by default!"
warn "[WARNING]: ${CONFIG_RELEASE} was set by default!"
fi
mkdir "${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille"
@@ -451,7 +456,7 @@ vnet_requirements() {
if [ -f "/usr/share/examples/jails/jib" ] && [ ! -f "/usr/local/bin/jib" ]; then
install -m 0544 /usr/share/examples/jails/jib /usr/local/bin/jib
else
warn "Warning: Unable to locate/install jib script required by VNET jails."
warn "[WARNING]: Unable to locate/install jib script required by VNET jails."
fi
fi
elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then
@@ -459,7 +464,7 @@ vnet_requirements() {
if [ -f "/usr/share/examples/jails/jng" ] && [ ! -f "/usr/local/bin/jng" ]; then
install -m 0544 /usr/share/examples/jails/jng /usr/local/bin/jng
else
warn "Warning: Unable to locate/install jng script required by VNET jails."
warn "[WARNING]: Unable to locate/install jng script required by VNET jails."
fi
fi
fi
@@ -477,16 +482,17 @@ config_netif() {
}
update_symlinks() {
# Work with the symlinks
SYMLINKS="bin boot lib libexec rescue sbin usr/bin usr/include usr/lib usr/lib32 usr/libdata usr/libexec usr/ports usr/sbin usr/share usr/src"
# Just warn user to bootstrap the release if missing
if [ ! -d "${bastille_releasesdir}/${CONFIG_RELEASE}" ]; then
warn "Warning: ${CONFIG_RELEASE} must be bootstrapped. See 'bastille bootstrap'."
warn "[WARNING]: ${CONFIG_RELEASE} must be bootstrapped. See 'bastille bootstrap'."
fi
# Update old symlinks
echo "Updating symlinks..."
info "\nUpdating symlinks..."
for _link in ${SYMLINKS}; do
if [ -L "${_link}" ]; then
ln -sf /.bastille/${_link} ${_link}
@@ -495,7 +501,7 @@ update_symlinks() {
ln -sfF /.bastille/${_link} ${_link} || EXIT_CODE=$?
if [ "${EXIT_CODE:-0}" != "0" ]; then
# Assume that the failure was due to the directory not being empty and explain the problem in friendlier terms
warn "Warning: directory ${_link} on imported jail was not empty and will not be updated by Bastille"
warn "[WARNING]: directory ${_link} on imported jail was not empty and will not be updated by Bastille"
fi
fi
done
@@ -503,7 +509,7 @@ update_symlinks() {
create_zfs_datasets() {
# Prepare the ZFS environment and restore from file
echo "Importing '${TARGET_TRIM}' from foreign compressed ${FILE_EXT} archive."
info "\nImporting '${TARGET_TRIM}' from foreign compressed ${FILE_EXT} archive."
echo "Preparing ZFS environment..."
# Create required ZFS datasets, mountpoint inherited from system
@@ -515,7 +521,7 @@ remove_zfs_datasets() {
# Perform cleanup on failure
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}/root"
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}"
error_exit "Failed to extract files from '${TARGET}' archive."
error_exit "[ERROR]: Failed to extract files from '${TARGET}' archive."
}
jail_import() {
@@ -528,7 +534,7 @@ jail_import() {
if [ "${FILE_EXT}" = ".xz" ]; then
validate_archive
# Import from compressed xz on ZFS systems
echo "Importing '${TARGET_TRIM}' from compressed ${FILE_EXT} image."
info "\nImporting '${TARGET_TRIM}' from compressed ${FILE_EXT} image."
echo "Receiving ZFS data stream..."
xz ${bastille_decompress_xz_options} "${bastille_backupsdir}/${TARGET}" | \
zfs receive ${OPT_ZRECV} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}"
@@ -538,7 +544,7 @@ jail_import() {
elif [ "${FILE_EXT}" = ".gz" ]; then
validate_archive
# Import from compressed xz on ZFS systems
echo "Importing '${TARGET_TRIM}' from compressed ${FILE_EXT} image."
info "\nImporting '${TARGET_TRIM}' from compressed ${FILE_EXT} image."
echo "Receiving ZFS data stream..."
gzip ${bastille_decompress_gz_options} "${bastille_backupsdir}/${TARGET}" | \
zfs receive ${OPT_ZRECV} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}"
@@ -552,7 +558,7 @@ jail_import() {
create_zfs_datasets
# Extract required files to the new datasets
echo "Extracting files from '${TARGET}' archive..."
info "\nExtracting files from '${TARGET}' archive..."
tar --exclude='root' -Jxf "${bastille_backupsdir}/${TARGET}" --strip-components 1 -C "${bastille_jailsdir}/${TARGET_TRIM}"
tar -Jxf "${bastille_backupsdir}/${TARGET}" --strip-components 2 -C "${bastille_jailsdir}/${TARGET_TRIM}/root" "${TARGET_TRIM}/root"
if [ "$?" -ne 0 ]; then
@@ -564,7 +570,7 @@ jail_import() {
create_zfs_datasets
# Extract required files to the new datasets
echo "Extracting files from '${TARGET}' archive..."
info "\nExtracting files from '${TARGET}' archive..."
tar --exclude='root' -xf "${bastille_backupsdir}/${TARGET}" --strip-components 1 -C "${bastille_jailsdir}/${TARGET_TRIM}"
tar -xf "${bastille_backupsdir}/${TARGET}" --strip-components 2 -C "${bastille_jailsdir}/${TARGET_TRIM}/root" "${TARGET_TRIM}/root"
if [ "$?" -ne 0 ]; then
@@ -573,7 +579,7 @@ jail_import() {
elif [ "${FILE_EXT}" = ".zip" ]; then
validate_archive
# Attempt to import a foreign/iocage container
echo "Importing '${TARGET_TRIM}' from foreign compressed ${FILE_EXT} archive."
info "\nImporting '${TARGET_TRIM}' from foreign compressed ${FILE_EXT} archive."
# Sane bastille ZFS options
ZFS_OPTIONS=$(echo ${bastille_zfs_options} | sed 's/-o//g')
@@ -607,7 +613,7 @@ jail_import() {
create_zfs_datasets
# Extract required files to the new datasets
echo "Extracting files from '${TARGET}' archive..."
info "\nExtracting files from '${TARGET}' archive..."
tar --exclude='ezjail/' -xf "${bastille_backupsdir}/${TARGET}" -C "${bastille_jailsdir}/${TARGET_TRIM}"
tar -xf "${bastille_backupsdir}/${TARGET}" --strip-components 1 -C "${bastille_jailsdir}/${TARGET_TRIM}/root"
if [ "$?" -ne 0 ]; then
@@ -622,7 +628,7 @@ jail_import() {
workout_components
# Extract required files to the new datasets
echo "Extracting files from '${TARGET}' archive..."
info "\nExtracting files from '${TARGET}' archive..."
tar -xf "${bastille_backupsdir}/${TARGET}" --strip-components "${CONF_TRIM}" -C "${bastille_jailsdir}/${TARGET_TRIM}" "${JAIL_CONF}"
tar -xf "${bastille_backupsdir}/${TARGET}" --strip-components "${DIRS_PLUS}" -C "${bastille_jailsdir}/${TARGET_TRIM}/root" "${JAIL_PATH}"
if [ -f "${bastille_jailsdir}/${TARGET_TRIM}/${TARGET_TRIM}" ]; then
@@ -639,7 +645,7 @@ jail_import() {
validate_archive
# Based on the file name, looks like we are importing a raw bastille image
# Import from uncompressed image file
echo "Importing '${TARGET_TRIM}' from uncompressed image archive."
info "\nImporting '${TARGET_TRIM}' from uncompressed image archive."
echo "Receiving ZFS data stream..."
zfs receive ${OPT_ZRECV} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}" < "${bastille_backupsdir}/${TARGET}"
@@ -656,27 +662,27 @@ jail_import() {
fi
fi
else
error_exit "Unknown archive format."
error_exit "[ERROR]: Unknown archive format."
fi
fi
else
# Import from standard supported archives on UFS systems
if [ "${FILE_EXT}" = ".txz" ]; then
echo "Extracting files from '${TARGET}' archive..."
info "\nExtracting files from '${TARGET}' archive..."
tar -Jxf "${bastille_backupsdir}/${TARGET}" -C "${bastille_jailsdir}"
elif [ "${FILE_EXT}" = ".tgz" ]; then
echo "Extracting files from '${TARGET}' archive..."
info "\nExtracting files from '${TARGET}' archive..."
tar -xf "${bastille_backupsdir}/${TARGET}" -C "${bastille_jailsdir}"
elif [ "${FILE_EXT}" = ".tar.gz" ]; then
# Attempt to import/configure foreign/ezjail container
echo "Extracting files from '${TARGET}' archive..."
info "\nExtracting files from '${TARGET}' archive..."
mkdir "${bastille_jailsdir}/${TARGET_TRIM}"
tar -xf "${bastille_backupsdir}/${TARGET}" -C "${bastille_jailsdir}/${TARGET_TRIM}"
mv "${bastille_jailsdir}/${TARGET_TRIM}/ezjail" "${bastille_jailsdir}/${TARGET_TRIM}/root"
generate_config
elif [ "${FILE_EXT}" = ".tar" ]; then
# Attempt to import/configure foreign/qjail container
echo "Extracting files from '${TARGET}' archive..."
info "\nExtracting files from '${TARGET}' archive..."
mkdir -p "${bastille_jailsdir}/${TARGET_TRIM}/root"
workout_components
tar -xf "${bastille_backupsdir}/${TARGET}" --strip-components "${CONF_TRIM}" -C "${bastille_jailsdir}/${TARGET_TRIM}" "${JAIL_CONF}"
@@ -686,24 +692,24 @@ jail_import() {
fi
update_config
else
error_exit "Unsupported archive format."
error_exit "[ERROR]: Unsupported archive format."
fi
fi
if [ "$?" -ne 0 ]; then
error_exit "Failed to import from '${TARGET}' archive."
error_exit "[ERROR]: Failed to import from '${TARGET}' archive."
else
# Update the jail.conf and fstab if required
# This is required on foreign imports only
update_jailconf
update_fstab_import
if [ -z "${USER_IMPORT}" ]; then
echo "Container '${TARGET_TRIM}' imported successfully."
info "\nJail: '${TARGET_TRIM}' imported successfully."
fi
exit 0
fi
else
error_exit "Jails directory/dataset does not exist. See 'bastille bootstrap'."
error_exit "[ERROR]: Jails directory/dataset does not exist. See 'bastille bootstrap'."
fi
}
@@ -716,7 +722,7 @@ fi
# Check if backups directory/dataset exist
if [ ! -d "${bastille_backupsdir}" ]; then
error_exit "Backups directory/dataset does not exist. See 'bastille bootstrap'."
error_exit "[ERROR]: Backups directory/dataset does not exist. See 'bastille bootstrap'."
fi
# Check if archive exist then trim archive name
@@ -727,11 +733,11 @@ if [ -f "${bastille_backupsdir}/${TARGET}" ]; then
TARGET_TRIM=$(echo "${TARGET}" | sed "s/_[0-9]*-[0-9]*-[0-9]*-[0-9]*.xz//;s/_[0-9]*-[0-9]*-[0-9]*-[0-9]*.gz//;s/_[0-9]*-[0-9]*-[0-9]*-[0-9]*.tgz//;s/_[0-9]*-[0-9]*-[0-9]*-[0-9]*.txz//;s/_[0-9]*-[0-9]*-[0-9]*.zip//;s/-[0-9]\{12\}.[0-9]\{2\}.tar.gz//;s/@[0-9]\{12\}.[0-9]\{2\}.tar//;s/_[0-9]*-[0-9]*-[0-9]*-[0-9]*//")
fi
else
error_exit "Unrecognized archive name."
error_exit "[ERROR]: Unrecognized archive name."
fi
else
if echo "${TARGET}" | grep -q '_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}-[0-9]\{6\}.*$'; then
error_exit "Archive '${TARGET}' not found."
error_exit "[ERROR]: Archive '${TARGET}' not found."
else
# Assume user will import from standard input
TARGET_TRIM=${TARGET}
@@ -740,13 +746,7 @@ else
fi
# Check if a running jail matches name or already exist
if [ -n "$(/usr/sbin/jls name | awk "/^${TARGET_TRIM}$/")" ]; then
error_exit "A running jail matches name."
elif [ -n "${TARGET_TRIM}" ]; then
if [ -d "${bastille_jailsdir}/${TARGET_TRIM}" ]; then
error_exit "Container: ${TARGET_TRIM} already exists."
fi
fi
check_target_exists || error_exit "[ERROR]: Jail: ${TARGET_TRIM} already exists."
if [ -n "${TARGET}" ]; then
info "\nAttempting to import jail: ${TARGET}..."

6
usr/local/share/bastille/jcp.sh
View File

@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in
q) OPTION="-a" ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -101,8 +101,10 @@ for _jail in ${DEST_TARGET}; do
dest_path="$(echo ${bastille_jailsdir}/${_jail}/root/${DEST_PATH} | sed 's#//#/#g')"
if ! cp "${OPTION}" "${source_path}" "${dest_path}"; then
error_continue "JCP failed: ${source_path} -> ${dest_path}"
error_continue "[ERROR]: JCP failed: ${source_path} -> ${dest_path}"
fi
fi
done
echo

6
usr/local/share/bastille/limits.sh
View File

@@ -67,7 +67,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -95,7 +95,7 @@ fi
RACCT_ENABLE="$(sysctl -n kern.racct.enable)"
if [ "${RACCT_ENABLE}" != '1' ]; then
error_exit "Racct not enabled. Append 'kern.racct.enable=1' to /boot/loader.conf and reboot"
error_exit "[ERROR]: Racct not enabled. Append 'kern.racct.enable=1' to /boot/loader.conf and reboot"
fi
bastille_root_check
@@ -185,7 +185,7 @@ for _jail in ${JAILS}; do
rm -f "${bastille_jailsdir}/${_jail}/rctl.conf"
echo "rctl.conf removed."
else
error_continue "rctl.conf not found."
error_continue "[ERROR]: rctl.conf not found."
fi
;;
esac

2
usr/local/share/bastille/list.sh
View File

@@ -512,7 +512,7 @@ while [ "$#" -gt 0 ]; do
a) ;;
j) OPT_JSON=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\""
*) error_exit "[ERROR]: Unknown Option: \"${1}\""
esac
done
shift

6
usr/local/share/bastille/mount.sh
View File

@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\""
*) error_exit "[ERROR]: Unknown Option: \"${1}\""
esac
done
shift
@@ -106,7 +106,6 @@ if [ -z "${_hostpath}" ] || [ -z "${_jailpath}" ] || [ -z "${_type}" ] || [ -z "
error_notify "FSTAB format not recognized."
warn "Format: /host/path /jail/path nullfs ro 0 0"
warn "Read: ${_fstab}"
usage
fi
# Exit if host path doesn't exist, type is not "nullfs", or mount is an advanced mount type "tmpfs,linprocfs,linsysfs,fdescfs,procfs"
@@ -122,7 +121,6 @@ elif [ ! -e "${_hostpath}" ] || [ "${_type}" != "nullfs" ]; then
error_notify "Invalid host path or incorrect mount type in FSTAB."
warn "Format: /host/path /jail/path nullfs ro 0 0"
warn "Read: ${_fstab}"
usage
fi
# Mount permissions,options must include one of "ro, rw, rq, sw, xx"
@@ -130,7 +128,6 @@ if ! echo "${_perms}" | grep -Eq '(ro|rw|rq|sw|xx)(,.*)?$'; then
error_notify "Detected invalid mount permissions in FSTAB."
warn "Format: /host/path /jail/path nullfs ro 0 0"
warn "Read: ${_fstab}"
usage
fi
# Dump and pass need to be "0 0 - 1 1"
@@ -138,7 +135,6 @@ if [ "${_checks}" != "0 0" ] && [ "${_checks}" != "1 0" ] && [ "${_checks}" != "
error_notify "Detected invalid fstab options in FSTAB."
warn "Format: /host/path /jail/path nullfs ro 0 0"
warn "Read: ${_fstab}"
usage
fi
for _jail in ${JAILS}; do

73
usr/local/share/bastille/network.sh
View File

@@ -118,7 +118,7 @@ while [ "$#" -gt 0 ]; do
P) PASSTHROUGH=1 ;;
V) VNET=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -135,7 +135,7 @@ INTERFACE="${3}"
if [ "${ACTION}" = "add" ] && [ "${NO_IP}" -eq 0 ] && [ -n "${4}" ]; then
IP="${4}"
elif [ "${NO_IP}" -eq 1 ] && [ -n "${4}" ]; then
error_notify "IP should not be present when using -n|--no-ip."
error_exit "[ERROR]: IP should not be present when using -n|--no-ip."
else
IP=""
fi
@@ -147,15 +147,15 @@ if [ "${ACTION}" = "add" ]; then
{ [ "${BRIDGE}" -eq 1 ] && [ "${CLASSIC}" -eq 1 ]; } || \
{ [ "${BRIDGE}" -eq 1 ] && [ "${PASSTHROUGH}" -eq 1 ]; } || \
{ [ "${CLASSIC}" -eq 1 ] && [ "${PASSTHROUGH}" -eq 1 ]; } then
error_notify "Error: Only one of [-B|--bridge], [-C|--classic], [-P|--passthrough] or [-V|--vnet] should be set."
error_exit "[ERROR]: Only one of [-B|--bridge], [-C|--classic], [-P|--passthrough] or [-V|--vnet] should be set."
elif [ "${VNET}" -eq 0 ] && [ "${BRIDGE}" -eq 0 ] && [ "${CLASSIC}" -eq 0 ] && [ "${PASSTHROUGH}" -eq 0 ]; then
error_notify "Error: [-B|--bridge], [-C|--classic], [-P|--passthrough] or [-V|--vnet] must be set."
error_exit "[ERROR]: [-B|--bridge], [-C|--classic], [-P|--passthrough] or [-V|--vnet] must be set."
elif [ "${VNET}" -eq 0 ] && [ "${BRIDGE}" -eq 0 ] && [ "${PASSTHROUGH}" -eq 0 ] && [ -n "${VLAN_ID}" ]; then
error_notify "VLANs can only be used with VNET interfaces."
error_exit "[ERROR]: VLANs can only be used with VNET interfaces."
elif [ "${VNET}" -eq 0 ] && [ "${BRIDGE}" -eq 0 ] && [ "${NO_IP}" -eq 1 ]; then
error_notify "[-n|--no-ip] can only be used with VNET jails."
error_exit "[ERROR]: [-n|--no-ip] can only be used with VNET jails."
elif [ "${bastille_network_vnet_type}" = "netgraph" ] && [ "${BRIDGE}" -eq 1 ]; then
error_notify "[-B|--bridge] cannot be used with Netgraph."
error_exit "[ERROR]: [-B|--bridge] cannot be used with Netgraph."
fi
fi
@@ -166,6 +166,7 @@ fi
bastille_root_check
set_target_single "${TARGET}"
# Validate jail state
check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
bastille stop "${TARGET}"
else
@@ -175,14 +176,16 @@ else
fi
validate_ip() {
IP6_ENABLE=0
local ip="${1}"
local ip6="$( echo "${ip}" 2>/dev/null | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$)|SLAAC)' )"
if [ -n "${ip6}" ]; then
info "Valid: (${ip6})."
info "\nValid: (${ip6})."
IP6_ENABLE=1
elif [ "${ip}" = "0.0.0.0" ] || [ "${ip}" = "DHCP" ]; then
info "Valid: (${ip})."
info "\nValid: (${ip})."
else
local IFS
if echo "${ip}" 2>/dev/null | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then
@@ -194,7 +197,7 @@ validate_ip() {
error_exit "Invalid: (${TEST_IP})"
fi
done
info "Valid: (${ip})."
info "\nValid: (${ip})."
else
error_exit "Invalid: (${ip})."
fi
@@ -202,18 +205,22 @@ validate_ip() {
}
validate_netif() {
local _interface="${1}"
if ifconfig -l | grep -qwo ${_interface}; then
info "Valid: (${_interface})."
info "\nValid: (${_interface})."
else
error_exit "Invalid: (${_interface})."
fi
}
check_interface_added() {
local _jailname="${1}"
local _if="${2}"
local _jail_config="${bastille_jailsdir}/${_jailname}/jail.conf"
if grep -qo "${_if}" "${_jail_config}"; then
return 0
else
@@ -222,6 +229,7 @@ check_interface_added() {
}
add_interface() {
local _jailname="${1}"
local _if="${2}"
local _ip="${3}"
@@ -232,6 +240,7 @@ add_interface() {
local _vnet_if_count="$(grep -Eo 'vnet[1-9]+' ${_jail_rc_config} | sort -u | wc -l | awk '{print $1}')"
local _if_vnet="vnet$((_vnet_if_count + 1))"
local _bastille_if_num_range=$((_bastille_if_count + 1))
if [ "${BRIDGE}" -eq 1 ]; then
if [ "${_bastille_if_count}" -gt 0 ]; then
for _num in $(seq 0 "${_bastille_if_num_range}"); do
@@ -426,9 +435,11 @@ EOF
}
remove_interface() {
local _jailname="${1}"
local _if="${2}"
local _jail_config="${bastille_jailsdir}/${_jailname}/jail.conf"
# Skip next block in case of classic jail
if [ "$(bastille config ${TARGET} get vnet)" != "not set" ]; then
local _jail_rc_config="${bastille_jailsdir}/${_jailname}/root/etc/rc.conf"
@@ -452,31 +463,31 @@ remove_interface() {
local _if_jail="${_if}"
_if_type="passthrough"
else
error_exit "Could not find interface inside jail: \"${_if_jail}\""
error_exit "[ERROR]: Could not find interface inside jail: \"${_if_jail}\""
fi
if [ "${_if_type}" = "bastille" ] || [ "${_if_type}" = "epair" ]; then
if grep -oq "${_if_jail}" ${_jail_config}; then
local _if_vnet="$(grep ${_if_jail} ${_jail_rc_config} | grep -Eo 'vnet[0-9]+')"
else
error_exit "Interface not found: ${_if_jail}"
error_exit "[ERROR]: Interface not found: ${_if_jail}"
fi
elif [ "${_if_type}" = "passthrough" ]; then
if grep -oq "${_if_jail}" ${_jail_config}; then
local _if_vnet="${_if_jail}"
else
error_exit "Interface not found: ${_if_jail}"
error_exit "[ERROR]: Interface not found: ${_if_jail}"
fi
fi
# Do not allow removing default vnet0 interface
if [ "${_if_vnet}" = "vnet0" ]; then
error_exit "Default interface cannot be removed."
error_exit "[ERROR]: Default interface cannot be removed."
fi
# Avoid removing entire file contents if variables aren't set for some reason
if [ -z "${_if_jail}" ]; then
error_exit "Error: Could not find specifed interface."
error_exit "[ERROR]: Could not find specifed interface."
fi
# Remove interface from /etc/rc.conf
@@ -484,13 +495,13 @@ remove_interface() {
if [ -n "${_if_vnet}" ] && echo ${_if_vnet} 2>/dev/null | grep -Eoq 'vnet[0-9]+'; then
sed -i '' "/.*${_if_vnet}.*/d" "${_jail_rc_config}"
else
error_exit "Failed to remove interface from /etc/rc.conf"
error_exit "[ERROR]: Failed to remove interface from /etc/rc.conf"
fi
elif [ "${_if_type}" = "passthrough" ]; then
if [ -n "${_if_vnet}" ]; then
sed -i '' "/.*${_if_vnet}.*/d" "${_jail_rc_config}"
else
error_exit "Failed to remove interface from /etc/rc.conf"
error_exit "[ERROR]: Failed to remove interface from /etc/rc.conf"
fi
fi
@@ -507,18 +518,18 @@ remove_interface() {
sed -i '' "/.*${_if_jail}.*/d" "${_jail_config}"
fi
else
error_exit "Failed to remove interface from jail.conf"
error_exit "[ERROR]: Failed to remove interface from jail.conf"
fi
else
# Remove interface from jail.conf (non-VNET)
if [ -n "${_if}" ]; then
if grep ${_if} ${_jail_config} 2>/dev/null | grep -qo " = "; then
error_exit "Default interface cannot be removed."
error_exit "[ERROR]: Default interface cannot be removed."
else
sed -i '' "/.*${_if}.*/d" "${_jail_config}"
fi
else
error_exit "Failed to remove interface from jail.conf"
error_exit "[ERROR]: Failed to remove interface from jail.conf"
fi
fi
@@ -526,12 +537,14 @@ remove_interface() {
}
add_vlan() {
local _jailname="${1}"
local _interface="${2}"
local _ip="${3}"
local _vlan_id="${4}"
local _jail_config="${bastille_jailsdir}/${_jailname}/jail.conf"
local _jail_rc_config="${bastille_jailsdir}/${_jailname}/root/etc/rc.conf"
if [ "${VNET}" -eq 1 ]; then
local _jail_epair_num="$(grep ${_interface} ${_jail_config} | grep -Eo -m 1 "bastille[0-9]+" | grep -Eo "[0-9]+")"
local _jail_vnet="$(grep "e0b_bastille${_jail_epair_num}_name" ${_jail_rc_config} | grep -Eo "vnet[0-9]+")"
@@ -542,7 +555,7 @@ add_vlan() {
local _jail_vnet="${_interface}"
fi
if grep -Eq "ifconfig_${_jail_vnet}_${_vlan_id}" "${bastille_jailsdir}/${_jailname}/root/etc/rc.conf"; then
error_exit "VLAN has already been added: VLAN ${_vlan_id}"
error_exit "[ERROR]: VLAN has already been added: VLAN ${_vlan_id}"
else
bastille start "${_jailname}"
bastille template "${_jailname}" ${bastille_template_vlan} --arg VLANID="${_vlan_id}" --arg IFCONFIG="inet ${_ip}" --arg JAIL_VNET="${_jail_vnet}"
@@ -571,9 +584,9 @@ case "${ACTION}" in
fi
if [ "${VNET}" -eq 1 ]; then
if [ "$(bastille config ${TARGET} get vnet)" = "not set" ]; then
error_exit "Error: ${TARGET} is not a VNET jail."
error_exit "[ERROR]: ${TARGET} is not a VNET jail."
elif ifconfig -g bridge | grep -owq "${INTERFACE}"; then
error_exit "\"${INTERFACE}\" is a bridge interface."
error_exit "[ERROR]: '${INTERFACE}' is a bridge interface."
else
add_interface "${TARGET}" "${INTERFACE}" "${IP}"
if [ -n "${VLAN_ID}" ]; then
@@ -585,9 +598,9 @@ case "${ACTION}" in
fi
elif [ "${BRIDGE}" -eq 1 ]; then
if [ "$(bastille config ${TARGET} get vnet)" = "not set" ]; then
error_exit "Error: ${TARGET} is not a VNET jail."
error_exit "[ERROR]: ${TARGET} is not a VNET jail."
elif ! ifconfig -g bridge | grep -owq "${INTERFACE}"; then
error_exit "\"${INTERFACE}\" is not a bridge interface."
error_exit "[ERROR]: '${INTERFACE}' is not a bridge interface."
else
add_interface "${TARGET}" "${INTERFACE}" "${IP}"
if [ -n "${VLAN_ID}" ]; then
@@ -599,7 +612,7 @@ case "${ACTION}" in
fi
elif [ "${PASSTHROUGH}" -eq 1 ]; then
if [ "$(bastille config ${TARGET} get vnet)" = "not set" ]; then
error_exit "Error: ${TARGET} is not a VNET jail."
error_exit "[ERROR]: ${TARGET} is not a VNET jail."
else
add_interface "${TARGET}" "${INTERFACE}" "${IP}"
fi
@@ -611,7 +624,7 @@ case "${ACTION}" in
fi
elif [ "${CLASSIC}" -eq 1 ]; then
if [ "$(bastille config ${TARGET} get vnet)" != "not set" ]; then
error_exit "Error: ${TARGET} is a VNET jail."
error_exit "[ERROR]: ${TARGET} is a VNET jail."
else
add_interface "${TARGET}" "${INTERFACE}" "${IP}"
if [ "${AUTO}" -eq 1 ]; then
@@ -624,7 +637,7 @@ case "${ACTION}" in
check_interface_added "${TARGET}" "${INTERFACE}" || error_exit "Interface not found in jail.conf: \"${INTERFACE}\""
validate_netif "${INTERFACE}"
if ! grep -q "${INTERFACE}" ${bastille_jailsdir}/${TARGET}/jail.conf; then
error_exit "Interface not found in jail.conf: \"${INTERFACE}\""
error_exit "[ERROR]: Interface not found in jail.conf: \"${INTERFACE}\""
else
remove_interface "${TARGET}" "${INTERFACE}"
if [ "${AUTO}" -eq 1 ]; then
@@ -633,6 +646,6 @@ case "${ACTION}" in
fi
;;
*)
error_exit "Only [add|remove] are supported."
error_exit "[ERROR]: Only [add|remove] are supported."
;;
esac

10
usr/local/share/bastille/pkg.sh
View File

@@ -72,7 +72,7 @@ while [ "$#" -gt 0 ]; do
a) AUTO=1 ;;
H) USE_HOST_PKG=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -97,13 +97,13 @@ errors=0
for _jail in ${JAILS}; do
# Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}"
else
info "\n[${_jail}]:"
error_notify "Jail is not running."
error_continue_next_jail "Use [-a|--auto] to auto-start the jail."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"
@@ -131,5 +131,7 @@ for _jail in ${JAILS}; do
done
if [ $errors -ne 0 ]; then
error_exit "Failed to apply on some jails, please check logs"
error_exit "[ERROR]: Failed to apply on some jails, please check logs"
else
echo
fi

6
usr/local/share/bastille/rcp.sh
View File

@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in
q) OPTION="-a" ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -93,5 +93,7 @@ host_path="${HOST_PATH}"
jail_path="$(echo ${bastille_jailsdir}/${TARGET}/root/${JAIL_PATH} | sed 's#//#/#g')"
if ! cp "${OPTION}" "${jail_path}" "${host_path}"; then
error_exit "RCP failed: ${jail_path} -> ${host_path}"
error_exit "[ERROR]: RCP failed: ${jail_path} -> ${host_path}"
else
echo
fi

34
usr/local/share/bastille/rdr.sh
View File

@@ -74,12 +74,12 @@ check_jail_validity() {
fi
fi
else
error_exit "VNET jails do not support rdr."
error_exit "[ERROR]: VNET jails do not support rdr."
fi
# Check if rdr-anchor is defined in pf.conf
if ! (pfctl -sn | grep rdr-anchor | grep 'rdr/\*' >/dev/null); then
error_exit "rdr-anchor not found in pf.conf"
error_exit "[ERROR]: rdr-anchor not found in pf.conf"
fi
}
@@ -89,7 +89,7 @@ check_rdr_ip_validity() {
local ip6="$( echo "${ip}" | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$)|SLAAC)' )"
if [ -n "${ip6}" ]; then
info "Valid: (${ip6})."
info "\nValid: (${ip6})."
else
local IFS
if echo "${ip}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then
@@ -101,7 +101,7 @@ check_rdr_ip_validity() {
error_exit "Invalid: (${TEST_IP})"
fi
done
info "Valid: (${ip})."
info "\nValid: (${ip})."
else
error_exit "Invalid: (${ip})."
fi
@@ -118,7 +118,7 @@ validate_rdr_rule() {
local jail_port="${6}"
if grep -qs "$if $src $dst $proto $host_port $jail_port" "${bastille_jailsdir}/${TARGET}/rdr.conf"; then
error_notify "Error: Ports already in use on this interface."
error_notify "[ERROR]: Ports already in use on this interface."
error_exit "See 'bastille list ports' or 'bastille rdr TARGET reset'."
fi
}
@@ -172,7 +172,7 @@ load_rdr_rule() {
if ! ( pfctl -a "rdr/${TARGET}" -Psn 2>/dev/null;
printf '%s\nrdr pass on $%s inet proto %s from %s to %s port %s -> %s port %s\n' "$if" "${bastille_network_pf_ext_if}" "$proto" "$src" "$dst" "$host_port" "$JAIL_IP" "$jail_port" ) \
| pfctl -a "rdr/${TARGET}" -f-; then
error_exit "Failed to create IPv4 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\""
error_exit "[ERROR]: Failed to create IPv4 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\""
else
echo "IPv4 ${proto}/${host_port}:${jail_port} on ${if_name}"
fi
@@ -183,7 +183,7 @@ load_rdr_rule() {
if ! ( pfctl -a "rdr/${TARGET}" -Psn;
printf '%s\nrdr pass on $%s inet6 proto %s from %s to %s port %s -> %s port %s\n' "$if" "${bastille_network_pf_ext_if}" "$proto" "$src" "$dst" "$host_port" "$JAIL_IP6" "$jail_port" ) \
| pfctl -a "rdr/${TARGET}" -f-; then
error_exit "Failed to create IPv6 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\""
error_exit "[ERROR]: Failed to create IPv6 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\""
else
echo "IPv6 ${proto}/${host_port}:${jail_port} on ${if_name}"
fi
@@ -209,7 +209,7 @@ load_rdr_log_rule() {
if ! ( pfctl -a "rdr/${TARGET}" -Psn;
printf '%s\nrdr pass %s on $%s inet proto %s from %s to %s port %s -> %s port %s\n' "$if" "$log" "${bastille_network_pf_ext_if}" "$proto" "$src" "$dst" "$host_port" "$JAIL_IP" "$jail_port" ) \
| pfctl -a "rdr/${TARGET}" -f-; then
error_exit "Failed to create logged IPv4 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\""
error_exit "[ERROR]: Failed to create logged IPv4 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\""
else
echo "IPv4 ${proto}/${host_port}:${jail_port} on ${if_name}"
fi
@@ -221,7 +221,7 @@ load_rdr_log_rule() {
if ! ( pfctl -a "rdr/${TARGET}" -Psn;
printf '%s\nrdr pass %s on $%s inet6 proto %s from %s to %s port %s -> %s port %s\n' "$if" "$log" "${bastille_network_pf_ext_if}" "$proto" "$src" "$dst" "$host_port" "$JAIL_IP6" "$jail_port" ) \
| pfctl -a "rdr/${TARGET}" -f-; then
error_exit "Failed to create logged IPv6 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\""
error_exit "[ERROR]: Failed to create logged IPv6 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\""
else
echo "IPv6 ${proto}/${host_port}:${jail_port} on ${if_name}"
fi
@@ -248,7 +248,7 @@ while [ "$#" -gt 0 ]; do
RDR_DST="${2}"
shift 2
else
error_exit "${2} is not an IP on this system."
error_exit "[ERROR]: '${2}' is not an IP on this system."
fi
;;
-i|--interface)
@@ -257,7 +257,7 @@ while [ "$#" -gt 0 ]; do
RDR_IF="${2}"
shift 2
else
error_exit "${2} is not a valid interface."
error_exit "[ERROR]: '${2}' is not a valid interface."
fi
;;
-s|--source)
@@ -268,7 +268,7 @@ while [ "$#" -gt 0 ]; do
;;
-t|--type)
if [ "${2}" != "ipv4" ] && [ "${2}" != "ipv6" ]; then
error_exit "[-t|--type] must be [ipv4|ipv6]"
error_exit "[ERROR]: [-t|--type] must be [ipv4|ipv6]"
else
OPTION_INET_TYPE=1
RDR_INET="${2}"
@@ -280,7 +280,7 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
error_exit "Unknown option: \"${1}\""
error_exit "[ERROR]: Unknown option: \"${1}\""
;;
*)
break
@@ -304,7 +304,7 @@ while [ "$#" -gt 0 ]; do
case "${1}" in
list)
if [ "${OPTION_IF}" -eq 1 ] || [ "${OPTION_SRC}" -eq 1 ] || [ "${OPTION_DST}" -eq 1 ] || [ "${OPTION_INET_TYPE}" -eq 1 ];then
error_exit "Command \"${1}\" cannot be used with options."
error_exit "[ERROR]: Command \"${1}\" cannot be used with options."
elif [ -n "${2}" ]; then
usage
else
@@ -315,7 +315,7 @@ while [ "$#" -gt 0 ]; do
;;
clear)
if [ "${OPTION_IF}" -eq 1 ] || [ "${OPTION_SRC}" -eq 1 ] || [ "${OPTION_DST}" -eq 1 ] || [ "${OPTION_INET_TYPE}" -eq 1 ];then
error_exit "Command \"${1}\" cannot be used with options."
error_exit "[ERROR]: Command \"${1}\" cannot be used with options."
elif [ -n "${2}" ]; then
usage
else
@@ -326,7 +326,7 @@ while [ "$#" -gt 0 ]; do
;;
reset)
if [ "${OPTION_IF}" -eq 1 ] || [ "${OPTION_SRC}" -eq 1 ] || [ "${OPTION_DST}" -eq 1 ] || [ "${OPTION_INET_TYPE}" -eq 1 ];then
error_exit "Command \"${1}\" cannot be used with options."
error_exit "[ERROR]: Command \"${1}\" cannot be used with options."
elif [ -n "${2}" ]; then
usage
else
@@ -342,7 +342,7 @@ while [ "$#" -gt 0 ]; do
if [ "$#" -lt 3 ]; then
usage
elif [ "${OPTION_SRC}" -eq 1 ] || [ "${OPTION_DST}" -eq 1 ] && [ "${OPTION_INET_TYPE}" -ne 1 ];then
error_exit "[-t|--type] must be set when using [-s|--source] or [-d|--destination]"
error_exit "[ERROR]: [-t|--type] must be set when using [-s|--source] or [-d|--destination]"
elif [ "$#" -eq 3 ]; then
check_jail_validity
validate_rdr_rule $RDR_IF $RDR_SRC $RDR_DST $1 $2 $3

21
usr/local/share/bastille/rename.sh
View File

@@ -79,6 +79,7 @@ NEWNAME="${2}"
bastille_root_check
set_target_single "${TARGET}"
# Validate jail state
check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
bastille stop "${TARGET}"
else
@@ -93,9 +94,9 @@ validate_name() {
local NAME_SANITY="$(echo "${NAME_VERIFY}" | tr -c -d 'a-zA-Z0-9-_')"
if [ -n "$(echo "${NAME_SANITY}" | awk "/^[-_].*$/" )" ]; then
error_exit "Container names may not begin with (-|_) characters!"
error_exit "[ERROR]: Jail names may not begin with (-|_) characters!"
elif [ "${NAME_VERIFY}" != "${NAME_SANITY}" ]; then
error_exit "Container names may not contain special characters!"
error_exit "[ERROR]: Jail names may not contain special characters!"
fi
}
@@ -134,6 +135,7 @@ update_jailconf_vnet() {
for _if in ${_if_list}; do
if echo ${_if} | grep -Eoq 'epair[0-9]+'; then
# Check if epair name = jail name
local _epair_num="$(grep -Eo -m 1 "epair[0-9]+" "${_jail_conf}" | grep -Eo "[0-9]+")"
if grep -E "epair[0-9]+a" "${_jail_conf}" | grep -Eo "e[0-9]+a_${TARGET}"; then
@@ -143,6 +145,7 @@ update_jailconf_vnet() {
local _target_host_epair="$(grep -Eo -m 1 "epair[0-9]+a" "${_jail_conf}")"
local _target_jail_epair="$(grep -Eo -m 1 "epair[0-9]+b" "${_jail_conf}")"
fi
if [ "$(echo -n "e${_epair_num}a_${NEWNAME}" | awk '{print length}')" -lt 16 ]; then
# Generate new epair name
local _new_host_epair="e${_epair_num}a_${NEWNAME}"
@@ -151,18 +154,22 @@ update_jailconf_vnet() {
local _new_host_epair="epair${_epair_num}a"
local _new_jail_epair="epair${_epair_num}b"
fi
# Replace host epair name in jail.conf
sed -i '' "s|up name ${_target_host_epair}|up name ${_new_host_epair}|g" "${_jail_conf}"
sed -i '' "s|${_target_host_epair} ether|${_new_host_epair} ether|g" "${_jail_conf}"
sed -i '' "s|deletem ${_target_host_epair}|deletem ${_new_host_epair}|g" "${_jail_conf}"
sed -i '' "s|${_target_host_epair} destroy|${_new_host_epair} destroy|g" "${_jail_conf}"
sed -i '' "s|${_target_host_epair} description|${_new_host_epair} description|g" "${_jail_conf}"
# Replace jail epair name in jail.conf
sed -i '' "s|= ${_target_jail_epair};|= ${_new_jail_epair};|g" "${_jail_conf}"
sed -i '' "s|up name ${_target_jail_epair}|up name ${_new_jail_epair}|g" "${_jail_conf}"
sed -i '' "s|${_target_jail_epair} ether|${_new_jail_epair} ether|g" "${_jail_conf}"
# Replace epair description
sed -i '' "s|vnet host interface for Bastille jail ${TARGET}|vnet host interface for Bastille jail ${NEWNAME}|g" "${_jail_conf}"
# Replace epair name in /etc/rc.conf
sed -i '' "/ifconfig/ s|${_target_jail_epair}|${_new_jail_epair}|g" "${_rc_conf}"
fi
@@ -195,10 +202,10 @@ change_name() {
ZFS_DATASET_TARGET=$(echo "${ZFS_DATASET_ORIGIN}" | sed "s|\/${TARGET}||")
if [ -n "${ZFS_DATASET_ORIGIN}" ] && [ -n "${ZFS_DATASET_TARGET}" ]; then
if ! zfs rename -f "${ZFS_DATASET_ORIGIN}" "${ZFS_DATASET_TARGET}/${NEWNAME}"; then
error_exit "Can't rename '${TARGET}' dataset."
error_exit "[ERROR]: Can't rename '${TARGET}' dataset."
fi
else
error_exit "Can't determine the ZFS origin path of '${TARGET}'."
error_exit "[ERROR]: Can't determine the ZFS origin path of '${TARGET}'."
fi
else
# Just rename the jail directory
@@ -212,7 +219,7 @@ change_name() {
# Check exit status and notify
if [ "$?" -ne 0 ]; then
error_exit "An error has occurred while attempting to rename '${TARGET}'."
error_exit "[ERROR]: An error has occurred while attempting to rename '${TARGET}'."
else
echo "Renamed '${TARGET}' to '${NEWNAME}' successfully."
if [ "${AUTO}" -eq 1 ]; then
@@ -228,9 +235,11 @@ fi
# Check if a jail already exists with NEW_NAME
if [ -d "${bastille_jailsdir}/${NEWNAME}" ]; then
error_exit "Jail: ${NEWNAME} already exists."
error_exit "[ERROR]: Jail: ${NEWNAME} already exists."
fi
info "\nAttempting to rename '${TARGET}' to ${NEWNAME}..."
change_name
info "\nRenamed '${TARGET}' to '${NEWNAME}' successfully.\n"

2
usr/local/share/bastille/restart.sh
View File

@@ -89,7 +89,7 @@ while [ "$#" -gt 0 ]; do
_stop_options="${_stop_options} -x"
;;
*)
error_exit "Unknown Option: \"${1}\""
error_exit "[ERROR]: Unknown Option: \"${1}\""
;;
esac
done

5
usr/local/share/bastille/service.sh
View File

@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -88,12 +88,13 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do
# Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
else
info "\n[${_jail}]:"
error_notify "Jail is not running."
error_continue_next_jail "Use [-a|--auto] to auto-start the jail."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"

9
usr/local/share/bastille/setup.sh
View File

@@ -250,7 +250,7 @@ case "$1" in
configure_pf
;;
-n|netgraph)
warn "[WARNING] Bastille only allows using either 'if_bridge' or 'netgraph'"
warn "[WARNING]: Bastille only allows using either 'if_bridge' or 'netgraph'"
warn "as VNET network options. You CANNOT use both on the same system. If you have"
warn "already started using bastille with 'if_bridge' do not continue."
# shellcheck disable=SC3045
@@ -270,7 +270,7 @@ case "$1" in
;;
-l|loopback)
warn "[WARNING] Bastille only allows using either the 'loopback' or 'shared'"
warn "[WARNING]: Bastille only allows using either the 'loopback' or 'shared'"
warn "interface to be configured ant one time. If you continue, the 'shared'"
warn "interface will be disabled, and the 'loopback' interface will be used as default."
# shellcheck disable=SC3045
@@ -288,7 +288,7 @@ case "$1" in
esac
;;
-s|shared)
warn "[WARNING] Bastille only allows using either the 'loopback' or 'shared'"
warn "[WARNING]: Bastille only allows using either the 'loopback' or 'shared'"
warn "interface to be configured at one time. If you continue, the 'loopback'"
warn "interface will be disabled, and the shared interface will be used as default."
# shellcheck disable=SC3045
@@ -315,4 +315,7 @@ case "$1" in
configure_vnet
configure_bridge
;;
*)
error_exit "[ERROR]: Unknown option: \"${1}\""
;;
esac

10
usr/local/share/bastille/start.sh
View File

@@ -82,7 +82,7 @@ while [ "$#" -gt 0 ]; do
b) BOOT=1 ;;
v) OPTION="-v" ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -134,14 +134,14 @@ for _jail in ${JAILS}; do
fi
if ifconfig | grep "^${_if}:" >/dev/null; then
if ifconfig | grep -qwF "${_ip}"; then
warn "Warning: IP address (${_ip}) already in use, continuing..."
warn "[WARNING]: IP address (${_ip}) already in use, continuing..."
fi
## add ip to firewall table if it is not reachable through local interface (assumes NAT/rdr is needed)
if route -n get ${_ip} | grep "gateway" >/dev/null; then
pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip}"
fi
else
error_continue "Error: ${_if} interface does not exist."
error_continue "[ERROR]: ${_if} interface does not exist."
fi
done
fi
@@ -157,14 +157,14 @@ for _jail in ${JAILS}; do
fi
if ifconfig | grep "^${_if}:" >/dev/null; then
if ifconfig | grep -qwF "${_ip}"; then
warn "Warning: IP address (${_ip}) already in use, continuing..."
warn "[WARNING]: IP address (${_ip}) already in use, continuing..."
fi
## add ip to firewall table if it is not reachable through local interface (assumes NAT/rdr is needed)
if route -n get ${_ip} | grep "gateway" >/dev/null; then
pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip}"
fi
else
error_continue "Error: ${_if} interface does not exist."
error_continue "[ERROR]: ${_if} interface does not exist."
fi
done
fi

2
usr/local/share/bastille/stop.sh
View File

@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in
v) OPTION="-v" ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift

3
usr/local/share/bastille/sysrc.sh
View File

@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -88,6 +88,7 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do
# Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
else

3
usr/local/share/bastille/tags.sh
View File

@@ -56,7 +56,7 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
error_exit "Unknown Option: \"${1}\""
error_exit "[ERROR]: Unknown Option: \"${1}\""
;;
*)
break
@@ -119,4 +119,3 @@ for _jail in ${JAILS}; do
esac
done

34
usr/local/share/bastille/template.sh
View File

@@ -35,6 +35,7 @@
usage() {
error_notify "Usage: bastille template [option(s)] TARGET [--convert|project/template]"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
@@ -45,6 +46,7 @@ EOF
}
post_command_hook() {
_jail=$1
_cmd=$2
_args=$3
@@ -110,7 +112,7 @@ render() {
echo "Rendering File: ${_file_path}"
eval "sed -i '' ${ARG_REPLACEMENTS} '${_file_path}'"
else
warn "Path not found for render: ${2}"
warn "[WARNING]: Path not found for render: ${2}"
fi
}
@@ -123,7 +125,7 @@ line_in_file() {
echo "${_line}" >> "${_jailpath}/${_filepath}"
fi
else
warn "Path not found for line_in_file: ${_filepath}"
warn "[WARNING]: Path not found for line_in_file: ${_filepath}"
fi
}
@@ -147,7 +149,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -175,11 +177,11 @@ bastille_root_check
# Special case conversion of hook-style template files into a Bastillefile. -- cwells
if [ "${TARGET}" = '--convert' ]; then
if [ -d "${TEMPLATE}" ]; then # A relative path was provided. -- cwells
cd "${TEMPLATE}" || error_exit "Failed to change to directory: ${TEMPLATE}"
cd "${TEMPLATE}" || error_exit "[ERROR]: Failed to change to directory: ${TEMPLATE}"
elif [ -d "${bastille_template}" ]; then
cd "${bastille_template}" || error_exit "Failed to change to directory: ${TEMPLATE}"
cd "${bastille_template}" || error_exit "[ERROR]: Failed to change to directory: ${TEMPLATE}"
else
error_exit "Template not found: ${TEMPLATE}"
error_exit "[ERROR]: Template not found: ${TEMPLATE}"
fi
echo "Converting template: ${TEMPLATE}"
@@ -217,7 +219,7 @@ if [ "${TARGET}" = '--convert' ]; then
fi
done
info "Template converted: ${TEMPLATE}"
info "\nTemplate converted: ${TEMPLATE}"
exit 0
else
set_target "${TARGET}"
@@ -229,7 +231,7 @@ case ${TEMPLATE} in
if [ ! -d "${bastille_templatesdir}/${TEMPLATE_DIR}" ]; then
info "Bootstrapping ${TEMPLATE}..."
if ! bastille bootstrap "${TEMPLATE}"; then
error_exit "Failed to bootstrap template: ${TEMPLATE}"
error_exit "[ERROR]: Failed to bootstrap template: ${TEMPLATE}"
fi
fi
TEMPLATE="${TEMPLATE_DIR}"
@@ -238,14 +240,14 @@ case ${TEMPLATE} in
*/*)
if [ ! -d "${bastille_templatesdir}/${TEMPLATE}" ]; then
if [ ! -d ${TEMPLATE} ]; then
error_exit "${TEMPLATE} not found."
error_exit "[ERROR]: ${TEMPLATE} not found."
else
bastille_template=${TEMPLATE}
fi
fi
;;
*)
error_exit "Template name/URL not recognized."
error_exit "[ERROR]: Template name/URL not recognized."
esac
# Check for an --arg-file parameter. -- cwells
@@ -265,7 +267,7 @@ for _script_arg in "$@"; do
done
if [ -n "${ARG_FILE}" ] && [ ! -f "${ARG_FILE}" ]; then
error_exit "File not found: ${ARG_FILE}"
error_exit "[ERROR]: File not found: ${ARG_FILE}"
fi
for _jail in ${JAILS}; do
@@ -406,7 +408,7 @@ for _jail in ${JAILS}; do
if ! eval "bastille ${_cmd} ${_jail} ${_args}"; then
set +f
unset IFS
error_exit "Failed to execute command: ${_cmd}"
error_exit "[ERROR]: Failed to execute command: ${_cmd}"
fi
post_command_hook "${_jail}" "${_cmd}" "${_args}"
@@ -450,9 +452,9 @@ for _jail in ${JAILS}; do
info "[${_jail}]:${_hook} -- START"
if [ "${_hook}" = 'CMD' ] || [ "${_hook}" = 'PRE' ]; then
bastille cmd "${_jail}" /bin/sh < "${bastille_template}/${_hook}" || error_exit "Failed to execute command."
bastille cmd "${_jail}" /bin/sh < "${bastille_template}/${_hook}" || error_exit "[ERROR]: Failed to execute command."
elif [ "${_hook}" = 'PKG' ]; then
bastille pkg "${_jail}" install -y "$(cat "${bastille_template}/PKG")" || error_exit "Failed to install packages."
bastille pkg "${_jail}" install -y "$(cat "${bastille_template}/PKG")" || error_exit "[ERROR]: Failed to install packages."
bastille pkg "${_jail}" audit -F
else
while read _line; do
@@ -462,7 +464,7 @@ for _jail in ${JAILS}; do
# Replace "arg" variables in this line with the provided values. -- cwells
_line=$(echo "${_line}" | eval "sed ${ARG_REPLACEMENTS}")
eval "_args=\"${_args_template}\""
bastille "${_cmd}" "${_jail}" "${_args}" || error_exit "Failed to execute command."
bastille "${_cmd}" "${_jail}" "${_args}" || error_exit "[ERROR]: Failed to execute command."
done < "${bastille_template}/${_hook}"
fi
info "[${_jail}]:${_hook} -- END"
@@ -470,6 +472,6 @@ for _jail in ${JAILS}; do
fi
done
echo "Template applied: ${TEMPLATE}"
info "\nTemplate applied: ${TEMPLATE}"
done

2
usr/local/share/bastille/top.sh
View File

@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\""
*) error_exit "[ERROR]: Unknown Option: \"${1}\""
esac
done
shift

9
usr/local/share/bastille/umount.sh
View File

@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\""
*) error_exit "[ERROR]: Unknown Option: \"${1}\""
esac
done
shift
@@ -88,6 +88,7 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do
# Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
else
@@ -105,18 +106,18 @@ for _jail in ${JAILS}; do
# Exit if mount point non-existent
if [ -z "${_mount}" ] && [ -z "${_fstab_entry}" ]; then
error_continue "The specified mount point does not exist."
error_continue "[ERROR]: The specified mount point does not exist."
fi
# Unmount
if [ -n "${_mount}" ]; then
umount "${_jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}"
umount "${_jailpath}" || error_continue "[ERROR]: Failed to unmount volume: ${MOUNT_PATH}"
fi
# Remove entry from fstab
if [ -n "${_fstab_entry}" ]; then
if ! sed -E -i '' "\, +${_jailpath_fstab} +,d" "${bastille_jailsdir}/${_jail}/fstab"; then
error_continue "Failed to delete fstab entry: ${MOUNT_PATH}"
error_continue "[ERROR]: Failed to delete fstab entry: ${MOUNT_PATH}"
fi
fi

27
usr/local/share/bastille/update.sh
View File

@@ -75,7 +75,7 @@ while [ "$#" -gt 0 ]; do
a) AUTO=1 ;;
f) OPTION="-F" ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -91,12 +91,11 @@ TARGET="${1}"
bastille_root_check
if [ -f "/bin/midnightbsd-version" ]; then
echo -e "${COLOR_RED}Not yet supported on MidnightBSD.${COLOR_RESET}"
exit 1
error_exit "[ERROR]: Not yet supported on MidnightBSD."
fi
if freebsd-version | grep -qi HBSD; then
error_exit "Not yet supported on HardenedBSD."
error_exit "[ERROR]: Not yet supported on HardenedBSD."
fi
# Check for alternate/unsupported archs
@@ -122,7 +121,7 @@ jail_check() {
info "\n[${TARGET}]:"
if grep -qw "${bastille_jailsdir}/${TARGET}/root/.bastille" "${bastille_jailsdir}/${TARGET}/fstab"; then
error_notify "${TARGET} is not a thick container."
error_notify "[ERROR]: ${TARGET} is not a thick container."
error_exit "See 'bastille update RELEASE' to update thin jails."
fi
}
@@ -138,7 +137,7 @@ jail_update() {
if [ -d "${bastille_jailsdir}/${TARGET}" ]; then
CURRENT_VERSION=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null)
if [ -z "${CURRENT_VERSION}" ]; then
error_exit "Can't determine '${TARGET}' version."
error_exit "[ERROR]: Can't determine '${TARGET}' version."
else
env PAGER="/bin/cat" freebsd-update ${OPTION} \
--not-running-from-cron \
@@ -175,7 +174,7 @@ release_update() {
-f "${_freebsd_update_conf}" \
install --currently-running "${TARGET_TRIM}"
else
error_exit "${TARGET} not found. See 'bastille bootstrap RELEASE'."
error_exit "[ERROR]: ${TARGET} not found. See 'bastille bootstrap RELEASE'."
fi
}
@@ -185,13 +184,13 @@ template_update() {
_template_path=${bastille_templatesdir}/${BASTILLE_TEMPLATE}
if [ -d $_template_path ]; then
info "[${BASTILLE_TEMPLATE}]:"
git -C $_template_path pull ||\
error_notify "${BASTILLE_TEMPLATE} update unsuccessful."
info "\n[${BASTILLE_TEMPLATE}]:"
if ! git -C $_template_path pull; then
error_exit "[ERROR]: ${BASTILLE_TEMPLATE} update unsuccessful."
fi
bastille verify "${BASTILLE_TEMPLATE}"
else
error_exit "${BASTILLE_TEMPLATE} not found. See 'bastille bootstrap'."
error_exit "[ERROR]: ${BASTILLE_TEMPLATE} not found. See 'bastille bootstrap'."
fi
}
@@ -212,9 +211,9 @@ templates_update() {
fi
if [ "$_updated_templates" -ne "0" ]; then
info "$_updated_templates templates updated."
info "\n$_updated_templates templates updated."
else
error_exit "no templates found. See 'bastille bootstrap'."
error_exit "[ERROR]: No templates found. See 'bastille bootstrap'."
fi
}

23
usr/local/share/bastille/upgrade.sh
View File

@@ -72,7 +72,7 @@ while [ "$#" -gt 0 ]; do
a) AUTO=1 ;;
f) OPTION="-F" ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -95,19 +95,18 @@ set_target_single "${TARGET}"
# Check for unsupported actions
if [ -f "/bin/midnightbsd-version" ]; then
echo -e "${COLOR_RED}Not yet supported on MidnightBSD.${COLOR_RESET}"
exit 1
error_exit "[ERROR]: Not yet supported on MidnightBSD."
fi
if freebsd-version | grep -qi HBSD; then
error_exit "Not yet supported on HardenedBSD."
error_exit "[ERROR]: Not yet supported on HardenedBSD."
fi
thick_jail_check() {
local _jail="${1}"
# Check if the jail is thick and is running
# Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
else
@@ -121,7 +120,7 @@ thin_jail_check() {
local _jail="${1}"
# Check if the jail is thick and is running
# Validate jail state
check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille stop "${_jail}"
else
@@ -137,13 +136,13 @@ release_check() {
# Validate the release
if ! echo "${_release}" | grep -q "[0-9]\{2\}.[0-9]-[RELEASE,BETA,RC]"; then
error_exit "${_release} is not a valid release."
error_exit "[ERROR]: ${_release} is not a valid release."
fi
# Exit if NEWRELEASE doesn't exist
if [ "${THIN_JAIL}" -eq 1 ]; then
if [ ! -d "${bastille_releasesdir}/${_release}" ]; then
error_notify "Release not found: ${_release}"
error_notify "[ERROR]: Release not found: ${_release}"
error_exit "See 'bastille bootstrap ${_release} to bootstrap the release."
fi
fi
@@ -152,6 +151,7 @@ release_check() {
jail_upgrade() {
local _jailname="${1}"
if [ "${THIN_JAIL}" -eq 1 ]; then
local _oldrelease="$(bastille config ${_jailname} get osrelease)"
else
@@ -174,7 +174,7 @@ jail_upgrade() {
if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jailname}"
fi
echo "Upgraded ${_jailname}: ${_oldrelease} -> ${_newrelease}"
info "\nUpgraded ${_jailname}: ${_oldrelease} -> ${_newrelease}"
echo "See 'bastille etcupdate TARGET' to update /etc/rc.conf"
else
# Upgrade a thick jail
@@ -187,8 +187,7 @@ jail_upgrade() {
# Update "osrelease" entry inside jail.conf
sed -i '' "/osrelease/ s|${_oldrelease}|${_newrelease}|g" "${bastille_jailsdir}/${_jailname}/jail.conf"
echo
echo -e "${COLOR_YELLOW}Please run 'bastille upgrade ${_jailname} install', restart the jail, then run 'bastille upgrade ${_jailname} install' again to finish installing updates.${COLOR_RESET}"
warn "Please run 'bastille upgrade ${_jailname} install', restart the jail, then run 'bastille upgrade ${_jailname} install' again to finish installing updates."
fi
}
@@ -207,7 +206,7 @@ jail_updates_install() {
-f "${_freebsd_update_conf}" \
install
else
error_exit "${_jailname} not found. See 'bastille bootstrap RELEASE'."
error_exit "[ERROR]: ${_jailname} not found. See 'bastille bootstrap RELEASE'."
fi
}

20
usr/local/share/bastille/verify.sh
View File

@@ -47,17 +47,17 @@ EOF
verify_release() {
if [ -f "/bin/midnightbsd-version" ]; then
error_exit "Not yet supported on MidnightBSD."
error_exit "[ERROR]: Not yet supported on MidnightBSD."
fi
if freebsd-version | grep -qi HBSD; then
error_exit "Not yet supported on HardenedBSD."
error_exit "[ERROR]: Not yet supported on HardenedBSD."
fi
if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then
freebsd-update -b "${bastille_releasesdir}/${RELEASE}" --currently-running "${RELEASE}" IDS
else
error_exit "${RELEASE} not found. See 'bastille bootstrap'."
error_exit "[ERROR]: ${RELEASE} not found. See 'bastille bootstrap'."
fi
}
@@ -73,7 +73,7 @@ handle_template_include() {
bastille verify "${BASTILLE_TEMPLATE_USER}/${BASTILLE_TEMPLATE_REPO}"
;;
*)
error_exit "Template INCLUDE content not recognized."
error_exit "[ERROR]: Template INCLUDE content not recognized."
;;
esac
}
@@ -87,14 +87,14 @@ verify_template() {
_path=${_template_path}/${_hook}
if [ -s "${_path}" ]; then
_hook_validate=$((_hook_validate+1))
info "Detected ${_hook} hook."
info "\nDetected ${_hook} hook."
## line count must match newline count
# shellcheck disable=SC2046
# shellcheck disable=SC3003
if [ $(wc -l "${_path}" | awk '{print $1}') -ne "$(tr -d -c '\n' < "${_path}" | wc -c)" ]; then
info "[${_hook}]:"
error_notify "${BASTILLE_TEMPLATE}:${_hook} [failed]."
error_notify "[ERROR]: ${BASTILLE_TEMPLATE}:${_hook} [failed]."
error_notify "Line numbers don't match line breaks."
error_exit "Template validation failed."
## if INCLUDE; recursive verify
@@ -140,13 +140,13 @@ verify_template() {
# Remove bad templates
if [ "${_hook_validate}" -lt 1 ]; then
rm -rf "${_template_path}"
error_notify "No valid template hooks found."
error_notify "[ERROR]: No valid template hooks found."
error_exit "Template discarded."
fi
## if validated; ready to use
if [ "${_hook_validate}" -gt 0 ]; then
info "Template ready to use."
info "\nTemplate ready to use."
fi
}
@@ -161,7 +161,7 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
error_exit "Unknown Option: \"${1}\""
error_exit "[ERROR]: Unknown Option: \"${1}\""
;;
*)
break
@@ -195,3 +195,5 @@ case "${1}" in
usage
;;
esac
echo

6
usr/local/share/bastille/zfs.sh
View File

@@ -118,7 +118,7 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
error_notify "Unknown Option: \"${1}\""
error_notify "[ERROR]: Unknown Option: \"${1}\""
usage
;;
*)
@@ -139,12 +139,12 @@ set_target "${TARGET}"
# Check if ZFS is enabled
if ! checkyesno bastille_zfs_enable; then
error_exit "ZFS not enabled."
error_exit "[ERROR]: ZFS not enabled."
fi
# Check if zpool is defined
if [ -z "${bastille_zfs_zpool}" ]; then
error_exit "ZFS zpool not defined."
error_exit "[ERROR]: ZFS zpool not defined."
fi
case "${ACTION}" in