Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-30 09:20:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add \n to info _jail

Browse Source
This commit is contained in:
tschettervictor
2025-04-30 18:49:14 -06:00
parent 74c53072f1
commit 824ffb2980
28 changed files with 270 additions and 226 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
usr/local/share/bastille/cmd.sh
View File

@@ -76,7 +76,7 @@ while [ "$#" -gt 0 ]; do
esac
done
if [ $# -eq 0 ]; then
if [ "$#" -eq 0 ]; then
usage
fi
@@ -91,27 +91,32 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do
info "\n[${_jail}]:"
# Validate jail state before continuing
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}"
else
info "\n[${_jail}]:"
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"
COUNT=$(($COUNT+1))
# Allow executing commands on linux jails
if grep -qw "linsysfs" "${bastille_jailsdir}/${_jail}/fstab"; then
# Allow executing commands on Linux jails.
jexec -l -u root "${_jail}" "$@"
else
jexec -l -U root "${_jail}" "$@"
fi
ERROR_CODE=$?
if [ "${ERROR_CODE}" -ne 0 ]; then
warn "[${_jail}]: ${ERROR_CODE}"
fi
if [ "$COUNT" -eq 1 ]; then
RETURN=${ERROR_CODE}
else
@@ -124,6 +129,4 @@ done
if [ "${COUNT}" -gt 1 ] && [ "${RETURN}" -gt 0 ]; then
RETURN=1
return "${RETURN}"
fi
echo
fi

2
usr/local/share/bastille/config.sh
View File

@@ -120,7 +120,6 @@ for _jail in ${JAILS}; do
PROPERTY="priority"
BASTILLE_PROPERTY=1
FILE="${bastille_jailsdir}/${_jail}/boot.conf"
info "[${_jail}]:"
if [ "${ACTION}" = "set" ]; then
if echo "${VALUE}" | grep -Eq '^[0-9]+$'; then
sysrc -f "${FILE}" "${PROPERTY}=${VALUE}"
@@ -133,7 +132,6 @@ for _jail in ${JAILS}; do
elif [ "${PROPERTY}" = "boot" ]; then
BASTILLE_PROPERTY=1
FILE="${bastille_jailsdir}/${_jail}/boot.conf"
info "[${_jail}]:"
if [ "${ACTION}" = "set" ]; then
if [ "${VALUE}" = "on" ] || [ "${VALUE}" = "off" ]; then
sysrc -f "${FILE}" "${PROPERTY}=${VALUE}"

16
usr/local/share/bastille/console.sh
View File

@@ -87,8 +87,10 @@ bastille_root_check
set_target "${TARGET}"
validate_user() {
local _jail="${1}"
local _user="${2}"
if jexec -l "${_jail}" id "${_user}" >/dev/null 2>&1; then
USER_SHELL="$(jexec -l "${_jail}" getent passwd "${_user}}" | cut -d: -f7)"
if [ -n "${USER_SHELL}" ]; then
@@ -106,7 +108,9 @@ validate_user() {
}
check_fib() {
local _jail="${1}"
fib=$(grep 'exec.fib' "${bastille_jailsdir}/${_jail}/jail.conf" | awk '{print $3}' | sed 's/\;//g')
if [ -n "${fib}" ]; then
_setfib="setfib -F ${fib}"
@@ -114,19 +118,21 @@ check_fib() {
_setfib=""
fi
}
for _jail in ${JAILS}; do
info "\n[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}"
else
info "\n[${_jail}]:"
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"
LOGIN="$(jexec -l "${_jail}" which login)"
if [ -n "${USER}" ]; then
validate_user "${_jail}" "${USER}"
else
@@ -135,6 +141,4 @@ for _jail in ${JAILS}; do
${_setfib} jexec -l "${_jail}" $LOGIN -f root
fi
done
echo
done

21
usr/local/share/bastille/convert.sh
View File

@@ -82,24 +82,28 @@ CONVERT_RELEASE="${2}"
bastille_root_check
set_target_single "${TARGET}"
info "\n[${TARGET}]:"
# Validate jail state before continuing
check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-stopping ${TARGET}..."
bastille stop "${TARGET}"
else
else
info "\n[${TARGET}]:"
error_notify "Jail is running."
error_exit "Use [-a|--auto] to auto-stop the jail."
fi
info "\n[${TARGET}]:"
validate_release_name() {
local _name=${1}
local _sanity="$(echo "${_name}" | tr -c -d 'a-zA-Z0-9-_')"
if [ -n "$(echo "${_sanity}" | awk "/^[-_].*$/" )" ]; then
error_exit "Release names may not begin with (-|_) characters!"
elif [ "${_name}" != "${_sanity}" ]; then
error_exit "Release names may not contain special characters!"
fi
}
convert_jail_to_release() {
@@ -150,12 +154,13 @@ convert_jail_to_release() {
bastille destroy -af "${NAME}"
error_exit "Failed to create release. Please retry!"
else
info "Created ${_release} from ${_jailname}"
info "Created ${_release} from ${_jailname}\n"
fi
fi
}
convert_symlinks() {
# Work with the symlinks, revert on first cp error
if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then
# Retrieve old symlinks temporarily
@@ -235,7 +240,7 @@ start_convert() {
fi
mv "${bastille_jailsdir}/${TARGET}/root/.bastille" "${bastille_jailsdir}/${TARGET}/root/.bastille.old"
info "Conversion of '${TARGET}' completed successfully!"
info "Conversion of '${TARGET}' completed successfully!\n"
exit 0
else
error_exit "Can't determine release version. See 'bastille bootstrap'."
@@ -248,12 +253,14 @@ start_convert() {
# Convert thin jail to thick jail if only one arg
# Convert jail to release if two args
if [ "$#" -eq 1 ]; then
# Check if jail is a thin jail
if [ ! -d "${bastille_jailsdir}/${TARGET}/root/.bastille" ]; then
error_exit "${TARGET} is not a thin container."
elif ! grep -qw ".bastille" "${bastille_jailsdir}/${TARGET}/fstab"; then
error_exit "${TARGET} is not a thin container."
fi
# Make sure the user agree with the conversion
# Be interactive here since this cannot be easily undone
while :; do
@@ -278,5 +285,3 @@ elif [ "$#" -eq 2 ]; then
else
usage
fi
echo

4
usr/local/share/bastille/cp.sh
View File

@@ -98,6 +98,4 @@ for _jail in ${JAILS}; do
error_continue "CP failed: ${host_path} -> ${jail_path}"
fi
done
echo
done

29
usr/local/share/bastille/destroy.sh
View File

@@ -53,27 +53,32 @@ destroy_jail() {
for _jail in ${JAILS}; do
info "[${_jail}]:"
bastille_jail_base="${bastille_jailsdir}/${_jail}"
bastille_jail_log="${bastille_logsdir}/${_jail}_console.log"
# Validate jail state before continuing
check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-stopping ${_jail}..."
bastille stop "${_jail}"
else
info "\n[${_jail}]:"
error_notify "Jail is running."
error_continue "Use [-a|--auto] to auto-stop the jail."
fi
info "\n[${_jail}]:"
if [ -d "${bastille_jail_base}" ]; then
# Make sure no filesystem is currently mounted
mount_points="$(mount | cut -d ' ' -f 3 | grep ${bastille_jail_base}/root/)"
if [ -n "${mount_points}" ]; then
error_notify "Failed to destroy jail: ${_jail}"
error_continue_next_jail "Jail has mounted filesystems:\n$mount_points"
error_continue "Jail has mounted filesystems:\n$mount_points"
fi
info "Deleting Jail: ${_jail}."
echo "Destroying jail..."
if checkyesno bastille_zfs_enable; then
if [ -n "${bastille_zfs_zpool}" ]; then
if [ -n "${_jail}" ]; then
@@ -85,7 +90,7 @@ destroy_jail() {
# This will deal with the common "cannot unmount 'XYZ': pool or dataset is busy"
# unless the force option is defined by the user, otherwise will have a partially deleted jail.
if ! zfs destroy "${OPTIONS}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"; then
error_continue_next_jail "[ERROR]: Jail dataset(s) appears to be busy, exiting."
error_continue "[ERROR]: Jail dataset(s) appears to be busy, exiting."
fi
fi
fi
@@ -102,13 +107,13 @@ destroy_jail() {
# Archive jail log
if [ -f "${bastille_jail_log}" ]; then
mv "${bastille_jail_log}" "${bastille_jail_log}"-"$(date +%F)"
info "Note: jail console logs archived."
info "${bastille_jail_log}-$(date +%F)"
echo "Note: jail console logs archived."
echo "${bastille_jail_log}-$(date +%F)"
fi
# Clear any active rdr rules
if [ ! -z "$(pfctl -a "rdr/${_jail}" -Psn 2>/dev/null)" ]; then
info "Clearing RDR rules:"
echo "Clearing RDR rules..."
pfctl -a "rdr/${_jail}" -Fn
fi
fi
@@ -129,6 +134,8 @@ destroy_rel() {
bastille_rel_base="${bastille_releasesdir}/${TARGET}" ## dir
info "\nAttempting to destroy release: ${TARGET}"
## check if this release have containers child
BASE_HASCHILD="0"
if [ -d "${bastille_jailsdir}" ]; then
@@ -162,7 +169,7 @@ destroy_rel() {
error_exit "Release base not found."
else
if [ "${BASE_HASCHILD}" -eq "0" ]; then
info "Deleting base: ${TARGET}"
echo "Deleting base..."
if checkyesno bastille_zfs_enable; then
if [ -n "${bastille_zfs_zpool}" ]; then
if [ -n "${TARGET}" ]; then
@@ -304,5 +311,3 @@ case "${TARGET}" in
destroy_jail "${JAILS}"
;;
esac
echo

33
usr/local/share/bastille/etcupdate.sh
View File

@@ -44,8 +44,10 @@ EOF
}
bootstrap_etc_release() {
local _release="${1}"
local _current="$(sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives | awk -F': ' '{print $2}')"
if [ -z "$(ls -A "${bastille_releasesdir}/${_release}/usr/src")" ]; then
sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives=src
if ! bastille bootstrap "${_release}" > /dev/null; then
@@ -58,13 +60,15 @@ bootstrap_etc_release() {
}
bootstrap_etc_tarball() {
local _release="${1}"
if [ ! -f ${bastille_cachedir}/${_release}.tbz2 ]; then
echo "\nBuilding tarball, please wait..."
echo "Building tarball, please wait..."
if ! etcupdate build -d /tmp/etcupdate -s ${bastille_releasesdir}/${_release}/usr/src ${bastille_cachedir}/${_release}.tbz2; then
error_exit "Failed to build etcupdate tarball \"${_release}.tbz2\""
else
info "\nEtcupdate bootstrap complete: ${_release}"
info "Etcupdate bootstrap complete: ${_release}"
fi
elif [ -f ${bastille_cachedir}/${_release}.tbz2 ] && [ "${FORCE}" -eq 1 ]; then
rm -f "${bastille_cachedir}/${_release}.tbz2"
@@ -72,42 +76,50 @@ bootstrap_etc_tarball() {
if ! etcupdate build -d /tmp/etcupdate -s ${bastille_releasesdir}/${_release}/usr/src ${bastille_cachedir}/${_release}.tbz2; then
error_exit "[ERROR]: Failed to build etcupdate tarball: ${_release}.tbz2"
else
info "\nEtcupdate bootstrap complete: ${_release}"
info "Etcupdate bootstrap complete: ${_release}"
fi
else
info "\nEtcupdate release has already been prepared for application: ${_release}"
info "Etcupdate release has already been prepared for application: ${_release}"
fi
}
diff_review() {
local _jail="${1}"
if [ "${DRY_RUN}" -eq 1 ]; then
error_exit "[ERROR]: diff mode does not support [-d|--dryrun]"
fi
info "\n[${_jail}]: etcupdate --diff mode"
echo "Running: etcupdate --diff mode"
etcupdate diff -D "${bastille_jailsdir}/${_jail}/root"
}
resolve_conflicts() {
local _jail="${1}"
if [ "${DRY_RUN}" -eq 1 ]; then
error_exit "[ERROR]: resolve mode does not support [-d|--dryrun]"
fi
info "\n[${_jail}]: etcupdate resolve"
echo "Running: etcupdate resolve"
etcupdate resolve -D "${bastille_jailsdir}/${_jail}/root"
}
update_jail_etc() {
local _jail="${1}"
local _release="${2}"
if [ ! -f ${bastille_cachedir}/${_release}.tbz2 ]; then
error_exit "Error: Please run \"bastille etcupdate bootstrap RELEASE\" first."
fi
if [ "${DRY_RUN}" -eq 1 ]; then
info "\n[${_jail}]: etcupdate update --dry-run"
echo "Running: etcupdate update --dry-run"
etcupdate -n -D "${bastille_jailsdir}/${_jail}/root" -t ${bastille_cachedir}/${_release}.tbz2
else
info "\n[${_jail}]: etcupdate update"
echo "Running: etcupdate update"
etcupdate -D "${bastille_jailsdir}/${_jail}/root" -t ${bastille_cachedir}/${_release}.tbz2
fi
}
@@ -161,6 +173,7 @@ while [ "$#" -gt 0 ]; do
usage
else
RELEASE="${2}"
info "Attempting to bootstrap etcupdate release: ${RELEASE}..."
bootstrap_etc_release "${RELEASE}"
bootstrap_etc_tarball "${RELEASE}"
shift "$#"
@@ -170,7 +183,11 @@ while [ "$#" -gt 0 ]; do
TARGET="${1}"
ACTION="${2}"
RELEASE="${3}"
set_target_single "${TARGET}"
info "\n[${TARGET}]:"
case "${ACTION}" in
diff)
diff_review "${TARGET}"

19
usr/local/share/bastille/export.sh
View File

@@ -194,6 +194,8 @@ fi
bastille_root_check
set_target_single "${TARGET}"
info "\n[${_jail}]:"
# Validate for combined options
if [ "${COMP_OPTION}" -gt "1" ]; then
error_exit "Error: Only one compression format can be used during export."
@@ -277,7 +279,7 @@ export_check() {
EXPORT_INFO="to a compressed ${FILE_EXT} ${EXPORT_TYPE}"
fi
info "${EXPORT_AS} '${TARGET}' ${EXPORT_INFO}..."
echo "${EXPORT_AS} '${TARGET}' ${EXPORT_INFO}..."
fi
# Safely stop and snapshot the jail
@@ -291,15 +293,13 @@ export_check() {
if checkyesno bastille_zfs_enable; then
if [ -z "${USER_EXPORT}" ]; then
info "Sending ZFS data stream..."
echo "Sending ZFS data stream..."
fi
fi
}
jail_export() {
info "\n[${_jail}]:"
# Attempt to export the container
DATE=$(date +%F-%H%M%S)
if checkyesno bastille_zfs_enable; then
@@ -345,13 +345,13 @@ jail_export() {
FILE_EXT=".tgz"
# Create standard tgz backup archive
info "Exporting '${TARGET}' to a compressed ${FILE_EXT} archive..."
echo "Exporting '${TARGET}' to a compressed ${FILE_EXT} archive..."
cd "${bastille_jailsdir}" && tar -cf - "${TARGET}" | gzip ${bastille_compress_gz_options} > "${bastille_backupsdir}/${TARGET}_${DATE}${FILE_EXT}"
elif [ -n "${TXZ_EXPORT}" ]; then
FILE_EXT=".txz"
# Create standard txz backup archive
info "Exporting '${TARGET}' to a compressed ${FILE_EXT} archive..."
echo "Exporting '${TARGET}' to a compressed ${FILE_EXT} archive..."
cd "${bastille_jailsdir}" && tar -cf - "${TARGET}" | xz ${bastille_compress_xz_options} > "${bastille_backupsdir}/${TARGET}_${DATE}${FILE_EXT}"
else
error_exit "Error: export option required"
@@ -366,7 +366,7 @@ jail_export() {
# Generate container checksum file
cd "${bastille_backupsdir}" || error_exit "Failed to change directory."
sha256 -q "${TARGET}_${DATE}${FILE_EXT}" > "${TARGET}_${DATE}.sha256"
info "Exported '${bastille_backupsdir}/${TARGET}_${DATE}${FILE_EXT}' successfully."
echo "Exported '${bastille_backupsdir}/${TARGET}_${DATE}${FILE_EXT}' successfully."
fi
exit 0
fi
@@ -378,6 +378,7 @@ if [ ! -d "${bastille_backupsdir}" ]; then
fi
if [ -n "${TARGET}" ]; then
if [ ! -d "${bastille_jailsdir}/${TARGET}" ]; then
error_exit "[${TARGET}]: Not found."
fi
@@ -390,6 +391,4 @@ if [ -n "${TARGET}" ]; then
fi
fi
jail_export
fi
echo
fi

10
usr/local/share/bastille/htop.sh
View File

@@ -85,16 +85,16 @@ TARGET="${1}"
bastille_root_check
set_target_single "${TARGET}"
info "[${TARGET}]:"
check_target_is_running "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${TARGET}..."
bastille start "${TARGET}"
else
else
info "\n[${TARGET}]:"
error_notify "Jail is not running."
error_continue_next_jail "Use [-a|--auto] to auto-start the jail."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${TARGET}]:"
if [ ! -x "${bastille_jailsdir}/${TARGET}/root/usr/local/bin/htop" ]; then
error_notify "htop not found on ${TARGET}."
elif [ -x "${bastille_jailsdir}/${TARGET}/root/usr/local/bin/htop" ]; then

118
usr/local/share/bastille/import.sh
View File

@@ -117,13 +117,13 @@ validate_archive() {
# Skip validation for unsupported archive
if [ -f "${bastille_backupsdir}/${TARGET}" ]; then
if [ -f "${bastille_backupsdir}/${FILE_TRIM}.sha256" ]; then
info "Validating file: ${TARGET}..."
echo "Validating file: ${TARGET}..."
SHA256_DIST=$(cat "${bastille_backupsdir}/${FILE_TRIM}.sha256")
SHA256_FILE=$(sha256 -q "${bastille_backupsdir}/${TARGET}")
if [ "${SHA256_FILE}" != "${SHA256_DIST}" ]; then
error_exit "Failed validation for ${TARGET}."
else
info "File validation successful!"
echo "File validation successful!"
fi
else
# Check if user opt to force import
@@ -141,7 +141,7 @@ update_zfsmount() {
OLD_ZFS_MOUNTPOINT=$(zfs get -H mountpoint "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}/root" | awk '{print $3}')
NEW_ZFS_MOUNTPOINT="${bastille_jailsdir}/${TARGET_TRIM}/root"
if [ "${NEW_ZFS_MOUNTPOINT}" != "${OLD_ZFS_MOUNTPOINT}" ]; then
info "Updating ZFS mountpoint..."
echo "Updating ZFS mountpoint..."
zfs set mountpoint="${bastille_jailsdir}/${TARGET_TRIM}/root" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}/root"
fi
@@ -159,7 +159,7 @@ update_jailconf() {
JAIL_CONFIG="${bastille_jailsdir}/${TARGET_TRIM}/jail.conf"
if [ -f "${JAIL_CONFIG}" ]; then
if ! grep -qw "path = ${bastille_jailsdir}/${TARGET_TRIM}/root;" "${JAIL_CONFIG}"; then
info "Updating jail.conf..."
echo "Updating jail.conf..."
sed -i '' "s|exec.consolelog.*=.*;|exec.consolelog = ${bastille_logsdir}/${TARGET_TRIM}_console.log;|" "${JAIL_CONFIG}"
sed -i '' "s|path.*=.*;|path = ${bastille_jailsdir}/${TARGET_TRIM}/root;|" "${JAIL_CONFIG}"
sed -i '' "s|mount.fstab.*=.*;|mount.fstab = ${bastille_jailsdir}/${TARGET_TRIM}/fstab;|" "${JAIL_CONFIG}"
@@ -182,7 +182,7 @@ update_fstab_import() {
if [ -n "${FSTAB_CURRENT}" ] && [ -n "${FSTAB_NEWCONF}" ]; then
# If both variables are set, compare and update as needed
if ! grep -qw "${bastille_releasesdir}/${FSTAB_RELEASE}.*${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille" "${FSTAB_CONFIG}"; then
info "Updating fstab..."
echo "Updating fstab..."
if [ -n "${RELEASE}" ]; then
FSTAB_NEWCONF="${RELEASE}"
fi
@@ -194,7 +194,7 @@ update_fstab_import() {
generate_config() {
# Attempt to read previous config file and set required variables accordingly
# If we can't get a valid interface, fallback to lo1 and warn user
info "Generating jail.conf..."
echo "Generating jail.conf..."
DEVFS_RULESET=4
if [ "${FILE_EXT}" = ".zip" ]; then
@@ -241,43 +241,43 @@ generate_config() {
else
# If there are multiple IP/NIC let the user configure network
IP4_DEFINITION=""
IP6_DEFINITION=""
IP6_DEFINITION=""
IP6_MODE="disable"
# IP4 set, but not IP6
# IP4 set, but not IP6
if [ -n "${IP4_CONFIG}" ] && [ -z "${IP6_CONFIG}" ]; then
if ! echo "${IP4_CONFIG}" | grep -q '.*,.*'; then
IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g')
if [ -z "${IP4_IF}" ]; then
config_netif
IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};"
IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};"
IP6_MODE="disable"
else
IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};"
IP6_MODE="disable"
fi
IP6_MODE="disable"
fi
else
IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g')
if [ -z "${IP4_IF}" ]; then
config_netif
IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};"
IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};"
IP6_MODE="disable"
else
IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};"
IP6_MODE="disable"
fi
IP6_MODE="disable"
fi
fi
# IP6 set, but not IP4
# IP6 set, but not IP4
elif [ -z "${IP4_CONFIG}" ] && [ -z "${IP6_CONFIG}" ]; then
if ! echo "${IP6_CONFIG}" | grep -q '.*,.*'; then
IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g')
if [ -z "${IP6_IF}" ]; then
config_netif
IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};"
IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};"
IP6_MODE="new"
else
IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};"
IP6_MODE="new"
fi
IP6_MODE="new"
fi
else
IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g')
if [ -z "${IP6_IF}" ]; then
@@ -286,48 +286,48 @@ generate_config() {
IP6_MODE="new"
else
IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};"
IP6_MODE="new"
fi
IP6_MODE="new"
fi
fi
# IP4 and IP6 both set
elif [ -n "${IP4_CONFIG}" ] && [ -n "${IP6_CONFIG}" ]; then
elif [ -n "${IP4_CONFIG}" ] && [ -n "${IP6_CONFIG}" ]; then
if ! echo "${IP4_CONFIG}" | grep -q '.*,.*'; then
IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g')
if [ -z "${IP4_IF}" ]; then
config_netif
IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};"
IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};"
else
IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};"
fi
fi
else
IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g')
if [ -z "${IP4_IF}" ]; then
config_netif
IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};"
IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};"
else
IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};"
fi
fi
fi
if ! echo "${IP6_CONFIG}" | grep -q '.*,.*'; then
IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g')
if [ -z "${IP6_IF}" ]; then
config_netif
IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};"
IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};"
IP6_MODE="new"
else
IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};"
IP6_MODE="new"
fi
IP6_MODE="new"
fi
else
IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g')
if [ -z "${IP6_IF}" ]; then
config_netif
IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};"
IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};"
IP6_MODE="new"
else
IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};"
else
IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};"
IP6_MODE="new"
fi
fi
fi
# ezjail import
elif [ -n "${IPVX_CONFIG}" ]; then
@@ -335,14 +335,14 @@ generate_config() {
NETIF_CONFIG=$(echo "${IPVX_CONFIG}" | grep '.*|' | sed 's/|.*//g')
if [ -z "${NETIF_CONFIG}" ]; then
config_netif
IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IPVX_CONFIG};"
IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IPVX_CONFIG};"
IP6_MODE="disable"
else
IP4_DEFINITION="ip4.addr = ${IPVX_CONFIG};"
IP6_MODE="disable"
fi
IP6_MODE="disable"
fi
if echo "${IPVX_CONFIG}" | sed 's/.*|//' | grep -Eq '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$))'; then
IP4_DEFINITION=""
IP4_DEFINITION=""
IP6_DEFINITION="ip6.addr = ${IPVX_CONFIG};"
IP6_MODE="new"
fi
@@ -405,6 +405,7 @@ EOF
}
update_config() {
# Update an existing jail configuration
# The config on select archives does not provide a clear way to determine
# the base release, so lets try to get it from the base/COPYRIGHT file,
@@ -414,11 +415,13 @@ update_config() {
else
CONFIG_RELEASE="${RELEASE}"
fi
if [ -z "${CONFIG_RELEASE}" ]; then
# Fallback to host version
CONFIG_RELEASE=$(freebsd-version | sed 's/\-[pP].*//')
warn "Warning: ${CONFIG_RELEASE} was set by default!"
fi
mkdir "${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille"
echo "${bastille_releasesdir}/${CONFIG_RELEASE} ${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille nullfs ro 0 0" \
>> "${bastille_jailsdir}/${TARGET_TRIM}/fstab"
@@ -483,7 +486,7 @@ update_symlinks() {
fi
# Update old symlinks
info "Updating symlinks..."
echo "Updating symlinks..."
for _link in ${SYMLINKS}; do
if [ -L "${_link}" ]; then
ln -sf /.bastille/${_link} ${_link}
@@ -500,8 +503,8 @@ update_symlinks() {
create_zfs_datasets() {
# Prepare the ZFS environment and restore from file
info "Importing '${TARGET_TRIM}' from foreign compressed ${FILE_EXT} archive."
info "Preparing ZFS environment..."
echo "Importing '${TARGET_TRIM}' from foreign compressed ${FILE_EXT} archive."
echo "Preparing ZFS environment..."
# Create required ZFS datasets, mountpoint inherited from system
zfs create ${bastille_zfs_options} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}"
@@ -525,8 +528,8 @@ jail_import() {
if [ "${FILE_EXT}" = ".xz" ]; then
validate_archive
# Import from compressed xz on ZFS systems
info "Importing '${TARGET_TRIM}' from compressed ${FILE_EXT} image."
info "Receiving ZFS data stream..."
echo "Importing '${TARGET_TRIM}' from compressed ${FILE_EXT} image."
echo "Receiving ZFS data stream..."
xz ${bastille_decompress_xz_options} "${bastille_backupsdir}/${TARGET}" | \
zfs receive ${OPT_ZRECV} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}"
@@ -535,8 +538,8 @@ jail_import() {
elif [ "${FILE_EXT}" = ".gz" ]; then
validate_archive
# Import from compressed xz on ZFS systems
info "Importing '${TARGET_TRIM}' from compressed ${FILE_EXT} image."
info "Receiving ZFS data stream..."
echo "Importing '${TARGET_TRIM}' from compressed ${FILE_EXT} image."
echo "Receiving ZFS data stream..."
gzip ${bastille_decompress_gz_options} "${bastille_backupsdir}/${TARGET}" | \
zfs receive ${OPT_ZRECV} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}"
@@ -549,7 +552,7 @@ jail_import() {
create_zfs_datasets
# Extract required files to the new datasets
info "Extracting files from '${TARGET}' archive..."
echo "Extracting files from '${TARGET}' archive..."
tar --exclude='root' -Jxf "${bastille_backupsdir}/${TARGET}" --strip-components 1 -C "${bastille_jailsdir}/${TARGET_TRIM}"
tar -Jxf "${bastille_backupsdir}/${TARGET}" --strip-components 2 -C "${bastille_jailsdir}/${TARGET_TRIM}/root" "${TARGET_TRIM}/root"
if [ "$?" -ne 0 ]; then
@@ -561,7 +564,7 @@ jail_import() {
create_zfs_datasets
# Extract required files to the new datasets
info "Extracting files from '${TARGET}' archive..."
echo "Extracting files from '${TARGET}' archive..."
tar --exclude='root' -xf "${bastille_backupsdir}/${TARGET}" --strip-components 1 -C "${bastille_jailsdir}/${TARGET_TRIM}"
tar -xf "${bastille_backupsdir}/${TARGET}" --strip-components 2 -C "${bastille_jailsdir}/${TARGET_TRIM}/root" "${TARGET_TRIM}/root"
if [ "$?" -ne 0 ]; then
@@ -570,7 +573,7 @@ jail_import() {
elif [ "${FILE_EXT}" = ".zip" ]; then
validate_archive
# Attempt to import a foreign/iocage container
info "Importing '${TARGET_TRIM}' from foreign compressed ${FILE_EXT} archive."
echo "Importing '${TARGET_TRIM}' from foreign compressed ${FILE_EXT} archive."
# Sane bastille ZFS options
ZFS_OPTIONS=$(echo ${bastille_zfs_options} | sed 's/-o//g')
@@ -580,7 +583,7 @@ jail_import() {
error_exit "Failed to extract files from '${TARGET}' archive."
rm -f "${FILE_TRIM}" "${FILE_TRIM}_root"
fi
info "Receiving ZFS data stream..."
echo "Receiving ZFS data stream..."
zfs receive ${OPT_ZRECV} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}" < "${FILE_TRIM}"
zfs set ${ZFS_OPTIONS} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}"
zfs receive ${OPT_ZRECV} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}/root" < "${FILE_TRIM}_root"
@@ -604,7 +607,7 @@ jail_import() {
create_zfs_datasets
# Extract required files to the new datasets
info "Extracting files from '${TARGET}' archive..."
echo "Extracting files from '${TARGET}' archive..."
tar --exclude='ezjail/' -xf "${bastille_backupsdir}/${TARGET}" -C "${bastille_jailsdir}/${TARGET_TRIM}"
tar -xf "${bastille_backupsdir}/${TARGET}" --strip-components 1 -C "${bastille_jailsdir}/${TARGET_TRIM}/root"
if [ "$?" -ne 0 ]; then
@@ -619,7 +622,7 @@ jail_import() {
workout_components
# Extract required files to the new datasets
info "Extracting files from '${TARGET}' archive..."
echo "Extracting files from '${TARGET}' archive..."
tar -xf "${bastille_backupsdir}/${TARGET}" --strip-components "${CONF_TRIM}" -C "${bastille_jailsdir}/${TARGET_TRIM}" "${JAIL_CONF}"
tar -xf "${bastille_backupsdir}/${TARGET}" --strip-components "${DIRS_PLUS}" -C "${bastille_jailsdir}/${TARGET_TRIM}/root" "${JAIL_PATH}"
if [ -f "${bastille_jailsdir}/${TARGET_TRIM}/${TARGET_TRIM}" ]; then
@@ -636,8 +639,8 @@ jail_import() {
validate_archive
# Based on the file name, looks like we are importing a raw bastille image
# Import from uncompressed image file
info "Importing '${TARGET_TRIM}' from uncompressed image archive."
info "Receiving ZFS data stream..."
echo "Importing '${TARGET_TRIM}' from uncompressed image archive."
echo "Receiving ZFS data stream..."
zfs receive ${OPT_ZRECV} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}" < "${bastille_backupsdir}/${TARGET}"
# Update ZFS mountpoint property if required
@@ -659,21 +662,21 @@ jail_import() {
else
# Import from standard supported archives on UFS systems
if [ "${FILE_EXT}" = ".txz" ]; then
info "Extracting files from '${TARGET}' archive..."
echo "Extracting files from '${TARGET}' archive..."
tar -Jxf "${bastille_backupsdir}/${TARGET}" -C "${bastille_jailsdir}"
elif [ "${FILE_EXT}" = ".tgz" ]; then
info "Extracting files from '${TARGET}' archive..."
echo "Extracting files from '${TARGET}' archive..."
tar -xf "${bastille_backupsdir}/${TARGET}" -C "${bastille_jailsdir}"
elif [ "${FILE_EXT}" = ".tar.gz" ]; then
# Attempt to import/configure foreign/ezjail container
info "Extracting files from '${TARGET}' archive..."
echo "Extracting files from '${TARGET}' archive..."
mkdir "${bastille_jailsdir}/${TARGET_TRIM}"
tar -xf "${bastille_backupsdir}/${TARGET}" -C "${bastille_jailsdir}/${TARGET_TRIM}"
mv "${bastille_jailsdir}/${TARGET_TRIM}/ezjail" "${bastille_jailsdir}/${TARGET_TRIM}/root"
generate_config
elif [ "${FILE_EXT}" = ".tar" ]; then
# Attempt to import/configure foreign/qjail container
info "Extracting files from '${TARGET}' archive..."
echo "Extracting files from '${TARGET}' archive..."
mkdir -p "${bastille_jailsdir}/${TARGET_TRIM}/root"
workout_components
tar -xf "${bastille_backupsdir}/${TARGET}" --strip-components "${CONF_TRIM}" -C "${bastille_jailsdir}/${TARGET_TRIM}" "${JAIL_CONF}"
@@ -695,7 +698,7 @@ jail_import() {
update_jailconf
update_fstab_import
if [ -z "${USER_IMPORT}" ]; then
info "Container '${TARGET_TRIM}' imported successfully."
echo "Container '${TARGET_TRIM}' imported successfully."
fi
exit 0
fi
@@ -746,7 +749,6 @@ elif [ -n "${TARGET_TRIM}" ]; then
fi
if [ -n "${TARGET}" ]; then
info "\nAttempting to import jail: ${TARGET}..."
jail_import
fi
echo

4
usr/local/share/bastille/jcp.sh
View File

@@ -105,6 +105,4 @@ for _jail in ${DEST_TARGET}; do
fi
fi
done
echo
done

18
usr/local/share/bastille/limits.sh
View File

@@ -51,9 +51,9 @@ EOF
AUTO=0
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
usage
;;
-h|--help|help)
usage
;;
-a|--auto)
AUTO=1
shift
@@ -103,16 +103,15 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do
info "\n[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}"
else
info "[${_jail}]:"
info "\n[${_jail}]:"
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"
case "${ACTION}" in
add)
@@ -190,7 +189,4 @@ for _jail in ${JAILS}; do
fi
;;
esac
done
echo
done

12
usr/local/share/bastille/mount.sh
View File

@@ -143,16 +143,16 @@ fi
for _jail in ${JAILS}; do
info "\n[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}"
else
info "\n[${_jail}]:"
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"
_fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}" 2>/dev/null | sed 's#//#/#' )"
_fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}" 2>/dev/null | sed 's#//#/#' )"
_fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}"
@@ -199,7 +199,5 @@ for _jail in ${JAILS}; do
echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab" || error_continue "Failed to create fstab entry: ${_fstab_entry}"
mount -F "${bastille_jailsdir}/${_jail}/fstab" -a || error_continue "Failed to mount volume: ${_fullpath}"
echo "Added: ${_fstab_entry}"
done
echo
done

4
usr/local/share/bastille/network.sh
View File

@@ -167,9 +167,9 @@ bastille_root_check
set_target_single "${TARGET}"
check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-stopping ${TARGET}..."
bastille stop "${TARGET}"
else
else
info "\n[${_jail}]:"
error_notify "Jail is running."
error_exit "Use [-a|--auto] to auto-stop the jail."
fi

10
usr/local/share/bastille/pkg.sh
View File

@@ -97,17 +97,19 @@ errors=0
for _jail in ${JAILS}; do
info "\n[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}"
else
else
info "\n[${_jail}]:"
error_notify "Jail is not running."
error_continue_next_jail "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"
bastille_jail_path="${bastille_jailsdir}/${_jail}/root"
if [ -f "/usr/sbin/mport" ]; then
if ! jexec -l -U root "${_jail}" /usr/sbin/mport "$@"; then
errors=1
@@ -131,5 +133,3 @@ done
if [ $errors -ne 0 ]; then
error_exit "Failed to apply on some jails, please check logs"
fi
echo

21
usr/local/share/bastille/rdr.sh
View File

@@ -49,10 +49,13 @@ EOF
}
check_jail_validity() {
# Validate jail network type and set IP4/6
if [ "$( bastille config ${TARGET} get vnet )" != 'enabled' ]; then
_ip4_interfaces="$(bastille config ${TARGET} get ip4.addr | sed 's/,/ /g')"
_ip6_interfaces="$(bastille config ${TARGET} get ip6.addr | sed 's/,/ /g')"
# Check if jail ip4.addr is valid (non-VNET only)
if [ "${_ip4_interfaces}" != "not set" ] && [ "${_ip4_interfaces}" != "disable" ]; then
if echo "${_ip4_interfaces}" | grep -q "|"; then
@@ -61,6 +64,7 @@ check_jail_validity() {
JAIL_IP="$(echo ${_ip4_interfaces} | sed -E 's#/[0-9]+$##g')"
fi
fi
# Check if jail ip6.addr is valid (non-VNET only)
if [ "${_ip6_interfaces}" != "not set" ] && [ "${_ip6_interfaces}" != "disable" ]; then
if echo "${_ip6_interfaces}" | grep -q "|"; then
@@ -80,8 +84,10 @@ check_jail_validity() {
}
check_rdr_ip_validity() {
local ip="${1}"
local ip6="$( echo "${ip}" | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$)|SLAAC)' )"
if [ -n "${ip6}" ]; then
info "Valid: (${ip6})."
else
@@ -103,12 +109,14 @@ check_rdr_ip_validity() {
}
validate_rdr_rule() {
local if="${1}"
local src="${2}"
local dst="${3}"
local proto="${4}"
local host_port="${5}"
local jail_port="${6}"
if grep -qs "$if $src $dst $proto $host_port $jail_port" "${bastille_jailsdir}/${TARGET}/rdr.conf"; then
error_notify "Error: Ports already in use on this interface."
error_exit "See 'bastille list ports' or 'bastille rdr TARGET reset'."
@@ -116,6 +124,7 @@ validate_rdr_rule() {
}
persist_rdr_rule() {
local inet="${1}"
local if="${2}"
local src="${3}"
@@ -123,12 +132,14 @@ persist_rdr_rule() {
local proto="${5}"
local host_port="${6}"
local jail_port="${7}"
if ! grep -qs "$inet $if $src $dst $proto $host_port $jail_port" "${bastille_jailsdir}/${TARGET}/rdr.conf"; then
echo "$inet $if $src $dst $proto $host_port $jail_port" >> "${bastille_jailsdir}/${TARGET}/rdr.conf"
fi
}
persist_rdr_log_rule() {
local inet="${1}"
local if="${2}"
local src="${3}"
@@ -138,12 +149,14 @@ persist_rdr_log_rule() {
local jail_port="${7}"
shift 7;
log=$@;
if ! grep -qs "$inet $if $src $dst $proto $host_port $jail_port $log" "${bastille_jailsdir}/${TARGET}/rdr.conf"; then
echo "$inet $if $src $dst $proto $host_port $jail_port $log" >> "${bastille_jailsdir}/${TARGET}/rdr.conf"
fi
}
load_rdr_rule() {
local inet="${1}"
local if_name="${2}"
local if=ext_if=\"${2}\"
@@ -152,6 +165,7 @@ load_rdr_rule() {
local proto="${5}"
local host_port="${6}"
local jail_port="${7}"
# Create IPv4 rdr rule
# shellcheck disable=SC2193
if { [ "${inet}" = "ipv4" ] || [ "${inet}" = "dual" ]; } then
@@ -177,6 +191,7 @@ load_rdr_rule() {
}
load_rdr_log_rule() {
local inet="${1}"
local if_name="${2}"
local if=ext_if=\"${2}\"
@@ -187,6 +202,7 @@ load_rdr_log_rule() {
local jail_port="${7}"
shift 7;
log=$@
# Create IPv4 rule with log
# shellcheck disable=SC2193
if { [ "${inet}" = "ipv4" ] || [ "${inet}" = "dual" ]; } then
@@ -198,6 +214,7 @@ load_rdr_log_rule() {
echo "IPv4 ${proto}/${host_port}:${jail_port} on ${if_name}"
fi
fi
# Create IPv6 rdr rule with log (if ip6.addr is enabled)
# shellcheck disable=SC2193
if [ -n "${JAIL_IP6}" ] && { [ "${inet}" = "ipv6" ] || [ "${inet}" = "dual" ]; } then
@@ -401,6 +418,4 @@ while [ "$#" -gt 0 ]; do
fi
;;
esac
done
echo
done

16
usr/local/share/bastille/rename.sh
View File

@@ -80,16 +80,18 @@ bastille_root_check
set_target_single "${TARGET}"
check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-stopping ${TARGET}..."
bastille stop "${TARGET}"
else
else
info "\n[${TARGET}]:"
error_notify "Jail is running."
error_exit "Use [-a|--auto] to auto-stop the jail."
fi
validate_name() {
local NAME_VERIFY="${NEWNAME}"
local NAME_SANITY="$(echo "${NAME_VERIFY}" | tr -c -d 'a-zA-Z0-9-_')"
if [ -n "$(echo "${NAME_SANITY}" | awk "/^[-_].*$/" )" ]; then
error_exit "Container names may not begin with (-|_) characters!"
elif [ "${NAME_VERIFY}" != "${NAME_SANITY}" ]; then
@@ -98,9 +100,11 @@ validate_name() {
}
update_jailconf() {
# Update jail.conf
local _jail_conf="${bastille_jailsdir}/${NEWNAME}/jail.conf"
local _rc_conf="${bastille_jailsdir}/${NEWNAME}/root/etc/rc.conf"
if [ -f "${_jail_conf}" ]; then
if ! grep -qw "path = ${bastille_jailsdir}/${NEWNAME}/root;" "${_jail_conf}"; then
sed -i '' "s|host.hostname.*=.*${TARGET};|host.hostname = ${NEWNAME};|" "${_jail_conf}"
@@ -166,8 +170,8 @@ update_jailconf_vnet() {
}
change_name() {
# Attempt container name change
info "Attempting to rename '${TARGET}' to ${NEWNAME}..."
if checkyesno bastille_zfs_enable; then
if [ -n "${bastille_zfs_zpool}" ] && [ -n "${bastille_zfs_prefix}" ]; then
# Check and rename container ZFS dataset accordingly
@@ -210,7 +214,7 @@ change_name() {
if [ "$?" -ne 0 ]; then
error_exit "An error has occurred while attempting to rename '${TARGET}'."
else
info "Renamed '${TARGET}' to '${NEWNAME}' successfully."
echo "Renamed '${TARGET}' to '${NEWNAME}' successfully."
if [ "${AUTO}" -eq 1 ]; then
bastille start "${NEWNAME}"
fi
@@ -227,6 +231,6 @@ if [ -d "${bastille_jailsdir}/${NEWNAME}" ]; then
error_exit "Jail: ${NEWNAME} already exists."
fi
change_name
info "\nAttempting to rename '${TARGET}' to ${NEWNAME}..."
echo
change_name

12
usr/local/share/bastille/service.sh
View File

@@ -49,7 +49,7 @@ EOF
AUTO=0
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
-h|--help|help)
usage
;;
-a|--auto)
@@ -87,19 +87,17 @@ bastille_root_check
set_target "${TARGET}"
for _jail in ${JAILS}; do
info "\n[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}"
else
else
info "\n[${_jail}]:"
error_notify "Jail is not running."
error_continue_next_jail "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"
jexec -l "${_jail}" /usr/sbin/service "$@"
done
echo

4
usr/local/share/bastille/start.sh
View File

@@ -190,6 +190,4 @@ for _jail in ${JAILS}; do
# Delay between jail action
sleep "${DELAY_TIME}"
done
echo
done

4
usr/local/share/bastille/stop.sh
View File

@@ -136,6 +136,4 @@ for _jail in ${JAILS}; do
done
fi
done
echo
done

10
usr/local/share/bastille/sysrc.sh
View File

@@ -88,16 +88,16 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do
info "\n[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}"
else
else
info "\n[${_jail}]:"
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"
jexec -l "${_jail}" /usr/sbin/sysrc "$@"
done
done

32
usr/local/share/bastille/template.sh
View File

@@ -131,13 +131,13 @@ line_in_file() {
AUTO=0
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
usage
;;
-a|--auto)
AUTO=1
shift
;;
-h|--help|help)
usage
;;
-a|--auto)
AUTO=1
shift
;;
-x|--debug)
enable_debug
shift
@@ -158,7 +158,7 @@ while [ "$#" -gt 0 ]; do
esac
done
if [ $# -lt 2 ]; then
if [ "$#" -lt 2 ]; then
usage
fi
@@ -270,17 +270,17 @@ fi
for _jail in ${JAILS}; do
info "\n[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}"
else
else
info "\n[${_jail}]:"
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"
info "Applying template: ${TEMPLATE}..."
echo "Applying template: ${TEMPLATE}..."
## get jail ip4 and ip6 values
bastille_jail_path=$(/usr/sbin/jls -j "${_jail}" path)
@@ -470,8 +470,6 @@ for _jail in ${JAILS}; do
fi
done
info "Template applied: ${TEMPLATE}"
echo "Template applied: ${TEMPLATE}"
done
echo
done

10
usr/local/share/bastille/top.sh
View File

@@ -85,16 +85,14 @@ TARGET="${1}"
bastille_root_check
set_target_single "${TARGET}"
info "\n[${TARGET}]:"
check_target_is_running "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${TARGET}..."
bastille start "${TARGET}"
else
else
info "\n[${TARGET}]:"
error_notify "Jail is not running."
error_exit "Use [-a|--auto] to auto-start the jail."
fi
jexec -l "${TARGET}" /usr/bin/top
info "\n[${TARGET}]:"
echo
jexec -l "${TARGET}" /usr/bin/top

10
usr/local/share/bastille/umount.sh
View File

@@ -88,17 +88,15 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do
info "\n[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}"
else
info "\n[${TARGET}]:"
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "[${_jail}]:"
info "\n[${_jail}]:"
_jailpath="$( echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" 2>/dev/null | sed 's#//#/#' | sed 's#\\##g')"
_mount="$( mount | grep -Eo "[[:blank:]]${_jailpath}[[:blank:]]" )"
@@ -129,6 +127,4 @@ for _jail in ${JAILS}; do
echo "Unmounted: ${_jailpath}"
done
echo
done

19
usr/local/share/bastille/update.sh
View File

@@ -107,15 +107,20 @@ arch_check() {
}
jail_check() {
# Check if the jail is thick and is running
set_target_single "${TARGET}"
check_target_is_running "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${TARGET}..."
bastille start "${TARGET}"
else
info "\n[${TARGET}]:"
error_notify "Jail is not running."
error_exit "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${TARGET}]:"
if grep -qw "${bastille_jailsdir}/${TARGET}/root/.bastille" "${bastille_jailsdir}/${TARGET}/fstab"; then
error_notify "${TARGET} is not a thick container."
error_exit "See 'bastille update RELEASE' to update thin jails."
@@ -123,10 +128,12 @@ jail_check() {
}
jail_update() {
local _jailname="${1}"
local _jailpath="${bastille_jailsdir}/${TARGET}/root"
local _freebsd_update_conf="${_jailpath}/etc/freebsd-update.conf"
local _workdir="${_jailpath}/var/db/freebsd-update"
# Update a thick container
if [ -d "${bastille_jailsdir}/${TARGET}" ]; then
CURRENT_VERSION=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null)
@@ -144,9 +151,11 @@ jail_update() {
}
release_update() {
local _releasepath="${bastille_releasesdir}/${TARGET}"
local _freebsd_update_conf="${_releasepath}/etc/freebsd-update.conf"
local _workdir="${_releasepath}/var/db/freebsd-update"
# Update a release base(affects child containers)
if [ -d "${_releasepath}" ]; then
TARGET_TRIM="${TARGET}"
@@ -171,8 +180,10 @@ release_update() {
}
template_update() {
# Update a template
_template_path=${bastille_templatesdir}/${BASTILLE_TEMPLATE}
if [ -d $_template_path ]; then
info "[${BASTILLE_TEMPLATE}]:"
git -C $_template_path pull ||\
@@ -185,6 +196,7 @@ template_update() {
}
templates_update() {
# Update all templates
_updated_templates=0
if [ -d ${bastille_templatesdir} ]; then
@@ -216,9 +228,6 @@ elif echo "${TARGET}" | grep -q "[0-9]\{2\}.[0-9]-RELEASE"; then
arch_check
release_update
else
info "\n[${TARGET}]:"
jail_check
jail_update "${TARGET}"
fi
echo
fi

28
usr/local/share/bastille/upgrade.sh
View File

@@ -104,35 +104,42 @@ if freebsd-version | grep -qi HBSD; then
fi
thick_jail_check() {
local _jail="${1}"
# Check if the jail is thick and is running
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}"
else
info "\n[${_jail}]:"
error_notify "Jail is not running."
error_exit "Use [-a|--auto] to auto-start the jail."
fi
}
thin_jail_check() {
local _jail="${1}"
# Check if the jail is thick and is running
check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-stopping ${_jail}..."
bastille stop "${_jail}"
else
info "\n[${_jail}]:"
error_notify "Jail is running."
error_exit "Use [-a|--auto] to auto-stop the jail."
fi
}
release_check() {
local _release="${1}"
# Validate the release
if ! echo "${_release}" | grep -q "[0-9]\{2\}.[0-9]-[RELEASE,BETA,RC]"; then
error_exit "${_release} is not a valid release."
fi
# Exit if NEWRELEASE doesn't exist
if [ "${THIN_JAIL}" -eq 1 ]; then
if [ ! -d "${bastille_releasesdir}/${_release}" ]; then
@@ -143,6 +150,7 @@ release_check() {
}
jail_upgrade() {
local _jailname="${1}"
if [ "${THIN_JAIL}" -eq 1 ]; then
local _oldrelease="$(bastille config ${_jailname} get osrelease)"
@@ -166,8 +174,8 @@ jail_upgrade() {
if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jailname}"
fi
info "Upgraded ${_jailname}: ${_oldrelease} -> ${_newrelease}"
info "See 'bastille etcupdate TARGET' to update /etc/rc.conf"
echo "Upgraded ${_jailname}: ${_oldrelease} -> ${_newrelease}"
echo "See 'bastille etcupdate TARGET' to update /etc/rc.conf"
else
# Upgrade a thick jail
env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron \
@@ -185,10 +193,12 @@ jail_upgrade() {
}
jail_updates_install() {
local _jailname="${1}"
local _jailpath="${bastille_jailsdir}/${_jailname}/root"
local _workdir="${_jailpath}/var/db/freebsd-update"
local _freebsd_update_conf="${_jailpath}/etc/freebsd-update.conf"
# Finish installing upgrade on a thick container
if [ -d "${bastille_jailsdir}/${_jailname}" ]; then
env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron \
@@ -197,7 +207,7 @@ jail_updates_install() {
-f "${_freebsd_update_conf}" \
install
else
error_exit "${TARGET} not found. See 'bastille bootstrap RELEASE'."
error_exit "${_jailname} not found. See 'bastille bootstrap RELEASE'."
fi
}
@@ -207,8 +217,6 @@ if grep -qw "${bastille_jailsdir}/${TARGET}/root/.bastille" "${bastille_jailsdir
THIN_JAIL=1
fi
info "\n[${TARGET}]:"
# Check what we should upgrade
if [ "${NEWRELEASE}" = "install" ]; then
if [ "${THIN_JAIL}" -eq 1 ]; then
@@ -216,6 +224,7 @@ if [ "${NEWRELEASE}" = "install" ]; then
else
thick_jail_check "${TARGET}"
fi
info "\n[${TARGET}]:"
jail_updates_install "${TARGET}"
else
release_check "${NEWRELEASE}"
@@ -224,7 +233,6 @@ else
else
thick_jail_check "${TARGET}"
fi
info "\n[${TARGET}]:"
jail_upgrade "${TARGET}" "${NEWRELEASE}"
fi
echo
fi

5
usr/local/share/bastille/verify.sh
View File

@@ -45,6 +45,7 @@ EOF
}
verify_release() {
if [ -f "/bin/midnightbsd-version" ]; then
echo -e "${COLOR_RED}Not yet supported on MidnightBSD.${COLOR_RESET}"
exit 1
@@ -61,6 +62,7 @@ verify_release() {
}
handle_template_include() {
case ${TEMPLATE_INCLUDE} in
http?://*/*/*)
bastille bootstrap "${TEMPLATE_INCLUDE}"
@@ -77,6 +79,7 @@ handle_template_include() {
}
verify_template() {
_template_path=${bastille_templatesdir}/${BASTILLE_TEMPLATE}
_hook_validate=0
@@ -199,5 +202,3 @@ case "${1}" in
usage
;;
esac
echo

4
usr/local/share/bastille/zfs.sh
View File

@@ -159,6 +159,4 @@ case "${ACTION}" in
*)
usage
;;
esac
echo
esac