From 824ffb2980e8e4a4d5ae1ff44c6159c0506c3f85 Mon Sep 17 00:00:00 2001 From: tschettervictor Date: Wed, 30 Apr 2025 18:49:14 -0600 Subject: [PATCH] Add \n to info _jail --- usr/local/share/bastille/cmd.sh | 21 +++-- usr/local/share/bastille/config.sh | 2 - usr/local/share/bastille/console.sh | 16 ++-- usr/local/share/bastille/convert.sh | 21 +++-- usr/local/share/bastille/cp.sh | 4 +- usr/local/share/bastille/destroy.sh | 29 ++++--- usr/local/share/bastille/etcupdate.sh | 33 +++++-- usr/local/share/bastille/export.sh | 19 ++--- usr/local/share/bastille/htop.sh | 10 +-- usr/local/share/bastille/import.sh | 118 +++++++++++++------------- usr/local/share/bastille/jcp.sh | 4 +- usr/local/share/bastille/limits.sh | 18 ++-- usr/local/share/bastille/mount.sh | 12 ++- usr/local/share/bastille/network.sh | 4 +- usr/local/share/bastille/pkg.sh | 10 +-- usr/local/share/bastille/rdr.sh | 21 ++++- usr/local/share/bastille/rename.sh | 16 ++-- usr/local/share/bastille/service.sh | 12 ++- usr/local/share/bastille/start.sh | 4 +- usr/local/share/bastille/stop.sh | 4 +- usr/local/share/bastille/sysrc.sh | 10 +-- usr/local/share/bastille/template.sh | 32 ++++--- usr/local/share/bastille/top.sh | 10 +-- usr/local/share/bastille/umount.sh | 10 +-- usr/local/share/bastille/update.sh | 19 +++-- usr/local/share/bastille/upgrade.sh | 28 +++--- usr/local/share/bastille/verify.sh | 5 +- usr/local/share/bastille/zfs.sh | 4 +- 28 files changed, 270 insertions(+), 226 deletions(-) diff --git a/usr/local/share/bastille/cmd.sh b/usr/local/share/bastille/cmd.sh index fc689ab5..ed010724 100644 --- a/usr/local/share/bastille/cmd.sh +++ b/usr/local/share/bastille/cmd.sh @@ -76,7 +76,7 @@ while [ "$#" -gt 0 ]; do esac done -if [ $# -eq 0 ]; then +if [ "$#" -eq 0 ]; then usage fi @@ -91,27 +91,32 @@ set_target "${TARGET}" for _jail in ${JAILS}; do - info "\n[${_jail}]:" - + # Validate jail state before continuing check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - echo "Auto-starting ${_jail}..." bastille start "${_jail}" else + info "\n[${_jail}]:" error_notify "Jail is not running." error_continue "Use [-a|--auto] to auto-start the jail." fi - + + info "\n[${_jail}]:" + COUNT=$(($COUNT+1)) + + # Allow executing commands on linux jails if grep -qw "linsysfs" "${bastille_jailsdir}/${_jail}/fstab"; then - # Allow executing commands on Linux jails. jexec -l -u root "${_jail}" "$@" else jexec -l -U root "${_jail}" "$@" fi + ERROR_CODE=$? + if [ "${ERROR_CODE}" -ne 0 ]; then warn "[${_jail}]: ${ERROR_CODE}" fi + if [ "$COUNT" -eq 1 ]; then RETURN=${ERROR_CODE} else @@ -124,6 +129,4 @@ done if [ "${COUNT}" -gt 1 ] && [ "${RETURN}" -gt 0 ]; then RETURN=1 return "${RETURN}" -fi - -echo +fi \ No newline at end of file diff --git a/usr/local/share/bastille/config.sh b/usr/local/share/bastille/config.sh index e46cc3ca..f46c6ff9 100644 --- a/usr/local/share/bastille/config.sh +++ b/usr/local/share/bastille/config.sh @@ -120,7 +120,6 @@ for _jail in ${JAILS}; do PROPERTY="priority" BASTILLE_PROPERTY=1 FILE="${bastille_jailsdir}/${_jail}/boot.conf" - info "[${_jail}]:" if [ "${ACTION}" = "set" ]; then if echo "${VALUE}" | grep -Eq '^[0-9]+$'; then sysrc -f "${FILE}" "${PROPERTY}=${VALUE}" @@ -133,7 +132,6 @@ for _jail in ${JAILS}; do elif [ "${PROPERTY}" = "boot" ]; then BASTILLE_PROPERTY=1 FILE="${bastille_jailsdir}/${_jail}/boot.conf" - info "[${_jail}]:" if [ "${ACTION}" = "set" ]; then if [ "${VALUE}" = "on" ] || [ "${VALUE}" = "off" ]; then sysrc -f "${FILE}" "${PROPERTY}=${VALUE}" diff --git a/usr/local/share/bastille/console.sh b/usr/local/share/bastille/console.sh index 45911e1b..5b9e5c1a 100644 --- a/usr/local/share/bastille/console.sh +++ b/usr/local/share/bastille/console.sh @@ -87,8 +87,10 @@ bastille_root_check set_target "${TARGET}" validate_user() { + local _jail="${1}" local _user="${2}" + if jexec -l "${_jail}" id "${_user}" >/dev/null 2>&1; then USER_SHELL="$(jexec -l "${_jail}" getent passwd "${_user}}" | cut -d: -f7)" if [ -n "${USER_SHELL}" ]; then @@ -106,7 +108,9 @@ validate_user() { } check_fib() { + local _jail="${1}" + fib=$(grep 'exec.fib' "${bastille_jailsdir}/${_jail}/jail.conf" | awk '{print $3}' | sed 's/\;//g') if [ -n "${fib}" ]; then _setfib="setfib -F ${fib}" @@ -114,19 +118,21 @@ check_fib() { _setfib="" fi } + for _jail in ${JAILS}; do - info "\n[${_jail}]:" - check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - echo "Auto-starting ${_jail}..." bastille start "${_jail}" else + info "\n[${_jail}]:" error_notify "Jail is not running." error_continue "Use [-a|--auto] to auto-start the jail." fi + + info "\n[${_jail}]:" LOGIN="$(jexec -l "${_jail}" which login)" + if [ -n "${USER}" ]; then validate_user "${_jail}" "${USER}" else @@ -135,6 +141,4 @@ for _jail in ${JAILS}; do ${_setfib} jexec -l "${_jail}" $LOGIN -f root fi -done - -echo \ No newline at end of file +done \ No newline at end of file diff --git a/usr/local/share/bastille/convert.sh b/usr/local/share/bastille/convert.sh index 60014b21..53ad80b2 100644 --- a/usr/local/share/bastille/convert.sh +++ b/usr/local/share/bastille/convert.sh @@ -82,24 +82,28 @@ CONVERT_RELEASE="${2}" bastille_root_check set_target_single "${TARGET}" -info "\n[${TARGET}]:" - +# Validate jail state before continuing check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then - echo "Auto-stopping ${TARGET}..." bastille stop "${TARGET}" -else +else + info "\n[${TARGET}]:" error_notify "Jail is running." error_exit "Use [-a|--auto] to auto-stop the jail." fi +info "\n[${TARGET}]:" + validate_release_name() { + local _name=${1} local _sanity="$(echo "${_name}" | tr -c -d 'a-zA-Z0-9-_')" + if [ -n "$(echo "${_sanity}" | awk "/^[-_].*$/" )" ]; then error_exit "Release names may not begin with (-|_) characters!" elif [ "${_name}" != "${_sanity}" ]; then error_exit "Release names may not contain special characters!" fi + } convert_jail_to_release() { @@ -150,12 +154,13 @@ convert_jail_to_release() { bastille destroy -af "${NAME}" error_exit "Failed to create release. Please retry!" else - info "Created ${_release} from ${_jailname}" + info "Created ${_release} from ${_jailname}\n" fi fi } convert_symlinks() { + # Work with the symlinks, revert on first cp error if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then # Retrieve old symlinks temporarily @@ -235,7 +240,7 @@ start_convert() { fi mv "${bastille_jailsdir}/${TARGET}/root/.bastille" "${bastille_jailsdir}/${TARGET}/root/.bastille.old" - info "Conversion of '${TARGET}' completed successfully!" + info "Conversion of '${TARGET}' completed successfully!\n" exit 0 else error_exit "Can't determine release version. See 'bastille bootstrap'." @@ -248,12 +253,14 @@ start_convert() { # Convert thin jail to thick jail if only one arg # Convert jail to release if two args if [ "$#" -eq 1 ]; then + # Check if jail is a thin jail if [ ! -d "${bastille_jailsdir}/${TARGET}/root/.bastille" ]; then error_exit "${TARGET} is not a thin container." elif ! grep -qw ".bastille" "${bastille_jailsdir}/${TARGET}/fstab"; then error_exit "${TARGET} is not a thin container." fi + # Make sure the user agree with the conversion # Be interactive here since this cannot be easily undone while :; do @@ -278,5 +285,3 @@ elif [ "$#" -eq 2 ]; then else usage fi - -echo diff --git a/usr/local/share/bastille/cp.sh b/usr/local/share/bastille/cp.sh index edbdba18..3e87d447 100644 --- a/usr/local/share/bastille/cp.sh +++ b/usr/local/share/bastille/cp.sh @@ -98,6 +98,4 @@ for _jail in ${JAILS}; do error_continue "CP failed: ${host_path} -> ${jail_path}" fi -done - -echo \ No newline at end of file +done \ No newline at end of file diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index 97f53fcb..ff8d3ef3 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -53,27 +53,32 @@ destroy_jail() { for _jail in ${JAILS}; do - info "[${_jail}]:" - bastille_jail_base="${bastille_jailsdir}/${_jail}" bastille_jail_log="${bastille_logsdir}/${_jail}_console.log" + # Validate jail state before continuing check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - echo "Auto-stopping ${_jail}..." bastille stop "${_jail}" else + info "\n[${_jail}]:" error_notify "Jail is running." error_continue "Use [-a|--auto] to auto-stop the jail." fi + info "\n[${_jail}]:" + if [ -d "${bastille_jail_base}" ]; then + # Make sure no filesystem is currently mounted mount_points="$(mount | cut -d ' ' -f 3 | grep ${bastille_jail_base}/root/)" + if [ -n "${mount_points}" ]; then error_notify "Failed to destroy jail: ${_jail}" - error_continue_next_jail "Jail has mounted filesystems:\n$mount_points" + error_continue "Jail has mounted filesystems:\n$mount_points" fi - info "Deleting Jail: ${_jail}." + + echo "Destroying jail..." + if checkyesno bastille_zfs_enable; then if [ -n "${bastille_zfs_zpool}" ]; then if [ -n "${_jail}" ]; then @@ -85,7 +90,7 @@ destroy_jail() { # This will deal with the common "cannot unmount 'XYZ': pool or dataset is busy" # unless the force option is defined by the user, otherwise will have a partially deleted jail. if ! zfs destroy "${OPTIONS}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"; then - error_continue_next_jail "[ERROR]: Jail dataset(s) appears to be busy, exiting." + error_continue "[ERROR]: Jail dataset(s) appears to be busy, exiting." fi fi fi @@ -102,13 +107,13 @@ destroy_jail() { # Archive jail log if [ -f "${bastille_jail_log}" ]; then mv "${bastille_jail_log}" "${bastille_jail_log}"-"$(date +%F)" - info "Note: jail console logs archived." - info "${bastille_jail_log}-$(date +%F)" + echo "Note: jail console logs archived." + echo "${bastille_jail_log}-$(date +%F)" fi # Clear any active rdr rules if [ ! -z "$(pfctl -a "rdr/${_jail}" -Psn 2>/dev/null)" ]; then - info "Clearing RDR rules:" + echo "Clearing RDR rules..." pfctl -a "rdr/${_jail}" -Fn fi fi @@ -129,6 +134,8 @@ destroy_rel() { bastille_rel_base="${bastille_releasesdir}/${TARGET}" ## dir + info "\nAttempting to destroy release: ${TARGET}" + ## check if this release have containers child BASE_HASCHILD="0" if [ -d "${bastille_jailsdir}" ]; then @@ -162,7 +169,7 @@ destroy_rel() { error_exit "Release base not found." else if [ "${BASE_HASCHILD}" -eq "0" ]; then - info "Deleting base: ${TARGET}" + echo "Deleting base..." if checkyesno bastille_zfs_enable; then if [ -n "${bastille_zfs_zpool}" ]; then if [ -n "${TARGET}" ]; then @@ -304,5 +311,3 @@ case "${TARGET}" in destroy_jail "${JAILS}" ;; esac - -echo diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index 493af33f..b224da69 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -44,8 +44,10 @@ EOF } bootstrap_etc_release() { + local _release="${1}" local _current="$(sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives | awk -F': ' '{print $2}')" + if [ -z "$(ls -A "${bastille_releasesdir}/${_release}/usr/src")" ]; then sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives=src if ! bastille bootstrap "${_release}" > /dev/null; then @@ -58,13 +60,15 @@ bootstrap_etc_release() { } bootstrap_etc_tarball() { + local _release="${1}" + if [ ! -f ${bastille_cachedir}/${_release}.tbz2 ]; then - echo "\nBuilding tarball, please wait..." + echo "Building tarball, please wait..." if ! etcupdate build -d /tmp/etcupdate -s ${bastille_releasesdir}/${_release}/usr/src ${bastille_cachedir}/${_release}.tbz2; then error_exit "Failed to build etcupdate tarball \"${_release}.tbz2\"" else - info "\nEtcupdate bootstrap complete: ${_release}" + info "Etcupdate bootstrap complete: ${_release}" fi elif [ -f ${bastille_cachedir}/${_release}.tbz2 ] && [ "${FORCE}" -eq 1 ]; then rm -f "${bastille_cachedir}/${_release}.tbz2" @@ -72,42 +76,50 @@ bootstrap_etc_tarball() { if ! etcupdate build -d /tmp/etcupdate -s ${bastille_releasesdir}/${_release}/usr/src ${bastille_cachedir}/${_release}.tbz2; then error_exit "[ERROR]: Failed to build etcupdate tarball: ${_release}.tbz2" else - info "\nEtcupdate bootstrap complete: ${_release}" + info "Etcupdate bootstrap complete: ${_release}" fi else - info "\nEtcupdate release has already been prepared for application: ${_release}" + info "Etcupdate release has already been prepared for application: ${_release}" fi } diff_review() { + local _jail="${1}" + if [ "${DRY_RUN}" -eq 1 ]; then error_exit "[ERROR]: diff mode does not support [-d|--dryrun]" fi - info "\n[${_jail}]: etcupdate --diff mode" + + echo "Running: etcupdate --diff mode" etcupdate diff -D "${bastille_jailsdir}/${_jail}/root" } resolve_conflicts() { + local _jail="${1}" + if [ "${DRY_RUN}" -eq 1 ]; then error_exit "[ERROR]: resolve mode does not support [-d|--dryrun]" fi - info "\n[${_jail}]: etcupdate resolve" + + echo "Running: etcupdate resolve" etcupdate resolve -D "${bastille_jailsdir}/${_jail}/root" } update_jail_etc() { + local _jail="${1}" local _release="${2}" + if [ ! -f ${bastille_cachedir}/${_release}.tbz2 ]; then error_exit "Error: Please run \"bastille etcupdate bootstrap RELEASE\" first." fi if [ "${DRY_RUN}" -eq 1 ]; then - info "\n[${_jail}]: etcupdate update --dry-run" + echo "Running: etcupdate update --dry-run" etcupdate -n -D "${bastille_jailsdir}/${_jail}/root" -t ${bastille_cachedir}/${_release}.tbz2 else - info "\n[${_jail}]: etcupdate update" + echo "Running: etcupdate update" etcupdate -D "${bastille_jailsdir}/${_jail}/root" -t ${bastille_cachedir}/${_release}.tbz2 fi } @@ -161,6 +173,7 @@ while [ "$#" -gt 0 ]; do usage else RELEASE="${2}" + info "Attempting to bootstrap etcupdate release: ${RELEASE}..." bootstrap_etc_release "${RELEASE}" bootstrap_etc_tarball "${RELEASE}" shift "$#" @@ -170,7 +183,11 @@ while [ "$#" -gt 0 ]; do TARGET="${1}" ACTION="${2}" RELEASE="${3}" + set_target_single "${TARGET}" + + info "\n[${TARGET}]:" + case "${ACTION}" in diff) diff_review "${TARGET}" diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index 4a6ab0c3..6026de06 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -194,6 +194,8 @@ fi bastille_root_check set_target_single "${TARGET}" +info "\n[${_jail}]:" + # Validate for combined options if [ "${COMP_OPTION}" -gt "1" ]; then error_exit "Error: Only one compression format can be used during export." @@ -277,7 +279,7 @@ export_check() { EXPORT_INFO="to a compressed ${FILE_EXT} ${EXPORT_TYPE}" fi - info "${EXPORT_AS} '${TARGET}' ${EXPORT_INFO}..." + echo "${EXPORT_AS} '${TARGET}' ${EXPORT_INFO}..." fi # Safely stop and snapshot the jail @@ -291,15 +293,13 @@ export_check() { if checkyesno bastille_zfs_enable; then if [ -z "${USER_EXPORT}" ]; then - info "Sending ZFS data stream..." + echo "Sending ZFS data stream..." fi fi } jail_export() { - info "\n[${_jail}]:" - # Attempt to export the container DATE=$(date +%F-%H%M%S) if checkyesno bastille_zfs_enable; then @@ -345,13 +345,13 @@ jail_export() { FILE_EXT=".tgz" # Create standard tgz backup archive - info "Exporting '${TARGET}' to a compressed ${FILE_EXT} archive..." + echo "Exporting '${TARGET}' to a compressed ${FILE_EXT} archive..." cd "${bastille_jailsdir}" && tar -cf - "${TARGET}" | gzip ${bastille_compress_gz_options} > "${bastille_backupsdir}/${TARGET}_${DATE}${FILE_EXT}" elif [ -n "${TXZ_EXPORT}" ]; then FILE_EXT=".txz" # Create standard txz backup archive - info "Exporting '${TARGET}' to a compressed ${FILE_EXT} archive..." + echo "Exporting '${TARGET}' to a compressed ${FILE_EXT} archive..." cd "${bastille_jailsdir}" && tar -cf - "${TARGET}" | xz ${bastille_compress_xz_options} > "${bastille_backupsdir}/${TARGET}_${DATE}${FILE_EXT}" else error_exit "Error: export option required" @@ -366,7 +366,7 @@ jail_export() { # Generate container checksum file cd "${bastille_backupsdir}" || error_exit "Failed to change directory." sha256 -q "${TARGET}_${DATE}${FILE_EXT}" > "${TARGET}_${DATE}.sha256" - info "Exported '${bastille_backupsdir}/${TARGET}_${DATE}${FILE_EXT}' successfully." + echo "Exported '${bastille_backupsdir}/${TARGET}_${DATE}${FILE_EXT}' successfully." fi exit 0 fi @@ -378,6 +378,7 @@ if [ ! -d "${bastille_backupsdir}" ]; then fi if [ -n "${TARGET}" ]; then + if [ ! -d "${bastille_jailsdir}/${TARGET}" ]; then error_exit "[${TARGET}]: Not found." fi @@ -390,6 +391,4 @@ if [ -n "${TARGET}" ]; then fi fi jail_export -fi - -echo \ No newline at end of file +fi \ No newline at end of file diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index bc62d902..748f270c 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -85,16 +85,16 @@ TARGET="${1}" bastille_root_check set_target_single "${TARGET}" -info "[${TARGET}]:" - check_target_is_running "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then - echo "Auto-starting ${TARGET}..." bastille start "${TARGET}" -else +else + info "\n[${TARGET}]:" error_notify "Jail is not running." - error_continue_next_jail "Use [-a|--auto] to auto-start the jail." + error_continue "Use [-a|--auto] to auto-start the jail." fi +info "\n[${TARGET}]:" + if [ ! -x "${bastille_jailsdir}/${TARGET}/root/usr/local/bin/htop" ]; then error_notify "htop not found on ${TARGET}." elif [ -x "${bastille_jailsdir}/${TARGET}/root/usr/local/bin/htop" ]; then diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index c3c2d94d..90a290dd 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -117,13 +117,13 @@ validate_archive() { # Skip validation for unsupported archive if [ -f "${bastille_backupsdir}/${TARGET}" ]; then if [ -f "${bastille_backupsdir}/${FILE_TRIM}.sha256" ]; then - info "Validating file: ${TARGET}..." + echo "Validating file: ${TARGET}..." SHA256_DIST=$(cat "${bastille_backupsdir}/${FILE_TRIM}.sha256") SHA256_FILE=$(sha256 -q "${bastille_backupsdir}/${TARGET}") if [ "${SHA256_FILE}" != "${SHA256_DIST}" ]; then error_exit "Failed validation for ${TARGET}." else - info "File validation successful!" + echo "File validation successful!" fi else # Check if user opt to force import @@ -141,7 +141,7 @@ update_zfsmount() { OLD_ZFS_MOUNTPOINT=$(zfs get -H mountpoint "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}/root" | awk '{print $3}') NEW_ZFS_MOUNTPOINT="${bastille_jailsdir}/${TARGET_TRIM}/root" if [ "${NEW_ZFS_MOUNTPOINT}" != "${OLD_ZFS_MOUNTPOINT}" ]; then - info "Updating ZFS mountpoint..." + echo "Updating ZFS mountpoint..." zfs set mountpoint="${bastille_jailsdir}/${TARGET_TRIM}/root" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}/root" fi @@ -159,7 +159,7 @@ update_jailconf() { JAIL_CONFIG="${bastille_jailsdir}/${TARGET_TRIM}/jail.conf" if [ -f "${JAIL_CONFIG}" ]; then if ! grep -qw "path = ${bastille_jailsdir}/${TARGET_TRIM}/root;" "${JAIL_CONFIG}"; then - info "Updating jail.conf..." + echo "Updating jail.conf..." sed -i '' "s|exec.consolelog.*=.*;|exec.consolelog = ${bastille_logsdir}/${TARGET_TRIM}_console.log;|" "${JAIL_CONFIG}" sed -i '' "s|path.*=.*;|path = ${bastille_jailsdir}/${TARGET_TRIM}/root;|" "${JAIL_CONFIG}" sed -i '' "s|mount.fstab.*=.*;|mount.fstab = ${bastille_jailsdir}/${TARGET_TRIM}/fstab;|" "${JAIL_CONFIG}" @@ -182,7 +182,7 @@ update_fstab_import() { if [ -n "${FSTAB_CURRENT}" ] && [ -n "${FSTAB_NEWCONF}" ]; then # If both variables are set, compare and update as needed if ! grep -qw "${bastille_releasesdir}/${FSTAB_RELEASE}.*${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille" "${FSTAB_CONFIG}"; then - info "Updating fstab..." + echo "Updating fstab..." if [ -n "${RELEASE}" ]; then FSTAB_NEWCONF="${RELEASE}" fi @@ -194,7 +194,7 @@ update_fstab_import() { generate_config() { # Attempt to read previous config file and set required variables accordingly # If we can't get a valid interface, fallback to lo1 and warn user - info "Generating jail.conf..." + echo "Generating jail.conf..." DEVFS_RULESET=4 if [ "${FILE_EXT}" = ".zip" ]; then @@ -241,43 +241,43 @@ generate_config() { else # If there are multiple IP/NIC let the user configure network IP4_DEFINITION="" - IP6_DEFINITION="" + IP6_DEFINITION="" IP6_MODE="disable" - # IP4 set, but not IP6 + # IP4 set, but not IP6 if [ -n "${IP4_CONFIG}" ] && [ -z "${IP6_CONFIG}" ]; then if ! echo "${IP4_CONFIG}" | grep -q '.*,.*'; then IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g') if [ -z "${IP4_IF}" ]; then config_netif - IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};" + IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};" IP6_MODE="disable" else IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};" - IP6_MODE="disable" - fi + IP6_MODE="disable" + fi else IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g') if [ -z "${IP4_IF}" ]; then config_netif - IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};" + IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};" IP6_MODE="disable" else IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};" - IP6_MODE="disable" - fi + IP6_MODE="disable" + fi fi - # IP6 set, but not IP4 + # IP6 set, but not IP4 elif [ -z "${IP4_CONFIG}" ] && [ -z "${IP6_CONFIG}" ]; then if ! echo "${IP6_CONFIG}" | grep -q '.*,.*'; then IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g') if [ -z "${IP6_IF}" ]; then config_netif - IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};" + IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};" IP6_MODE="new" else IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};" - IP6_MODE="new" - fi + IP6_MODE="new" + fi else IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g') if [ -z "${IP6_IF}" ]; then @@ -286,48 +286,48 @@ generate_config() { IP6_MODE="new" else IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};" - IP6_MODE="new" - fi + IP6_MODE="new" + fi fi # IP4 and IP6 both set - elif [ -n "${IP4_CONFIG}" ] && [ -n "${IP6_CONFIG}" ]; then + elif [ -n "${IP4_CONFIG}" ] && [ -n "${IP6_CONFIG}" ]; then if ! echo "${IP4_CONFIG}" | grep -q '.*,.*'; then IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g') if [ -z "${IP4_IF}" ]; then config_netif - IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};" + IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};" else IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};" - fi + fi else IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g') if [ -z "${IP4_IF}" ]; then config_netif - IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};" + IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};" else IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};" - fi + fi fi if ! echo "${IP6_CONFIG}" | grep -q '.*,.*'; then IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g') if [ -z "${IP6_IF}" ]; then config_netif - IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};" + IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};" IP6_MODE="new" else IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};" - IP6_MODE="new" - fi + IP6_MODE="new" + fi else IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g') if [ -z "${IP6_IF}" ]; then config_netif - IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};" + IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};" IP6_MODE="new" - else - IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};" + else + IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};" IP6_MODE="new" - fi + fi fi # ezjail import elif [ -n "${IPVX_CONFIG}" ]; then @@ -335,14 +335,14 @@ generate_config() { NETIF_CONFIG=$(echo "${IPVX_CONFIG}" | grep '.*|' | sed 's/|.*//g') if [ -z "${NETIF_CONFIG}" ]; then config_netif - IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IPVX_CONFIG};" + IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IPVX_CONFIG};" IP6_MODE="disable" else IP4_DEFINITION="ip4.addr = ${IPVX_CONFIG};" - IP6_MODE="disable" - fi + IP6_MODE="disable" + fi if echo "${IPVX_CONFIG}" | sed 's/.*|//' | grep -Eq '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$))'; then - IP4_DEFINITION="" + IP4_DEFINITION="" IP6_DEFINITION="ip6.addr = ${IPVX_CONFIG};" IP6_MODE="new" fi @@ -405,6 +405,7 @@ EOF } update_config() { + # Update an existing jail configuration # The config on select archives does not provide a clear way to determine # the base release, so lets try to get it from the base/COPYRIGHT file, @@ -414,11 +415,13 @@ update_config() { else CONFIG_RELEASE="${RELEASE}" fi + if [ -z "${CONFIG_RELEASE}" ]; then # Fallback to host version CONFIG_RELEASE=$(freebsd-version | sed 's/\-[pP].*//') warn "Warning: ${CONFIG_RELEASE} was set by default!" fi + mkdir "${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille" echo "${bastille_releasesdir}/${CONFIG_RELEASE} ${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille nullfs ro 0 0" \ >> "${bastille_jailsdir}/${TARGET_TRIM}/fstab" @@ -483,7 +486,7 @@ update_symlinks() { fi # Update old symlinks - info "Updating symlinks..." + echo "Updating symlinks..." for _link in ${SYMLINKS}; do if [ -L "${_link}" ]; then ln -sf /.bastille/${_link} ${_link} @@ -500,8 +503,8 @@ update_symlinks() { create_zfs_datasets() { # Prepare the ZFS environment and restore from file - info "Importing '${TARGET_TRIM}' from foreign compressed ${FILE_EXT} archive." - info "Preparing ZFS environment..." + echo "Importing '${TARGET_TRIM}' from foreign compressed ${FILE_EXT} archive." + echo "Preparing ZFS environment..." # Create required ZFS datasets, mountpoint inherited from system zfs create ${bastille_zfs_options} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}" @@ -525,8 +528,8 @@ jail_import() { if [ "${FILE_EXT}" = ".xz" ]; then validate_archive # Import from compressed xz on ZFS systems - info "Importing '${TARGET_TRIM}' from compressed ${FILE_EXT} image." - info "Receiving ZFS data stream..." + echo "Importing '${TARGET_TRIM}' from compressed ${FILE_EXT} image." + echo "Receiving ZFS data stream..." xz ${bastille_decompress_xz_options} "${bastille_backupsdir}/${TARGET}" | \ zfs receive ${OPT_ZRECV} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}" @@ -535,8 +538,8 @@ jail_import() { elif [ "${FILE_EXT}" = ".gz" ]; then validate_archive # Import from compressed xz on ZFS systems - info "Importing '${TARGET_TRIM}' from compressed ${FILE_EXT} image." - info "Receiving ZFS data stream..." + echo "Importing '${TARGET_TRIM}' from compressed ${FILE_EXT} image." + echo "Receiving ZFS data stream..." gzip ${bastille_decompress_gz_options} "${bastille_backupsdir}/${TARGET}" | \ zfs receive ${OPT_ZRECV} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}" @@ -549,7 +552,7 @@ jail_import() { create_zfs_datasets # Extract required files to the new datasets - info "Extracting files from '${TARGET}' archive..." + echo "Extracting files from '${TARGET}' archive..." tar --exclude='root' -Jxf "${bastille_backupsdir}/${TARGET}" --strip-components 1 -C "${bastille_jailsdir}/${TARGET_TRIM}" tar -Jxf "${bastille_backupsdir}/${TARGET}" --strip-components 2 -C "${bastille_jailsdir}/${TARGET_TRIM}/root" "${TARGET_TRIM}/root" if [ "$?" -ne 0 ]; then @@ -561,7 +564,7 @@ jail_import() { create_zfs_datasets # Extract required files to the new datasets - info "Extracting files from '${TARGET}' archive..." + echo "Extracting files from '${TARGET}' archive..." tar --exclude='root' -xf "${bastille_backupsdir}/${TARGET}" --strip-components 1 -C "${bastille_jailsdir}/${TARGET_TRIM}" tar -xf "${bastille_backupsdir}/${TARGET}" --strip-components 2 -C "${bastille_jailsdir}/${TARGET_TRIM}/root" "${TARGET_TRIM}/root" if [ "$?" -ne 0 ]; then @@ -570,7 +573,7 @@ jail_import() { elif [ "${FILE_EXT}" = ".zip" ]; then validate_archive # Attempt to import a foreign/iocage container - info "Importing '${TARGET_TRIM}' from foreign compressed ${FILE_EXT} archive." + echo "Importing '${TARGET_TRIM}' from foreign compressed ${FILE_EXT} archive." # Sane bastille ZFS options ZFS_OPTIONS=$(echo ${bastille_zfs_options} | sed 's/-o//g') @@ -580,7 +583,7 @@ jail_import() { error_exit "Failed to extract files from '${TARGET}' archive." rm -f "${FILE_TRIM}" "${FILE_TRIM}_root" fi - info "Receiving ZFS data stream..." + echo "Receiving ZFS data stream..." zfs receive ${OPT_ZRECV} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}" < "${FILE_TRIM}" zfs set ${ZFS_OPTIONS} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}" zfs receive ${OPT_ZRECV} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}/root" < "${FILE_TRIM}_root" @@ -604,7 +607,7 @@ jail_import() { create_zfs_datasets # Extract required files to the new datasets - info "Extracting files from '${TARGET}' archive..." + echo "Extracting files from '${TARGET}' archive..." tar --exclude='ezjail/' -xf "${bastille_backupsdir}/${TARGET}" -C "${bastille_jailsdir}/${TARGET_TRIM}" tar -xf "${bastille_backupsdir}/${TARGET}" --strip-components 1 -C "${bastille_jailsdir}/${TARGET_TRIM}/root" if [ "$?" -ne 0 ]; then @@ -619,7 +622,7 @@ jail_import() { workout_components # Extract required files to the new datasets - info "Extracting files from '${TARGET}' archive..." + echo "Extracting files from '${TARGET}' archive..." tar -xf "${bastille_backupsdir}/${TARGET}" --strip-components "${CONF_TRIM}" -C "${bastille_jailsdir}/${TARGET_TRIM}" "${JAIL_CONF}" tar -xf "${bastille_backupsdir}/${TARGET}" --strip-components "${DIRS_PLUS}" -C "${bastille_jailsdir}/${TARGET_TRIM}/root" "${JAIL_PATH}" if [ -f "${bastille_jailsdir}/${TARGET_TRIM}/${TARGET_TRIM}" ]; then @@ -636,8 +639,8 @@ jail_import() { validate_archive # Based on the file name, looks like we are importing a raw bastille image # Import from uncompressed image file - info "Importing '${TARGET_TRIM}' from uncompressed image archive." - info "Receiving ZFS data stream..." + echo "Importing '${TARGET_TRIM}' from uncompressed image archive." + echo "Receiving ZFS data stream..." zfs receive ${OPT_ZRECV} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}" < "${bastille_backupsdir}/${TARGET}" # Update ZFS mountpoint property if required @@ -659,21 +662,21 @@ jail_import() { else # Import from standard supported archives on UFS systems if [ "${FILE_EXT}" = ".txz" ]; then - info "Extracting files from '${TARGET}' archive..." + echo "Extracting files from '${TARGET}' archive..." tar -Jxf "${bastille_backupsdir}/${TARGET}" -C "${bastille_jailsdir}" elif [ "${FILE_EXT}" = ".tgz" ]; then - info "Extracting files from '${TARGET}' archive..." + echo "Extracting files from '${TARGET}' archive..." tar -xf "${bastille_backupsdir}/${TARGET}" -C "${bastille_jailsdir}" elif [ "${FILE_EXT}" = ".tar.gz" ]; then # Attempt to import/configure foreign/ezjail container - info "Extracting files from '${TARGET}' archive..." + echo "Extracting files from '${TARGET}' archive..." mkdir "${bastille_jailsdir}/${TARGET_TRIM}" tar -xf "${bastille_backupsdir}/${TARGET}" -C "${bastille_jailsdir}/${TARGET_TRIM}" mv "${bastille_jailsdir}/${TARGET_TRIM}/ezjail" "${bastille_jailsdir}/${TARGET_TRIM}/root" generate_config elif [ "${FILE_EXT}" = ".tar" ]; then # Attempt to import/configure foreign/qjail container - info "Extracting files from '${TARGET}' archive..." + echo "Extracting files from '${TARGET}' archive..." mkdir -p "${bastille_jailsdir}/${TARGET_TRIM}/root" workout_components tar -xf "${bastille_backupsdir}/${TARGET}" --strip-components "${CONF_TRIM}" -C "${bastille_jailsdir}/${TARGET_TRIM}" "${JAIL_CONF}" @@ -695,7 +698,7 @@ jail_import() { update_jailconf update_fstab_import if [ -z "${USER_IMPORT}" ]; then - info "Container '${TARGET_TRIM}' imported successfully." + echo "Container '${TARGET_TRIM}' imported successfully." fi exit 0 fi @@ -746,7 +749,6 @@ elif [ -n "${TARGET_TRIM}" ]; then fi if [ -n "${TARGET}" ]; then + info "\nAttempting to import jail: ${TARGET}..." jail_import fi - -echo diff --git a/usr/local/share/bastille/jcp.sh b/usr/local/share/bastille/jcp.sh index 3e1789dd..82624d5f 100644 --- a/usr/local/share/bastille/jcp.sh +++ b/usr/local/share/bastille/jcp.sh @@ -105,6 +105,4 @@ for _jail in ${DEST_TARGET}; do fi fi -done - -echo \ No newline at end of file +done \ No newline at end of file diff --git a/usr/local/share/bastille/limits.sh b/usr/local/share/bastille/limits.sh index 39aaa323..d8fbb0a3 100644 --- a/usr/local/share/bastille/limits.sh +++ b/usr/local/share/bastille/limits.sh @@ -51,9 +51,9 @@ EOF AUTO=0 while [ "$#" -gt 0 ]; do case "${1}" in - -h|--help|help) - usage - ;; + -h|--help|help) + usage + ;; -a|--auto) AUTO=1 shift @@ -103,16 +103,15 @@ set_target "${TARGET}" for _jail in ${JAILS}; do - info "\n[${_jail}]:" - check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - echo "Auto-starting ${_jail}..." bastille start "${_jail}" else - info "[${_jail}]:" + info "\n[${_jail}]:" error_notify "Jail is not running." error_continue "Use [-a|--auto] to auto-start the jail." fi + + info "\n[${_jail}]:" case "${ACTION}" in add) @@ -190,7 +189,4 @@ for _jail in ${JAILS}; do fi ;; esac - -done - -echo +done \ No newline at end of file diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index ab6d41ed..9d58fc57 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -143,16 +143,16 @@ fi for _jail in ${JAILS}; do - info "\n[${_jail}]:" - check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - echo "Auto-starting ${_jail}..." bastille start "${_jail}" else + info "\n[${_jail}]:" error_notify "Jail is not running." error_continue "Use [-a|--auto] to auto-start the jail." fi - + + info "\n[${_jail}]:" + _fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}" 2>/dev/null | sed 's#//#/#' )" _fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}" 2>/dev/null | sed 's#//#/#' )" _fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}" @@ -199,7 +199,5 @@ for _jail in ${JAILS}; do echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab" || error_continue "Failed to create fstab entry: ${_fstab_entry}" mount -F "${bastille_jailsdir}/${_jail}/fstab" -a || error_continue "Failed to mount volume: ${_fullpath}" echo "Added: ${_fstab_entry}" - -done -echo \ No newline at end of file +done \ No newline at end of file diff --git a/usr/local/share/bastille/network.sh b/usr/local/share/bastille/network.sh index 411e8d75..6816c206 100644 --- a/usr/local/share/bastille/network.sh +++ b/usr/local/share/bastille/network.sh @@ -167,9 +167,9 @@ bastille_root_check set_target_single "${TARGET}" check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then - echo "Auto-stopping ${TARGET}..." bastille stop "${TARGET}" -else +else + info "\n[${_jail}]:" error_notify "Jail is running." error_exit "Use [-a|--auto] to auto-stop the jail." fi diff --git a/usr/local/share/bastille/pkg.sh b/usr/local/share/bastille/pkg.sh index 7c0f8980..a5b8cd14 100644 --- a/usr/local/share/bastille/pkg.sh +++ b/usr/local/share/bastille/pkg.sh @@ -97,17 +97,19 @@ errors=0 for _jail in ${JAILS}; do - info "\n[${_jail}]:" - check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then echo "Auto-starting ${_jail}..." bastille start "${_jail}" - else + else + info "\n[${_jail}]:" error_notify "Jail is not running." error_continue_next_jail "Use [-a|--auto] to auto-start the jail." fi + info "\n[${_jail}]:" + bastille_jail_path="${bastille_jailsdir}/${_jail}/root" + if [ -f "/usr/sbin/mport" ]; then if ! jexec -l -U root "${_jail}" /usr/sbin/mport "$@"; then errors=1 @@ -131,5 +133,3 @@ done if [ $errors -ne 0 ]; then error_exit "Failed to apply on some jails, please check logs" fi - -echo diff --git a/usr/local/share/bastille/rdr.sh b/usr/local/share/bastille/rdr.sh index 670b0870..9bfb348b 100644 --- a/usr/local/share/bastille/rdr.sh +++ b/usr/local/share/bastille/rdr.sh @@ -49,10 +49,13 @@ EOF } check_jail_validity() { + # Validate jail network type and set IP4/6 if [ "$( bastille config ${TARGET} get vnet )" != 'enabled' ]; then + _ip4_interfaces="$(bastille config ${TARGET} get ip4.addr | sed 's/,/ /g')" _ip6_interfaces="$(bastille config ${TARGET} get ip6.addr | sed 's/,/ /g')" + # Check if jail ip4.addr is valid (non-VNET only) if [ "${_ip4_interfaces}" != "not set" ] && [ "${_ip4_interfaces}" != "disable" ]; then if echo "${_ip4_interfaces}" | grep -q "|"; then @@ -61,6 +64,7 @@ check_jail_validity() { JAIL_IP="$(echo ${_ip4_interfaces} | sed -E 's#/[0-9]+$##g')" fi fi + # Check if jail ip6.addr is valid (non-VNET only) if [ "${_ip6_interfaces}" != "not set" ] && [ "${_ip6_interfaces}" != "disable" ]; then if echo "${_ip6_interfaces}" | grep -q "|"; then @@ -80,8 +84,10 @@ check_jail_validity() { } check_rdr_ip_validity() { + local ip="${1}" local ip6="$( echo "${ip}" | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$)|SLAAC)' )" + if [ -n "${ip6}" ]; then info "Valid: (${ip6})." else @@ -103,12 +109,14 @@ check_rdr_ip_validity() { } validate_rdr_rule() { + local if="${1}" local src="${2}" local dst="${3}" local proto="${4}" local host_port="${5}" local jail_port="${6}" + if grep -qs "$if $src $dst $proto $host_port $jail_port" "${bastille_jailsdir}/${TARGET}/rdr.conf"; then error_notify "Error: Ports already in use on this interface." error_exit "See 'bastille list ports' or 'bastille rdr TARGET reset'." @@ -116,6 +124,7 @@ validate_rdr_rule() { } persist_rdr_rule() { + local inet="${1}" local if="${2}" local src="${3}" @@ -123,12 +132,14 @@ persist_rdr_rule() { local proto="${5}" local host_port="${6}" local jail_port="${7}" + if ! grep -qs "$inet $if $src $dst $proto $host_port $jail_port" "${bastille_jailsdir}/${TARGET}/rdr.conf"; then echo "$inet $if $src $dst $proto $host_port $jail_port" >> "${bastille_jailsdir}/${TARGET}/rdr.conf" fi } persist_rdr_log_rule() { + local inet="${1}" local if="${2}" local src="${3}" @@ -138,12 +149,14 @@ persist_rdr_log_rule() { local jail_port="${7}" shift 7; log=$@; + if ! grep -qs "$inet $if $src $dst $proto $host_port $jail_port $log" "${bastille_jailsdir}/${TARGET}/rdr.conf"; then echo "$inet $if $src $dst $proto $host_port $jail_port $log" >> "${bastille_jailsdir}/${TARGET}/rdr.conf" fi } load_rdr_rule() { + local inet="${1}" local if_name="${2}" local if=ext_if=\"${2}\" @@ -152,6 +165,7 @@ load_rdr_rule() { local proto="${5}" local host_port="${6}" local jail_port="${7}" + # Create IPv4 rdr rule # shellcheck disable=SC2193 if { [ "${inet}" = "ipv4" ] || [ "${inet}" = "dual" ]; } then @@ -177,6 +191,7 @@ load_rdr_rule() { } load_rdr_log_rule() { + local inet="${1}" local if_name="${2}" local if=ext_if=\"${2}\" @@ -187,6 +202,7 @@ load_rdr_log_rule() { local jail_port="${7}" shift 7; log=$@ + # Create IPv4 rule with log # shellcheck disable=SC2193 if { [ "${inet}" = "ipv4" ] || [ "${inet}" = "dual" ]; } then @@ -198,6 +214,7 @@ load_rdr_log_rule() { echo "IPv4 ${proto}/${host_port}:${jail_port} on ${if_name}" fi fi + # Create IPv6 rdr rule with log (if ip6.addr is enabled) # shellcheck disable=SC2193 if [ -n "${JAIL_IP6}" ] && { [ "${inet}" = "ipv6" ] || [ "${inet}" = "dual" ]; } then @@ -401,6 +418,4 @@ while [ "$#" -gt 0 ]; do fi ;; esac -done - -echo +done \ No newline at end of file diff --git a/usr/local/share/bastille/rename.sh b/usr/local/share/bastille/rename.sh index d28914df..c62fc5fc 100644 --- a/usr/local/share/bastille/rename.sh +++ b/usr/local/share/bastille/rename.sh @@ -80,16 +80,18 @@ bastille_root_check set_target_single "${TARGET}" check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then - echo "Auto-stopping ${TARGET}..." bastille stop "${TARGET}" -else +else + info "\n[${TARGET}]:" error_notify "Jail is running." error_exit "Use [-a|--auto] to auto-stop the jail." fi validate_name() { + local NAME_VERIFY="${NEWNAME}" local NAME_SANITY="$(echo "${NAME_VERIFY}" | tr -c -d 'a-zA-Z0-9-_')" + if [ -n "$(echo "${NAME_SANITY}" | awk "/^[-_].*$/" )" ]; then error_exit "Container names may not begin with (-|_) characters!" elif [ "${NAME_VERIFY}" != "${NAME_SANITY}" ]; then @@ -98,9 +100,11 @@ validate_name() { } update_jailconf() { + # Update jail.conf local _jail_conf="${bastille_jailsdir}/${NEWNAME}/jail.conf" local _rc_conf="${bastille_jailsdir}/${NEWNAME}/root/etc/rc.conf" + if [ -f "${_jail_conf}" ]; then if ! grep -qw "path = ${bastille_jailsdir}/${NEWNAME}/root;" "${_jail_conf}"; then sed -i '' "s|host.hostname.*=.*${TARGET};|host.hostname = ${NEWNAME};|" "${_jail_conf}" @@ -166,8 +170,8 @@ update_jailconf_vnet() { } change_name() { + # Attempt container name change - info "Attempting to rename '${TARGET}' to ${NEWNAME}..." if checkyesno bastille_zfs_enable; then if [ -n "${bastille_zfs_zpool}" ] && [ -n "${bastille_zfs_prefix}" ]; then # Check and rename container ZFS dataset accordingly @@ -210,7 +214,7 @@ change_name() { if [ "$?" -ne 0 ]; then error_exit "An error has occurred while attempting to rename '${TARGET}'." else - info "Renamed '${TARGET}' to '${NEWNAME}' successfully." + echo "Renamed '${TARGET}' to '${NEWNAME}' successfully." if [ "${AUTO}" -eq 1 ]; then bastille start "${NEWNAME}" fi @@ -227,6 +231,6 @@ if [ -d "${bastille_jailsdir}/${NEWNAME}" ]; then error_exit "Jail: ${NEWNAME} already exists." fi -change_name +info "\nAttempting to rename '${TARGET}' to ${NEWNAME}..." -echo \ No newline at end of file +change_name \ No newline at end of file diff --git a/usr/local/share/bastille/service.sh b/usr/local/share/bastille/service.sh index 3002d7c0..94bf70a9 100644 --- a/usr/local/share/bastille/service.sh +++ b/usr/local/share/bastille/service.sh @@ -49,7 +49,7 @@ EOF AUTO=0 while [ "$#" -gt 0 ]; do case "${1}" in - -h|--help|help) + -h|--help|help) usage ;; -a|--auto) @@ -87,19 +87,17 @@ bastille_root_check set_target "${TARGET}" for _jail in ${JAILS}; do - - info "\n[${_jail}]:" check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - echo "Auto-starting ${_jail}..." bastille start "${_jail}" - else + else + info "\n[${_jail}]:" error_notify "Jail is not running." error_continue_next_jail "Use [-a|--auto] to auto-start the jail." fi + + info "\n[${_jail}]:" jexec -l "${_jail}" /usr/sbin/service "$@" done - -echo diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index 2d534969..a7877934 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -190,6 +190,4 @@ for _jail in ${JAILS}; do # Delay between jail action sleep "${DELAY_TIME}" -done - -echo +done \ No newline at end of file diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index bee06b58..35b92d8b 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -136,6 +136,4 @@ for _jail in ${JAILS}; do done fi -done - -echo \ No newline at end of file +done \ No newline at end of file diff --git a/usr/local/share/bastille/sysrc.sh b/usr/local/share/bastille/sysrc.sh index aa4df26d..e19f868b 100644 --- a/usr/local/share/bastille/sysrc.sh +++ b/usr/local/share/bastille/sysrc.sh @@ -88,16 +88,16 @@ set_target "${TARGET}" for _jail in ${JAILS}; do - info "\n[${_jail}]:" - check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - echo "Auto-starting ${_jail}..." bastille start "${_jail}" - else + else + info "\n[${_jail}]:" error_notify "Jail is not running." error_continue "Use [-a|--auto] to auto-start the jail." fi + + info "\n[${_jail}]:" jexec -l "${_jail}" /usr/sbin/sysrc "$@" -done +done \ No newline at end of file diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index 51eca57e..214d5be1 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -131,13 +131,13 @@ line_in_file() { AUTO=0 while [ "$#" -gt 0 ]; do case "${1}" in - -h|--help|help) - usage - ;; - -a|--auto) - AUTO=1 - shift - ;; + -h|--help|help) + usage + ;; + -a|--auto) + AUTO=1 + shift + ;; -x|--debug) enable_debug shift @@ -158,7 +158,7 @@ while [ "$#" -gt 0 ]; do esac done -if [ $# -lt 2 ]; then +if [ "$#" -lt 2 ]; then usage fi @@ -270,17 +270,17 @@ fi for _jail in ${JAILS}; do - info "\n[${_jail}]:" - check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - echo "Auto-starting ${_jail}..." bastille start "${_jail}" - else + else + info "\n[${_jail}]:" error_notify "Jail is not running." error_continue "Use [-a|--auto] to auto-start the jail." fi + + info "\n[${_jail}]:" - info "Applying template: ${TEMPLATE}..." + echo "Applying template: ${TEMPLATE}..." ## get jail ip4 and ip6 values bastille_jail_path=$(/usr/sbin/jls -j "${_jail}" path) @@ -470,8 +470,6 @@ for _jail in ${JAILS}; do fi done - info "Template applied: ${TEMPLATE}" + echo "Template applied: ${TEMPLATE}" -done - -echo \ No newline at end of file +done \ No newline at end of file diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index 20afe19f..625ef173 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -85,16 +85,14 @@ TARGET="${1}" bastille_root_check set_target_single "${TARGET}" -info "\n[${TARGET}]:" - check_target_is_running "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then - echo "Auto-starting ${TARGET}..." bastille start "${TARGET}" -else +else + info "\n[${TARGET}]:" error_notify "Jail is not running." error_exit "Use [-a|--auto] to auto-start the jail." fi -jexec -l "${TARGET}" /usr/bin/top +info "\n[${TARGET}]:" -echo +jexec -l "${TARGET}" /usr/bin/top \ No newline at end of file diff --git a/usr/local/share/bastille/umount.sh b/usr/local/share/bastille/umount.sh index 43d4512c..c78762eb 100644 --- a/usr/local/share/bastille/umount.sh +++ b/usr/local/share/bastille/umount.sh @@ -88,17 +88,15 @@ set_target "${TARGET}" for _jail in ${JAILS}; do - info "\n[${_jail}]:" - check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - echo "Auto-starting ${_jail}..." bastille start "${_jail}" else + info "\n[${TARGET}]:" error_notify "Jail is not running." error_continue "Use [-a|--auto] to auto-start the jail." fi - info "[${_jail}]:" + info "\n[${_jail}]:" _jailpath="$( echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" 2>/dev/null | sed 's#//#/#' | sed 's#\\##g')" _mount="$( mount | grep -Eo "[[:blank:]]${_jailpath}[[:blank:]]" )" @@ -129,6 +127,4 @@ for _jail in ${JAILS}; do echo "Unmounted: ${_jailpath}" -done - -echo \ No newline at end of file +done \ No newline at end of file diff --git a/usr/local/share/bastille/update.sh b/usr/local/share/bastille/update.sh index 85ded66c..a9e230dc 100644 --- a/usr/local/share/bastille/update.sh +++ b/usr/local/share/bastille/update.sh @@ -107,15 +107,20 @@ arch_check() { } jail_check() { + # Check if the jail is thick and is running set_target_single "${TARGET}" + check_target_is_running "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then - echo "Auto-starting ${TARGET}..." bastille start "${TARGET}" else + info "\n[${TARGET}]:" error_notify "Jail is not running." error_exit "Use [-a|--auto] to auto-start the jail." fi + + info "\n[${TARGET}]:" + if grep -qw "${bastille_jailsdir}/${TARGET}/root/.bastille" "${bastille_jailsdir}/${TARGET}/fstab"; then error_notify "${TARGET} is not a thick container." error_exit "See 'bastille update RELEASE' to update thin jails." @@ -123,10 +128,12 @@ jail_check() { } jail_update() { + local _jailname="${1}" local _jailpath="${bastille_jailsdir}/${TARGET}/root" local _freebsd_update_conf="${_jailpath}/etc/freebsd-update.conf" local _workdir="${_jailpath}/var/db/freebsd-update" + # Update a thick container if [ -d "${bastille_jailsdir}/${TARGET}" ]; then CURRENT_VERSION=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null) @@ -144,9 +151,11 @@ jail_update() { } release_update() { + local _releasepath="${bastille_releasesdir}/${TARGET}" local _freebsd_update_conf="${_releasepath}/etc/freebsd-update.conf" local _workdir="${_releasepath}/var/db/freebsd-update" + # Update a release base(affects child containers) if [ -d "${_releasepath}" ]; then TARGET_TRIM="${TARGET}" @@ -171,8 +180,10 @@ release_update() { } template_update() { + # Update a template _template_path=${bastille_templatesdir}/${BASTILLE_TEMPLATE} + if [ -d $_template_path ]; then info "[${BASTILLE_TEMPLATE}]:" git -C $_template_path pull ||\ @@ -185,6 +196,7 @@ template_update() { } templates_update() { + # Update all templates _updated_templates=0 if [ -d ${bastille_templatesdir} ]; then @@ -216,9 +228,6 @@ elif echo "${TARGET}" | grep -q "[0-9]\{2\}.[0-9]-RELEASE"; then arch_check release_update else - info "\n[${TARGET}]:" jail_check jail_update "${TARGET}" -fi - -echo \ No newline at end of file +fi \ No newline at end of file diff --git a/usr/local/share/bastille/upgrade.sh b/usr/local/share/bastille/upgrade.sh index 3edaf8cb..d484e9c5 100644 --- a/usr/local/share/bastille/upgrade.sh +++ b/usr/local/share/bastille/upgrade.sh @@ -104,35 +104,42 @@ if freebsd-version | grep -qi HBSD; then fi thick_jail_check() { + local _jail="${1}" + # Check if the jail is thick and is running check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - echo "Auto-starting ${_jail}..." bastille start "${_jail}" else + info "\n[${_jail}]:" error_notify "Jail is not running." error_exit "Use [-a|--auto] to auto-start the jail." fi } thin_jail_check() { + local _jail="${1}" + # Check if the jail is thick and is running check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - echo "Auto-stopping ${_jail}..." bastille stop "${_jail}" else + info "\n[${_jail}]:" error_notify "Jail is running." error_exit "Use [-a|--auto] to auto-stop the jail." fi } release_check() { + local _release="${1}" + # Validate the release if ! echo "${_release}" | grep -q "[0-9]\{2\}.[0-9]-[RELEASE,BETA,RC]"; then error_exit "${_release} is not a valid release." fi + # Exit if NEWRELEASE doesn't exist if [ "${THIN_JAIL}" -eq 1 ]; then if [ ! -d "${bastille_releasesdir}/${_release}" ]; then @@ -143,6 +150,7 @@ release_check() { } jail_upgrade() { + local _jailname="${1}" if [ "${THIN_JAIL}" -eq 1 ]; then local _oldrelease="$(bastille config ${_jailname} get osrelease)" @@ -166,8 +174,8 @@ jail_upgrade() { if [ "${AUTO}" -eq 1 ]; then bastille start "${_jailname}" fi - info "Upgraded ${_jailname}: ${_oldrelease} -> ${_newrelease}" - info "See 'bastille etcupdate TARGET' to update /etc/rc.conf" + echo "Upgraded ${_jailname}: ${_oldrelease} -> ${_newrelease}" + echo "See 'bastille etcupdate TARGET' to update /etc/rc.conf" else # Upgrade a thick jail env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron \ @@ -185,10 +193,12 @@ jail_upgrade() { } jail_updates_install() { + local _jailname="${1}" local _jailpath="${bastille_jailsdir}/${_jailname}/root" local _workdir="${_jailpath}/var/db/freebsd-update" local _freebsd_update_conf="${_jailpath}/etc/freebsd-update.conf" + # Finish installing upgrade on a thick container if [ -d "${bastille_jailsdir}/${_jailname}" ]; then env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron \ @@ -197,7 +207,7 @@ jail_updates_install() { -f "${_freebsd_update_conf}" \ install else - error_exit "${TARGET} not found. See 'bastille bootstrap RELEASE'." + error_exit "${_jailname} not found. See 'bastille bootstrap RELEASE'." fi } @@ -207,8 +217,6 @@ if grep -qw "${bastille_jailsdir}/${TARGET}/root/.bastille" "${bastille_jailsdir THIN_JAIL=1 fi -info "\n[${TARGET}]:" - # Check what we should upgrade if [ "${NEWRELEASE}" = "install" ]; then if [ "${THIN_JAIL}" -eq 1 ]; then @@ -216,6 +224,7 @@ if [ "${NEWRELEASE}" = "install" ]; then else thick_jail_check "${TARGET}" fi + info "\n[${TARGET}]:" jail_updates_install "${TARGET}" else release_check "${NEWRELEASE}" @@ -224,7 +233,6 @@ else else thick_jail_check "${TARGET}" fi + info "\n[${TARGET}]:" jail_upgrade "${TARGET}" "${NEWRELEASE}" -fi - -echo \ No newline at end of file +fi \ No newline at end of file diff --git a/usr/local/share/bastille/verify.sh b/usr/local/share/bastille/verify.sh index 13342cb1..36dde162 100644 --- a/usr/local/share/bastille/verify.sh +++ b/usr/local/share/bastille/verify.sh @@ -45,6 +45,7 @@ EOF } verify_release() { + if [ -f "/bin/midnightbsd-version" ]; then echo -e "${COLOR_RED}Not yet supported on MidnightBSD.${COLOR_RESET}" exit 1 @@ -61,6 +62,7 @@ verify_release() { } handle_template_include() { + case ${TEMPLATE_INCLUDE} in http?://*/*/*) bastille bootstrap "${TEMPLATE_INCLUDE}" @@ -77,6 +79,7 @@ handle_template_include() { } verify_template() { + _template_path=${bastille_templatesdir}/${BASTILLE_TEMPLATE} _hook_validate=0 @@ -199,5 +202,3 @@ case "${1}" in usage ;; esac - -echo diff --git a/usr/local/share/bastille/zfs.sh b/usr/local/share/bastille/zfs.sh index 37cd8f0b..9c139e39 100644 --- a/usr/local/share/bastille/zfs.sh +++ b/usr/local/share/bastille/zfs.sh @@ -159,6 +159,4 @@ case "${ACTION}" in *) usage ;; -esac - -echo \ No newline at end of file +esac \ No newline at end of file