Improvements for Linux releases and code maintenance

2025-12-25 05:53:21 +01:00 · 2021-08-06 19:44:25 -04:00
parent 9d3cb5f5e3
commit 9967a56e64
3 changed files with 96 additions and 66 deletions
--- a/usr/local/share/bastille/bootstrap.sh
+++ b/usr/local/share/bastille/bootstrap.sh
@@ -304,6 +304,81 @@ bootstrap_release() {
    echo
 }

+debootstrap_release() {
+
+    #check and install OS dependencies @hackacad
+    #ToDo: add function 'linux_pre' for sysrc etc.
+    if [ ! "$(sysrc -f /boot/loader.conf -n linprocfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n linsysfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n tmpfs_load)" = "YES" ]; then
+        warn "linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you?  (N|y)"
+        read  answer
+        case $answer in
+            [Nn][Oo]|[Nn]|"")
+                error_exit "Exiting."
+                ;;
+            [Yy][Ee][Ss]|[Yy])
+                info "Loading modules"
+                kldload linux linux64 linprocfs linsysfs tmpfs
+                info "Persisting modules"
+                sysrc linux_enable=YES
+                sysrc -f /boot/loader.conf linprocfs_load=YES
+                sysrc -f /boot/loader.conf linsysfs_load=YES
+                sysrc -f /boot/loader.conf tmpfs_load=YES
+                ;;
+        esac
+    fi
+
+    if ! which -s debootstrap; then
+        warn "Debootstrap not found. Should it be installed? (N|y)"
+        read  answer
+        case $answer in
+            [Nn][Oo]|[Nn]|"")
+                error_exit "Exiting. You need to install debootstap before boostrapping a Linux jail."
+                ;;
+            [Yy][Ee][Ss]|[Yy])
+                pkg install -y debootstrap
+                ;;
+        esac
+    fi
+
+    # Create subsequent Linux releases datasets
+    if [ ! -d "${bastille_releasesdir}/${DIR_BOOTSTRAP}" ]; then
+        if [ "${bastille_zfs_enable}" = "YES" ]; then
+            if [ -n "${bastille_zfs_zpool}" ]; then
+                zfs create ${bastille_zfs_options} -o mountpoint="${bastille_releasesdir}/${DIR_BOOTSTRAP}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${DIR_BOOTSTRAP}"
+            fi
+       else
+           mkdir -p "${bastille_releasesdir}/${DIR_BOOTSTRAP}"
+       fi
+    fi
+
+    # Fetch the Linux flavor
+    info "Bootstrapping ${PLATFORM_OS} distfiles..."
+    if ! debootstrap --foreign --arch=${ARCH_BOOTSTRAP} --no-check-gpg ${UBUNTU_FLAVOR} "${bastille_releasesdir}"/${DIR_BOOTSTRAP}; then
+        ## perform cleanup only for stale/empty directories on failure
+        if [ "${bastille_zfs_enable}" = "YES" ]; then
+            if [ -n "${bastille_zfs_zpool}" ]; then
+                if [ ! "$(ls -A "${bastille_releasesdir}/${DIR_BOOTSTRAP}")" ]; then
+                    zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${DIR_BOOTSTRAP}"
+                fi
+            fi
+        fi
+        if [ -d "${bastille_releasesdir}/${DIR_BOOTSTRAP}" ]; then
+            if [ ! "$(ls -A "${bastille_releasesdir}/${DIR_BOOTSTRAP}")" ]; then
+                rm -rf "${bastille_releasesdir:?}/${DIR_BOOTSTRAP}"
+            fi
+        fi
+        error_exit "Bootstrap failed."
+    fi
+
+    if [ "${UBUNTU_FLAVOR}" = "bionic" ]; then
+        echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/${DIR_BOOTSTRAP}/etc/apt/apt.conf.d/00aptitude
+    fi
+
+    info "Bootstrap successful."
+    info "See 'bastille --help' for available commands."
+    echo
+}
+
 bootstrap_template() {

    ## ${bastille_templatesdir}
@@ -341,43 +416,6 @@ bootstrap_template() {
    bastille verify "${_user}/${_repo}"
 }

-check_linux_prerequisites() {
-    #check and install OS dependencies @hackacad
-    if [ ! "$(sysrc -f /boot/loader.conf -n linprocfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n linsysfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n tmpfs_load)" = "YES" ]; then
-        warn "linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you?  (N|y)"
-        read  answer
-        case $answer in
-            [Nn][Oo]|[Nn]|"")
-                error_exit "Exiting."
-                ;;
-            [Yy][Ee][Ss]|[Yy])
-                info "Loading modules"
-                kldload linux linux64 linprocfs linsysfs tmpfs
-                info "Persisting modules"
-                sysrc linux_enable=YES
-                sysrc -f /boot/loader.conf linprocfs_load=YES
-                sysrc -f /boot/loader.conf linsysfs_load=YES
-                sysrc -f /boot/loader.conf tmpfs_load=YES
-                ;;
-        esac
-    fi
-}
-
-ensure_debootstrap() {
-    if ! which -s debootstrap; then
-        warn "Debootstrap not found. Should it be installed? (N|y)"
-        read  answer
-        case $answer in
-            [Nn][Oo]|[Nn]|"")
-                error_exit "Exiting. You need to install debootstap before boostrapping a Linux jail."
-                ;;
-            [Yy][Ee][Ss]|[Yy])
-                pkg install -y debootstrap
-                ;;
-        esac
-    fi
-}
-
 HW_MACHINE=$(sysctl hw.machine | awk '{ print $2 }')
 HW_MACHINE_ARCH=$(sysctl hw.machine_arch | awk '{ print $2 }')
 RELEASE="${1}"
@@ -468,37 +506,24 @@ http?://*/*/*)
    ;;
 #adding Ubuntu Bionic as valid "RELEASE" for POC @hackacad
 ubuntu_bionic|bionic|ubuntu-bionic)
-    check_linux_prerequisites
-    ensure_debootstrap
-    debootstrap --foreign --arch=amd64 --no-check-gpg bionic "${bastille_releasesdir}"/Ubuntu_1804
-    echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/Ubuntu_1804/etc/apt/apt.conf.d/00aptitude
+    PLATFORM_OS="Ubuntu/Linux"
+    UBUNTU_FLAVOR="bionic"
+    DIR_BOOTSTRAP="Ubuntu_1804"
+    ARCH_BOOTSTRAP="amd64"
+    debootstrap_release
    ;;
 ubuntu_focal|focal|ubuntu-focal)
-    check_linux_prerequisites
-    ensure_debootstrap
-    debootstrap --foreign --arch=amd64 --no-check-gpg focal "${bastille_releasesdir}"/Ubuntu_2004
-    ;;
-debian_stretch|stretch|debian-stretch)
-    check_linux_prerequisites
-    ensure_debootstrap
-    debootstrap --foreign --arch=amd64 --no-check-gpg stretch "${bastille_releasesdir}"/Debian9
-    echo "Increasing APT::Cache-Start"
-    echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/Debian9/etc/apt/apt.conf.d/00aptitude
-    ;;
-debian_buster|buster|debian-buster)
-    check_linux_prerequisites
-    ensure_debootstrap
-    debootstrap --foreign --arch=amd64 --no-check-gpg buster "${bastille_releasesdir}"/Debian10
-    echo "Increasing APT::Cache-Start"
-    echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/Debian10/etc/apt/apt.conf.d/00aptitude
+    PLATFORM_OS="Ubuntu/Linux"
+    UBUNTU_FLAVOR="focal"
+    DIR_BOOTSTRAP="Ubuntu_2004"
+    ARCH_BOOTSTRAP="amd64"
+    debootstrap_release
    ;;
 *)
    usage
    ;;
 esac

-
-
 case "${OPTION}" in
 update)
    bastille update "${RELEASE}"
--- a/usr/local/share/bastille/destroy.sh
+++ b/usr/local/share/bastille/destroy.sh
@@ -207,27 +207,32 @@ case "${TARGET}" in
    ;;
 *-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST)
    ## check for HardenedBSD releases name
-    NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})(-stable-last)$' | sed 's/STABLE/stable/g' | sed 's/last/LAST/g')
+    NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})(-stable-last)$' | sed 's/STABLE/stable/;s/last/LAST/g')
    destroy_rel
    ;;
 *-stable-build-[0-9]*|*-STABLE-BUILD-[0-9]*)
    ## check for HardenedBSD(specific stable build releases)
-    NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '([0-9]{1,2})(-stable-build)-([0-9]{1,3})$' | sed 's/BUILD/build/g' | sed 's/STABLE/stable/g')
+    NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '([0-9]{1,2})(-stable-build)-([0-9]{1,3})$' | sed 's/BUILD/build/;s/STABLE/stable/g')
    destroy_rel
    ;;
 *-stable-build-latest|*-stable-BUILD-LATEST|*-STABLE-BUILD-LATEST)
    ## check for HardenedBSD(latest stable build release)
-    NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g')
+    NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/;s/build/BUILD/;s/latest/LATEST/g')
    destroy_rel
    ;;
 current-build-[0-9]*|CURRENT-BUILD-[0-9]*)
    ## check for HardenedBSD(specific current build releases)
-    NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(current-build)-([0-9]{1,3})' | sed 's/BUILD/build/g' | sed 's/CURRENT/current/g')
+    NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(current-build)-([0-9]{1,3})' | sed 's/BUILD/build/;s/CURRENT/current/g')
    destroy_rel
    ;;
 current-build-latest|current-BUILD-LATEST|CURRENT-BUILD-LATEST)
    ## check for HardenedBSD(latest current build release)
-    NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(current-build-latest)$' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g')
+    NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(current-build-latest)$' | sed 's/CURRENT/current/;s/build/BUILD/;s/latest/LATEST/g')
+    destroy_rel
+    ;;
+Ubuntu_1804|Ubuntu_2004|UBUNTU_1804|UBUNTU_2004)
+     ## check for Linux releases
+    NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(Ubuntu_1804)$|(Ubuntu_2004)$' | sed 's/UBUNTU/Ubuntu/;s/ubuntu/Ubuntu/g')
    destroy_rel
    ;;
 *)
--- a/usr/local/share/bastille/list.sh
+++ b/usr/local/share/bastille/list.sh
@@ -132,7 +132,7 @@ if [ $# -gt 0 ]; then
        if [ -d "${bastille_releasesdir}" ]; then
            REL_LIST=$(ls "${bastille_releasesdir}" | sed "s/\n//g")
            for _REL in ${REL_LIST}; do
-                if [ -f "${bastille_releasesdir}/${_REL}/root/.profile" ]; then
+                if [ -f "${bastille_releasesdir}/${_REL}/root/.profile" -o -d "${bastille_releasesdir}/${_REL}/debootstrap" ]; then
                    echo "${_REL}"
                fi
            done