diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index a8219f65..0a349944 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -258,18 +258,53 @@ bootstrap_release() { for _archive in ${bastille_bootstrap_archives}; do ## check if the dist files already exists then extract + FETCH_VALIDATION="0" if [ -f "${bastille_cachedir}/${RELEASE}/${_archive}.txz" ]; then echo -e "${COLOR_GREEN}Extracting FreeBSD ${RELEASE} ${_archive}.txz.${COLOR_RESET}" /usr/bin/tar -C "${bastille_releasesdir}/${RELEASE}" -xf "${bastille_cachedir}/${RELEASE}/${_archive}.txz" + if [ $? -ne 0 ]; then + echo -e "${COLOR_RED}Failed to extract ${_archive}.txz.${COLOR_RESET}" + exit 1 + fi else ## get the manifest for dist files checksum validation if [ ! -f "${bastille_cachedir}/${RELEASE}/MANIFEST" ]; then - fetch ${UPSTREAM_URL}/MANIFEST -o ${bastille_cachedir}/${RELEASE}/MANIFEST + fetch ${UPSTREAM_URL}/MANIFEST -o ${bastille_cachedir}/${RELEASE}/MANIFEST || FETCH_VALIDATION="1" fi + if [ "${FETCH_VALIDATION}" -ne "0" ]; then + ## perform cleanup only for stale/empty directories on failure + if [ "${bastille_zfs_enable}" = "YES" ]; then + if [ ! -z "${bastille_zfs_zpool}" ]; then + if [ ! "$(ls -A ${bastille_cachedir}/${RELEASE})" ]; then + zfs destroy ${bastille_zfs_zpool}/${bastille_zfs_prefix}/cache/${RELEASE} + fi + if [ ! "$(ls -A ${bastille_releasesdir}/${RELEASE})" ]; then + zfs destroy ${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE} + fi + fi + fi + if [ -d "${bastille_cachedir}/${RELEASE}" ]; then + if [ ! "$(ls -A ${bastille_cachedir}/${RELEASE})" ]; then + rm -rf ${bastille_cachedir}/${RELEASE} + fi + fi + if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then + if [ ! "$(ls -A ${bastille_releasesdir}/${RELEASE})" ]; then + rm -rf ${bastille_releasesdir}/${RELEASE} + fi + fi + echo -e "${COLOR_RED}Bootstrap failed.${COLOR_RESET}" + exit 1 + fi + ## fetch for missing dist files if [ ! -f "${bastille_cachedir}/${RELEASE}/${_archive}.txz" ]; then fetch ${UPSTREAM_URL}/${_archive}.txz -o ${bastille_cachedir}/${RELEASE}/${_archive}.txz + if [ $? -ne 0 ]; then + ## alert only if unable to fetch additional dist files + echo -e "${COLOR_RED}Failed to fetch ${_archive}.txz.${COLOR_RESET}" + fi fi ## compare checksums on the fetched dist files @@ -287,6 +322,10 @@ bootstrap_release() { if [ -f "${bastille_cachedir}/${RELEASE}/${_archive}.txz" ]; then echo -e "${COLOR_GREEN}Extracting FreeBSD ${RELEASE} ${_archive}.txz.${COLOR_RESET}" /usr/bin/tar -C "${bastille_releasesdir}/${RELEASE}" -xf "${bastille_cachedir}/${RELEASE}/${_archive}.txz" + if [ $? -ne 0 ]; then + echo -e "${COLOR_RED}Failed to extract ${_archive}.txz.${COLOR_RESET}" + exit 1 + fi fi fi done @@ -373,56 +412,33 @@ bootstrap_template() { HW_MACHINE=$(sysctl hw.machine | awk '{ print $2 }') HW_MACHINE_ARCH=$(sysctl hw.machine_arch | awk '{ print $2 }') +RELEASE="${1}" -# Filter sane release names +## Filter sane release names case "${1}" in -11.2-RELEASE) - RELEASE="${1}" - UPSTREAM_URL="http://ftp.freebsd.org/pub/FreeBSD/releases/${HW_MACHINE}/${HW_MACHINE_ARCH}/11.2-RELEASE" +*-RELEASE|*-release|*-RC1|*-rc1|*-RC2|*-rc2) +## check for FreeBSD releases name +NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2])$' | tr '[:lower:]' '[:upper:]') +if [ -n "${NAME_VERIFY}" ]; then + RELEASE="${NAME_VERIFY}" + UPSTREAM_URL="http://ftp.freebsd.org/pub/FreeBSD/releases/${HW_MACHINE}/${HW_MACHINE_ARCH}/${RELEASE}" bootstrap_directories bootstrap_release +else + usage +fi ;; -11.3-RELEASE) - RELEASE="${1}" - UPSTREAM_URL="http://ftp.freebsd.org/pub/FreeBSD/releases/${HW_MACHINE}/${HW_MACHINE_ARCH}/11.3-RELEASE" - bootstrap_directories - bootstrap_release - ;; -12.0-RELEASE) - RELEASE="${1}" - UPSTREAM_URL="http://ftp.freebsd.org/pub/FreeBSD/releases/${HW_MACHINE}/${HW_MACHINE_ARCH}/12.0-RELEASE" - bootstrap_directories - bootstrap_release - ;; -12.1-RC1) - RELEASE="${1}" - UPSTREAM_URL="http://ftp.freebsd.org/pub/FreeBSD/releases/${HW_MACHINE}/${HW_MACHINE_ARCH}/12.1-RC1" - bootstrap_directories - bootstrap_release - ;; -12.1-RC2) - RELEASE="${1}" - UPSTREAM_URL="http://ftp.freebsd.org/pub/FreeBSD/releases/${HW_MACHINE}/${HW_MACHINE_ARCH}/12.1-RC2" - bootstrap_directories - bootstrap_release - ;; -12.1-RELEASE) - RELEASE="${1}" - UPSTREAM_URL="http://ftp.freebsd.org/pub/FreeBSD/releases/${HW_MACHINE}/${HW_MACHINE_ARCH}/12.1-RELEASE" - bootstrap_directories - bootstrap_release - ;; -11-stable-LAST) - RELEASE="${1}" - UPSTREAM_URL="https://installer.hardenedbsd.org/pub/HardenedBSD/releases/${HW_MACHINE}/${HW_MACHINE_ARCH}/hardenedbsd-11-stable-LAST" - bootstrap_directories - bootstrap_release - ;; -12-stable-LAST) - RELEASE="${1}" - UPSTREAM_URL="https://installer.hardenedbsd.org/pub/HardenedBSD/releases/${HW_MACHINE}/${HW_MACHINE_ARCH}/hardenedbsd-12-stable-LAST" +*-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST) +## check for HardenedBSD releases name +NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})(-stable-LAST|-STABLE-last|-stable-last|-STABLE-LAST)$' | sed 's/STABLE/stable/g' | sed 's/last/LAST/g') +if [ -n "${NAME_VERIFY}" ]; then + RELEASE="${NAME_VERIFY}" + UPSTREAM_URL="https://installer.hardenedbsd.org/pub/HardenedBSD/releases/${HW_MACHINE}/${HW_MACHINE_ARCH}/hardenedbsd-${RELEASE}" bootstrap_directories bootstrap_release +else + usage +fi ;; http?://github.com/*/*|http?://gitlab.com/*/*) BASTILLE_TEMPLATE_URL=${1} diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 033082f8..3c31175c 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -204,20 +204,23 @@ INTERFACE="$4" ## verify release case "${RELEASE}" in -11.3-RELEASE|11.3-release) - RELEASE="11.3-RELEASE" +*-RELEASE|*-release|*-RC1|*-rc1|*-RC2|*-rc2) +## check for FreeBSD releases name +NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2])$' | tr '[:lower:]' '[:upper:]') +if [ -n "${NAME_VERIFY}" ]; then + RELEASE="${NAME_VERIFY}" +else + usage +fi ;; -11.2-RELEASE|11.2-release) - RELEASE="11.2-RELEASE" - ;; -12.0-RELEASE|12.0-release) - RELEASE="12.0-RELEASE" - ;; -11-stable-LAST|11-STABLE-last|11-stable-last|11-STABLE-LAST) - RELEASE="11-stable-LAST" - ;; -12-stable-LAST|12-STABLE-last|12-stable-last|12-STABLE-LAST) - RELEASE="12-stable-LAST" +*-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST) +## check for HardenedBSD releases name +NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})(-stable-LAST|-STABLE-last|-stable-last|-STABLE-LAST)$' | sed 's/STABLE/stable/g' | sed 's/last/LAST/g') +if [ -n "${NAME_VERIFY}" ]; then + RELEASE="${NAME_VERIFY}" +else + usage +fi ;; *) echo -e "${COLOR_RED}Unknown Release.${COLOR_RESET}" diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index 023eb16f..174ca361 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -134,8 +134,29 @@ fi NAME="$1" ## check what should we clean -if echo "${NAME}" | grep -qwE '^([0-9]{1,2})\.[0-9]-RELEASE$'; then +case "${NAME}" in +*-RELEASE|*-release|*-RC1|*-rc1|*-RC2|*-rc2) +## check for FreeBSD releases name +NAME_VERIFY=$(echo "${NAME}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2])$' | tr '[:lower:]' '[:upper:]') +if [ -n "${NAME_VERIFY}" ]; then + NAME="${NAME_VERIFY}" destroy_rel else - destroy_jail + usage fi + ;; +*-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST) +## check for HardenedBSD releases name +NAME_VERIFY=$(echo "${NAME}" | grep -iwE '^([1-9]{2,2})(-stable-LAST|-STABLE-last|-stable-last|-STABLE-LAST)$' | sed 's/STABLE/stable/g' | sed 's/last/LAST/g') +if [ -n "${NAME_VERIFY}" ]; then + NAME="${NAME_VERIFY}" + destroy_rel +else + usage +fi + ;; +*) + ## just destroy a jail + destroy_jail + ;; +esac