From b2134145a2e97452268351a91dde661acfe11a6f Mon Sep 17 00:00:00 2001 From: Gerrit Sere Date: Tue, 5 Jan 2021 00:30:06 +0100 Subject: [PATCH 01/14] bastille cmd exit code not respected #272 --- usr/local/share/bastille/cmd.sh | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/usr/local/share/bastille/cmd.sh b/usr/local/share/bastille/cmd.sh index 3ebc1ad3..28ce03b1 100644 --- a/usr/local/share/bastille/cmd.sh +++ b/usr/local/share/bastille/cmd.sh @@ -45,8 +45,29 @@ if [ $# -eq 0 ]; then usage fi +COUNT=0 +RETURN=0 + for _jail in ${JAILS}; do + COUNT=$(($COUNT+1)) info "[${_jail}]:" jexec -l "${_jail}" "$@" + ERROR_CODE=$? + info "[${_jail} - Return code]: ${ERROR_CODE}" + + if [ "$COUNT" -eq 1 ]; then + RETURN=$ERROR_CODE + else + RETURN=$(($RETURN+$ERROR_CODE)) + fi + echo done + +# Check when a command is executed in all running jails. (bastille cmd ALL ...) + +if [ "$COUNT" -gt 1 ] && [ "$RETURN" -gt 0 ]; then + RETURN=1 +fi + +return "$RETURN" From 261fdd7dc9df8b3a9db4a47b66e43d361078d885 Mon Sep 17 00:00:00 2001 From: yaazkal Date: Fri, 23 Jul 2021 05:05:20 -0500 Subject: [PATCH 02/14] Fix minor typo in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1d1f77d0..dfaa8c7c 100644 --- a/README.md +++ b/README.md @@ -296,7 +296,7 @@ patches. The bootstrap process for Linux containers is very different from the BSD process. You will need the package debootstrap and some kernel modules for that. -But don't worry, Bastille will do that for that for you. +But don't worry, Bastille will do that for you. ```shell ishmael ~ # bastille bootstrap focal From 116014d1915ad020aa24828a35cbc73921903329 Mon Sep 17 00:00:00 2001 From: Yaazkal Date: Fri, 23 Jul 2021 05:33:49 -0500 Subject: [PATCH 03/14] Refactor: creates check_linux_prerequisites function --- usr/local/share/bastille/bootstrap.sh | 65 +++++++++++---------------- 1 file changed, 26 insertions(+), 39 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 347a1eff..448943ca 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -341,6 +341,28 @@ bootstrap_template() { bastille verify "${_user}/${_repo}" } +check_linux_prerequisites() { +#check and install OS dependencies @hackacad +if [ ! "$(sysrc -f /boot/loader.conf -n linprocfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n linsysfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n tmpfs_load)" = "YES" ]; then + warn "linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you? (N|y)" + read answer + case $answer in + [Nn][Oo]|[Nn]|"") + error_exit "Exiting." + ;; + [Yy][Ee][Ss]|[Yy]) + info "Loading modules" + kldload linux linux64 linprocfs linsysfs tmpfs + info "Persisting modules" + sysrc linux_enable=YES + sysrc -f /boot/loader.conf linprocfs_load=YES + sysrc -f /boot/loader.conf linsysfs_load=YES + sysrc -f /boot/loader.conf tmpfs_load=YES + ;; + esac +fi +} + HW_MACHINE=$(sysctl hw.machine | awk '{ print $2 }') HW_MACHINE_ARCH=$(sysctl hw.machine_arch | awk '{ print $2 }') RELEASE="${1}" @@ -431,25 +453,8 @@ http?://*/*/*) ;; #adding Ubuntu Bionic as valid "RELEASE" for POC @hackacad ubuntu_bionic|bionic|ubuntu-bionic) - #check and install OS dependencies @hackacad - if [ ! "$(sysrc -f /boot/loader.conf -n linprocfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n linsysfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n tmpfs_load)" = "YES" ]; then - warn "linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you? (N|y)" - read answer - case $answer in - [Nn][Oo]|[Nn]|"") - error_exit "Exiting." - ;; - [Yy][Ee][Ss]|[Yy]) - info "Loading modules" - kldload linux linux64 linprocfs linsysfs tmpfs - info "Persisting modules" - sysrc linux_enable=YES - sysrc -f /boot/loader.conf linprocfs_load=YES - sysrc -f /boot/loader.conf linsysfs_load=YES - sysrc -f /boot/loader.conf tmpfs_load=YES - ;; - esac - fi + check_linux_prerequisites + if which -s debootstrap; then debootstrap --foreign --arch=amd64 --no-check-gpg bionic "${bastille_releasesdir}"/Ubuntu_1804 else @@ -468,26 +473,8 @@ ubuntu_bionic|bionic|ubuntu-bionic) echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/Ubuntu_1804/etc/apt/apt.conf.d/00aptitude ;; ubuntu_focal|focal|ubuntu-focal) - #check and install OS dependencies @hackacad - #ToDo: add function 'linux_pre' for sysrc etc. - if [ ! "$(sysrc -f /boot/loader.conf -n linprocfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n linsysfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n tmpfs_load)" = "YES" ]; then - warn "linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you? (N|y)" - read answer - case $answer in - [Nn][Oo]|[Nn]|"") - error_exit "Exiting." - ;; - [Yy][Ee][Ss]|[Yy]) - info "Loading modules" - kldload linux linux64 linprocfs linsysfs tmpfs - info "Persisting modules" - sysrc linux_enable=YES - sysrc -f /boot/loader.conf linprocfs_load=YES - sysrc -f /boot/loader.conf linsysfs_load=YES - sysrc -f /boot/loader.conf tmpfs_load=YES - ;; - esac - fi + check_linux_prerequisites + if which -s debootstrap; then debootstrap --foreign --arch=amd64 --no-check-gpg focal "${bastille_releasesdir}"/Ubuntu_2004 else From f9018047ea966efd37ac844807cab7c62ba58c5f Mon Sep 17 00:00:00 2001 From: Yaazkal Date: Fri, 23 Jul 2021 05:42:04 -0500 Subject: [PATCH 04/14] Refactor: check_linux_prerequisites indentation --- usr/local/share/bastille/bootstrap.sh | 38 +++++++++++++-------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 448943ca..20b28dc2 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -342,25 +342,25 @@ bootstrap_template() { } check_linux_prerequisites() { -#check and install OS dependencies @hackacad -if [ ! "$(sysrc -f /boot/loader.conf -n linprocfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n linsysfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n tmpfs_load)" = "YES" ]; then - warn "linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you? (N|y)" - read answer - case $answer in - [Nn][Oo]|[Nn]|"") - error_exit "Exiting." - ;; - [Yy][Ee][Ss]|[Yy]) - info "Loading modules" - kldload linux linux64 linprocfs linsysfs tmpfs - info "Persisting modules" - sysrc linux_enable=YES - sysrc -f /boot/loader.conf linprocfs_load=YES - sysrc -f /boot/loader.conf linsysfs_load=YES - sysrc -f /boot/loader.conf tmpfs_load=YES - ;; - esac -fi + #check and install OS dependencies @hackacad + if [ ! "$(sysrc -f /boot/loader.conf -n linprocfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n linsysfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n tmpfs_load)" = "YES" ]; then + warn "linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you? (N|y)" + read answer + case $answer in + [Nn][Oo]|[Nn]|"") + error_exit "Exiting." + ;; + [Yy][Ee][Ss]|[Yy]) + info "Loading modules" + kldload linux linux64 linprocfs linsysfs tmpfs + info "Persisting modules" + sysrc linux_enable=YES + sysrc -f /boot/loader.conf linprocfs_load=YES + sysrc -f /boot/loader.conf linsysfs_load=YES + sysrc -f /boot/loader.conf tmpfs_load=YES + ;; + esac + fi } HW_MACHINE=$(sysctl hw.machine | awk '{ print $2 }') From 85b5c204c4c5033665d61b989470056a9d3bbe9c Mon Sep 17 00:00:00 2001 From: Yaazkal Date: Fri, 23 Jul 2021 05:50:23 -0500 Subject: [PATCH 05/14] Refactor: Creates ensure_debootstrap an change logic to prevent typing errors because of duplicated code --- usr/local/share/bastille/bootstrap.sh | 53 ++++++++++++--------------- 1 file changed, 23 insertions(+), 30 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 20b28dc2..8e900d56 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -363,6 +363,22 @@ check_linux_prerequisites() { fi } +ensure_debootstrap() { + if ! which -s debootstrap; then + warn "Debootstrap not found. Should it be installed? (N|y)" + read answer + case $answer in + [Nn][Oo]|[Nn]|"") + error_exit "Exiting. You need to install debootstap before boostrapping a Linux jail." + ;; + [Yy][Ee][Ss]|[Yy]) + pkg install -y debootstrap + debootstrap --foreign --arch=amd64 --no-check-gpg bionic "${bastille_releasesdir}"/Ubuntu_1804 + ;; + esac + fi +} + HW_MACHINE=$(sysctl hw.machine | awk '{ print $2 }') HW_MACHINE_ARCH=$(sysctl hw.machine_arch | awk '{ print $2 }') RELEASE="${1}" @@ -455,41 +471,18 @@ http?://*/*/*) ubuntu_bionic|bionic|ubuntu-bionic) check_linux_prerequisites - if which -s debootstrap; then - debootstrap --foreign --arch=amd64 --no-check-gpg bionic "${bastille_releasesdir}"/Ubuntu_1804 - else - warn "Debootstrap not found. Should it be installed? (N|y)" - read answer - case $answer in - [Nn][Oo]|[Nn]|"") - error_exit "Exiting. You need to install debootstap before boostrapping a Linux jail." - ;; - [Yy][Ee][Ss]|[Yy]) - pkg install -y debootstrap - debootstrap --foreign --arch=amd64 --no-check-gpg bionic "${bastille_releasesdir}"/Ubuntu_1804 - ;; - esac - fi + ensure_debootstrap + + debootstrap --foreign --arch=amd64 --no-check-gpg bionic "${bastille_releasesdir}"/Ubuntu_1804 + echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/Ubuntu_1804/etc/apt/apt.conf.d/00aptitude ;; ubuntu_focal|focal|ubuntu-focal) check_linux_prerequisites - if which -s debootstrap; then - debootstrap --foreign --arch=amd64 --no-check-gpg focal "${bastille_releasesdir}"/Ubuntu_2004 - else - warn "Debootstrap not found. Should it be installed? (N|y)" - read answer - case $answer in - [Nn][Oo]|[Nn]|"") - error_exit "Exiting. You need to install debootstap before boostrapping a Linux jail." - ;; - [Yy][Ee][Ss]|[Yy]) - pkg install -y debootstrap - debootstrap --foreign --arch=amd64 --no-check-gpg focal "${bastille_releasesdir}"/Ubuntu_2004 - ;; - esac - fi + ensure_debootstrap + + debootstrap --foreign --arch=amd64 --no-check-gpg focal "${bastille_releasesdir}"/Ubuntu_2004 ;; *) usage From 295e57ac045024b59db654055b426182e4d4d47d Mon Sep 17 00:00:00 2001 From: Yaazkal Date: Fri, 23 Jul 2021 05:51:35 -0500 Subject: [PATCH 06/14] Refactor: removes cosmetic whitelines --- usr/local/share/bastille/bootstrap.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 8e900d56..ff627f51 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -470,18 +470,13 @@ http?://*/*/*) #adding Ubuntu Bionic as valid "RELEASE" for POC @hackacad ubuntu_bionic|bionic|ubuntu-bionic) check_linux_prerequisites - ensure_debootstrap - debootstrap --foreign --arch=amd64 --no-check-gpg bionic "${bastille_releasesdir}"/Ubuntu_1804 - echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/Ubuntu_1804/etc/apt/apt.conf.d/00aptitude ;; ubuntu_focal|focal|ubuntu-focal) check_linux_prerequisites - ensure_debootstrap - debootstrap --foreign --arch=amd64 --no-check-gpg focal "${bastille_releasesdir}"/Ubuntu_2004 ;; *) From 403d6739bcf9b503562e48e3268f1515d84428fc Mon Sep 17 00:00:00 2001 From: Yaazkal Date: Fri, 23 Jul 2021 05:56:00 -0500 Subject: [PATCH 07/14] Fix: removes unwanted line in esure_debootstrap --- usr/local/share/bastille/bootstrap.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index ff627f51..dbb0b54a 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -373,7 +373,6 @@ ensure_debootstrap() { ;; [Yy][Ee][Ss]|[Yy]) pkg install -y debootstrap - debootstrap --foreign --arch=amd64 --no-check-gpg bionic "${bastille_releasesdir}"/Ubuntu_1804 ;; esac fi From f6b2e57051d3bbf812a54088054c1d5df6f0aad2 Mon Sep 17 00:00:00 2001 From: Yaazkal Date: Fri, 23 Jul 2021 12:07:21 -0500 Subject: [PATCH 08/14] Adds: Debian 9 (Stretch) as a release for linux jails --- usr/local/share/bastille/bootstrap.sh | 7 +++++++ usr/local/share/bastille/create.sh | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index dbb0b54a..48e1f1f5 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -478,6 +478,13 @@ ubuntu_focal|focal|ubuntu-focal) ensure_debootstrap debootstrap --foreign --arch=amd64 --no-check-gpg focal "${bastille_releasesdir}"/Ubuntu_2004 ;; +debian_stretch|stretch|debian-stretch) + check_linux_prerequisites + ensure_debootstrap + debootstrap --foreign --arch=amd64 --no-check-gpg stretch "${bastille_releasesdir}"/Debian9 + echo "Increasing APT::Cache-Start" + echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/Debian9/etc/apt/apt.conf.d/00aptitude + ;; *) usage ;; diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index fb3023bc..3b5b22a5 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -593,6 +593,10 @@ if [ -n "${LINUX_JAIL}" ]; then ## check for FreeBSD releases name NAME_VERIFY=ubuntu_focal ;; + debian_stretch|stretch|debian-stretch) + ## check for FreeBSD releases name + NAME_VERIFY=stretch + ;; *) error_notify "Unknown Linux." usage @@ -651,6 +655,10 @@ if [ -z "${EMPTY_JAIL}" ]; then NAME_VERIFY=Ubuntu_2004 validate_release ;; + debian_stretch|stretch|debian-stretch) + NAME_VERIFY=Debian9 + validate_release + ;; *) error_notify "Unknown Release." usage From 2581218f8205bd17a4f5707e5845817999e17af9 Mon Sep 17 00:00:00 2001 From: Florian Gattermeier Date: Mon, 26 Jul 2021 11:13:04 +0200 Subject: [PATCH 09/14] Added logic for setting ipv6_defaultrouter for vnet template --- usr/local/etc/bastille/bastille.conf.sample | 1 + usr/local/share/bastille/create.sh | 5 ++++- usr/local/share/bastille/templates/default/vnet/Bastillefile | 2 ++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/usr/local/etc/bastille/bastille.conf.sample b/usr/local/etc/bastille/bastille.conf.sample index c618ef3d..22653b35 100644 --- a/usr/local/etc/bastille/bastille.conf.sample +++ b/usr/local/etc/bastille/bastille.conf.sample @@ -51,6 +51,7 @@ bastille_decompress_gz_options="-k -d -c -v" ## default bastille_network_loopback="bastille0" ## default: "bastille0" bastille_network_shared="" ## default: "" bastille_network_gateway="" ## default: "" +bastille_network_gateway6="" ## default: "" ## Default Templates bastille_template_base="default/base" ## default: "default/base" diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 3b5b22a5..83bbe5db 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -452,6 +452,7 @@ create_jail() { uniq_epair=$(grep vnet.interface "${bastille_jailsdir}/${NAME}/jail.conf" | awk '{print $3}' | sed 's/;//') _gateway='' + _gateway6='' _ifconfig=SYNCDHCP if [ "${IP}" != "0.0.0.0" ]; then # not using DHCP, so set static address. if [ -n "${ip6}" ]; then @@ -461,6 +462,8 @@ create_jail() { fi if [ -n "${bastille_network_gateway}" ]; then _gateway="${bastille_network_gateway}" + elif [ -n "${bastille_network_gateway6}" ]; then + _gateway6="${bastille_network_gateway6}" else if [ -z ${ip6} ]; then _gateway="$(netstat -4rn | awk '/default/ {print $2}')" @@ -469,7 +472,7 @@ create_jail() { fi fi fi - bastille template "${NAME}" ${bastille_template_vnet} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}" --arg EPAIR="${uniq_epair}" --arg GATEWAY="${_gateway}" --arg IFCONFIG="${_ifconfig}" + bastille template "${NAME}" ${bastille_template_vnet} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}" --arg EPAIR="${uniq_epair}" --arg GATEWAY="${_gateway}" --arg GATEWAY6="${_gateway6}" --arg IFCONFIG="${_ifconfig}" fi elif [ -n "${THICK_JAIL}" ]; then if [ -n "${bastille_template_thick}" ]; then diff --git a/usr/local/share/bastille/templates/default/vnet/Bastillefile b/usr/local/share/bastille/templates/default/vnet/Bastillefile index 92b76fc6..902fe6dd 100644 --- a/usr/local/share/bastille/templates/default/vnet/Bastillefile +++ b/usr/local/share/bastille/templates/default/vnet/Bastillefile @@ -5,9 +5,11 @@ INCLUDE ${BASE_TEMPLATE} --arg HOST_RESOLV_CONF="${HOST_RESOLV_CONF}" ARG EPAIR ARG GATEWAY +ARG GATEWAY6 ARG IFCONFIG="SYNCDHCP" SYSRC ifconfig_${EPAIR}_name=vnet0 SYSRC ifconfig_vnet0="${IFCONFIG}" # GATEWAY will be empty for a DHCP config. -- cwells CMD if [ -n "${GATEWAY}" ]; then /usr/sbin/sysrc defaultrouter="${GATEWAY}"; fi +CMD if [ -n "${GATEWAY6}" ]; then /usr/sbin/sysrc ipv6_defaultrouter="${GATEWAY6}"; fi From a21be862d8b8dce7d0263fe3e09829dc38a5c0c8 Mon Sep 17 00:00:00 2001 From: Yaazkal Date: Fri, 30 Jul 2021 07:40:01 -0500 Subject: [PATCH 10/14] Adds: Debian 10 (Buster) as a release for linux jails --- usr/local/share/bastille/bootstrap.sh | 7 +++++++ usr/local/share/bastille/create.sh | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 48e1f1f5..5066aab0 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -485,6 +485,13 @@ debian_stretch|stretch|debian-stretch) echo "Increasing APT::Cache-Start" echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/Debian9/etc/apt/apt.conf.d/00aptitude ;; +debian_buster|buster|debian-buster) + check_linux_prerequisites + ensure_debootstrap + debootstrap --foreign --arch=amd64 --no-check-gpg buster "${bastille_releasesdir}"/Debian10 + echo "Increasing APT::Cache-Start" + echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/Debian9/etc/apt/apt.conf.d/00aptitude + ;; *) usage ;; diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 83bbe5db..c9d9cd58 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -600,6 +600,10 @@ if [ -n "${LINUX_JAIL}" ]; then ## check for FreeBSD releases name NAME_VERIFY=stretch ;; + debian_buster|buster|debian-buster) + ## check for FreeBSD releases name + NAME_VERIFY=buster + ;; *) error_notify "Unknown Linux." usage @@ -662,6 +666,10 @@ if [ -z "${EMPTY_JAIL}" ]; then NAME_VERIFY=Debian9 validate_release ;; + debian_buster|buster|debian-buster) + NAME_VERIFY=Debian10 + validate_release + ;; *) error_notify "Unknown Release." usage From 5fcc56367d79a7826e23c5ae24539e8afd65b4aa Mon Sep 17 00:00:00 2001 From: Yaazkal Date: Fri, 30 Jul 2021 07:41:24 -0500 Subject: [PATCH 11/14] Fix: Debian 10 (Buster) path for increasing apt cache-start --- usr/local/share/bastille/bootstrap.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 5066aab0..269e1b37 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -490,7 +490,7 @@ debian_buster|buster|debian-buster) ensure_debootstrap debootstrap --foreign --arch=amd64 --no-check-gpg buster "${bastille_releasesdir}"/Debian10 echo "Increasing APT::Cache-Start" - echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/Debian9/etc/apt/apt.conf.d/00aptitude + echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/Debian10/etc/apt/apt.conf.d/00aptitude ;; *) usage From 3a7e720e8248088703614dc788877db76a36ff46 Mon Sep 17 00:00:00 2001 From: Christer Edwards Date: Sat, 31 Jul 2021 15:04:08 -0600 Subject: [PATCH 12/14] improve NO_COLOR detection --- usr/local/share/bastille/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 1220fb20..3ef2aeda 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -38,7 +38,7 @@ enable_color() { } # If "NO_COLOR" environment variable is present, disable output colors. -if ! export | grep -q "NO_COLOR"; then +if [ -z "${NO_COLOR}" ]; then enable_color fi From cc38fabd3169ddbcd1158054788c7f50d9542842 Mon Sep 17 00:00:00 2001 From: Christer Edwards Date: Sat, 31 Jul 2021 15:22:17 -0600 Subject: [PATCH 13/14] fix overloaded variable in mount command --- usr/local/share/bastille/mount.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index 298d42a3..b6a9f7d5 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -93,25 +93,25 @@ for _jail in ${JAILS}; do info "[${_jail}]:" ## aggregate variables into FSTAB entry - _jailpath="${bastille_jailsdir}/${_jail}/root/${_jailpath}" - _fstab_entry="${_hostpath} ${_jailpath} ${_type} ${_perms} ${_checks}" + _fullpath="${bastille_jailsdir}/${_jail}/root/${_jailpath}" + _fstab_entry="${_hostpath} ${_fullpath} ${_type} ${_perms} ${_checks}" ## Create mount point if it does not exist. -- cwells - if [ ! -d "${_jailpath}" ]; then - if ! mkdir -p "${_jailpath}"; then + if [ ! -d "${_fullpath}" ]; then + if ! mkdir -p "${_fullpath}"; then error_exit "Failed to create mount point inside jail." fi fi ## if entry doesn't exist, add; else show existing entry - if ! egrep -q "[[:blank:]]${_jailpath}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" 2> /dev/null; then + if ! egrep -q "[[:blank:]]${_fullpath}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" 2> /dev/null; then if ! echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab"; then error_exit "Failed to create fstab entry: ${_fstab_entry}" fi echo "Added: ${_fstab_entry}" else warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" - egrep "[[:blank:]]${_jailpath}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" + egrep "[[:blank:]]${_fullpath}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" fi mount -F "${bastille_jailsdir}/${_jail}/fstab" -a echo From 03c830bea494dfa34d5f8fe5b3814c8efe164aee Mon Sep 17 00:00:00 2001 From: Christer Edwards Date: Sat, 31 Jul 2021 19:47:01 -0600 Subject: [PATCH 14/14] basic PKG support for ubuntu/debian containers --- usr/local/share/bastille/pkg.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/usr/local/share/bastille/pkg.sh b/usr/local/share/bastille/pkg.sh index 4df3efc9..66bc3cff 100644 --- a/usr/local/share/bastille/pkg.sh +++ b/usr/local/share/bastille/pkg.sh @@ -47,10 +47,13 @@ fi for _jail in ${JAILS}; do info "[${_jail}]:" - if [ -f "/usr/sbin/pkg" ]; then - jexec -l "${_jail}" /usr/sbin/pkg "$@" + bastille_jail_path=$(jls -j "${_jail}" path) + if [ -f "/usr/sbin/mport" ]; then + jexec -l -U root "${_jail}" /usr/sbin/mport "$@" + elif [ -f "${bastille_jail_path}/usr/bin/apt" ]; then + jexec -l "${_jail}" /usr/bin/apt "$@" else - jexec -l "${_jail}" /usr/sbin/mport "$@" + jexec -l -U root "${_jail}" /usr/sbin/pkg "$@" fi echo done