From ae2b0ea0cb6a9d8c2e9a893182c55d5b3885e7fb Mon Sep 17 00:00:00 2001 From: Jose Date: Sat, 2 Nov 2019 16:05:49 -0400 Subject: [PATCH] Added bootstrap checksum validation and minor fixes --- usr/local/share/bastille/bootstrap.sh | 18 +++++++++++++++-- usr/local/share/bastille/destroy.sh | 5 +++++ usr/local/share/bastille/list.sh | 29 ++++++++++++++++----------- 3 files changed, 38 insertions(+), 14 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index d2e64fec..a8219f65 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -262,18 +262,32 @@ bootstrap_release() { echo -e "${COLOR_GREEN}Extracting FreeBSD ${RELEASE} ${_archive}.txz.${COLOR_RESET}" /usr/bin/tar -C "${bastille_releasesdir}/${RELEASE}" -xf "${bastille_cachedir}/${RELEASE}/${_archive}.txz" else - for _archive in ${bastille_bootstrap_archives}; do + ## get the manifest for dist files checksum validation + if [ ! -f "${bastille_cachedir}/${RELEASE}/MANIFEST" ]; then + fetch ${UPSTREAM_URL}/MANIFEST -o ${bastille_cachedir}/${RELEASE}/MANIFEST + fi + ## fetch for missing dist files if [ ! -f "${bastille_cachedir}/${RELEASE}/${_archive}.txz" ]; then fetch ${UPSTREAM_URL}/${_archive}.txz -o ${bastille_cachedir}/${RELEASE}/${_archive}.txz fi + ## compare checksums on the fetched dist files + if [ -f "${bastille_cachedir}/${RELEASE}/${_archive}.txz" ]; then + SHA256_DIST=$(grep -w "${_archive}.txz" ${bastille_cachedir}/${RELEASE}/MANIFEST | awk '{print $2}') + SHA256_FILE=$(sha256 -q ${bastille_cachedir}/${RELEASE}/${_archive}.txz) + if [ "${SHA256_FILE}" != "${SHA256_DIST}" ]; then + echo -e "${COLOR_RED}Failed validation for ${_archive}.txz, please retry bootstrap!${COLOR_RESET}" + rm ${bastille_cachedir}/${RELEASE}/${_archive}.txz + exit 1 + fi + fi + ## extract the fetched dist files if [ -f "${bastille_cachedir}/${RELEASE}/${_archive}.txz" ]; then echo -e "${COLOR_GREEN}Extracting FreeBSD ${RELEASE} ${_archive}.txz.${COLOR_RESET}" /usr/bin/tar -C "${bastille_releasesdir}/${RELEASE}" -xf "${bastille_cachedir}/${RELEASE}/${_archive}.txz" fi - done fi done echo diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index 5542f481..9f2887c0 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -79,6 +79,11 @@ destroy_jail() { destroy_rel() { bastille_rel_base="${bastille_releasesdir}/${NAME}" ## dir + ## check if this release have containers child + if grep -qwo "${NAME}" ${bastille_jailsdir}/*/fstab 2>/dev/null; then + echo -e "${COLOR_RED} ${NAME} base appears to have containers child.${COLOR_RESET}" + exit 1 + fi if [ ! -d "${bastille_rel_base}" ]; then echo -e "${COLOR_RED}Release base not found.${COLOR_RESET}" diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index ea55ae4e..ab373491 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -47,23 +47,28 @@ if [ $# -gt 0 ]; then usage ;; release|releases) - REL_LIST=$(ls "${bastille_releasesdir}" | sed "s/\n//g") - for _REL in ${REL_LIST}; do - if [ -f "${bastille_releasesdir}/${_REL}/root/.profile" ]; then - echo "${bastille_releasesdir}/${_REL}" - fi - done + if [ -d "${bastille_releasesdir}" ]; then + REL_LIST=$(ls "${bastille_releasesdir}" | sed "s/\n//g") + for _REL in ${REL_LIST}; do + if [ -f "${bastille_releasesdir}/${_REL}/root/.profile" ]; then + #echo "${bastille_releasesdir}/${_REL}" + echo "${_REL}" + fi + done + fi ;; template|templates) find "${bastille_templatesdir}" -type d -maxdepth 2 ;; jail|jails) - JAIL_LIST=$(ls "${bastille_jailsdir}" | sed "s/\n//g") - for _JAIL in ${JAIL_LIST}; do - if [ -f "${bastille_jailsdir}/${_JAIL}/jail.conf" ]; then - echo "${_JAIL}" - fi - done + if [ -d "${bastille_jailsdir}" ]; then + JAIL_LIST=$(ls "${bastille_jailsdir}" | sed "s/\n//g") + for _JAIL in ${JAIL_LIST}; do + if [ -f "${bastille_jailsdir}/${_JAIL}/jail.conf" ]; then + echo "${_JAIL}" + fi + done + fi ;; log|logs) find "${bastille_logsdir}" -type f -maxdepth 1