From 963fa5be2e9b0339569f40a75d68f3af6f450391 Mon Sep 17 00:00:00 2001
From: Pietro Cerutti <gahr@gahr.ch>
Date: Sat, 6 Jan 2024 13:28:02 +0000
Subject: [PATCH 1/7] rename: adjust all mount points

---
 usr/local/share/bastille/rename.sh | 19 +------------------
 1 file changed, 1 insertion(+), 18 deletions(-)

diff --git a/usr/local/share/bastille/rename.sh b/usr/local/share/bastille/rename.sh
index 08ebe108..9caf7e84 100644
--- a/usr/local/share/bastille/rename.sh
+++ b/usr/local/share/bastille/rename.sh
@@ -81,24 +81,7 @@ update_fstab() {
     # Update fstab to use the new name
     FSTAB_CONFIG="${bastille_jailsdir}/${NEWNAME}/fstab"
     if [ -f "${FSTAB_CONFIG}" ]; then
-        # Skip if fstab is empty, e.g newly created thick or clone jails
-        if [ -s "${FSTAB_CONFIG}" ]; then
-            FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-9])|([0-9]{1,2}-stable-build-[0-9]{1,3})|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)|(current-BUILD-LATEST)' "${FSTAB_CONFIG}")
-            FSTAB_CURRENT=$(grep -w ".*/releases/.*/jails/${TARGET}/root/.bastille" "${FSTAB_CONFIG}")
-            FSTAB_NEWCONF="${bastille_releasesdir}/${FSTAB_RELEASE} ${bastille_jailsdir}/${NEWNAME}/root/.bastille nullfs ro 0 0"
-            if [ -n "${FSTAB_CURRENT}" ] && [ -n "${FSTAB_NEWCONF}" ]; then
-                # If both variables are set, update as needed
-                if ! grep -qw "${bastille_releasesdir}/${FSTAB_RELEASE}.*${bastille_jailsdir}/${NEWNAME}/root/.bastille" "${FSTAB_CONFIG}"; then
-                    sed -i '' "s|${FSTAB_CURRENT}|${FSTAB_NEWCONF}|" "${FSTAB_CONFIG}"
-                fi
-            fi
-
-            # Update linuxjail fstab name entries
-            # Search for either linprocfs/linsysfs, if true assume is a linux jail
-            if grep -qwE "linprocfs|linsysfs" "${FSTAB_CONFIG}"; then
-                sed -i '' "s|.${bastille_jailsdir}/${TARGET}/|${bastille_jailsdir}/${NEWNAME}/|" "${FSTAB_CONFIG}"
-            fi
-        fi
+        sed -i '' "s|${bastille_jailsdir}/${TARGET}|${bastille_jailsdir}/${NEWNAME}|g" "${FSTAB_CONFIG}"
     fi
 }
 

From ab56fb5761a0a73fcc252d9459f0d8feccee5330 Mon Sep 17 00:00:00 2001
From: tschettervictor <85497460+tschettervictor@users.noreply.github.com>
Date: Sun, 24 Nov 2024 15:24:21 -0700
Subject: [PATCH 2/7] Update destroy.sh - refuse to destroy jail with mounted
 filesystem

---
 usr/local/share/bastille/destroy.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh
index 9d9e9996..f3f0e3ec 100644
--- a/usr/local/share/bastille/destroy.sh
+++ b/usr/local/share/bastille/destroy.sh
@@ -54,6 +54,12 @@ destroy_jail() {
     fi
 
     if [ -d "${bastille_jail_base}" ]; then
+        ## make sure no filesystem is currently mounted in the jail directory
+        mount_points=$(mount | cut -d ' ' -f 3 | grep "${bastille_jail_base}")
+        if [ $? -eq 0 ]; then
+            error_notify "Failed to destroy jail: ${TARGET}"
+            error_exit "Jail has mounted filesystems:\n$mount_points"
+        fi
         info "Deleting Jail: ${TARGET}."
         if checkyesno bastille_zfs_enable; then
             if [ -n "${bastille_zfs_zpool}" ]; then

From 09808b70ddb87740474271eef45d2e210573439d Mon Sep 17 00:00:00 2001
From: tschettervictor <85497460+tschettervictor@users.noreply.github.com>
Date: Sun, 24 Nov 2024 17:45:49 -0700
Subject: [PATCH 3/7] Update destroy.sh - allow for jail root to be mounted
 when destroying

This will allow the jail root to be mounted when destroying a jail, but if anything under 'root' is still mounted, it will exit.
---
 usr/local/share/bastille/destroy.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh
index f3f0e3ec..0185e3d2 100644
--- a/usr/local/share/bastille/destroy.sh
+++ b/usr/local/share/bastille/destroy.sh
@@ -55,7 +55,7 @@ destroy_jail() {
 
     if [ -d "${bastille_jail_base}" ]; then
         ## make sure no filesystem is currently mounted in the jail directory
-        mount_points=$(mount | cut -d ' ' -f 3 | grep "${bastille_jail_base}")
+        mount_points=$(mount | cut -d ' ' -f 3 | grep "${bastille_jail_base}"/root/)
         if [ $? -eq 0 ]; then
             error_notify "Failed to destroy jail: ${TARGET}"
             error_exit "Jail has mounted filesystems:\n$mount_points"

From cfadb2537e243c19dd4fcc457c574f0015ea3649 Mon Sep 17 00:00:00 2001
From: tschettervictor <85497460+tschettervictor@users.noreply.github.com>
Date: Sun, 29 Dec 2024 11:43:35 -0700
Subject: [PATCH 4/7] bugfix for cloneing new mac

---
 usr/local/share/bastille/clone.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh
index f26f460a..e11bd701 100644
--- a/usr/local/share/bastille/clone.sh
+++ b/usr/local/share/bastille/clone.sh
@@ -126,8 +126,8 @@ update_jailconf_vnet() {
                     sed -i '' "s|e\([0-9]\{1,\}\)b_${NEWNAME}|e${uniq_epair_bridge}b_${NEWNAME}|g" "${JAIL_CONFIG}"
                     sed -i '' "s|epair\([0-9]\{1,\}\)|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}"
 		    sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille\([0-9]\{1,\}\).*description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}"
-                    sed -i '' "s|ether.*:.*:.*:.*:.*:.*a |ether ${macaddr}a |" "${JAIL_CONFIG}"
-                    sed -i '' "s|ether.*:.*:.*:.*:.*:.*b |ether ${macaddr}b |" "${JAIL_CONFIG}"
+                    sed -i '' "s|ether.*:.*:.*:.*:.*:.*a\";|ether ${macaddr}a\";|" "${JAIL_CONFIG}"
+                    sed -i '' "s|ether.*:.*:.*:.*:.*:.*b\";|ether ${macaddr}b\";|" "${JAIL_CONFIG}"
                     break
                 fi
             fi

From d3fd055b67a0ed0de62c01269770f84450683e37 Mon Sep 17 00:00:00 2001
From: tschettervictor <85497460+tschettervictor@users.noreply.github.com>
Date: Mon, 30 Dec 2024 12:16:26 -0700
Subject: [PATCH 5/7] more random mac

---
 usr/local/share/bastille/common.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh
index ed9e5a6a..316e8718 100644
--- a/usr/local/share/bastille/common.sh
+++ b/usr/local/share/bastille/common.sh
@@ -74,8 +74,12 @@ generate_static_mac() {
     local jail_name="${1}"
     local external_interface="${2}"
     local macaddr_prefix="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | cut -d':' -f1-3)"
-    local macaddr_suffix="$(echo -n ${jail_name} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')"
+    local macaddr_suffix="$(echo -n "${external_interface}${jail_name}" | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')"
+    if [ -z "${macaddr_prefix}" ] || [ -z "${macaddr_suffix}" ]; then
+        error_notify "Failed to generate MAC address."
+    fi
     macaddr="${macaddr_prefix}:${macaddr_suffix}"
+    export macaddr
 }
 
 generate_vnet_jail_netblock() {

From 3c60a4b26b7db8773e56dc8436aebb096f59efc7 Mon Sep 17 00:00:00 2001
From: tschettervictor <85497460+tschettervictor@users.noreply.github.com>
Date: Mon, 30 Dec 2024 16:49:34 -0700
Subject: [PATCH 6/7] hash mac of host for prefix

---
 usr/local/share/bastille/common.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh
index 316e8718..38181b5e 100644
--- a/usr/local/share/bastille/common.sh
+++ b/usr/local/share/bastille/common.sh
@@ -73,8 +73,9 @@ warn() {
 generate_static_mac() {
     local jail_name="${1}"
     local external_interface="${2}"
-    local macaddr_prefix="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | cut -d':' -f1-3)"
-    local macaddr_suffix="$(echo -n "${external_interface}${jail_name}" | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')"
+    local external_interface_mac="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | sed 's#:##g')"
+    local macaddr_prefix="$(echo -n "${external_interface_mac}" | sha256 | cut -b -6 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')"
+    local macaddr_suffix="$(echo -n "${jail_name}" | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')"
     if [ -z "${macaddr_prefix}" ] || [ -z "${macaddr_suffix}" ]; then
         error_notify "Failed to generate MAC address."
     fi

From ba2ff8ef75f6441934f4af36a9ae3ea68896727c Mon Sep 17 00:00:00 2001
From: tschettervictor <85497460+tschettervictor@users.noreply.github.com>
Date: Tue, 31 Dec 2024 10:33:59 -0700
Subject: [PATCH 7/7] better error handling

---
 usr/local/share/bastille/destroy.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh
index 0ba7e3f3..d95a4429 100644
--- a/usr/local/share/bastille/destroy.sh
+++ b/usr/local/share/bastille/destroy.sh
@@ -56,7 +56,7 @@ destroy_jail() {
     if [ -d "${bastille_jail_base}" ]; then
         ## make sure no filesystem is currently mounted in the jail directory
         mount_points=$(mount | cut -d ' ' -f 3 | grep "${bastille_jail_base}"/root/)
-        if [ $? -eq 0 ]; then
+        if [ -n "${mount_points}" ]; then
             error_notify "Failed to destroy jail: ${TARGET}"
             error_exit "Jail has mounted filesystems:\n$mount_points"
         fi