From b333a99cdcc442213971c4d5d11814ab74a15356 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 27 Feb 2025 23:50:00 -0700 Subject: [PATCH 01/13] import: Import jails using new interface format (iocage,ezjail) Imported jails from iocage and ezjail should now be imported using the new "if|ip" format and overall better handling on the network side of the import. --- usr/local/share/bastille/import.sh | 144 ++++++++++++++++++++++------- 1 file changed, 111 insertions(+), 33 deletions(-) diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index d76c8858..fa8b177b 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -41,9 +41,10 @@ usage() { cat << EOF Options: - -f | --force Force an archive import regardless if the checksum file does not match or missing. - -v | --verbose Be more verbose during the ZFS receive operation. - -x | --debug Enable debug mode. + -f | --force Force an archive import regardless if the checksum file does not match or missing. + -M | --static-mac Generate static MAC for jail when importing foreign jails like iocage. + -v | --verbose Be more verbose during the ZFS receive operation. + -x | --debug Enable debug mode. Tip: If no option specified, container should be imported from standard input. @@ -54,6 +55,7 @@ EOF # Handle options. OPT_FORCE=0 OPT_ZRECV="-u" +OPT_STATIC_MAC="" USER_IMPORT= while [ "$#" -gt 0 ]; do case "${1}" in @@ -64,6 +66,10 @@ while [ "$#" -gt 0 ]; do OPT_FORCE="1" shift ;; + -M|--static-mac) + OPT_STATIC_MAC="1" + shift + ;; -v|--verbose) OPT_ZRECV="-u -v" shift @@ -191,8 +197,8 @@ generate_config() { # Gather some bits from foreign/iocage config files JSON_CONFIG="${bastille_jailsdir}/${TARGET_TRIM}/config.json" if [ -n "${JSON_CONFIG}" ]; then - IPV4_CONFIG=$(grep -wo '\"ip4_addr\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/ip4_addr://') - IPV6_CONFIG=$(grep -wo '\"ip6_addr\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/ip6_addr://') + IP4_CONFIG=$(grep -wo '\"ip4_addr\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/ip4_addr://') + IP6_CONFIG=$(grep -wo '\"ip6_addr\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/ip6_addr://') DEVFS_RULESET=$(grep -wo '\"devfs_ruleset\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/devfs_ruleset://') DEVFS_RULESET=${DEVFS_RULESET:-4} IS_THIN_JAIL=$(grep -wo '\"basejail\": .*' "${JSON_CONFIG}" | tr -d '" ,' | sed 's/basejail://') @@ -218,41 +224,114 @@ generate_config() { # See if we need to generate a vnet network section if [ "${IS_VNET_JAIL:-0}" = "1" ]; then - NETBLOCK=$(generate_vnet_jail_netblock "${TARGET_TRIM}" "" "${VNET_DEFAULT_INTERFACE}") + NETBLOCK=$(generate_vnet_jail_netblock "${TARGET_TRIM}" "" "${VNET_DEFAULT_INTERFACE}" "${OPT_STATIC_MAC}") vnet_requirements else # If there are multiple IP/NIC let the user configure network - if [ -n "${IPV4_CONFIG}" ]; then - if ! echo "${IPV4_CONFIG}" | grep -q '.*,.*'; then - NETIF_CONFIG=$(echo "${IPV4_CONFIG}" | grep '.*|' | sed 's/|.*//g') - if [ -z "${NETIF_CONFIG}" ]; then + IP4_DEFINITION="" + IP6_DEFINITION="" + IP6_MODE="disable" + # IP4 set, but not IP6 + if [ -n "${IP4_CONFIG}" ] && [ -z "${IP6_CONFIG}" ]; then + if ! echo "${IP4_CONFIG}" | grep -q '.*,.*'; then + IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g') + if [ -z "${IP4_IF}" ]; then config_netif - fi - IPX_ADDR="ip4.addr" - IP_CONFIG="${IPV4_CONFIG}" - IP6_MODE="disable" - fi - elif [ -n "${IPV6_CONFIG}" ]; then - if ! echo "${IPV6_CONFIG}" | grep -q '.*,.*'; then - NETIF_CONFIG=$(echo "${IPV6_CONFIG}" | grep '.*|' | sed 's/|.*//g') - if [ -z "${NETIF_CONFIG}" ]; then + IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};" + IP6_MODE="disable" + else + IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};" + IP6_MODE="disable" + fi + else + IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g') + if [ -z "${IP4_IF}" ]; then config_netif - fi - IPX_ADDR="ip6.addr" - IP_CONFIG="${IPV6_CONFIG}" - IP6_MODE="new" + IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};" + IP6_MODE="disable" + else + IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};" + IP6_MODE="disable" + fi fi + # IP6 set, but not IP4 + elif [ -z "${IP4_CONFIG}" ] && [ -z "${IP6_CONFIG}" ]; then + if ! echo "${IP6_CONFIG}" | grep -q '.*,.*'; then + IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g') + if [ -z "${IP6_IF}" ]; then + config_netif + IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};" + IP6_MODE="new" + else + IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};" + IP6_MODE="new" + fi + else + IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g') + if [ -z "${IP6_IF}" ]; then + config_netif + IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};" + IP6_MODE="new" + else + IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};" + IP6_MODE="new" + fi + fi + # IP4 and IP6 both set + elif [ -n "${IP4_CONFIG}" ] && [ -n "${IP6_CONFIG}" ]; then + if ! echo "${IP4_CONFIG}" | grep -q '.*,.*'; then + IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g') + if [ -z "${IP4_IF}" ]; then + config_netif + IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};" + else + IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};" + fi + else + IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g') + if [ -z "${IP4_IF}" ]; then + config_netif + IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};" + else + IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};" + fi + fi + if ! echo "${IP6_CONFIG}" | grep -q '.*,.*'; then + IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g') + if [ -z "${IP6_IF}" ]; then + config_netif + IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};" + IP6_MODE="new" + else + IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};" + IP6_MODE="new" + fi + else + IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g') + if [ -z "${IP6_IF}" ]; then + config_netif + IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};" + IP6_MODE="new" + else + IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};" + IP6_MODE="new" + fi + fi + # ezjail import elif [ -n "${IPVX_CONFIG}" ]; then if ! echo "${IPVX_CONFIG}" | grep -q '.*,.*'; then NETIF_CONFIG=$(echo "${IPVX_CONFIG}" | grep '.*|' | sed 's/|.*//g') if [ -z "${NETIF_CONFIG}" ]; then config_netif - fi - IPX_ADDR="ip4.addr" - IP_CONFIG="${IPVX_CONFIG}" - IP6_MODE="disable" + IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IPVX_CONFIG};" + IP6_MODE="disable" + else + IP4_DEFINITION="ip4.addr = ${IPVX_CONFIG};" + IP6_MODE="disable" + fi if echo "${IPVX_CONFIG}" | sed 's/.*|//' | grep -Eq '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$))'; then - IPX_ADDR="ip6.addr" + IP4_DEFINITION="" + IP6_DEFINITION="ip6.addr = ${IPVX_CONFIG};" IP6_MODE="new" fi fi @@ -260,16 +339,15 @@ generate_config() { # Let the user configure network manually if [ -z "${NETIF_CONFIG}" ]; then - NETIF_CONFIG="lo1" - IPX_ADDR="ip4.addr" - IP_CONFIG="-" + IP4_DEFINITION="ip4.addr = lo1|-;" + IP6_DEFINITION="" IP6_MODE="disable" warn "Warning: See 'bastille edit ${TARGET_TRIM} jail.conf' for manual network configuration." fi NETBLOCK=$(cat <<-EOF - interface = ${NETIF_CONFIG}; - ${IPX_ADDR} = ${IP_CONFIG}; + ${IP4_DEFINITION} + ${IP6_DEFINITION} ip6 = ${IP6_MODE}; EOF ) From 00368cb71f348927bf776096745b66b662983663 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 00:07:14 -0700 Subject: [PATCH 02/13] import: Get default interface in set to "none" or auto --- usr/local/share/bastille/import.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index fa8b177b..dec4ec8c 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -206,7 +206,7 @@ generate_config() { IS_VNET_JAIL=$(grep -wo '\"vnet\": .*' "${JSON_CONFIG}" | tr -d '" ,' | sed 's/vnet://') VNET_DEFAULT_INTERFACE=$(grep -wo '\"vnet_default_interface\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/vnet_default_interface://') ALLOW_EMPTY_DIRS_TO_BE_SYMLINKED=1 - if [ "${VNET_DEFAULT_INTERFACE}" = "auto" ]; then + if [ "${VNET_DEFAULT_INTERFACE}" = "auto" ] || [ "${VNET_DEFAULT_INTERFACE}" = "none" ]; then # Grab the default ipv4 route from netstat and pull out the interface VNET_DEFAULT_INTERFACE=$(netstat -nr4 | grep default | cut -w -f 4) fi @@ -385,6 +385,7 @@ ${TARGET_TRIM} { mount.fstab = ${bastille_jailsdir}/${TARGET_TRIM}/fstab; path = ${bastille_jailsdir}/${TARGET_TRIM}/root; securelevel = 2; + osrelease = ${CONFIG_RELEASE}; ${NETBLOCK} } From 0106df52594aefc47abb42bfa1d7d2f336582604 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 00:18:42 -0700 Subject: [PATCH 03/13] import: Support importing to specific release #360 --- usr/local/share/bastille/import.sh | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index dec4ec8c..490ac27c 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -36,7 +36,7 @@ usage() { # Build an independent usage for the import command # If no file/extension specified, will import from standard input - error_notify "Usage: bastille import [option(s)] FILE" + error_notify "Usage: bastille import [option(s)] FILE [RELEASE]" cat << EOF Options: @@ -59,7 +59,7 @@ OPT_STATIC_MAC="" USER_IMPORT= while [ "$#" -gt 0 ]; do case "${1}" in - -h|--help|help) + -h|--help|help) usage ;; -f|--force) @@ -82,6 +82,7 @@ while [ "$#" -gt 0 ]; do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in f) OPT_FORCE=1 ;; + M) OPT_STATIC_MAC=1 ;; v) OPT_ZRECV="-u -v" ;; x) enable_debug ;; *) error_exit "Unknown Option: \"${1}\"" ;; @@ -95,11 +96,12 @@ while [ "$#" -gt 0 ]; do esac done -if [ $# -gt 3 ] || [ $# -lt 1 ]; then +if [ $# -gt 2 ] || [ $# -lt 1 ]; then usage fi TARGET="${1}" +RELEASE="${2}" bastille_root_check @@ -182,6 +184,9 @@ update_fstab_import() { # If both variables are set, compare and update as needed if ! grep -qw "${bastille_releasesdir}/${FSTAB_RELEASE}.*${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille" "${FSTAB_CONFIG}"; then info "Updating fstab..." + if [ -n "${RELEASE}" ]; then + FSTAB_NEWCONF="${RELEASE}" + fi sed -i '' "s|${FSTAB_CURRENT}|${FSTAB_NEWCONF}|" "${FSTAB_CONFIG}" fi fi @@ -355,9 +360,13 @@ EOF if [ "${IS_THIN_JAIL:-0}" = "1" ]; then if [ -z "${CONFIG_RELEASE}" ]; then - # Fallback to host version - CONFIG_RELEASE=$(freebsd-version | sed 's/\-[pP].*//') - warn "Warning: ${CONFIG_RELEASE} was set by default!" + if [ -n "${RELEASE}" ]; then + CONFIG_RELEASE="${RELEASE}" + else + # Fallback to host version + CONFIG_RELEASE=$(freebsd-version | sed 's/\-[pP].*//') + warn "Warning: ${CONFIG_RELEASE} was set by default!" + fi fi mkdir "${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille" echo "${bastille_releasesdir}/${CONFIG_RELEASE} ${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille nullfs ro 0 0" \ From 7ddff7fa94c6d2d8be2265228461c84c3bccb7c5 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 11:25:17 -0700 Subject: [PATCH 04/13] export: Restructure code for new functions --- usr/local/share/bastille/export.sh | 86 +++++++++++++----------------- 1 file changed, 37 insertions(+), 49 deletions(-) diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index f4d07fd4..57bd86a6 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -38,18 +38,17 @@ usage() { # Valid compress/options for ZFS systems are raw, .gz, .tgz, .txz and .xz # Valid compress/options for non ZFS configured systems are .tgz and .txz # If no compression option specified, user must redirect standard output - error_notify "Usage: bastille export | option(s) | TARGET | PATH" - + error_notify "Usage: bastille export [option(s)] TARGET PATH" cat << EOF Options: - --gz -- Export a ZFS jail using GZIP(.gz) compressed image. - -r | --raw -- Export a ZFS jail to an uncompressed RAW image. - -s | --safe -- Safely stop and start a ZFS jail before the exporting process. - --tgz -- Export a jail using simple .tgz compressed archive instead. - --txz -- Export a jail using simple .txz compressed archive instead. - -v | --verbose -- Be more verbose during the ZFS send operation. - --xz -- Export a ZFS jail using XZ(.xz) compressed image. + --gz Export a ZFS jail using GZIP(.gz) compressed image. + -r | --raw Export a ZFS jail to an uncompressed RAW image. + -s | --safe Safely stop and start a ZFS jail before the exporting process. + --tgz Export a jail using simple .tgz compressed archive instead. + --txz Export a jail using simple .txz compressed archive instead. + -v | --verbose Be more verbose during the ZFS send operation. + --xz Export a ZFS jail using XZ(.xz) compressed image. Note: If no export option specified, the container should be redirected to standard output. @@ -57,32 +56,6 @@ EOF exit 1 } -# Handle help option -case "${1}" in - help|-h|--help) - usage - ;; -esac - -if [ $# -gt 5 ] || [ $# -lt 1 ]; then - usage -fi - -TARGET="${1}" -GZIP_EXPORT= -XZ_EXPORT= -SAFE_EXPORT= -USER_EXPORT= -RAW_EXPORT= -DIR_EXPORT= -TXZ_EXPORT= -TGZ_EXPORT= -OPT_ZSEND="-R" -COMP_OPTION="0" - -bastille_root_check -set_target_single "${TARGET}" - zfs_enable_check() { # Temporarily disable ZFS so we can create a standard backup archive if checkyesno bastille_zfs_enable; then @@ -124,17 +97,17 @@ if [ -n "${bastille_export_options}" ]; then opt_count zfs_enable_check shift;; - --safe) + -s|--safe) SAFE_EXPORT="1" shift;; - --raw) + -r|--raw) RAW_EXPORT="1" opt_count shift ;; - --verbose) + -v|--verbose) OPT_ZSEND="-Rv" shift;; - --*|-*) error_notify "Unknown Option." + -*) error_notify "Unknown Option: \"${1}\"" usage;; esac done @@ -142,50 +115,46 @@ else # Handle options while [ $# -gt 0 ]; do case "${1}" in + -h|--help|help) + usage + ;; --gz) GZIP_EXPORT="1" - TARGET="${2}" opt_count shift ;; --xz) XZ_EXPORT="1" - TARGET="${2}" opt_count shift ;; --tgz) TGZ_EXPORT="1" - TARGET="${2}" opt_count zfs_enable_check shift ;; --txz) TXZ_EXPORT="1" - TARGET="${2}" opt_count zfs_enable_check shift ;; -s|--safe) SAFE_EXPORT="1" - TARGET="${2}" shift ;; -r|--raw) RAW_EXPORT="1" - TARGET="${2}" opt_count shift ;; -v|--verbose) OPT_ZSEND="-Rv" - TARGET="${2}" shift ;; - --*|-*) - error_notify "Unknown Option." + -*) + error_notify "Unknown Option: \"${1}\"" usage ;; *) @@ -202,6 +171,25 @@ else done fi +if [ $# -gt 2 ] || [ $# -lt 1 ]; then + usage +fi + +TARGET="${1}" +GZIP_EXPORT= +XZ_EXPORT= +SAFE_EXPORT= +USER_EXPORT= +RAW_EXPORT= +DIR_EXPORT= +TXZ_EXPORT= +TGZ_EXPORT= +OPT_ZSEND="-R" +COMP_OPTION="0" + +bastille_root_check +set_target_single "${TARGET}" + # Validate for combined options if [ "${COMP_OPTION}" -gt "1" ]; then error_exit "Error: Only one compression format can be used during export." @@ -217,7 +205,7 @@ if ! checkyesno bastille_zfs_enable; then [ -n "${RAW_EXPORT}" ] || [ -n "${SAFE_EXPORT}" ] || [ "${OPT_ZSEND}" = "-Rv" ]; then - error_exit "Options --xz, --gz, --raw, --safe, --verbose are valid for ZFS configured systems only." + error_exit "Options --xz, --gz, --raw, --safe, and --verbose are valid for ZFS configured systems only." fi fi From 295612da5fc03d36fecf6129ee17f589457deba3 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 11:49:29 -0700 Subject: [PATCH 05/13] create: Do not check running if empty jail --- usr/local/share/bastille/create.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 03d35e41..806df544 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -554,10 +554,12 @@ create_jail() { fi fi - # Exit if jail was not started, which means something is wrong. - if ! check_target_is_running "${NAME}"; then - bastille destroy "${NAME}" - error_exit "[${NAME}]: Failed to create jail..." + # Exit if jail was not started, except for empty jails + if [ -z "${EMPTY_JAIL}" ]; then + if ! check_target_is_running "${NAME}"; then + bastille destroy "${NAME}" + error_exit "[${NAME}]: Failed to create jail..." + fi fi if [ -n "${VNET_JAIL}" ]; then From 34a0582075a2bd31da156648e350068681dcbcc8 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 11:57:20 -0700 Subject: [PATCH 06/13] export: Add debug mode --- usr/local/share/bastille/export.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index 57bd86a6..278cc0e9 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -153,6 +153,10 @@ else OPT_ZSEND="-Rv" shift ;; + -x) + enable_debug + shift + ;; -*) error_notify "Unknown Option: \"${1}\"" usage @@ -160,10 +164,6 @@ else *) if echo "${1}" | grep -q "\/"; then DIR_EXPORT="${1}" - else - if [ $# -gt 2 ] || [ $# -lt 1 ]; then - usage - fi fi shift ;; From 1c0ed95e6354908ad917c0be5ff2c388d9bd6035 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 11:59:56 -0700 Subject: [PATCH 07/13] export: Fix expr syntax --- usr/local/share/bastille/export.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index 278cc0e9..44e8b050 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -65,7 +65,7 @@ zfs_enable_check() { } opt_count() { - COMP_OPTION=$(expr ${COMP_OPTION} + 1) + COMP_OPTION=$((COMP_OPTION + 1)) } if [ -n "${bastille_export_options}" ]; then From b734b926c29367038c7f1ab35047600052ccf236 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 12:03:08 -0700 Subject: [PATCH 08/13] export: Reset options --- usr/local/share/bastille/export.sh | 32 ++++++++++++++++++------------ 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index 44e8b050..ad91e3eb 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -68,6 +68,18 @@ opt_count() { COMP_OPTION=$((COMP_OPTION + 1)) } +# Reset export options +GZIP_EXPORT= +XZ_EXPORT= +SAFE_EXPORT= +USER_EXPORT= +RAW_EXPORT= +DIR_EXPORT= +TXZ_EXPORT= +TGZ_EXPORT= +OPT_ZSEND="-R" +COMP_OPTION="0" + if [ -n "${bastille_export_options}" ]; then # Overrides the case options by the user defined option(s) automatically. # Add bastille_export_options="--optionA --optionB" to bastille.conf, or simply `export bastille_export_options="--optionA --optionB"` environment variable. @@ -162,10 +174,9 @@ else usage ;; *) - if echo "${1}" | grep -q "\/"; then - DIR_EXPORT="${1}" + if echo "${2}" | grep -q "\/"; then + DIR_EXPORT="${2}" fi - shift ;; esac done @@ -176,16 +187,11 @@ if [ $# -gt 2 ] || [ $# -lt 1 ]; then fi TARGET="${1}" -GZIP_EXPORT= -XZ_EXPORT= -SAFE_EXPORT= -USER_EXPORT= -RAW_EXPORT= -DIR_EXPORT= -TXZ_EXPORT= -TGZ_EXPORT= -OPT_ZSEND="-R" -COMP_OPTION="0" + +# Check for directory export +if echo "${2}" | grep -q "\/"; then + DIR_EXPORT="${2}" +fi bastille_root_check set_target_single "${TARGET}" From bb228a4f74e135a35574ec729efec3887223c330 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 12:04:33 -0700 Subject: [PATCH 09/13] export: Break on no options --- usr/local/share/bastille/export.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index ad91e3eb..8ef258dd 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -174,9 +174,7 @@ else usage ;; *) - if echo "${2}" | grep -q "\/"; then - DIR_EXPORT="${2}" - fi + break ;; esac done From 2bd35fc9d2031bf49c0a6f30b3509796a5422f78 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 22:31:13 -0700 Subject: [PATCH 10/13] import: Manual network only if definitions not set --- usr/local/share/bastille/import.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index 490ac27c..4982ed2e 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -343,7 +343,7 @@ generate_config() { fi # Let the user configure network manually - if [ -z "${NETIF_CONFIG}" ]; then + if [ -z "${IP4_DEFINITION}" ] && [ -z "${IP6_DEFINITION}" ]; then IP4_DEFINITION="ip4.addr = lo1|-;" IP6_DEFINITION="" IP6_MODE="disable" From b498fca79ef6bf6b4f9c2356fe49e9214860c9b7 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 23:10:04 -0700 Subject: [PATCH 11/13] import: Fix import to a release from iocage --- usr/local/share/bastille/import.sh | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index 4982ed2e..2bc3803e 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -207,7 +207,11 @@ generate_config() { DEVFS_RULESET=$(grep -wo '\"devfs_ruleset\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/devfs_ruleset://') DEVFS_RULESET=${DEVFS_RULESET:-4} IS_THIN_JAIL=$(grep -wo '\"basejail\": .*' "${JSON_CONFIG}" | tr -d '" ,' | sed 's/basejail://') - CONFIG_RELEASE=$(grep -wo '\"release\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/release://' | sed 's/\-[pP].*//') + if [ -z "${RELEASE}" ]; then + CONFIG_RELEASE=$(grep -wo '\"release\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/release://' | sed 's/\-[pP].*//') + else + CONFIG_RELEASE="${RELEASE}" + fi IS_VNET_JAIL=$(grep -wo '\"vnet\": .*' "${JSON_CONFIG}" | tr -d '" ,' | sed 's/vnet://') VNET_DEFAULT_INTERFACE=$(grep -wo '\"vnet_default_interface\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/vnet_default_interface://') ALLOW_EMPTY_DIRS_TO_BE_SYMLINKED=1 @@ -221,7 +225,11 @@ generate_config() { PROP_CONFIG="${bastille_jailsdir}/${TARGET_TRIM}/prop.ezjail-${FILE_TRIM}-*" if [ -n "${PROP_CONFIG}" ]; then IPVX_CONFIG=$(grep -wo "jail_${TARGET_TRIM}_ip=.*" ${PROP_CONFIG} | tr -d '" ' | sed "s/jail_${TARGET_TRIM}_ip=//") - CONFIG_RELEASE=$(echo ${PROP_CONFIG} | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g') + if [ -z "${RELEASE}" ]; then + CONFIG_RELEASE=$(echo ${PROP_CONFIG} | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g') + else + CONFIG_RELEASE="${RELEASE}" + fi fi # Always assume it's thin for ezjail IS_THIN_JAIL=1 @@ -360,13 +368,9 @@ EOF if [ "${IS_THIN_JAIL:-0}" = "1" ]; then if [ -z "${CONFIG_RELEASE}" ]; then - if [ -n "${RELEASE}" ]; then - CONFIG_RELEASE="${RELEASE}" - else - # Fallback to host version - CONFIG_RELEASE=$(freebsd-version | sed 's/\-[pP].*//') - warn "Warning: ${CONFIG_RELEASE} was set by default!" - fi + # Fallback to host version + CONFIG_RELEASE=$(freebsd-version | sed 's/\-[pP].*//') + warn "Warning: ${CONFIG_RELEASE} was set by default!" fi mkdir "${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille" echo "${bastille_releasesdir}/${CONFIG_RELEASE} ${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille nullfs ro 0 0" \ From efee919b4923d5e4222586360b0953c8233e8fa4 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 23:12:31 -0700 Subject: [PATCH 12/13] import: Fix import to release for bastille jails --- usr/local/share/bastille/import.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index 2bc3803e..47e0c139 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -228,7 +228,7 @@ generate_config() { if [ -z "${RELEASE}" ]; then CONFIG_RELEASE=$(echo ${PROP_CONFIG} | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g') else - CONFIG_RELEASE="${RELEASE}" + ="${RELEASE}" fi fi # Always assume it's thin for ezjail @@ -410,7 +410,11 @@ update_config() { # The config on select archives does not provide a clear way to determine # the base release, so lets try to get it from the base/COPYRIGHT file, # otherwise warn user and fallback to host system release - CONFIG_RELEASE=$(grep -wo 'releng/[0-9]\{2\}.[0-9]/COPYRIGHT' "${bastille_jailsdir}/${TARGET_TRIM}/root/COPYRIGHT" | sed 's|releng/||;s|/COPYRIGHT|-RELEASE|') + if [ -z "${RELEASE}" ]; then + CONFIG_RELEASE=$(grep -wo 'releng/[0-9]\{2\}.[0-9]/COPYRIGHT' "${bastille_jailsdir}/${TARGET_TRIM}/root/COPYRIGHT" | sed 's|releng/||;s|/COPYRIGHT|-RELEASE|') + else + CONFIG_RELEASE="${RELEASE}" + fi if [ -z "${CONFIG_RELEASE}" ]; then # Fallback to host version CONFIG_RELEASE=$(freebsd-version | sed 's/\-[pP].*//') From eed70dc1293619f6bfa0420f4e5b9f8095abfb0e Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 23:13:57 -0700 Subject: [PATCH 13/13] import: Fix shellcheck --- usr/local/share/bastille/import.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index 47e0c139..511fedcf 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -228,7 +228,7 @@ generate_config() { if [ -z "${RELEASE}" ]; then CONFIG_RELEASE=$(echo ${PROP_CONFIG} | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g') else - ="${RELEASE}" + CONFIG_RELEASE="${RELEASE}" fi fi # Always assume it's thin for ezjail