Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-23 18:50:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #887 from BastilleBSD/jail-import-iocage-ezjail

Browse Source 
import: Import jails using new interface format (iocage,ezjail)
This commit is contained in:
Barry McCormick
2025-03-03 08:26:25 -08:00
committed by GitHub
parent fdd42adcb5 eed70dc129
commit c6297d7194
3 changed files with 193 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
usr/local/share/bastille/create.sh
View File

@@ -554,10 +554,12 @@ create_jail() {
fi fi
fi fi
# Exit if jail was not started, which means something is wrong. # Exit if jail was not started, except for empty jails
if ! check_target_is_running "${NAME}"; then if [ -z "${EMPTY_JAIL}" ]; then
bastille destroy "${NAME}" if ! check_target_is_running "${NAME}"; then
error_exit "[${NAME}]: Failed to create jail..." bastille destroy "${NAME}"
error_exit "[${NAME}]: Failed to create jail..."
fi
fi fi
if [ -n "${VNET_JAIL}" ]; then if [ -n "${VNET_JAIL}" ]; then

108
usr/local/share/bastille/export.sh
View File

@@ -38,18 +38,17 @@ usage() {
# Valid compress/options for ZFS systems are raw, .gz, .tgz, .txz and .xz # Valid compress/options for ZFS systems are raw, .gz, .tgz, .txz and .xz
# Valid compress/options for non ZFS configured systems are .tgz and .txz # Valid compress/options for non ZFS configured systems are .tgz and .txz
# If no compression option specified, user must redirect standard output # If no compression option specified, user must redirect standard output
error_notify "Usage: bastille export | option(s) | TARGET | PATH" error_notify "Usage: bastille export [option(s)] TARGET PATH"
cat << EOF cat << EOF
Options: Options:
--gz -- Export a ZFS jail using GZIP(.gz) compressed image. --gz Export a ZFS jail using GZIP(.gz) compressed image.
-r | --raw -- Export a ZFS jail to an uncompressed RAW image. -r | --raw Export a ZFS jail to an uncompressed RAW image.
-s | --safe -- Safely stop and start a ZFS jail before the exporting process. -s | --safe Safely stop and start a ZFS jail before the exporting process.
--tgz -- Export a jail using simple .tgz compressed archive instead. --tgz Export a jail using simple .tgz compressed archive instead.
--txz -- Export a jail using simple .txz compressed archive instead. --txz Export a jail using simple .txz compressed archive instead.
-v | --verbose -- Be more verbose during the ZFS send operation. -v | --verbose Be more verbose during the ZFS send operation.
--xz -- Export a ZFS jail using XZ(.xz) compressed image. --xz Export a ZFS jail using XZ(.xz) compressed image.
Note: If no export option specified, the container should be redirected to standard output. Note: If no export option specified, the container should be redirected to standard output.
@@ -57,32 +56,6 @@ EOF
exit 1 exit 1
} }
# Handle help option
case "${1}" in
help|-h|--help)
usage
;;
esac
if [ $# -gt 5 ] || [ $# -lt 1 ]; then
usage
fi
TARGET="${1}"
GZIP_EXPORT=
XZ_EXPORT=
SAFE_EXPORT=
USER_EXPORT=
RAW_EXPORT=
DIR_EXPORT=
TXZ_EXPORT=
TGZ_EXPORT=
OPT_ZSEND="-R"
COMP_OPTION="0"
bastille_root_check
set_target_single "${TARGET}"
zfs_enable_check() { zfs_enable_check() {
# Temporarily disable ZFS so we can create a standard backup archive # Temporarily disable ZFS so we can create a standard backup archive
if checkyesno bastille_zfs_enable; then if checkyesno bastille_zfs_enable; then
@@ -92,9 +65,21 @@ zfs_enable_check() {
} }
opt_count() { opt_count() {
COMP_OPTION=$(expr ${COMP_OPTION} + 1) COMP_OPTION=$((COMP_OPTION + 1))
} }
# Reset export options
GZIP_EXPORT=
XZ_EXPORT=
SAFE_EXPORT=
USER_EXPORT=
RAW_EXPORT=
DIR_EXPORT=
TXZ_EXPORT=
TGZ_EXPORT=
OPT_ZSEND="-R"
COMP_OPTION="0"
if [ -n "${bastille_export_options}" ]; then if [ -n "${bastille_export_options}" ]; then
# Overrides the case options by the user defined option(s) automatically. # Overrides the case options by the user defined option(s) automatically.
# Add bastille_export_options="--optionA --optionB" to bastille.conf, or simply `export bastille_export_options="--optionA --optionB"` environment variable. # Add bastille_export_options="--optionA --optionB" to bastille.conf, or simply `export bastille_export_options="--optionA --optionB"` environment variable.
@@ -124,17 +109,17 @@ if [ -n "${bastille_export_options}" ]; then
opt_count opt_count
zfs_enable_check zfs_enable_check
shift;; shift;;
--safe) -s|--safe)
SAFE_EXPORT="1" SAFE_EXPORT="1"
shift;; shift;;
--raw) -r|--raw)
RAW_EXPORT="1" RAW_EXPORT="1"
opt_count opt_count
shift ;; shift ;;
--verbose) -v|--verbose)
OPT_ZSEND="-Rv" OPT_ZSEND="-Rv"
shift;; shift;;
--*|-*) error_notify "Unknown Option." -*) error_notify "Unknown Option: \"${1}\""
usage;; usage;;
esac esac
done done
@@ -142,66 +127,73 @@ else
# Handle options # Handle options
while [ $# -gt 0 ]; do while [ $# -gt 0 ]; do
case "${1}" in case "${1}" in
-h|--help|help)
usage
;;
--gz) --gz)
GZIP_EXPORT="1" GZIP_EXPORT="1"
TARGET="${2}"
opt_count opt_count
shift shift
;; ;;
--xz) --xz)
XZ_EXPORT="1" XZ_EXPORT="1"
TARGET="${2}"
opt_count opt_count
shift shift
;; ;;
--tgz) --tgz)
TGZ_EXPORT="1" TGZ_EXPORT="1"
TARGET="${2}"
opt_count opt_count
zfs_enable_check zfs_enable_check
shift shift
;; ;;
--txz) --txz)
TXZ_EXPORT="1" TXZ_EXPORT="1"
TARGET="${2}"
opt_count opt_count
zfs_enable_check zfs_enable_check
shift shift
;; ;;
-s|--safe) -s|--safe)
SAFE_EXPORT="1" SAFE_EXPORT="1"
TARGET="${2}"
shift shift
;; ;;
-r|--raw) -r|--raw)
RAW_EXPORT="1" RAW_EXPORT="1"
TARGET="${2}"
opt_count opt_count
shift shift
;; ;;
-v|--verbose) -v|--verbose)
OPT_ZSEND="-Rv" OPT_ZSEND="-Rv"
TARGET="${2}"
shift shift
;; ;;
--*|-*) -x)
error_notify "Unknown Option." enable_debug
shift
;;
-*)
error_notify "Unknown Option: \"${1}\""
usage usage
;; ;;
*) *)
if echo "${1}" | grep -q "\/"; then break
DIR_EXPORT="${1}"
else
if [ $# -gt 2 ] || [ $# -lt 1 ]; then
usage
fi
fi
shift
;; ;;
esac esac
done done
fi fi
if [ $# -gt 2 ] || [ $# -lt 1 ]; then
usage
fi
TARGET="${1}"
# Check for directory export
if echo "${2}" | grep -q "\/"; then
DIR_EXPORT="${2}"
fi
bastille_root_check
set_target_single "${TARGET}"
# Validate for combined options # Validate for combined options
if [ "${COMP_OPTION}" -gt "1" ]; then if [ "${COMP_OPTION}" -gt "1" ]; then
error_exit "Error: Only one compression format can be used during export." error_exit "Error: Only one compression format can be used during export."
@@ -217,7 +209,7 @@ if ! checkyesno bastille_zfs_enable; then
[ -n "${RAW_EXPORT}" ] || [ -n "${RAW_EXPORT}" ] ||
[ -n "${SAFE_EXPORT}" ] || [ -n "${SAFE_EXPORT}" ] ||
[ "${OPT_ZSEND}" = "-Rv" ]; then [ "${OPT_ZSEND}" = "-Rv" ]; then
error_exit "Options --xz, --gz, --raw, --safe, --verbose are valid for ZFS configured systems only." error_exit "Options --xz, --gz, --raw, --safe, and --verbose are valid for ZFS configured systems only."
fi fi
fi fi

178
usr/local/share/bastille/import.sh
View File

@@ -36,14 +36,15 @@
usage() { usage() {
# Build an independent usage for the import command # Build an independent usage for the import command
# If no file/extension specified, will import from standard input # If no file/extension specified, will import from standard input
error_notify "Usage: bastille import [option(s)] FILE" error_notify "Usage: bastille import [option(s)] FILE [RELEASE]"
cat << EOF cat << EOF
Options: Options:
-f | --force Force an archive import regardless if the checksum file does not match or missing. -f | --force Force an archive import regardless if the checksum file does not match or missing.
-v | --verbose Be more verbose during the ZFS receive operation. -M | --static-mac Generate static MAC for jail when importing foreign jails like iocage.
-x | --debug Enable debug mode. -v | --verbose Be more verbose during the ZFS receive operation.
-x | --debug Enable debug mode.
Tip: If no option specified, container should be imported from standard input. Tip: If no option specified, container should be imported from standard input.
@@ -54,16 +55,21 @@ EOF
# Handle options. # Handle options.
OPT_FORCE=0 OPT_FORCE=0
OPT_ZRECV="-u" OPT_ZRECV="-u"
OPT_STATIC_MAC=""
USER_IMPORT= USER_IMPORT=
while [ "$#" -gt 0 ]; do while [ "$#" -gt 0 ]; do
case "${1}" in case "${1}" in
-h|--help|help) -h|--help|help)
usage usage
;; ;;
-f|--force) -f|--force)
OPT_FORCE="1" OPT_FORCE="1"
shift shift
;; ;;
-M|--static-mac)
OPT_STATIC_MAC="1"
shift
;;
-v|--verbose) -v|--verbose)
OPT_ZRECV="-u -v" OPT_ZRECV="-u -v"
shift shift
@@ -76,6 +82,7 @@ while [ "$#" -gt 0 ]; do
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
f) OPT_FORCE=1 ;; f) OPT_FORCE=1 ;;
M) OPT_STATIC_MAC=1 ;;
v) OPT_ZRECV="-u -v" ;; v) OPT_ZRECV="-u -v" ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;; *) error_exit "Unknown Option: \"${1}\"" ;;
@@ -89,11 +96,12 @@ while [ "$#" -gt 0 ]; do
esac esac
done done
if [ $# -gt 3 ] || [ $# -lt 1 ]; then if [ $# -gt 2 ] || [ $# -lt 1 ]; then
usage usage
fi fi
TARGET="${1}" TARGET="${1}"
RELEASE="${2}"
bastille_root_check bastille_root_check
@@ -176,6 +184,9 @@ update_fstab_import() {
# If both variables are set, compare and update as needed # If both variables are set, compare and update as needed
if ! grep -qw "${bastille_releasesdir}/${FSTAB_RELEASE}.*${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille" "${FSTAB_CONFIG}"; then if ! grep -qw "${bastille_releasesdir}/${FSTAB_RELEASE}.*${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille" "${FSTAB_CONFIG}"; then
info "Updating fstab..." info "Updating fstab..."
if [ -n "${RELEASE}" ]; then
FSTAB_NEWCONF="${RELEASE}"
fi
sed -i '' "s|${FSTAB_CURRENT}|${FSTAB_NEWCONF}|" "${FSTAB_CONFIG}" sed -i '' "s|${FSTAB_CURRENT}|${FSTAB_NEWCONF}|" "${FSTAB_CONFIG}"
fi fi
fi fi
@@ -191,16 +202,20 @@ generate_config() {
# Gather some bits from foreign/iocage config files # Gather some bits from foreign/iocage config files
JSON_CONFIG="${bastille_jailsdir}/${TARGET_TRIM}/config.json" JSON_CONFIG="${bastille_jailsdir}/${TARGET_TRIM}/config.json"
if [ -n "${JSON_CONFIG}" ]; then if [ -n "${JSON_CONFIG}" ]; then
IPV4_CONFIG=$(grep -wo '\"ip4_addr\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/ip4_addr://') IP4_CONFIG=$(grep -wo '\"ip4_addr\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/ip4_addr://')
IPV6_CONFIG=$(grep -wo '\"ip6_addr\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/ip6_addr://') IP6_CONFIG=$(grep -wo '\"ip6_addr\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/ip6_addr://')
DEVFS_RULESET=$(grep -wo '\"devfs_ruleset\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/devfs_ruleset://') DEVFS_RULESET=$(grep -wo '\"devfs_ruleset\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/devfs_ruleset://')
DEVFS_RULESET=${DEVFS_RULESET:-4} DEVFS_RULESET=${DEVFS_RULESET:-4}
IS_THIN_JAIL=$(grep -wo '\"basejail\": .*' "${JSON_CONFIG}" | tr -d '" ,' | sed 's/basejail://') IS_THIN_JAIL=$(grep -wo '\"basejail\": .*' "${JSON_CONFIG}" | tr -d '" ,' | sed 's/basejail://')
CONFIG_RELEASE=$(grep -wo '\"release\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/release://' | sed 's/\-[pP].*//') if [ -z "${RELEASE}" ]; then
CONFIG_RELEASE=$(grep -wo '\"release\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/release://' | sed 's/\-[pP].*//')
else
CONFIG_RELEASE="${RELEASE}"
fi
IS_VNET_JAIL=$(grep -wo '\"vnet\": .*' "${JSON_CONFIG}" | tr -d '" ,' | sed 's/vnet://') IS_VNET_JAIL=$(grep -wo '\"vnet\": .*' "${JSON_CONFIG}" | tr -d '" ,' | sed 's/vnet://')
VNET_DEFAULT_INTERFACE=$(grep -wo '\"vnet_default_interface\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/vnet_default_interface://') VNET_DEFAULT_INTERFACE=$(grep -wo '\"vnet_default_interface\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/vnet_default_interface://')
ALLOW_EMPTY_DIRS_TO_BE_SYMLINKED=1 ALLOW_EMPTY_DIRS_TO_BE_SYMLINKED=1
if [ "${VNET_DEFAULT_INTERFACE}" = "auto" ]; then if [ "${VNET_DEFAULT_INTERFACE}" = "auto" ] || [ "${VNET_DEFAULT_INTERFACE}" = "none" ]; then
# Grab the default ipv4 route from netstat and pull out the interface # Grab the default ipv4 route from netstat and pull out the interface
VNET_DEFAULT_INTERFACE=$(netstat -nr4 | grep default | cut -w -f 4) VNET_DEFAULT_INTERFACE=$(netstat -nr4 | grep default | cut -w -f 4)
fi fi
@@ -210,7 +225,11 @@ generate_config() {
PROP_CONFIG="${bastille_jailsdir}/${TARGET_TRIM}/prop.ezjail-${FILE_TRIM}-*" PROP_CONFIG="${bastille_jailsdir}/${TARGET_TRIM}/prop.ezjail-${FILE_TRIM}-*"
if [ -n "${PROP_CONFIG}" ]; then if [ -n "${PROP_CONFIG}" ]; then
IPVX_CONFIG=$(grep -wo "jail_${TARGET_TRIM}_ip=.*" ${PROP_CONFIG} | tr -d '" ' | sed "s/jail_${TARGET_TRIM}_ip=//") IPVX_CONFIG=$(grep -wo "jail_${TARGET_TRIM}_ip=.*" ${PROP_CONFIG} | tr -d '" ' | sed "s/jail_${TARGET_TRIM}_ip=//")
CONFIG_RELEASE=$(echo ${PROP_CONFIG} | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g') if [ -z "${RELEASE}" ]; then
CONFIG_RELEASE=$(echo ${PROP_CONFIG} | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g')
else
CONFIG_RELEASE="${RELEASE}"
fi
fi fi
# Always assume it's thin for ezjail # Always assume it's thin for ezjail
IS_THIN_JAIL=1 IS_THIN_JAIL=1
@@ -218,58 +237,130 @@ generate_config() {
# See if we need to generate a vnet network section # See if we need to generate a vnet network section
if [ "${IS_VNET_JAIL:-0}" = "1" ]; then if [ "${IS_VNET_JAIL:-0}" = "1" ]; then
NETBLOCK=$(generate_vnet_jail_netblock "${TARGET_TRIM}" "" "${VNET_DEFAULT_INTERFACE}") NETBLOCK=$(generate_vnet_jail_netblock "${TARGET_TRIM}" "" "${VNET_DEFAULT_INTERFACE}" "${OPT_STATIC_MAC}")
vnet_requirements vnet_requirements
else else
# If there are multiple IP/NIC let the user configure network # If there are multiple IP/NIC let the user configure network
if [ -n "${IPV4_CONFIG}" ]; then IP4_DEFINITION=""
if ! echo "${IPV4_CONFIG}" | grep -q '.*,.*'; then IP6_DEFINITION=""
NETIF_CONFIG=$(echo "${IPV4_CONFIG}" | grep '.*|' | sed 's/|.*//g') IP6_MODE="disable"
if [ -z "${NETIF_CONFIG}" ]; then # IP4 set, but not IP6
if [ -n "${IP4_CONFIG}" ] && [ -z "${IP6_CONFIG}" ]; then
if ! echo "${IP4_CONFIG}" | grep -q '.*,.*'; then
IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g')
if [ -z "${IP4_IF}" ]; then
config_netif config_netif
fi IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};"
IPX_ADDR="ip4.addr" IP6_MODE="disable"
IP_CONFIG="${IPV4_CONFIG}" else
IP6_MODE="disable" IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};"
fi IP6_MODE="disable"
elif [ -n "${IPV6_CONFIG}" ]; then fi
if ! echo "${IPV6_CONFIG}" | grep -q '.*,.*'; then else
NETIF_CONFIG=$(echo "${IPV6_CONFIG}" | grep '.*|' | sed 's/|.*//g') IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g')
if [ -z "${NETIF_CONFIG}" ]; then if [ -z "${IP4_IF}" ]; then
config_netif config_netif
fi IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};"
IPX_ADDR="ip6.addr" IP6_MODE="disable"
IP_CONFIG="${IPV6_CONFIG}" else
IP6_MODE="new" IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};"
IP6_MODE="disable"
fi
fi fi
# IP6 set, but not IP4
elif [ -z "${IP4_CONFIG}" ] && [ -z "${IP6_CONFIG}" ]; then
if ! echo "${IP6_CONFIG}" | grep -q '.*,.*'; then
IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g')
if [ -z "${IP6_IF}" ]; then
config_netif
IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};"
IP6_MODE="new"
else
IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};"
IP6_MODE="new"
fi
else
IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g')
if [ -z "${IP6_IF}" ]; then
config_netif
IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};"
IP6_MODE="new"
else
IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};"
IP6_MODE="new"
fi
fi
# IP4 and IP6 both set
elif [ -n "${IP4_CONFIG}" ] && [ -n "${IP6_CONFIG}" ]; then
if ! echo "${IP4_CONFIG}" | grep -q '.*,.*'; then
IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g')
if [ -z "${IP4_IF}" ]; then
config_netif
IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};"
else
IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};"
fi
else
IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g')
if [ -z "${IP4_IF}" ]; then
config_netif
IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};"
else
IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};"
fi
fi
if ! echo "${IP6_CONFIG}" | grep -q '.*,.*'; then
IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g')
if [ -z "${IP6_IF}" ]; then
config_netif
IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};"
IP6_MODE="new"
else
IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};"
IP6_MODE="new"
fi
else
IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g')
if [ -z "${IP6_IF}" ]; then
config_netif
IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};"
IP6_MODE="new"
else
IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};"
IP6_MODE="new"
fi
fi
# ezjail import
elif [ -n "${IPVX_CONFIG}" ]; then elif [ -n "${IPVX_CONFIG}" ]; then
if ! echo "${IPVX_CONFIG}" | grep -q '.*,.*'; then if ! echo "${IPVX_CONFIG}" | grep -q '.*,.*'; then
NETIF_CONFIG=$(echo "${IPVX_CONFIG}" | grep '.*|' | sed 's/|.*//g') NETIF_CONFIG=$(echo "${IPVX_CONFIG}" | grep '.*|' | sed 's/|.*//g')
if [ -z "${NETIF_CONFIG}" ]; then if [ -z "${NETIF_CONFIG}" ]; then
config_netif config_netif
fi IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IPVX_CONFIG};"
IPX_ADDR="ip4.addr" IP6_MODE="disable"
IP_CONFIG="${IPVX_CONFIG}" else
IP6_MODE="disable" IP4_DEFINITION="ip4.addr = ${IPVX_CONFIG};"
IP6_MODE="disable"
fi
if echo "${IPVX_CONFIG}" | sed 's/.*|//' | grep -Eq '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$))'; then if echo "${IPVX_CONFIG}" | sed 's/.*|//' | grep -Eq '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$))'; then
IPX_ADDR="ip6.addr" IP4_DEFINITION=""
IP6_DEFINITION="ip6.addr = ${IPVX_CONFIG};"
IP6_MODE="new" IP6_MODE="new"
fi fi
fi fi
fi fi
# Let the user configure network manually # Let the user configure network manually
if [ -z "${NETIF_CONFIG}" ]; then if [ -z "${IP4_DEFINITION}" ] && [ -z "${IP6_DEFINITION}" ]; then
NETIF_CONFIG="lo1" IP4_DEFINITION="ip4.addr = lo1|-;"
IPX_ADDR="ip4.addr" IP6_DEFINITION=""
IP_CONFIG="-"
IP6_MODE="disable" IP6_MODE="disable"
warn "Warning: See 'bastille edit ${TARGET_TRIM} jail.conf' for manual network configuration." warn "Warning: See 'bastille edit ${TARGET_TRIM} jail.conf' for manual network configuration."
fi fi
NETBLOCK=$(cat <<-EOF NETBLOCK=$(cat <<-EOF
interface = ${NETIF_CONFIG}; ${IP4_DEFINITION}
${IPX_ADDR} = ${IP_CONFIG}; ${IP6_DEFINITION}
ip6 = ${IP6_MODE}; ip6 = ${IP6_MODE};
EOF EOF
) )
@@ -307,6 +398,7 @@ ${TARGET_TRIM} {
mount.fstab = ${bastille_jailsdir}/${TARGET_TRIM}/fstab; mount.fstab = ${bastille_jailsdir}/${TARGET_TRIM}/fstab;
path = ${bastille_jailsdir}/${TARGET_TRIM}/root; path = ${bastille_jailsdir}/${TARGET_TRIM}/root;
securelevel = 2; securelevel = 2;
osrelease = ${CONFIG_RELEASE};
${NETBLOCK} ${NETBLOCK}
} }
@@ -318,7 +410,11 @@ update_config() {
# The config on select archives does not provide a clear way to determine # The config on select archives does not provide a clear way to determine
# the base release, so lets try to get it from the base/COPYRIGHT file, # the base release, so lets try to get it from the base/COPYRIGHT file,
# otherwise warn user and fallback to host system release # otherwise warn user and fallback to host system release
CONFIG_RELEASE=$(grep -wo 'releng/[0-9]\{2\}.[0-9]/COPYRIGHT' "${bastille_jailsdir}/${TARGET_TRIM}/root/COPYRIGHT" | sed 's|releng/||;s|/COPYRIGHT|-RELEASE|') if [ -z "${RELEASE}" ]; then
CONFIG_RELEASE=$(grep -wo 'releng/[0-9]\{2\}.[0-9]/COPYRIGHT' "${bastille_jailsdir}/${TARGET_TRIM}/root/COPYRIGHT" | sed 's|releng/||;s|/COPYRIGHT|-RELEASE|')
else
CONFIG_RELEASE="${RELEASE}"
fi
if [ -z "${CONFIG_RELEASE}" ]; then if [ -z "${CONFIG_RELEASE}" ]; then
# Fallback to host version # Fallback to host version
CONFIG_RELEASE=$(freebsd-version | sed 's/\-[pP].*//') CONFIG_RELEASE=$(freebsd-version | sed 's/\-[pP].*//')