mirror of
https://github.com/hackacad/bastille.git
synced 2026-03-24 17:55:01 +01:00
Merge branch 'master' into bastille-monitor
This commit is contained in:
tschettervictor
GitHub
@@ -49,6 +49,7 @@ before attempting to upgrade to 16.0-RELEASE. This can be done in two ways.
|
||||
./pkgbasify.lua
|
||||
|
||||
2. Fetch the ``pkgbasify`` script and run it from the host using ``--rootdir``.
|
||||
This requires using PR 34 in the ``pkgbasify`` repo.
|
||||
|
||||
.. code-block:: shell
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
## [ BastilleBSD ] ##
|
||||
#####################
|
||||
|
||||
## default paths
|
||||
## Default paths
|
||||
bastille_prefix="/usr/local/bastille" ## default: "/usr/local/bastille"
|
||||
bastille_backupsdir="${bastille_prefix}/backups" ## default: "${bastille_prefix}/backups"
|
||||
bastille_cachedir="${bastille_prefix}/cache" ## default: "${bastille_prefix}/cache"
|
||||
@@ -14,10 +14,10 @@ bastille_logsdir="/var/log/bastille" ## default
|
||||
## pf configuration path
|
||||
bastille_pf_conf="/etc/pf.conf" ## default: "/etc/pf.conf"
|
||||
|
||||
## bastille scripts directory (assumed by bastille pkg)
|
||||
## Bastille commands directory (assumed by bastille pkg)
|
||||
bastille_sharedir="/usr/local/share/bastille" ## default: "/usr/local/share/bastille"
|
||||
|
||||
## bootstrap archives, which components of the OS to install.
|
||||
## Bootstrap archives, which components of the OS to install.
|
||||
## base - The base OS, kernel + userland
|
||||
## lib32 - Libraries for compatibility with 32 bit binaries
|
||||
## ports - The FreeBSD ports (3rd party applications) tree
|
||||
@@ -27,7 +27,7 @@ bastille_sharedir="/usr/local/share/bastille" ## default
|
||||
## bastille_bootstrap_archives="base lib32 ports src test"
|
||||
bastille_bootstrap_archives="base" ## default: "base"
|
||||
|
||||
## pkgbase package sets (used for FreeBSD 15+)
|
||||
## Pkgbase package sets
|
||||
## Any set with [-dbg] can be installed with debugging
|
||||
## symbols by adding '-dbg' to the package set
|
||||
## base[-dbg] - Base system
|
||||
@@ -45,16 +45,16 @@ bastille_bootstrap_archives="base" ## default
|
||||
## bastille_pkgbase_packages="base-jail lib32-dbg src"
|
||||
bastille_pkgbase_packages="base-jail" ## default: "base-jail"
|
||||
|
||||
## default timezone
|
||||
## Default timezone
|
||||
bastille_tzdata="" ## default: empty to use host's time zone
|
||||
|
||||
## default jail resolv.conf
|
||||
## Default jail resolv.conf
|
||||
bastille_resolv_conf="/etc/resolv.conf" ## default: "/etc/resolv.conf"
|
||||
|
||||
## bootstrap urls
|
||||
bastille_url_freebsd="http://ftp.freebsd.org/pub/FreeBSD/releases/" ## default: "http://ftp.freebsd.org/pub/FreeBSD/releases/"
|
||||
bastille_url_hardenedbsd="https://installers.hardenedbsd.org/pub/" ## default: "https://installer.hardenedbsd.org/pub/HardenedBSD/releases/"
|
||||
bastille_url_midnightbsd="https://www.midnightbsd.org/ftp/MidnightBSD/releases/" ## default: "https://www.midnightbsd.org/pub/MidnightBSD/releases/"
|
||||
## Bootstrap URLs
|
||||
bastille_url_freebsd="http://ftp.freebsd.org/pub/FreeBSD/releases/" ## default: "http://ftp.freebsd.org/pub/FreeBSD/releases/"
|
||||
bastille_url_hardenedbsd="https://installers.hardenedbsd.org/pub/" ## default: "https://installer.hardenedbsd.org/pub/HardenedBSD/releases/"
|
||||
bastille_url_midnightbsd="https://www.midnightbsd.org/ftp/MidnightBSD/releases/" ## default: "https://www.midnightbsd.org/pub/MidnightBSD/releases/"
|
||||
|
||||
## ZFS options
|
||||
bastille_zfs_enable="NO" ## default: "NO"
|
||||
|
||||
@@ -177,7 +177,8 @@ cleanup_directories() {
|
||||
zfs destroy "${bastille_zfs_zpool:?}/${bastille_zfs_prefix:?}/releases/${RELEASE}"
|
||||
fi
|
||||
fi
|
||||
elif [ -d "${bastille_cachedir}/${RELEASE}" ]; then
|
||||
fi
|
||||
if [ -d "${bastille_cachedir}/${RELEASE}" ]; then
|
||||
if [ -d "${bastille_cachedir}/${RELEASE}" ]; then
|
||||
rm -rf "${bastille_cachedir:?}/${RELEASE}"
|
||||
fi
|
||||
@@ -189,11 +190,11 @@ cleanup_directories() {
|
||||
|
||||
validate_release() {
|
||||
|
||||
info "\nAttempting to bootstrap ${PLATFORM_OS} release: ${RELEASE}"
|
||||
|
||||
# Set release name to sane release
|
||||
RELEASE="${NAME_VERIFY}"
|
||||
|
||||
info "\nAttempting to bootstrap ${PLATFORM_OS} release: ${RELEASE}"
|
||||
|
||||
### FreeBSD ###
|
||||
if [ "${PLATFORM_OS}" = "FreeBSD" ]; then
|
||||
MAJOR_VERSION=$(echo ${RELEASE} | grep -Eo '^[0-9]+')
|
||||
@@ -616,7 +617,7 @@ case "${RELEASE}" in
|
||||
UPSTREAM_URL=$(echo "${bastille_url_freebsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_VERIFY}" | sed 's/releases/snapshots/')
|
||||
FREEBSD_BRANCH="current"
|
||||
;;
|
||||
*-RELEASE|*-release|*-RC[1-9]|*-rc[1-9]|*-BETA[1-9])
|
||||
*-release|*-RELEASE|*-rc[1-9]|*-RC[1-9]|*-beta[1-9]|*-BETA[1-9])
|
||||
### FreeBSD ###
|
||||
PLATFORM_OS="FreeBSD"
|
||||
NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([0-9]+)\.[0-9](-RELEASE|-RC[1-9]|-BETA[1-9])$' | tr '[:lower:]' '[:upper:]')
|
||||
|
||||
@@ -2,55 +2,55 @@ FreeBSD-base-latest: {
|
||||
url: "pkg+https://pkg.FreeBSD.org/${ABI}/base_latest",
|
||||
mirror_type: "srv",
|
||||
signature_type: "fingerprints",
|
||||
fingerprints: "/usr/share/keys/pkg",
|
||||
fingerprints: "/usr/share/keys/pkgbase-${VERSION_MAJOR}",
|
||||
enabled: yes
|
||||
}
|
||||
FreeBSD-base-weekly: {
|
||||
url: "pkg+https://pkg.FreeBSD.org/${ABI}/base_weekly",
|
||||
mirror_type: "srv",
|
||||
signature_type: "fingerprints",
|
||||
fingerprints: "/usr/share/keys/pkg",
|
||||
fingerprints: "/usr/share/keys/pkgbase-${VERSION_MAJOR}",
|
||||
enabled: yes
|
||||
}
|
||||
FreeBSD-base-release-0: {
|
||||
url: "pkg+https://pkg.FreeBSD.org/${ABI}/base_release_0",
|
||||
mirror_type: "srv",
|
||||
signature_type: "fingerprints",
|
||||
fingerprints: "/usr/share/keys/pkg",
|
||||
fingerprints: "/usr/share/keys/pkgbase-${VERSION_MAJOR}",
|
||||
enabled: yes
|
||||
}
|
||||
FreeBSD-base-release-1: {
|
||||
url: "pkg+https://pkg.FreeBSD.org/${ABI}/base_release_1",
|
||||
mirror_type: "srv",
|
||||
signature_type: "fingerprints",
|
||||
fingerprints: "/usr/share/keys/pkg",
|
||||
fingerprints: "/usr/share/keys/pkgbase-${VERSION_MAJOR}",
|
||||
enabled: yes
|
||||
}
|
||||
FreeBSD-base-release-2: {
|
||||
url: "pkg+https://pkg.FreeBSD.org/${ABI}/base_release_2",
|
||||
mirror_type: "srv",
|
||||
signature_type: "fingerprints",
|
||||
fingerprints: "/usr/share/keys/pkg",
|
||||
fingerprints: "/usr/share/keys/pkgbase-${VERSION_MAJOR}",
|
||||
enabled: yes
|
||||
}
|
||||
FreeBSD-base-release-3: {
|
||||
url: "pkg+https://pkg.FreeBSD.org/${ABI}/base_release_3",
|
||||
mirror_type: "srv",
|
||||
signature_type: "fingerprints",
|
||||
fingerprints: "/usr/share/keys/pkg",
|
||||
fingerprints: "/usr/share/keys/pkgbase-${VERSION_MAJOR}",
|
||||
enabled: yes
|
||||
}
|
||||
FreeBSD-base-release-4: {
|
||||
url: "pkg+https://pkg.FreeBSD.org/${ABI}/base_release_4",
|
||||
mirror_type: "srv",
|
||||
signature_type: "fingerprints",
|
||||
fingerprints: "/usr/share/keys/pkg",
|
||||
fingerprints: "/usr/share/keys/pkgbase-${VERSION_MAJOR}",
|
||||
enabled: yes
|
||||
}
|
||||
FreeBSD-base-release-5: {
|
||||
url: "pkg+https://pkg.FreeBSD.org/${ABI}/base_release_5",
|
||||
mirror_type: "srv",
|
||||
signature_type: "fingerprints",
|
||||
fingerprints: "/usr/share/keys/pkg",
|
||||
fingerprints: "/usr/share/keys/pkgbase-${VERSION_MAJOR}",
|
||||
enabled: yes
|
||||
}
|
||||
@@ -123,23 +123,23 @@ jail_check() {
|
||||
JAIL_PLATFORM_OS="FreeBSD"
|
||||
fi
|
||||
|
||||
# Set CURRENT_VERSION
|
||||
CURRENT_VERSION=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null)
|
||||
if [ -z "${CURRENT_VERSION}" ]; then
|
||||
# Set OLD_RELEASE
|
||||
OLD_RELEASE=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null)
|
||||
if [ -z "${OLD_RELEASE}" ]; then
|
||||
error_exit "[ERROR]: Can't determine '${TARGET}' version."
|
||||
fi
|
||||
|
||||
# Validate method (Legacy/PkgBase)
|
||||
if [ "${JAIL_PLATFORM_OS}" = "FreeBSD" ]; then
|
||||
# Validate update method
|
||||
MINOR_VERSION=$(echo ${CURRENT_VERSION} | sed -E 's/^[0-9]+\.([0-9]+)-.*$/\1/')
|
||||
MAJOR_VERSION=$(echo ${CURRENT_VERSION} | grep -Eo '^[0-9]+')
|
||||
if echo "${CURRENT_VERSION}" | grep -oq "\-CURRENT"; then
|
||||
MINOR_VERSION=$(echo ${OLD_RELEASE} | sed -E 's/^[0-9]+\.([0-9]+)-.*$/\1/')
|
||||
MAJOR_VERSION=$(echo ${OLD_RELEASE} | grep -Eo '^[0-9]+')
|
||||
if echo "${OLD_RELEASE}" | grep -oq "\-CURRENT"; then
|
||||
FREEBSD_BRANCH="current"
|
||||
else
|
||||
FREEBSD_BRANCH="release"
|
||||
fi
|
||||
if [ "${MAJOR_VERSION}" -ge 16 ] || pkg -r "${bastille_jailsdir}/${TARGET}/root" which /usr/bin/uname > /dev/null 2>&1; then
|
||||
if pkg -r "${bastille_jailsdir}/${TARGET}/root" which /usr/bin/uname > /dev/null 2>&1; then
|
||||
PKGBASE=1
|
||||
fi
|
||||
fi
|
||||
@@ -181,10 +181,10 @@ jail_update() {
|
||||
fi
|
||||
|
||||
# Update release version (including patch level)
|
||||
NEW_VERSION=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null)
|
||||
if [ "${CURRENT_VERSION}" != "${NEW_VERSION}" ]; then
|
||||
bastille config ${TARGET} set osrelease ${NEW_VERSION} >/dev/null
|
||||
info "\nUpgrade complete: ${CURRENT_VERSION} > ${NEW_VERSION}\n"
|
||||
UPDATED_RELEASE=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null)
|
||||
if [ "${OLD_RELEASE}" != "${UPDATED_RELEASE}" ]; then
|
||||
bastille config ${TARGET} set osrelease ${UPDATED_RELEASE} >/dev/null
|
||||
info "\nUpdate complete: ${OLD_RELEASE} > ${UPDATED_RELEASE}\n"
|
||||
else
|
||||
info "\nNo updates available.\n"
|
||||
fi
|
||||
@@ -233,10 +233,10 @@ jail_update_pkgbase() {
|
||||
fi
|
||||
|
||||
# Update release version (including patch level)
|
||||
NEW_VERSION=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null)
|
||||
if [ "${CURRENT_VERSION}" != "${NEW_VERSION}" ]; then
|
||||
bastille config ${TARGET} set osrelease ${NEW_VERSION} >/dev/null
|
||||
info "\nUpgrade complete: ${CURRENT_VERSION} > ${NEW_VERSION}\n"
|
||||
UPDATED_RELEASE=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null)
|
||||
if [ "${OLD_RELEASE}" != "${UPDATED_RELEASE}" ]; then
|
||||
bastille config ${TARGET} set osrelease ${UPDATED_RELEASE} >/dev/null
|
||||
info "\nUpdate complete: ${OLD_RELEASE} > ${UPDATED_RELEASE}\n"
|
||||
else
|
||||
info "\nNo updates available.\n"
|
||||
fi
|
||||
@@ -276,7 +276,7 @@ release_check() {
|
||||
else
|
||||
FREEBSD_BRANCH="release"
|
||||
fi
|
||||
if [ "${MAJOR_VERSION}" -ge 16 ] || pkg -r "${bastille_releasesdir}/${TARGET}" which /usr/bin/uname > /dev/null 2>&1; then
|
||||
if pkg -r "${bastille_releasesdir}/${TARGET}" which /usr/bin/uname > /dev/null 2>&1; then
|
||||
PKGBASE=1
|
||||
fi
|
||||
fi
|
||||
@@ -436,9 +436,9 @@ case "${TARGET}" in
|
||||
NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]+)\.[0-9](-STABLE)$' | tr '[:lower:]' '[:upper:]')
|
||||
UPDATE_TARGET="RELEASE"
|
||||
;;
|
||||
*-release|*-RELEASE)
|
||||
*-release|*-RELEASE|*-rc[1-9]|*-RC[1-9]|*-beta[1-9]|*-BETA[1-9])
|
||||
PLATFORM_OS="FreeBSD"
|
||||
NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([0-9]+)\.[0-9](-RELEASE)$' | tr '[:lower:]' '[:upper:]')
|
||||
NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([0-9]+)\.[0-9](-RELEASE|-RC[1-9]|-BETA[1-9])$' | tr '[:lower:]' '[:upper:]')
|
||||
UPDATE_TARGET="RELEASE"
|
||||
;;
|
||||
current|CURRENT)
|
||||
@@ -489,4 +489,4 @@ case ${UPDATE_TARGET} in
|
||||
*)
|
||||
error_exit "[ERROR]: Unknown update target."
|
||||
;;
|
||||
esac
|
||||
esac
|
||||
|
||||
@@ -104,7 +104,15 @@ thick_jail_check() {
|
||||
error_exit "Use [-a|--auto] to auto-start the jail."
|
||||
fi
|
||||
|
||||
if [ "${PLATFORM_OS}" = "FreeBSD" ]; then
|
||||
# Verify PLATFORM_OS inside jail
|
||||
JAIL_PLATFORM_OS="$(${bastille_jailsdir}/${TARGET}/root/bin/freebsd-version)"
|
||||
if echo "${JAIL_PLATFORM_OS}" | grep -q "HBSD"; then
|
||||
JAIL_PLATFORM_OS="HardenedBSD"
|
||||
else
|
||||
JAIL_PLATFORM_OS="FreeBSD"
|
||||
fi
|
||||
|
||||
if [ "${JAIL_PLATFORM_OS}" = "FreeBSD" ]; then
|
||||
|
||||
# Set OLD_RELEASE
|
||||
OLD_RELEASE="$(${bastille_jailsdir}/${TARGET}/root/bin/freebsd-version 2>/dev/null)"
|
||||
@@ -117,13 +125,13 @@ thick_jail_check() {
|
||||
NEW_MAJOR_VERSION=$(echo ${NEW_RELEASE} | grep -Eo '^[0-9]+')
|
||||
|
||||
# Validate PKGBASE or non-PKGBASE
|
||||
if echo "${NEW_RELEASE}" | grep -oq "\-CURRENT"; then
|
||||
FREEBSD_BRANCH="current"
|
||||
else
|
||||
FREEBSD_BRANCH="release"
|
||||
fi
|
||||
if [ "${NEW_MAJOR_VERSION}" -ge 16 ] || pkg -r "${bastille_jailsdir}/${TARGET}/root" which /usr/bin/uname > /dev/null 2>&1; then
|
||||
if pkg -r "${bastille_jailsdir}/${TARGET}/root" which /usr/bin/uname > /dev/null 2>&1; then
|
||||
PKGBASE=1
|
||||
if echo "${NEW_RELEASE}" | grep -oq "\-CURRENT"; then
|
||||
FREEBSD_BRANCH="current"
|
||||
else
|
||||
FREEBSD_BRANCH="release"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Check if jail is already running NEW_RELEASE
|
||||
@@ -132,12 +140,12 @@ thick_jail_check() {
|
||||
error_exit "See 'bastille update TARGET' to update the jail."
|
||||
fi
|
||||
|
||||
elif [ "${PLATFORM_OS}" = "HardenedBSD" ]; then
|
||||
elif [ "${JAIL_PLATFORM_OS}" = "HardenedBSD" ]; then
|
||||
|
||||
# Set VERSION
|
||||
OLD_RELEASE="$(${bastille_jailsdir}/${TARGET}/root/bin/freebsd-version 2>/dev/null)"
|
||||
OLD_CONFIG_RELEASE="$(bastille config ${TARGET} get osrelease)"
|
||||
if [ -z "${OLD_RELEASE}" ]; then
|
||||
if [ -z "${OLD_RELEASE}" ] || [ -z "${OLD_CONFIG_RELEASE}" ]; then
|
||||
error_exit "[ERROR]: Can't determine '${TARGET}' version."
|
||||
fi
|
||||
|
||||
@@ -160,7 +168,7 @@ thin_jail_check() {
|
||||
error_exit "Use [-a|--auto] to auto-stop the jail."
|
||||
fi
|
||||
|
||||
# Set VERSION
|
||||
# Set OLD_RELEASE
|
||||
OLD_RELEASE="$(bastille config ${TARGET} get osrelease)"
|
||||
if [ -z "${OLD_RELEASE}" ]; then
|
||||
error_exit "[ERROR]: Can't determine '${TARGET}' version."
|
||||
@@ -189,9 +197,9 @@ release_check() {
|
||||
PLATFORM_OS="FreeBSD"
|
||||
NAME_VERIFY=$(echo "${NEW_RELEASE}" | grep -iwE '^([1-9]+)\.[0-9](-STABLE)$' | tr '[:lower:]' '[:upper:]')
|
||||
;;
|
||||
*-release|*-RELEASE)
|
||||
*-release|*-RELEASE|*-rc[1-9]|*-RC[1-9]|*-beta[1-9]|*-BETA[1-9])
|
||||
PLATFORM_OS="FreeBSD"
|
||||
NAME_VERIFY=$(echo "${NEW_RELEASE}" | grep -iwE '^([0-9]+)\.[0-9](-RELEASE)$' | tr '[:lower:]' '[:upper:]')
|
||||
NAME_VERIFY=$(echo "${NEW_RELEASE}" | grep -iwE '^([0-9]+)\.[0-9](-RELEASE|-RC[1-9]|-BETA[1-9])$' | tr '[:lower:]' '[:upper:]')
|
||||
;;
|
||||
current|CURRENT)
|
||||
PLATFORM_OS="HardenedBSD"
|
||||
@@ -243,31 +251,29 @@ jail_upgrade() {
|
||||
|
||||
else
|
||||
|
||||
if [ "${PLATFORM_OS}" = "FreeBSD" ]; then
|
||||
if [ "${JAIL_PLATFORM_OS}" = "FreeBSD" ]; then
|
||||
|
||||
local jailpath="${bastille_jailsdir}/${TARGET}/root"
|
||||
local work_dir="${jailpath}/var/db/freebsd-update"
|
||||
local freebsd_update_conf="${jailpath}/etc/freebsd-update.conf"
|
||||
|
||||
# Upgrade a thick jail
|
||||
env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron \
|
||||
--currently-running "${OLD_RELEASE}" \
|
||||
-j "${TARGET}" \
|
||||
-d "${work_dir}" \
|
||||
-f "${freebsd_update_conf}" \
|
||||
-r "${NEW_RELEASE}" upgrade
|
||||
if env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron \
|
||||
--currently-running "${OLD_RELEASE}" \
|
||||
-j "${TARGET}" \
|
||||
-d "${work_dir}" \
|
||||
-f "${freebsd_update_conf}" \
|
||||
-r "${NEW_RELEASE}" upgrade; then
|
||||
|
||||
UPGRADED_RELEASE="$(${bastille_jailsdir}/${TARGET}/root/bin/freebsd-version 2>/dev/null)"
|
||||
if [ "${OLD_RELEASE}" = "${UPGRADED_RELEASE}" ]; then
|
||||
info "\nNo upgrades available.\n"
|
||||
else
|
||||
# Update "osrelease" inside jail.conf using 'bastille config'
|
||||
bastille config ${TARGET} set osrelease ${UPGRADED_RELEASE} >/dev/null 2>/dev/null
|
||||
warn "Please run 'bastille upgrade ${TARGET} install', restart the jail, then run 'bastille upgrade ${TARGET} install' again to finish installing updates."
|
||||
echo
|
||||
info "\nUpgraded ${TARGET}: ${OLD_RELEASE} > ${NEW_RELEASE}"
|
||||
warn "\nPlease run 'bastille upgrade ${TARGET} install', restart the jail, then run 'bastille upgrade ${TARGET} install' again to finish installing the upgrade.\n"
|
||||
else
|
||||
info "\nNo upgrades available.\n"
|
||||
fi
|
||||
|
||||
elif [ "${PLATFORM_OS}" = "HardenedBSD" ]; then
|
||||
elif [ "${JAIL_PLATFORM_OS}" = "HardenedBSD" ]; then
|
||||
|
||||
local jailname="${TARGET}"
|
||||
local jailpath="${bastille_jailsdir}/${TARGET}/root"
|
||||
@@ -296,10 +302,10 @@ jail_upgrade() {
|
||||
-c "${hbsd_update_conf}"
|
||||
|
||||
UPGRADED_RELEASE="$(${bastille_jailsdir}/${TARGET}/root/bin/freebsd-version 2>/dev/null)"
|
||||
if [ "${OLD_RELEASE}" = "${UPGRADED_RELEASE}" ]; then
|
||||
info "\nNo upgrades available.\n"
|
||||
else
|
||||
if [ "${OLD_RELEASE}" != "${UPGRADED_RELEASE}" ]; then
|
||||
info "\nUpgraded ${TARGET}: ${OLD_RELEASE} -> ${UPGRADED_RELEASE}\n"
|
||||
else
|
||||
info "\nNo upgrades available.\n"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
@@ -307,7 +313,7 @@ jail_upgrade() {
|
||||
|
||||
jail_upgrade_pkgbase() {
|
||||
|
||||
if [ "${PLATFORM_OS}" = "FreeBSD" ]; then
|
||||
if [ "${JAIL_PLATFORM_OS}" = "FreeBSD" ]; then
|
||||
|
||||
local jailpath="${bastille_jailsdir}/${TARGET}/root"
|
||||
local abi="FreeBSD:${NEW_MAJOR_VERSION}:${HW_MACHINE_ARCH}"
|
||||
@@ -321,9 +327,18 @@ jail_upgrade_pkgbase() {
|
||||
|
||||
info "\n[${TARGET}]:"
|
||||
|
||||
if [ "${OLD_RELEASE}" = "${NEW_RELEASE}" ]; then
|
||||
error_notify "[ERROR]: Jail is already running '${NEW_RELEASE}'"
|
||||
error_exit "See 'bastille update TARGET' to update jail."
|
||||
# Verify trusted pkg keys
|
||||
if [ ! -f "${fingerprints}/trusted/awskms-${NEW_MAJOR_VERSION}" ]; then
|
||||
if ! fetch -o "${fingerprints}/trusted" https://cgit.freebsd.org/src/tree/share/keys/pkgbase-${NEW_MAJOR_VERSION}/trusted/awskms-${NEW_MAJOR_VERSION}
|
||||
then
|
||||
error_exit "[ERROR]: Failed to fetch trusted pkg keys."
|
||||
fi
|
||||
fi
|
||||
if [ ! -f "${fingerprints}/trusted/backup-signing-${NEW_MAJOR_VERSION}" ]; then
|
||||
if ! fetch -o "${fingerprints}/trusted" https://cgit.freebsd.org/src/tree/share/keys/pkgbase-${NEW_MAJOR_VERSION}/trusted/backup-signing-${NEW_MAJOR_VERSION}
|
||||
then
|
||||
error_exit "[ERROR]: Failed to fetch trusted backup pkg keys."
|
||||
fi
|
||||
fi
|
||||
|
||||
# Upgrade jail with pkgbase (thick only)
|
||||
@@ -356,10 +371,15 @@ jail_upgrade_pkgbase() {
|
||||
fi
|
||||
|
||||
# Update release version (including patch level)
|
||||
NEW_VERSION=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null)
|
||||
bastille config ${TARGET} set osrelease ${NEW_VERSION} >/dev/null 2>/dev/null
|
||||
UPGRADED_RELEASE=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null)
|
||||
if [ "${OLD_RELEASE}" != "${UPGRADED_RELEASE}" ]; then
|
||||
bastille config ${TARGET} set osrelease ${UPGRADED_RELEASE} >/dev/null 2>/dev/null
|
||||
info "\nUpgrade complete: ${OLD_RELEASE} > ${UPGRADED_RELEASE}\n"
|
||||
else
|
||||
info "\nNo updates available.\n"
|
||||
fi
|
||||
|
||||
info "\nUpgraded ${TARGET}: ${OLD_RELEASE} -> ${NEW_RELEASE}"
|
||||
info "\nUpgraded ${TARGET}: ${OLD_RELEASE} -> ${UPGRADED_RELEASE}"
|
||||
else
|
||||
error_exit "[ERROR]: Not implemented for platform: ${PLATFORM_OS}"
|
||||
fi
|
||||
@@ -368,7 +388,7 @@ jail_upgrade_pkgbase() {
|
||||
|
||||
jail_updates_install() {
|
||||
|
||||
if [ "${PLATFORM_OS}" = "FreeBSD" ]; then
|
||||
if [ "${JAIL_PLATFORM_OS}" = "FreeBSD" ]; then
|
||||
|
||||
local jailpath="${bastille_jailsdir}/${TARGET}/root"
|
||||
local work_dir="${jailpath}/var/db/freebsd-update"
|
||||
|
||||
Reference in New Issue
Block a user