From fa556acabbf67248461385933303662939e58879 Mon Sep 17 00:00:00 2001
From: tschettervictor <tschetter.victor@gmail.com>
Date: Tue, 28 Oct 2025 19:14:03 -0600
Subject: [PATCH] pkgbase: upgrade

---
 usr/local/share/bastille/update.sh  |   6 +
 usr/local/share/bastille/upgrade.sh | 166 ++++++++++++++++++----------
 2 files changed, 116 insertions(+), 56 deletions(-)

diff --git a/usr/local/share/bastille/update.sh b/usr/local/share/bastille/update.sh
index 112cf7aa..5ba4efa9 100644
--- a/usr/local/share/bastille/update.sh
+++ b/usr/local/share/bastille/update.sh
@@ -170,6 +170,9 @@ jail_update_pkgbase() {
                   upgrade -r "${repo_name}"; then
             error_exit "[ERROR]: Failed to upgrade jail: ${TARGET}"
         fi
+        # Update release version (including patch level)
+        NEW_VERSION=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null)
+        bastille config ${TARGET} set osrelease ${NEW_VERSION}
     else
         error_exit "[ERROR]: Jail not found: ${TARGET}"
     fi
@@ -201,6 +204,9 @@ jail_update() {
             -f "${freebsd_update_conf}" \
             install
         fi
+        # Update release version (including patch level)
+        NEW_VERSION=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null)
+        bastille config ${TARGET} set osrelease ${NEW_VERSION}
     fi
 }
 
diff --git a/usr/local/share/bastille/upgrade.sh b/usr/local/share/bastille/upgrade.sh
index 314a23b9..fb284c39 100644
--- a/usr/local/share/bastille/upgrade.sh
+++ b/usr/local/share/bastille/upgrade.sh
@@ -88,7 +88,7 @@ if [ $# -lt 2 ] || [ $# -gt 3 ]; then
 fi
 
 TARGET="${1}"
-NEWRELEASE="${2}"
+NEW_RELEASE="${2}"
 
 bastille_root_check
 set_target_single "${TARGET}"
@@ -104,13 +104,11 @@ fi
 
 thick_jail_check() {
 
-    local _jail="${1}"
-
     # Validate jail state
-    check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
-        bastille start "${_jail}"
+    check_target_is_running "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
+        bastille start "${TARGET}"
     else
-        info "\n[${_jail}]:"
+        info "\n[${TARGET}]:"
         error_notify "Jail is not running."
         error_exit "Use [-a|--auto] to auto-start the jail."
     fi
@@ -118,13 +116,11 @@ thick_jail_check() {
 
 thin_jail_check() {
 
-    local _jail="${1}"
-
     # Validate jail state
-    check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
-        bastille stop "${_jail}"
+    check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
+        bastille stop "${TARGET}"
     else
-        info "\n[${_jail}]:"
+        info "\n[${TARGET}]:"
         error_notify "Jail is running."
         error_exit "Use [-a|--auto] to auto-stop the jail."
     fi
@@ -132,94 +128,138 @@ thin_jail_check() {
 
 release_check() {
 
-    local _release="${1}"
-
     # Validate the release
-    if ! echo "${_release}" | grep -q "[0-9]\{2\}.[0-9]-[RELEASE,BETA,RC]"; then
-        error_exit "[ERROR]: ${_release} is not a valid release."
+    if ! echo "${NEW_RELEASE}" | grep -q "[0-9]\{2\}.[0-9]-[RELEASE,BETA,RC]"; then
+        error_exit "[ERROR]: ${NEW_RELEASE} is not a valid release."
     fi
 
-    # Exit if NEWRELEASE doesn't exist
+    # Exit if NEW_RELEASE doesn't exist
     if [ "${THIN_JAIL}" -eq 1 ]; then
-        if [ ! -d "${bastille_releasesdir}/${_release}" ]; then
-            error_notify "[ERROR]: Release not found: ${_release}"
-            error_exit "See 'bastille bootstrap ${_release} to bootstrap the release."
+        if [ ! -d "${bastille_releasesdir}/${NEW_RELEASE}" ]; then
+            error_notify "[ERROR]: Release not found: ${NEW_RELEASE}"
+            error_exit "See 'bastille bootstrap ${NEW_RELEASE} to bootstrap the release."
         fi
     fi
 }
 
+jail_upgrade_pkgbase() {
+
+    # Only thick jails should be targetted here
+    local old_release="$(jexec -l ${jailname} freebsd-version 2>/dev/null)"
+    local new_release="${NEW_RELEASE}"
+    local jailpath="${bastille_jailsdir}/${jailname}/root"
+    local abi="FreeBSD:${MAJOR_VERSION}:${HW_MACHINE_ARCH}"
+    local fingerprints="${jailpath}/usr/share/keys/pkg"
+    if [ "${FREEBSD_BRANCH}" = "release" ]; then
+        local repo_name="FreeBSD-base-release-${MINOR_VERSION}"
+    elif [ "${FREEBSD_BRANCH}" = "current" ]; then
+        local repo_name="FreeBSD-base-latest"
+    fi
+    local repo_dir="${bastille_sharedir}/pkgbase"
+
+    # Upgrade jail with pkgbase (thick only)
+    if [ -d "${jailpath}" ]; then
+        # Update repo (pkgbase)
+        if ! pkg --rootdir "${jailpath}" \
+                 --repo-conf-dir "${repo_dir}" \
+                  -o IGNORE_OSVERSION="yes" \
+                  -o ABI="${abi}" \
+                  -o ASSUME_ALWAYS_YES="yes" \
+                  -o FINGERPRINTS="${fingerprints}" \
+                  update -r "${repo_name}"; then
+            error_exit "[ERROR]: Failed to update pkg repo: ${repo_name}"
+        fi
+        # Update jail
+        if ! pkg --rootdir "${jailpath}" \
+                 --repo-conf-dir "${repo_dir}" \
+                  -o IGNORE_OSVERSION="yes" \
+                  -o ABI="${abi}" \
+                  -o ASSUME_ALWAYS_YES="yes" \
+                  -o FINGERPRINTS="${fingerprints}" \
+                  upgrade -r "${repo_name}"; then
+            error_exit "[ERROR]: Failed to upgrade jail: ${TARGET}"
+        fi
+        # Update release version (including patch level)
+        NEW_VERSION=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null)
+        bastille config ${TARGET} set osrelease ${NEW_VERSION}
+    else
+        error_exit "[ERROR]: Jail not found: ${TARGET}"
+    fi
+    info "\nUpgraded ${jailname}: ${old_release} -> ${new_release}"
+}
+
 jail_upgrade() {
 
-    local _jailname="${1}"
-
     if [ "${THIN_JAIL}" -eq 1 ]; then
-        local _oldrelease="$(bastille config ${_jailname} get osrelease)"
+        local old_release="$(bastille config ${jailname} get osrelease)"
     else
-        local _oldrelease="$(jexec -l ${_jailname} freebsd-version)"
+        local old_release="$(jexec -l ${jailname} freebsd-version 2>/dev/null)"
     fi
-    local _newrelease="${2}"
-    local _jailpath="${bastille_jailsdir}/${_jailname}/root"
-    local _workdir="${_jailpath}/var/db/freebsd-update"
-    local _freebsd_update_conf="${_jailpath}/etc/freebsd-update.conf"
+    local jailpath="${bastille_jailsdir}/${jailname}/root"
+    local work_dir="${jailpath}/var/db/freebsd-update"
+    local freebsd_update_conf="${jailpath}/etc/freebsd-update.conf"
 
     # Upgrade a thin jail
-    if grep -qw "${bastille_jailsdir}/${_jailname}/root/.bastille" "${bastille_jailsdir}/${_jailname}/fstab"; then
-        if [ "${_oldrelease}" = "not set" ]; then
-            _oldrelease="$(grep "${bastille_releasesdir}.*\.bastille.*nullfs.*" "${bastille_jailsdir}/${_jailname}/fstab" | awk -F"/releases/" '{print $2}' | awk '{print $1}')"
+    if grep -qw "${bastille_jailsdir}/${jailname}/root/.bastille" "${bastille_jailsdir}/${jailname}/fstab"; then
+        if [ "${old_release}" = "not set" ]; then
+            local old_release="$(grep "${bastille_releasesdir}.*\.bastille.*nullfs.*" "${bastille_jailsdir}/${jailname}/fstab" | awk -F"/releases/" '{print $2}' | awk '{print $1}')"
         fi
-        local _newrelease="${NEWRELEASE}"
+        local new_release="${NEW_RELEASE}"
         # Update "osrelease" entry inside fstab
-        sed -i '' "/.bastille/ s|${_oldrelease}|${_newrelease}|g" "${bastille_jailsdir}/${_jailname}/fstab"
+        sed -i '' "/.bastille/ s|${old_release}|${new_release}|g" "${bastille_jailsdir}/${jailname}/fstab"
         # Update "osrelease" inside jail.conf using 'bastille config'
-        bastille config ${_jailname} set osrelease ${_newrelease}
+        bastille config ${jailname} set osrelease ${new_release}
         # Start jail if AUTO=1
         if [ "${AUTO}" -eq 1 ]; then
-            bastille start "${_jailname}"
+            bastille start "${jailname}"
         fi
-        info "\nUpgraded ${_jailname}: ${_oldrelease} -> ${_newrelease}"
-        echo "See 'bastille etcupdate TARGET' to update /etc/rc.conf"
+        info "\nUpgraded ${jailname}: ${old_release} -> ${new_release}"
+        echo "See 'bastille etcupdate TARGET' to update /etc"
     else
         # Upgrade a thick jail
         env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron \
-        --currently-running "${_oldrelease}" \
-        -j "${_jailname}" \
-        -d "${_workdir}" \
-        -f "${_freebsd_update_conf}" \
-        -r "${_newrelease}" upgrade
+        --currently-running "${old_release}" \
+        -j "${jailname}" \
+        -d "${work_dir}" \
+        -f "${freebsd_update_conf}" \
+        -r "${new_release}" upgrade
 
         # Update "osrelease" inside jail.conf using 'bastille config'
-        bastille config ${_jailname} set osrelease ${_newrelease}
-        warn "Please run 'bastille upgrade ${_jailname} install', restart the jail, then run 'bastille upgrade ${_jailname} install' again to finish installing updates."
+        bastille config ${jailname} set osrelease ${new_release}
+        warn "Please run 'bastille upgrade ${jailname} install', restart the jail, then run 'bastille upgrade ${jailname} install' again to finish installing updates."
     fi
 }
 
 jail_updates_install() {
 
-    local _jailname="${1}"
-    local _jailpath="${bastille_jailsdir}/${_jailname}/root"
-    local _workdir="${_jailpath}/var/db/freebsd-update"
-    local _freebsd_update_conf="${_jailpath}/etc/freebsd-update.conf"
+    local jailpath="${bastille_jailsdir}/${TARGET}/root"
+    local work_dir="${jailpath}/var/db/freebsd-update"
+    local freebsd_update_conf="${jailpath}/etc/freebsd-update.conf"
 
     # Finish installing upgrade on a thick container
-    if [ -d "${bastille_jailsdir}/${_jailname}" ]; then
+    if [ -d "${jailpath}" ]; then
         env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron \
-        -j "${_jailname}" \
-        -d "${_workdir}" \
-        -f "${_freebsd_update_conf}" \
+        -j "${jailname}" \
+        -d "${work_dir}" \
+        -f "${freebsd_update_conf}" \
         install
     else
-        error_exit "[ERROR]: ${_jailname} not found. See 'bastille bootstrap RELEASE'."
+        error_exit "[ERROR]: ${jailname} not found. See 'bastille bootstrap RELEASE'."
     fi
 }
 
-# Check if jail is thick or thin
+# Set needed variables
 THIN_JAIL=0
+PKGBASE=0
+HW_MACHINE_ARCH=$(sysctl hw.machine_arch | awk '{ print $2 }')
+
+# Validate jail type (thick/thin)
 if grep -qw "${bastille_jailsdir}/${TARGET}/root/.bastille" "${bastille_jailsdir}/${TARGET}/fstab"; then
     THIN_JAIL=1
 fi
 
 # Check what we should upgrade
-if [ "${NEWRELEASE}" = "install" ]; then
+if [ "${NEW_RELEASE}" = "install" ]; then
     if [ "${THIN_JAIL}" -eq 1 ]; then
         thin_jail_check "${TARGET}"
     else
@@ -228,12 +268,26 @@ if [ "${NEWRELEASE}" = "install" ]; then
     info "\n[${TARGET}]:"
     jail_updates_install "${TARGET}"
 else
-    release_check "${NEWRELEASE}"
+    release_check
     if [ "${THIN_JAIL}" -eq 1 ]; then
         thin_jail_check "${TARGET}"
     else
         thick_jail_check "${TARGET}"
+        MINOR_VERSION=$(echo ${NEW_RELEASE} | sed -E 's/^[0-9]+\.([0-9]+)-.*$/\1/')
+        MAJOR_VERSION=$(echo ${NEW_RELEASE} | grep -Eo '^[0-9]+')
+        if echo "${TARGET}" | grep -oq "-CURRENT"; then
+            FREEBSD_BRANCH="current"
+        else
+            FREEBSD_BRANCH="release"
+        fi
+        if [ "${MAJOR_VERSION}" -ge 16 ] || pkg -r "${bastille_jailsdir}/${TARGET}/root" -N 2>/dev/null; then
+            PKGBASE=1
+        fi
     fi
     info "\n[${TARGET}]:"
-    jail_upgrade "${TARGET}" "${NEWRELEASE}"
+	if [ "${PKGBASE}" -eq 1 ]; then
+        jail_upgrade_pkgbase
+    else
+        jail_upgrade
+    fi
 fi