From 1b522522afc563358e7525eb364f000063a73370 Mon Sep 17 00:00:00 2001 From: Jose Date: Tue, 17 Dec 2019 18:11:22 -0400 Subject: [PATCH 1/2] Improved container update process, add support for Thickjail updates --- usr/local/share/bastille/update.sh | 35 +++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/usr/local/share/bastille/update.sh b/usr/local/share/bastille/update.sh index 5f57a830..ba8923c7 100644 --- a/usr/local/share/bastille/update.sh +++ b/usr/local/share/bastille/update.sh @@ -47,7 +47,7 @@ if [ $# -gt 1 ] || [ $# -lt 1 ]; then usage fi -RELEASE="${1}" +TARGET="${1}" shift if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then @@ -55,9 +55,34 @@ if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then exit 1 fi -if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then - freebsd-update -b "${bastille_releasesdir}/${RELEASE}" fetch install --currently-running "${RELEASE}" +if [ -d "${bastille_jailsdir}/${TARGET}" ]; then + if ! cat "${bastille_jailsdir}/${TARGET}/fstab" 2>/dev/null | grep -w "${TARGET}" | grep -q ".bastille"; then + if [ "$(jls name | grep -w "${TARGET}")" ]; then + # Update a thick container. + CURRENT_VERSION=$(jexec -l ${TARGET} freebsd-version 2>/dev/null) + if [ -z "${CURRENT_VERSION}" ]; then + echo -e "${COLOR_RED}Can't determine '${TARGET}' version.${COLOR_RESET}" + exit 1 + else + env PAGER="/bin/cat" freebsd-update --not-running-from-cron -b "${bastille_jailsdir}/${TARGET}/root" \ + fetch install --currently-running "${CURRENT_VERSION}" + fi + else + echo -e "${COLOR_RED}${TARGET} is not running.${COLOR_RESET}" + echo -e "${COLOR_RED}See 'bastille start ${TARGET}'.${COLOR_RESET}" + exit 1 + fi + else + echo -e "${COLOR_RED}${TARGET} is not a thick container.${COLOR_RESET}" + exit 1 + fi else - echo -e "${COLOR_RED}${RELEASE} not found. See bootstrap.${COLOR_RESET}" - exit 1 + if [ -d "${bastille_releasesdir}/${TARGET}" ]; then + # Update container base(affects child containers). + env PAGER="/bin/cat" freebsd-update --not-running-from-cron -b "${bastille_releasesdir}/${TARGET}" \ + fetch install --currently-running "${TARGET}" + else + echo -e "${COLOR_RED}${TARGET} not found. See bootstrap.${COLOR_RESET}" + exit 1 + fi fi From ddff440b4fc57ab069f48df11d9910cde333386b Mon Sep 17 00:00:00 2001 From: Jose Date: Thu, 19 Dec 2019 11:23:46 -0400 Subject: [PATCH 2/2] Simplify grep search, add full path to jexec --- usr/local/share/bastille/update.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/update.sh b/usr/local/share/bastille/update.sh index ba8923c7..5a46657f 100644 --- a/usr/local/share/bastille/update.sh +++ b/usr/local/share/bastille/update.sh @@ -32,7 +32,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - echo -e "${COLOR_RED}Usage: bastille update release.${COLOR_RESET}" + echo -e "${COLOR_RED}Usage: bastille update release | container.${COLOR_RESET}" exit 1 } @@ -55,11 +55,11 @@ if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then exit 1 fi -if [ -d "${bastille_jailsdir}/${TARGET}" ]; then - if ! cat "${bastille_jailsdir}/${TARGET}/fstab" 2>/dev/null | grep -w "${TARGET}" | grep -q ".bastille"; then +if [ -d "${bastille_jailsdir}/${TARGET}" ]; then + if ! grep -qw ".bastille" "${bastille_jailsdir}/${TARGET}/fstab"; then if [ "$(jls name | grep -w "${TARGET}")" ]; then # Update a thick container. - CURRENT_VERSION=$(jexec -l ${TARGET} freebsd-version 2>/dev/null) + CURRENT_VERSION=$(/usr/sbin/jexec -l ${TARGET} freebsd-version 2>/dev/null) if [ -z "${CURRENT_VERSION}" ]; then echo -e "${COLOR_RED}Can't determine '${TARGET}' version.${COLOR_RESET}" exit 1