Xigmanas/xigmanas-bastille-extension
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

Code cleanup

Browse Source
This commit is contained in:
Jose
2019-12-01 03:33:30 -04:00
parent 7faed8d8f2
commit b293dc3172
3 changed files with 35 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG
+1
View File
@@ -3,6 +3,7 @@
====================== ======================
Version Description Version Description
1.0.20......Code cleanup.
1.0.19......Added freebsd-update support. 1.0.19......Added freebsd-update support.
1.0.18......Added update/upgrade handling improvements. 1.0.18......Added update/upgrade handling improvements.
1.0.17......Display container release version, ability to upgrade/downgrade container base. 1.0.17......Display container release version, ability to upgrade/downgrade container base.
bastille-init
+33 -33
View File
@@ -591,13 +591,13 @@ jail_update()
{ {
if [ "${PRDPRODUCT}" = "XigmaNAS" -o "${PRDPRODUCT}" = "NAS4Free" ]; then if [ "${PRDPRODUCT}" = "XigmaNAS" -o "${PRDPRODUCT}" = "NAS4Free" ]; then
if [ ! -d "${FREEBSD_UPDATE}" ]; then if [ ! -d "${FREEBSD_UPDATE}" ]; then
echo -e "Not supported on ${PRDPRODUCT} platform." echo "Not supported on ${PRDPRODUCT} platform."
exit 1 exit 1
fi fi
fi fi
if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then
echo -e "Not supported on HardenedBSD." echo "Not supported on HardenedBSD."
exit 1 exit 1
fi fi
@@ -607,29 +607,29 @@ jail_update()
if [ $(jls name | grep -w "${TARGET}") ]; then if [ $(jls name | grep -w "${TARGET}") ]; then
# Update a thick container(securelevel/allow.chflags dependent). # Update a thick container(securelevel/allow.chflags dependent).
if ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "securelevel = 0|securelevel = -1"; then if ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "securelevel = 0|securelevel = -1"; then
echo -e "Container securelevel is greater than zero." echo "Container securelevel is greater than zero."
disable_freebsd_update disable_freebsd_update
exit 1 exit 1
elif ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "allow.chflags = 1"; then elif ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "allow.chflags = 1"; then
echo -e "Container allow.chflags is disabled." echo "Container allow.chflags is disabled."
disable_freebsd_update disable_freebsd_update
exit 1 exit 1
fi fi
CURRENT_VERSION=$(jexec -l ${TARGET} freebsd-version) CURRENT_VERSION=$(jexec -l ${TARGET} freebsd-version)
jexec -l "${TARGET}" freebsd-update fetch install --currently-running "${CURRENT_VERSION}" jexec -l "${TARGET}" freebsd-update fetch install --currently-running "${CURRENT_VERSION}"
else else
echo -e "Container not running." echo "Container not running."
echo -e "See 'bastille start ${TARGET}'." echo "See 'bastille start ${TARGET}'."
disable_freebsd_update disable_freebsd_update
exit 1 exit 1
fi fi
else else
echo -e "${TARGET} state is unknown." echo "${TARGET} state is unknown."
disable_freebsd_update disable_freebsd_update
exit 1 exit 1
fi fi
else else
echo -e "${TARGET} is not a thick container." echo "${TARGET} is not a thick container."
disable_freebsd_update disable_freebsd_update
exit 1 exit 1
fi fi
@@ -638,7 +638,7 @@ jail_update()
# Update container base(affects base child containers). # Update container base(affects base child containers).
freebsd-update -b "${bastille_releasesdir}/${TARGET}" fetch install --currently-running "${TARGET}" freebsd-update -b "${bastille_releasesdir}/${TARGET}" fetch install --currently-running "${TARGET}"
else else
echo -e "${TARGET} not found. See bootstrap." echo "${TARGET} not found. See bootstrap."
disable_freebsd_update disable_freebsd_update
exit 1 exit 1
fi fi
@@ -650,7 +650,7 @@ jail_update()
thinjail_upgrade() thinjail_upgrade()
{ {
if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then
echo -e "Not supported on HardenedBSD." echo "Not supported on HardenedBSD."
exit 1 exit 1
fi fi
@@ -660,11 +660,11 @@ thinjail_upgrade()
if [ -f "${bastille_releasesdir}/${RELEASE}/COPYRIGHT" ]; then if [ -f "${bastille_releasesdir}/${RELEASE}/COPYRIGHT" ]; then
## check if the container is running ## check if the container is running
if [ $(jls name | grep -w "${TARGET}") ]; then if [ $(jls name | grep -w "${TARGET}") ]; then
echo -e "${TARGET} running." echo "${TARGET} running."
echo -e "See 'bastille stop ${TARGET}'." echo "See 'bastille stop ${TARGET}'."
exit 1 exit 1
elif [ "${RELEASE}" = "${NEWRELEASE}" ]; then elif [ "${RELEASE}" = "${NEWRELEASE}" ]; then
echo -e "Specified releases name match." echo "Specified releases name match."
exit 0 exit 0
fi fi
if [ -d "${bastille_releasesdir}/${NEWRELEASE}" ]; then if [ -d "${bastille_releasesdir}/${NEWRELEASE}" ]; then
@@ -674,38 +674,38 @@ thinjail_upgrade()
if cat "${bastille_jailsdir}/${TARGET}/fstab" | grep "${RELEASE}" | grep -q ".bastille"; then if cat "${bastille_jailsdir}/${TARGET}/fstab" | grep "${RELEASE}" | grep -q ".bastille"; then
## if the previous conditions meets, proceed with the container base upgrade ## if the previous conditions meets, proceed with the container base upgrade
sed -i '' "s/${RELEASE}/${NEWRELEASE}/g" ${bastille_jailsdir}/${TARGET}/fstab sed -i '' "s/${RELEASE}/${NEWRELEASE}/g" ${bastille_jailsdir}/${TARGET}/fstab
echo -e "${TARGET} release changed to ${NEWRELEASE}." echo "${TARGET} release changed to ${NEWRELEASE}."
elif cat "${bastille_jailsdir}/${TARGET}/fstab" | grep "${NEWRELEASE}" | grep -q ".bastille"; then elif cat "${bastille_jailsdir}/${TARGET}/fstab" | grep "${NEWRELEASE}" | grep -q ".bastille"; then
echo -e "${TARGET} already using ${NEWRELEASE}." echo "${TARGET} already using ${NEWRELEASE}."
exit 0 exit 0
else else
if cat "${bastille_jailsdir}/${TARGET}/fstab" | grep -q ".bastille"; then if cat "${bastille_jailsdir}/${TARGET}/fstab" | grep -q ".bastille"; then
echo -e "${TARGET} container does not use ${RELEASE}."; exit 1 echo "${TARGET} container does not use ${RELEASE}."; exit 1
else else
echo -e "${TARGET} is not a thin container."; exit 1 echo "${TARGET} is not a thin container."; exit 1
fi fi
fi fi
else else
echo -e "${TARGET} fstab not found."; exit 1 echo "${TARGET} fstab not found."; exit 1
fi fi
else else
echo -e "Unknown ${NEWRELEASE}. See bootstrap."; exit 1 echo "Unknown ${NEWRELEASE}. See bootstrap."; exit 1
fi fi
else else
echo -e "${NEWRELEASE} not found, bootstrap starting...." echo "${NEWRELEASE} not found, bootstrap starting...."
bastille bootstrap ${NEWRELEASE} bastille bootstrap ${NEWRELEASE}
if [ ! $? -ne 0 ]; then if [ ! $? -ne 0 ]; then
thinjail_upgrade thinjail_upgrade
fi fi
fi fi
else else
echo -e "Unknown ${RELEASE}. See bootstrap."; exit 1 echo "Unknown ${RELEASE}. See bootstrap."; exit 1
fi fi
else else
echo -e "${RELEASE} not found. See bootstrap."; exit 1 echo "${RELEASE} not found. See bootstrap."; exit 1
fi fi
else else
echo -e "${TARGET} not found. See create."; exit 1 echo "${TARGET} not found. See create."; exit 1
fi fi
exit 0 exit 0
} }
@@ -714,13 +714,13 @@ thickjail_upgrade()
{ {
if [ "${PRDPRODUCT}" = "XigmaNAS" -o "${PRDPRODUCT}" = "NAS4Free" ]; then if [ "${PRDPRODUCT}" = "XigmaNAS" -o "${PRDPRODUCT}" = "NAS4Free" ]; then
if [ ! -d "${FREEBSD_UPDATE}" ]; then if [ ! -d "${FREEBSD_UPDATE}" ]; then
echo -e "Not supported on ${PRDPRODUCT} platform." echo "Not supported on ${PRDPRODUCT} platform."
exit 1 exit 1
fi fi
fi fi
if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then
echo -e "Not supported on HardenedBSD." echo "Not supported on HardenedBSD."
exit 1 exit 1
fi fi
@@ -731,31 +731,31 @@ thickjail_upgrade()
if [ $(jls name | grep -w "${TARGET}") ]; then if [ $(jls name | grep -w "${TARGET}") ]; then
## upgrade a thick container(securelevel/allow.chflags dependent) ## upgrade a thick container(securelevel/allow.chflags dependent)
if ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "securelevel = 0|securelevel = -1"; then if ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "securelevel = 0|securelevel = -1"; then
echo -e "Container securelevel is greater than zero." echo "Container securelevel is greater than zero."
disable_freebsd_update disable_freebsd_update
exit 1 exit 1
elif ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "allow.chflags = 1"; then elif ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "allow.chflags = 1"; then
echo -e "Container allow.chflags is disabled." echo "Container allow.chflags is disabled."
disable_freebsd_update disable_freebsd_update
exit 1 exit 1
fi fi
echo -e "Below command should be run several times when asked to finish installing updates." echo "Below command should be run several times when asked to finish installing updates."
echo -e "bastille cmd ${TARGET} freebsd-update install" echo "bastille cmd ${TARGET} freebsd-update install"
CURRENT_VERSION=$(jexec -l ${TARGET} freebsd-version) CURRENT_VERSION=$(jexec -l ${TARGET} freebsd-version)
jexec -l "${TARGET}" freebsd-update --currently-running "${CURRENT_VERSION}" -r ${RELEASE} upgrade jexec -l "${TARGET}" freebsd-update --currently-running "${CURRENT_VERSION}" -r ${RELEASE} upgrade
else else
echo -e "Container not running." echo "Container not running."
echo -e "See 'bastille start ${TARGET}'." echo "See 'bastille start ${TARGET}'."
disable_freebsd_update disable_freebsd_update
exit 1 exit 1
fi fi
else else
echo -e "${TARGET} state is unknown." echo "${TARGET} state is unknown."
disable_freebsd_update disable_freebsd_update
exit 1 exit 1
fi fi
else else
echo -e "${TARGET} is not a thick container." echo "${TARGET} is not a thick container."
disable_freebsd_update disable_freebsd_update
exit 1 exit 1
fi fi
version
+1 -1
View File
@@ -1 +1 @@
1.0.19 1.0.20