From 96e2cefc664d8e32b8e96c5fdb37a8271b832160 Mon Sep 17 00:00:00 2001 From: tschettervictor Date: Sat, 4 Jan 2025 11:12:56 -0700 Subject: [PATCH 01/41] etcupdate: beta version Add subcommand "etcupdate" This will simply use the built in "bootstrap" command to bootstrap the "src" version of a release, then create a tarball for it ONCE. This tarball is then used to update (includes dry run) a specifie jail to a specified RELEASE version of etc. --- usr/local/bin/bastille | 3 +- usr/local/share/bastille/etcupdate.sh | 128 ++++++++++++++++++++++++++ 2 files changed, 130 insertions(+), 1 deletion(-) create mode 100644 usr/local/share/bastille/etcupdate.sh diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index 5c78318a..6e33fe10 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -93,6 +93,7 @@ Available Commands: create Create a new thin container or a thick container if -T|--thick option specified. destroy Destroy a stopped container or a FreeBSD release. edit Edit container configuration files (advanced). + etcupdate Update /etc directory to specified release. export Exports a specified container. help Help about any command. htop Interactive process viewer (requires htop). @@ -157,7 +158,7 @@ version|-v|--version) help|-h|--help) usage ;; -bootstrap|create|destroy|export|htop|import|list|mount|rdr|restart|setup|start|top|umount|update|upgrade|verify) +bootstrap|create|destroy|etcupdate|export|htop|import|list|mount|rdr|restart|setup|start|top|umount|update|upgrade|verify) # Nothing "extra" to do for these commands. -- cwells ;; clone|config|cmd|console|convert|cp|edit|limits|pkg|rcp|rename|service|stop|sysrc|tags|template|zfs) diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh new file mode 100644 index 00000000..ec805726 --- /dev/null +++ b/usr/local/share/bastille/etcupdate.sh @@ -0,0 +1,128 @@ +#!/bin/sh +# Copyright (c) 2018-2024, Christer Edwards +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# * Neither the name of the copyright holder nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +. /usr/local/share/bastille/common.sh +. /usr/local/etc/bastille/bastille.conf + +usage() { + error_notify "Usage: bastille etcupdate [option(s)] [TARGET|bootstrap] RELEASE" + cat << EOF + Options: + + -d | --dry-run Show output, but do not apply. + +EOF + exit 1 +} + +bootstrap_etc_release() { + local _release="${1}" + local _current="$(sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives | awk -F': ' '{print $2}')" + if ! ls -A "${bastille_releasesdir}/${_release}/usr/src" 2>/dev/null; then + sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives=src + if ! bastille bootstrap "${_release}"; then + error_notify "Failed to bootstrap etcupdate \"${_release}\"" + fi + sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives="${_current}" + fi +} + +bootstrap_etc_tarball() { + local _release="${1}" + if [ ! -f ${bastille_cachedir}/${_release}.tbz2 ]; then + if ! etcupdate build -d /tmp/etcupdate -s ${bastille_releasesdir}/${_release}/usr/src ${bastille_cachedir}/${_release}.tbz2; then + error_exit "Failed to build etcupdate tarball \"${_release}.tbz2\"" + else + info "Etcupdate bootstrap complete: \"${_release}\"" + fi + else + info "Etcupdate release has already been prepared for application: \"${_release}\"" + exit 0 + fi +} + +update_jail_etc() { + local _jail="${1}" + local _release="${2}" + if [ "${DRY_RUN}" -eq 1 ]; then + info "[_jail]: --dry-run" + etcupdate -n -D "${bastille_jailsdir}"/"${_jail}"/root -t ${bastille_cachedir}/${_release}.tbz2 + else + info "[_jail]:" + etcupdate -D "${bastille_jailsdir}"/"${_jail}"/root -t ${bastille_cachedir}/${_release}.tbz2 + fi +} + +if [ "$#" -lt 2 ] || [ "$#" -gt 3 ]; then + usage +fi + +# Handle options. +while [ "$#" -gt 0 ]; do + case "${1}" in + -h|--help|help) + usage + ;; + -d|--dry-run) + if [ -z "${2}" ] || [ -z "${3}" ]; then + usage + else + DRY_RUN=1 + shift + fi + ;; + -*) + error_exit "Unknown option: \"${1}\"" + ;; + bootstrap) + if [ -z "${2}" ]; then + usage + else + RELEASE="${2}" + bootstrap_etc_release "${RELEASE}" + bootstrap_etc_tarball "${RELEASE}" + shift $# + fi + ;; + *) + if [ -z "${2}" ]; then + usage + else + TARGET="${1}" + RELEASE="${2}" + fi + if [ -z "${DRY_RUN}" ]; then + DRY_RUN=0 + fi + set_target_single "${TARGET}" + update_jail_etc "${TARGET}" "${RELEASE}" + shift "$#" + ;; + esac +done From b7ac062a70e034aaa5671fc72dfde55beb370430 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sun, 5 Jan 2025 21:59:12 -0700 Subject: [PATCH 02/41] etcupdate: fix ! --- usr/local/share/bastille/etcupdate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index ec805726..60634b7b 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -44,7 +44,7 @@ EOF bootstrap_etc_release() { local _release="${1}" local _current="$(sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives | awk -F': ' '{print $2}')" - if ! ls -A "${bastille_releasesdir}/${_release}/usr/src" 2>/dev/null; then + if ls -A "${bastille_releasesdir}/${_release}/usr/src" 2>/dev/null; then sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives=src if ! bastille bootstrap "${_release}"; then error_notify "Failed to bootstrap etcupdate \"${_release}\"" From 50c5e8c4ae8b6e972b4980857fc446129b6e2e5e Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sun, 5 Jan 2025 22:06:36 -0700 Subject: [PATCH 03/41] etcupdate: add notice for building tarball --- usr/local/share/bastille/etcupdate.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index 60634b7b..aaded241 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -56,6 +56,7 @@ bootstrap_etc_release() { bootstrap_etc_tarball() { local _release="${1}" if [ ! -f ${bastille_cachedir}/${_release}.tbz2 ]; then + echo "Building tarball, please wait..." if ! etcupdate build -d /tmp/etcupdate -s ${bastille_releasesdir}/${_release}/usr/src ${bastille_cachedir}/${_release}.tbz2; then error_exit "Failed to build etcupdate tarball \"${_release}.tbz2\"" else From 0d09ac9607816613b6e8ad20c3410adae814b105 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 7 Jan 2025 17:14:02 -0700 Subject: [PATCH 04/41] etcupdate: error when RELEASE not bootstrapped --- usr/local/share/bastille/etcupdate.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index aaded241..4878e8b0 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -47,9 +47,11 @@ bootstrap_etc_release() { if ls -A "${bastille_releasesdir}/${_release}/usr/src" 2>/dev/null; then sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives=src if ! bastille bootstrap "${_release}"; then - error_notify "Failed to bootstrap etcupdate \"${_release}\"" + sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives="${_current}" + error_exit "Failed to bootstrap etcupdate \"${_release}\"" + else + sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives="${_current}" fi - sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives="${_current}" fi } @@ -71,6 +73,9 @@ bootstrap_etc_tarball() { update_jail_etc() { local _jail="${1}" local _release="${2}" + if [ ! -f ${bastille_cachedir}/${_release}.tbz2 ]; then + error_exit "Error: Please run \"bastille etcupdate bootstrap RELEASE\" first." + fi if [ "${DRY_RUN}" -eq 1 ]; then info "[_jail]: --dry-run" etcupdate -n -D "${bastille_jailsdir}"/"${_jail}"/root -t ${bastille_cachedir}/${_release}.tbz2 From 9c79f138e7f3671cf3abfef506dcdac7f0837008 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 9 Jan 2025 11:37:04 -0700 Subject: [PATCH 05/41] etcupdate: add resolve mode --- usr/local/share/bastille/etcupdate.sh | 101 ++++++++++++++++++-------- 1 file changed, 72 insertions(+), 29 deletions(-) diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index 4878e8b0..ed579597 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -31,11 +31,13 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_notify "Usage: bastille etcupdate [option(s)] [TARGET|bootstrap] RELEASE" + error_notify "Usage: bastille etcupdate [option(s)] [bootstrap|TARGET] [update RELEASE|resolve]" cat << EOF Options: -d | --dry-run Show output, but do not apply. + -f | --force Force a re-bootstrap of a RELEASE. + -x | --debug Enable debug mode. EOF exit 1 @@ -47,11 +49,9 @@ bootstrap_etc_release() { if ls -A "${bastille_releasesdir}/${_release}/usr/src" 2>/dev/null; then sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives=src if ! bastille bootstrap "${_release}"; then - sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives="${_current}" - error_exit "Failed to bootstrap etcupdate \"${_release}\"" - else - sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives="${_current}" + error_notify "Failed to bootstrap etcupdate: ${_release}" fi + sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives="${_current}" fi } @@ -62,50 +62,88 @@ bootstrap_etc_tarball() { if ! etcupdate build -d /tmp/etcupdate -s ${bastille_releasesdir}/${_release}/usr/src ${bastille_cachedir}/${_release}.tbz2; then error_exit "Failed to build etcupdate tarball \"${_release}.tbz2\"" else - info "Etcupdate bootstrap complete: \"${_release}\"" + info "Etcupdate bootstrap complete: ${_release}" + fi + elif [ -f ${bastille_cachedir}/${_release}.tbz2 ] && [ "${FORCE}" -eq 1 ]; then + rm -f "${bastille_cachedir}/${_release}.tbz2" + echo "Building tarball, please wait..." + if ! etcupdate build -d /tmp/etcupdate -s ${bastille_releasesdir}/${_release}/usr/src ${bastille_cachedir}/${_release}.tbz2; then + error_exit "Failed to build etcupdate tarball \"${_release}.tbz2\"" + else + info "Etcupdate bootstrap complete: ${_release}" fi else - info "Etcupdate release has already been prepared for application: \"${_release}\"" - exit 0 + info "Etcupdate release has already been prepared for application: ${_release}" fi } +resolve_conflicts() { + local _jail="${1}" + if [ "${DRY_RUN}" -eq 1 ]; then + info "[_jail]: --dry-run" + etcupdate resolve -n -D "${bastille_jailsdir}/${_jail}/root" + else + info "[_jail]:" + etcupdate resolve -D "${bastille_jailsdir}/${_jail}/root" + fi +} + update_jail_etc() { local _jail="${1}" local _release="${2}" - if [ ! -f ${bastille_cachedir}/${_release}.tbz2 ]; then - error_exit "Error: Please run \"bastille etcupdate bootstrap RELEASE\" first." - fi if [ "${DRY_RUN}" -eq 1 ]; then info "[_jail]: --dry-run" - etcupdate -n -D "${bastille_jailsdir}"/"${_jail}"/root -t ${bastille_cachedir}/${_release}.tbz2 + etcupdate -n -D "${bastille_jailsdir}/${_jail}/root" -t ${bastille_cachedir}/${_release}.tbz2 else info "[_jail]:" - etcupdate -D "${bastille_jailsdir}"/"${_jail}"/root -t ${bastille_cachedir}/${_release}.tbz2 + etcupdate -D "${bastille_jailsdir}/${_jail}/root" -t ${bastille_cachedir}/${_release}.tbz2 fi } -if [ "$#" -lt 2 ] || [ "$#" -gt 3 ]; then +if [ "$#" -lt 2 ] || [ "$#" -gt 4 ]; then usage fi # Handle options. +DRY_RUN=0 +FORCE=0 while [ "$#" -gt 0 ]; do case "${1}" in -h|--help|help) usage ;; -d|--dry-run) - if [ -z "${2}" ] || [ -z "${3}" ]; then - usage - else - DRY_RUN=1 - shift - fi + DRY_RUN=1 + shift + ;; + -f|--force) + FORCE=1 + shift ;; - -*) - error_exit "Unknown option: \"${1}\"" + -x|--debug) + enable_debug + shift + ;; + -*) + for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${_opt} in + d) DRY_RUN=1 ;; + f) FORCE=1 ;; + x) enable_debug ;; + *) error_exit "Unknown Option: \"${1}\"" ;; + esac + done + shift + ;; + *) + break ;; + esac +done + +# Main commands +while [ "$#" -gt 0 ]; do + case "${1}" in bootstrap) if [ -z "${2}" ]; then usage @@ -121,14 +159,19 @@ while [ "$#" -gt 0 ]; do usage else TARGET="${1}" - RELEASE="${2}" - fi - if [ -z "${DRY_RUN}" ]; then - DRY_RUN=0 + ACTION="${2}" + RELEASE="${3}" fi - set_target_single "${TARGET}" - update_jail_etc "${TARGET}" "${RELEASE}" - shift "$#" + case "${ACTION}" in + resolve) + resolve_conflicts "${TARGET}" + shift "$#" + ;; + update) + update_jail_etc "${TARGET}" "${RELEASE}" + shift "$#" + ;; + esac ;; esac done From 6ce41919e4d80dcd24b835f17bd4ec73cc035137 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 9 Jan 2025 15:10:23 -0700 Subject: [PATCH 06/41] etcupdate: add diff mode --- usr/local/share/bastille/etcupdate.sh | 54 +++++++++++++++++---------- 1 file changed, 35 insertions(+), 19 deletions(-) diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index ed579597..2f44013b 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -46,12 +46,14 @@ EOF bootstrap_etc_release() { local _release="${1}" local _current="$(sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives | awk -F': ' '{print $2}')" - if ls -A "${bastille_releasesdir}/${_release}/usr/src" 2>/dev/null; then + if ! ls -A "${bastille_releasesdir}/${_release}/usr/src" 2>/dev/null; then sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives=src - if ! bastille bootstrap "${_release}"; then - error_notify "Failed to bootstrap etcupdate: ${_release}" + if ! bastille bootstrap "${_release}" > /dev/null; then + sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives="${_current}" + error_exit "Failed to bootstrap etcupdate: ${_release}" + else + sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives="${_current}" fi - sysrc -f /usr/local/etc/bastille/bastille.conf bastille_bootstrap_archives="${_current}" fi } @@ -68,7 +70,7 @@ bootstrap_etc_tarball() { rm -f "${bastille_cachedir}/${_release}.tbz2" echo "Building tarball, please wait..." if ! etcupdate build -d /tmp/etcupdate -s ${bastille_releasesdir}/${_release}/usr/src ${bastille_cachedir}/${_release}.tbz2; then - error_exit "Failed to build etcupdate tarball \"${_release}.tbz2\"" + error_exit "Failed to build etcupdate tarball: ${_release}.tbz2" else info "Etcupdate bootstrap complete: ${_release}" fi @@ -77,13 +79,19 @@ bootstrap_etc_tarball() { fi } +diff_review() { + local _jail="${1}" + info "[_jail]: diff" + etcupdate diff -D "${bastille_jailsdir}/${_jail}/root" +} + resolve_conflicts() { local _jail="${1}" if [ "${DRY_RUN}" -eq 1 ]; then - info "[_jail]: --dry-run" + info "[_jail]: resolve --dry-run" etcupdate resolve -n -D "${bastille_jailsdir}/${_jail}/root" else - info "[_jail]:" + info "[_jail]: resolve" etcupdate resolve -D "${bastille_jailsdir}/${_jail}/root" fi } @@ -92,10 +100,10 @@ update_jail_etc() { local _jail="${1}" local _release="${2}" if [ "${DRY_RUN}" -eq 1 ]; then - info "[_jail]: --dry-run" + info "[_jail]: update --dry-run" etcupdate -n -D "${bastille_jailsdir}/${_jail}/root" -t ${bastille_cachedir}/${_release}.tbz2 else - info "[_jail]:" + info "[_jail]: update" etcupdate -D "${bastille_jailsdir}/${_jail}/root" -t ${bastille_cachedir}/${_release}.tbz2 fi } @@ -161,17 +169,25 @@ while [ "$#" -gt 0 ]; do TARGET="${1}" ACTION="${2}" RELEASE="${3}" - fi - case "${ACTION}" in - resolve) - resolve_conflicts "${TARGET}" - shift "$#" - ;; - update) - update_jail_etc "${TARGET}" "${RELEASE}" - shift "$#" + set_target_single "${TARGET}" + case "${ACTION}" in + diff) + diff_review "${TARGET}" + shift "$#" + ;; + resolve) + resolve_conflicts "${TARGET}" + shift "$#" + ;; + update) + update_jail_etc "${TARGET}" "${RELEASE}" + shift "$#" + ;; + *) + error_exit "Unknown action: \"${ACTION}\"" ;; - esac + esac + fi ;; esac done From b90a83bfb72984c0640e69cd016a26b457c913ea Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 9 Jan 2025 15:11:19 -0700 Subject: [PATCH 07/41] etcupdate: help message include diff mode --- usr/local/share/bastille/etcupdate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index 2f44013b..c5d1c397 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -31,7 +31,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_notify "Usage: bastille etcupdate [option(s)] [bootstrap|TARGET] [update RELEASE|resolve]" + error_notify "Usage: bastille etcupdate [option(s)] [bootstrap|TARGET] [diff|resolve|update RELEASE]" cat << EOF Options: From e6e60a3a32b976ea595c45d021f31b175b1f1566 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 9 Jan 2025 15:12:23 -0700 Subject: [PATCH 08/41] common: update set_target_single --- usr/local/share/bastille/common.sh | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index b9b0986f..6e61f5c5 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -190,13 +190,28 @@ set_target_single() { local _TARGET="${1}" if [ "${_TARGET}" = ALL ] || [ "${_TARGET}" = all ]; then error_exit "[all|ALL] not supported with this command." - else - check_target_exists "${_TARGET}" || error_exit "Jail not found \"${_TARGET}\"" - JAILS="${_TARGET}" - TARGET="${_TARGET}" - export JAILS - export TARGET + elif [ "$(echo ${_TARGET} | wc -w)" -gt 1 ]; then + error_exit "Error: Command only supports a single TARGET." + elif echo "${_TARGET}" | grep -Eq '^[0-9]+$'; then + if get_jail_name "${_TARGET}" > /dev/null; then + _TARGET="$(get_jail_name ${_TARGET})" + else + error_exit "Error: JID \"${_TARGET}\" not found. Is jail running?" + fi + elif + ! check_target_exists "${_TARGET}"; then + if jail_autocomplete "${_TARGET}" > /dev/null; then + _TARGET="$(jail_autocomplete ${_TARGET})" + elif [ $? -eq 2 ]; then + error_exit "Jail not found \"${_TARGET}\"" + else + exit 1 + fi fi + TARGET="${_TARGET}" + JAILS="${_TARGET}" + export TARGET + export JAILS } target_all_jails() { From e4b5273835ce2efdb5b57b8104089a4f08b86e3b Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 9 Jan 2025 15:41:23 -0700 Subject: [PATCH 09/41] etcupdate: fix accidentally deleted error message --- usr/local/share/bastille/etcupdate.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index c5d1c397..1f143c29 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -99,6 +99,9 @@ resolve_conflicts() { update_jail_etc() { local _jail="${1}" local _release="${2}" + if [ ! -f ${bastille_cachedir}/${_release}.tbz2 ]; then + error_exit "Error: Please run \"bastille etcupdate bootstrap RELEASE\" first." + fi if [ "${DRY_RUN}" -eq 1 ]; then info "[_jail]: update --dry-run" etcupdate -n -D "${bastille_jailsdir}/${_jail}/root" -t ${bastille_cachedir}/${_release}.tbz2 From 8882c23b185e3ae1bb7c5edad873839d278399a6 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 9 Jan 2025 16:30:29 -0700 Subject: [PATCH 10/41] etcupdate: code optimize (usage if no RELEASE) --- usr/local/share/bastille/etcupdate.sh | 55 ++++++++++++++------------- 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index 1f143c29..d689f323 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -111,10 +111,6 @@ update_jail_etc() { fi } -if [ "$#" -lt 2 ] || [ "$#" -gt 4 ]; then - usage -fi - # Handle options. DRY_RUN=0 FORCE=0 @@ -152,6 +148,10 @@ while [ "$#" -gt 0 ]; do esac done +if [ "$#" -lt 2 ] || [ "$#" -gt 3 ]; then + usage +fi + # Main commands while [ "$#" -gt 0 ]; do case "${1}" in @@ -166,31 +166,32 @@ while [ "$#" -gt 0 ]; do fi ;; *) - if [ -z "${2}" ]; then - usage - else - TARGET="${1}" - ACTION="${2}" - RELEASE="${3}" - set_target_single "${TARGET}" - case "${ACTION}" in - diff) - diff_review "${TARGET}" - shift "$#" - ;; - resolve) - resolve_conflicts "${TARGET}" - shift "$#" - ;; - update) + TARGET="${1}" + ACTION="${2}" + RELEASE="${3}" + set_target_single "${TARGET}" + case "${ACTION}" in + diff) + diff_review "${TARGET}" + shift "$#" + ;; + resolve) + resolve_conflicts "${TARGET}" + shift "$#" + ;; + update) + if [ -z "${RELEASE}" ]; then + usage + else update_jail_etc "${TARGET}" "${RELEASE}" shift "$#" - ;; - *) - error_exit "Unknown action: \"${ACTION}\"" + fi ;; - esac - fi - ;; + *) + error_exit "Unknown action: \"${ACTION}\"" + ;; + esac + fi + ;; esac done From cca43cb43688f716f7de3f2e6eb0efec9bf89fb9 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 9 Jan 2025 16:34:15 -0700 Subject: [PATCH 11/41] =?UTF-8?q?etcupdate:=20fix=20=E2=80=9Cfi=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- usr/local/share/bastille/etcupdate.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index d689f323..716e26ea 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -188,10 +188,9 @@ while [ "$#" -gt 0 ]; do fi ;; *) - error_exit "Unknown action: \"${ACTION}\"" - ;; + error_exit "Unknown action: \"${ACTION}\"" + ;; esac - fi ;; esac done From 894e5ef5f6c148b4bdc88215b07b50a7784f7633 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 9 Jan 2025 16:37:48 -0700 Subject: [PATCH 12/41] etcupdate: fix ;; spacing --- usr/local/share/bastille/etcupdate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index 716e26ea..7126b905 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -191,6 +191,6 @@ while [ "$#" -gt 0 ]; do error_exit "Unknown action: \"${ACTION}\"" ;; esac - ;; + ;; esac done From cd330363c255493c5a932eea7c7171b883c905c9 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 10 Jan 2025 00:14:25 -0700 Subject: [PATCH 13/41] etcupdate: jail var missing --- usr/local/share/bastille/etcupdate.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index 7126b905..84ea57d1 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -81,17 +81,17 @@ bootstrap_etc_tarball() { diff_review() { local _jail="${1}" - info "[_jail]: diff" + info "[${_jail}]: etcupdate --diff mode" etcupdate diff -D "${bastille_jailsdir}/${_jail}/root" } resolve_conflicts() { local _jail="${1}" if [ "${DRY_RUN}" -eq 1 ]; then - info "[_jail]: resolve --dry-run" + info "[${_jail}]: etcupdate resolve --dry-run" etcupdate resolve -n -D "${bastille_jailsdir}/${_jail}/root" else - info "[_jail]: resolve" + info "[${_jail}]: etcupdate resolve" etcupdate resolve -D "${bastille_jailsdir}/${_jail}/root" fi } @@ -103,10 +103,10 @@ update_jail_etc() { error_exit "Error: Please run \"bastille etcupdate bootstrap RELEASE\" first." fi if [ "${DRY_RUN}" -eq 1 ]; then - info "[_jail]: update --dry-run" + info "[${_jail}]: etcupdate update --dry-run" etcupdate -n -D "${bastille_jailsdir}/${_jail}/root" -t ${bastille_cachedir}/${_release}.tbz2 else - info "[_jail]: update" + info "[${_jail}]: etcupdate update" etcupdate -D "${bastille_jailsdir}/${_jail}/root" -t ${bastille_cachedir}/${_release}.tbz2 fi } From 397b13bc233c2558d92a3e118cc890ed6ba1f169 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 10 Jan 2025 00:18:47 -0700 Subject: [PATCH 14/41] etcupdate: remove -n option from resolve mode --- usr/local/share/bastille/etcupdate.sh | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index 84ea57d1..87e6dc2a 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -87,13 +87,8 @@ diff_review() { resolve_conflicts() { local _jail="${1}" - if [ "${DRY_RUN}" -eq 1 ]; then - info "[${_jail}]: etcupdate resolve --dry-run" - etcupdate resolve -n -D "${bastille_jailsdir}/${_jail}/root" - else - info "[${_jail}]: etcupdate resolve" - etcupdate resolve -D "${bastille_jailsdir}/${_jail}/root" - fi + info "[${_jail}]: etcupdate resolve" + etcupdate resolve -D "${bastille_jailsdir}/${_jail}/root" } update_jail_etc() { From 86c5b4928b2252209c85204067da0a96246106ef Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 10 Jan 2025 08:56:32 -0700 Subject: [PATCH 15/41] etcupdate: warn on -d for diff/resolve --- usr/local/share/bastille/etcupdate.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index 87e6dc2a..04990c34 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -81,12 +81,18 @@ bootstrap_etc_tarball() { diff_review() { local _jail="${1}" + if [ "${DRY_RUN}" -eq 1 ]; then + warn "Warning: diff mode does not support [-d|--dryrun]" + fi info "[${_jail}]: etcupdate --diff mode" etcupdate diff -D "${bastille_jailsdir}/${_jail}/root" } resolve_conflicts() { local _jail="${1}" + if [ "${DRY_RUN}" -eq 1 ]; then + warn "Warning: resolve mode does not support [-d|--dryrun]" + fi info "[${_jail}]: etcupdate resolve" etcupdate resolve -D "${bastille_jailsdir}/${_jail}/root" } From 8b0411c111a1d3b41c7685d9a0d1904cfb42dc56 Mon Sep 17 00:00:00 2001 From: Juan David Hurtado G Date: Sat, 11 Jan 2025 14:07:41 -0500 Subject: [PATCH 16/41] Add SPDX license identifiers and update copyright years Added SPDX-License-Identifier to all scripts for better license clarity and compliance. Updated the copyright years from 2024 to 2025 in various files to reflect the current maintenance period. --- LICENSE | 2 +- docs/conf.py | 2 +- usr/local/bin/bastille | 4 +++- usr/local/share/bastille/bootstrap.sh | 4 +++- usr/local/share/bastille/clone.sh | 4 +++- usr/local/share/bastille/cmd.sh | 4 +++- usr/local/share/bastille/colors.pre.sh | 2 ++ usr/local/share/bastille/common.sh | 4 +++- usr/local/share/bastille/config.sh | 4 +++- usr/local/share/bastille/console.sh | 4 +++- usr/local/share/bastille/convert.sh | 4 +++- usr/local/share/bastille/cp.sh | 4 +++- usr/local/share/bastille/create.sh | 4 +++- usr/local/share/bastille/destroy.sh | 4 +++- usr/local/share/bastille/edit.sh | 4 +++- usr/local/share/bastille/export.sh | 4 +++- usr/local/share/bastille/htop.sh | 4 +++- usr/local/share/bastille/import.sh | 4 +++- usr/local/share/bastille/limits.sh | 4 +++- usr/local/share/bastille/list.sh | 4 +++- usr/local/share/bastille/mount.sh | 4 +++- usr/local/share/bastille/pkg.sh | 4 +++- usr/local/share/bastille/rcp.sh | 4 +++- usr/local/share/bastille/rdr.sh | 4 +++- usr/local/share/bastille/rename.sh | 4 +++- usr/local/share/bastille/restart.sh | 4 +++- usr/local/share/bastille/service.sh | 4 +++- usr/local/share/bastille/setup.sh | 4 +++- usr/local/share/bastille/start.sh | 4 +++- usr/local/share/bastille/stop.sh | 4 +++- usr/local/share/bastille/sysrc.sh | 4 +++- usr/local/share/bastille/tags.sh | 4 +++- usr/local/share/bastille/template.sh | 4 +++- usr/local/share/bastille/top.sh | 4 +++- usr/local/share/bastille/umount.sh | 4 +++- usr/local/share/bastille/update.sh | 4 +++- usr/local/share/bastille/upgrade.sh | 4 +++- usr/local/share/bastille/verify.sh | 4 +++- usr/local/share/bastille/zfs.sh | 4 +++- 39 files changed, 112 insertions(+), 38 deletions(-) diff --git a/LICENSE b/LICENSE index 7ccaf14b..2f34d728 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ BSD 3-Clause License -Copyright (c) 2018-2024, Christer Edwards +Copyright (c) 2018-2025, Christer Edwards All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/docs/conf.py b/docs/conf.py index 1c3f2c77..987c48e4 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -8,7 +8,7 @@ # -- Project information ----------------------------------------------------- project = 'Bastille' -copyright = '2018-2024, Christer Edwards' +copyright = '2018-2025, Christer Edwards' author = 'Christer Edwards' # The short X.Y version diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index 5c78318a..b7513baa 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 295ebf67..b981e9ab 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index e11bd701..9dae7f44 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/cmd.sh b/usr/local/share/bastille/cmd.sh index a1f42347..277791d1 100644 --- a/usr/local/share/bastille/cmd.sh +++ b/usr/local/share/bastille/cmd.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/colors.pre.sh b/usr/local/share/bastille/colors.pre.sh index 0d561420..9074e2d1 100644 --- a/usr/local/share/bastille/colors.pre.sh +++ b/usr/local/share/bastille/colors.pre.sh @@ -1,5 +1,7 @@ #!/bin/sh # +# SPDX-License-Identifier: BSD-3-Clause +# # Copyright (c) 2014-2015 Bryan Drewery # All rights reserved. # diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index b9b0986f..4189f07b 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/config.sh b/usr/local/share/bastille/config.sh index 9b39f6bc..68fe1135 100644 --- a/usr/local/share/bastille/config.sh +++ b/usr/local/share/bastille/config.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/console.sh b/usr/local/share/bastille/console.sh index b15865cc..9131b221 100644 --- a/usr/local/share/bastille/console.sh +++ b/usr/local/share/bastille/console.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/convert.sh b/usr/local/share/bastille/convert.sh index 0290f355..d22c9708 100644 --- a/usr/local/share/bastille/convert.sh +++ b/usr/local/share/bastille/convert.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/cp.sh b/usr/local/share/bastille/cp.sh index 0d027f7d..d7fc174b 100644 --- a/usr/local/share/bastille/cp.sh +++ b/usr/local/share/bastille/cp.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index f0a1250f..77169e8f 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index d95a4429..56d8d7f3 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/edit.sh b/usr/local/share/bastille/edit.sh index 79677e5b..4442cad0 100644 --- a/usr/local/share/bastille/edit.sh +++ b/usr/local/share/bastille/edit.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index 123db04b..86898b52 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index 10795da1..4449edef 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index 34cda5fc..ade9f648 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/limits.sh b/usr/local/share/bastille/limits.sh index 29f631a1..03af4690 100644 --- a/usr/local/share/bastille/limits.sh +++ b/usr/local/share/bastille/limits.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # Ressource limits added by Sven R github.com/hackacad # diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 49534e2d..3b1845b7 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index ba66ae8b..b2aeb438 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/pkg.sh b/usr/local/share/bastille/pkg.sh index 4e537a4d..e7cf23d7 100644 --- a/usr/local/share/bastille/pkg.sh +++ b/usr/local/share/bastille/pkg.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/rcp.sh b/usr/local/share/bastille/rcp.sh index fe3d48db..a3b1cda1 100644 --- a/usr/local/share/bastille/rcp.sh +++ b/usr/local/share/bastille/rcp.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/rdr.sh b/usr/local/share/bastille/rdr.sh index 63df7839..f5f426d5 100644 --- a/usr/local/share/bastille/rdr.sh +++ b/usr/local/share/bastille/rdr.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/rename.sh b/usr/local/share/bastille/rename.sh index e83d2284..20fb8021 100644 --- a/usr/local/share/bastille/rename.sh +++ b/usr/local/share/bastille/rename.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/restart.sh b/usr/local/share/bastille/restart.sh index f443a782..ffdb1650 100644 --- a/usr/local/share/bastille/restart.sh +++ b/usr/local/share/bastille/restart.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/service.sh b/usr/local/share/bastille/service.sh index 92fa4f27..76d1edad 100644 --- a/usr/local/share/bastille/service.sh +++ b/usr/local/share/bastille/service.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/setup.sh b/usr/local/share/bastille/setup.sh index b069ea32..020d2cf4 100644 --- a/usr/local/share/bastille/setup.sh +++ b/usr/local/share/bastille/setup.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index 2eeb9e49..375d49c2 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index 6c4b7c1d..efec51e1 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/sysrc.sh b/usr/local/share/bastille/sysrc.sh index db1c8a01..baf0d7ae 100644 --- a/usr/local/share/bastille/sysrc.sh +++ b/usr/local/share/bastille/sysrc.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/tags.sh b/usr/local/share/bastille/tags.sh index 65ed802f..4457f03d 100644 --- a/usr/local/share/bastille/tags.sh +++ b/usr/local/share/bastille/tags.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # Ressource limits added by Lars Engels github.com/bsdlme # diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index 203dc109..3aed8664 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index 669c1164..bd82d153 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/umount.sh b/usr/local/share/bastille/umount.sh index ebbb52c5..f5d68969 100644 --- a/usr/local/share/bastille/umount.sh +++ b/usr/local/share/bastille/umount.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/update.sh b/usr/local/share/bastille/update.sh index 60458a81..85d632c0 100644 --- a/usr/local/share/bastille/update.sh +++ b/usr/local/share/bastille/update.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/upgrade.sh b/usr/local/share/bastille/upgrade.sh index 39422582..5aa06905 100644 --- a/usr/local/share/bastille/upgrade.sh +++ b/usr/local/share/bastille/upgrade.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/verify.sh b/usr/local/share/bastille/verify.sh index 8f50dffa..ec8afa91 100644 --- a/usr/local/share/bastille/verify.sh +++ b/usr/local/share/bastille/verify.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/zfs.sh b/usr/local/share/bastille/zfs.sh index 0bcedbec..3ba50792 100644 --- a/usr/local/share/bastille/zfs.sh +++ b/usr/local/share/bastille/zfs.sh @@ -1,6 +1,8 @@ #!/bin/sh # -# Copyright (c) 2018-2024, Christer Edwards +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without From c544727d40e66f4f72c9a6ee7e095747b614f4e4 Mon Sep 17 00:00:00 2001 From: Juan David Hurtado G Date: Sat, 11 Jan 2025 15:55:21 -0500 Subject: [PATCH 17/41] bastille: fix sourcing common before the config file check, this ensures setup can run correctly --- usr/local/bin/bastille | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index b7513baa..72c37323 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -32,20 +32,23 @@ PATH=${PATH}:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin -. /usr/local/share/bastille/common.sh - ## check for config existence bastille_conf_check() { if [ ! -r "/usr/local/etc/bastille/bastille.conf" ]; then - warn "Configuration file not found. Do yu want to create it with default values? [y/N]" + echo "[INFO] Configuration file not found. Do yu want to create it with default values? [y/N]" read answer case "${answer}" in [Nn][Oo]|[Nn]|"") - error_exit "No configuration file has been generated. Exiting." + echo "[INFO] No configuration file has been generated. Exiting." + exit ;; [Yy][Ee][Ss]|[Yy]) cp /usr/local/etc/bastille/bastille.conf.sample /usr/local/etc/bastille/bastille.conf - info "Configuration file has been generated. Continuing with default values" + echo "[INFO] Configuration file has been generated. Continuing with default values" + ;; + *) + echo "[ERROR] Invalid option. Please answer with 'y' or 'N'." + exit 1 ;; esac fi @@ -53,7 +56,8 @@ bastille_conf_check() { bastille_conf_check -## we only load the config if conf_check passes +## we only load this if conf_check passes +. /usr/local/share/bastille/common.sh . /usr/local/etc/bastille/bastille.conf # Set default values for config properties added during the current major version: : "${bastille_network_pf_ext_if:=ext_if}" From c70cb249dd6ab959e8d1aef3dfa923e900d4a00c Mon Sep 17 00:00:00 2001 From: Juan David Hurtado G Date: Sat, 11 Jan 2025 16:40:31 -0500 Subject: [PATCH 18/41] bastille: Fix typo in prompt message for missing configuration file. --- usr/local/bin/bastille | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index 72c37323..488d3621 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -35,7 +35,7 @@ PATH=${PATH}:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin ## check for config existence bastille_conf_check() { if [ ! -r "/usr/local/etc/bastille/bastille.conf" ]; then - echo "[INFO] Configuration file not found. Do yu want to create it with default values? [y/N]" + echo "[INFO] Configuration file not found. Do you want to create it with default values? [y/N]" read answer case "${answer}" in [Nn][Oo]|[Nn]|"") From 65aa9d0258d9ac308171ab50a9938aa97d3c14f3 Mon Sep 17 00:00:00 2001 From: Juan David Hurtado G Date: Sat, 11 Jan 2025 16:59:01 -0500 Subject: [PATCH 19/41] docs: Fix typo in umount command documentation --- docs/chapters/subcommands/umount.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/chapters/subcommands/umount.rst b/docs/chapters/subcommands/umount.rst index cdcdabdb..2dbfdafa 100644 --- a/docs/chapters/subcommands/umount.rst +++ b/docs/chapters/subcommands/umount.rst @@ -19,7 +19,7 @@ Syntax requires only the jail path to unmount. Usage: bastille umount TARGET JAIL_PATH -If the directory you are unmounting has spaces, make sure to escape them with a backslash \, and enclode the mount point in quotes "". +If the directory you are unmounting has spaces, make sure to escape them with a backslash \, and enclose the mount point in quotes "". .. code-block:: shell From 7e90b7072f8a0668d47c4c1713aed6a619f64594 Mon Sep 17 00:00:00 2001 From: Juan David Hurtado G Date: Sat, 11 Jan 2025 17:16:19 -0500 Subject: [PATCH 20/41] Update Bastille version to 0.12.20250111 Updated the version references in documentation, configuration, and script files to reflect the latest release. --- docs/chapters/installation.rst | 2 +- docs/conf.py | 4 ++-- usr/local/bin/bastille | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/chapters/installation.rst b/docs/chapters/installation.rst index 1a7b239a..232988c9 100644 --- a/docs/chapters/installation.rst +++ b/docs/chapters/installation.rst @@ -4,7 +4,7 @@ Bastille is available in the official FreeBSD ports tree at `sysutils/bastille`. Binary packages available in `quarterly` and `latest` repositories. -Current version is `0.12.20241124`. +Current version is `0.12.20250111`. To install from the FreeBSD package repository: diff --git a/docs/conf.py b/docs/conf.py index 987c48e4..96451510 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -12,9 +12,9 @@ author = 'Christer Edwards' # The short X.Y version -version = '0.12.20241124' +version = '0.12.20250111' # The full version, including alpha/beta/rc tags -release = '0.12.20241124-beta' +release = '0.12.20250111-beta' # -- General configuration --------------------------------------------------- diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index 488d3621..c5442daf 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -78,7 +78,7 @@ bastille_perms_check() { bastille_perms_check ## version -BASTILLE_VERSION="0.12.20241124" +BASTILLE_VERSION="0.12.20250111" usage() { cat << EOF From 5409d8eab3cc96d7ebfd1b1825d8adff7ada9c05 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sat, 11 Jan 2025 15:38:17 -0700 Subject: [PATCH 21/41] top: add auto mode --- usr/local/share/bastille/top.sh | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index bd82d153..8911473f 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -38,25 +38,37 @@ usage() { cat << EOF Options: - -f | --force -- Start the jail if it is stopped. + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. EOF exit 1 } # Handle options. -FORCE=0 +AUTO=0 while [ "$#" -gt 0 ]; do case "${1}" in -h|--help|help) usage ;; - -f|--force) - FORCE=1 + -a|--auto) + AUTO=1 + shift + ;; + -x|--debug) + enable_debug shift ;; -*) - error_exit "Unknown option: \"${1}\"" + for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${_opt} in + a) AUTO=1 ;; + x) enable_debug ;; + *) error_exit "Unknown Option: \"${1}\"" ;; + esac + done + shift ;; *) break @@ -74,10 +86,10 @@ bastille_root_check set_target_single "${TARGET}" info "[${TARGET}]:" -check_target_is_running "${TARGET}" || if [ "${FORCE}" -eq 1 ]; then +check_target_is_running "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then bastille start "${TARGET}" else error_notify "Jail is not running." - error_continue "Use [-f|--force] to force start the jail." + error_continue "Use [-a|--auto] to auto-start the jail." fi jexec -l "${TARGET}" /usr/bin/top From 38e0e90e10150ca8c9deff763f3ccb2bbf43248f Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sat, 11 Jan 2025 15:40:10 -0700 Subject: [PATCH 22/41] htop: add auto mod --- usr/local/share/bastille/htop.sh | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index 4449edef..d6b108d8 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -34,29 +34,41 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille htop [option(s)] TARGET" + error_notify "Usage: bastille htop [option(s)] TARGET" cat << EOF Options: - -f | --force -- Start the jail if it is stopped. + -a | --auto Auto mode. Start/stop jail(s) if required. + -x | --debug Enable debug mode. EOF exit 1 } # Handle options. -FORCE=0 +AUTO=0 while [ "$#" -gt 0 ]; do case "${1}" in -h|--help|help) usage ;; - -f|--force) - FORCE=1 + -a|--auto) + AUTO=1 + shift + ;; + -x|--debug) + enable_debug shift ;; -*) - error_exit "Unknown option: \"${1}\"" + for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${_opt} in + a) AUTO=1 ;; + x) enable_debug ;; + *) error_exit "Unknown Option: \"${1}\"" + esac + done + shift ;; *) break @@ -74,15 +86,14 @@ bastille_root_check set_target_single "${TARGET}" info "[${TARGET}]:" -check_target_is_running "${TARGET}" || if [ "${FORCE}" -eq 1 ]; then +check_target_is_running "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then bastille start "${TARGET}" else error_notify "Jail is not running." - error_continue "Use [-f|--force] to force start the jail." + error_continue "Use [-a|--auto] to auto-start the jail." fi -bastille_jail_path="${bastille_jailsdir}/${TARGET}/root" -if [ ! -x "${bastille_jail_path}/usr/local/bin/htop" ]; then +if [ ! -x "${bastille_jailsdir}/${TARGET}/root/usr/local/bin/htop" ]; then error_notify "htop not found on ${TARGET}." elif [ -x "${bastille_jail_path}/usr/local/bin/htop" ]; then jexec -l ${TARGET} /usr/local/bin/htop From 18a6fecad5ca25b57c13f3f8363363056575c44d Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sat, 11 Jan 2025 15:40:32 -0700 Subject: [PATCH 23/41] top: remove trailing ;; --- usr/local/share/bastille/top.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index 8911473f..ef2a8bcb 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do case ${_opt} in a) AUTO=1 ;; x) enable_debug ;; - *) error_exit "Unknown Option: \"${1}\"" ;; + *) error_exit "Unknown Option: \"${1}\"" esac done shift From bc0971914515b30aff71bab1c135fca1169ae824 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sat, 11 Jan 2025 15:41:36 -0700 Subject: [PATCH 24/41] docs: top update for clarity --- docs/chapters/subcommands/top.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/chapters/subcommands/top.rst b/docs/chapters/subcommands/top.rst index 16df8682..77e7f831 100644 --- a/docs/chapters/subcommands/top.rst +++ b/docs/chapters/subcommands/top.rst @@ -2,7 +2,7 @@ top === -This one runs `top` in that container. +This command runs `top` in the targeted jail. .. image:: ../../images/top.png From 6ea0c712c4522bce22a5d2171bd1c0747aadf2d9 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sat, 11 Jan 2025 15:43:15 -0700 Subject: [PATCH 25/41] docs: htop update for clarity --- docs/chapters/subcommands/htop.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/chapters/subcommands/htop.rst b/docs/chapters/subcommands/htop.rst index d3493be2..1fcb8bdb 100644 --- a/docs/chapters/subcommands/htop.rst +++ b/docs/chapters/subcommands/htop.rst @@ -2,8 +2,8 @@ htop ==== -This one runs `htop` inside the container. -note: won't work if you don't have htop installed in the container. +This command runs `htop` in the targeted jail. +Requires htop to be installed in the jail. .. image:: ../../images/htop.png From cab6f1a217df48e31d83723d95e91463e6d68a63 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 13 Jan 2025 08:41:14 -0700 Subject: [PATCH 26/41] =?UTF-8?q?etcupdate:=20add=20=E2=80=9C=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- usr/local/share/bastille/etcupdate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index 04990c34..9e4f6c68 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -163,7 +163,7 @@ while [ "$#" -gt 0 ]; do RELEASE="${2}" bootstrap_etc_release "${RELEASE}" bootstrap_etc_tarball "${RELEASE}" - shift $# + shift "$#" fi ;; *) From 10822931bbbe97afa3dab9939b1e136beae0356e Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 13 Jan 2025 13:19:26 -0700 Subject: [PATCH 27/41] create: Static MAC optional --- usr/local/share/bastille/create.sh | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 77169e8f..0f47f17c 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -41,12 +41,13 @@ usage() { cat << EOF Options: - -E | --empty -- Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). - -L | --linux -- This option is intended for testing with Linux jails, this is considered experimental. - -T | --thick -- Creates a thick container, they consume more space as they are self contained and independent. - -V | --vnet -- Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. - -C | --clone -- Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. - -B | --bridge -- Enables VNET, VNET containers are attached to a specified, already existing external bridge. + -M | --static-mac -- Generate a static MAC address for jail (VNET only). + -E | --empty -- Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). + -L | --linux -- This option is intended for testing with Linux jails, this is considered experimental. + -T | --thick -- Creates a thick container, they consume more space as they are self contained and independent. + -V | --vnet -- Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. + -C | --clone -- Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. + -B | --bridge -- Enables VNET, VNET containers are attached to a specified, already existing external bridge. EOF exit 1 @@ -229,7 +230,7 @@ generate_vnet_jail_conf() { else devfs_ruleset_value=13 fi - NETBLOCK=$(generate_vnet_jail_netblock "$NAME" "${VNET_JAIL_BRIDGE}" "${bastille_jail_conf_interface}") + NETBLOCK=$(generate_vnet_jail_netblock "$NAME" "${VNET_JAIL_BRIDGE}" "${bastille_jail_conf_interface}" "${STATIC_MAC}") cat << EOF > "${bastille_jail_conf}" ${NAME} { enforce_statfs = 2; @@ -630,10 +631,15 @@ THICK_JAIL="" CLONE_JAIL="" VNET_JAIL="" LINUX_JAIL="" +STATIC_MAC="" # Handle and parse options while [ $# -gt 0 ]; do case "${1}" in + -M|--static-mac) + STATIC_MAC="1" + shift + ;; -E|--empty) EMPTY_JAIL="1" shift From cd8461691f812dc20a95d4b115aad76bc37e2945 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 13 Jan 2025 13:23:08 -0700 Subject: [PATCH 28/41] common: Static MAC optional --- usr/local/share/bastille/common.sh | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 4189f07b..2a737185 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -126,6 +126,7 @@ generate_vnet_jail_netblock() { local jail_name="$1" local use_unique_bridge="$2" local external_interface="$3" + local static_mac="${4}" generate_static_mac "${jail_name}" "${external_interface}" ## determine number of containers + 1 ## iterate num and grep all jail configs @@ -148,6 +149,7 @@ generate_vnet_jail_netblock() { local uniq_epair_bridge="0" fi if [ -n "${use_unique_bridge}" ]; then + if [ -n "${static_mac}" ]; then ## generate bridge config cat <<-EOF vnet; @@ -161,7 +163,20 @@ generate_vnet_jail_netblock() { exec.poststop += "ifconfig ${external_interface} deletem e${uniq_epair_bridge}a_${jail_name}"; exec.poststop += "ifconfig e${uniq_epair_bridge}a_${jail_name} destroy"; EOF + else + cat <<-EOF + vnet; + vnet.interface = e${uniq_epair_bridge}b_${jail_name}; + exec.prestart += "ifconfig epair${uniq_epair_bridge} create"; + exec.prestart += "ifconfig ${external_interface} addm epair${uniq_epair_bridge}a"; + exec.prestart += "ifconfig epair${uniq_epair_bridge}a up name e${uniq_epair_bridge}a_${jail_name}"; + exec.prestart += "ifconfig epair${uniq_epair_bridge}b up name e${uniq_epair_bridge}b_${jail_name}"; + exec.poststop += "ifconfig ${external_interface} deletem e${uniq_epair_bridge}a_${jail_name}"; + exec.poststop += "ifconfig e${uniq_epair_bridge}a_${jail_name} destroy"; +EOF + fi else + if [ -n "${static_mac}" ]; then ## generate config cat <<-EOF vnet; @@ -172,6 +187,15 @@ EOF exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${jail_name}\""; exec.poststop += "jib destroy ${uniq_epair}"; EOF + else + cat <<-EOF + vnet; + vnet.interface = e0b_${uniq_epair}; + exec.prestart += "jib addm ${uniq_epair} ${external_interface}"; + exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${jail_name}\""; + exec.poststop += "jib destroy ${uniq_epair}"; +EOF + fi fi } From 131c89c6f83c928c486fc1c2df90fb31d5127fdc Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 13 Jan 2025 13:25:54 -0700 Subject: [PATCH 29/41] clone: Static MAC optional --- usr/local/share/bastille/clone.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 9dae7f44..c913db56 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -118,9 +118,13 @@ update_jailconf_vnet() { local uniq_epair_bridge="${_num}" # since we don't have access to the external_interface variable, we cat the jail.conf file to retrieve the mac prefix # we also do not use the main generate_static_mac function here - local macaddr_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" - local macaddr_suffix="$(echo -n ${NEWNAME} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" - local macaddr="${macaddr_prefix}:${macaddr_suffix}" + if grep -oq ether ${JAIL_CONFIG}; then + local macaddr_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" + local macaddr_suffix="$(echo -n ${NEWNAME} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" + local macaddr="${macaddr_prefix}:${macaddr_suffix}" + sed -i '' "s|ether.*:.*:.*:.*:.*:.*a\";|ether ${macaddr}a\";|" "${JAIL_CONFIG}" + sed -i '' "s|ether.*:.*:.*:.*:.*:.*b\";|ether ${macaddr}b\";|" "${JAIL_CONFIG}" + fi # Update the exec.* with uniq_epair when cloning jails. # for VNET jails sed -i '' "s|bastille\([0-9]\{1,\}\)|${uniq_epair}|g" "${JAIL_CONFIG}" @@ -128,8 +132,6 @@ update_jailconf_vnet() { sed -i '' "s|e\([0-9]\{1,\}\)b_${NEWNAME}|e${uniq_epair_bridge}b_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|epair\([0-9]\{1,\}\)|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille\([0-9]\{1,\}\).*description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" - sed -i '' "s|ether.*:.*:.*:.*:.*:.*a\";|ether ${macaddr}a\";|" "${JAIL_CONFIG}" - sed -i '' "s|ether.*:.*:.*:.*:.*:.*b\";|ether ${macaddr}b\";|" "${JAIL_CONFIG}" break fi fi From 5345c2a59985e9650404827995533686465f9b98 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 13 Jan 2025 13:59:55 -0700 Subject: [PATCH 30/41] common: MAC now follows host prefix, and hashes jail+hostMAC for suffix --- usr/local/share/bastille/common.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 2a737185..afe07a5f 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -113,8 +113,8 @@ generate_static_mac() { local jail_name="${1}" local external_interface="${2}" local external_interface_mac="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | sed 's#:##g')" - local macaddr_prefix="$(echo -n "${external_interface_mac}" | sha256 | cut -b -6 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" - local macaddr_suffix="$(echo -n "${jail_name}" | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" + local macaddr_prefix="$(echo ${external_interface_mac} | cut -d':' -f1-3)" + local macaddr_suffix="$(echo -n "${external_interface_mac}${jail_name}" | sed 's#:##g' | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" if [ -z "${macaddr_prefix}" ] || [ -z "${macaddr_suffix}" ]; then error_notify "Failed to generate MAC address." fi From c9bb5132c03cea38bc58f70b7a1dc8d3a232a70c Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 13 Jan 2025 15:58:56 -0700 Subject: [PATCH 31/41] common: do not trim : from MAC too early --- usr/local/share/bastille/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index afe07a5f..2b7ea6af 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -112,7 +112,7 @@ check_target_is_stopped() { generate_static_mac() { local jail_name="${1}" local external_interface="${2}" - local external_interface_mac="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | sed 's#:##g')" + local external_interface_mac="$(ifconfig ${external_interface} | grep ether | awk '{print $2}')" local macaddr_prefix="$(echo ${external_interface_mac} | cut -d':' -f1-3)" local macaddr_suffix="$(echo -n "${external_interface_mac}${jail_name}" | sed 's#:##g' | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" if [ -z "${macaddr_prefix}" ] || [ -z "${macaddr_suffix}" ]; then From d9ef63bc60e8fd4a4be4d77a0cf2ddfaac4a98d0 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 13 Jan 2025 16:03:30 -0700 Subject: [PATCH 32/41] clone: update "update_jail_conf_vnet" function for optional static MAC --- usr/local/share/bastille/clone.sh | 101 +++++++++++++++++++----------- 1 file changed, 65 insertions(+), 36 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index c913db56..4b01ec10 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -105,51 +105,80 @@ update_jailconf() { update_jailconf_vnet() { bastille_jail_rc_conf="${bastille_jailsdir}/${NEWNAME}/root/etc/rc.conf" - - # Determine number of containers and define an uniq_epair - local list_jails_num="$(bastille list jails | wc -l | awk '{print $1}')" - local num_range="$(expr "${list_jails_num}" + 1)" - jail_list=$(bastille list jail) - for _num in $(seq 0 "${num_range}"); do - if [ -n "${jail_list}" ]; then - if ! grep -q "e0b_bastille${_num}" "${bastille_jailsdir}"/*/jail.conf; then - if ! grep -q "epair${_num}" "${bastille_jailsdir}"/*/jail.conf; then - local uniq_epair="bastille${_num}" + # Determine number of interfaces and define a uniq_epair + local _if_list="$(grep -Eo 'epair[0-9]+|bastille[0-9]+' ${JAIL_CONFIG} | sort -u)" + for _if in ${_if_list}; do + local _epair_if_count="$(grep -Eo 'epair[0-9]+' ${bastille_jailsdir}/*/jail.conf | sort -u | wc -l | awk '{print $1}')" + local _bastille_if_count="$(grep -Eo 'bastille[0-9]+' ${bastille_jailsdir}/*/jail.conf | sort -u | wc -l | awk '{print $1}')" + local epair_num_range=$((_epair_if_count + 1)) + local bastille_num_range=$((_bastille_if_count + 1)) + if echo ${_if} | grep -Eoq 'epair[0-9]+'; then + # Update bridged VNET config + for _num in $(seq 0 "${epair_num_range}"); do + if ! grep -oq "epair${_num}" ${bastille_jailsdir}/*/jail.conf; then + # Update jail.conf epair name local uniq_epair_bridge="${_num}" - # since we don't have access to the external_interface variable, we cat the jail.conf file to retrieve the mac prefix - # we also do not use the main generate_static_mac function here + local _if_epaira="${_if}a" + local _if_epairb="${_if}b" + local _if_vnet="$(grep ${_if_epairb} "${bastille_jail_rc_conf}" | grep -Eo -m 1 "vnet[0-9]+")" + sed -i '' "s|${_if}|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" + # If jail had a static MAC, generate one for clone if grep -oq ether ${JAIL_CONFIG}; then - local macaddr_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" - local macaddr_suffix="$(echo -n ${NEWNAME} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" - local macaddr="${macaddr_prefix}:${macaddr_suffix}" - sed -i '' "s|ether.*:.*:.*:.*:.*:.*a\";|ether ${macaddr}a\";|" "${JAIL_CONFIG}" - sed -i '' "s|ether.*:.*:.*:.*:.*:.*b\";|ether ${macaddr}b\";|" "${JAIL_CONFIG}" + local external_interface="$(grep "epair${uniq_epair_bridge}" ${JAIL_CONFIG} | grep -o '[^ ]* addm' | awk '{print $1}')" + generate_static_mac "${NEWNAME}" "${external_interface}" + sed -i '' "s|epair${uniq_epair_bridge}a ether.*:.*:.*:.*:.*:.*a\";|epair${uniq_epair}a ether ${macaddr}a\";|" "${JAIL_CONFIG}" + sed -i '' "s|epair${uniq_epair_bridge}b ether.*:.*:.*:.*:.*:.*b\";|epair${uniq_epair}b ether ${macaddr}b\";|" "${JAIL_CONFIG}" + fi + sed -i '' "s|vnet host interface for Bastille jail ${TARGET}|vnet host interface for Bastille jail ${NEWNAME}|g" "${JAIL_CONFIG}" + # Update /etc/rc.conf + sed -i '' "s|${_if_epairb}_name|epair${uniq_epair_bridge}b_name|" "${bastille_jail_rc_conf}" + if grep "vnet0" "${bastille_jail_rc_conf}" | grep -q "epair${uniq_epair_bridge}b_name"; then + if [ "${IP}" = "0.0.0.0" ]; then + sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="SYNCDHCP" + else + sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="inet ${IP}" + fi + else + sysrc -f "${bastille_jail_rc_conf}" ifconfig_${_if_vnet}="SYNCDHCP" fi - # Update the exec.* with uniq_epair when cloning jails. - # for VNET jails - sed -i '' "s|bastille\([0-9]\{1,\}\)|${uniq_epair}|g" "${JAIL_CONFIG}" - sed -i '' "s|e\([0-9]\{1,\}\)a_${NEWNAME}|e${uniq_epair_bridge}a_${NEWNAME}|g" "${JAIL_CONFIG}" - sed -i '' "s|e\([0-9]\{1,\}\)b_${NEWNAME}|e${uniq_epair_bridge}b_${NEWNAME}|g" "${JAIL_CONFIG}" - sed -i '' "s|epair\([0-9]\{1,\}\)|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" - sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille\([0-9]\{1,\}\).*description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" break fi - fi + done + elif echo ${_if} | grep -Eoq 'bastille[0-9]+'; then + # Update VNET config + for _num in $(seq 0 "${bastille_num_range}"); do + if ! grep -oq "bastille${_num}" ${bastille_jailsdir}/*/jail.conf; then + # Update jail.conf epair name + local uniq_epair="bastille${_num}" + local _if_vnet="$(grep ${_if} "${bastille_jail_rc_conf}" | grep -Eo -m 1 "vnet[0-9]+")" + sed -i '' "s|${_if}|${uniq_epair}|g" "${JAIL_CONFIG}" + # If jail had a static MAC, generate one for clone + if grep -oq ether ${JAIL_CONFIG}; then + local external_interface="$(grep ${uniq_epair} ${JAIL_CONFIG} | grep -o 'addm.*' | awk '{print $3}' | sed 's/["|;]//g')" + generate_static_mac "${NEWNAME}" "${external_interface}" + sed -i '' "s|${uniq_epair} ether.*:.*:.*:.*:.*:.*a\";|${uniq_epair} ether ${macaddr}a\";|" "${JAIL_CONFIG}" + sed -i '' "s|${uniq_epair} ether.*:.*:.*:.*:.*:.*b\";|${uniq_epair} ether ${macaddr}b\";|" "${JAIL_CONFIG}" + fi + sed -i '' "s|vnet host interface for Bastille jail ${TARGET}|vnet host interface for Bastille jail ${NEWNAME}|g" "${JAIL_CONFIG}" + # Update /etc/rc.conf + sed -i '' "s|ifconfig_e0b_${_if}_name|ifconfig_e0b_${uniq_epair}_name|" "${bastille_jail_rc_conf}" + if grep "vnet0" "${bastille_jail_rc_conf}" | grep -q ${uniq_epair}; then + if [ "${IP}" = "0.0.0.0" ]; then + sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="SYNCDHCP" + else + sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0=" inet ${IP} " + fi + else + sysrc -f "${bastille_jail_rc_conf}" ifconfig_${_if_vnet}="SYNCDHCP" + fi + break + fi + done fi done - - # Rename interface to new uniq_epair - sed -i '' "s|ifconfig_e0b_bastille.*_name|ifconfig_e0b_${uniq_epair}_name|" "${bastille_jail_rc_conf}" - sed -i '' "s|ifconfig_e.*b_${TARGET}_name|ifconfig_e${uniq_epair_bridge}b_${NEWNAME}_name|" "${bastille_jail_rc_conf}" - - # If 0.0.0.0 set DHCP, else set static IP address - if [ "${IP}" = "0.0.0.0" ]; then - sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="SYNCDHCP" - else - sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="inet ${IP}" - fi } + update_fstab() { # Update fstab to use the new name FSTAB_CONFIG="${bastille_jailsdir}/${NEWNAME}/fstab" From e36d1c2881d0ccc608e9c0092da214124c0966e3 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 13 Jan 2025 17:19:03 -0700 Subject: [PATCH 33/41] clone: fix mac not applying on bridge --- usr/local/share/bastille/clone.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 4b01ec10..428bf9c8 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -123,11 +123,11 @@ update_jailconf_vnet() { local _if_vnet="$(grep ${_if_epairb} "${bastille_jail_rc_conf}" | grep -Eo -m 1 "vnet[0-9]+")" sed -i '' "s|${_if}|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" # If jail had a static MAC, generate one for clone - if grep -oq ether ${JAIL_CONFIG}; then + if grep ether ${JAIL_CONFIG} | grep -qoc epair${uniq_epair_bridge}; then local external_interface="$(grep "epair${uniq_epair_bridge}" ${JAIL_CONFIG} | grep -o '[^ ]* addm' | awk '{print $1}')" generate_static_mac "${NEWNAME}" "${external_interface}" - sed -i '' "s|epair${uniq_epair_bridge}a ether.*:.*:.*:.*:.*:.*a\";|epair${uniq_epair}a ether ${macaddr}a\";|" "${JAIL_CONFIG}" - sed -i '' "s|epair${uniq_epair_bridge}b ether.*:.*:.*:.*:.*:.*b\";|epair${uniq_epair}b ether ${macaddr}b\";|" "${JAIL_CONFIG}" + sed -i '' "s|epair${uniq_epair_bridge}a ether.*:.*:.*:.*:.*:.*a\";|epair${uniq_epair_bridge}a ether ${macaddr}a\";|" "${JAIL_CONFIG}" + sed -i '' "s|epair${uniq_epair_bridge}b ether.*:.*:.*:.*:.*:.*b\";|epair${uniq_epair_bridge}b ether ${macaddr}b\";|" "${JAIL_CONFIG}" fi sed -i '' "s|vnet host interface for Bastille jail ${TARGET}|vnet host interface for Bastille jail ${NEWNAME}|g" "${JAIL_CONFIG}" # Update /etc/rc.conf @@ -153,7 +153,7 @@ update_jailconf_vnet() { local _if_vnet="$(grep ${_if} "${bastille_jail_rc_conf}" | grep -Eo -m 1 "vnet[0-9]+")" sed -i '' "s|${_if}|${uniq_epair}|g" "${JAIL_CONFIG}" # If jail had a static MAC, generate one for clone - if grep -oq ether ${JAIL_CONFIG}; then + if grep ether ${JAIL_CONFIG} | grep -qoc ${uniq_epair}; then local external_interface="$(grep ${uniq_epair} ${JAIL_CONFIG} | grep -o 'addm.*' | awk '{print $3}' | sed 's/["|;]//g')" generate_static_mac "${NEWNAME}" "${external_interface}" sed -i '' "s|${uniq_epair} ether.*:.*:.*:.*:.*:.*a\";|${uniq_epair} ether ${macaddr}a\";|" "${JAIL_CONFIG}" @@ -178,7 +178,6 @@ update_jailconf_vnet() { done } - update_fstab() { # Update fstab to use the new name FSTAB_CONFIG="${bastille_jailsdir}/${NEWNAME}/fstab" From 57a652cc70338bd0c2ecca03812154e94d9605da Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 13 Jan 2025 17:44:30 -0700 Subject: [PATCH 34/41] common: update function to use "epairx" because of name limit in FreeBSD --- usr/local/share/bastille/common.sh | 82 +++++++++++++++++------------- 1 file changed, 47 insertions(+), 35 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 2b7ea6af..a7b5ed0a 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -123,62 +123,73 @@ generate_static_mac() { } generate_vnet_jail_netblock() { - local jail_name="$1" - local use_unique_bridge="$2" - local external_interface="$3" + local jail_name="${1}" + local use_unique_bridge="${2}" + local external_interface="${3}" local static_mac="${4}" - generate_static_mac "${jail_name}" "${external_interface}" - ## determine number of containers + 1 + ## determine number of interfaces + 1 ## iterate num and grep all jail configs ## define uniq_epair - local jail_list="$(bastille list jails)" - if [ -n "${jail_list}" ]; then - local list_jails_num="$(echo "${jail_list}" | wc -l | awk '{print $1}')" - local num_range=$((list_jails_num + 1)) - for _num in $(seq 0 "${num_range}"); do - if ! grep -q "e[0-9]b_bastille${_num}" "${bastille_jailsdir}"/*/jail.conf; then - if ! grep -q "epair${_num}" "${bastille_jailsdir}"/*/jail.conf; then - local uniq_epair="bastille${_num}" + local _epair_if_count="$(grep -Eos 'epair[0-9]+' ${bastille_jailsdir}/*/jail.conf | sort -u | wc -l | awk '{print $1}')" + local _bastille_if_count="$(grep -Eos 'bastille[0-9]+' ${bastille_jailsdir}/*/jail.conf | sort -u | wc -l | awk '{print $1}')" + local epair_num_range=$((_epair_if_count + 1)) + local bastille_num_range=$((_bastille_if_count + 1)) + if [ -n "${use_unique_bridge}" ]; then + if [ "${_epair_if_count}" -gt 0 ]; then + for _num in $(seq 0 "${epair_num_range}"); do + if ! grep -Eosq "epair${_num}" ${bastille_jailsdir}/*/jail.conf; then local uniq_epair_bridge="${_num}" break fi - fi - done + done + else + local uniq_epair_bridge="0" + fi else - local uniq_epair="bastille0" - local uniq_epair_bridge="0" + if [ "${_bastille_if_count}" -gt 0 ]; then + for _num in $(seq 0 "${bastille_num_range}"); do + if ! grep -Eosq "bastille${_num}" ${bastille_jailsdir}/*/jail.conf; then + local uniq_epair="bastille${_num}" + break + fi + done + else + local uniq_epair="bastille0" + fi fi + ## If BRIDGE is enabled, generate bridge config, else generate VNET config if [ -n "${use_unique_bridge}" ]; then if [ -n "${static_mac}" ]; then - ## generate bridge config - cat <<-EOF + ## Generate bridged VNET config with static MAC address + generate_static_mac "${jail_name}" "${external_interface}" + cat <<-EOF vnet; - vnet.interface = e${uniq_epair_bridge}b_${jail_name}; + vnet.interface = epair${uniq_epair_bridge}b; exec.prestart += "ifconfig epair${uniq_epair_bridge} create"; exec.prestart += "ifconfig ${external_interface} addm epair${uniq_epair_bridge}a"; - exec.prestart += "ifconfig epair${uniq_epair_bridge}a up name e${uniq_epair_bridge}a_${jail_name}"; - exec.prestart += "ifconfig epair${uniq_epair_bridge}b up name e${uniq_epair_bridge}b_${jail_name}"; - exec.prestart += "ifconfig e${uniq_epair_bridge}a_${jail_name} ether ${macaddr}a"; - exec.prestart += "ifconfig e${uniq_epair_bridge}b_${jail_name} ether ${macaddr}b"; - exec.poststop += "ifconfig ${external_interface} deletem e${uniq_epair_bridge}a_${jail_name}"; - exec.poststop += "ifconfig e${uniq_epair_bridge}a_${jail_name} destroy"; + exec.prestart += "ifconfig epair${uniq_epair_bridge}a ether ${macaddr}a"; + exec.prestart += "ifconfig epair${uniq_epair_bridge}b ether ${macaddr}b"; + exec.prestart += "ifconfig epair${uniq_epair_bridge}a description \"vnet host interface for Bastille jail ${jail_name}\""; + exec.poststop += "ifconfig ${external_interface} deletem epair${uniq_epair_bridge}a"; + exec.poststop += "ifconfig epair${uniq_epair_bridge}a destroy"; EOF else - cat <<-EOF + ## Generate bridged VNET config without static MAC address + cat <<-EOF vnet; - vnet.interface = e${uniq_epair_bridge}b_${jail_name}; + vnet.interface = epair${uniq_epair_bridge}b; exec.prestart += "ifconfig epair${uniq_epair_bridge} create"; exec.prestart += "ifconfig ${external_interface} addm epair${uniq_epair_bridge}a"; - exec.prestart += "ifconfig epair${uniq_epair_bridge}a up name e${uniq_epair_bridge}a_${jail_name}"; - exec.prestart += "ifconfig epair${uniq_epair_bridge}b up name e${uniq_epair_bridge}b_${jail_name}"; - exec.poststop += "ifconfig ${external_interface} deletem e${uniq_epair_bridge}a_${jail_name}"; - exec.poststop += "ifconfig e${uniq_epair_bridge}a_${jail_name} destroy"; + exec.prestart += "ifconfig epair${uniq_epair_bridge}a description \"vnet host interface for Bastille jail ${jail_name}\""; + exec.poststop += "ifconfig ${external_interface} deletem epair${uniq_epair_bridge}a"; + exec.poststop += "ifconfig epair${uniq_epair_bridge}a destroy"; EOF fi else if [ -n "${static_mac}" ]; then - ## generate config - cat <<-EOF + ## Generate VNET config with static MAC address + generate_static_mac "${jail_name}" "${external_interface}" + cat <<-EOF vnet; vnet.interface = e0b_${uniq_epair}; exec.prestart += "jib addm ${uniq_epair} ${external_interface}"; @@ -188,7 +199,8 @@ EOF exec.poststop += "jib destroy ${uniq_epair}"; EOF else - cat <<-EOF + ## Generate VNET config without static MAC address + cat <<-EOF vnet; vnet.interface = e0b_${uniq_epair}; exec.prestart += "jib addm ${uniq_epair} ${external_interface}"; From b1a3306cef06eb32f785be7ef1d057f4909e2804 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 14 Jan 2025 07:33:43 -0700 Subject: [PATCH 35/41] common: use FreeBSD prefix for static MAC --- usr/local/share/bastille/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index a7b5ed0a..a71b4182 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -113,7 +113,7 @@ generate_static_mac() { local jail_name="${1}" local external_interface="${2}" local external_interface_mac="$(ifconfig ${external_interface} | grep ether | awk '{print $2}')" - local macaddr_prefix="$(echo ${external_interface_mac} | cut -d':' -f1-3)" + local macaddr_prefix="58:9c:fc" local macaddr_suffix="$(echo -n "${external_interface_mac}${jail_name}" | sed 's#:##g' | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" if [ -z "${macaddr_prefix}" ] || [ -z "${macaddr_suffix}" ]; then error_notify "Failed to generate MAC address." From 9420441a566dd480aac3f80ca5c461017c378e2a Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 14 Jan 2025 10:54:28 -0700 Subject: [PATCH 36/41] common: Add comments about static MAC --- usr/local/share/bastille/common.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index a71b4182..973a37ca 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -113,7 +113,9 @@ generate_static_mac() { local jail_name="${1}" local external_interface="${2}" local external_interface_mac="$(ifconfig ${external_interface} | grep ether | awk '{print $2}')" + # Use the FreeBSD vendor MAC prefix for jail MAC prefix "58:9c:fc" local macaddr_prefix="58:9c:fc" + # Hash interface+jailname for jail MAC suffix local macaddr_suffix="$(echo -n "${external_interface_mac}${jail_name}" | sed 's#:##g' | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" if [ -z "${macaddr_prefix}" ] || [ -z "${macaddr_suffix}" ]; then error_notify "Failed to generate MAC address." From a83772dc2b6a01f5bd0ba052d8587d009e0d0602 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 14 Jan 2025 14:49:07 -0700 Subject: [PATCH 37/41] =?UTF-8?q?list:=20Fix=20=E2=80=9Cgrep:=20no=20such?= =?UTF-8?q?=20file=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes the issue introduced by the 0.12-2025 release. The problem was the entries were being passed to grep as combined strings because of quotes. Remove the quotes solves the issue. --- usr/local/share/bastille/list.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 3b1845b7..b15b1ddb 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -64,7 +64,7 @@ list_all(){ MAX_LENGTH_JID=${MAX_LENGTH_JID:-3} MAX_LENGTH_JAIL_IP=$(find ${bastille_jailsdir}/*/jail.conf -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 sed -n "s/^[ ]*ip[4,6].addr[ ]*=[ ]*\(.*\);$/\1 /p" | sed 's/\// /g' | awk '{ print length($1) }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_IP:-10} - MAX_LENGTH_JAIL_VNET_IP=$(find ${bastille_jailsdir}/*/jail.conf -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -l "vnet;" | grep -h "ifconfig_vnet0=" "$(sed -n "s/\(.*\)jail.conf$/\1root\/etc\/rc.conf/p")" | sed -n "s/^ifconfig_vnet0=\"\(.*\)\"$/\1/p"| sed "s/\// /g" | awk '{ if ($1 ~ /^[inet|inet6]/) print length($2); else print 15 }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_VNET_IP=$(find ${bastille_jailsdir}/*/jail.conf -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -l "vnet;" | grep -h "ifconfig_vnet0=" $(sed -n "s/\(.*\)jail.conf$/\1root\/etc\/rc.conf/p") | sed -n "s/^ifconfig_vnet0=\"\(.*\)\"$/\1/p"| sed "s/\// /g" | awk '{ if ($1 ~ /^[inet|inet6]/) print length($2); else print 15 }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_VNET_IP=${MAX_LENGTH_JAIL_VNET_IP:-10} if [ "${MAX_LENGTH_JAIL_VNET_IP}" -gt "${MAX_LENGTH_JAIL_IP}" ]; then MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_VNET_IP}; fi if [ "${MAX_LENGTH_JAIL_IP}" -lt 10 ]; then MAX_LENGTH_JAIL_IP=10; fi @@ -75,11 +75,11 @@ list_all(){ MAX_LENGTH_JAIL_PORTS=${MAX_LENGTH_JAIL_PORTS:-15} if [ "${MAX_LENGTH_JAIL_PORTS}" -lt 15 ]; then MAX_LENGTH_JAIL_PORTS=15; fi if [ "${MAX_LENGTH_JAIL_PORTS}" -gt 30 ]; then MAX_LENGTH_JAIL_PORTS=30; fi - MAX_LENGTH_JAIL_RELEASE=$(find ${bastille_jailsdir}/*/fstab -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/releases/.*/root/.bastille.*nullfs" | grep -hE "^USERLAND_VERSION=" "$(sed -n "s/^\(.*\) \/.*$/\1\/bin\/freebsd-version/p" | awk '!_[$0]++')" | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_RELEASE=$(find ${bastille_jailsdir}/*/fstab -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/releases/.*/root/.bastille.*nullfs" | grep -hE "^USERLAND_VERSION=" $(sed -n "s/^\(.*\) \/.*$/\1\/bin\/freebsd-version/p" | awk '!_[$0]++') | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_JAIL_RELEASE:-7} MAX_LENGTH_THICK_JAIL_RELEASE=$(find ${bastille_jailsdir}/*/root/bin/freebsd-version -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -hE "^USERLAND_VERSION=" | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1) MAX_LENGTH_THICK_JAIL_RELEASE=${MAX_LENGTH_THICK_JAIL_RELEASE:-7} - MAX_LENGTH_LINUX_JAIL_RELEASE=$(find ${bastille_jailsdir}/*/fstab -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/jails/.*/root/proc.*linprocfs" | grep -hE "^NAME=|^VERSION_ID=|^VERSION_CODENAME=" "$(sed -n "s/^linprocfs *\(.*\)\/.*$/\1\/etc\/os-release/p")" 2> /dev/null | sed "s/\"//g" | sed "s/ GNU\/Linux//g" | sed "N;N;s/\n/;/g" | sed -n "s/^NAME=\(.*\);VERSION_ID=\(.*\);VERSION_CODENAME=\(.*\)$/\1 \2 (\3)/p" | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_LINUX_JAIL_RELEASE=$(find ${bastille_jailsdir}/*/fstab -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/jails/.*/root/proc.*linprocfs" | grep -hE "^NAME=|^VERSION_ID=|^VERSION_CODENAME=" $(sed -n "s/^linprocfs *\(.*\)\/.*$/\1\/etc\/os-release/p") 2> /dev/null | sed "s/\"//g" | sed "s/ GNU\/Linux//g" | sed "N;N;s/\n/;/g" | sed -n "s/^NAME=\(.*\);VERSION_ID=\(.*\);VERSION_CODENAME=\(.*\)$/\1 \2 (\3)/p" | awk '{ print length($0) }' | sort -nr | head -n 1) MAX_LENGTH_LINUX_JAIL_RELEASE=${MAX_LENGTH_LINUX_JAIL_RELEASE:-7} if [ "${MAX_LENGTH_THICK_JAIL_RELEASE}" -gt "${MAX_LENGTH_JAIL_RELEASE}" ]; then MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_THICK_JAIL_RELEASE}; fi if [ "${MAX_LENGTH_LINUX_JAIL_RELEASE}" -gt "${MAX_LENGTH_JAIL_RELEASE}" ]; then MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_LINUX_JAIL_RELEASE}; fi From e07f121bcfb8699121e21fcd9fd0b8ce7f02c6cd Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 14 Jan 2025 14:53:56 -0700 Subject: [PATCH 38/41] =?UTF-8?q?List:=20fix=20=E2=80=9C=E2=80=9D=20for=20?= =?UTF-8?q?shell=20check?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- usr/local/share/bastille/list.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index b15b1ddb..694c511c 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -64,7 +64,7 @@ list_all(){ MAX_LENGTH_JID=${MAX_LENGTH_JID:-3} MAX_LENGTH_JAIL_IP=$(find ${bastille_jailsdir}/*/jail.conf -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 sed -n "s/^[ ]*ip[4,6].addr[ ]*=[ ]*\(.*\);$/\1 /p" | sed 's/\// /g' | awk '{ print length($1) }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_IP:-10} - MAX_LENGTH_JAIL_VNET_IP=$(find ${bastille_jailsdir}/*/jail.conf -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -l "vnet;" | grep -h "ifconfig_vnet0=" $(sed -n "s/\(.*\)jail.conf$/\1root\/etc\/rc.conf/p") | sed -n "s/^ifconfig_vnet0=\"\(.*\)\"$/\1/p"| sed "s/\// /g" | awk '{ if ($1 ~ /^[inet|inet6]/) print length($2); else print 15 }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_VNET_IP="$(find ${bastille_jailsdir}/*/jail.conf -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -l "vnet;" | grep -h "ifconfig_vnet0=" $(sed -n "s/\(.*\)jail.conf$/\1root\/etc\/rc.conf/p") | sed -n "s/^ifconfig_vnet0=\"\(.*\)\"$/\1/p"| sed "s/\// /g" | awk '{ if ($1 ~ /^[inet|inet6]/) print length($2); else print 15 }' | sort -nr | head -n 1)" MAX_LENGTH_JAIL_VNET_IP=${MAX_LENGTH_JAIL_VNET_IP:-10} if [ "${MAX_LENGTH_JAIL_VNET_IP}" -gt "${MAX_LENGTH_JAIL_IP}" ]; then MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_VNET_IP}; fi if [ "${MAX_LENGTH_JAIL_IP}" -lt 10 ]; then MAX_LENGTH_JAIL_IP=10; fi @@ -75,11 +75,11 @@ list_all(){ MAX_LENGTH_JAIL_PORTS=${MAX_LENGTH_JAIL_PORTS:-15} if [ "${MAX_LENGTH_JAIL_PORTS}" -lt 15 ]; then MAX_LENGTH_JAIL_PORTS=15; fi if [ "${MAX_LENGTH_JAIL_PORTS}" -gt 30 ]; then MAX_LENGTH_JAIL_PORTS=30; fi - MAX_LENGTH_JAIL_RELEASE=$(find ${bastille_jailsdir}/*/fstab -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/releases/.*/root/.bastille.*nullfs" | grep -hE "^USERLAND_VERSION=" $(sed -n "s/^\(.*\) \/.*$/\1\/bin\/freebsd-version/p" | awk '!_[$0]++') | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_JAIL_RELEASE="$(find ${bastille_jailsdir}/*/fstab -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/releases/.*/root/.bastille.*nullfs" | grep -hE "^USERLAND_VERSION=" $(sed -n "s/^\(.*\) \/.*$/\1\/bin\/freebsd-version/p" | awk '!_[$0]++') | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1)" MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_JAIL_RELEASE:-7} MAX_LENGTH_THICK_JAIL_RELEASE=$(find ${bastille_jailsdir}/*/root/bin/freebsd-version -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -hE "^USERLAND_VERSION=" | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1) MAX_LENGTH_THICK_JAIL_RELEASE=${MAX_LENGTH_THICK_JAIL_RELEASE:-7} - MAX_LENGTH_LINUX_JAIL_RELEASE=$(find ${bastille_jailsdir}/*/fstab -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/jails/.*/root/proc.*linprocfs" | grep -hE "^NAME=|^VERSION_ID=|^VERSION_CODENAME=" $(sed -n "s/^linprocfs *\(.*\)\/.*$/\1\/etc\/os-release/p") 2> /dev/null | sed "s/\"//g" | sed "s/ GNU\/Linux//g" | sed "N;N;s/\n/;/g" | sed -n "s/^NAME=\(.*\);VERSION_ID=\(.*\);VERSION_CODENAME=\(.*\)$/\1 \2 (\3)/p" | awk '{ print length($0) }' | sort -nr | head -n 1) + MAX_LENGTH_LINUX_JAIL_RELEASE="$(find ${bastille_jailsdir}/*/fstab -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/jails/.*/root/proc.*linprocfs" | grep -hE "^NAME=|^VERSION_ID=|^VERSION_CODENAME=" $(sed -n "s/^linprocfs *\(.*\)\/.*$/\1\/etc\/os-release/p") 2> /dev/null | sed "s/\"//g" | sed "s/ GNU\/Linux//g" | sed "N;N;s/\n/;/g" | sed -n "s/^NAME=\(.*\);VERSION_ID=\(.*\);VERSION_CODENAME=\(.*\)$/\1 \2 (\3)/p" | awk '{ print length($0) }' | sort -nr | head -n 1)" MAX_LENGTH_LINUX_JAIL_RELEASE=${MAX_LENGTH_LINUX_JAIL_RELEASE:-7} if [ "${MAX_LENGTH_THICK_JAIL_RELEASE}" -gt "${MAX_LENGTH_JAIL_RELEASE}" ]; then MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_THICK_JAIL_RELEASE}; fi if [ "${MAX_LENGTH_LINUX_JAIL_RELEASE}" -gt "${MAX_LENGTH_JAIL_RELEASE}" ]; then MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_LINUX_JAIL_RELEASE}; fi From b59f02afa3d37f633e19225562683c0bc46d61e2 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 14 Jan 2025 15:00:13 -0700 Subject: [PATCH 39/41] list: disable shell check (needed for grep error) --- usr/local/share/bastille/list.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 694c511c..e53959d0 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -64,6 +64,7 @@ list_all(){ MAX_LENGTH_JID=${MAX_LENGTH_JID:-3} MAX_LENGTH_JAIL_IP=$(find ${bastille_jailsdir}/*/jail.conf -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 sed -n "s/^[ ]*ip[4,6].addr[ ]*=[ ]*\(.*\);$/\1 /p" | sed 's/\// /g' | awk '{ print length($1) }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_IP:-10} + # shellchech disable=SC2046 MAX_LENGTH_JAIL_VNET_IP="$(find ${bastille_jailsdir}/*/jail.conf -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -l "vnet;" | grep -h "ifconfig_vnet0=" $(sed -n "s/\(.*\)jail.conf$/\1root\/etc\/rc.conf/p") | sed -n "s/^ifconfig_vnet0=\"\(.*\)\"$/\1/p"| sed "s/\// /g" | awk '{ if ($1 ~ /^[inet|inet6]/) print length($2); else print 15 }' | sort -nr | head -n 1)" MAX_LENGTH_JAIL_VNET_IP=${MAX_LENGTH_JAIL_VNET_IP:-10} if [ "${MAX_LENGTH_JAIL_VNET_IP}" -gt "${MAX_LENGTH_JAIL_IP}" ]; then MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_VNET_IP}; fi @@ -75,10 +76,12 @@ list_all(){ MAX_LENGTH_JAIL_PORTS=${MAX_LENGTH_JAIL_PORTS:-15} if [ "${MAX_LENGTH_JAIL_PORTS}" -lt 15 ]; then MAX_LENGTH_JAIL_PORTS=15; fi if [ "${MAX_LENGTH_JAIL_PORTS}" -gt 30 ]; then MAX_LENGTH_JAIL_PORTS=30; fi + # shellchech disable=SC2046 MAX_LENGTH_JAIL_RELEASE="$(find ${bastille_jailsdir}/*/fstab -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/releases/.*/root/.bastille.*nullfs" | grep -hE "^USERLAND_VERSION=" $(sed -n "s/^\(.*\) \/.*$/\1\/bin\/freebsd-version/p" | awk '!_[$0]++') | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1)" MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_JAIL_RELEASE:-7} MAX_LENGTH_THICK_JAIL_RELEASE=$(find ${bastille_jailsdir}/*/root/bin/freebsd-version -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -hE "^USERLAND_VERSION=" | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1) MAX_LENGTH_THICK_JAIL_RELEASE=${MAX_LENGTH_THICK_JAIL_RELEASE:-7} + # shellchech disable=SC2046 MAX_LENGTH_LINUX_JAIL_RELEASE="$(find ${bastille_jailsdir}/*/fstab -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/jails/.*/root/proc.*linprocfs" | grep -hE "^NAME=|^VERSION_ID=|^VERSION_CODENAME=" $(sed -n "s/^linprocfs *\(.*\)\/.*$/\1\/etc\/os-release/p") 2> /dev/null | sed "s/\"//g" | sed "s/ GNU\/Linux//g" | sed "N;N;s/\n/;/g" | sed -n "s/^NAME=\(.*\);VERSION_ID=\(.*\);VERSION_CODENAME=\(.*\)$/\1 \2 (\3)/p" | awk '{ print length($0) }' | sort -nr | head -n 1)" MAX_LENGTH_LINUX_JAIL_RELEASE=${MAX_LENGTH_LINUX_JAIL_RELEASE:-7} if [ "${MAX_LENGTH_THICK_JAIL_RELEASE}" -gt "${MAX_LENGTH_JAIL_RELEASE}" ]; then MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_THICK_JAIL_RELEASE}; fi From 43dfd98af5072860f654a6209e6a829babca0752 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 14 Jan 2025 15:02:17 -0700 Subject: [PATCH 40/41] list: typo in shellcheck --- usr/local/share/bastille/list.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index e53959d0..23f13d07 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -64,7 +64,7 @@ list_all(){ MAX_LENGTH_JID=${MAX_LENGTH_JID:-3} MAX_LENGTH_JAIL_IP=$(find ${bastille_jailsdir}/*/jail.conf -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 sed -n "s/^[ ]*ip[4,6].addr[ ]*=[ ]*\(.*\);$/\1 /p" | sed 's/\// /g' | awk '{ print length($1) }' | sort -nr | head -n 1) MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_IP:-10} - # shellchech disable=SC2046 + # shellcheck disable=SC2046 MAX_LENGTH_JAIL_VNET_IP="$(find ${bastille_jailsdir}/*/jail.conf -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -l "vnet;" | grep -h "ifconfig_vnet0=" $(sed -n "s/\(.*\)jail.conf$/\1root\/etc\/rc.conf/p") | sed -n "s/^ifconfig_vnet0=\"\(.*\)\"$/\1/p"| sed "s/\// /g" | awk '{ if ($1 ~ /^[inet|inet6]/) print length($2); else print 15 }' | sort -nr | head -n 1)" MAX_LENGTH_JAIL_VNET_IP=${MAX_LENGTH_JAIL_VNET_IP:-10} if [ "${MAX_LENGTH_JAIL_VNET_IP}" -gt "${MAX_LENGTH_JAIL_IP}" ]; then MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_VNET_IP}; fi @@ -76,12 +76,12 @@ list_all(){ MAX_LENGTH_JAIL_PORTS=${MAX_LENGTH_JAIL_PORTS:-15} if [ "${MAX_LENGTH_JAIL_PORTS}" -lt 15 ]; then MAX_LENGTH_JAIL_PORTS=15; fi if [ "${MAX_LENGTH_JAIL_PORTS}" -gt 30 ]; then MAX_LENGTH_JAIL_PORTS=30; fi - # shellchech disable=SC2046 + # shellcheck disable=SC2046 MAX_LENGTH_JAIL_RELEASE="$(find ${bastille_jailsdir}/*/fstab -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/releases/.*/root/.bastille.*nullfs" | grep -hE "^USERLAND_VERSION=" $(sed -n "s/^\(.*\) \/.*$/\1\/bin\/freebsd-version/p" | awk '!_[$0]++') | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1)" MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_JAIL_RELEASE:-7} MAX_LENGTH_THICK_JAIL_RELEASE=$(find ${bastille_jailsdir}/*/root/bin/freebsd-version -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -hE "^USERLAND_VERSION=" | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1) MAX_LENGTH_THICK_JAIL_RELEASE=${MAX_LENGTH_THICK_JAIL_RELEASE:-7} - # shellchech disable=SC2046 + # shellcheck disable=SC2046 MAX_LENGTH_LINUX_JAIL_RELEASE="$(find ${bastille_jailsdir}/*/fstab -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/jails/.*/root/proc.*linprocfs" | grep -hE "^NAME=|^VERSION_ID=|^VERSION_CODENAME=" $(sed -n "s/^linprocfs *\(.*\)\/.*$/\1\/etc\/os-release/p") 2> /dev/null | sed "s/\"//g" | sed "s/ GNU\/Linux//g" | sed "N;N;s/\n/;/g" | sed -n "s/^NAME=\(.*\);VERSION_ID=\(.*\);VERSION_CODENAME=\(.*\)$/\1 \2 (\3)/p" | awk '{ print length($0) }' | sort -nr | head -n 1)" MAX_LENGTH_LINUX_JAIL_RELEASE=${MAX_LENGTH_LINUX_JAIL_RELEASE:-7} if [ "${MAX_LENGTH_THICK_JAIL_RELEASE}" -gt "${MAX_LENGTH_JAIL_RELEASE}" ]; then MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_THICK_JAIL_RELEASE}; fi From ce0ab9d3642e8513a60f62ef0e3664d8a5e88d2f Mon Sep 17 00:00:00 2001 From: Matthias Petermann Date: Fri, 17 Jan 2025 09:58:23 +0100 Subject: [PATCH 41/41] Commit fb71f0d introduced to possibility to add options behind permissions in fstab. Unfortunately it breaks scenarios where no options are provided as the current regex expects the comma with the options always to be present. This patch fixes the regex to handle the options as group. --- usr/local/share/bastille/mount.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index b2aeb438..8aa3cb78 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -92,7 +92,7 @@ elif [ ! -e "${_hostpath}" ] || [ "${_type}" != "nullfs" ]; then fi # Mount permissions,options need to start with "ro" or "rw" -if ! echo "${_perms}" | grep -Eq 'r[w|o],.*$'; then +if ! echo "${_perms}" | grep -Eq 'r[w|o](,.*)?$'; then error_notify "Detected invalid mount permissions in FSTAB." warn "Format: /host/path /jail/path nullfs ro 0 0" warn "Read: ${_fstab}"