Merge pull request #20 from cedwards/master

0.3.20181124 patch
BastilleBSD · Nov 24, 2018 · 118d403 · 118d403
2 parents 1c0f261 + c982290
commit 118d403
Show file tree

Hide file tree

Showing 21 changed files with 182 additions and 139 deletions.
diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille
@@ -32,7 +32,7 @@
 . /usr/local/etc/bastille/bastille.conf
 
 ## version
-BASTILLE_VERSION="0.3.20181120"
+BASTILLE_VERSION="0.3.20181124"
 
 usage() {
     cat << EOF

diff --git a/usr/local/etc/rc.d/bastille b/usr/local/etc/rc.d/bastille
@@ -2,8 +2,6 @@
 
 # $FreeBSD: $
 #
-# Bastille startup script
-#
 # PROVIDE: bastille
 # REQUIRE: LOGIN
 # KEYWORD: shutdown
@@ -19,47 +17,29 @@
 . /etc/rc.subr
 
 name=bastille
-rcvar=bastille_enable
+rcvar=${name}_enable
 
-load_rc_config ${name}
+command="/usr/local/bin/${name}"
 
-: ${bastille_enable:=NO}
-: ${bastille_list:=""}
+start_cmd="${name}_start"
+stop_cmd="${name}_stop"
 
-start_cmd=bastille_start
-stop_cmd=bastille_stop
-
-start_command="%%PREFIX%%/bin/bastille start"
-stop_command="%%PREFIX%%/bin/bastille stop"
+: ${bastille_enable:=NO}
+: ${bastille_list:="ALL"}
 
 bastille_start()
 {
-    if [ ! -n "${bastille_list}" ]; then
-        echo "${bastille_list} is undefined"
-        return 1
-    fi
-
-    local _jail
-
     for _jail in ${bastille_list}; do
-        echo "Starting Bastille Jail: ${_jail}"
-        ${start_command} ${_jail}
+        ${command} start ${_jail}
     done
 }
 
 bastille_stop()
 {
-    if [ ! -n "${bastille_list}" ]; then
-        echo "${bastille_list} is undefined"
-        return 1
-    fi
-
-    local _jail
-
     for _jail in ${bastille_list}; do
-        echo "Stopping Bastille Jail: ${_jail}"
-        ${stop_command} ${_jail}
+        ${command} stop ${_jail}
     done
 }
 
-run_rc_command "$1"
+load_rc_config ${name}
+run_rc_command "$@"
diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh
@@ -46,68 +46,77 @@ esac
 RELEASE=$1
 
 bootstrap() {
-    ### create $bastille_base/release/$release directory
-    ### fetch $release/base.txz -o $bastille_base/cache/$release/base.txz
-    ### extract $release/base.txz to $bastille_base/release/$release
+    ## ensure required directories are in place
     if [ ! -d ${bastille_jailsdir} ]; then
         mkdir -p ${bastille_jailsdir}
     fi
     if [ ! -d ${bastille_logsdir} ]; then
         mkdir -p ${bastille_logsdir}
     fi
-    if [ ! -d ${bastille_cachedir}/${RELEASE} ]; then
-        mkdir -p ${bastille_cachedir}/${RELEASE}
+    if [ ! -d ${bastille_templatesdir} ]; then
+        mkdir -p ${bastille_templatesdir}
+    fi
+    if [ ! -d "${bastille_cachedir}/${RELEASE}" ]; then
+        mkdir -p "${bastille_cachedir}/${RELEASE}"
     fi
 
-    if [ ! -d ${bastille_releasesdir}/${RELEASE} ]; then
-        mkdir -p ${bastille_releasesdir}/${RELEASE}
+    ### create $bastille_base/release/$release directory
+    ### fetch $release/base.txz -o $bastille_base/cache/$release/base.txz
+    ### fetch $release/lib32.txz -o $bastille_base/cache/$release/lib32.txz
+    ### extract $release/base.txz to $bastille_base/release/$release
+    ### extract $release/lib32.txz to $bastille_base/release/$release
+    if [ ! -d "${bastille_releasesdir}/${RELEASE}" ]; then
+        mkdir -p "${bastille_releasesdir}/${RELEASE}"
         sh ${bastille_sharedir}/freebsd_dist_fetch.sh -r ${RELEASE} base lib32
 
         echo
         echo -e "${COLOR_GREEN}Extracting FreeBSD ${RELEASE} base.txz.${COLOR_RESET}"
-        /usr/bin/tar -C ${bastille_releasesdir}/${RELEASE} -xf ${bastille_cachedir}/${RELEASE}/base.txz
+        /usr/bin/tar -C "${bastille_releasesdir}/${RELEASE}" -xf "${bastille_cachedir}/${RELEASE}/base.txz"
 
         echo -e "${COLOR_GREEN}Extracting FreeBSD ${RELEASE} lib32.txz.${COLOR_RESET}"
-        /usr/bin/tar -C ${bastille_releasesdir}/${RELEASE} -xf ${bastille_cachedir}/${RELEASE}/lib32.txz
+        /usr/bin/tar -C "${bastille_releasesdir}/${RELEASE}" -xf "${bastille_cachedir}/${RELEASE}/lib32.txz"
 
-	    echo -e "${COLOR_GREEN}Bootstrap successful.${COLOR_RESET}"
-	    echo -e "${COLOR_GREEN}See 'bastille --help' for available commands.${COLOR_RESET}"
-	    echo
+        echo -e "${COLOR_GREEN}Bootstrap successful.${COLOR_RESET}"
+        echo -e "${COLOR_GREEN}See 'bastille --help' for available commands.${COLOR_RESET}"
+        echo
     else
         echo -e "${COLOR_RED}Bootstrap appears complete.${COLOR_RESET}"
-	exit 1
+        exit 1
     fi
 }
 
 # Filter sane release names
 case "${RELEASE}" in
 10.1-RELEASE)
     bootstrap
-    echo -e "${COLOR_RED}This release is End of Life. No security updates.${COLOR_RESET}"
+    echo -e "${COLOR_RED}WARNING: FreeBSD 10.1-RELEASE HAS PASSED ITS END-OF-LIFE DATE.${COLOR_RESET}"
 	;;
 10.2-RELEASE)
     bootstrap
-    echo -e "${COLOR_RED}This release is End of Life. No security updates.${COLOR_RESET}"
+    echo -e "${COLOR_RED}WARNING: FreeBSD 10.2-RELEASE HAS PASSED ITS END-OF-LIFE DATE.${COLOR_RESET}"
 	;;
 10.3-RELEASE)
     bootstrap
-    echo -e "${COLOR_RED}This release is End of Life. No security updates.${COLOR_RESET}"
+    echo -e "${COLOR_RED}WARNING: FreeBSD 10.3-RELEASE HAS PASSED ITS END-OF-LIFE DATE.${COLOR_RESET}"
 	;;
 10.4-RELEASE)
     bootstrap
-    echo -e "${COLOR_RED}This release is End of Life. No security updates.${COLOR_RESET}"
+    echo -e "${COLOR_RED}WARNING: FreeBSD 10.4-RELEASE HAS PASSED ITS END-OF-LIFE DATE.${COLOR_RESET}"
 	;;
 11.0-RELEASE)
     bootstrap
-    echo -e "${COLOR_RED}This release is End of Life. No security updates.${COLOR_RESET}"
+    echo -e "${COLOR_RED}WARNING: FreeBSD 11.0-RELEASE HAS PASSED ITS END-OF-LIFE DATE.${COLOR_RESET}"
 	;;
 11.1-RELEASE)
     bootstrap
-    echo -e "${COLOR_RED}This release is End of Life. No security updates.${COLOR_RESET}"
+    echo -e "${COLOR_RED}WARNING: FreeBSD 11.1-RELEASE HAS PASSED ITS END-OF-LIFE DATE.${COLOR_RESET}"
 	;;
 11.2-RELEASE)
     bootstrap
 	;;
+12.0-RELEASE)
+    bootstrap
+	;;
 12.0-BETA1)
     bootstrap
     echo -e "${COLOR_RED}BETA releases are completely untested.${COLOR_RESET}"
@@ -124,8 +133,19 @@ case "${RELEASE}" in
     bootstrap
     echo -e "${COLOR_RED}BETA releases are completely untested.${COLOR_RESET}"
 	;;
+12.0-RC1)
+    bootstrap
+    echo -e "${COLOR_RED}RC releases are completely untested.${COLOR_RESET}"
+	;;
+12.0-RC2)
+    bootstrap
+    echo -e "${COLOR_RED}RC releases are completely untested.${COLOR_RESET}"
+	;;
+12.0-RC3)
+    bootstrap
+    echo -e "${COLOR_RED}RC releases are completely untested.${COLOR_RESET}"
+	;;
 *)
-    echo -e "${COLOR_RED}BETA releases are completely untested.${COLOR_RESET}"
     usage
     ;;
 esac
diff --git a/usr/local/share/bastille/cmd.sh b/usr/local/share/bastille/cmd.sh
@@ -47,10 +47,10 @@ if [ $# -gt 2 ] || [ $# -lt 2 ]; then
 fi
 
 if [ "$1" = 'ALL' ]; then
-    JAILS=$(jls -N name)
+    JAILS=$(jls name)
 fi
 if [ "$1" != 'ALL' ]; then
-    JAILS=$(jls -N name | grep "$1")
+    JAILS=$(jls name | grep -E "(^|\b)${1}($|\b)")
 fi
 
 for _jail in ${JAILS}; do

diff --git a/usr/local/share/bastille/console.sh b/usr/local/share/bastille/console.sh
@@ -42,15 +42,14 @@ help|-h|--help)
     ;;
 esac
 
-
 if [ $# -gt 1 ] || [ $# -lt 1 ]; then
     usage
 fi
 if [ "$1" = 'ALL' ]; then
-    JAILS=$(jls -N name)
+    JAILS=$(jls name)
 fi
 if [ "$1" != 'ALL' ]; then
-    JAILS=$(jls -N name | grep "$1")
+    JAILS=$(jls name | grep -E "(^|\b)${1}($|\b)")
 fi
 
 for _jail in ${JAILS}; do

diff --git a/usr/local/share/bastille/cp.sh b/usr/local/share/bastille/cp.sh
@@ -47,15 +47,15 @@ if [ $# -gt 3 ] || [ $# -lt 3 ]; then
     usage
 fi
 
-if [ "$1" != 'ALL' ]; then
-    JAILS=$(jls -N name | grep "$1")
-fi
 if [ "$1" = 'ALL' ]; then
-    JAILS=$(jls -N name)
+    JAILS=$(jls name)
+fi
+if [ "$1" != 'ALL' ]; then
+    JAILS=$(jls name | grep -E "(^|\b)${1}($|\b)")
 fi
 
 for _jail in ${JAILS}; do
-    bastille_jail_path="${bastille_jailsdir}/${_jail}/root"
+    bastille_jail_path="$(jls -j "${_jail}" path)"
     echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
     cp -a "$2" "${bastille_jail_path}/$3"
     echo

diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh
@@ -37,7 +37,7 @@ usage() {
 }
 
 running_jail() {
-    jls -N name | grep ${NAME}
+    jls name | grep -E "(^|\b)${NAME}($|\b)"
 }
 
 validate_ip() {
@@ -94,7 +94,6 @@ create_jail() {
 
     ## using relative paths here
     ## MAKE SURE WE'RE IN THE RIGHT PLACE
-    ## ro
     cd "${bastille_jail_path}"
     echo
     echo -e "${COLOR_GREEN}NAME: ${NAME}.${COLOR_RESET}"
@@ -125,8 +124,11 @@ create_jail() {
     cp -a "${bastille_releasesdir}/${RELEASE}/usr/obj" "${bastille_jail_path}"
     if [ "${RELEASE}" == "11.2-RELEASE" ]; then cp -a "${bastille_releasesdir}/${RELEASE}/usr/tests" "${bastille_jail_path}"; fi
 
-    ## rc.conf.local & resolv.conf
-    ## cron_flags="-J 60" ## cedwards 20181118
+    ## rc.conf.local
+    ##  + syslogd_flags="-ss"
+    ##  + sendmail_none="NONE"
+    ##  + cron_flags="-J 60" ## cedwards 20181118
+    ## resolv.conf
     if [ ! -f "${bastille_jail_rc_conf}" ]; then
         echo -e "syslogd_flags=\"-ss\"\nsendmail_enable=\"NONE\"" > ${bastille_jail_rc_conf}
 	echo -e "cron_flags=\"-J 60\"" >> ${bastille_jail_rc_conf}
@@ -157,27 +159,67 @@ IP="$3"
 
 ## verify release
 case "${RELEASE}" in
+10.1-RELEASE)
+    RELEASE="10.1-RELEASE"
+	;;
+10.2-RELEASE)
+    RELEASE="10.2-RELEASE"
+	;;
+10.3-RELEASE)
+    RELEASE="10.3-RELEASE"
+	;;
 10.4-RELEASE)
     RELEASE="10.4-RELEASE"
     ;;
+11.0-RELEASE)
+    RELEASE="11.0-RELEASE"
+    ;;
+11.1-RELEASE)
+    RELEASE="11.1-RELEASE"
+    ;;
 11.2-RELEASE)
     RELEASE="11.2-RELEASE"
     ;;
+12.0-RELEASE)
+    RELEASE="12.0-RELEASE"
+    ;;
+12.0-BETA1)
+    RELEASE="12.0-BETA1"
+    ;;
+12.0-BETA2)
+    RELEASE="12.0-BETA2"
+    ;;
+12.0-BETA3)
+    RELEASE="12.0-BETA3"
+    ;;
+12.0-BETA4)
+    RELEASE="12.0-BETA4"
+    ;;
+12.0-RC1)
+    RELEASE="12.0-RC1"
+    ;;
+12.0-RC2)
+    RELEASE="12.0-RC2"
+    ;;
+12.0-RC3)
+    RELEASE="12.0-RC3"
+    ;;
 *)
     echo -e "${COLOR_RED}Unknown Release.${COLOR_RESET}"
     usage
     ;;
 esac
 
 ## check for name/root/.bastille
-if [ -d "/usr/local/bastille/jails/${NAME}/root/.bastille" ]; then
+if [ -d "${bastille_jailsdir}/${NAME}/root/.bastille" ]; then
     echo -e "${COLOR_RED}Jail: ${NAME} already created. ${NAME}/root/.bastille exists.${COLOR_RESET}"
     exit 1
 fi
 
 ## check if a running jail matches name
 if running_jail ${NAME}; then
-    echo -e "${COLOR_RED}Running jail matches name.${COLOR_RESET}"
+    echo -e "${COLOR_RED}A running jail matches name.${COLOR_RESET}"
+    echo -e "${COLOR_RED}Jails must be stopped before they are destroyed.${COLOR_RESET}"
     exit 1
 fi
 

diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh
@@ -37,10 +37,10 @@ usage() {
 }
 
 destroy_jail() {
-    bastille_jail_base="${bastille_jailsdir}/${NAME}"  ## dir
+    bastille_jail_base="${bastille_jailsdir}/${NAME}"            ## dir
     bastille_jail_log="${bastille_logsdir}/${NAME}_console.log"  ## file
 
-    if [ $(jls -N name | grep ${NAME}) ]; then
+    if [ $(jls name | grep ${NAME}) ]; then
         echo -e "${COLOR_RED}Jail running.${COLOR_RESET}"
         echo -e "${COLOR_RED}See 'bastille stop ${NAME}'.${COLOR_RESET}"
         exit 1

diff --git a/usr/local/share/bastille/freebsd_dist_fetch.sh b/usr/local/share/bastille/freebsd_dist_fetch.sh
@@ -1,6 +1,8 @@
 #!/bin/sh
 # https://pastebin.com/T6eThbKu
 
+. /usr/local/etc/bastille/bastille.conf
+
 DEVICE_SELF_SCAN_ALL=NO
 [ "$_SCRIPT_SUBR" ] || . /usr/share/bsdconfig/script.subr
 usage(){ echo "Usage: ${0##*/} [-r releaseName] [dists ...]" >&2; exit 1; }
@@ -18,7 +20,7 @@ mediaSetFTP
 mediaOpen
 set -e
 #debug=1
-REL_DIST=/usr/local/bastille/cache/$releaseName
+REL_DIST=${bastille_cachedir}/$releaseName
 download() # $src to $dest
 {
 	size=$( f_device_get device_media "$1" $PROBE_SIZE )