2018-11-07 10:36:54 -07:00
#!/bin/sh
2020-04-14 11:52:29 +02:00
#
2025-01-11 14:07:41 -05:00
# SPDX-License-Identifier: BSD-3-Clause
#
# Copyright (c) 2018-2025, Christer Edwards <christer.edwards@gmail.com>
2018-11-07 10:36:54 -07:00
# All rights reserved.
2020-04-14 11:52:29 +02:00
#
2018-11-07 10:36:54 -07:00
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
2020-04-14 11:52:29 +02:00
#
2018-11-07 10:36:54 -07:00
# * Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
2020-04-14 11:52:29 +02:00
#
2018-11-07 10:36:54 -07:00
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
2020-04-14 11:52:29 +02:00
#
2018-11-07 10:36:54 -07:00
# * Neither the name of the copyright holder nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
2020-04-14 11:52:29 +02:00
#
2018-11-07 10:36:54 -07:00
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2020-08-30 10:57:14 -04:00
. /usr/local/share/bastille/common.sh
2018-11-07 10:36:54 -07:00
usage( ) {
2025-05-18 17:16:17 -06:00
error_notify "Usage: bastille bootstrap [option(s)] RELEASE|TEMPLATE [update|arch]"
2025-02-23 23:31:57 -07:00
cat << EOF
2025-09-23 18:51:04 +02:00
2025-02-23 23:31:57 -07:00
Options:
2025-09-23 18:51:04 +02:00
2025-10-28 13:08:21 -06:00
-p | --pkgbase Bootstrap using pkgbase ( 15.0-RELEASE and above) .
-x | --debug Enable debug mode.
2019-10-24 17:02:50 -04:00
2025-02-23 23:31:57 -07:00
EOF
exit 1
}
2019-10-24 17:02:50 -04:00
2025-10-28 13:08:21 -06:00
validate_release( ) {
2025-04-30 19:23:23 -06:00
2025-10-28 13:08:21 -06:00
MAJOR_VERSION = $( echo ${ RELEASE } | grep -Eo '^[0-9]+' )
MINOR_VERSION = $( echo ${ RELEASE } | sed -E 's/^[0-9]+\.([0-9]+)-.*$/\1/' )
if [ " ${ MAJOR_VERSION } " -ge 16 ] ; then
PKGBASE = 1
fi
if [ " ${ PLATFORM_OS } " != "FreeBSD" ] && [ " ${ PKGBASE } " -eq 1 ] ; then
error_exit "[ERROR]: Pkgbase can only be used with FreeBSD releases."
fi
2025-10-27 08:27:45 -06:00
2025-04-30 20:27:28 -06:00
info " \nBootstrapping release: ${ RELEASE } ... "
2025-04-30 19:23:23 -06:00
2020-02-02 19:55:18 -04:00
## check upstream url, else warn user
2020-02-02 02:42:22 -04:00
if [ -n " ${ NAME_VERIFY } " ] ; then
2020-07-24 10:47:28 -04:00
# Alternate RELEASE/ARCH fetch support
2021-06-09 11:03:03 +03:00
if [ " ${ OPTION } " = "--i386" ] || [ " ${ OPTION } " = "--32bit" ] ; then
2020-07-24 10:47:28 -04:00
ARCH = "i386"
RELEASE = " ${ RELEASE } - ${ ARCH } "
fi
2025-10-28 13:08:21 -06:00
if [ " ${ PKGBASE } " -eq 1 ] ; then
2025-10-27 08:27:45 -06:00
info "\nUsing pkgbase..."
bootstrap_directories
bootstrap_pkgbase_release
2025-10-28 13:08:21 -06:00
elif [ " ${ PKGBASE } " -eq 0 ] ; then
2025-10-27 08:27:45 -06:00
info " \nFetching ${ PLATFORM_OS } distfiles... "
if ! fetch -qo /dev/null " ${ UPSTREAM_URL } /MANIFEST " 2>/dev/null; then
error_exit "Unable to fetch MANIFEST. See 'bootstrap urls'."
fi
bootstrap_directories
bootstrap_release
fi
2020-02-02 02:42:22 -04:00
else
usage
fi
}
2019-06-22 09:28:42 -06:00
bootstrap_directories( ) {
2025-04-30 19:23:23 -06:00
# Ensure required directories are in place
2019-06-22 09:28:42 -06:00
## ${bastille_prefix}
if [ ! -d " ${ bastille_prefix } " ] ; then
2023-11-25 15:09:11 -07:00
if checkyesno bastille_zfs_enable; then
2020-02-20 18:06:31 -04:00
if [ -n " ${ bastille_zfs_zpool } " ] ; then
2025-05-17 18:46:36 -06:00
zfs create ${ bastille_zfs_options } -o mountpoint = " ${ bastille_prefix_mountpoint } " " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } "
2019-06-22 09:28:42 -06:00
fi
else
mkdir -p " ${ bastille_prefix } "
fi
2021-12-05 08:56:59 -05:00
chmod 0750 " ${ bastille_prefix } "
2025-04-20 17:17:13 -06:00
# Make sure the dataset is mounted in the proper place
2025-05-16 12:26:32 -06:00
elif [ -d " ${ bastille_prefix } " ] && checkyesno bastille_zfs_enable; then
2025-04-30 19:23:23 -06:00
if ! zfs list " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } " >/dev/null; then
2025-05-17 18:46:36 -06:00
zfs create ${ bastille_zfs_options } -o mountpoint = " ${ bastille_prefix_mountpoint } " " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } "
2025-04-20 18:12:37 -06:00
elif [ " $( zfs get -H -o value mountpoint ${ bastille_zfs_zpool } /${ bastille_zfs_prefix } ) " != " ${ bastille_prefix } " ] ; then
2025-05-17 18:46:36 -06:00
zfs set mountpoint = " ${ bastille_prefix_mountpoint } " " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } "
2025-04-20 17:17:13 -06:00
fi
2018-11-07 10:36:54 -07:00
fi
2019-06-22 09:28:42 -06:00
2020-01-26 19:45:26 -04:00
## ${bastille_backupsdir}
if [ ! -d " ${ bastille_backupsdir } " ] ; then
2023-11-25 15:09:11 -07:00
if checkyesno bastille_zfs_enable; then
2020-02-20 18:06:31 -04:00
if [ -n " ${ bastille_zfs_zpool } " ] ; then
2025-05-17 18:46:36 -06:00
zfs create ${ bastille_zfs_options } -o mountpoint = " ${ bastille_backupsdir_mountpoint } " " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /backups "
2020-01-26 19:45:26 -04:00
fi
else
mkdir -p " ${ bastille_backupsdir } "
fi
2021-12-05 08:56:59 -05:00
chmod 0750 " ${ bastille_backupsdir } "
2020-01-26 19:45:26 -04:00
fi
2019-06-22 09:28:42 -06:00
## ${bastille_cachedir}
if [ ! -d " ${ bastille_cachedir } " ] ; then
2023-11-25 15:09:11 -07:00
if checkyesno bastille_zfs_enable; then
2020-02-20 18:06:31 -04:00
if [ -n " ${ bastille_zfs_zpool } " ] ; then
2025-05-17 18:46:36 -06:00
zfs create ${ bastille_zfs_options } -o mountpoint = " ${ bastille_cachedir_mountpoint } " " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /cache "
2022-05-15 04:15:39 -04:00
# Don't create unused/stale cache/RELEASE directory on Linux jails creation.
if [ -z " ${ NOCACHEDIR } " ] ; then
2025-05-17 18:46:36 -06:00
zfs create ${ bastille_zfs_options } -o mountpoint = " ${ bastille_cachedir_mountpoint } / ${ RELEASE } " " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /cache/ ${ RELEASE } "
2022-05-15 04:15:39 -04:00
fi
2019-06-22 09:28:42 -06:00
fi
else
2022-05-15 04:15:39 -04:00
mkdir -p " ${ bastille_cachedir } "
# Don't create unused/stale cache/RELEASE directory on Linux jails creation.
if [ -z " ${ NOCACHEDIR } " ] ; then
mkdir -p " ${ bastille_cachedir } / ${ RELEASE } "
fi
2019-06-22 09:28:42 -06:00
fi
2019-10-24 17:02:50 -04:00
## create subsequent cache/XX.X-RELEASE datasets
elif [ ! -d " ${ bastille_cachedir } / ${ RELEASE } " ] ; then
2022-05-15 04:15:39 -04:00
# Don't create unused/stale cache/RELEASE directory on Linux jails creation.
if [ -z " ${ NOCACHEDIR } " ] ; then
2023-11-25 15:09:11 -07:00
if checkyesno bastille_zfs_enable; then
2022-05-15 04:15:39 -04:00
if [ -n " ${ bastille_zfs_zpool } " ] ; then
2025-05-17 18:46:36 -06:00
zfs create ${ bastille_zfs_options } -o mountpoint = " ${ bastille_cachedir_mountpoint } / ${ RELEASE } " " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /cache/ ${ RELEASE } "
2022-05-15 04:15:39 -04:00
fi
else
mkdir -p " ${ bastille_cachedir } / ${ RELEASE } "
2019-10-24 17:02:50 -04:00
fi
fi
2018-11-07 10:36:54 -07:00
fi
2019-06-22 09:28:42 -06:00
## ${bastille_jailsdir}
if [ ! -d " ${ bastille_jailsdir } " ] ; then
2023-11-25 15:09:11 -07:00
if checkyesno bastille_zfs_enable; then
2020-02-20 18:06:31 -04:00
if [ -n " ${ bastille_zfs_zpool } " ] ; then
2025-05-17 18:46:36 -06:00
zfs create ${ bastille_zfs_options } -o mountpoint = " ${ bastille_jailsdir_mountpoint } " " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /jails "
2019-06-22 09:28:42 -06:00
fi
else
mkdir -p " ${ bastille_jailsdir } "
fi
2018-11-24 09:55:16 -07:00
fi
2019-06-22 09:28:42 -06:00
## ${bastille_logsdir}
if [ ! -d " ${ bastille_logsdir } " ] ; then
2023-11-25 15:09:11 -07:00
if checkyesno bastille_zfs_enable; then
2020-02-20 18:06:31 -04:00
if [ -n " ${ bastille_zfs_zpool } " ] ; then
2025-05-17 18:46:36 -06:00
zfs create ${ bastille_zfs_options } -o mountpoint = " ${ bastille_logsdir_mountpoint } " " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /logs "
2019-06-22 09:28:42 -06:00
fi
else
mkdir -p " ${ bastille_logsdir } "
fi
2018-11-07 10:36:54 -07:00
fi
2019-06-22 09:28:42 -06:00
## ${bastille_templatesdir}
if [ ! -d " ${ bastille_templatesdir } " ] ; then
2023-11-25 15:09:11 -07:00
if checkyesno bastille_zfs_enable; then
2020-02-20 18:06:31 -04:00
if [ -n " ${ bastille_zfs_zpool } " ] ; then
2025-05-17 18:46:36 -06:00
zfs create ${ bastille_zfs_options } -o mountpoint = " ${ bastille_templatesdir_mountpoint } " " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /templates "
2019-06-22 09:28:42 -06:00
fi
else
mkdir -p " ${ bastille_templatesdir } "
fi
fi
## ${bastille_releasesdir}
if [ ! -d " ${ bastille_releasesdir } " ] ; then
2023-11-25 15:09:11 -07:00
if checkyesno bastille_zfs_enable; then
2020-02-20 18:06:31 -04:00
if [ -n " ${ bastille_zfs_zpool } " ] ; then
2025-05-17 18:46:36 -06:00
zfs create ${ bastille_zfs_options } -o mountpoint = " ${ bastille_releasesdir_mountpoint } " " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /releases "
zfs create ${ bastille_zfs_options } -o mountpoint = " ${ bastille_releasesdir_mountpoint } / ${ RELEASE } " " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /releases/ ${ RELEASE } "
2019-10-24 17:02:50 -04:00
fi
2019-06-22 09:28:42 -06:00
else
2019-06-23 08:33:41 -06:00
mkdir -p " ${ bastille_releasesdir } / ${ RELEASE } "
2019-06-22 09:28:42 -06:00
fi
2019-10-24 17:02:50 -04:00
## create subsequent releases/XX.X-RELEASE datasets
elif [ ! -d " ${ bastille_releasesdir } / ${ RELEASE } " ] ; then
2023-11-25 15:09:11 -07:00
if checkyesno bastille_zfs_enable; then
2020-02-20 18:06:31 -04:00
if [ -n " ${ bastille_zfs_zpool } " ] ; then
2025-05-17 18:46:36 -06:00
zfs create ${ bastille_zfs_options } -o mountpoint = " ${ bastille_releasesdir_mountpoint } / ${ RELEASE } " " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /releases/ ${ RELEASE } "
2019-10-24 17:02:50 -04:00
fi
else
mkdir -p " ${ bastille_releasesdir } / ${ RELEASE } "
fi
2019-06-22 09:28:42 -06:00
fi
}
2025-10-27 08:27:45 -06:00
bootstrap_pkgbase_release( ) {
2025-10-28 13:11:22 -06:00
local abi = " ${ PLATFORM_OS } : ${ MAJOR_VERSION } : ${ HW_MACHINE_ARCH } "
2025-10-27 08:27:45 -06:00
local fingerprints = " ${ bastille_releasesdir } / ${ RELEASE } /usr/share/keys/pkg "
local host_fingerprintsdir = "/usr/share/keys/pkg"
local release_fingerprintsdir = " ${ bastille_releasesdir } / ${ RELEASE } /usr/share/keys "
if [ " ${ FREEBSD_BRANCH } " = "release" ] ; then
2025-10-28 13:08:21 -06:00
local repo_name = " FreeBSD-base-release- ${ MINOR_VERSION } "
2025-10-27 08:27:45 -06:00
elif [ " ${ FREEBSD_BRANCH } " = "current" ] ; then
local repo_name = "FreeBSD-base-latest"
fi
local repo_dir = " ${ bastille_sharedir } /pkgbase "
## If release exists quit, else bootstrap additional packages
if [ -f " ${ bastille_releasesdir } / ${ RELEASE } /COPYRIGHT " ] ; then
## check pkgbase package list and skip existing sets
bastille_pkgbase_packages = $( echo " ${ bastille_pkgbase_packages } " | sed "s/base-jail//" )
## check if release already bootstrapped, else continue bootstrapping
if [ -z " ${ bastille_pkgbase_packages } " ] ; then
info "\nBootstrap appears complete!\n"
exit 0
else
info "\nFetching additional packages..."
fi
fi
# Copy fingerprints into releasedir
mkdir -p " ${ release_fingerprintsdir } "
if ! cp -a " ${ host_fingerprintsdir } " " ${ release_fingerprintsdir } " ; then
error_exit "[ERROR]: Failed to copy fingerprints directory."
fi
# Ensure repo is up to date
if ! pkg --rootdir " ${ bastille_releasesdir } / ${ RELEASE } " \
--repo-conf-dir= " ${ repo_dir } " \
-o IGNORE_OSVERSION = "yes" \
-o ABI = " ${ abi } " \
-o ASSUME_ALWAYS_YES = "yes" \
-o FINGERPRINTS = " ${ fingerprints } " \
update -r " ${ repo_name } " ; then
error_notify " [ERROR]: Failed to update repository: ${ repo_name } "
fi
for package in ${ bastille_pkgbase_packages } ; do
## Set bootstrap status
bootstrap_status = "0"
if ! pkg --rootdir " ${ bastille_releasesdir } / ${ RELEASE } " info " FreeBSD-set- ${ package } " 2>/dev/null; then
if ! pkg --rootdir " ${ bastille_releasesdir } / ${ RELEASE } " \
--repo-conf-dir= " ${ repo_dir } " \
-o IGNORE_OSVERSION = "yes" \
-o ABI = " ${ abi } " \
-o ASSUME_ALWAYS_YES = "yes" \
-o FINGERPRINTS = " ${ fingerprints } " \
install -r " ${ repo_name } " \
freebsd-set-" ${ package } " ; then
bootstrap_status = "1"
fi
else
error_continue " [ERROR]: Package set already installed: ${ package } "
fi
touch " ${ bastille_releasesdir } / ${ RELEASE } /root/.hushlogin "
touch " ${ bastille_releasesdir } / ${ RELEASE } /usr/share/skel/dot.hushlogin "
done
# Cleanup if bootstrap failed
if [ " ${ bootstrap_status } " -ne "0" ] ; then
## perform cleanup only for stale/empty directories on failure
if checkyesno bastille_zfs_enable; then
if [ -n " ${ bastille_zfs_zpool } " ] ; then
if [ ! " $( ls -A " ${ bastille_releasesdir } / ${ RELEASE } " ) " ] ; then
zfs destroy " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /releases/ ${ RELEASE } "
fi
fi
fi
if [ -d " ${ bastille_releasesdir } / ${ RELEASE } " ] ; then
if [ ! " $( ls -A " ${ bastille_releasesdir } / ${ RELEASE } " ) " ] ; then
rm -rf " ${ bastille_releasesdir : ? } / ${ RELEASE } "
fi
fi
error_exit "[ERROR]: Bootstrap failed."
else
info "\nBootstrap successful."
echo "See 'bastille --help' for available commands."
fi
}
2019-06-22 09:28:42 -06:00
bootstrap_release( ) {
2025-04-30 19:23:23 -06:00
2020-01-18 16:17:10 -04:00
## if release exists quit, else bootstrap additional distfiles
2019-06-22 09:28:42 -06:00
if [ -f " ${ bastille_releasesdir } / ${ RELEASE } /COPYRIGHT " ] ; then
2020-01-18 16:17:10 -04:00
## check distfiles list and skip existing cached files
bastille_bootstrap_archives = $( echo " ${ bastille_bootstrap_archives } " | sed "s/base//" )
2024-12-08 20:57:43 -05:00
# TODO check how to handle this
# shellcheck disable=SC2010
2020-02-20 18:06:31 -04:00
bastille_cached_files = $( ls " ${ bastille_cachedir } / ${ RELEASE } " | grep -v "MANIFEST" | tr -d ".txz" )
2020-01-18 16:17:10 -04:00
for distfile in ${ bastille_cached_files } ; do
2020-02-20 18:06:31 -04:00
bastille_bootstrap_archives = $( echo " ${ bastille_bootstrap_archives } " | sed " s/ ${ distfile } // " )
2020-01-18 16:17:10 -04:00
done
## check if release already bootstrapped, else continue bootstrapping
if [ -z " ${ bastille_bootstrap_archives } " ] ; then
2025-05-14 11:32:11 -06:00
info "\nBootstrap appears complete!\n"
exit 0
2020-01-18 16:17:10 -04:00
else
2025-04-30 20:27:28 -06:00
info "\nFetching additional distfiles..."
2020-01-18 16:17:10 -04:00
fi
2019-05-22 21:50:29 -06:00
fi
2019-06-22 09:28:42 -06:00
for _archive in ${ bastille_bootstrap_archives } ; do
2019-10-24 17:02:50 -04:00
## check if the dist files already exists then extract
2019-11-08 02:37:45 -04:00
FETCH_VALIDATION = "0"
2019-06-22 09:28:42 -06:00
if [ -f " ${ bastille_cachedir } / ${ RELEASE } / ${ _archive } .txz " ] ; then
2025-05-14 19:19:05 -06:00
info " \nExtracting ${ PLATFORM_OS } ${ RELEASE } ${ _archive } .txz... "
2020-02-24 19:27:51 -07:00
if /usr/bin/tar -C " ${ bastille_releasesdir } / ${ RELEASE } " -xf " ${ bastille_cachedir } / ${ RELEASE } / ${ _archive } .txz " ; then
## silence motd at container login
touch " ${ bastille_releasesdir } / ${ RELEASE } /root/.hushlogin "
touch " ${ bastille_releasesdir } / ${ RELEASE } /usr/share/skel/dot.hushlogin "
else
2025-05-01 17:39:50 -06:00
error_exit " [ERROR]: Failed to extract ${ _archive } .txz. "
2019-11-08 02:37:45 -04:00
fi
2019-10-24 17:02:50 -04:00
else
2020-02-24 19:27:51 -07:00
## get the manifest for dist files checksum validation
if [ ! -f " ${ bastille_cachedir } / ${ RELEASE } /MANIFEST " ] ; then
fetch " ${ UPSTREAM_URL } /MANIFEST " -o " ${ bastille_cachedir } / ${ RELEASE } /MANIFEST " || FETCH_VALIDATION = "1"
fi
2019-11-02 16:05:49 -04:00
2020-02-24 19:27:51 -07:00
if [ " ${ FETCH_VALIDATION } " -ne "0" ] ; then
## perform cleanup only for stale/empty directories on failure
2023-11-25 15:09:11 -07:00
if checkyesno bastille_zfs_enable; then
2020-02-24 19:27:51 -07:00
if [ -n " ${ bastille_zfs_zpool } " ] ; then
if [ ! " $( ls -A " ${ bastille_cachedir } / ${ RELEASE } " ) " ] ; then
zfs destroy " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /cache/ ${ RELEASE } "
2019-11-08 02:37:45 -04:00
fi
2020-02-24 19:27:51 -07:00
if [ ! " $( ls -A " ${ bastille_releasesdir } / ${ RELEASE } " ) " ] ; then
zfs destroy " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /releases/ ${ RELEASE } "
2019-11-08 02:37:45 -04:00
fi
fi
fi
2020-02-24 19:27:51 -07:00
if [ -d " ${ bastille_cachedir } / ${ RELEASE } " ] ; then
if [ ! " $( ls -A " ${ bastille_cachedir } / ${ RELEASE } " ) " ] ; then
2021-06-09 11:03:03 +03:00
rm -rf " ${ bastille_cachedir : ? } / ${ RELEASE } "
2020-02-24 19:27:51 -07:00
fi
fi
if [ -d " ${ bastille_releasesdir } / ${ RELEASE } " ] ; then
if [ ! " $( ls -A " ${ bastille_releasesdir } / ${ RELEASE } " ) " ] ; then
2021-06-09 11:03:03 +03:00
rm -rf " ${ bastille_releasesdir : ? } / ${ RELEASE } "
2020-02-24 19:27:51 -07:00
fi
fi
2025-04-30 20:27:28 -06:00
error_exit "[ERROR]: Bootstrap failed."
2020-02-24 19:27:51 -07:00
fi
2019-11-08 02:37:45 -04:00
2019-10-24 17:02:50 -04:00
## fetch for missing dist files
if [ ! -f " ${ bastille_cachedir } / ${ RELEASE } / ${ _archive } .txz " ] ; then
2021-06-13 20:03:25 +03:00
if ! fetch " ${ UPSTREAM_URL } / ${ _archive } .txz " -o " ${ bastille_cachedir } / ${ RELEASE } / ${ _archive } .txz " ; then
2019-11-08 02:37:45 -04:00
## alert only if unable to fetch additional dist files
2025-04-30 20:27:28 -06:00
error_exit " [ERROR]: Failed to fetch ${ _archive } .txz "
2019-11-08 02:37:45 -04:00
fi
2019-10-24 17:02:50 -04:00
fi
2019-11-02 16:05:49 -04:00
## compare checksums on the fetched dist files
if [ -f " ${ bastille_cachedir } / ${ RELEASE } / ${ _archive } .txz " ] ; then
2020-02-20 18:06:31 -04:00
SHA256_DIST = $( grep -w " ${ _archive } .txz " " ${ bastille_cachedir } / ${ RELEASE } /MANIFEST " | awk '{print $2}' )
SHA256_FILE = $( sha256 -q " ${ bastille_cachedir } / ${ RELEASE } / ${ _archive } .txz " )
2019-11-02 16:05:49 -04:00
if [ " ${ SHA256_FILE } " != " ${ SHA256_DIST } " ] ; then
2020-02-20 18:06:31 -04:00
rm " ${ bastille_cachedir } / ${ RELEASE } / ${ _archive } .txz "
2025-04-30 20:27:28 -06:00
error_exit " [ERROR]: Failed validation for ${ _archive } .txz. Please retry bootstrap! "
2019-11-23 12:56:21 -07:00
else
2025-04-30 20:27:28 -06:00
info " \nValidated checksum for ${ RELEASE } : ${ _archive } .txz "
2025-04-30 19:23:23 -06:00
echo " MANIFEST: ${ SHA256_DIST } "
echo " DOWNLOAD: ${ SHA256_FILE } "
2019-11-02 16:05:49 -04:00
fi
fi
2019-10-24 17:02:50 -04:00
## extract the fetched dist files
if [ -f " ${ bastille_cachedir } / ${ RELEASE } / ${ _archive } .txz " ] ; then
2025-04-30 20:27:28 -06:00
info " \nExtracting ${ PLATFORM_OS } ${ RELEASE } ${ _archive } .txz... "
2020-02-24 19:27:51 -07:00
if /usr/bin/tar -C " ${ bastille_releasesdir } / ${ RELEASE } " -xf " ${ bastille_cachedir } / ${ RELEASE } / ${ _archive } .txz " ; then
## silence motd at container login
touch " ${ bastille_releasesdir } / ${ RELEASE } /root/.hushlogin "
touch " ${ bastille_releasesdir } / ${ RELEASE } /usr/share/skel/dot.hushlogin "
else
2025-05-01 17:39:50 -06:00
error_exit " [ERROR]: Failed to extract ${ _archive } .txz. "
2019-11-08 02:37:45 -04:00
fi
2019-10-24 17:02:50 -04:00
fi
2019-06-23 08:33:41 -06:00
fi
2019-06-22 09:28:42 -06:00
done
2018-11-07 10:36:54 -07:00
2025-04-30 20:27:28 -06:00
info "\nBootstrap successful."
2025-04-30 19:23:23 -06:00
echo "See 'bastille --help' for available commands."
2025-09-23 18:51:04 +02:00
2018-11-07 10:36:54 -07:00
}
2021-08-06 19:44:25 -04:00
debootstrap_release( ) {
2022-01-03 09:23:10 -04:00
# Make sure to check/bootstrap directories first.
2022-05-15 04:15:39 -04:00
NOCACHEDIR = 1
2022-01-14 09:07:32 -04:00
RELEASE = " ${ DIR_BOOTSTRAP } "
2022-01-03 09:23:10 -04:00
bootstrap_directories
2021-08-06 19:44:25 -04:00
#check and install OS dependencies @hackacad
#ToDo: add function 'linux_pre' for sysrc etc.
2021-09-13 05:06:23 -04:00
2021-09-20 04:47:25 -04:00
required_mods = "fdescfs linprocfs linsysfs tmpfs"
2021-09-13 05:06:23 -04:00
linuxarc_mods = "linux linux64"
for _req_kmod in ${ required_mods } ; do
2022-01-14 09:07:32 -04:00
if [ ! " $( sysrc -f /boot/loader.conf -qn ${ _req_kmod } _load) " = "YES" ] && \
[ ! " $( sysrc -f /boot/loader.conf.local -qn ${ _req_kmod } _load) " = "YES" ] ; then
2021-09-13 05:06:23 -04:00
warn " ${ _req_kmod } not enabled in /boot/loader.conf, Should I do that for you? (N|y) "
read answer
case " ${ answer } " in
[ Nn] [ Oo] | [ Nn] | "" )
2025-05-01 17:39:50 -06:00
error_exit "Cancelled, Exiting."
2021-09-13 05:06:23 -04:00
; ;
[ Yy] [ Ee] [ Ss] | [ Yy] )
# Skip already loaded known modules.
if ! kldstat -m ${ _req_kmod } >/dev/null 2>& 1; then
2025-05-01 17:39:50 -06:00
info " \nLoading kernel module: ${ _req_kmod } "
2021-09-13 05:06:23 -04:00
kldload -v ${ _req_kmod }
fi
2025-05-01 17:39:50 -06:00
info " \nPersisting module: ${ _req_kmod } "
2021-09-13 05:06:23 -04:00
sysrc -f /boot/loader.conf ${ _req_kmod } _load = YES
2021-08-06 19:44:25 -04:00
; ;
2021-09-13 05:06:23 -04:00
esac
else
2023-12-25 11:39:02 -08:00
# If already set in /boot/loader.conf, check and try to load the module.
2021-09-13 05:06:23 -04:00
if ! kldstat -m ${ _req_kmod } >/dev/null 2>& 1; then
2025-05-01 17:39:50 -06:00
info " \nLoading kernel module: ${ _req_kmod } "
2021-09-13 05:06:23 -04:00
kldload -v ${ _req_kmod }
fi
fi
done
# Mandatory Linux modules/rc.
for _lin_kmod in ${ linuxarc_mods } ; do
if ! kldstat -n ${ _lin_kmod } >/dev/null 2>& 1; then
2025-05-01 17:39:50 -06:00
info " \nLoading kernel module: ${ _lin_kmod } "
2021-09-13 05:06:23 -04:00
kldload -v ${ _lin_kmod }
fi
done
2025-05-01 17:39:50 -06:00
2022-01-14 09:07:32 -04:00
if [ ! " $( sysrc -qn linux_enable) " = "YES" ] && \
[ ! " $( sysrc -f /etc/rc.conf.local -qn linux_enable) " = "YES" ] ; then
2021-09-13 05:06:23 -04:00
sysrc linux_enable = YES
fi
2021-08-06 19:44:25 -04:00
if ! which -s debootstrap; then
warn "Debootstrap not found. Should it be installed? (N|y)"
read answer
case $answer in
[ Nn] [ Oo] | [ Nn] | "" )
2025-05-01 17:39:50 -06:00
error_exit "[ERROR]: debootstrap is required for boostrapping a Linux jail."
2021-08-06 19:44:25 -04:00
; ;
[ Yy] [ Ee] [ Ss] | [ Yy] )
pkg install -y debootstrap
; ;
esac
fi
# Fetch the Linux flavor
2025-04-30 20:27:28 -06:00
info " \nFetching ${ PLATFORM_OS } distfiles... "
2021-08-07 13:33:57 -04:00
if ! debootstrap --foreign --arch= ${ ARCH_BOOTSTRAP } --no-check-gpg ${ LINUX_FLAVOR } " ${ bastille_releasesdir } " /${ DIR_BOOTSTRAP } ; then
2025-05-01 17:39:50 -06:00
2021-08-06 19:44:25 -04:00
## perform cleanup only for stale/empty directories on failure
2023-11-25 15:09:11 -07:00
if checkyesno bastille_zfs_enable; then
2021-08-06 19:44:25 -04:00
if [ -n " ${ bastille_zfs_zpool } " ] ; then
if [ ! " $( ls -A " ${ bastille_releasesdir } / ${ DIR_BOOTSTRAP } " ) " ] ; then
zfs destroy " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /releases/ ${ DIR_BOOTSTRAP } "
fi
fi
fi
2025-05-01 17:39:50 -06:00
2021-08-06 19:44:25 -04:00
if [ -d " ${ bastille_releasesdir } / ${ DIR_BOOTSTRAP } " ] ; then
if [ ! " $( ls -A " ${ bastille_releasesdir } / ${ DIR_BOOTSTRAP } " ) " ] ; then
rm -rf " ${ bastille_releasesdir : ? } / ${ DIR_BOOTSTRAP } "
fi
fi
2025-04-30 20:27:28 -06:00
error_exit "[ERROR]: Bootstrap failed."
2021-08-06 19:44:25 -04:00
fi
2021-08-07 13:33:57 -04:00
case " ${ LINUX_FLAVOR } " in
2025-07-27 07:10:17 -05:00
bionic| focal| jammy| buster| bullseye| bookworm| noble)
2021-08-07 13:17:32 -04:00
info "Increasing APT::Cache-Start"
2021-08-06 19:44:25 -04:00
echo "APT::Cache-Start 251658240;" > " ${ bastille_releasesdir } " /${ DIR_BOOTSTRAP } /etc/apt/apt.conf.d/00aptitude
2021-08-07 13:17:32 -04:00
; ;
esac
2021-08-06 19:44:25 -04:00
2025-04-30 20:27:28 -06:00
info "\nBootstrap successful."
info "\nSee 'bastille --help' for available commands."
2021-08-06 19:44:25 -04:00
}
2018-11-28 21:02:42 -07:00
bootstrap_template( ) {
2019-11-21 16:49:00 -07:00
## ${bastille_templatesdir}
if [ ! -d " ${ bastille_templatesdir } " ] ; then
2023-11-25 15:09:11 -07:00
if checkyesno bastille_zfs_enable; then
2020-02-20 18:06:31 -04:00
if [ -n " ${ bastille_zfs_zpool } " ] ; then
2025-05-17 19:07:55 -06:00
zfs create ${ bastille_zfs_options } -o mountpoint = " ${ bastille_templatesdir_mountpoint } " " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /templates "
2019-11-21 16:49:00 -07:00
fi
else
mkdir -p " ${ bastille_templatesdir } "
fi
2020-11-26 12:44:40 -05:00
ln -s " ${ bastille_sharedir } /templates/default " " ${ bastille_templatesdir } /default "
2019-11-21 16:49:00 -07:00
fi
2018-11-28 21:02:42 -07:00
## define basic variables
_url = ${ BASTILLE_TEMPLATE_URL }
_user = ${ BASTILLE_TEMPLATE_USER }
2023-01-16 17:12:03 +00:00
_repo = ${ BASTILLE_TEMPLATE_REPO %.* } # Remove the trailing ".git"
2025-04-21 16:58:32 -06:00
_raw_template_dir = ${ bastille_templatesdir } /${ _user } /${ _repo }
2018-11-28 21:02:42 -07:00
## support for non-git
2021-06-13 20:03:25 +03:00
if ! which -s git; then
2020-08-30 10:57:14 -04:00
error_notify "Git not found."
error_exit "Not yet implemented."
2021-06-13 20:03:25 +03:00
else
2025-04-21 16:58:32 -06:00
if [ ! -d " ${ _raw_template_dir } /.git " ] ; then
git clone " ${ _url } " " ${ _raw_template_dir } " || \
2020-08-30 10:57:14 -04:00
error_notify "Clone unsuccessful."
2025-04-21 16:58:32 -06:00
elif [ -d " ${ _raw_template_dir } /.git " ] ; then
git -C " ${ _raw_template_dir } " pull || \
2020-08-30 10:57:14 -04:00
error_notify "Template update unsuccessful."
2018-11-28 21:02:42 -07:00
fi
fi
2025-04-21 17:10:30 -06:00
if [ ! -f ${ _raw_template_dir } /Bastillefile ] ; then
# Extract template in project/template format
find " ${ _raw_template_dir } " -type f -name Bastillefile | while read -r _file; do
2025-04-23 18:45:19 -06:00
_template_dir = " $( dirname ${ _file } ) "
_project_dir = " $( dirname ${ _template_dir } ) "
_template_name = " $( basename ${ _template_dir } ) "
_project_name = " $( basename ${ _project_dir } ) "
_complete_template = " ${ _project_name } / ${ _template_name } "
cp -fR " ${ _project_dir } " " ${ bastille_templatesdir } "
2025-04-21 17:10:30 -06:00
bastille verify " ${ _complete_template } "
done
2025-09-23 18:51:04 +02:00
2025-04-21 17:18:04 -06:00
# Remove the cloned repo
if [ -n " ${ _user } " ] ; then
2025-04-21 17:24:59 -06:00
rm -r " ${ bastille_templatesdir : ? } / ${ _user : ? } "
2025-04-21 17:18:04 -06:00
fi
2025-09-23 18:51:04 +02:00
2025-04-21 17:10:30 -06:00
else
2025-04-21 17:18:04 -06:00
# Verify a single template
2025-04-21 17:13:25 -06:00
bastille verify " ${ _user } / ${ _repo } "
2025-04-21 17:10:30 -06:00
fi
2018-11-28 21:02:42 -07:00
}
2025-02-23 23:31:57 -07:00
# Handle options.
2025-10-28 13:08:21 -06:00
PKGBASE = 0
2025-02-23 23:31:57 -07:00
while [ " $# " -gt 0 ] ; do
case " ${ 1 } " in
-h| --help| help )
usage
; ;
2025-10-28 13:08:21 -06:00
-p| --pkgbase)
PKGBASE = 1
shift
; ;
2025-02-23 23:31:57 -07:00
-x| --debug)
enable_debug
shift
; ;
2025-09-23 18:51:04 +02:00
-*)
2025-10-28 13:08:21 -06:00
for _opt in $( echo ${ 1 } | sed 's/-//g' | fold -w1) ; do
case ${ _opt } in
p) PKGBASE = 1 ; ;
x) enable_debug ; ;
*) error_exit " [ERROR]: Unknown Option: \" ${ 1 } \" " ; ;
esac
done
shift
2025-02-23 23:31:57 -07:00
; ;
*)
break
; ;
esac
done
RELEASE = " ${ 1 } "
OPTION = " ${ 2 } "
NOCACHEDIR =
2019-05-22 21:50:29 -06:00
HW_MACHINE = $( sysctl hw.machine | awk '{ print $2 }' )
HW_MACHINE_ARCH = $( sysctl hw.machine_arch | awk '{ print $2 }' )
2022-01-16 19:51:58 +01:00
2025-02-23 23:31:57 -07:00
bastille_root_check
#Validate if ZFS is enabled in rc.conf and bastille.conf.
if [ " $( sysrc -n zfs_enable) " = "YES" ] && ! checkyesno bastille_zfs_enable; then
warn "ZFS is enabled in rc.conf but not bastille.conf. Do you want to continue? (N|y)"
read answer
case $answer in
no| No| n| N| "" )
2025-04-30 20:27:28 -06:00
error_exit "[ERROR]: Missing ZFS parameters. See bastille_zfs_enable."
2025-02-23 23:31:57 -07:00
; ;
yes| Yes| y| Y) ; ;
esac
fi
2025-05-01 17:39:50 -06:00
# Validate ZFS parameters
2025-02-23 23:31:57 -07:00
if checkyesno bastille_zfs_enable; then
## check for the ZFS pool and bastille prefix
if [ -z " ${ bastille_zfs_zpool } " ] ; then
2025-04-30 20:27:28 -06:00
error_exit "[ERROR]: Missing ZFS parameters. See bastille_zfs_zpool."
2025-02-23 23:31:57 -07:00
elif [ -z " ${ bastille_zfs_prefix } " ] ; then
2025-04-30 20:27:28 -06:00
error_exit "[ERROR]: Missing ZFS parameters. See bastille_zfs_prefix."
2025-02-23 23:31:57 -07:00
elif ! zfs list " ${ bastille_zfs_zpool } " > /dev/null 2>& 1; then
2025-04-30 20:27:28 -06:00
error_exit " [ERROR]: ${ bastille_zfs_zpool } is not a ZFS pool. "
2025-02-23 23:31:57 -07:00
fi
## check for the ZFS dataset prefix if already exist
if [ -d " / ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } " ] ; then
if ! zfs list " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } " > /dev/null 2>& 1; then
2025-04-30 20:27:28 -06:00
error_exit " [ERROR]: ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } is not a ZFS dataset. "
2025-02-23 23:31:57 -07:00
fi
fi
fi
2022-01-16 19:51:58 +01:00
# bootstrapping from aarch64/arm64 Debian or Ubuntu require a different value for ARCH
# create a new variable
2024-12-08 20:57:43 -05:00
if [ " ${ HW_MACHINE_ARCH } " = "aarch64" ] ; then
2022-01-16 19:51:58 +01:00
HW_MACHINE_ARCH_LINUX = "arm64"
else
HW_MACHINE_ARCH_LINUX = ${ HW_MACHINE_ARCH }
fi
2020-07-24 10:47:28 -04:00
# Alternate RELEASE/ARCH fetch support(experimental)
2020-08-26 14:47:27 -04:00
if [ -n " ${ OPTION } " ] && [ " ${ OPTION } " != " ${ HW_MACHINE } " ] && [ " ${ OPTION } " != "update" ] ; then
2020-07-24 10:47:28 -04:00
# Supported architectures
2021-06-09 11:03:03 +03:00
if [ " ${ OPTION } " = "--i386" ] || [ " ${ OPTION } " = "--32bit" ] ; then
2020-07-24 10:47:28 -04:00
HW_MACHINE = "i386"
HW_MACHINE_ARCH = "i386"
else
2025-05-01 17:39:50 -06:00
error_exit "[ERROR]: Unsupported architecture."
2020-07-24 10:47:28 -04:00
fi
fi
2019-05-22 21:50:29 -06:00
2023-11-20 16:07:11 -07:00
## allow override bootstrap URLs via environment variables
2023-11-25 17:06:05 -07:00
[ -n " ${ BASTILLE_URL_FREEBSD } " ] && bastille_url_freebsd = " ${ BASTILLE_URL_FREEBSD } "
[ -n " ${ BASTILLE_URL_HARDENEDBSD } " ] && bastille_url_hardenedbsd = " ${ BASTILLE_URL_HARDENEDBSD } "
[ -n " ${ BASTILLE_URL_MIDNIGHTBSD } " ] && bastille_url_midnightbsd = " ${ BASTILLE_URL_MIDNIGHTBSD } "
2023-11-20 16:07:11 -07:00
2019-11-08 02:37:45 -04:00
## Filter sane release names
2025-10-27 08:27:45 -06:00
case " ${ RELEASE } " in
2025-05-31 12:06:17 -04:00
[ 2-4] .[ 0-9] *)
2025-02-23 23:31:57 -07:00
## check for MidnightBSD releases name
NAME_VERIFY = $( echo " ${ RELEASE } " )
UPSTREAM_URL = " ${ bastille_url_midnightbsd } ${ HW_MACHINE_ARCH } / ${ NAME_VERIFY } "
PLATFORM_OS = "MidnightBSD"
2025-10-28 13:08:21 -06:00
validate_release
2025-02-23 23:31:57 -07:00
; ;
*-CURRENT| *-current)
## check for FreeBSD releases name
NAME_VERIFY = $( echo " ${ RELEASE } " | grep -iwE '^([1-9]{2,2})\.[0-9](-CURRENT)$' | tr '[:lower:]' '[:upper:]' )
UPSTREAM_URL = $( echo " ${ bastille_url_freebsd } ${ HW_MACHINE } / ${ HW_MACHINE_ARCH } / ${ NAME_VERIFY } " | sed 's/releases/snapshots/' )
PLATFORM_OS = "FreeBSD"
2025-10-27 08:27:45 -06:00
FREEBSD_BRANCH = "current"
2025-10-28 13:08:21 -06:00
validate_release
2025-02-23 23:31:57 -07:00
; ;
*-RELEASE| *-release| *-RC[ 1-9] | *-rc[ 1-9] | *-BETA[ 1-9] )
## check for FreeBSD releases name
NAME_VERIFY = $( echo " ${ RELEASE } " | grep -iwE '^([0-9]{1,2})\.[0-9](-RELEASE|-RC[1-9]|-BETA[1-9])$' | tr '[:lower:]' '[:upper:]' )
UPSTREAM_URL = " ${ bastille_url_freebsd } ${ HW_MACHINE } / ${ HW_MACHINE_ARCH } / ${ NAME_VERIFY } "
PLATFORM_OS = "FreeBSD"
2025-10-27 08:27:45 -06:00
FREEBSD_BRANCH = "release"
2025-10-28 13:08:21 -06:00
validate_release
2025-02-23 23:31:57 -07:00
; ;
*-stable-LAST| *-STABLE-last| *-stable-last| *-STABLE-LAST)
## check for HardenedBSD releases name(previous infrastructure, keep for reference)
NAME_VERIFY = $( echo " ${ RELEASE } " | grep -iwE '^([1-9]{2,2})(-stable-last)$' | sed 's/STABLE/stable/g' | sed 's/last/LAST/g' )
UPSTREAM_URL = " ${ bastille_url_hardenedbsd } ${ HW_MACHINE } / ${ HW_MACHINE_ARCH } /hardenedbsd- ${ NAME_VERIFY } "
PLATFORM_OS = "HardenedBSD"
2025-10-28 13:08:21 -06:00
validate_release
2025-02-23 23:31:57 -07:00
; ;
*-stable-build-[ 0-9] *| *-STABLE-BUILD-[ 0-9] *)
## check for HardenedBSD(specific stable build releases)
NAME_VERIFY = $( echo " ${ RELEASE } " | grep -iwE '([0-9]{1,2})(-stable-build)-([0-9]{1,3})$' | sed 's/BUILD/build/g' | sed 's/STABLE/stable/g' )
NAME_RELEASE = $( echo " ${ NAME_VERIFY } " | sed 's/-build-[0-9]\{1,3\}//g' )
NAME_BUILD = $( echo " ${ NAME_VERIFY } " | sed 's/[0-9]\{1,2\}-stable-//g' )
UPSTREAM_URL = " ${ bastille_url_hardenedbsd } ${ NAME_RELEASE } / ${ HW_MACHINE } / ${ HW_MACHINE_ARCH } / ${ NAME_BUILD } "
PLATFORM_OS = "HardenedBSD"
2025-10-28 13:08:21 -06:00
validate_release
2025-02-23 23:31:57 -07:00
; ;
*-stable-build-latest| *-stable-BUILD-LATEST| *-STABLE-BUILD-LATEST)
## check for HardenedBSD(latest stable build release)
NAME_VERIFY = $( echo " ${ RELEASE } " | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g' )
NAME_RELEASE = $( echo " ${ NAME_VERIFY } " | sed 's/-BUILD-LATEST//g' )
NAME_BUILD = $( echo " ${ NAME_VERIFY } " | sed 's/[0-9]\{1,2\}-stable-BUILD-//g' )
UPSTREAM_URL = " ${ bastille_url_hardenedbsd } ${ NAME_RELEASE } / ${ HW_MACHINE } / ${ HW_MACHINE_ARCH } /installer/ ${ NAME_BUILD } "
PLATFORM_OS = "HardenedBSD"
2025-10-28 13:08:21 -06:00
validate_release
2025-02-23 23:31:57 -07:00
; ;
current-build-[ 0-9] *| CURRENT-BUILD-[ 0-9] *)
## check for HardenedBSD(specific current build releases)
NAME_VERIFY = $( echo " ${ RELEASE } " | grep -iwE '(current-build)-([0-9]{1,3})' | sed 's/BUILD/build/g' | sed 's/CURRENT/current/g' )
NAME_RELEASE = $( echo " ${ NAME_VERIFY } " | sed 's/current-.*/current/g' )
NAME_BUILD = $( echo " ${ NAME_VERIFY } " | sed 's/current-//g' )
UPSTREAM_URL = " ${ bastille_url_hardenedbsd } ${ NAME_RELEASE } / ${ HW_MACHINE } / ${ HW_MACHINE_ARCH } / ${ NAME_BUILD } "
PLATFORM_OS = "HardenedBSD"
2025-10-28 13:08:21 -06:00
validate_release
2025-02-23 23:31:57 -07:00
; ;
current-build-latest| current-BUILD-LATEST| CURRENT-BUILD-LATEST)
## check for HardenedBSD(latest current build release)
NAME_VERIFY = $( echo " ${ RELEASE } " | grep -iwE '(current-build-latest)' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g' )
NAME_RELEASE = $( echo " ${ NAME_VERIFY } " | sed 's/current-.*/current/g' )
NAME_BUILD = $( echo " ${ NAME_VERIFY } " | sed 's/current-BUILD-//g' )
UPSTREAM_URL = " ${ bastille_url_hardenedbsd } ${ NAME_RELEASE } / ${ HW_MACHINE } / ${ HW_MACHINE_ARCH } /installer/ ${ NAME_BUILD } "
PLATFORM_OS = "HardenedBSD"
2025-10-28 13:08:21 -06:00
validate_release
2025-02-23 23:31:57 -07:00
; ;
http?://*/*/*)
BASTILLE_TEMPLATE_URL = ${ 1 }
BASTILLE_TEMPLATE_USER = $( echo " ${ 1 } " | awk -F / '{ print $4 }' )
BASTILLE_TEMPLATE_REPO = $( echo " ${ 1 } " | awk -F / '{ print $5 }' )
bootstrap_template
; ;
git@*:*/*)
BASTILLE_TEMPLATE_URL = ${ 1 }
git_repository = $( echo " ${ 1 } " | awk -F : '{ print $2 }' )
BASTILLE_TEMPLATE_USER = $( echo " ${ git_repository } " | awk -F / '{ print $1 }' )
BASTILLE_TEMPLATE_REPO = $( echo " ${ git_repository } " | awk -F / '{ print $2 }' )
bootstrap_template
; ;
#adding Ubuntu Bionic as valid "RELEASE" for POC @hackacad
ubuntu_bionic| bionic| ubuntu-bionic)
PLATFORM_OS = "Ubuntu/Linux"
LINUX_FLAVOR = "bionic"
DIR_BOOTSTRAP = "Ubuntu_1804"
ARCH_BOOTSTRAP = ${ HW_MACHINE_ARCH_LINUX }
debootstrap_release
; ;
ubuntu_focal| focal| ubuntu-focal)
PLATFORM_OS = "Ubuntu/Linux"
LINUX_FLAVOR = "focal"
DIR_BOOTSTRAP = "Ubuntu_2004"
ARCH_BOOTSTRAP = ${ HW_MACHINE_ARCH_LINUX }
debootstrap_release
; ;
ubuntu_jammy| jammy| ubuntu-jammy)
PLATFORM_OS = "Ubuntu/Linux"
LINUX_FLAVOR = "jammy"
DIR_BOOTSTRAP = "Ubuntu_2204"
ARCH_BOOTSTRAP = ${ HW_MACHINE_ARCH_LINUX }
debootstrap_release
; ;
2025-07-27 07:10:17 -05:00
ubuntu_noble| noble| ubuntu-noble)
PLATFORM_OS = "Ubuntu/Linux"
LINUX_FLAVOR = "noble"
DIR_BOOTSTRAP = "Ubuntu_2404"
ARCH_BOOTSTRAP = ${ HW_MACHINE_ARCH_LINUX }
debootstrap_release
; ;
2025-02-23 23:31:57 -07:00
debian_buster| buster| debian-buster)
PLATFORM_OS = "Debian/Linux"
LINUX_FLAVOR = "buster"
DIR_BOOTSTRAP = "Debian10"
ARCH_BOOTSTRAP = ${ HW_MACHINE_ARCH_LINUX }
debootstrap_release
; ;
debian_bullseye| bullseye| debian-bullseye)
PLATFORM_OS = "Debian/Linux"
LINUX_FLAVOR = "bullseye"
DIR_BOOTSTRAP = "Debian11"
ARCH_BOOTSTRAP = ${ HW_MACHINE_ARCH_LINUX }
debootstrap_release
; ;
debian_bookworm| bookworm| debian-bookworm)
PLATFORM_OS = "Debian/Linux"
LINUX_FLAVOR = "bookworm"
DIR_BOOTSTRAP = "Debian12"
ARCH_BOOTSTRAP = ${ HW_MACHINE_ARCH_LINUX }
debootstrap_release
; ;
*)
usage
; ;
2018-11-07 10:36:54 -07:00
esac
2019-11-20 19:57:18 -07:00
2025-10-28 13:08:21 -06:00
if [ " ${ PKGBASE } " -eq 0 ] ; then
case " ${ OPTION } " in
update)
bastille update " ${ RELEASE } "
; ;
esac
fi
