2020-01-26 19:45:26 -04:00
#!/bin/sh
2020-04-14 11:52:29 +02:00
#
2023-07-14 21:02:14 -06:00
# Copyright (c) 2018-2023, Christer Edwards <christer.edwards@gmail.com>
2020-01-26 19:45:26 -04:00
# All rights reserved.
2020-04-14 11:52:29 +02:00
#
2020-01-26 19:45:26 -04:00
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
2020-04-14 11:52:29 +02:00
#
2020-01-26 19:45:26 -04:00
# * Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
2020-04-14 11:52:29 +02:00
#
2020-01-26 19:45:26 -04:00
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
2020-04-14 11:52:29 +02:00
#
2020-01-26 19:45:26 -04:00
# * Neither the name of the copyright holder nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
2020-04-14 11:52:29 +02:00
#
2020-01-26 19:45:26 -04:00
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2020-08-30 10:57:14 -04:00
. /usr/local/share/bastille/common.sh
2020-01-26 19:45:26 -04:00
. /usr/local/etc/bastille/bastille.conf
usage( ) {
2021-07-07 05:05:38 -04:00
# Build an independent usage for the import command
2021-07-10 08:35:50 -04:00
# If no file/extension specified, will import from standard input
2021-07-13 04:49:25 -04:00
error_notify "Usage: bastille import [option(s)] FILE"
2021-07-07 05:05:38 -04:00
cat << EOF
Options:
2021-07-08 13:48:02 -04:00
2021-07-08 15:29:31 -04:00
-f | --force -- Force an archive import regardless if the checksum file does not match or missing.
-v | --verbose -- Be more verbose during the ZFS receive operation.
2021-07-07 05:05:38 -04:00
2021-07-14 15:02:12 -04:00
Tip: If no option specified, container should be imported from standard input.
2021-07-07 05:05:38 -04:00
EOF
exit 1
2020-01-26 19:45:26 -04:00
}
# Handle special-case commands first
case " $1 " in
help| -h| --help)
usage
; ;
esac
2021-07-07 05:05:38 -04:00
if [ $# -gt 3 ] || [ $# -lt 1 ] ; then
2021-07-10 08:52:08 -04:00
usage
2020-01-26 19:45:26 -04:00
fi
2023-03-16 20:58:11 +01:00
bastille_root_check
2020-01-26 19:45:26 -04:00
TARGET = " ${ 1 } "
2021-07-07 05:05:38 -04:00
OPT_FORCE =
2021-07-10 08:35:50 -04:00
USER_IMPORT =
2021-07-07 05:05:38 -04:00
OPT_ZRECV = "-u"
# Handle and parse option args
while [ $# -gt 0 ] ; do
case " ${ 1 } " in
2021-07-08 15:37:36 -04:00
-f| --force)
2021-07-07 05:05:38 -04:00
OPT_FORCE = "1"
2021-07-08 13:48:02 -04:00
TARGET = " ${ 2 } "
2021-07-07 05:05:38 -04:00
shift
; ;
2021-07-08 15:37:36 -04:00
-v| --verbose)
2021-07-07 05:05:38 -04:00
OPT_ZRECV = "-u -v"
2021-07-08 13:48:02 -04:00
TARGET = " ${ 2 } "
2021-07-07 05:05:38 -04:00
shift
; ;
2021-07-08 13:48:02 -04:00
-*| --*)
error_notify "Unknown Option."
2021-07-07 05:05:38 -04:00
usage
; ;
2021-07-08 13:48:02 -04:00
*)
if [ $# -gt 1 ] || [ $# -lt 1 ] ; then
usage
fi
shift
; ;
2021-07-07 05:05:38 -04:00
esac
done
# Fallback to default if missing config parameters
if [ -z " ${ bastille_decompress_xz_options } " ] ; then
bastille_decompress_xz_options = "-c -d -v"
fi
if [ -z " ${ bastille_decompress_gz_options } " ] ; then
bastille_decompress_gz_options = "-k -d -c -v"
fi
2020-01-26 19:45:26 -04:00
validate_archive( ) {
# Compare checksums on the target archive
2021-07-10 09:01:28 -04:00
# Skip validation for unsupported archive
if [ -f " ${ bastille_backupsdir } / ${ TARGET } " ] ; then
if [ -f " ${ bastille_backupsdir } / ${ FILE_TRIM } .sha256 " ] ; then
info " Validating file: ${ TARGET } ... "
SHA256_DIST = $( cat " ${ bastille_backupsdir } / ${ FILE_TRIM } .sha256 " )
SHA256_FILE = $( sha256 -q " ${ bastille_backupsdir } / ${ TARGET } " )
if [ " ${ SHA256_FILE } " != " ${ SHA256_DIST } " ] ; then
error_exit " Failed validation for ${ TARGET } . "
2020-04-03 07:56:28 -04:00
else
2021-07-10 09:01:28 -04:00
info "File validation successful!"
fi
else
# Check if user opt to force import
if [ -n " ${ OPT_FORCE } " ] ; then
warn "Warning: Skipping archive validation!"
else
error_exit "Checksum file not found. See 'bastille import [option(s)] FILE'."
2020-04-03 07:56:28 -04:00
fi
2020-01-26 19:45:26 -04:00
fi
fi
}
update_zfsmount( ) {
2020-11-27 19:20:47 -05:00
# Update the mountpoint property on the received ZFS data stream
2020-02-20 18:06:31 -04:00
OLD_ZFS_MOUNTPOINT = $( zfs get -H mountpoint " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /jails/ ${ TARGET_TRIM } /root " | awk '{print $3}' )
2020-01-26 19:45:26 -04:00
NEW_ZFS_MOUNTPOINT = " ${ bastille_jailsdir } / ${ TARGET_TRIM } /root "
if [ " ${ NEW_ZFS_MOUNTPOINT } " != " ${ OLD_ZFS_MOUNTPOINT } " ] ; then
2020-11-25 21:19:08 -05:00
info "Updating ZFS mountpoint..."
2020-02-20 18:06:31 -04:00
zfs set mountpoint = " ${ bastille_jailsdir } / ${ TARGET_TRIM } /root " " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /jails/ ${ TARGET_TRIM } /root "
2020-01-26 19:45:26 -04:00
fi
2020-02-15 07:57:33 -04:00
# Mount new container ZFS datasets
2020-04-03 07:56:28 -04:00
if ! zfs mount | grep -qw " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /jails/ ${ TARGET_TRIM } $" ; then
2020-02-20 18:06:31 -04:00
zfs mount " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /jails/ ${ TARGET_TRIM } "
2020-02-15 07:57:33 -04:00
fi
2020-04-03 07:56:28 -04:00
if ! zfs mount | grep -qw " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /jails/ ${ TARGET_TRIM } /root $" ; then
2020-02-20 18:06:31 -04:00
zfs mount " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /jails/ ${ TARGET_TRIM } /root "
2020-01-26 19:45:26 -04:00
fi
}
update_jailconf( ) {
# Update jail.conf paths
JAIL_CONFIG = " ${ bastille_jailsdir } / ${ TARGET_TRIM } /jail.conf "
if [ -f " ${ JAIL_CONFIG } " ] ; then
2020-02-20 18:06:31 -04:00
if ! grep -qw " path = ${ bastille_jailsdir } / ${ TARGET_TRIM } /root; " " ${ JAIL_CONFIG } " ; then
2020-11-25 21:19:08 -05:00
info "Updating jail.conf..."
2020-05-12 02:47:26 -04:00
sed -i '' " s|exec.consolelog.*=.*;|exec.consolelog = ${ bastille_logsdir } / ${ TARGET_TRIM } _console.log;| " " ${ JAIL_CONFIG } "
sed -i '' " s|path.*=.*;|path = ${ bastille_jailsdir } / ${ TARGET_TRIM } /root;| " " ${ JAIL_CONFIG } "
sed -i '' " s|mount.fstab.*=.*;|mount.fstab = ${ bastille_jailsdir } / ${ TARGET_TRIM } /fstab;| " " ${ JAIL_CONFIG } "
2020-01-26 19:45:26 -04:00
fi
2023-07-19 10:56:20 -04:00
# Check for the jib script
if grep -qw "vnet" " ${ JAIL_CONFIG } " ; then
vnet_requirements
fi
2020-01-26 19:45:26 -04:00
fi
}
update_fstab( ) {
# Update fstab .bastille mountpoint on thin containers only
# Set some variables
FSTAB_CONFIG = " ${ bastille_jailsdir } / ${ TARGET_TRIM } /fstab "
2023-11-10 08:09:51 -10:00
FSTAB_RELEASE = $( grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-9])|([0-9]{1,2}-stable-build-[0-9]{1,3})|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)|(current-BUILD-LATEST)' " ${ FSTAB_CONFIG } " )
2020-02-20 18:06:31 -04:00
FSTAB_CURRENT = $( grep -w " .*/releases/.*/jails/ ${ TARGET_TRIM } /root/.bastille " " ${ FSTAB_CONFIG } " )
2020-01-26 19:45:26 -04:00
FSTAB_NEWCONF = " ${ bastille_releasesdir } / ${ FSTAB_RELEASE } ${ bastille_jailsdir } / ${ TARGET_TRIM } /root/.bastille nullfs ro 0 0 "
2020-02-04 13:37:20 -04:00
if [ -n " ${ FSTAB_CURRENT } " ] && [ -n " ${ FSTAB_NEWCONF } " ] ; then
# If both variables are set, compare and update as needed
2020-02-20 18:06:31 -04:00
if ! grep -qw " ${ bastille_releasesdir } / ${ FSTAB_RELEASE } .* ${ bastille_jailsdir } / ${ TARGET_TRIM } /root/.bastille " " ${ FSTAB_CONFIG } " ; then
2020-11-25 21:19:08 -05:00
info "Updating fstab..."
2020-02-20 18:06:31 -04:00
sed -i '' " s| ${ FSTAB_CURRENT } | ${ FSTAB_NEWCONF } | " " ${ FSTAB_CONFIG } "
2020-02-04 13:37:20 -04:00
fi
2020-01-26 19:45:26 -04:00
fi
}
2020-02-18 19:58:59 -04:00
generate_config( ) {
# Attempt to read previous config file and set required variables accordingly
# If we can't get a valid interface, fallback to lo1 and warn user
2020-11-25 21:19:08 -05:00
info "Generating jail.conf..."
2021-11-19 21:24:29 -08:00
DEVFS_RULESET = 4
2020-04-03 07:56:28 -04:00
if [ " ${ FILE_EXT } " = ".zip" ] ; then
# Gather some bits from foreign/iocage config files
JSON_CONFIG = " ${ bastille_jailsdir } / ${ TARGET_TRIM } /config.json "
2020-04-12 19:06:27 -06:00
if [ -n " ${ JSON_CONFIG } " ] ; then
2020-04-11 11:12:03 -04:00
IPV4_CONFIG = $( grep -wo '\"ip4_addr\": \".*\"' " ${ JSON_CONFIG } " | tr -d '" ' | sed 's/ip4_addr://' )
IPV6_CONFIG = $( grep -wo '\"ip6_addr\": \".*\"' " ${ JSON_CONFIG } " | tr -d '" ' | sed 's/ip6_addr://' )
2022-01-09 17:26:27 -08:00
DEVFS_RULESET = $( grep -wo '\"devfs_ruleset\": \".*\"' " ${ JSON_CONFIG } " | tr -d '" ' | sed 's/devfs_ruleset://' )
DEVFS_RULESET = ${ DEVFS_RULESET :- 4 }
IS_THIN_JAIL = $( grep -wo '\"basejail\": .*' " ${ JSON_CONFIG } " | tr -d '" ,' | sed 's/basejail://' )
CONFIG_RELEASE = $( grep -wo '\"release\": \".*\"' " ${ JSON_CONFIG } " | tr -d '" ' | sed 's/release://' | sed 's/\-[pP].*//' )
2022-01-09 19:22:16 -08:00
IS_VNET_JAIL = $( grep -wo '\"vnet\": .*' " ${ JSON_CONFIG } " | tr -d '" ,' | sed 's/vnet://' )
VNET_DEFAULT_INTERFACE = $( grep -wo '\"vnet_default_interface\": \".*\"' " ${ JSON_CONFIG } " | tr -d '" ' | sed 's/vnet_default_interface://' )
2022-01-09 17:26:27 -08:00
ALLOW_EMPTY_DIRS_TO_BE_SYMLINKED = 1
2022-01-09 19:22:16 -08:00
if [ " ${ VNET_DEFAULT_INTERFACE } " = "auto" ] ; then
# Grab the default ipv4 route from netstat and pull out the interface
VNET_DEFAULT_INTERFACE = $( netstat -nr4 | grep default | cut -w -f 4)
fi
2020-04-11 11:12:03 -04:00
fi
2020-04-03 07:56:28 -04:00
elif [ " ${ FILE_EXT } " = ".tar.gz" ] ; then
# Gather some bits from foreign/ezjail config files
PROP_CONFIG = " ${ bastille_jailsdir } / ${ TARGET_TRIM } /prop.ezjail- ${ FILE_TRIM } -* "
2020-04-12 19:06:27 -06:00
if [ -n " ${ PROP_CONFIG } " ] ; then
2020-04-11 11:12:03 -04:00
IPVX_CONFIG = $( grep -wo " jail_ ${ TARGET_TRIM } _ip=.* " ${ PROP_CONFIG } | tr -d '" ' | sed " s/jail_ ${ TARGET_TRIM } _ip=// " )
2022-01-09 17:26:27 -08:00
CONFIG_RELEASE = $( echo ${ PROP_CONFIG } | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g' )
2020-04-11 11:12:03 -04:00
fi
2022-01-09 17:26:27 -08:00
# Always assume it's thin for ezjail
IS_THIN_JAIL = 1
2020-04-03 07:56:28 -04:00
fi
2020-02-18 19:58:59 -04:00
2022-01-09 19:22:16 -08:00
# See if we need to generate a vnet network section
if [ " ${ IS_VNET_JAIL :- 0 } " = "1" ] ; then
NETBLOCK = $( generate_vnet_jail_netblock " ${ TARGET_TRIM } " "" " ${ VNET_DEFAULT_INTERFACE } " )
2023-07-19 10:56:20 -04:00
vnet_requirements
2022-01-09 19:22:16 -08:00
else
# If there are multiple IP/NIC let the user configure network
if [ -n " ${ IPV4_CONFIG } " ] ; then
if ! echo " ${ IPV4_CONFIG } " | grep -q '.*,.*' ; then
NETIF_CONFIG = $( echo " ${ IPV4_CONFIG } " | grep '.*|' | sed 's/|.*//g' )
if [ -z " ${ NETIF_CONFIG } " ] ; then
config_netif
fi
IPX_ADDR = "ip4.addr"
IP_CONFIG = " ${ IPV4_CONFIG } "
IP6_MODE = "disable"
2020-04-03 07:56:28 -04:00
fi
2022-01-09 19:22:16 -08:00
elif [ -n " ${ IPV6_CONFIG } " ] ; then
if ! echo " ${ IPV6_CONFIG } " | grep -q '.*,.*' ; then
NETIF_CONFIG = $( echo " ${ IPV6_CONFIG } " | grep '.*|' | sed 's/|.*//g' )
if [ -z " ${ NETIF_CONFIG } " ] ; then
config_netif
fi
IPX_ADDR = "ip6.addr"
IP_CONFIG = " ${ IPV6_CONFIG } "
IP6_MODE = "new"
2020-04-03 07:56:28 -04:00
fi
2022-01-09 19:22:16 -08:00
elif [ -n " ${ IPVX_CONFIG } " ] ; then
if ! echo " ${ IPVX_CONFIG } " | grep -q '.*,.*' ; then
NETIF_CONFIG = $( echo " ${ IPVX_CONFIG } " | grep '.*|' | sed 's/|.*//g' )
if [ -z " ${ NETIF_CONFIG } " ] ; then
config_netif
fi
IPX_ADDR = "ip4.addr"
IP_CONFIG = " ${ IPVX_CONFIG } "
IP6_MODE = "disable"
if echo " ${ IPVX_CONFIG } " | sed 's/.*|//' | grep -Eq '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$))' ; then
IPX_ADDR = "ip6.addr"
IP6_MODE = "new"
fi
2020-04-03 07:56:28 -04:00
fi
2022-01-09 19:22:16 -08:00
fi
# Let the user configure network manually
if [ -z " ${ NETIF_CONFIG } " ] ; then
NETIF_CONFIG = "lo1"
2020-04-03 07:56:28 -04:00
IPX_ADDR = "ip4.addr"
2022-01-09 19:22:16 -08:00
IP_CONFIG = "-"
2020-04-03 07:56:28 -04:00
IP6_MODE = "disable"
2022-01-09 19:22:16 -08:00
warn " Warning: See 'bastille edit ${ TARGET_TRIM } jail.conf' for manual network configuration. "
2020-04-03 07:56:28 -04:00
fi
2020-02-18 19:58:59 -04:00
2022-01-09 19:22:16 -08:00
NETBLOCK = $( cat <<-EOF
interface = ${ NETIF_CONFIG } ;
${ IPX_ADDR } = ${ IP_CONFIG } ;
ip6 = ${ IP6_MODE } ;
EOF
)
2020-02-18 19:58:59 -04:00
fi
2022-01-09 17:26:27 -08:00
if [ " ${ IS_THIN_JAIL :- 0 } " = "1" ] ; then
2020-04-03 07:56:28 -04:00
if [ -z " ${ CONFIG_RELEASE } " ] ; then
# Fallback to host version
CONFIG_RELEASE = $( freebsd-version | sed 's/\-[pP].*//' )
2020-11-25 21:19:08 -05:00
warn " Warning: ${ CONFIG_RELEASE } was set by default! "
2020-04-03 07:56:28 -04:00
fi
mkdir " ${ bastille_jailsdir } / ${ TARGET_TRIM } /root/.bastille "
echo " ${ bastille_releasesdir } / ${ CONFIG_RELEASE } ${ bastille_jailsdir } / ${ TARGET_TRIM } /root/.bastille nullfs ro 0 0 " \
>> " ${ bastille_jailsdir } / ${ TARGET_TRIM } /fstab "
# Work with the symlinks
cd " ${ bastille_jailsdir } / ${ TARGET_TRIM } /root "
update_symlinks
else
# Generate new empty fstab file
touch " ${ bastille_jailsdir } / ${ TARGET_TRIM } /fstab "
fi
2020-02-18 19:58:59 -04:00
# Generate a basic jail configuration file on foreign imports
2020-02-20 18:06:31 -04:00
cat << EOF > "${bastille_jailsdir}/${TARGE T_TRIM} /jail.conf"
2020-02-18 19:58:59 -04:00
${ TARGET_TRIM } {
2021-11-19 21:24:29 -08:00
devfs_ruleset = ${ DEVFS_RULESET } ;
2020-02-18 19:58:59 -04:00
enforce_statfs = 2;
exec.clean;
exec.consolelog = ${ bastille_logsdir } /${ TARGET_TRIM } _console.log;
exec.start = '/bin/sh /etc/rc' ;
exec.stop = '/bin/sh /etc/rc.shutdown' ;
host.hostname = ${ TARGET_TRIM } ;
mount.devfs;
mount.fstab = ${ bastille_jailsdir } /${ TARGET_TRIM } /fstab;
path = ${ bastille_jailsdir } /${ TARGET_TRIM } /root;
securelevel = 2;
2022-01-09 19:22:16 -08:00
${ NETBLOCK }
2020-02-18 19:58:59 -04:00
}
EOF
}
2020-04-11 11:12:03 -04:00
update_config( ) {
# Update an existing jail configuration
# The config on select archives does not provide a clear way to determine
# the base release, so lets try to get it from the base/COPYRIGHT file,
# otherwise warn user and fallback to host system release
CONFIG_RELEASE = $( grep -wo 'releng/[0-9]\{2\}.[0-9]/COPYRIGHT' " ${ bastille_jailsdir } / ${ TARGET_TRIM } /root/COPYRIGHT " | sed 's|releng/||;s|/COPYRIGHT|-RELEASE|' )
if [ -z " ${ CONFIG_RELEASE } " ] ; then
# Fallback to host version
CONFIG_RELEASE = $( freebsd-version | sed 's/\-[pP].*//' )
2020-11-25 21:19:08 -05:00
warn " Warning: ${ CONFIG_RELEASE } was set by default! "
2020-04-11 11:12:03 -04:00
fi
mkdir " ${ bastille_jailsdir } / ${ TARGET_TRIM } /root/.bastille "
echo " ${ bastille_releasesdir } / ${ CONFIG_RELEASE } ${ bastille_jailsdir } / ${ TARGET_TRIM } /root/.bastille nullfs ro 0 0 " \
>> " ${ bastille_jailsdir } / ${ TARGET_TRIM } /fstab "
# Work with the symlinks
cd " ${ bastille_jailsdir } / ${ TARGET_TRIM } /root "
update_symlinks
}
workout_components( ) {
if [ " ${ FILE_EXT } " = ".tar" ] ; then
# Workaround to determine the tarball path/components before extract(assumes path/jails/target)
JAIL_PATH = $( tar -tvf ${ bastille_backupsdir } /${ TARGET } | grep -wo " /.*/jails/ ${ TARGET_TRIM } " | tail -n1)
JAIL_DIRS = $( echo ${ JAIL_PATH } | grep -o '/' | wc -l)
DIRS_PLUS = $( expr ${ JAIL_DIRS } + 1)
# Workaround to determine the jail.conf path before extract(assumes path/qjail.config/target)
JAIL_CONF = $( tar -tvf ${ bastille_backupsdir } /${ TARGET } | grep -wo " /.*/qjail.config/ ${ TARGET_TRIM } " )
CONF_TRIM = $( echo ${ JAIL_CONF } | grep -o '/' | wc -l)
fi
}
2023-07-19 10:56:20 -04:00
vnet_requirements( ) {
# VNET jib script requirement
if [ ! " $( command -v jib) " ] ; then
if [ -f "/usr/share/examples/jails/jib" ] && [ ! -f "/usr/local/bin/jib" ] ; then
install -m 0544 /usr/share/examples/jails/jib /usr/local/bin/jib
else
warn "Warning: Unable to locate/install jib script required by VNET jails."
fi
fi
}
2020-04-03 07:56:28 -04:00
config_netif( ) {
# Get interface from bastille configuration
2020-04-12 17:04:37 -06:00
if [ -n " ${ bastille_network_loopback } " ] ; then
NETIF_CONFIG = " ${ bastille_network_loopback } "
elif [ -n " ${ bastille_network_shared } " ] ; then
NETIF_CONFIG = " ${ bastille_network_shared } "
2020-04-03 07:56:28 -04:00
else
NETIF_CONFIG =
fi
}
update_symlinks( ) {
# Work with the symlinks
SYMLINKS = "bin boot lib libexec rescue sbin usr/bin usr/include usr/lib usr/lib32 usr/libdata usr/libexec usr/ports usr/sbin usr/share usr/src"
2020-04-04 09:46:56 -04:00
# Just warn user to bootstrap the release if missing
if [ ! -d " ${ bastille_releasesdir } / ${ CONFIG_RELEASE } " ] ; then
2020-11-25 21:19:08 -05:00
warn " Warning: ${ CONFIG_RELEASE } must be bootstrapped. See 'bastille bootstrap'. "
2020-04-03 07:56:28 -04:00
fi
2020-04-04 09:46:56 -04:00
# Update old symlinks
2020-11-25 21:19:08 -05:00
info "Updating symlinks..."
2020-04-04 09:46:56 -04:00
for _link in ${ SYMLINKS } ; do
if [ -L " ${ _link } " ] ; then
ln -sf /.bastille/${ _link } ${ _link }
2022-01-09 17:26:27 -08:00
elif [ " ${ ALLOW_EMPTY_DIRS_TO_BE_SYMLINKED :- 0 } " = "1" -a -d " ${ _link } " ] ; then
# -F will enforce that the directory is empty and replaced by the symlink
ln -sfF /.bastille/${ _link } ${ _link } || EXIT_CODE = $?
if [ " ${ EXIT_CODE :- 0 } " != "0" ] ; then
# Assume that the failure was due to the directory not being empty and explain the problem in friendlier terms
warn " Warning: directory ${ _link } on imported jail was not empty and will not be updated by Bastille "
fi
2020-04-04 09:46:56 -04:00
fi
done
2020-04-03 07:56:28 -04:00
}
2020-04-11 11:12:03 -04:00
create_zfs_datasets( ) {
# Prepare the ZFS environment and restore from file
2020-11-25 21:19:08 -05:00
info " Importing ' ${ TARGET_TRIM } ' from foreign compressed ${ FILE_EXT } archive. "
info "Preparing ZFS environment..."
2020-04-11 11:12:03 -04:00
# Create required ZFS datasets, mountpoint inherited from system
zfs create ${ bastille_zfs_options } " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /jails/ ${ TARGET_TRIM } "
zfs create ${ bastille_zfs_options } " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /jails/ ${ TARGET_TRIM } /root "
}
remove_zfs_datasets( ) {
# Perform cleanup on failure
zfs destroy " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /jails/ ${ TARGET_TRIM } /root "
zfs destroy " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /jails/ ${ TARGET_TRIM } "
2020-08-30 10:57:14 -04:00
error_exit " Failed to extract files from ' ${ TARGET } ' archive. "
2020-04-11 11:12:03 -04:00
}
2020-01-26 19:45:26 -04:00
jail_import( ) {
# Attempt to import container from file
2021-07-07 05:05:38 -04:00
FILE_TRIM = $( echo " ${ TARGET } " | sed 's/\.xz//g;s/\.gz//g;s/\.tgz//g;s/\.txz//g;s/\.zip//g;s/\.tar\.gz//g;s/\.tar//g' )
2020-04-03 07:56:28 -04:00
FILE_EXT = $( echo " ${ TARGET } " | sed " s/ ${ FILE_TRIM } //g " )
2020-01-26 19:45:26 -04:00
if [ -d " ${ bastille_jailsdir } " ] ; then
if [ " ${ bastille_zfs_enable } " = "YES" ] ; then
2020-02-20 18:06:31 -04:00
if [ -n " ${ bastille_zfs_zpool } " ] ; then
2020-04-03 07:56:28 -04:00
if [ " ${ FILE_EXT } " = ".xz" ] ; then
2021-07-10 08:35:50 -04:00
validate_archive
2020-01-26 19:45:26 -04:00
# Import from compressed xz on ZFS systems
2021-07-07 05:05:38 -04:00
info " Importing ' ${ TARGET_TRIM } ' from compressed ${ FILE_EXT } image. "
2020-11-25 21:19:08 -05:00
info "Receiving ZFS data stream..."
2020-02-20 18:06:31 -04:00
xz ${ bastille_decompress_xz_options } " ${ bastille_backupsdir } / ${ TARGET } " | \
2021-07-07 05:05:38 -04:00
zfs receive ${ OPT_ZRECV } " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /jails/ ${ TARGET_TRIM } "
# Update ZFS mountpoint property if required
update_zfsmount
elif [ " ${ FILE_EXT } " = ".gz" ] ; then
2021-07-10 08:35:50 -04:00
validate_archive
2021-07-07 05:05:38 -04:00
# Import from compressed xz on ZFS systems
info " Importing ' ${ TARGET_TRIM } ' from compressed ${ FILE_EXT } image. "
info "Receiving ZFS data stream..."
gzip ${ bastille_decompress_gz_options } " ${ bastille_backupsdir } / ${ TARGET } " | \
2021-07-08 13:48:02 -04:00
zfs receive ${ OPT_ZRECV } " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /jails/ ${ TARGET_TRIM } "
2020-01-26 19:45:26 -04:00
# Update ZFS mountpoint property if required
update_zfsmount
2020-04-03 07:56:28 -04:00
elif [ " ${ FILE_EXT } " = ".txz" ] ; then
2021-07-10 08:35:50 -04:00
validate_archive
2020-04-08 06:47:33 -04:00
# Prepare the ZFS environment and restore from existing .txz file
2020-04-11 11:12:03 -04:00
create_zfs_datasets
2020-01-26 19:45:26 -04:00
# Extract required files to the new datasets
2020-11-25 21:19:08 -05:00
info " Extracting files from ' ${ TARGET } ' archive... "
2020-04-03 07:56:28 -04:00
tar --exclude= 'root' -Jxf " ${ bastille_backupsdir } / ${ TARGET } " --strip-components 1 -C " ${ bastille_jailsdir } / ${ TARGET_TRIM } "
2020-02-20 18:06:31 -04:00
tar -Jxf " ${ bastille_backupsdir } / ${ TARGET } " --strip-components 2 -C " ${ bastille_jailsdir } / ${ TARGET_TRIM } /root " " ${ TARGET_TRIM } /root "
if [ " $? " -ne 0 ] ; then
2020-04-11 11:12:03 -04:00
remove_zfs_datasets
2020-01-26 19:45:26 -04:00
fi
2021-07-07 05:05:38 -04:00
elif [ " ${ FILE_EXT } " = ".tgz" ] ; then
2021-07-10 08:35:50 -04:00
validate_archive
2021-07-07 05:05:38 -04:00
# Prepare the ZFS environment and restore from existing .tgz file
create_zfs_datasets
# Extract required files to the new datasets
info " Extracting files from ' ${ TARGET } ' archive... "
tar --exclude= 'root' -xf " ${ bastille_backupsdir } / ${ TARGET } " --strip-components 1 -C " ${ bastille_jailsdir } / ${ TARGET_TRIM } "
tar -xf " ${ bastille_backupsdir } / ${ TARGET } " --strip-components 2 -C " ${ bastille_jailsdir } / ${ TARGET_TRIM } /root " " ${ TARGET_TRIM } /root "
if [ " $? " -ne 0 ] ; then
remove_zfs_datasets
fi
2020-04-03 07:56:28 -04:00
elif [ " ${ FILE_EXT } " = ".zip" ] ; then
2021-07-10 08:35:50 -04:00
validate_archive
2020-04-03 07:56:28 -04:00
# Attempt to import a foreign/iocage container
2020-11-25 21:19:08 -05:00
info " Importing ' ${ TARGET_TRIM } ' from foreign compressed ${ FILE_EXT } archive. "
2020-11-27 19:20:47 -05:00
# Sane bastille ZFS options
2020-02-18 19:58:59 -04:00
ZFS_OPTIONS = $( echo ${ bastille_zfs_options } | sed 's/-o//g' )
# Extract required files from the zip archive
2020-02-20 18:06:31 -04:00
cd " ${ bastille_backupsdir } " && unzip -j " ${ TARGET } "
if [ " $? " -ne 0 ] ; then
2020-08-30 10:57:14 -04:00
error_exit " Failed to extract files from ' ${ TARGET } ' archive. "
2020-02-20 18:06:31 -04:00
rm -f " ${ FILE_TRIM } " " ${ FILE_TRIM } _root "
2020-02-18 19:58:59 -04:00
fi
2020-11-25 21:19:08 -05:00
info "Receiving ZFS data stream..."
2021-07-07 05:05:38 -04:00
zfs receive ${ OPT_ZRECV } " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /jails/ ${ TARGET_TRIM } " < " ${ FILE_TRIM } "
2020-02-20 18:06:31 -04:00
zfs set ${ ZFS_OPTIONS } " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /jails/ ${ TARGET_TRIM } "
2021-07-07 05:05:38 -04:00
zfs receive ${ OPT_ZRECV } " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /jails/ ${ TARGET_TRIM } /root " < " ${ FILE_TRIM } _root "
2020-02-18 19:58:59 -04:00
# Update ZFS mountpoint property if required
update_zfsmount
# Keep old configuration files for user reference
if [ -f " ${ bastille_jailsdir } / ${ TARGET_TRIM } /fstab " ] ; then
2020-02-20 18:06:31 -04:00
mv " ${ bastille_jailsdir } / ${ TARGET_TRIM } /fstab " " ${ bastille_jailsdir } / ${ TARGET_TRIM } /fstab.old "
2020-02-18 19:58:59 -04:00
fi
# Cleanup unwanted files
2020-02-20 18:06:31 -04:00
rm -f " ${ FILE_TRIM } " " ${ FILE_TRIM } _root "
2020-02-18 19:58:59 -04:00
# Generate fstab and jail.conf files
generate_config
2020-04-03 07:56:28 -04:00
elif [ " ${ FILE_EXT } " = ".tar.gz" ] ; then
# Attempt to import a foreign/ezjail container
2020-04-08 06:47:33 -04:00
# Prepare the ZFS environment and restore from existing .tar.gz file
2020-04-11 11:12:03 -04:00
create_zfs_datasets
2020-04-03 07:56:28 -04:00
# Extract required files to the new datasets
2020-11-25 21:19:08 -05:00
info " Extracting files from ' ${ TARGET } ' archive... "
2020-04-03 07:56:28 -04:00
tar --exclude= 'ezjail/' -xf " ${ bastille_backupsdir } / ${ TARGET } " -C " ${ bastille_jailsdir } / ${ TARGET_TRIM } "
tar -xf " ${ bastille_backupsdir } / ${ TARGET } " --strip-components 1 -C " ${ bastille_jailsdir } / ${ TARGET_TRIM } /root "
if [ " $? " -ne 0 ] ; then
2020-04-11 11:12:03 -04:00
remove_zfs_datasets
2020-04-03 07:56:28 -04:00
else
generate_config
fi
2020-04-11 11:12:03 -04:00
elif [ " ${ FILE_EXT } " = ".tar" ] ; then
# Attempt to import a foreign/qjail container
# Prepare the ZFS environment and restore from existing .tar file
create_zfs_datasets
workout_components
# Extract required files to the new datasets
2020-11-25 21:19:08 -05:00
info " Extracting files from ' ${ TARGET } ' archive... "
2020-04-11 11:12:03 -04:00
tar -xf " ${ bastille_backupsdir } / ${ TARGET } " --strip-components " ${ CONF_TRIM } " -C " ${ bastille_jailsdir } / ${ TARGET_TRIM } " " ${ JAIL_CONF } "
tar -xf " ${ bastille_backupsdir } / ${ TARGET } " --strip-components " ${ DIRS_PLUS } " -C " ${ bastille_jailsdir } / ${ TARGET_TRIM } /root " " ${ JAIL_PATH } "
if [ -f " ${ bastille_jailsdir } / ${ TARGET_TRIM } / ${ TARGET_TRIM } " ] ; then
mv " ${ bastille_jailsdir } / ${ TARGET_TRIM } / ${ TARGET_TRIM } " " ${ bastille_jailsdir } / ${ TARGET_TRIM } /jail.conf "
fi
if [ " $? " -ne 0 ] ; then
remove_zfs_datasets
else
update_config
fi
2021-07-07 05:05:38 -04:00
elif [ -z " ${ FILE_EXT } " ] ; then
if echo " ${ TARGET } " | grep -q '_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}-[0-9]\{6\}$' ; then
2021-07-10 08:35:50 -04:00
validate_archive
# Based on the file name, looks like we are importing a raw bastille image
# Import from uncompressed image file
info " Importing ' ${ TARGET_TRIM } ' from uncompressed image archive. "
info "Receiving ZFS data stream..."
zfs receive ${ OPT_ZRECV } " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /jails/ ${ TARGET_TRIM } " < " ${ bastille_backupsdir } / ${ TARGET } "
# Update ZFS mountpoint property if required
update_zfsmount
else
# Based on the file name, looks like we are importing from previous redirected bastille image
# Quietly import from previous redirected bastille image
if ! zfs receive ${ OPT_ZRECV } " ${ bastille_zfs_zpool } / ${ bastille_zfs_prefix } /jails/ ${ TARGET } " ; then
exit 1
else
# Update ZFS mountpoint property if required
update_zfsmount
fi
2021-07-07 05:05:38 -04:00
fi
2020-01-26 19:45:26 -04:00
else
2020-08-30 10:57:14 -04:00
error_exit "Unknown archive format."
2020-01-26 19:45:26 -04:00
fi
fi
else
2020-04-11 11:12:03 -04:00
# Import from standard supported archives on UFS systems
2020-04-03 07:56:28 -04:00
if [ " ${ FILE_EXT } " = ".txz" ] ; then
2020-11-25 21:19:08 -05:00
info " Extracting files from ' ${ TARGET } ' archive... "
2020-02-20 18:06:31 -04:00
tar -Jxf " ${ bastille_backupsdir } / ${ TARGET } " -C " ${ bastille_jailsdir } "
2021-07-08 17:41:27 -04:00
elif [ " ${ FILE_EXT } " = ".tgz" ] ; then
info " Extracting files from ' ${ TARGET } ' archive... "
tar -xf " ${ bastille_backupsdir } / ${ TARGET } " -C " ${ bastille_jailsdir } "
2020-04-03 07:56:28 -04:00
elif [ " ${ FILE_EXT } " = ".tar.gz" ] ; then
2020-04-11 11:12:03 -04:00
# Attempt to import/configure foreign/ezjail container
2020-11-25 21:19:08 -05:00
info " Extracting files from ' ${ TARGET } ' archive... "
2020-04-03 07:56:28 -04:00
mkdir " ${ bastille_jailsdir } / ${ TARGET_TRIM } "
tar -xf " ${ bastille_backupsdir } / ${ TARGET } " -C " ${ bastille_jailsdir } / ${ TARGET_TRIM } "
mv " ${ bastille_jailsdir } / ${ TARGET_TRIM } /ezjail " " ${ bastille_jailsdir } / ${ TARGET_TRIM } /root "
generate_config
2020-04-11 11:12:03 -04:00
elif [ " ${ FILE_EXT } " = ".tar" ] ; then
# Attempt to import/configure foreign/qjail container
2020-11-25 21:19:08 -05:00
info " Extracting files from ' ${ TARGET } ' archive... "
2020-04-11 11:12:03 -04:00
mkdir -p " ${ bastille_jailsdir } / ${ TARGET_TRIM } /root "
workout_components
tar -xf " ${ bastille_backupsdir } / ${ TARGET } " --strip-components " ${ CONF_TRIM } " -C " ${ bastille_jailsdir } / ${ TARGET_TRIM } " " ${ JAIL_CONF } "
tar -xf " ${ bastille_backupsdir } / ${ TARGET } " --strip-components " ${ DIRS_PLUS } " -C " ${ bastille_jailsdir } / ${ TARGET_TRIM } /root " " ${ JAIL_PATH } "
if [ -f " ${ bastille_jailsdir } / ${ TARGET_TRIM } / ${ TARGET_TRIM } " ] ; then
mv " ${ bastille_jailsdir } / ${ TARGET_TRIM } / ${ TARGET_TRIM } " " ${ bastille_jailsdir } / ${ TARGET_TRIM } /jail.conf "
fi
update_config
2020-02-18 19:58:59 -04:00
else
2020-08-30 10:57:14 -04:00
error_exit "Unsupported archive format."
2020-02-18 19:58:59 -04:00
fi
2020-01-26 19:45:26 -04:00
fi
2020-02-20 18:06:31 -04:00
if [ " $? " -ne 0 ] ; then
2020-08-30 10:57:14 -04:00
error_exit " Failed to import from ' ${ TARGET } ' archive. "
2020-01-26 19:45:26 -04:00
else
# Update the jail.conf and fstab if required
# This is required on foreign imports only
update_jailconf
update_fstab
2021-07-10 08:35:50 -04:00
if [ -z " ${ USER_IMPORT } " ] ; then
info " Container ' ${ TARGET_TRIM } ' imported successfully. "
fi
2020-01-26 19:45:26 -04:00
exit 0
fi
else
2020-08-30 10:57:14 -04:00
error_exit "Jails directory/dataset does not exist. See 'bastille bootstrap'."
2020-01-26 19:45:26 -04:00
fi
}
2020-04-04 09:46:56 -04:00
# Check for user specified file location
if echo " ${ TARGET } " | grep -q '\/' ; then
GETDIR = " ${ TARGET } "
TARGET = $( echo ${ TARGET } | awk -F '\/' '{print $NF}' )
bastille_backupsdir = $( echo ${ GETDIR } | sed " s/ ${ TARGET } // " )
2020-04-04 10:23:43 -04:00
fi
# Check if backups directory/dataset exist
if [ ! -d " ${ bastille_backupsdir } " ] ; then
2020-08-30 10:57:14 -04:00
error_exit "Backups directory/dataset does not exist. See 'bastille bootstrap'."
2020-01-26 19:45:26 -04:00
fi
2020-01-28 18:57:51 -04:00
# Check if archive exist then trim archive name
2020-04-04 09:46:56 -04:00
if [ -f " ${ bastille_backupsdir } / ${ TARGET } " ] ; then
2020-04-14 11:52:29 +02:00
# Filter unsupported/unknown archives
2021-07-07 05:05:38 -04:00
if echo " ${ TARGET } " | grep -q '_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}-[0-9]\{6\}$\|_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}-[0-9]\{6\}.xz$\|_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}-[0-9]\{6\}$\|_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}-[0-9]\{6\}.gz$\|_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}-[0-9]\{6\}$\|_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}-[0-9]\{6\}.tgz$\|_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}-[0-9]\{6\}.txz$\|_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}.zip$\|-[0-9]\{12\}.[0-9]\{2\}.tar.gz$\|@[0-9]\{12\}.[0-9]\{2\}.tar$' ; then
2020-04-11 11:12:03 -04:00
if ls " ${ bastille_backupsdir } " | awk " /^ ${ TARGET } $/ " >/dev/null; then
2021-07-07 05:05:38 -04:00
TARGET_TRIM = $( echo " ${ TARGET } " | sed "s/_[0-9]*-[0-9]*-[0-9]*-[0-9]*.xz//;s/_[0-9]*-[0-9]*-[0-9]*-[0-9]*.gz//;s/_[0-9]*-[0-9]*-[0-9]*-[0-9]*.tgz//;s/_[0-9]*-[0-9]*-[0-9]*-[0-9]*.txz//;s/_[0-9]*-[0-9]*-[0-9]*.zip//;s/-[0-9]\{12\}.[0-9]\{2\}.tar.gz//;s/@[0-9]\{12\}.[0-9]\{2\}.tar//;s/_[0-9]*-[0-9]*-[0-9]*-[0-9]*//" )
2020-04-11 11:12:03 -04:00
fi
else
2020-08-30 10:57:14 -04:00
error_exit "Unrecognized archive name."
2020-04-04 09:46:56 -04:00
fi
2020-01-28 18:57:51 -04:00
else
2021-07-10 08:35:50 -04:00
if echo " ${ TARGET } " | grep -q '_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}-[0-9]\{6\}.*$' ; then
error_exit " Archive ' ${ TARGET } ' not found. "
else
# Assume user will import from standard input
TARGET_TRIM = ${ TARGET }
USER_IMPORT = "1"
fi
2020-01-28 18:57:51 -04:00
fi
2020-01-26 19:45:26 -04:00
# Check if a running jail matches name or already exist
2021-12-17 19:09:49 -07:00
if [ -n " $( /usr/sbin/jls name | awk " /^ ${ TARGET_TRIM } $/ " ) " ] ; then
2020-08-30 10:57:14 -04:00
error_exit "A running jail matches name."
2021-07-10 08:35:50 -04:00
elif [ -n " ${ TARGET_TRIM } " ] ; then
if [ -d " ${ bastille_jailsdir } / ${ TARGET_TRIM } " ] ; then
error_exit " Container: ${ TARGET_TRIM } already exists. "
fi
2020-01-26 19:45:26 -04:00
fi
2021-07-07 05:05:38 -04:00
if [ -n " ${ TARGET } " ] ; then
jail_import
fi
