Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2026-01-04 11:43:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #250 from chriswells0/error-functions

Browse Source 
Create and leverage global error functions
This commit is contained in:
Christer Edwards
2020-09-22 09:47:23 -06:00
committed by GitHub
parent a4fcf0100b aaffc882f9
commit 976aa077b6
31 changed files with 228 additions and 313 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
usr/local/bin/bastille
View File

@@ -30,19 +30,14 @@
PATH=${PATH}:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
bastille_colors_pre() {
## so we can make it colorful
. /usr/local/share/bastille/colors.pre.sh
}
. /usr/local/share/bastille/common.sh
## root check first.
bastille_root_check() {
if [ "$(id -u)" -ne 0 ]; then
bastille_colors_pre
## permission denied
echo -e "${COLOR_RED}Bastille: Permission Denied${COLOR_RESET}" 1>&2
echo -e "${COLOR_RED}root / sudo / doas required${COLOR_RESET}" 1>&2
exit 1
error_notify "Bastille: Permission Denied"
error_exit "root / sudo / doas required"
fi
}
@@ -51,9 +46,7 @@ bastille_root_check
## check for config existance
bastille_conf_check() {
if [ ! -r "/usr/local/etc/bastille/bastille.conf" ]; then
bastille_colors_pre
echo -e "${COLOR_RED}Missing Configuration${COLOR_RESET}" 1>&2
exit 1
error_exit "Missing Configuration"
fi
}
@@ -68,11 +61,8 @@ bastille_perms_check() {
if [ -d "${bastille_prefix}" ]; then
BASTILLE_PREFIX_PERMS=$(stat -f "%Op" "${bastille_prefix}")
if [ "${BASTILLE_PREFIX_PERMS}" != 40750 ]; then
bastille_colors_pre
echo -e "${COLOR_RED}Insecure permissions on ${bastille_prefix}${COLOR_RESET}" 1>&2
echo -e "${COLOR_RED}Try: chmod 0750 ${bastille_prefix}${COLOR_RESET}" 1>&2
echo
exit 1
error_notify "Insecure permissions on ${bastille_prefix}"
error_exit "Try: chmod 0750 ${bastille_prefix}"
fi
fi
}
@@ -137,7 +127,6 @@ shift
# Handle special-case commands first.
case "${CMD}" in
version|-v|--version)
bastille_colors_pre
echo -e "${COLOR_GREEN}${BASTILLE_VERSION}${COLOR_RESET}"
exit 0
;;
@@ -170,7 +159,5 @@ if [ -f "${SCRIPTPATH}" ]; then
exec "${SH}" "${SCRIPTPATH}" "$@"
else
bastille_colors_pre
echo -e "${COLOR_RED}${SCRIPTPATH} not found.${COLOR_RESET}" 1>&2
exit 1
error_exit "${SCRIPTPATH} not found."
fi

49
usr/local/share/bastille/bootstrap.sh
View File

@@ -28,12 +28,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille bootstrap [release|template] [update|arch].${COLOR_RESET}"
exit 1
error_exit "Usage: bastille bootstrap [release|template] [update|arch]"
}
# Handle special-case commands first.
@@ -47,21 +46,17 @@ esac
if [ "${bastille_zfs_enable}" = "YES" ]; then
## check for the ZFS pool and bastille prefix
if [ -z "${bastille_zfs_zpool}" ]; then
echo -e "${COLOR_RED}ERROR: Missing ZFS parameters, see bastille_zfs_zpool.${COLOR_RESET}"
exit 1
error_exit "ERROR: Missing ZFS parameters. See bastille_zfs_zpool."
elif [ -z "${bastille_zfs_prefix}" ]; then
echo -e "${COLOR_RED}ERROR: Missing ZFS parameters, see bastille_zfs_prefix.${COLOR_RESET}"
exit 1
error_exit "ERROR: Missing ZFS parameters. See bastille_zfs_prefix."
elif ! zfs list "${bastille_zfs_zpool}" > /dev/null 2>&1; then
echo -e "${COLOR_RED}ERROR: ${bastille_zfs_zpool} is not a ZFS pool.${COLOR_RESET}"
exit 1
error_exit "ERROR: ${bastille_zfs_zpool} is not a ZFS pool."
fi
## check for the ZFS dataset prefix if already exist
if [ -d "/${bastille_zfs_zpool}/${bastille_zfs_prefix}" ]; then
if ! zfs list "${bastille_zfs_zpool}/${bastille_zfs_prefix}" > /dev/null 2>&1; then
echo -e "${COLOR_RED}ERROR: ${bastille_zfs_zpool}/${bastille_zfs_prefix} is not a ZFS dataset.${COLOR_RESET}"
exit 1
error_exit "ERROR: ${bastille_zfs_zpool}/${bastille_zfs_prefix} is not a ZFS dataset."
fi
fi
fi
@@ -71,8 +66,7 @@ validate_release_url() {
if [ -n "${NAME_VERIFY}" ]; then
RELEASE="${NAME_VERIFY}"
if ! fetch -qo /dev/null "${UPSTREAM_URL}/MANIFEST" 2>/dev/null; then
echo -e "${COLOR_RED}Unable to fetch MANIFEST, See 'bootstrap urls'.${COLOR_RESET}"
exit 1
error_exit "Unable to fetch MANIFEST. See 'bootstrap urls'."
fi
echo -e "${COLOR_GREEN}Bootstrapping ${PLATFORM_OS} distfiles...${COLOR_RESET}"
@@ -207,8 +201,7 @@ bootstrap_release() {
## check if release already bootstrapped, else continue bootstrapping
if [ -z "${bastille_bootstrap_archives}" ]; then
echo -e "${COLOR_RED}Bootstrap appears complete.${COLOR_RESET}"
exit 1
error_exit "Bootstrap appears complete."
else
echo -e "${COLOR_GREEN}Bootstrapping additional distfiles...${COLOR_RESET}"
fi
@@ -224,8 +217,7 @@ bootstrap_release() {
touch "${bastille_releasesdir}/${RELEASE}/root/.hushlogin"
touch "${bastille_releasesdir}/${RELEASE}/usr/share/skel/dot.hushlogin"
else
echo -e "${COLOR_RED}Failed to extract ${_archive}.txz.${COLOR_RESET}"
exit 1
error_exit "Failed to extract ${_archive}.txz."
fi
else
## get the manifest for dist files checksum validation
@@ -255,8 +247,7 @@ bootstrap_release() {
rm -rf "${bastille_releasesdir}/${RELEASE}"
fi
fi
echo -e "${COLOR_RED}Bootstrap failed.${COLOR_RESET}"
exit 1
error_exit "Bootstrap failed."
fi
## fetch for missing dist files
@@ -264,7 +255,7 @@ bootstrap_release() {
fetch "${UPSTREAM_URL}/${_archive}.txz" -o "${bastille_cachedir}/${RELEASE}/${_archive}.txz"
if [ "$?" -ne 0 ]; then
## alert only if unable to fetch additional dist files
echo -e "${COLOR_RED}Failed to fetch ${_archive}.txz.${COLOR_RESET}"
error_notify "Failed to fetch ${_archive}.txz."
fi
fi
@@ -273,9 +264,8 @@ bootstrap_release() {
SHA256_DIST=$(grep -w "${_archive}.txz" "${bastille_cachedir}/${RELEASE}/MANIFEST" | awk '{print $2}')
SHA256_FILE=$(sha256 -q "${bastille_cachedir}/${RELEASE}/${_archive}.txz")
if [ "${SHA256_FILE}" != "${SHA256_DIST}" ]; then
echo -e "${COLOR_RED}Failed validation for ${_archive}.txz, please retry bootstrap!${COLOR_RESET}"
rm "${bastille_cachedir}/${RELEASE}/${_archive}.txz"
exit 1
error_exit "Failed validation for ${_archive}.txz. Please retry bootstrap!"
else
echo -e "${COLOR_GREEN}Validated checksum for ${RELEASE}:${_archive}.txz.${COLOR_RESET}"
echo -e "${COLOR_GREEN}MANIFEST:${SHA256_DIST}${COLOR_RESET}"
@@ -291,8 +281,7 @@ bootstrap_release() {
touch "${bastille_releasesdir}/${RELEASE}/root/.hushlogin"
touch "${bastille_releasesdir}/${RELEASE}/usr/share/skel/dot.hushlogin"
else
echo -e "${COLOR_RED}Failed to extract ${_archive}.txz.${COLOR_RESET}"
exit 1
error_exit "Failed to extract ${_archive}.txz."
fi
fi
fi
@@ -325,16 +314,15 @@ bootstrap_template() {
## support for non-git
if [ ! -x "$(which git)" ]; then
echo -e "${COLOR_RED}Git not found.${COLOR_RESET}"
echo -e "${COLOR_RED}Not yet implemented.${COLOR_RESET}"
exit 1
error_notify "Git not found."
error_exit "Not yet implemented."
elif [ -x "$(which git)" ]; then
if [ ! -d "${_template}/.git" ]; then
$(which git) clone "${_url}" "${_template}" ||\
echo -e "${COLOR_RED}Clone unsuccessful.${COLOR_RESET}"
error_notify "Clone unsuccessful."
elif [ -d "${_template}/.git" ]; then
cd "${_template}" && $(which git) pull ||\
echo -e "${COLOR_RED}Template update unsuccessful.${COLOR_RESET}"
error_notify "Template update unsuccessful."
fi
fi
@@ -353,8 +341,7 @@ if [ -n "${OPTION}" ] && [ "${OPTION}" != "${HW_MACHINE}" ] && [ "${OPTION}" !=
HW_MACHINE="i386"
HW_MACHINE_ARCH="i386"
else
echo -e "${COLOR_RED}Unsupported architecture.${COLOR_RESET}"
exit 1
error_exit "Unsupported architecture."
fi
fi

29
usr/local/share/bastille/clone.sh
View File

@@ -28,17 +28,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille clone [TARGET] [NEW_NAME] [IPADRESS].${COLOR_RESET}"
exit 1
}
error_notify() {
# Notify message on error and exit
echo -e "$*" >&2
exit 1
usage() {
error_exit "Usage: bastille clone [TARGET] [NEW_NAME] [IPADRESS]"
}
# Handle special-case commands first
@@ -73,8 +67,7 @@ validate_ip() {
set ${TEST_IP}
for quad in 1 2 3 4; do
if eval [ \$$quad -gt 255 ]; then
echo "Invalid: (${TEST_IP})"
exit 1
error_exit "Invalid: (${TEST_IP})"
fi
done
if ifconfig | grep -qw "${TEST_IP}"; then
@@ -83,8 +76,7 @@ validate_ip() {
echo -e "${COLOR_GREEN}Valid: (${IP}).${COLOR_RESET}"
fi
else
echo -e "${COLOR_RED}Invalid: (${IP}).${COLOR_RESET}"
exit 1
error_exit "Invalid: (${IP})."
fi
fi
}
@@ -176,17 +168,17 @@ clone_jail() {
# Just clone the jail directory
# Check if container is running
if [ -n "$(jls name | awk "/^${TARGET}$/")" ]; then
error_notify "${COLOR_RED}${TARGET} is running, See 'bastille stop ${TARGET}'.${COLOR_RESET}"
error_exit "${TARGET} is running, See 'bastille stop ${TARGET}'."
fi
# Perform container file copy(archive mode)
cp -a "${bastille_jailsdir}/${TARGET}" "${bastille_jailsdir}/${NEWNAME}"
fi
else
error_notify "${COLOR_RED}${NEWNAME} already exists.${COLOR_RESET}"
error_exit "${NEWNAME} already exists."
fi
else
error_notify "${COLOR_RED}${TARGET} not found. See bootstrap.${COLOR_RESET}"
error_exit "${TARGET} not found. See bootstrap."
fi
# Generate jail configuration files
@@ -195,7 +187,7 @@ clone_jail() {
# Display the exist status
if [ "$?" -ne 0 ]; then
error_notify "${COLOR_RED}An error has occurred while attempting to clone '${TARGET}'.${COLOR_RESET}"
error_exit "An error has occurred while attempting to clone '${TARGET}'."
else
echo -e "${COLOR_GREEN}Cloned '${TARGET}' to '${NEWNAME}' successfully.${COLOR_RESET}"
fi
@@ -203,8 +195,7 @@ clone_jail() {
## don't allow for dots(.) in container names
if echo "${NEWNAME}" | grep -q "[.]"; then
echo -e "${COLOR_RED}Container names may not contain a dot(.)!${COLOR_RESET}"
exit 1
error_exit "Container names may not contain a dot(.)!"
fi
## check if ip address is valid

5
usr/local/share/bastille/cmd.sh
View File

@@ -28,11 +28,10 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
usage() {
echo -e "${COLOR_RED}Usage: bastille cmd TARGET command.${COLOR_RESET}"
exit 1
error_exit "Usage: bastille cmd TARGET command"
}
# Handle special-case commands first.

42
usr/local/share/bastille/common.sh Normal file
View File

@@ -0,0 +1,42 @@
#!/bin/sh
#
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# * Neither the name of the copyright holder nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
# Notify message on error, but do not exit
error_notify() {
echo -e "${COLOR_RED}$*${COLOR_RESET}" 1>&2
}
# Notify message on error and exit
error_exit() {
error_notify $@
exit 1
}

5
usr/local/share/bastille/console.sh
View File

@@ -28,11 +28,10 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
usage() {
echo -e "${COLOR_RED}Usage: bastille console TARGET [user]'.${COLOR_RESET}"
exit 1
error_exit "Usage: bastille console TARGET [user]'."
}
# Handle special-case commands first.

30
usr/local/share/bastille/convert.sh
View File

@@ -28,12 +28,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille convert TARGET.${COLOR_RESET}"
exit 1
error_exit "Usage: bastille convert TARGET."
}
# Handle special-case commands first.
@@ -50,13 +49,6 @@ fi
TARGET="${1}"
shift
error_notify()
{
# Notify message on error and exit
echo -e "$*" >&2
exit 1
}
convert_symlinks() {
# Work with the symlinks, revert on first cp error
if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then
@@ -86,13 +78,13 @@ convert_symlinks() {
fi
done
else
error_notify "${COLOR_RED}Release must be bootstrapped first, See 'bastille bootstrap'.${COLOR_RESET}"
error_exit "Release must be bootstrapped first. See 'bastille bootstrap'."
fi
}
revert_convert() {
# Revert the conversion on first cp error
echo -e "${COLOR_RED}A problem has occurred while copying the files, reverting changes...${COLOR_RESET}"
error_notify "A problem has occurred while copying the files. Reverting changes..."
for _link in ${SYMLINKS}; do
if [ -d "${_link}" ]; then
chflags -R noschg "${bastille_jailsdir}/${TARGET}/root/${_link}"
@@ -106,7 +98,7 @@ revert_convert() {
mv "${_link}.old" "${_link}"
fi
done
error_notify "${COLOR_GREEN}Changes for '${TARGET}' has been reverted.${COLOR_RESET}"
error_exit "Changes for '${TARGET}' has been reverted."
}
start_convert() {
@@ -132,29 +124,29 @@ start_convert() {
echo -e "${COLOR_GREEN}Conversion of '${TARGET}' completed successfully!${COLOR_RESET}"
exit 0
else
error_notify "${COLOR_RED}Can't determine release version, See 'bastille bootstrap'.${COLOR_RESET}"
error_exit "Can't determine release version. See 'bastille bootstrap'."
fi
else
error_notify "${COLOR_RED}${TARGET} not found. See 'bastille create'.${COLOR_RESET}"
error_exit "${TARGET} not found. See 'bastille create'."
fi
}
# Check if container is running
if [ -n "$(jls name | awk "/^${TARGET}$/")" ]; then
error_notify "${COLOR_RED}${TARGET} is running, See 'bastille stop'.${COLOR_RESET}"
error_exit "${TARGET} is running. See 'bastille stop'."
fi
# Check if is a thin container
if [ ! -d "${bastille_jailsdir}/${TARGET}/root/.bastille" ]; then
error_notify "${COLOR_RED}${TARGET} is not a thin container.${COLOR_RESET}"
error_exit "${TARGET} is not a thin container."
elif ! grep -qw ".bastille" "${bastille_jailsdir}/${TARGET}/fstab"; then
error_notify "${COLOR_RED}${TARGET} is not a thin container.${COLOR_RESET}"
error_exit "${TARGET} is not a thin container."
fi
# Make sure the user agree with the conversion
# Be interactive here since this cannot be easily undone
while :; do
echo -e "${COLOR_RED}Warning: container conversion from thin to thick can't be undone!${COLOR_RESET}"
error_notify "Warning: container conversion from thin to thick can't be undone!"
read -p "Do you really wish to convert '${TARGET}' into a thick container? [y/N]:" yn
case ${yn} in
[Yy]) start_convert;;

5
usr/local/share/bastille/cp.sh
View File

@@ -28,12 +28,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille cp TARGET HOST_PATH CONTAINER_PATH${COLOR_RESET}"
exit 1
error_exit "Usage: bastille cp TARGET HOST_PATH CONTAINER_PATH"
}
# Handle special-case commands first.

37
usr/local/share/bastille/create.sh
View File

@@ -28,25 +28,18 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille create [option] name release ip [interface].${COLOR_RESET}"
exit 1
}
error_notify() {
# Notify message on error and exit
echo -e "$*" >&2
exit 1
error_exit "Usage: bastille create [option] name release ip [interface]"
}
running_jail() {
if [ -n "$(jls name | awk "/^${NAME}$/")" ]; then
error_notify "${COLOR_RED}A running jail matches name.${COLOR_RESET}"
error_exit "A running jail matches name."
elif [ -d "${bastille_jailsdir}/${NAME}" ]; then
error_notify "${COLOR_RED}Jail: ${NAME} already created.${COLOR_RESET}"
error_exit "Jail: ${NAME} already created."
fi
}
@@ -54,7 +47,7 @@ validate_name() {
local NAME_VERIFY=${NAME}
local NAME_SANITY=$(echo "${NAME_VERIFY}" | tr -c -d 'a-zA-Z0-9-_')
if [ "${NAME_VERIFY}" != "${NAME_SANITY}" ]; then
error_notify "${COLOR_RED}Container names may not contain special characters!${COLOR_RESET}"
error_exit "Container names may not contain special characters!"
fi
}
@@ -84,7 +77,7 @@ validate_ip() {
echo -e "${COLOR_GREEN}Valid: (${IP}).${COLOR_RESET}"
fi
else
error_notify "${COLOR_RED}Invalid: (${IP}).${COLOR_RESET}"
error_exit "Invalid: (${IP})."
fi
fi
}
@@ -94,13 +87,13 @@ validate_netif() {
if echo "${LIST_INTERFACES} VNET" | grep -qwo "${INTERFACE}"; then
echo -e "${COLOR_GREEN}Valid: (${INTERFACE}).${COLOR_RESET}"
else
error_notify "${COLOR_RED}Invalid: (${INTERFACE}).${COLOR_RESET}"
error_exit "Invalid: (${INTERFACE})."
fi
}
validate_netconf() {
if [ -n "${bastille_network_loopback}" ] && [ -n "${bastille_network_shared}" ]; then
error_notify "${COLOR_RED}Invalid network configuration.${COLOR_RESET}"
error_exit "Invalid network configuration."
fi
}
@@ -280,7 +273,7 @@ create_jail() {
if [ "$?" -ne 0 ]; then
## notify and clean stale files/directories
bastille destroy "${NAME}"
error_notify "${COLOR_RED}Failed to copy release files, please retry create!${COLOR_RESET}"
error_exit "Failed to copy release files. Please retry create!"
fi
fi
done
@@ -310,7 +303,7 @@ create_jail() {
if [ "$?" -ne 0 ]; then
## notify and clean stale files/directories
bastille destroy "${NAME}"
error_notify "${COLOR_RED}Failed release base replication, please retry create!${COLOR_RESET}"
error_exit "Failed release base replication. Please retry create!"
fi
fi
else
@@ -319,7 +312,7 @@ create_jail() {
if [ "$?" -ne 0 ]; then
## notify and clean stale files/directories
bastille destroy "${NAME}"
error_notify "${COLOR_RED}Failed to copy release files, please retry create!${COLOR_RESET}"
error_exit "Failed to copy release files. Please retry create!"
fi
fi
fi
@@ -437,7 +430,7 @@ else
VNET_JAIL="1"
;;
-*)
echo -e "${COLOR_RED}Unknown Option.${COLOR_RESET}"
error_notify "Unknown Option."
usage
;;
esac
@@ -502,19 +495,19 @@ if [ -z "${EMPTY_JAIL}" ]; then
validate_release
;;
*)
echo -e "${COLOR_RED}Unknown Release.${COLOR_RESET}"
error_notify "Unknown Release."
usage
;;
esac
## check for name/root/.bastille
if [ -d "${bastille_jailsdir}/${NAME}/root/.bastille" ]; then
error_notify "${COLOR_RED}Jail: ${NAME} already created. ${NAME}/root/.bastille exists.${COLOR_RESET}"
error_exit "Jail: ${NAME} already created. ${NAME}/root/.bastille exists."
fi
## check for required release
if [ ! -d "${bastille_releasesdir}/${RELEASE}" ]; then
error_notify "${COLOR_RED}Release must be bootstrapped first; see 'bastille bootstrap'.${COLOR_RESET}"
error_exit "Release must be bootstrapped first; see 'bastille bootstrap'."
fi
## check if ip address is valid

22
usr/local/share/bastille/destroy.sh
View File

@@ -28,12 +28,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille destroy [option] | [container|release]${COLOR_RESET}"
exit 1
error_exit "Usage: bastille destroy [option] | [container|release]"
}
destroy_jail() {
@@ -45,15 +44,13 @@ destroy_jail() {
if [ "${FORCE}" = "1" ]; then
bastille stop "${TARGET}"
else
echo -e "${COLOR_RED}Jail running.${COLOR_RESET}"
echo -e "${COLOR_RED}See 'bastille stop ${TARGET}'.${COLOR_RESET}"
exit 1
error_notify "Jail running."
error_exit "See 'bastille stop ${TARGET}'."
fi
fi
if [ ! -d "${bastille_jail_base}" ]; then
echo -e "${COLOR_RED}Jail not found.${COLOR_RESET}"
exit 1
error_exit "Jail not found."
fi
if [ -d "${bastille_jail_base}" ]; then
@@ -113,15 +110,14 @@ destroy_rel() {
JAIL_LIST=$(ls "${bastille_jailsdir}" | sed "s/\n//g")
for _jail in ${JAIL_LIST}; do
if grep -qwo "${TARGET}" "${bastille_jailsdir}/${_jail}/fstab" 2>/dev/null; then
echo -e "${COLOR_RED}Notice: (${_jail}) depends on ${TARGET} base.${COLOR_RESET}"
error_notify "Notice: (${_jail}) depends on ${TARGET} base."
BASE_HASCHILD="1"
fi
done
fi
if [ ! -d "${bastille_rel_base}" ]; then
echo -e "${COLOR_RED}Release base not found.${COLOR_RESET}"
exit 1
error_exit "Release base not found."
else
if [ "${BASE_HASCHILD}" -eq "0" ]; then
echo -e "${COLOR_GREEN}Deleting base: ${TARGET}.${COLOR_RESET}"
@@ -158,7 +154,7 @@ destroy_rel() {
fi
echo
else
echo -e "${COLOR_RED}Cannot destroy base with containers child.${COLOR_RESET}"
error_notify "Cannot destroy base with child containers."
fi
fi
}
@@ -180,7 +176,7 @@ case "${1}" in
shift
;;
-*)
echo -e "${COLOR_RED}Unknown Option.${COLOR_RESET}"
error_notify "Unknown Option."
usage
;;
esac

5
usr/local/share/bastille/edit.sh
View File

@@ -28,12 +28,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille edit TARGET [filename]${COLOR_RESET}"
exit 1
error_exit "Usage: bastille edit TARGET [filename]"
}
# Handle special-case commands first.

20
usr/local/share/bastille/export.sh
View File

@@ -28,12 +28,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille export TARGET.${COLOR_RESET}"
exit 1
error_exit "Usage: bastille export TARGET"
}
# Handle special-case commands first
@@ -50,13 +49,6 @@ fi
TARGET="${1}"
shift
error_notify()
{
# Notify message on error and exit
echo -e "$*" >&2
exit 1
}
jail_export()
{
# Attempt to export the container
@@ -84,7 +76,7 @@ jail_export()
fi
if [ "$?" -ne 0 ]; then
error_notify "${COLOR_RED}Failed to export '${TARGET}' container.${COLOR_RESET}"
error_exit "Failed to export '${TARGET}' container."
else
# Generate container checksum file
cd "${bastille_backupsdir}"
@@ -93,7 +85,7 @@ jail_export()
exit 0
fi
else
error_notify "${COLOR_RED}Container '${TARGET}' does not exist.${COLOR_RESET}"
error_exit "Container '${TARGET}' does not exist."
fi
}
@@ -106,14 +98,14 @@ fi
# Check if backups directory/dataset exist
if [ ! -d "${bastille_backupsdir}" ]; then
error_notify "${COLOR_RED}Backups directory/dataset does not exist, See 'bastille bootstrap'.${COLOR_RESET}"
error_exit "Backups directory/dataset does not exist. See 'bastille bootstrap'."
fi
# Check if is a ZFS system
if [ "${bastille_zfs_enable}" != "YES" ]; then
# Check if container is running and ask for stop in UFS systems
if [ -n "$(jls name | awk "/^${TARGET}$/")" ]; then
error_notify "${COLOR_RED}${TARGET} is running, See 'bastille stop'.${COLOR_RESET}"
error_exit "${TARGET} is running. See 'bastille stop'."
fi
fi

7
usr/local/share/bastille/htop.sh
View File

@@ -28,12 +28,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille htop TARGET${COLOR_RESET}"
exit 1
error_exit "Usage: bastille htop TARGET"
}
# Handle special-case commands first.
@@ -60,7 +59,7 @@ fi
for _jail in ${JAILS}; do
bastille_jail_path=$(jls -j "${_jail}" path)
if [ ! -x "${bastille_jail_path}/usr/local/bin/htop" ]; then
echo -e "${COLOR_RED}htop not found on ${_jail}.${COLOR_RESET}"
error_notify "htop not found on ${_jail}."
elif [ -x "${bastille_jail_path}/usr/local/bin/htop" ]; then
echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
jexec -l ${_jail} /usr/local/bin/htop

37
usr/local/share/bastille/import.sh
View File

@@ -28,12 +28,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille import file [option].${COLOR_RESET}"
exit 1
error_exit "Usage: bastille import file [option]"
}
# Handle special-case commands first
@@ -51,12 +50,6 @@ TARGET="${1}"
OPTION="${2}"
shift
error_notify() {
# Notify message on error and exit
echo -e "$*" >&2
exit 1
}
validate_archive() {
# Compare checksums on the target archive
# Skip validation for unsupported archives
@@ -67,7 +60,7 @@ validate_archive() {
SHA256_DIST=$(cat "${bastille_backupsdir}/${FILE_TRIM}.sha256")
SHA256_FILE=$(sha256 -q "${bastille_backupsdir}/${TARGET}")
if [ "${SHA256_FILE}" != "${SHA256_DIST}" ]; then
error_notify "${COLOR_RED}Failed validation for ${TARGET}.${COLOR_RESET}"
error_exit "Failed validation for ${TARGET}."
else
echo -e "${COLOR_GREEN}File validation successful!${COLOR_RESET}"
fi
@@ -76,7 +69,7 @@ validate_archive() {
if [ "${OPTION}" = "-f" -o "${OPTION}" = "force" ]; then
echo -e "${COLOR_YELLOW}Warning: Skipping archive validation!${COLOR_RESET}"
else
error_notify "${COLOR_RED}Checksum file not found, See 'bastille import TARGET -f'${COLOR_RESET}"
error_exit "Checksum file not found. See 'bastille import TARGET -f'."
fi
fi
fi
@@ -315,7 +308,7 @@ remove_zfs_datasets() {
# Perform cleanup on failure
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}/root"
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}"
error_notify "${COLOR_RED}Failed to extract files from '${TARGET}' archive.${COLOR_RESET}"
error_exit "Failed to extract files from '${TARGET}' archive."
}
jail_import() {
@@ -356,7 +349,7 @@ jail_import() {
# Extract required files from the zip archive
cd "${bastille_backupsdir}" && unzip -j "${TARGET}"
if [ "$?" -ne 0 ]; then
error_notify "${COLOR_RED}Failed to extract files from '${TARGET}' archive.${COLOR_RESET}"
error_exit "Failed to extract files from '${TARGET}' archive."
rm -f "${FILE_TRIM}" "${FILE_TRIM}_root"
fi
echo -e "${COLOR_GREEN}Receiving zfs data stream...${COLOR_RESET}"
@@ -411,7 +404,7 @@ jail_import() {
update_config
fi
else
error_notify "${COLOR_RED}Unknown archive format.${COLOR_RESET}"
error_exit "Unknown archive format."
fi
fi
else
@@ -438,12 +431,12 @@ jail_import() {
fi
update_config
else
error_notify "${COLOR_RED}Unsupported archive format.${COLOR_RESET}"
error_exit "Unsupported archive format."
fi
fi
if [ "$?" -ne 0 ]; then
error_notify "${COLOR_RED}Failed to import from '${TARGET}' archive.${COLOR_RESET}"
error_exit "Failed to import from '${TARGET}' archive."
else
# Update the jail.conf and fstab if required
# This is required on foreign imports only
@@ -453,7 +446,7 @@ jail_import() {
exit 0
fi
else
error_notify "${COLOR_RED}Jails directory/dataset does not exist, See 'bastille bootstrap'.${COLOR_RESET}"
error_exit "Jails directory/dataset does not exist. See 'bastille bootstrap'."
fi
}
@@ -466,7 +459,7 @@ fi
# Check if backups directory/dataset exist
if [ ! -d "${bastille_backupsdir}" ]; then
error_notify "${COLOR_RED}Backups directory/dataset does not exist, See 'bastille bootstrap'.${COLOR_RESET}"
error_exit "Backups directory/dataset does not exist. See 'bastille bootstrap'."
fi
# Check if archive exist then trim archive name
@@ -477,17 +470,17 @@ if [ -f "${bastille_backupsdir}/${TARGET}" ]; then
TARGET_TRIM=$(echo "${TARGET}" | sed "s/_[0-9]*-[0-9]*-[0-9]*-[0-9]*.xz//;s/_[0-9]*-[0-9]*-[0-9]*-[0-9]*.txz//;s/_[0-9]*-[0-9]*-[0-9]*.zip//;s/-[0-9]\{12\}.[0-9]\{2\}.tar.gz//;s/@[0-9]\{12\}.[0-9]\{2\}.tar//")
fi
else
error_notify "${COLOR_RED}Unrecognized archive name.${COLOR_RESET}"
error_exit "Unrecognized archive name."
fi
else
error_notify "${COLOR_RED}Archive '${TARGET}' not found.${COLOR_RESET}"
error_exit "Archive '${TARGET}' not found."
fi
# Check if a running jail matches name or already exist
if [ -n "$(jls name | awk "/^${TARGET_TRIM}$/")" ]; then
error_notify "${COLOR_RED}A running jail matches name.${COLOR_RESET}"
error_exit "A running jail matches name."
elif [ -d "${bastille_jailsdir}/${TARGET_TRIM}" ]; then
error_notify "${COLOR_RED}Container: ${TARGET_TRIM} already exist.${COLOR_RESET}"
error_exit "Container: ${TARGET_TRIM} already exists."
fi
jail_import

4
usr/local/share/bastille/limits.sh
View File

@@ -29,11 +29,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille limits TARGET option value${COLOR_RESET}"
error_notify "Usage: bastille limits TARGET option value"
echo -e "Example: bastille limits JAILNAME memoryuse 1G"
exit 1
}

5
usr/local/share/bastille/list.sh
View File

@@ -28,12 +28,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille list [-j] [release|template|(jail|container)|log|limit|(import|export|backup)].${COLOR_RESET}"
exit 1
error_exit "Usage: bastille list [-j] [release|template|(jail|container)|log|limit|(import|export|backup)]"
}
if [ $# -eq 0 ]; then

19
usr/local/share/bastille/mount.sh
View File

@@ -28,12 +28,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille mount TARGET host_path container_path [filesystem_type options dump pass_number]${COLOR_RESET}"
exit 1
error_exit "Usage: bastille mount TARGET host_path container_path [filesystem_type options dump pass_number]"
}
# Handle special-case commands first.
@@ -71,7 +70,7 @@ _checks=$(echo "${_fstab}" | awk '{print $5" "$6}')
## if any variables are empty, bail out
if [ -z "${_hostpath}" ] || [ -z "${_jailpath}" ] || [ -z "${_type}" ] || [ -z "${_perms}" ] || [ -z "${_checks}" ]; then
echo -e "${COLOR_RED}FSTAB format not recognized.${COLOR_RESET}"
error_notify "FSTAB format not recognized."
echo -e "${COLOR_YELLOW}Format: /host/path jail/path nullfs ro 0 0${COLOR_RESET}"
echo -e "${COLOR_YELLOW}Read: ${_fstab}${COLOR_RESET}"
exit 1
@@ -79,7 +78,7 @@ fi
## if host path doesn't exist or type is not "nullfs"
if [ ! -d "${_hostpath}" ] || [ "${_type}" != "nullfs" ]; then
echo -e "${COLOR_RED}Detected invalid host path or incorrect mount type in FSTAB.${COLOR_RESET}"
error_notify "Detected invalid host path or incorrect mount type in FSTAB."
echo -e "${COLOR_YELLOW}Format: /host/path jail/path nullfs ro 0 0${COLOR_RESET}"
echo -e "${COLOR_YELLOW}Read: ${_fstab}${COLOR_RESET}"
exit 1
@@ -87,7 +86,7 @@ fi
## if mount permissions are not "ro" or "rw"
if [ "${_perms}" != "ro" ] && [ "${_perms}" != "rw" ]; then
echo -e "${COLOR_RED}Detected invalid mount permissions in FSTAB.${COLOR_RESET}"
error_notify "Detected invalid mount permissions in FSTAB."
echo -e "${COLOR_YELLOW}Format: /host/path jail/path nullfs ro 0 0${COLOR_RESET}"
echo -e "${COLOR_YELLOW}Read: ${_fstab}${COLOR_RESET}"
exit 1
@@ -95,7 +94,7 @@ fi
## if check & pass are not "0 0 - 1 1"; bail out
if [ "${_checks}" != "0 0" ] && [ "${_checks}" != "1 0" ] && [ "${_checks}" != "0 1" ] && [ "${_checks}" != "1 1" ]; then
echo -e "${COLOR_RED}Detected invalid fstab options in FSTAB.${COLOR_RESET}"
error_notify "Detected invalid fstab options in FSTAB."
echo -e "${COLOR_YELLOW}Format: /host/path jail/path nullfs ro 0 0${COLOR_RESET}"
echo -e "${COLOR_YELLOW}Read: ${_fstab}${COLOR_RESET}"
exit 1
@@ -111,16 +110,14 @@ for _jail in ${JAILS}; do
## Create mount point if it does not exist. -- cwells
if [ ! -d "${bastille_jailsdir}/${_jail}/root/${_jailpath}" ]; then
if ! mkdir -p "${bastille_jailsdir}/${_jail}/root/${_jailpath}"; then
echo -e "${COLOR_RED}Failed to create mount point inside jail.${COLOR_RESET}"
exit 1
error_exit "Failed to create mount point inside jail."
fi
fi
## if entry doesn't exist, add; else show existing entry
if ! egrep -q "[[:blank:]]${_jailpath}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" 2> /dev/null; then
if ! echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab"; then
echo -e "${COLOR_RED}Failed to create fstab entry: ${_fstab_entry}${COLOR_RESET}"
exit 1
error_exit "Failed to create fstab entry: ${_fstab_entry}"
fi
echo "Added: ${_fstab_entry}"
else

5
usr/local/share/bastille/pkg.sh
View File

@@ -28,11 +28,10 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
usage() {
echo -e "${COLOR_RED}Usage: bastille pkg TARGET command [args]${COLOR_RESET}"
exit 1
error_exit "Usage: bastille pkg TARGET command [args]"
}
# Handle special-case commands first.

20
usr/local/share/bastille/rdr.sh
View File

@@ -25,12 +25,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille rdr TARGET [clear] | [list] | [tcp <host_port> <jail_port>] | [udp <host_port> <jail_port>]${COLOR_RESET}"
exit 1
error_exit "Usage: bastille rdr TARGET [clear] | [list] | [tcp <host_port> <jail_port>] | [udp <host_port> <jail_port>]"
}
# Handle special-case commands first.
@@ -49,35 +48,30 @@ shift
# Can only redirect to single jail
if [ "${TARGET}" = 'ALL' ]; then
echo -e "${COLOR_RED}Can only redirect to single jail${COLOR_RESET}"
exit 1
error_exit "Can only redirect to a single jail."
fi
# Check jail name valid
JAIL_NAME=$(jls -j "${TARGET}" name 2>/dev/null)
if [ -z "${JAIL_NAME}" ]; then
echo -e "${COLOR_RED}Jail not found: ${TARGET}${COLOR_RESET}"
exit 1
error_exit "Jail not found: ${TARGET}"
fi
# Check jail ip4 address valid
JAIL_IP=$(jls -j "${TARGET}" ip4.addr 2>/dev/null)
if [ -z "${JAIL_IP}" -o "${JAIL_IP}" = "-" ]; then
echo -e "${COLOR_RED}Jail IP not found: ${TARGET}${COLOR_RESET}"
exit 1
error_exit "Jail IP not found: ${TARGET}"
fi
# Check rdr-anchor is setup in pf.conf
if ! (pfctl -sn | grep rdr-anchor | grep 'rdr/\*' >/dev/null); then
echo -e "${COLOR_RED}rdr-anchor not found in pf.conf${COLOR_RESET}"
exit 1
error_exit "rdr-anchor not found in pf.conf"
fi
# Check ext_if is setup in pf.conf
EXT_IF=$(grep '^[[:space:]]*ext_if[[:space:]]*=' /etc/pf.conf)
if [ -z "${JAIL_NAME}" ]; then
echo -e "${COLOR_RED}ext_if not defined in pf.conf${COLOR_RESET}"
exit 1
error_exit "ext_if not defined in pf.conf"
fi
while [ $# -gt 0 ]; do

27
usr/local/share/bastille/rename.sh
View File

@@ -28,25 +28,18 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille rename [TARGET] [NEW_NAME].${COLOR_RESET}"
exit 1
}
error_notify() {
# Notify message on error and exit
echo -e "$*" >&2
exit 1
error_exit "Usage: bastille rename [TARGET] [NEW_NAME]"
}
validate_name() {
local NAME_VERIFY=${NEWNAME}
local NAME_SANITY=$(echo "${NAME_VERIFY}" | tr -c -d 'a-zA-Z0-9-_')
if [ "${NAME_VERIFY}" != "${NAME_SANITY}" ]; then
error_notify "${COLOR_RED}Container names may not contain special characters!${COLOR_RESET}"
error_exit "Container names may not contain special characters!"
fi
}
@@ -105,7 +98,7 @@ change_name() {
# Perform additional checks in case of non-zfs existing containers
if zfs list | grep -qw "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}"; then
if ! zfs rename -f "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NEWNAME}"; then
error_notify "${COLOR_RED}Can't rename '${TARGET}' dataset.${COLOR_RESET}"
error_exit "Can't rename '${TARGET}' dataset."
fi
else
# Check and rename container directory instead
@@ -122,10 +115,10 @@ change_name() {
ZFS_DATASET_TARGET=$(echo "${ZFS_DATASET_ORIGIN}" | sed "s|\/${TARGET}||")
if [ -n "${ZFS_DATASET_ORIGIN}" ] && [ -n "${ZFS_DATASET_TARGET}" ]; then
if ! zfs rename -f "${ZFS_DATASET_ORIGIN}" "${ZFS_DATASET_TARGET}/${NEWNAME}"; then
error_notify "${COLOR_RED}Can't rename '${TARGET}' dataset.${COLOR_RESET}"
error_exit "Can't rename '${TARGET}' dataset."
fi
else
error_notify "${COLOR_RED}Can't determine the zfs origin path of '${TARGET}'.${COLOR_RESET}"
error_exit "Can't determine the zfs origin path of '${TARGET}'."
fi
else
# Just rename the jail directory
@@ -133,7 +126,7 @@ change_name() {
fi
fi
else
error_notify "${COLOR_RED}${TARGET} not found. See bootstrap.${COLOR_RESET}"
error_exit "${TARGET} not found. See 'bastille bootstrap'."
fi
# Update jail configuration files accordingly
@@ -142,7 +135,7 @@ change_name() {
# Check exit status and notify
if [ "$?" -ne 0 ]; then
error_notify "${COLOR_RED}An error has occurred while attempting to rename '${TARGET}'.${COLOR_RESET}"
error_exit "An error has occurred while attempting to rename '${TARGET}'."
else
echo -e "${COLOR_GREEN}Renamed '${TARGET}' to '${NEWNAME}' successfully.${COLOR_RESET}"
fi
@@ -150,9 +143,9 @@ change_name() {
## check if a running jail matches name or already exist
if [ "$(jls name | awk "/^${TARGET}$/")" ]; then
error_notify "${COLOR_RED}Warning: ${TARGET} is running or the name does match.${COLOR_RESET}"
error_exit "Warning: ${TARGET} is running."
elif [ -d "${bastille_jailsdir}/${NEWNAME}" ]; then
error_notify "${COLOR_RED}Jail: ${NEWNAME} already exist.${COLOR_RESET}"
error_exit "Jail: ${NEWNAME} already exists."
fi
## validate jail name

5
usr/local/share/bastille/service.sh
View File

@@ -28,11 +28,10 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
usage() {
echo -e "${COLOR_RED}Usage: bastille service TARGET service_name action${COLOR_RESET}"
exit 1
error_exit "Usage: bastille service TARGET service_name action"
}
# Handle special-case commands first.

12
usr/local/share/bastille/start.sh
View File

@@ -28,12 +28,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille start TARGET${COLOR_RESET}"
exit 1
error_exit "Usage: bastille start TARGET"
}
# Handle special-case commands first.
@@ -57,14 +56,14 @@ if [ "${TARGET}" != 'ALL' ]; then
JAILS=$(bastille list jails | awk "/^${TARGET}$/")
## check if exist
if [ ! -d "${bastille_jailsdir}/${TARGET}" ]; then
echo -e "${COLOR_RED}[${TARGET}]: Not found.${COLOR_RESET}"
error_exit "[${TARGET}]: Not found."
fi
fi
for _jail in ${JAILS}; do
## test if running
if [ "$(jls name | awk "/^${_jail}$/")" ]; then
echo -e "${COLOR_RED}[${_jail}]: Already started.${COLOR_RESET}"
error_notify "[${_jail}]: Already started."
## test if not running
elif [ ! "$(jls name | awk "/^${_jail}$/")" ]; then
@@ -72,8 +71,7 @@ for _jail in ${JAILS}; do
ip=$(grep 'ip4.addr' "${bastille_jailsdir}/${_jail}/jail.conf" | awk '{print $3}' | sed 's/\;//g')
if [ -n "${ip}" ]; then
if ifconfig | grep -w "${ip}" >/dev/null; then
echo -e "${COLOR_RED}Error: IP address (${ip}) already in use.${COLOR_RESET}"
exit 1
error_exit "Error: IP address (${ip}) already in use."
fi
fi

9
usr/local/share/bastille/stop.sh
View File

@@ -28,12 +28,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille stop TARGET${COLOR_RESET}"
exit 1
error_exit "Usage: bastille stop TARGET"
}
# Handle special-case commands first.
@@ -57,9 +56,9 @@ if [ "${TARGET}" != 'ALL' ]; then
JAILS=$(jls name | awk "/^${TARGET}$/")
## check if exist or not running
if [ ! -d "${bastille_jailsdir}/${TARGET}" ]; then
echo -e "${COLOR_RED}[${TARGET}]: Not found.${COLOR_RESET}"
error_exit "[${TARGET}]: Not found."
elif [ ! "$(jls name | awk "/^${TARGET}$/")" ]; then
echo -e "${COLOR_RED}[${TARGET}]: Not started.${COLOR_RESET}"
error_exit "[${TARGET}]: Not started."
fi
fi

5
usr/local/share/bastille/sysrc.sh
View File

@@ -28,11 +28,10 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
usage() {
echo -e "${COLOR_RED}Usage: bastille sysrc TARGET args${COLOR_RESET}"
exit 1
error_exit "Usage: bastille sysrc TARGET args"
}
# Handle special-case commands first.

20
usr/local/share/bastille/template.sh
View File

@@ -28,12 +28,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
bastille_usage() {
echo -e "${COLOR_RED}Usage: bastille template TARGET project/template.${COLOR_RESET}"
exit 1
error_exit "Usage: bastille template TARGET project/template"
}
# Handle special-case commands first.
@@ -66,26 +65,22 @@ case ${TEMPLATE} in
if [ ! -d "${bastille_templatesdir}/${TEMPLATE_DIR}" ]; then
echo -e "${COLOR_GREEN}Bootstrapping ${TEMPLATE}...${COLOR_RESET}"
if ! bastille bootstrap "${TEMPLATE}"; then
echo -e "${COLOR_RED}Failed to bootstrap template: ${TEMPLATE}.${COLOR_RESET}"
exit 1
error_exit "Failed to bootstrap template: ${TEMPLATE}"
fi
fi
TEMPLATE="${TEMPLATE_DIR}"
;;
*/*)
if [ ! -d "${bastille_templatesdir}/${TEMPLATE}" ]; then
echo -e "${COLOR_RED}${TEMPLATE} not found.${COLOR_RESET}"
exit 1
error_exit "${TEMPLATE} not found."
fi
;;
*)
echo -e "${COLOR_RED}Template name/URL not recognized.${COLOR_RESET}"
exit 1
error_exit "Template name/URL not recognized."
esac
if [ -z "${JAILS}" ]; then
echo -e "${COLOR_RED}Container ${TARGET} is not running.${COLOR_RESET}"
exit 1
error_exit "Container ${TARGET} is not running."
fi
if [ -z "${HOOKS}" ]; then
@@ -152,10 +147,9 @@ for _jail in ${JAILS}; do
esac
if ! eval "bastille ${_cmd} ${_jail} ${_args}"; then
echo -e "${COLOR_RED}Failed to execute command: ${_cmd}${COLOR_RESET}"
set +f
unset IFS
exit 1
error_exit "Failed to execute command: ${_cmd}"
fi
done
set +f

5
usr/local/share/bastille/top.sh
View File

@@ -28,11 +28,10 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
usage() {
echo -e "${COLOR_RED}Usage: bastille top TARGET${COLOR_RESET}"
exit 1
error_exit "Usage: bastille top TARGET"
}
# Handle special-case commands first.

14
usr/local/share/bastille/umount.sh
View File

@@ -28,12 +28,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille umount TARGET container_path${COLOR_RESET}"
exit 1
error_exit "Usage: bastille umount TARGET container_path"
}
# Handle special-case commands first.
@@ -65,20 +64,17 @@ for _jail in ${JAILS}; do
_jailpath="${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}"
if [ ! -d "${_jailpath}" ]; then
echo -e "${COLOR_RED}The specified mount point does not exist inside the jail.${COLOR_RESET}"
exit 1
error_exit "The specified mount point does not exist inside the jail."
fi
# Unmount the volume. -- cwells
if ! umount "${_jailpath}"; then
echo -e "${COLOR_RED}Failed to unmount volume: ${MOUNT_PATH}${COLOR_RESET}"
exit 1
error_exit "Failed to unmount volume: ${MOUNT_PATH}"
fi
# Remove the entry from fstab so it is not automounted in the future. -- cwells
if ! sed -E -i '' "\, +${_jailpath} +,d" "${bastille_jailsdir}/${_jail}/fstab"; then
echo -e "${COLOR_RED}Failed to delete fstab entry: ${_fstab_entry}${COLOR_RESET}"
exit 1
error_exit "Failed to delete fstab entry: ${_fstab_entry}"
fi
echo "Unmounted: ${MOUNT_PATH}"

22
usr/local/share/bastille/update.sh
View File

@@ -28,12 +28,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille update [release|container].${COLOR_RESET}"
exit 1
error_exit "Usage: bastille update [release|container]"
}
# Handle special-case commands first.
@@ -51,8 +50,7 @@ TARGET="${1}"
shift
if freebsd-version | grep -qi HBSD; then
echo -e "${COLOR_RED}Not yet supported on HardenedBSD.${COLOR_RESET}"
exit 1
error_exit "Not yet supported on HardenedBSD."
fi
if [ -d "${bastille_jailsdir}/${TARGET}" ]; then
@@ -61,20 +59,17 @@ if [ -d "${bastille_jailsdir}/${TARGET}" ]; then
# Update a thick container.
CURRENT_VERSION=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null)
if [ -z "${CURRENT_VERSION}" ]; then
echo -e "${COLOR_RED}Can't determine '${TARGET}' version.${COLOR_RESET}"
exit 1
error_exit "Can't determine '${TARGET}' version."
else
env PAGER="/bin/cat" freebsd-update --not-running-from-cron -b "${bastille_jailsdir}/${TARGET}/root" \
fetch install --currently-running "${CURRENT_VERSION}"
fi
else
echo -e "${COLOR_RED}${TARGET} is not running.${COLOR_RESET}"
echo -e "${COLOR_RED}See 'bastille start ${TARGET}'.${COLOR_RESET}"
exit 1
error_notify "${TARGET} is not running."
error_exit "See 'bastille start ${TARGET}'."
fi
else
echo -e "${COLOR_RED}${TARGET} is not a thick container.${COLOR_RESET}"
exit 1
error_exit "${TARGET} is not a thick container."
fi
else
if [ -d "${bastille_releasesdir}/${TARGET}" ]; then
@@ -82,7 +77,6 @@ else
env PAGER="/bin/cat" freebsd-update --not-running-from-cron -b "${bastille_releasesdir}/${TARGET}" \
fetch install --currently-running "${TARGET}"
else
echo -e "${COLOR_RED}${TARGET} not found. See bootstrap.${COLOR_RESET}"
exit 1
error_exit "${TARGET} not found. See 'bastille bootstrap'."
fi
fi

12
usr/local/share/bastille/upgrade.sh
View File

@@ -28,12 +28,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille upgrade release newrelease.${COLOR_RESET}"
exit 1
error_exit "Usage: bastille upgrade release newrelease"
}
# Handle special-case commands first.
@@ -52,14 +51,11 @@ shift
NEWRELEASE="$1"
if freebsd-version | grep -qi HBSD; then
echo -e "${COLOR_RED}Not yet supported on HardenedBSD.${COLOR_RESET}"
exit 1
error_exit "Not yet supported on HardenedBSD."
fi
if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then
freebsd-update -b "${bastille_releasesdir}/${RELEASE}" -r "${NEWRELEASE}" upgrade
else
echo -e "${COLOR_RED}${RELEASE} not found. See bootstrap.${COLOR_RESET}"
exit 1
error_exit "${RELEASE} not found. See 'bastille bootstrap'."
fi

26
usr/local/share/bastille/verify.sh
View File

@@ -28,25 +28,22 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
bastille_usage() {
echo -e "${COLOR_RED}Usage: bastille verify [release|template].${COLOR_RESET}"
exit 1
error_exit "Usage: bastille verify [release|template]"
}
verify_release() {
if freebsd-version | grep -qi HBSD; then
echo -e "${COLOR_RED}Not yet supported on HardenedBSD.${COLOR_RESET}"
exit 1
error_exit "Not yet supported on HardenedBSD."
fi
if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then
freebsd-update -b "${bastille_releasesdir}/${RELEASE}" --currently-running "${RELEASE}" IDS
else
echo -e "${COLOR_RED}${RELEASE} not found. See bootstrap.${COLOR_RESET}"
exit 1
error_exit "${RELEASE} not found. See 'bastille bootstrap'."
fi
}
@@ -63,12 +60,10 @@ verify_template() {
## line count must match newline count
if [ $(wc -l "${_path}" | awk '{print $1}') -ne $(grep -c $'\n' "${_path}") ]; then
echo -e "${COLOR_GREEN}[${_hook}]:${COLOR_RESET}"
echo -e "${COLOR_RED}${BASTILLE_TEMPLATE}:${_hook} [failed].${COLOR_RESET}"
echo -e "${COLOR_RED}Line numbers don't match line breaks.${COLOR_RESET}"
error_notify "${BASTILLE_TEMPLATE}:${_hook} [failed]."
error_notify "Line numbers don't match line breaks."
echo
echo -e "${COLOR_RED}Template validation failed.${COLOR_RESET}"
exit 1
error_exit "Template validation failed."
## if INCLUDE; recursive verify
elif [ ${_hook} = 'INCLUDE' ]; then
echo -e "${COLOR_GREEN}[${_hook}]:${COLOR_RESET}"
@@ -87,8 +82,7 @@ verify_template() {
bastille verify "${BASTILLE_TEMPLATE_USER}/${BASTILLE_TEMPLATE_REPO}"
;;
*)
echo -e "${COLOR_RED}Template INCLUDE content not recognized.${COLOR_RESET}"
exit 1
error_exit "Template INCLUDE content not recognized."
;;
esac
done < "${_path}"
@@ -117,8 +111,8 @@ verify_template() {
## remove bad templates
if [ ${_hook_validate} -lt 1 ]; then
echo -e "${COLOR_RED}No valid template hooks found.${COLOR_RESET}"
echo -e "${COLOR_RED}Template discarded.${COLOR_RESET}"
error_notify "No valid template hooks found."
error_notify "Template discarded."
rm -rf "${bastille_template}"
exit 1
fi

11
usr/local/share/bastille/zfs.sh
View File

@@ -28,12 +28,11 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/colors.pre.sh
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
echo -e "${COLOR_RED}Usage: bastille zfs TARGET [set|get|snap] [key=value|date]'${COLOR_RESET}"
exit 1
error_exit "Usage: bastille zfs TARGET [set|get|snap] [key=value|date]'"
}
zfs_snapshot() {
@@ -77,14 +76,12 @@ esac
## check ZFS enabled
if [ ! "${bastille_zfs_enable}" = "YES" ]; then
echo -e "${COLOR_RED}ZFS not enabled.${COLOR_RESET}"
exit 1
error_exit "ZFS not enabled."
fi
## check zpool defined
if [ -z "${bastille_zfs_zpool}" ]; then
echo -e "${COLOR_RED}ZFS zpool not defined.${COLOR_RESET}"
exit 1
error_exit "ZFS zpool not defined."
fi
if [ $# -lt 2 ]; then