From 1970b3539bcc7aa98a9c9ac74652375d2a4e2b3d Mon Sep 17 00:00:00 2001 From: JRGTH Date: Mon, 8 Sep 2025 00:23:52 -0400 Subject: [PATCH] Code update and improvements Code update and improvements, update jail config/util WebGUI pages and bastille-init. --- CHANGELOG | 1 + bastille-init | 38 ++++++++-- gui/bastille_manager_jconf.php | 59 ++++++++++++--- gui/bastille_manager_util.php | 127 ++++++++------------------------- version | 2 +- 5 files changed, 116 insertions(+), 111 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 14a31fc..93234d4 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -3,6 +3,7 @@ ====================== Version Description +1.1.51......Code update/improvements, update jail config/util pages and bastille-init. 1.1.50......Disable linux_compat due incompatibility with later releases. 1.1.49......Disable basic interface to comply with bastille new syntax. 1.1.48......Add action to set priority value from utilities. diff --git a/bastille-init b/bastille-init index 88037ec..c162010 100644 --- a/bastille-init +++ b/bastille-init @@ -669,10 +669,19 @@ jail_update() echo "Can't determine '${TARGET}' version." exit 1 else - env PAGER="/bin/cat" ${FREEBSD_UPDATE}/freebsd-update --not-running-from-cron -f ${FREEBSD_UPDATE}/freebsd-update.conf \ + if [ -n "${_forceopt}" ]; then + echo "Performing a forced jail update..." + else + echo "Performing a jail update..." + fi + env PAGER="/bin/cat" ${FREEBSD_UPDATE}/freebsd-update ${_forceopt} --not-running-from-cron -f ${FREEBSD_UPDATE}/freebsd-update.conf \ -d ${CWDIR}/freebsd-update -b "${bastille_jailsdir}/${TARGET}/root" fetch --currently-running "${CURRENT_VERSION}" ${FREEBSD_UPDATE}/freebsd-update --not-running-from-cron -f ${FREEBSD_UPDATE}/freebsd-update.conf \ -d ${CWDIR}/freebsd-update -b "${bastille_jailsdir}/${TARGET}/root" install --currently-running "${CURRENT_VERSION}" + + echo "Setting OS release for ${TARGET}." + CURRENT_VERSION=$(jexec -l ${TARGET} freebsd-version) + bastille config ${TARGET} set osrelease ${CURRENT_VERSION} fi else echo "Container not running." @@ -689,11 +698,18 @@ jail_update() fi else if [ -d "${bastille_releasesdir}/${TARGET}" ]; then + if [ -n "${_forceopt}" ]; then + echo "Performing a forced base update..." + else + echo "Performing a base update..." + fi # Update container base(affects base child containers). - env PAGER="/bin/cat" ${FREEBSD_UPDATE}/freebsd-update --not-running-from-cron -f ${FREEBSD_UPDATE}/freebsd-update.conf \ + env PAGER="/bin/cat" ${FREEBSD_UPDATE}/freebsd-update ${_forceopt} --not-running-from-cron -f ${FREEBSD_UPDATE}/freebsd-update.conf \ -d ${CWDIR}/freebsd-update -b "${bastille_releasesdir}/${TARGET}" fetch --currently-running "${TARGET}" ${FREEBSD_UPDATE}/freebsd-update --not-running-from-cron -f ${FREEBSD_UPDATE}/freebsd-update.conf \ -d ${CWDIR}/freebsd-update -b "${bastille_releasesdir}/${TARGET}" install --currently-running "${TARGET}" + + echo "Please manually set OS release on jail.conf for the required jails." else echo "${TARGET} not found. See bootstrap." exit 1 @@ -1431,6 +1447,15 @@ update|--update) echo "Usage: ${SCRIPTNAME} [update|--update] [container] | [release]" exit 1 fi + _forceopt= + jail_update + ;; +update_force|--update-force) + if [ $# -gt 2 ] || [ $# -lt 2 ]; then + echo "Usage: ${SCRIPTNAME} [update_force|--update-force] [container] | [release]" + exit 1 + fi + _forceopt="-F" jail_update ;; clean|--clean) @@ -1469,10 +1494,11 @@ while getopts ":ospruxUvgtZh" option; do echo echo "Advanced Usage: ${SCRIPTNAME} [option] [container] [release] | [newrelease]" echo "Options:" - echo " update|--update Update a container/release to base -pX release." - echo " upgrade|--upgrade Upgrade a container/release to X.Y-RELEASE." - echo " install|--install Finish installing pending updates on container/release." - echo " clean|--clean Cleanup the FreeBSD update/upgrade cached files/folders." + echo " update|--update Update a container/release to base -pX release." + echo " update_force|--update-force Update a container/release to base -pX release forcefully." + echo " upgrade|--upgrade Upgrade a container/release to X.Y-RELEASE." + echo " install|--install Finish installing pending updates on container/release." + echo " clean|--clean Cleanup the FreeBSD update/upgrade cached files/folders." echo "" echo "" echo "Experimental:" diff --git a/gui/bastille_manager_jconf.php b/gui/bastille_manager_jconf.php index 1323f4d..1180579 100644 --- a/gui/bastille_manager_jconf.php +++ b/gui/bastille_manager_jconf.php @@ -78,6 +78,7 @@ $pconfig['ipv6'] = exec("/usr/bin/grep '.*ip6.addr.*=' $jail_config | cut -d '=' $pconfig['securelevel'] = exec("/usr/bin/grep '.*securelevel.*=' $jail_config | cut -d '=' -f2 | tr -d ' ;'"); $pconfig['devfs_ruleset'] = exec("/usr/bin/grep '.*devfs_ruleset.*=' $jail_config | cut -d '=' -f2 | tr -d ' ;'"); $pconfig['enforce_statfs'] = exec("/usr/bin/grep '.*enforce_statfs.*=' $jail_config | cut -d '=' -f2 | tr -d ' ;'"); +$pconfig['osrelease'] = exec("/usr/local/bin/bastille config {$item} get osrelease | cut -d '=' -f2 | tr -d ' ;'"); $pconfig['vnet_interface'] = exec("/usr/bin/grep '.*vnet.interface.*=' $jail_config | cut -d '=' -f2 | tr -d ' ;'"); $pconfig['boot_prio'] = exec("/usr/local/bin/bastille config {$item} get priority"); @@ -90,6 +91,7 @@ $jail_ipv6_def = $pconfig['ipv6']; $jail_securelevel_def = $pconfig['securelevel']; $jail_devfs_ruleset_def = $pconfig['devfs_ruleset']; $jail_enforce_statfs_def = $pconfig['enforce_statfs']; +$jail_osrelease_def = $pconfig['osrelease']; $jail_vnet_interface_def = $pconfig['vnet_interface']; $jail_boot_prio_def = $pconfig['boot_prio']; @@ -142,20 +144,44 @@ if ($_POST): //endif; if(isset($_POST['securelevel'])): - if(!preg_match('/^[0-3]$/', $pconfig['securelevel'])): - $input_errors[] = gtext("A valid number must be specified for securelevel, between 0-3."); + if(!is_numeric($pconfig['securelevel'])): + $input_errors[] = gtext("This parameter must be a number."); + else: + if(!preg_match('/^[0-3]$/', $pconfig['securelevel'])): + $input_errors[] = gtext("A valid number must be specified for securelevel, between 0-3."); + endif; endif; endif; if(isset($_POST['devfs_ruleset'])): - if(!preg_match('/^([0-9]{1,3})$/', $pconfig['devfs_ruleset'])): - $input_errors[] = gtext("A valid number must be specified for devfs_ruleset."); + if(!is_numeric($pconfig['devfs_ruleset'])): + $input_errors[] = gtext("This parameter must be a number."); + else: + if(!preg_match('/^([0-9]{1,3})$/', $pconfig['devfs_ruleset'])): + $input_errors[] = gtext("A valid number must be specified for devfs_ruleset."); + endif; endif; endif; if(isset($_POST['enforce_statfs'])): - if(!preg_match('/^[0-2]$/', $pconfig['enforce_statfs'])): - $input_errors[] = gtext("A valid number must be specified for enforce_statfs, between 0-2."); + if(!is_numeric($pconfig['enforce_statfs'])): + $input_errors[] = gtext("This parameter must be a number."); + else: + if(!preg_match('/^[0-2]$/', $pconfig['enforce_statfs'])): + $input_errors[] = gtext("A valid number must be specified for enforce_statfs, between 0-2."); + endif; + endif; + endif; + + if(isset($_POST['osrelease'])): + if(!is_string($pconfig['osrelease'])): + $input_errors[] = gtext("This parameter must be a string."); + endif; + endif; + + if(isset($_POST['boot_prio'])): + if(!is_numeric($pconfig['boot_prio'])): + $input_errors[] = gtext("This parameter must be a number."); endif; endif; @@ -192,6 +218,9 @@ if ($_POST): if(isset($pconfig['enforce_statfs'])): $jail_enforce_statfs = $pconfig['enforce_statfs']; endif; + if(isset($pconfig['osrelease'])): + $jail_osrelease = $pconfig['osrelease']; + endif; if(isset($pconfig['vnet_interface'])): $jail_vnet_interface = $pconfig['vnet_interface']; endif; @@ -199,7 +228,8 @@ if ($_POST): $jail_boot_prio = $pconfig['boot_prio']; endif; - // Check if the config has changed for each parameter. + // Check if the config has changed for each parameters. + // This jails wide changes requires the jail to be already stopped. // This could be done with a nice foreach loop in the future. if($jail_name_def !== $jail_name): $is_changed = "1"; @@ -242,7 +272,7 @@ if ($_POST): endif; if($retval == 0): - $input_errors[] = gtext("This jail is running, please stop it before making jail.conf changes."); + $input_errors[] = gtext("This jail is running, please stop it before making jail.conf wide changes."); else: if (isset($_POST['hostname']) && $_POST['hostname']): if($jail_hostname_def !== $jail_hostname): @@ -344,6 +374,18 @@ if ($_POST): endif; endif; + if (isset($_POST['osrelease']) || $_POST['osrelease']): + if($jail_osrelease_def !== $jail_osrelease): + $cmd = "/usr/local/bin/bastille config {$item} set osrelease $jail_osrelease"; + unset($output,$retval);mwexec2($cmd,$output,$retval); + if($retval == 0): + //$savemsg .= gtext("Osrelease changed successfully."); + else: + $input_errors[] = gtext("Failed to save osrelease."); + endif; + endif; + endif; + if (isset($_POST['autostart']) && $_POST['autostart']): //if($jail_name_def !== $jail_name): // // Remove obsolete variable. @@ -439,6 +481,7 @@ endif; html_inputbox("devfs_ruleset", gtext("devfs_ruleset"), $pconfig['devfs_ruleset'], gtext("The number of the devfs ruleset that is enforced for mounting devfs in this jail. A value of zero means no ruleset is enforced. default is 4, on VNET jails default is 13."), false, 20); //if(!$is_linux_jail): html_inputbox("enforce_statfs", gtext("enforce_statfs"), $pconfig['enforce_statfs'], gtext("This determines what information processes in a jail are able to get about mount points. Affects the behaviour of the following syscalls: statfs, fstatfs, getfsstat and fhstatfs, default is 2."), false, 20); + html_inputbox("osrelease", gtext("osrelease"), $pconfig['osrelease'], gtext("This sets the jail OS release, this parameter must be a string."), false, 20); //endif; if ($is_vnet): html_inputbox("vnet_interface", gtext("VNET Interface"), $pconfig['vnet_interface'], gtext("Set the VNET interface manually, usually should not be changed unless renaming the interface or moving jail from host, Note: manual edit of the jail rc.conf file may be required."), false, 20); diff --git a/gui/bastille_manager_util.php b/gui/bastille_manager_util.php index a6312e4..139d46d 100644 --- a/gui/bastille_manager_util.php +++ b/gui/bastille_manager_util.php @@ -115,7 +115,6 @@ if($_POST): $bastille_version = get_version_bastille(); $bastille_version_min = "0920210714"; $bastille_version_format = str_replace(".", "", $bastille_version); - $bastille_bin_path = "/usr/local/bin"; $export_option = ""; $skip_safemode = ""; @@ -152,25 +151,21 @@ if($_POST): endif; endif; - if($bastille_version_format >= $bastille_version_min): if ($zfs_activated == "YES"): if ($pconfig['format'] == "default"): $export_format = "--xz"; - $cmd = ("$bastille_bin_path/bastille export $export_option $export_format '{$item}'"); + $cmd = ("/usr/local/bin/bastille export $export_option $export_format '{$item}'"); else: - $cmd = ("$bastille_bin_path/bastille export $export_option $user_export_format '{$item}'"); + $cmd = ("/usr/local/bin/bastille export $export_option $user_export_format '{$item}'"); endif; else: if ($pconfig['format'] == "default"): $export_format = "--txz"; - $cmd = ("$bastille_bin_path/bastille export $export_format '{$item}'"); + $cmd = ("/usr/local/bin/bastille export $export_format '{$item}'"); else: - $cmd = ("$bastille_bin_path/bastille export $user_export_format '{$item}'"); + $cmd = ("/usr/local/bin/bastille export $user_export_format '{$item}'"); endif; endif; - else: - $cmd = ("$bastille_bin_path/bastille export '{$item}'"); - endif; unset($output,$retval);mwexec2($cmd,$output,$retval); if($retval == 0): @@ -225,9 +220,17 @@ if($_POST): $current_release = exec("/usr/bin/grep '\-RELEASE' {$jail_dir}/{$item}/fstab | awk '{print $1}' | grep -o '[^/]*$'"); if ($_POST['update_base']): - $cmd = ("/usr/local/sbin/bastille-init update '{$current_release}'"); + if ($_POST['update_base_force']): + $cmd = ("/usr/local/sbin/bastille-init update_force '{$current_release}'"); + else: + $cmd = ("/usr/local/sbin/bastille-init update '{$current_release}'"); + endif; elseif ($_POST['update_jail']): - $cmd = ("/usr/local/sbin/bastille-init update '{$item}'"); + if ($_POST['update_jail_force']): + $cmd = ("/usr/local/sbin/bastille-init update_force '{$item}'"); + else: + $cmd = ("/usr/local/sbin/bastille-init update '{$item}'"); + endif; else: $input_errors[] = sprintf(gtext("Failed to update container %s."),$item); break; @@ -236,7 +239,14 @@ if($_POST): unset($output,$retval);mwexec2($cmd,$output,$retval); if($retval == 0): $update_release = exec("/usr/sbin/jexec -l {$item} freebsd-version"); - $savemsg .= sprintf(gtext("Container release updated to %s successfully."),$update_release); + if (($_POST['update_jail_force']) || ($_POST['update_base_force'])): + $savemsg .= sprintf(gtext("Container release forcefully updated to %s successfully."),$update_release); + else: + $savemsg .= sprintf(gtext("Container release updated to %s successfully."),$update_release); + endif; + if ($_POST['update_base']): + exec("/usr/local/bin/bastille config {$item} set osrelease $update_release"); + endif; exec("echo '{$date}: {$application}: Container release updated to {$update_release} successfully for {$item}' >> {$logfile}"); //header('Location: bastille_manager_gui.php'); //exit; @@ -248,34 +258,6 @@ if($_POST): endif; break; - case 'base': - // Input validation not required - if(empty($input_errors)): - $container = []; - $container['uuid'] = $_POST['uuid']; - $container['jailname'] = $_POST['jailname']; - $item = $container['jailname']; - $current_release = exec("/usr/bin/grep '\-RELEASE' {$jail_dir}/{$item}/fstab | awk '{print $1}' | grep -o '[^/]*$'"); - $new_release = $pconfig['release']; - - if(!$current_release): - $savemsg .= gtext("This is a thick container and should be interactively upgraded through the command line."); - else: - $cmd = ("/usr/local/sbin/bastille-init --upgrade {$item} {$current_release} {$new_release}"); - unset($output,$retval);mwexec2($cmd,$output,$retval); - if($retval == 0): - $savemsg .= sprintf(gtext("Container base release changed to %s successfully."),$new_release); - exec("echo '{$date}: {$application}: Container base release changed to {$new_release} on {$item} successfully' >> {$logfile}"); - //header('Location: bastille_manager_gui.php'); - //exit; - else: - $input_errors[] = sprintf(gtext("Failed to change container base release to %s, either it is running or is not a thin container."),$new_release); - exec("echo '{$date}: {$application}: Failed to change container base release to {$new_release} on {$item}' >> {$logfile}"); - endif; - endif; - endif; - break; - case 'autoboot': // Input validation not required if(empty($input_errors)): @@ -403,7 +385,7 @@ if($_POST): break; case 'delete': - // Delete a contained + // Delete a container if(empty($input_errors)): $container = []; $container['uuid'] = $_POST['uuid']; @@ -462,10 +444,10 @@ function action_change() { showElementById('readonly_tr', 'hide'); showElementById('createdir_tr', 'hide'); showElementById('automount_tr', 'hide'); - showElementById('jail_release_tr', 'hide'); - showElementById('release_tr','hide'); showElementById('update_base_tr','hide'); showElementById('update_jail_tr','hide'); + showElementById('update_base_force_tr', 'hide'); + showElementById('update_jail_force_tr', 'hide'); showElementById('newname_tr', 'hide'); showElementById('newipaddr_tr', 'hide'); showElementById('clonestop_tr', 'hide'); @@ -474,75 +456,48 @@ function action_change() { showElementById('backup_tr', 'hide'); showElementById('format_tr', 'hide'); showElementById('safemode_tr', 'hide'); - //showElementById('dateadd_tr','hide'); + showElementById('prioritynumber_tr','hide'); var action = document.iform.action.value; switch (action) { case "backup": - showElementById('confirmname_tr','hide'); - showElementById('nowstop_tr','hide'); showElementById('backup_tr', 'show'); showElementById('format_tr', 'show'); showElementById('safemode_tr', 'show'); - showElementById('prioritynumber_tr','hide'); break; case "clone": showElementById('newname_tr','show'); showElementById('newipaddr_tr','show'); showElementById('clonestop_tr','show'); - showElementById('prioritynumber_tr','hide'); break; case "update": - showElementById('confirmname_tr','hide'); - showElementById('nowstop_tr','hide'); showElementById('update_base_tr','show'); showElementById('update_jail_tr','show'); - showElementById('prioritynumber_tr','hide'); - break; - case "base": - showElementById('confirmname_tr','hide'); - showElementById('nowstop_tr','hide'); - showElementById('jail_release_tr', 'show'); - showElementById('release_tr','show'); - showElementById('prioritynumber_tr','hide'); + showElementById('update_base_force_tr', 'show'); + showElementById('update_jail_force_tr', 'show'); break; case "autoboot": - showElementById('confirmname_tr','hide'); - showElementById('nowstop_tr','hide'); showElementById('auto_boot_tr', 'show'); - showElementById('prioritynumber_tr','hide'); break; case "noauto": - showElementById('confirmname_tr','hide'); - showElementById('nowstop_tr','hide'); showElementById('no_autoboot_tr', 'show'); - showElementById('prioritynumber_tr','hide'); break; case "priority": - showElementById('confirmname_tr','hide'); - showElementById('nowstop_tr','hide'); showElementById('prioritynumber_tr','show'); break; case "fstab": - showElementById('confirmname_tr','hide'); - showElementById('nowstop_tr','hide'); showElementById('source_path_tr','show'); showElementById('target_path_tr','show'); showElementById('path_check_tr','show'); showElementById('readonly_tr','show'); showElementById('createdir_tr','show'); showElementById('automount_tr','show'); - showElementById('prioritynumber_tr','hide'); break; case "delete": showElementById('confirmname_tr','show'); showElementById('nowstop_tr','show'); - showElementById('prioritynumber_tr','hide'); break; case "advanced": - showElementById('confirmname_tr','hide'); - showElementById('nowstop_tr','hide'); showElementById('advanced_tr','show'); - showElementById('prioritynumber_tr','hide'); break; default: break; @@ -589,23 +544,8 @@ $document->render(); /dev/null"); - $current_release = ""; - $disable_base_change = "no"; - $current_release = exec("/usr/bin/grep '\-RELEASE' {$jail_dir}/{$pconfig['jailname']}/fstab | awk '{print $1}' | grep -o '[^/]*$'"); + $is_thinjail = exec("/usr/bin/grep -w '/.*/.bastille' {$jail_dir}/{$pconfig['jailname']}/fstab"); - if (!$current_release): - $current_release = exec("/usr/bin/grep 'releng' {$jail_dir}/{$pconfig['jailname']}/root/COPYRIGHT | cut -d '/' -f2"); - if(!$current_release): - //Assume is a running thickjail. - $current_release = exec("/usr/sbin/jexec {$pconfig['jailname']} freebsd-version 2>/dev/null"); - endif; - $disable_base_change = "yes"; - if (!$current_release): - $current_release = "-"; - endif; - endif; $pconfig['source_path'] = ""; $pconfig['target_path'] = "{$rootfolder}/jails/{$pconfig['jailname']}/root/mnt/"; html_text2('jailname',gettext('Container name:'),htmlspecialchars($pconfig['jailname'])); @@ -613,7 +553,6 @@ $document->render(); 'backup' => gettext('Backup'), 'clone' => gettext('Clone'), 'update' => gettext('Update'), - 'base' => gettext('Release'), 'autoboot' => gettext('Autoboot'), 'noauto' => gettext('Noauto'), 'priority' => gettext('Priority'), @@ -659,18 +598,14 @@ $document->render(); html_checkbox2('createdir',gettext('Create Target Directory'),!empty($pconfig['createdir']) ? true : true,gettext('Create target directory if missing (recommended).'),'',true); if ($is_thinjail): html_checkbox2('update_base',gettext('Base update confirm'),!empty($pconfig['update_base']) ? true : false,gettext('This is a thin container, therefore the base release will be updated, this affects child containers.'),'',true); + html_checkbox2('update_base_force',gettext('Container update force confirm:'),!empty($pconfig['update_base']) ? true : false,gettext('This will perform a forced base update, this affects child containers.'),'',true); else: html_checkbox2('update_jail',gettext('Container update confirm:'),!empty($pconfig['update_jail']) ? true : false,gettext('This is a thick container, therefore the update will be performed within its root, current containers are not affected.'),'',true); + html_checkbox2('update_jail_force',gettext('Container update force confirm:'),!empty($pconfig['update_jail']) ? true : false,gettext('This will perform a forced jail update, current containers are not affected.'),'',true); endif; - html_text2('jail_release',gettext('Current base release:'),htmlspecialchars($current_release)); html_text2('auto_boot',gettext('Enable container auto-startup'),htmlspecialchars("This will cause the container to automatically start each time the system restart.")); html_text2('no_autoboot',gettext('Disable container auto-startup'),htmlspecialchars("This will disable the container automatic startup.")); html_text2('backup',gettext('Export container'),htmlspecialchars("This will export a container to a compressed file/image, please execute `bastille export` for more info in regards exporting formats, Default is .XZ on ZFS setups or .TXZ otherwise, For faster compressed backups consider .GZ/.TGZ.")); - - if ($disable_base_change == "no"): - html_combobox2('release',gettext('New base release'),!empty($pconfig['release']),$b_action,gettext("Warning: This will change current shared base to the selected base on the thin container only, the user is responsible for package updates and/or general incompatibilities issues, or use the command line for native upgrade."),true,false,); - endif; - //html_checkbox2('dateadd',gettext('Date'),!empty($pconfig['dateadd']) ? true : false,gettext('Append the date in the following format: ITEM-XXXX-XX-XX-XXXXXX.'),'',false); ?> diff --git a/version b/version index da44c7f..3baec79 100644 --- a/version +++ b/version @@ -1 +1 @@ -1.1.50 +1.1.51