From 408db4225880b9eb5335e7f77802be4e5a43ee34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Bertin?= Date: Fri, 8 Dec 2023 11:21:31 +0100 Subject: [PATCH 1/2] CREATE.SH::ADDED:: New '--no-validate' parameter to use custom/manually bootstrapped releases --- usr/local/share/bastille/create.sh | 157 +++++++++++++++-------------- 1 file changed, 82 insertions(+), 75 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 49de165c..d8bf453e 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -618,6 +618,7 @@ THICK_JAIL="" CLONE_JAIL="" VNET_JAIL="" LINUX_JAIL="" +VALIDATE_RELEASE="1" # Handle and parse options while [ $# -gt 0 ]; do @@ -691,6 +692,10 @@ while [ $# -gt 0 ]; do VNET_JAIL_BRIDGE="1" shift ;; + --no-validate|no-validate) + VALIDATE_RELEASE="" + shift + ;; -*|--*) error_notify "Unknown Option." usage @@ -734,7 +739,7 @@ if [ -n "${NAME}" ]; then validate_name fi -if [ -n "${LINUX_JAIL}" ]; then +if [ -n "${LINUX_JAIL}" ] && [ -n "${VALIDATE_RELEASE}" ]; then case "${RELEASE}" in bionic|ubuntu_bionic|ubuntu|ubuntu-bionic) ## check for FreeBSD releases name @@ -768,80 +773,82 @@ if [ -n "${LINUX_JAIL}" ]; then fi if [ -z "${EMPTY_JAIL}" ]; then - ## verify release - case "${RELEASE}" in - 2.[0-9]*) - ## check for MidnightBSD releases name - NAME_VERIFY=$(echo "${RELEASE}") - validate_release - ;; - *-CURRENT|*-CURRENT-I386|*-CURRENT-i386|*-current) - ## check for FreeBSD releases name - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-CURRENT|-CURRENT-i386)$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') - validate_release - ;; - *-RELEASE|*-RELEASE-I386|*-RELEASE-i386|*-release|*-RC[1-9]|*-rc[1-9]|*-BETA[1-9]) - ## check for FreeBSD releases name - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-9]|-BETA[1-9])$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') - validate_release - ;; - *-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST) - ## check for HardenedBSD releases name(previous infrastructure) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})(-stable-last)$' | sed 's/STABLE/stable/g' | sed 's/last/LAST/g') - validate_release - ;; - *-stable-build-[0-9]*|*-STABLE-BUILD-[0-9]*) - ## check for HardenedBSD(specific stable build releases) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build)-([0-9]{1,3})$' | sed 's/BUILD/build/g' | sed 's/STABLE/stable/g') - validate_release - ;; - *-stable-build-latest|*-stable-BUILD-LATEST|*-STABLE-BUILD-LATEST) - ## check for HardenedBSD(latest stable build release) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') - validate_release - ;; - current-build-[0-9]*|CURRENT-BUILD-[0-9]*) - ## check for HardenedBSD(specific current build releases) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build)-([0-9]{1,3})' | sed 's/BUILD/build/g' | sed 's/CURRENT/current/g') - validate_release - ;; - current-build-latest|current-BUILD-LATEST|CURRENT-BUILD-LATEST) - ## check for HardenedBSD(latest current build release) - NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build-latest)' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') - validate_release - ;; - ubuntu_bionic|bionic|ubuntu-bionic) - UBUNTU="1" - NAME_VERIFY=Ubuntu_1804 - validate_release - ;; - ubuntu_focal|focal|ubuntu-focal) - UBUNTU="1" - NAME_VERIFY=Ubuntu_2004 - validate_release - ;; - ubuntu_jammy|jammy|ubuntu-jammy) - UBUNTU="1" - NAME_VERIFY=Ubuntu_2204 - validate_release - ;; - debian_buster|buster|debian-buster) - NAME_VERIFY=Debian10 - validate_release - ;; - debian_bullseye|bullseye|debian-bullseye) - NAME_VERIFY=Debian11 - validate_release - ;; - debian_bookworm|bookworm|debian-bookworm) - NAME_VERIFY=Debian12 - validate_release - ;; - *) - error_notify "Unknown Release." - usage - ;; - esac + if [ -n "${VALIDATE_RELEASE}" ]; then + ## verify release + case "${RELEASE}" in + 2.[0-9]*) + ## check for MidnightBSD releases name + NAME_VERIFY=$(echo "${RELEASE}") + validate_release + ;; + *-CURRENT|*-CURRENT-I386|*-CURRENT-i386|*-current) + ## check for FreeBSD releases name + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-CURRENT|-CURRENT-i386)$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') + validate_release + ;; + *-RELEASE|*-RELEASE-I386|*-RELEASE-i386|*-release|*-RC[1-9]|*-rc[1-9]|*-BETA[1-9]) + ## check for FreeBSD releases name + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-9]|-BETA[1-9])$' | tr '[:lower:]' '[:upper:]' | sed 's/I/i/g') + validate_release + ;; + *-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST) + ## check for HardenedBSD releases name(previous infrastructure) + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})(-stable-last)$' | sed 's/STABLE/stable/g' | sed 's/last/LAST/g') + validate_release + ;; + *-stable-build-[0-9]*|*-STABLE-BUILD-[0-9]*) + ## check for HardenedBSD(specific stable build releases) + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build)-([0-9]{1,3})$' | sed 's/BUILD/build/g' | sed 's/STABLE/stable/g') + validate_release + ;; + *-stable-build-latest|*-stable-BUILD-LATEST|*-STABLE-BUILD-LATEST) + ## check for HardenedBSD(latest stable build release) + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') + validate_release + ;; + current-build-[0-9]*|CURRENT-BUILD-[0-9]*) + ## check for HardenedBSD(specific current build releases) + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build)-([0-9]{1,3})' | sed 's/BUILD/build/g' | sed 's/CURRENT/current/g') + validate_release + ;; + current-build-latest|current-BUILD-LATEST|CURRENT-BUILD-LATEST) + ## check for HardenedBSD(latest current build release) + NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build-latest)' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') + validate_release + ;; + ubuntu_bionic|bionic|ubuntu-bionic) + UBUNTU="1" + NAME_VERIFY=Ubuntu_1804 + validate_release + ;; + ubuntu_focal|focal|ubuntu-focal) + UBUNTU="1" + NAME_VERIFY=Ubuntu_2004 + validate_release + ;; + ubuntu_jammy|jammy|ubuntu-jammy) + UBUNTU="1" + NAME_VERIFY=Ubuntu_2204 + validate_release + ;; + debian_buster|buster|debian-buster) + NAME_VERIFY=Debian10 + validate_release + ;; + debian_bullseye|bullseye|debian-bullseye) + NAME_VERIFY=Debian11 + validate_release + ;; + debian_bookworm|bookworm|debian-bookworm) + NAME_VERIFY=Debian12 + validate_release + ;; + *) + error_notify "Unknown Release." + usage + ;; + esac + fi ## check for name/root/.bastille if [ -d "${bastille_jailsdir}/${NAME}/root/.bastille" ]; then From 89a14cb2141acd608f12e304fbbd5c09054bb0dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Bertin?= Date: Wed, 7 Aug 2024 15:12:01 +0200 Subject: [PATCH 2/2] CLONE.SH::CHANGED:: Get custom release names to correctly upgrade fstab --- usr/local/share/bastille/clone.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 1ebea6c4..035df1b9 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -136,7 +136,7 @@ update_fstab() { # Update fstab to use the new name FSTAB_CONFIG="${bastille_jailsdir}/${NEWNAME}/fstab" if [ -f "${FSTAB_CONFIG}" ]; then - FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-9]|-BETA[1-9]|-CURRENT)|([0-9]{1,2}(-stable-build-[0-9]{1,3}|-stable-LAST))|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)' "${FSTAB_CONFIG}" | uniq) + FSTAB_RELEASE=$(grep -owE "${bastille_releasesdir}/(\S*)" "${FSTAB_CONFIG}" | uniq | rev | cut -d '/' -f -1 | rev) FSTAB_CURRENT=$(grep -w ".*/releases/.*/jails/${TARGET}/root/.bastille" "${FSTAB_CONFIG}") FSTAB_NEWCONF="${bastille_releasesdir}/${FSTAB_RELEASE} ${bastille_jailsdir}/${NEWNAME}/root/.bastille nullfs ro 0 0" if [ -n "${FSTAB_CURRENT}" ] && [ -n "${FSTAB_NEWCONF}" ]; then