From 2caf01b722c6febf98bb8702e225dc032b08534f Mon Sep 17 00:00:00 2001 From: JRGTH Date: Wed, 14 Jul 2021 16:50:35 -0400 Subject: [PATCH 1/9] Cosmetics changes to prevent double "/" --- usr/local/share/bastille/cp.sh | 2 +- usr/local/share/bastille/mount.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/cp.sh b/usr/local/share/bastille/cp.sh index 2d486ec..063c506 100644 --- a/usr/local/share/bastille/cp.sh +++ b/usr/local/share/bastille/cp.sh @@ -66,7 +66,7 @@ esac for _jail in ${JAILS}; do info "[${_jail}]:" bastille_jail_path="${bastille_jailsdir}/${_jail}/root" - cp "${OPTION}" "${CPSOURCE}" "${bastille_jail_path}/${CPDEST}" + cp "${OPTION}" "${CPSOURCE}" "${bastille_jail_path}${CPDEST}" RETURN="$?" if [ "${TARGET}" = "ALL" ]; then # Display the return status for reference diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index 298d42a..0ccacf5 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -93,7 +93,7 @@ for _jail in ${JAILS}; do info "[${_jail}]:" ## aggregate variables into FSTAB entry - _jailpath="${bastille_jailsdir}/${_jail}/root/${_jailpath}" + _jailpath="${bastille_jailsdir}/${_jail}/root${_jailpath}" _fstab_entry="${_hostpath} ${_jailpath} ${_type} ${_perms} ${_checks}" ## Create mount point if it does not exist. -- cwells From 494d811c327e9ca74bc1264bce83afe80a2776cb Mon Sep 17 00:00:00 2001 From: JRGTH Date: Thu, 15 Jul 2021 12:32:37 -0400 Subject: [PATCH 2/9] Use statement here --- usr/local/share/bastille/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 1220fb2..3ef2aed 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -38,7 +38,7 @@ enable_color() { } # If "NO_COLOR" environment variable is present, disable output colors. -if ! export | grep -q "NO_COLOR"; then +if [ -z "${NO_COLOR}" ]; then enable_color fi From c90fea30668e2e93bf5a39295251c5d00faa64fc Mon Sep 17 00:00:00 2001 From: JRGTH Date: Thu, 15 Jul 2021 16:30:36 -0400 Subject: [PATCH 3/9] Extra validation on Linux Jails, revert `cp.sh` to avoid issues with templates --- usr/local/share/bastille/cp.sh | 2 +- usr/local/share/bastille/create.sh | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/cp.sh b/usr/local/share/bastille/cp.sh index 063c506..2d486ec 100644 --- a/usr/local/share/bastille/cp.sh +++ b/usr/local/share/bastille/cp.sh @@ -66,7 +66,7 @@ esac for _jail in ${JAILS}; do info "[${_jail}]:" bastille_jail_path="${bastille_jailsdir}/${_jail}/root" - cp "${OPTION}" "${CPSOURCE}" "${bastille_jail_path}${CPDEST}" + cp "${OPTION}" "${CPSOURCE}" "${bastille_jail_path}/${CPDEST}" RETURN="$?" if [ "${TARGET}" = "ALL" ]; then # Display the return status for reference diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index fb3023b..802e471 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -113,6 +113,13 @@ validate_netconf() { } validate_release() { + ## ensure the user set the Linux(experimental) option explicitly + if [ -n "${UBUNTU}" ]; then + if [ -z "${LINUX_JAIL}" ]; then + usage + fi + fi + ## check release name match, else show usage if [ -n "${NAME_VERIFY}" ]; then RELEASE="${NAME_VERIFY}" @@ -644,10 +651,12 @@ if [ -z "${EMPTY_JAIL}" ]; then validate_release ;; ubuntu_bionic|bionic|ubuntu-bionic) + UBUNTU="1" NAME_VERIFY=Ubuntu_1804 validate_release ;; ubuntu_focal|focal|ubuntu-focal) + UBUNTU="1" NAME_VERIFY=Ubuntu_2004 validate_release ;; From 30ba4bbb6910edcdf8c58e91799d2817aa316b76 Mon Sep 17 00:00:00 2001 From: Christer Edwards Date: Sat, 31 Jul 2021 14:42:24 -0600 Subject: [PATCH 4/9] revert double-slash fix this causes issues if the user doesn't provide a starting /. cosmetic only. --- usr/local/share/bastille/mount.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index 0ccacf5..298d42a 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -93,7 +93,7 @@ for _jail in ${JAILS}; do info "[${_jail}]:" ## aggregate variables into FSTAB entry - _jailpath="${bastille_jailsdir}/${_jail}/root${_jailpath}" + _jailpath="${bastille_jailsdir}/${_jail}/root/${_jailpath}" _fstab_entry="${_hostpath} ${_jailpath} ${_type} ${_perms} ${_checks}" ## Create mount point if it does not exist. -- cwells From 9967a56e64c0b02dd094d0a82aabd6403ceb7b8d Mon Sep 17 00:00:00 2001 From: JRGTH Date: Fri, 6 Aug 2021 19:44:25 -0400 Subject: [PATCH 5/9] Improvements for Linux releases and code maintenance --- usr/local/share/bastille/bootstrap.sh | 145 +++++++++++++++----------- usr/local/share/bastille/destroy.sh | 15 ++- usr/local/share/bastille/list.sh | 2 +- 3 files changed, 96 insertions(+), 66 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 269e1b3..2e99535 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -304,6 +304,81 @@ bootstrap_release() { echo } +debootstrap_release() { + + #check and install OS dependencies @hackacad + #ToDo: add function 'linux_pre' for sysrc etc. + if [ ! "$(sysrc -f /boot/loader.conf -n linprocfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n linsysfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n tmpfs_load)" = "YES" ]; then + warn "linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you? (N|y)" + read answer + case $answer in + [Nn][Oo]|[Nn]|"") + error_exit "Exiting." + ;; + [Yy][Ee][Ss]|[Yy]) + info "Loading modules" + kldload linux linux64 linprocfs linsysfs tmpfs + info "Persisting modules" + sysrc linux_enable=YES + sysrc -f /boot/loader.conf linprocfs_load=YES + sysrc -f /boot/loader.conf linsysfs_load=YES + sysrc -f /boot/loader.conf tmpfs_load=YES + ;; + esac + fi + + if ! which -s debootstrap; then + warn "Debootstrap not found. Should it be installed? (N|y)" + read answer + case $answer in + [Nn][Oo]|[Nn]|"") + error_exit "Exiting. You need to install debootstap before boostrapping a Linux jail." + ;; + [Yy][Ee][Ss]|[Yy]) + pkg install -y debootstrap + ;; + esac + fi + + # Create subsequent Linux releases datasets + if [ ! -d "${bastille_releasesdir}/${DIR_BOOTSTRAP}" ]; then + if [ "${bastille_zfs_enable}" = "YES" ]; then + if [ -n "${bastille_zfs_zpool}" ]; then + zfs create ${bastille_zfs_options} -o mountpoint="${bastille_releasesdir}/${DIR_BOOTSTRAP}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${DIR_BOOTSTRAP}" + fi + else + mkdir -p "${bastille_releasesdir}/${DIR_BOOTSTRAP}" + fi + fi + + # Fetch the Linux flavor + info "Bootstrapping ${PLATFORM_OS} distfiles..." + if ! debootstrap --foreign --arch=${ARCH_BOOTSTRAP} --no-check-gpg ${UBUNTU_FLAVOR} "${bastille_releasesdir}"/${DIR_BOOTSTRAP}; then + ## perform cleanup only for stale/empty directories on failure + if [ "${bastille_zfs_enable}" = "YES" ]; then + if [ -n "${bastille_zfs_zpool}" ]; then + if [ ! "$(ls -A "${bastille_releasesdir}/${DIR_BOOTSTRAP}")" ]; then + zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${DIR_BOOTSTRAP}" + fi + fi + fi + if [ -d "${bastille_releasesdir}/${DIR_BOOTSTRAP}" ]; then + if [ ! "$(ls -A "${bastille_releasesdir}/${DIR_BOOTSTRAP}")" ]; then + rm -rf "${bastille_releasesdir:?}/${DIR_BOOTSTRAP}" + fi + fi + error_exit "Bootstrap failed." + fi + + if [ "${UBUNTU_FLAVOR}" = "bionic" ]; then + echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/${DIR_BOOTSTRAP}/etc/apt/apt.conf.d/00aptitude + fi + + info "Bootstrap successful." + info "See 'bastille --help' for available commands." + echo +} + bootstrap_template() { ## ${bastille_templatesdir} @@ -341,43 +416,6 @@ bootstrap_template() { bastille verify "${_user}/${_repo}" } -check_linux_prerequisites() { - #check and install OS dependencies @hackacad - if [ ! "$(sysrc -f /boot/loader.conf -n linprocfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n linsysfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n tmpfs_load)" = "YES" ]; then - warn "linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you? (N|y)" - read answer - case $answer in - [Nn][Oo]|[Nn]|"") - error_exit "Exiting." - ;; - [Yy][Ee][Ss]|[Yy]) - info "Loading modules" - kldload linux linux64 linprocfs linsysfs tmpfs - info "Persisting modules" - sysrc linux_enable=YES - sysrc -f /boot/loader.conf linprocfs_load=YES - sysrc -f /boot/loader.conf linsysfs_load=YES - sysrc -f /boot/loader.conf tmpfs_load=YES - ;; - esac - fi -} - -ensure_debootstrap() { - if ! which -s debootstrap; then - warn "Debootstrap not found. Should it be installed? (N|y)" - read answer - case $answer in - [Nn][Oo]|[Nn]|"") - error_exit "Exiting. You need to install debootstap before boostrapping a Linux jail." - ;; - [Yy][Ee][Ss]|[Yy]) - pkg install -y debootstrap - ;; - esac - fi -} - HW_MACHINE=$(sysctl hw.machine | awk '{ print $2 }') HW_MACHINE_ARCH=$(sysctl hw.machine_arch | awk '{ print $2 }') RELEASE="${1}" @@ -468,37 +506,24 @@ http?://*/*/*) ;; #adding Ubuntu Bionic as valid "RELEASE" for POC @hackacad ubuntu_bionic|bionic|ubuntu-bionic) - check_linux_prerequisites - ensure_debootstrap - debootstrap --foreign --arch=amd64 --no-check-gpg bionic "${bastille_releasesdir}"/Ubuntu_1804 - echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/Ubuntu_1804/etc/apt/apt.conf.d/00aptitude + PLATFORM_OS="Ubuntu/Linux" + UBUNTU_FLAVOR="bionic" + DIR_BOOTSTRAP="Ubuntu_1804" + ARCH_BOOTSTRAP="amd64" + debootstrap_release ;; ubuntu_focal|focal|ubuntu-focal) - check_linux_prerequisites - ensure_debootstrap - debootstrap --foreign --arch=amd64 --no-check-gpg focal "${bastille_releasesdir}"/Ubuntu_2004 - ;; -debian_stretch|stretch|debian-stretch) - check_linux_prerequisites - ensure_debootstrap - debootstrap --foreign --arch=amd64 --no-check-gpg stretch "${bastille_releasesdir}"/Debian9 - echo "Increasing APT::Cache-Start" - echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/Debian9/etc/apt/apt.conf.d/00aptitude - ;; -debian_buster|buster|debian-buster) - check_linux_prerequisites - ensure_debootstrap - debootstrap --foreign --arch=amd64 --no-check-gpg buster "${bastille_releasesdir}"/Debian10 - echo "Increasing APT::Cache-Start" - echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/Debian10/etc/apt/apt.conf.d/00aptitude + PLATFORM_OS="Ubuntu/Linux" + UBUNTU_FLAVOR="focal" + DIR_BOOTSTRAP="Ubuntu_2004" + ARCH_BOOTSTRAP="amd64" + debootstrap_release ;; *) usage ;; esac - - case "${OPTION}" in update) bastille update "${RELEASE}" diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index 8d068e6..4413334 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -207,27 +207,32 @@ case "${TARGET}" in ;; *-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST) ## check for HardenedBSD releases name - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})(-stable-last)$' | sed 's/STABLE/stable/g' | sed 's/last/LAST/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})(-stable-last)$' | sed 's/STABLE/stable/;s/last/LAST/g') destroy_rel ;; *-stable-build-[0-9]*|*-STABLE-BUILD-[0-9]*) ## check for HardenedBSD(specific stable build releases) - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '([0-9]{1,2})(-stable-build)-([0-9]{1,3})$' | sed 's/BUILD/build/g' | sed 's/STABLE/stable/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '([0-9]{1,2})(-stable-build)-([0-9]{1,3})$' | sed 's/BUILD/build/;s/STABLE/stable/g') destroy_rel ;; *-stable-build-latest|*-stable-BUILD-LATEST|*-STABLE-BUILD-LATEST) ## check for HardenedBSD(latest stable build release) - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/;s/build/BUILD/;s/latest/LATEST/g') destroy_rel ;; current-build-[0-9]*|CURRENT-BUILD-[0-9]*) ## check for HardenedBSD(specific current build releases) - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(current-build)-([0-9]{1,3})' | sed 's/BUILD/build/g' | sed 's/CURRENT/current/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(current-build)-([0-9]{1,3})' | sed 's/BUILD/build/;s/CURRENT/current/g') destroy_rel ;; current-build-latest|current-BUILD-LATEST|CURRENT-BUILD-LATEST) ## check for HardenedBSD(latest current build release) - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(current-build-latest)$' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(current-build-latest)$' | sed 's/CURRENT/current/;s/build/BUILD/;s/latest/LATEST/g') + destroy_rel + ;; +Ubuntu_1804|Ubuntu_2004|UBUNTU_1804|UBUNTU_2004) + ## check for Linux releases + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(Ubuntu_1804)$|(Ubuntu_2004)$' | sed 's/UBUNTU/Ubuntu/;s/ubuntu/Ubuntu/g') destroy_rel ;; *) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 611fdf3..fede2ba 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -132,7 +132,7 @@ if [ $# -gt 0 ]; then if [ -d "${bastille_releasesdir}" ]; then REL_LIST=$(ls "${bastille_releasesdir}" | sed "s/\n//g") for _REL in ${REL_LIST}; do - if [ -f "${bastille_releasesdir}/${_REL}/root/.profile" ]; then + if [ -f "${bastille_releasesdir}/${_REL}/root/.profile" -o -d "${bastille_releasesdir}/${_REL}/debootstrap" ]; then echo "${_REL}" fi done From e92451b37cac66cc04016a61eba1e9f25b20fa08 Mon Sep 17 00:00:00 2001 From: JRGTH Date: Sat, 7 Aug 2021 13:17:32 -0400 Subject: [PATCH 6/9] Add debian stretch/buster, small changes --- usr/local/share/bastille/bootstrap.sh | 21 +++++++++++++++++++-- usr/local/share/bastille/destroy.sh | 17 +++++++++++------ 2 files changed, 30 insertions(+), 8 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 2e99535..1024f4f 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -370,9 +370,12 @@ debootstrap_release() { error_exit "Bootstrap failed." fi - if [ "${UBUNTU_FLAVOR}" = "bionic" ]; then + case "${UBUNTU_FLAVOR}" in + bionic|stretch|buster) + info "Increasing APT::Cache-Start" echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/${DIR_BOOTSTRAP}/etc/apt/apt.conf.d/00aptitude - fi + ;; + esac info "Bootstrap successful." info "See 'bastille --help' for available commands." @@ -519,6 +522,20 @@ ubuntu_focal|focal|ubuntu-focal) ARCH_BOOTSTRAP="amd64" debootstrap_release ;; +debian_stretch|stretch|debian-stretch) + PLATFORM_OS="Debian/Linux" + UBUNTU_FLAVOR="stretch" + DIR_BOOTSTRAP="Debian9" + ARCH_BOOTSTRAP="amd64" + debootstrap_release + ;; +debian_buster|buster|debian-buster) + PLATFORM_OS="Debian/Linux" + UBUNTU_FLAVOR="buster" + DIR_BOOTSTRAP="Debian10" + ARCH_BOOTSTRAP="amd64" + debootstrap_release + ;; *) usage ;; diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index 4413334..7e29cf1 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -207,32 +207,37 @@ case "${TARGET}" in ;; *-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST) ## check for HardenedBSD releases name - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})(-stable-last)$' | sed 's/STABLE/stable/;s/last/LAST/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '^([1-9]{2,2})(-stable-last)$' | sed 's/STABLE/stable/g;s/last/LAST/g') destroy_rel ;; *-stable-build-[0-9]*|*-STABLE-BUILD-[0-9]*) ## check for HardenedBSD(specific stable build releases) - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '([0-9]{1,2})(-stable-build)-([0-9]{1,3})$' | sed 's/BUILD/build/;s/STABLE/stable/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '([0-9]{1,2})(-stable-build)-([0-9]{1,3})$' | sed 's/BUILD/build/g;s/STABLE/stable/g') destroy_rel ;; *-stable-build-latest|*-stable-BUILD-LATEST|*-STABLE-BUILD-LATEST) ## check for HardenedBSD(latest stable build release) - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/;s/build/BUILD/;s/latest/LATEST/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/;s/build/BUILD/g;s/latest/LATEST/g') destroy_rel ;; current-build-[0-9]*|CURRENT-BUILD-[0-9]*) ## check for HardenedBSD(specific current build releases) - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(current-build)-([0-9]{1,3})' | sed 's/BUILD/build/;s/CURRENT/current/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(current-build)-([0-9]{1,3})' | sed 's/BUILD/build/g;s/CURRENT/current/g') destroy_rel ;; current-build-latest|current-BUILD-LATEST|CURRENT-BUILD-LATEST) ## check for HardenedBSD(latest current build release) - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(current-build-latest)$' | sed 's/CURRENT/current/;s/build/BUILD/;s/latest/LATEST/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(current-build-latest)$' | sed 's/CURRENT/current/;s/build/BUILD/g;s/latest/LATEST/g') destroy_rel ;; Ubuntu_1804|Ubuntu_2004|UBUNTU_1804|UBUNTU_2004) ## check for Linux releases - NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(Ubuntu_1804)$|(Ubuntu_2004)$' | sed 's/UBUNTU/Ubuntu/;s/ubuntu/Ubuntu/g') + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(Ubuntu_1804)$|(Ubuntu_2004)$' | sed 's/UBUNTU/Ubuntu/g;s/ubuntu/Ubuntu/g') + destroy_rel + ;; +Debian9|Debian10|DEBIAN9|DEBIAN10) + ## check for Linux releases + NAME_VERIFY=$(echo "${TARGET}" | grep -iwE '(Debian9)$|(Debian10)$' | sed 's/DEBIAN/Debian/g') destroy_rel ;; *) From 125b8298729645d1a58b63bce12e5cfd0ad06dc9 Mon Sep 17 00:00:00 2001 From: JRGTH Date: Sat, 7 Aug 2021 13:33:57 -0400 Subject: [PATCH 7/9] Small cosmetic changes/readability --- usr/local/share/bastille/bootstrap.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 1024f4f..3bf294b 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -353,7 +353,7 @@ debootstrap_release() { # Fetch the Linux flavor info "Bootstrapping ${PLATFORM_OS} distfiles..." - if ! debootstrap --foreign --arch=${ARCH_BOOTSTRAP} --no-check-gpg ${UBUNTU_FLAVOR} "${bastille_releasesdir}"/${DIR_BOOTSTRAP}; then + if ! debootstrap --foreign --arch=${ARCH_BOOTSTRAP} --no-check-gpg ${LINUX_FLAVOR} "${bastille_releasesdir}"/${DIR_BOOTSTRAP}; then ## perform cleanup only for stale/empty directories on failure if [ "${bastille_zfs_enable}" = "YES" ]; then if [ -n "${bastille_zfs_zpool}" ]; then @@ -370,7 +370,7 @@ debootstrap_release() { error_exit "Bootstrap failed." fi - case "${UBUNTU_FLAVOR}" in + case "${LINUX_FLAVOR}" in bionic|stretch|buster) info "Increasing APT::Cache-Start" echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/${DIR_BOOTSTRAP}/etc/apt/apt.conf.d/00aptitude @@ -510,28 +510,28 @@ http?://*/*/*) #adding Ubuntu Bionic as valid "RELEASE" for POC @hackacad ubuntu_bionic|bionic|ubuntu-bionic) PLATFORM_OS="Ubuntu/Linux" - UBUNTU_FLAVOR="bionic" + LINUX_FLAVOR="bionic" DIR_BOOTSTRAP="Ubuntu_1804" ARCH_BOOTSTRAP="amd64" debootstrap_release ;; ubuntu_focal|focal|ubuntu-focal) PLATFORM_OS="Ubuntu/Linux" - UBUNTU_FLAVOR="focal" + LINUX_FLAVOR="focal" DIR_BOOTSTRAP="Ubuntu_2004" ARCH_BOOTSTRAP="amd64" debootstrap_release ;; debian_stretch|stretch|debian-stretch) PLATFORM_OS="Debian/Linux" - UBUNTU_FLAVOR="stretch" + LINUX_FLAVOR="stretch" DIR_BOOTSTRAP="Debian9" ARCH_BOOTSTRAP="amd64" debootstrap_release ;; debian_buster|buster|debian-buster) PLATFORM_OS="Debian/Linux" - UBUNTU_FLAVOR="buster" + LINUX_FLAVOR="buster" DIR_BOOTSTRAP="Debian10" ARCH_BOOTSTRAP="amd64" debootstrap_release From c0e2499dfc41f10dfb5be37c5c0a2f74752f4d57 Mon Sep 17 00:00:00 2001 From: JRGTH Date: Mon, 13 Sep 2021 05:06:23 -0400 Subject: [PATCH 8/9] Bootstrap cmd consistency updates/improvements --- usr/local/share/bastille/bootstrap.sh | 56 +++++++++++++++++++-------- 1 file changed, 39 insertions(+), 17 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 3bf294b..5e36d80 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -308,24 +308,46 @@ debootstrap_release() { #check and install OS dependencies @hackacad #ToDo: add function 'linux_pre' for sysrc etc. - if [ ! "$(sysrc -f /boot/loader.conf -n linprocfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n linsysfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n tmpfs_load)" = "YES" ]; then - warn "linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you? (N|y)" - read answer - case $answer in - [Nn][Oo]|[Nn]|"") - error_exit "Exiting." + + required_mods="linprocfs linsysfs tmpfs" + linuxarc_mods="linux linux64" + for _req_kmod in ${required_mods}; do + if [ ! "$(sysrc -f /boot/loader.conf -qn ${_req_kmod}_load)" = "YES" ]; then + warn "${_req_kmod} not enabled in /boot/loader.conf, Should I do that for you? (N|y)" + read answer + case "${answer}" in + [Nn][Oo]|[Nn]|"") + error_exit "Exiting." + ;; + [Yy][Ee][Ss]|[Yy]) + # Skip already loaded known modules. + if ! kldstat -m ${_req_kmod} >/dev/null 2>&1; then + info "Loading kernel module: ${_req_kmod}" + kldload -v ${_req_kmod} + fi + info "Persisting module: ${_req_kmod}" + sysrc -f /boot/loader.conf ${_req_kmod}_load=YES ;; - [Yy][Ee][Ss]|[Yy]) - info "Loading modules" - kldload linux linux64 linprocfs linsysfs tmpfs - info "Persisting modules" - sysrc linux_enable=YES - sysrc -f /boot/loader.conf linprocfs_load=YES - sysrc -f /boot/loader.conf linsysfs_load=YES - sysrc -f /boot/loader.conf tmpfs_load=YES - ;; - esac - fi + esac + else + # If already set in /boot/loader.conf, check and try to load the module. + if ! kldstat -m ${_req_kmod} >/dev/null 2>&1; then + info "Loading kernel module: ${_req_kmod}" + kldload -v ${_req_kmod} + fi + fi + done + + # Mandatory Linux modules/rc. + for _lin_kmod in ${linuxarc_mods}; do + if ! kldstat -n ${_lin_kmod} >/dev/null 2>&1; then + info "Loading kernel module: ${_lin_kmod}" + kldload -v ${_lin_kmod} + fi + done + if [ ! "$(sysrc -qn linux_enable)" = "YES" ]; then + sysrc linux_enable=YES + fi if ! which -s debootstrap; then warn "Debootstrap not found. Should it be installed? (N|y)" From 1e32811ea670387186b995cf0358e26d48bcc344 Mon Sep 17 00:00:00 2001 From: JRGTH Date: Mon, 20 Sep 2021 04:47:25 -0400 Subject: [PATCH 9/9] Update bootstrap.sh --- usr/local/share/bastille/bootstrap.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 5e36d80..b6a73b7 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -309,7 +309,7 @@ debootstrap_release() { #check and install OS dependencies @hackacad #ToDo: add function 'linux_pre' for sysrc etc. - required_mods="linprocfs linsysfs tmpfs" + required_mods="fdescfs linprocfs linsysfs tmpfs" linuxarc_mods="linux linux64" for _req_kmod in ${required_mods}; do if [ ! "$(sysrc -f /boot/loader.conf -qn ${_req_kmod}_load)" = "YES" ]; then