Xigmanas/xigmanas-bastille-extension
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

Improved jail update/upgrade code, obsolete code cleanup

Browse Source
This commit is contained in:
Jose
2019-12-01 09:38:52 -04:00
parent b293dc3172
commit b6a65c3e70
3 changed files with 23 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG
+1
View File
@@ -3,6 +3,7 @@
====================== ======================
Version Description Version Description
1.0.21......Improved jail update/upgrade code, obsolete code cleanup.
1.0.20......Code cleanup. 1.0.20......Code cleanup.
1.0.19......Added freebsd-update support. 1.0.19......Added freebsd-update support.
1.0.18......Added update/upgrade handling improvements. 1.0.18......Added update/upgrade handling improvements.
bastille-init
+21 -39
View File
@@ -116,6 +116,15 @@ runtime_config()
if [ ! -d ${CWDIR}/locale-bastille ]; then if [ ! -d ${CWDIR}/locale-bastille ]; then
mkdir -p ${CWDIR}/locale-bastille mkdir -p ${CWDIR}/locale-bastille
fi fi
if [ ! -d "${CWDIR}/freebsd-update" ]; then
mkdir ${CWDIR}/freebsd-update
fi
# Check for permissions.
FREEBSD_UPDATE_PERMS=$(stat -f "%Op" ${FREEBSD_UPDATE}/freebsd-update)
if [ "${FREEBSD_UPDATE_PERMS}" != 100555 ]; then
chmod 0555 ${FREEBSD_UPDATE}/freebsd-update
fi
# Set rquired zfs send/recv parameters is missing. # Set rquired zfs send/recv parameters is missing.
if ! grep -qw "ZFS_SENDPARAMS=" ${CWDIR}${EXTCONF} >/dev/null 2>&1; then if ! grep -qw "ZFS_SENDPARAMS=" ${CWDIR}${EXTCONF} >/dev/null 2>&1; then
@@ -267,6 +276,9 @@ create_addon_env()
if [ ! -d "${CWDIR}/${FULLAPPNAME}/${BASTILLEPATH}" ]; then if [ ! -d "${CWDIR}/${FULLAPPNAME}/${BASTILLEPATH}" ]; then
mkdir -p ${CWDIR}/${FULLAPPNAME}/${BASTILLEPATH} mkdir -p ${CWDIR}/${FULLAPPNAME}/${BASTILLEPATH}
fi fi
if [ ! -d "${CWDIR}/freebsd-update" ]; then
mkdir ${CWDIR}/freebsd-update
fi
# Link bastille-init to /usr/local/sbin. # Link bastille-init to /usr/local/sbin.
if [ ! -f "${USRLOCAL}/sbin/${SCRIPTNAME}" ]; then if [ ! -f "${USRLOCAL}/sbin/${SCRIPTNAME}" ]; then
@@ -594,6 +606,8 @@ jail_update()
echo "Not supported on ${PRDPRODUCT} platform." echo "Not supported on ${PRDPRODUCT} platform."
exit 1 exit 1
fi fi
else
echo "Unsupported platform!"; exit 1
fi fi
if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then
@@ -608,42 +622,36 @@ jail_update()
# Update a thick container(securelevel/allow.chflags dependent). # Update a thick container(securelevel/allow.chflags dependent).
if ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "securelevel = 0|securelevel = -1"; then if ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "securelevel = 0|securelevel = -1"; then
echo "Container securelevel is greater than zero." echo "Container securelevel is greater than zero."
disable_freebsd_update
exit 1 exit 1
elif ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "allow.chflags = 1"; then elif ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "allow.chflags = 1"; then
echo "Container allow.chflags is disabled." echo "Container allow.chflags is disabled."
disable_freebsd_update
exit 1 exit 1
fi fi
CURRENT_VERSION=$(jexec -l ${TARGET} freebsd-version) CURRENT_VERSION=$(jexec -l ${TARGET} freebsd-version)
jexec -l "${TARGET}" freebsd-update fetch install --currently-running "${CURRENT_VERSION}" jexec -l "${TARGET}" env PAGER="/bin/cat" freebsd-update --not-running-from-cron fetch install --currently-running "${CURRENT_VERSION}"
else else
echo "Container not running." echo "Container not running."
echo "See 'bastille start ${TARGET}'." echo "See 'bastille start ${TARGET}'."
disable_freebsd_update
exit 1 exit 1
fi fi
else else
echo "${TARGET} state is unknown." echo "${TARGET} state is unknown."
disable_freebsd_update
exit 1 exit 1
fi fi
else else
echo "${TARGET} is not a thick container." echo "${TARGET} is not a thick container."
disable_freebsd_update
exit 1 exit 1
fi fi
else else
if [ -d "${bastille_releasesdir}/${TARGET}" ]; then if [ -d "${bastille_releasesdir}/${TARGET}" ]; then
# Update container base(affects base child containers). # Update container base(affects base child containers).
freebsd-update -b "${bastille_releasesdir}/${TARGET}" fetch install --currently-running "${TARGET}" env PAGER="/bin/cat" ${FREEBSD_UPDATE}/freebsd-update --not-running-from-cron -f ${FREEBSD_UPDATE}/freebsd-update.conf \
-d ${CWDIR}/freebsd-update -b "${bastille_releasesdir}/${TARGET}" fetch install --currently-running "${TARGET}"
else else
echo "${TARGET} not found. See bootstrap." echo "${TARGET} not found. See bootstrap."
disable_freebsd_update
exit 1 exit 1
fi fi
fi fi
disable_freebsd_update
exit 0 exit 0
} }
@@ -717,6 +725,8 @@ thickjail_upgrade()
echo "Not supported on ${PRDPRODUCT} platform." echo "Not supported on ${PRDPRODUCT} platform."
exit 1 exit 1
fi fi
else
echo "Unsupported platform!"; exit 1
fi fi
if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then
@@ -732,59 +742,33 @@ thickjail_upgrade()
## upgrade a thick container(securelevel/allow.chflags dependent) ## upgrade a thick container(securelevel/allow.chflags dependent)
if ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "securelevel = 0|securelevel = -1"; then if ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "securelevel = 0|securelevel = -1"; then
echo "Container securelevel is greater than zero." echo "Container securelevel is greater than zero."
disable_freebsd_update
exit 1 exit 1
elif ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "allow.chflags = 1"; then elif ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "allow.chflags = 1"; then
echo "Container allow.chflags is disabled." echo "Container allow.chflags is disabled."
disable_freebsd_update
exit 1 exit 1
fi fi
echo "Below command should be run several times when asked to finish installing updates." echo "Below command should be run several times when asked to finish installing updates."
echo "bastille cmd ${TARGET} freebsd-update install" echo "bastille cmd ${TARGET} freebsd-update install"
echo
CURRENT_VERSION=$(jexec -l ${TARGET} freebsd-version) CURRENT_VERSION=$(jexec -l ${TARGET} freebsd-version)
jexec -l "${TARGET}" freebsd-update --currently-running "${CURRENT_VERSION}" -r ${RELEASE} upgrade jexec -l "${TARGET}" freebsd-update --currently-running "${CURRENT_VERSION}" -r ${RELEASE} upgrade
else else
echo "Container not running." echo "Container not running."
echo "See 'bastille start ${TARGET}'." echo "See 'bastille start ${TARGET}'."
disable_freebsd_update
exit 1 exit 1
fi fi
else else
echo "${TARGET} state is unknown." echo "${TARGET} state is unknown."
disable_freebsd_update
exit 1 exit 1
fi fi
else else
echo "${TARGET} is not a thick container." echo "${TARGET} is not a thick container."
disable_freebsd_update
exit 1 exit 1
fi fi
fi fi
disable_freebsd_update
exit 0 exit 0
} }
enable_freebsd_update()
{
if [ -d "${FREEBSD_UPDATE}" ]; then
if [ -f "${FREEBSD_UPDATE}/freebsd-update" ] && [ -f "${FREEBSD_UPDATE}/freebsd-update.conf" ]; then
chmod 555 ${FREEBSD_UPDATE}/freebsd-update
cp ${FREEBSD_UPDATE}/freebsd-update /usr/sbin/freebsd-update
cp ${FREEBSD_UPDATE}/freebsd-update.conf /etc/freebsd-update.conf
fi
fi
}
disable_freebsd_update()
{
if [ -f "/usr/sbin/freebsd-update" ]; then
rm /usr/sbin/freebsd-update
fi
if [ -f "/etc/freebsd-update.conf" ]; then
rm /etc/freebsd-update.conf
fi
}
zfs_activate() zfs_activate()
{ {
# Check if ZFS is already configured. # Check if ZFS is already configured.
@@ -946,7 +930,7 @@ remove_addon()
# Remove addon related files and folders only- # Remove addon related files and folders only-
# to protect any user-created custom files- # to protect any user-created custom files-
# as well as for the containers dirs/files. # as well as for the containers dirs/files.
FILES="conf download gui locale-bastille log bastille-dist LICENSE README.md postinit CHANGELOG version bastille-init" FILES="conf download freebsd-update gui locale-bastille log bastille-dist LICENSE README.md postinit CHANGELOG version bastille-init"
for FILE in ${FILES}; do for FILE in ${FILES}; do
if [ -f "${CWDIR}/${file}" ] || [ -d "${CWDIR}/${file}" ]; then if [ -f "${CWDIR}/${file}" ] || [ -d "${CWDIR}/${file}" ]; then
rm -rf ${CWDIR}/${FILE} rm -rf ${CWDIR}/${FILE}
@@ -1125,7 +1109,6 @@ upgrade|--upgrade)
echo "Usage: ${SCRIPTNAME} [upgrade|--upgrade] [container] [release]" echo "Usage: ${SCRIPTNAME} [upgrade|--upgrade] [container] [release]"
exit 1 exit 1
fi fi
enable_freebsd_update
thickjail_upgrade thickjail_upgrade
else else
if [ $# -gt 4 ] || [ $# -lt 4 ]; then if [ $# -gt 4 ] || [ $# -lt 4 ]; then
@@ -1141,7 +1124,6 @@ update|--update)
exit 1 exit 1
fi fi
TARGET="${2}" TARGET="${2}"
enable_freebsd_update
jail_update jail_update
;; ;;
esac esac
version
+1 -1
View File
@@ -1 +1 @@
1.0.20 1.0.21