separate stop and rm

Fix for issue  #27

.woodpecker/README.md

@@ -0,0 +1,67 @@
+## Running CI Tests with Woodpecker-CI on FreeBSD
+
+By default the woodpecker intance on Codeberg doesn't support
+FreeBSD. Running FreeBSD inside a qemu VM in a linux docker image
+didn't work. Also, this particular tool needs to run outside a jail,
+since it is a jail management tool.
+
+So, this is my setup:
+
+I deployed a freebsd VM on Hetzner Cloud: `ci-agent.daemon.de`. It
+runs the `woodpecker-agent` build for freebsd. The agent runs as rool
+directly on the host. This is a security risk and the reason why we
+use a VM.
+
+The VM does **NOT** run continuously. So in order to execute
+workflows, first unsuspend the VM:
+
+```default
+hcloud server poweron ci-agent
+```
+
+When it's running, execute workflows (i.e. push).
+
+## Setup
+
+Deploy a new FreeBSD VM using the latest freebsd-snapshot.
+
+Upgrade to latest Release (or the one you want to run tests on).
+
+Clone [woodpecker-ci](https://github.com/woodpecker-ci/woodpecker).
+
+Execute:
+
+```default
+make build-agent GOOS=freebsd
+```
+
+Clone [plugin-git](https://github.com/woodpecker-ci/plugin-git.git)
+
+Execute:
+
+```default
+GOOS=freebsd go build
+```
+
+Copy the newly built binaries `dist/woodpecker-agent` into the VM to
+`/usr/local/bin`.
+
+```default
+scp woodpecker-ci/dist/woodpecker-agent agent:/usr/local/bin/
+scp plugin-git/plugin-git agent:/usr/local/bin/
+```
+
+Add the agent token to `/etc/rc.conf`:
+
+```sh
+woodpeckeragent_enable=YES
+woodpeckeragent_token=*****
+```
+
+Create the [rc-Script](woodpeckeragent.sh) in
+`/usr/local/etc/rc.d/woodpeckeragent`.
+
+Install `git-lfs`: `pkg install bash cpdup git git-lfs`.
+
+
+Start it: `service woodpeckeragent start`

.woodpecker/assets/jail.conf

@@ -0,0 +1,16 @@
+* {
+    exec.start = "/bin/sh /etc/rc";
+    exec.stop = "/bin/sh /etc/rc.shutdown";
+    allow.raw_sockets = "false";
+    sysvmsg = "new";
+    sysvsem = "new";
+    sysvshm = "new";
+    host.hostname = $name;
+    path = "/jail/run/$name"; 
+    exec.prestart = "/jail/bin/jaildk install $name start";
+    exec.clean = "true";
+}
+
+test {
+     ip4.addr = "172.16.0.1";
+}

.woodpecker/build.yaml

@@ -0,0 +1,55 @@
+#
+# CAUTION: this pipeline  needs a FreeBSD VM, refer  for the README.md
+# in this directory for details!
+
+matrix:
+  release:
+    - 14.3-RELEASE-p7
+  releaselink:
+    - 14.3-RELEASE
+
+labels:
+  platform: freebsd/amd64
+
+steps:
+  test:
+    image: bash
+    when:
+      event: [push]
+    commands:
+      - freebsd-version
+      - uname -a
+      - sysctl hw.model
+      - sysctl hw.ncpu
+      - sysctl hw.physmem
+      - sysctl hw.usermem
+
+      # clean up earlier runs, if any
+      - if jls | grep -q test; then jail -r test; fi
+      - mount | cut -d' ' -f3 | grep /jail | sed '1!G;h;$!d' | while read D; do umount $D; done
+      - chflags -R noschg /jail
+      - rm -rf /jail
+      
+      - ifconfig vtnet0 172.16.0.1/32 alias
+      - ifconfig vtnet0
+
+      - sysrc jail_enable="YES"
+      - cp .woodpecker/assets/jail.conf /etc/
+
+      - cp src/jaildk.sh jaildk
+      - sh jaildk setup /jail
+
+      - if ! test -e /jail/base/${release}-base.txz; then fetch https://download.freebsd.org/ftp/releases/amd64/amd64/${releaselink}/base.txz -o /jail/base/${release}-base.txz; fi
+      - mkdir -p /jail/base/${release}
+      - tar -xf /jail/base/${release}-base.txz -C /jail/base/${release} --unlink
+
+      - /jail/bin/jaildk create test
+      - ls -l /jail/etc/test
+      - /jail/bin/jaildk build test -m start
+      - df -h /jail/build/test/etc
+
+      - echo 'sshd_enable="Yes"' > /jail/build/test/usr/local/etc/rc.conf
+      - chroot /jail/build/test /etc/rc.d/sshd keygen
+
+      - /jail/bin/jaildk start test
+      - /jail/bin/jaildk status | grep -E "test|Jail"

.woodpecker/release.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+# This is my own simple codeberg generic releaser. It takes to
+# binaries to be uploaded as arguments and takes every other args from
+# env. Works on tags or normal commits (push), tags must start with v.
+
+
+set -e
+
+die() {
+    echo $*
+    exit 1
+}
+
+if test -z "$DEPLOY_TOKEN"; then
+    die "token DEPLOY_TOKEN not set"
+fi
+
+git fetch --all
+
+# determine current tag or commit hash
+version="$CI_COMMIT_TAG"
+previous=""
+log=""
+if test -z "$version"; then
+    version="${CI_COMMIT_SHA:0:6}"
+    log=$(git log -1 --oneline)
+else
+    previous=$(git tag -l | grep -E "^v" | tac | grep -A1 "$version" | tail -1)
+    log=$(git log -1 --oneline "${previous}..${version}" | sed 's|^|- |g')
+fi
+
+# release body
+printf "# Changes\n\n %s\n" "$log" > body.txt
+
+# create the release
+https --ignore-stdin --check-status -b -A bearer -a "$DEPLOY_TOKEN" POST \
+      "https://codeberg.org/api/v1/repos/${CI_REPO_OWNER}/${CI_REPO_NAME}/releases" \
+      tag_name="$version" name="Release $version" body=@body.txt > release.json
+
+# we need the id to upload files
+ID=$(jq -r .id < release.json)
+
+if test -z "$ID"; then
+    cat release.json
+    die "failed to create release"
+fi
+
+# actually upload
+for file in "$@"; do
+    https --ignore-stdin --check-status -A bearer -a "$DEPLOY_TOKEN" -f POST \
+          "https://codeberg.org/api/v1/repos/${CI_REPO_OWNER}/${CI_REPO_NAME}/releases/$ID/assets" \
+          "name=${file}" "attachment@${file}"
+done

.woodpecker/release.yaml

@@ -0,0 +1,28 @@
+# build release
+
+labels:
+  platform: linux/amd64
+    
+steps:
+  compile:
+    when:
+      event: [tag,manual]
+    image: alpine:latest
+    commands:
+      - apk update
+      - apk add --no-cache bash git build-base
+      - make
+      - file ${CI_REPO_NAME}
+      - mv ${CI_REPO_NAME} ${CI_REPO_NAME}-freebsd-all-$CI_COMMIT_TAG
+
+  release:
+    image: alpine:latest
+    when:
+      event: [tag,manual]
+    environment:
+      DEPLOY_TOKEN:
+        from_secret: DEPLOY_TOKEN
+    commands:
+      - apk update
+      - apk add --no-cache bash httpie jq git
+      - .woodpecker/release.sh ${CI_REPO_NAME}-*

.woodpecker/woodpeckeragent.sh

@@ -0,0 +1,37 @@
+#!/bin/sh
+
+# PROVIDE: woodpeckeragent
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# woodpeckeragent_enable (bool):          Set to NO by default.
+#               Set it to YES to enable woodpeckeragent.
+
+. /etc/rc.subr
+
+name=woodpeckeragent
+rcvar=woodpeckeragent_enable
+
+load_rc_config $name
+
+: ${woodpeckeragent_enable:="NO"}
+: ${woodpeckeragent_token:="foo"}
+: ${woodpeckeragent_server:="grpc.ci.codeberg.org"}
+
+
+pidfile=/var/run/woodpeckeragent.pid
+command="/usr/sbin/daemon"
+procname="/usr/local/bin/woodpecker-agent"
+command_args="-f -p ${pidfile} -T ${name} \
+    /usr/bin/env PATH=$PATH:/usr/local/bin ${procname} \
+    --server ${woodpeckeragent_server} \
+    --grpc-token ${woodpeckeragent_token} \
+    --grpc-secure true \
+    --agent-config /tmp/woodpecker-agent \
+    --log-level debug"
+
+load_rc_config $name
+run_rc_command "$1"

README.md

@@ -1,4 +1,6 @@
-## jaildk - a FreeBSD jail development kit v2.0.0
+[![Test status](https://github.com/tlinden/jaildk/actions/workflows/ci.yaml/badge.svg)](https://github.com/tlinden/jaildk/actions/)
+
+## jaildk - a FreeBSD jail development kit v2.0.4
 
 ## Breaking Changes
 
@@ -143,7 +145,7 @@ For an overview of the provided commands, here's the usage screen:
 Usage: ./jaildk <command> <command-args>
 
 Building Jails:
-base -b <name> [-w]                               - build a new base
+base -b <name> [-w] [-s <script>]                 - build a new base
 build <jail> -m <mode> [-b <base>] [-v <version>] - install a build chroot of a jail
 create                                            - create a new jail from a template
 clone -s <src> -d <dst> [-o <v>] [-n <v>]         - clone an existing jail or jail version
@@ -608,6 +610,45 @@ Manipulate a jail specific table:
 
 `pfctl  -a /jail/myjail -t blocked -T show`
 
+## Generating pf rule sets
+
+It is also possible to let jaildk generate the pf rule sets from the
+jail config. You can generate `map`s and `rule`s. Maps will be used
+for mapping ipv4 connections and rules primarily for ipv6.
+
+A map is defined by a name. You can define many maps. Example:
+
+```toml
+map_prom_exposed_port="9100"
+map_prom_exposed_ip="172.16.1.1"
+map_prom_allow_from="10.2.3.4" # optional, default: any allowed
+```
+
+Then you reference the maps like this:
+
+```toml
+maps="prom web git"
+```
+
+You can also specify the ip address used to connect to the outside:
+
+```toml
+masq_ip="172.16.1.1"
+```
+
+Rules are being used for incoming ipv6 traffic, which is being routed
+only. The semtantics are the same:
+
+```toml
+rules="web git"
+
+rule_web_proto="tcp"
+rule_web_port="{80,443}"
+
+rule_git_proto="tcp"
+rule_git_port="22"
+```
+
 ## Getting help
 
 Although I'm happy to hear from jaildk users in private email,
@@ -615,7 +656,7 @@ that's the best way for me to forget to do something.
 
 In order to report a bug, unexpected behavior, feature requests
 or to submit a patch, please open an issue on github:
-https://github.com/TLINDEN/jaildk/issues.
+https://codeberg.org/scip/jaildk/issues.
 
 ## Copyright and license
 
@@ -629,5 +670,5 @@ F.Sass (Culsu)
 
 ## Project homepage
 
-https://github.com/TLINDEN/jaildk
+https://codeberg.org/scip/jaildk
 

src/jaildk.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-version=2.0.0
+version=2.0.5
 
 # this will  be completed during  build. Don't touch it,  just execute
 # make and use the resulting script!
@@ -112,7 +112,7 @@ die() {
     exit 1
 }
 
-load-jail-config() {
+load_jail_config() {
     local jail=$1
     if test -d $j/etc/$jail; then
         # everything inside gets global
@@ -210,12 +210,11 @@ jaildk_build() {
     jail=$1
     mode=start
     shift
-    shift
     
     BASE=''
     VERSION=''
 
-    while getopts "b:v:m:" arg; do
+    OPTIND=1; while getopts "b:v:m:" arg; do
         case $arg in
             b) BASE=${OPTARG};;
             v) VERSION=${OPTARG};;
@@ -224,13 +223,13 @@ jaildk_build() {
         esac
     done
 
-    if test -z "$jail"; then
+    if test -z "$jail" -o "$jail" = "-h"; then
         usage_build
     fi
 
     die_if_not_exist $jail $VERSION
 
-    load-jail-config $jail
+    load_jail_config $jail
 
     if test -n "$VERSION"; then
         # overridden with -v
@@ -240,14 +239,14 @@ jaildk_build() {
     if test -n "$BASE"; then
         # dito
         base=$BASE
-    fi
-
+    else
         if test -n "$buildbase"; then
             base="$buildbase"
         elif test -z "$base"; then
             # nothing configured, use default: latest
             base=`ls $j/base | tail -1`
         fi
+    fi
 
     # install the jail to build/
     jaildk_install $jail -m $mode -r all -w -b $base -v $version
@@ -256,6 +255,7 @@ jaildk_build() {
         start)
             # make it usable
             ex chroot $j/build/$jail /etc/rc.d/ldconfig onestart
+            ex chroot $j/build/$jail pkg-static bootstrap -f
             ex mkdir -p $j/build/$jail/usr/local/db
             ;;
     esac
@@ -338,7 +338,12 @@ rc_pf() {
     conf=$j/etc/$jail/pf.conf
     ruleset=$j/etc/$jail/pf-ruleset.conf
     
-    load-jail-config $jail
+    load_jail_config $jail
+
+    if test -z "$ip" -a -z "$ip6"; then
+        echo "PF not supported without configured ip address!" >&2
+        return
+    fi
     
     # TODO:
     # - put this into a separate function
@@ -520,7 +525,7 @@ rc_ports() {
     rw=$5
     rcscript=ports
 
-    load-jail-config $jail
+    load_jail_config $jail
 
     if test -z "$ports"; then
         # ports not configured, abort
@@ -563,7 +568,7 @@ rc_mount() {
     rw=$5
     rcscript=mount
 
-    load-jail-config $jail
+    load_jail_config $jail
 
     conf=$j/etc/$jail/$rcscript.conf
 
@@ -698,7 +703,7 @@ jaildk_install() {
     base=''
     version=''
 
-    while getopts "r:b:v:wm:" arg; do
+    OPTIND=1; while getopts "r:b:v:wm:" arg; do
         case $arg in
             w) rw=1;;
             b) base=${OPTARG};;
@@ -709,7 +714,7 @@ jaildk_install() {
         esac
     done
 
-    if test -z "$jail"; then
+    if test -z "$jail" -o "$jail" = "-h"; then
         usage_install
     fi
 
@@ -781,7 +786,7 @@ jaildk_uninstall() {
     base=''
     version=''
 
-    while getopts "wa" arg; do
+    OPTIND=1; while getopts "wa" arg; do
         case $arg in
             w) rw="-w";;
             a) all=1; rw="-w";;
@@ -789,7 +794,7 @@ jaildk_uninstall() {
         esac
     done
 
-    if test -z "$jail"; then
+    if test -z "$jail" -o "$jail" = "-h"; then
         usage_uninstall
     fi
 
@@ -831,6 +836,8 @@ Build a base directory from bsd install media. Options:
               build stuff. Use this if you want to use the ports
               collection.
 -f            force mode, remove any old dist files.
+-s <script>   install additional scripts to /usr/bin, separate multiple
+              scripts with whitespace.
 "
 }
 
@@ -840,11 +847,13 @@ jaildk_base() {
     base=""
     force=""
     rw=""
+    scripts=""
 
-    while getopts "b:wf" arg; do
+    OPTIND=1; while getopts "b:wfs:" arg; do
         case $arg in
             w) rw=1;;
             b) base=${OPTARG};;
+            s) scripts="${OPTARG}";;
             f) force=1;;
             *) usage_base;;
         esac
@@ -927,7 +936,8 @@ var/tmp"
     if test -d "$basedir"; then
         echo "base $basedir already exist!"
         exit 1
-    else
+    fi
+
     ex mkdir -p $basedir
 
     if test -e /usr/freebsd-dist/MANIFEST; then
@@ -972,6 +982,11 @@ var/tmp"
     ex ln -s /tmp $basedir/var/cache
     ex ln -s /tmp $basedir/var/run
 
+    # any scripts?
+    for script in $scripts; do
+        ex install -m 755 $script -o root -g wheel $basedir/usr/bin/$script
+    done
+    
     if test -n "$rw"; then
         echo "You have choosen to create a build base with ports support"
         echo -n "Want to fetch the ports collection now [Yn]? "
@@ -982,7 +997,6 @@ var/tmp"
                 ;;
         esac
     fi
-    fi
 }
 
 clone() {
@@ -1027,7 +1041,7 @@ Hints:
 jaildk_clone() {
     local src new srcversion newversion update cloneto clonefrom fs srcmount dstmount opts size perm
 
-    while getopts "s:d:o:n:" arg; do
+    OPTIND=1; while getopts "s:d:o:n:" arg; do
         case $arg in
             o) srcversion=${OPTARG};;
             n) newversion=${OPTARG};;
@@ -1051,10 +1065,14 @@ jaildk_clone() {
             die "new version must be different from source version!"
         fi
         update=1
+    else
+        if test -e "$j/etc/$new/mount.conf" -o -e "$j/etc/$new/jail.conf"; then
+            die "Destination jail $new already exist, cloning would overwrite it!"
+        fi
     fi
 
     die_if_not_exist $src "Source jail"
-    load-jail-config $src
+    load_jail_config $src
 
     if test -z "$srcversion"; then
         srcversion=$version
@@ -1122,7 +1140,7 @@ jaildk_clone() {
         fi
 
         bold "To mount the build chroot of the new jail, execute:"
-        echo "jaildk build $new start"
+        echo "jaildk build $new -m start"
         echo
         bold "To login into the build chroot"
         echo "jaildk blogin $new"
@@ -1141,7 +1159,7 @@ jaildk_clone() {
         # FIXME: possibly not needed! see comment in jaildk_create()
         # jail=$new
         bold "To mount the build chroot of the new jail, execute:"
-        echo "jaildk build $new start -b $base -v $newversion"
+        echo "jaildk build $new -m start -b $base -v $newversion"
     fi
 }
 
@@ -1158,7 +1176,7 @@ jaildk_create() {
     
     src=.template
     
-    if test -z "$jail"; then
+    if test -z "$jail" -o "$jail" = "-h"; then
         usage_create
     fi
 
@@ -1169,8 +1187,7 @@ jaildk_create() {
     mkdir -p $j/etc/$jail
     
     jaildk_clone -s $src -d $jail -o $srcversion -n $newversion
-    # some perl magic to extract the hostname (if any) from /etc/jail.conf - and write it into the jails rc.conf
-    jailhostname=$(cat /etc/jail.conf | tr -d '\t\r\n ' | perl -ne '$_ =~ /.*'"$newjail"'(\{(?:\{.*\}|[^{])*\})|\w+/; print $1;' | grep -oE 'hostname=[^;]+' | cut -d= -f2)
+    jailhostname=$(cat /etc/jail.conf | grep -E "^$jail" -A50 | sed '/\}/q' | grep hostname | cut -d\" -f2)
     if [ -n "$jailhostname" ]; then
         echo "new name: $jailhostname"
         echo "in path $j/etc/$jail/local-etc-$newversion/rc.conf"
@@ -1199,14 +1216,14 @@ jaildk_remove() {
     shift
     version=''
 
-    while getopts "v:" arg; do
+    OPTIND=1; while getopts "v:" arg; do
         case $arg in
             v) version=${OPTARG};;
             *) usage_remove;;
         esac
     done
 
-    if test -z "$jail"; then
+    if test -z "$jail" -o "$jail" = "-h"; then
         usage_remove
     fi
 
@@ -1273,15 +1290,14 @@ jaildk_jail() {
     jail=$2
 
     if test "x$mode" = "xstatus"; then
-        (
-            if test -z "$jail"; then
+        if test -z "$jail" -o "$jail" = "-h"; then
             bold "Running jails:"
             lookup='*'
         else
-                bold "Status $jail:"
+            bold "Status of $jail:"
             lookup=$jail
         fi
-
+        (
             echo "Jail IP-Address Path Is-Running RW-mounted Current-Version Base"
             grep -h "name=" $j/etc/$lookup/jail.conf | cut -d= -f2 | while read jail; do
                 jid=''
@@ -1291,7 +1307,7 @@ jaildk_jail() {
                 build='no'
                 base=''
 
-                load-jail-config $jail
+                load_jail_config $jail
 
                 _eip=''
                 for map in $maps; do
@@ -1303,8 +1319,8 @@ jaildk_jail() {
                 done
 
                 if jls -j $jail > /dev/null 2>&1; then
-                    # jail is running
-                    eval `jls -j $jail -qn | perl -n -e 'chomp; %j = map { ($a,$b) = split /=/; $a=~ s/\.//g; $a => $b } split/ /; foreach (keys %j) {print "$_=$j{$_}\n"}'`
+                    # jail is running, get some data about jail
+                    eval $(jls -j $jail -qn ip4.addr ip6.addr jid path | sed 's/\.addr/addr/g')
                     if test -n "$ip4addr"; then
                         ip=$ip4addr
                     else
@@ -1337,7 +1353,7 @@ jaildk_jail() {
         if test -n "$jail"; then
             jaildk_rc $jail -m status
         fi
-    elif test -z "$jail"; then
+    elif test -z "$jail" -o "$jail" = "-h"; then
         usage_$mode
     else
         bold "Jail $jail $mode:"
@@ -1384,7 +1400,7 @@ jaildk_rc() {
     
     rcd=''
 
-    while getopts "r:m:" arg; do
+    OPTIND=1; while getopts "r:m:" arg; do
         case $arg in
             r) rcd=${OPTARG};;
             m) mode=${OPTARG};;
@@ -1396,7 +1412,7 @@ jaildk_rc() {
         rcd='all'
     fi
 
-    if test -z "$jail" -o -z "$mode"; then
+    if test -z "$jail" -o "$jail" = "-h" -o -z "$mode"; then
         usage_rc
     fi
 
@@ -1456,7 +1472,7 @@ jaildk_blogin() {
 
     jail=$1
 
-    if test -z "$jail"; then
+    if test -z "$jail" -o "$jail" = "-h"; then
         file=`basename $0`
         if test "$file" = "jaildk"; then
             file="$0 blogin"
@@ -1505,7 +1521,7 @@ jaildk_login() {
     me=`id -u` 
     jexec="jexec"
 
-    if test -z "$jail"; then
+    if test -z "$jail" -o "$jail" = "-h"; then
         file=`basename $0`
         if test "$file" = "jaildk"; then
             file="$0 jlogin"
@@ -1516,7 +1532,7 @@ jaildk_login() {
     fi
 
     jid=""
-    jid=`jls | grep "$jail" | awk '{print $1}'`
+    jid=$(jls -j "$jail" jid)
 
     if test -z "$jid"; then
         echo "jail $jail doesn't run!"
@@ -1559,7 +1575,7 @@ jaildk_reinstall() {
     jail=$1
     shift
 
-    while getopts "b:v:" arg; do
+    OPTIND=1; while getopts "b:v:" arg; do
         case $arg in
             b) NEWBASE=${OPTARG};;
             v) NEWVERSION=${OPTARG};;
@@ -1567,7 +1583,7 @@ jaildk_reinstall() {
         esac
     done
 
-    if test -z "$jail"; then
+    if test -z "$jail" -o "$jail" = "-h"; then
         usage_reinstall
     fi
 
@@ -1583,7 +1599,7 @@ jaildk_reinstall() {
     sync
 
     if test -n "$NEWBASE" -o -n "$NEWVERSION"; then
-        load-jail-config $jail
+        load_jail_config $jail
         ts=`date +%Y%m%d%H%M`
         change=''
         if test $NEWBASE != $base; then
@@ -1607,7 +1623,7 @@ jaildk_reinstall() {
         fi
     fi
 
-    jaildk_install -m $jail start
+    jaildk_install $jail -m start
     jaildk_jail start $jail
 
     sleep 0.2
@@ -1644,7 +1660,11 @@ jaildk_setup() {
 
     version=`date +%Y%m%d`
 
-    for subdir in appl/default-$version/db/ports appl/default-$version/etc etc/.template/etc-$version etc/.template/local-etc-$version home/.template/root-$version log/.template-$version; do
+    for subdir in appl/default-$version/db/ports \
+                      appl/default-$version/etc \
+                      etc/.template/etc-$version \
+                      etc/.template/local-etc-$version \
+                      home/.template/root-$version log/.template-$version; do
         ex mkdir -p $j/$subdir
     done
 
@@ -1761,10 +1781,10 @@ jaildk_update() {
     rcscript=update
     force=''
 
-    repo="https://github.com/TLINDEN/jaildk.git"
+    repo="https://codeberg.org/scip/jaildk.git"
     mustberoot
 
-    while getopts "f" arg; do
+    OPTIND=1; while getopts "f" arg; do
         case $arg in
             f) force=1;;
             *) usage_update;;
@@ -1804,7 +1824,7 @@ Fetch current portscollection, use <version> or todays timestamp as new version"
 jaildk_fetchports() {
     local version=`date +%Y%m%d`
 
-    while getopts "v:" arg; do
+    OPTIND=1; while getopts "v:" arg; do
         case $arg in
             v) version=${OPTARG};;
             *) usage_fetchports;;
@@ -1865,7 +1885,7 @@ jaildk_freeze() {
     ADDBASE=""
     ADDAPPL=""
 
-    while getopts "abv:" arg; do
+    OPTIND=1; while getopts "abv:" arg; do
         case $arg in
             a) ADDAPPL=1;;
             b) ADDBASE=1;;
@@ -1874,7 +1894,7 @@ jaildk_freeze() {
         esac
     done
     
-    if test -z "$jail"; then
+    if test -z "$jail" -o "$jail" = "-h"; then
         usage_freeze
     fi
 
@@ -1891,7 +1911,7 @@ jaildk_freeze() {
         esac
     fi
 
-    load-jail-config $jail
+    load_jail_config $jail
 
     if test -n "$VERSION"; then
         version=$VERSION
@@ -2068,7 +2088,12 @@ jaildk_ipfw() {
 
     jail=$1
 
-    while getopts "m:" arg; do
+    if ! test -f "$j/etc/$jail/ipfw.conf"; then
+        # dont do anything in non-ipf shells
+        return
+    fi
+
+    OPTIND=1; while getopts "m:" arg; do
         case $arg in
             m) mode=${OPTARG};;
             *) usage_ipfw;;
@@ -2079,7 +2104,6 @@ jaildk_ipfw() {
         usage_ipfw
     fi
 
-    if test -f "$j/etc/$jail/ipfw.conf"; then
     echo
     bold "Managing IPFW Rules..."
     case $mode in
@@ -2093,7 +2117,6 @@ jaildk_ipfw() {
     esac
     bold "... done"
     echo
-    fi
 }
 
 ipfw_add() {
@@ -2102,7 +2125,7 @@ ipfw_add() {
     jail=$1
 
     # support jail variables as well
-    load-jail-config $jail
+    load_jail_config $jail
 
     if test -z $ip; then
         # Getting current jails IP..
@@ -2183,7 +2206,7 @@ jaildk_vnet() {
 
     BRIDGE=''
 
-    while getopts "b:i:r:" arg; do
+    OPTIND=1; while getopts "b:i:r:" arg; do
         case $arg in
             b) BRIDGE=${OPTARG};;
             *) usage_vnet;;
@@ -2196,7 +2219,7 @@ jaildk_vnet() {
 
     die_if_not_exist $jail
 
-    load-jail-config $jail
+    load_jail_config $jail
 
     if test -z "$ip" -a -z "$gw"; then
         usage_vnet
@@ -2273,7 +2296,7 @@ delete directories. Be sure to have backups available!
 jaildk_prune() {
     local BASE APPL JAIL UNUSED
 
-    while getopts "baj:u" arg; do
+    OPTIND=1; while getopts "baj:u" arg; do
         case $arg in
             b) BASE=1;;
             a) APPL=1;;
@@ -2321,7 +2344,7 @@ jaildk_prune() {
 
     elif test -n "$JAIL"; then
         die_if_not_exist $JAIL
-        load-jail-config $JAIL
+        load_jail_config $JAIL
 
         if test -z "$UNUSED"; then
             bold "Current Active jail version for jail $JAIL:" > /dev/stderr
@@ -2358,7 +2381,7 @@ jaildk_bootstrap() {
     PORTS=''
     IP=''
 
-    while getopts "i:b:v:p:a:" arg; do
+    OPTIND=1; while getopts "i:b:v:p:a:" arg; do
         case $arg in
             b) BASE=${OPTARG};;
             v) VERSION=${OPTARG};;
@@ -2369,7 +2392,7 @@ jaildk_bootstrap() {
         esac
     done
 
-    if test -z "$jail"; then
+    if test -z "$jail" -o "$jail" = "-h"; then
         usage_bootstrap
     fi
 
@@ -2458,6 +2481,16 @@ mustberoot() {
     fi
 }
 
+sanitycheck() {
+    # check if certain programs are installed
+    for program in cpdup; do
+        if ! command -v $program 2>&1 >/dev/null; then
+            echo "$program must be installed!" >&2
+            exit 1
+        fi
+    done
+}
+
 ##########################
 #
 # main()
@@ -2482,6 +2515,8 @@ if test -z "$runner"; then
     usage_jaildk
 fi
 
+sanitycheck
+
 case $runner in
     start|stop|restart)
         # running jails