scip/jaildk
1
0
Fork 0
mirror of https://codeberg.org/scip/jaildk.git synced 2025-12-19 13:41:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: scip:develop
Branches Tags
scip:main scip:try-freebsd-agent scip:buildrelease scip:github scip:codeberg scip:develop scip:dev
scip:v2.0.5 scip:v2.0.4 scip:v2.0.3
..
compare: scip:github
Branches Tags
scip:try-freebsd-agent scip:main scip:buildrelease scip:github scip:codeberg scip:develop scip:dev
scip:v2.0.5 scip:v2.0.4 scip:v2.0.3

32 Commits
develop ... github

Author SHA1 Message Date
Thomas von Dein
b8fe0d4c11 add github note 2025-12-16 20:05:19 +01:00
T. von Dein
eabec94945 move to codeberg (#35) 2025-12-16 20:01:40 +01:00
Thomas von Dein
b5efc90d29 fix #37: match jail name to id correctly 2025-04-06 15:16:50 +02:00
Thomas von Dein
5cd15ebff6 fix #34: add documentation for pf rule generation 2025-04-01 12:55:25 +02:00
Thomas von Dein
f278760c06 fix #36: forbid cloning to existing jail if name differs 2025-04-01 09:25:38 +02:00
Thomas von Dein
fa4b9c08ef fix documentation issue #35: do not recommend invalid command line 2025-04-01 09:20:24 +02:00
T.v.Dein
5ca48c6d5c Add ci badge 2024-10-15 20:40:40 +02:00
T.v.Dein
6738e74167 Add -xe to CI run to see commands and exit immediately 2024-10-15 20:28:41 +02:00
Thomas von Dein
40371fc507 fix base src tarball 2024-10-15 19:14:48 +02:00
Thomas von Dein
b45bb280f9 manually build base, next try 2024-10-15 19:09:46 +02:00
Thomas von Dein
26cc8b20d2 add sysrc call to enable jail 2024-10-15 18:48:48 +02:00
Thomas von Dein
56a5f51585 install cpdup during prep 2024-10-15 18:45:56 +02:00
Thomas von Dein
5470154a12 do really exit 1 2024-10-15 18:45:42 +02:00
Thomas von Dein
10af21a48f another try, this time w/o make 2024-10-15 18:40:43 +02:00
Thomas von Dein
d76f960e69 not using PATH 2024-10-15 18:32:40 +02:00
Thomas von Dein
a00da3ffd4 fix yaml 2024-10-15 18:30:32 +02:00
Thomas von Dein
54fb06fc7d added ci test runner 2024-10-15 18:22:47 +02:00
T.v.Dein
aee232054b Merge pull request #28 from Culsu/main 
Fix for issue  #27
 2024-10-15 08:26:28 +02:00
Culsu
f2dde50ffc fixed an error where jaildk status was trying to find a jail called v6, also fixed some column alignment when printing the status 2024-10-14 23:42:08 +02:00
Thomas von Dein
8e893017be bump version 2024-10-06 16:22:32 +02:00
Thomas von Dein
9fcf0beb9c fix #15: do not try to execute pf if there's no ip address configured 2024-10-06 16:20:11 +02:00
Thomas von Dein
a293128eea fix #26: show correct usage after clone/create 2024-10-06 16:10:28 +02:00
Thomas von Dein
27aada4b8e fix #24 (part II): always respond to -h with usage message 2024-10-06 16:08:19 +02:00
Thomas von Dein
db33a41983 fix #24 (part I): get rid of perl, check for external programs 2024-10-06 16:04:45 +02:00
Thomas von Dein
6fad6cd2f9 Merge branch 'main' of github.com:TLINDEN/jaildk 2024-09-18 10:31:42 +02:00
Thomas von Dein
cafc20e743 implement #20: added -s parameter to base command to instal scripts 2024-09-18 10:30:55 +02:00
Thomas von Dein
cf812919cb fix #19: bootstrap pkg when building a new base 2024-09-18 10:24:23 +02:00
Thomas von Dein
e2aa249464 fix reinstall aboriting with jail -m doesnt exist 2024-09-18 10:21:44 +02:00
T.v.Dein
4dab8e10ea Merge pull request #22 from TLINDEN/develop 
Fix ipfw call
 2024-09-17 14:02:40 +02:00
Thomas von Dein
ad1333ebb0 fix #21: only execute ipfw stuff if there's an ipfw.conf 2024-09-17 13:55:20 +02:00
T.v.Dein
514d0adeda Merge pull request #18 from Culsu/main 
fixed an issue when trying to start a build-chroot with explicit base…
 2024-06-26 18:13:06 +02:00
Culsu
22e02b7ce5 fixed an issue when trying to start a build-chroot with explicit base and version, fixed an issue with optargs indices 2024-06-26 12:05:02 +02:00
4 changed files with 282 additions and 133 deletions
Expand all files Collapse all files

16
.github/assets/jail.conf vendored Normal file
View File

@@ -0,0 +1,16 @@
* {
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
allow.raw_sockets = "false";
sysvmsg = "new";
sysvsem = "new";
sysvshm = "new";
host.hostname = $name;
path = "/jail/run/$name";
exec.prestart = "/jail/bin/jaildk install $name start";
exec.clean = "true";
}
test {
ip4.addr = "172.16.0.1";
}

52
.github/workflows/ci.yaml vendored Normal file
View File

@@ -0,0 +1,52 @@
name: Test-Jaildk
on: [push]
jobs:
test:
runs-on: ubuntu-latest
name: Test jaildk on FreeBSD
steps:
- name: checkout
uses: actions/checkout@v4
- name: Test in FreeBSD
uses: vmactions/freebsd-vm@v1
id: testjaildk
with:
release: "14.1"
usesh: true
prepare: |
pkg install -y curl cpdup
run: |
freebsd-version
sysctl hw.model
sysctl hw.ncpu
sysctl hw.physmem
sysctl hw.usermem
ls -la
ifconfig em0 172.16.0.1/32 alias
ifconfig -a
set -x -e
sysrc jail_enable="YES"
cp .github/assets/jail.conf /etc/
cp src/jaildk.sh jaildk
sh jaildk setup /jail
fetch https://download.freebsd.org/ftp/releases/amd64/amd64/14.1-RELEASE/base.txz -o /jail/base/14.1-RELEASE-base.txz
mkdir -p /jail/base/14.1-RELEASE
tar -xf /jail/base/14.1-RELEASE-base.txz -C /jail/base/14.1-RELEASE --unlink
/jail/bin/jaildk create test
ls -l /jail/etc/test
/jail/bin/jaildk build test -m start
df -h /jail/build/test/etc
echo 'sshd_enable="Yes"' > /jail/build/test/usr/local/etc/rc.conf
chroot /jail/build/test /etc/rc.d/sshd keygen
/jail/bin/jaildk start test
/jail/bin/jaildk status | grep -E "test|Jail"

54
README.md
View File

@@ -1,4 +1,11 @@
## jaildk - a FreeBSD jail development kit v2.0.0 > [!CAUTION]
> This software is now being maintained on [Codeberg](https://codeberg.org/scip/leo/).
>
> However, due to limitations with woodpecker FreeBSD support, CI test workflows are still being executed here.
>
> Devs: no need to push to codeberg and github, there's a mirror script running somewhere else.
## jaildk - a FreeBSD jail development kit v2.0.4
## Breaking Changes ## Breaking Changes
@@ -143,7 +150,7 @@ For an overview of the provided commands, here's the usage screen:
Usage: ./jaildk <command> <command-args> Usage: ./jaildk <command> <command-args>
Building Jails: Building Jails:
base -b <name> [-w] - build a new base base -b <name> [-w] [-s <script>] - build a new base
build <jail> -m <mode> [-b <base>] [-v <version>] - install a build chroot of a jail build <jail> -m <mode> [-b <base>] [-v <version>] - install a build chroot of a jail
create - create a new jail from a template create - create a new jail from a template
clone -s <src> -d <dst> [-o <v>] [-n <v>] - clone an existing jail or jail version clone -s <src> -d <dst> [-o <v>] [-n <v>] - clone an existing jail or jail version
@@ -608,6 +615,45 @@ Manipulate a jail specific table:
`pfctl -a /jail/myjail -t blocked -T show` `pfctl -a /jail/myjail -t blocked -T show`
## Generating pf rule sets
It is also possible to let jaildk generate the pf rule sets from the
jail config. You can generate `map`s and `rule`s. Maps will be used
for mapping ipv4 connections and rules primarily for ipv6.
A map is defined by a name. You can define many maps. Example:
```toml
map_prom_exposed_port="9100"
map_prom_exposed_ip="172.16.1.1"
map_prom_allow_from="10.2.3.4" # optional, default: any allowed
```
Then you reference the maps like this:
```toml
maps="prom web git"
```
You can also specify the ip address used to connect to the outside:
```toml
masq_ip="172.16.1.1"
```
Rules are being used for incoming ipv6 traffic, which is being routed
only. The semtantics are the same:
```toml
rules="web git"
rule_web_proto="tcp"
rule_web_port="{80,443}"
rule_git_proto="tcp"
rule_git_port="22"
```
## Getting help ## Getting help
Although I'm happy to hear from jaildk users in private email, Although I'm happy to hear from jaildk users in private email,
@@ -615,7 +661,7 @@ that's the best way for me to forget to do something.
In order to report a bug, unexpected behavior, feature requests In order to report a bug, unexpected behavior, feature requests
or to submit a patch, please open an issue on github: or to submit a patch, please open an issue on github:
https://github.com/TLINDEN/jaildk/issues. https://codeberg.org/scip/jaildk/issues.
## Copyright and license ## Copyright and license
@@ -629,5 +675,5 @@ F.Sass (Culsu)
## Project homepage ## Project homepage
https://github.com/TLINDEN/jaildk https://codeberg.org/scip/jaildk

293
src/jaildk.sh
View File

@@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
version=2.0.0 version=2.0.5
# this will be completed during build. Don't touch it, just execute # this will be completed during build. Don't touch it, just execute
# make and use the resulting script! # make and use the resulting script!
@@ -112,7 +112,7 @@ die() {
exit 1 exit 1
} }
load-jail-config() { load_jail_config() {
local jail=$1 local jail=$1
if test -d $j/etc/$jail; then if test -d $j/etc/$jail; then
# everything inside gets global # everything inside gets global
@@ -210,12 +210,11 @@ jaildk_build() {
jail=$1 jail=$1
mode=start mode=start
shift shift
shift
BASE='' BASE=''
VERSION='' VERSION=''
while getopts "b:v:m:" arg; do OPTIND=1; while getopts "b:v:m:" arg; do
case $arg in case $arg in
b) BASE=${OPTARG};; b) BASE=${OPTARG};;
v) VERSION=${OPTARG};; v) VERSION=${OPTARG};;
@@ -224,13 +223,13 @@ jaildk_build() {
esac esac
done done
if test -z "$jail"; then if test -z "$jail" -o "$jail" = "-h"; then
usage_build usage_build
fi fi
die_if_not_exist $jail $VERSION die_if_not_exist $jail $VERSION
load-jail-config $jail load_jail_config $jail
if test -n "$VERSION"; then if test -n "$VERSION"; then
# overridden with -v # overridden with -v
@@ -240,13 +239,13 @@ jaildk_build() {
if test -n "$BASE"; then if test -n "$BASE"; then
# dito # dito
base=$BASE base=$BASE
fi else
if test -n "$buildbase"; then
if test -n "$buildbase"; then base="$buildbase"
base="$buildbase" elif test -z "$base"; then
elif test -z "$base"; then # nothing configured, use default: latest
# nothing configured, use default: latest base=`ls $j/base | tail -1`
base=`ls $j/base | tail -1` fi
fi fi
# install the jail to build/ # install the jail to build/
@@ -256,6 +255,7 @@ jaildk_build() {
start) start)
# make it usable # make it usable
ex chroot $j/build/$jail /etc/rc.d/ldconfig onestart ex chroot $j/build/$jail /etc/rc.d/ldconfig onestart
ex chroot $j/build/$jail pkg-static bootstrap -f
ex mkdir -p $j/build/$jail/usr/local/db ex mkdir -p $j/build/$jail/usr/local/db
;; ;;
esac esac
@@ -338,7 +338,12 @@ rc_pf() {
conf=$j/etc/$jail/pf.conf conf=$j/etc/$jail/pf.conf
ruleset=$j/etc/$jail/pf-ruleset.conf ruleset=$j/etc/$jail/pf-ruleset.conf
load-jail-config $jail load_jail_config $jail
if test -z "$ip" -a -z "$ip6"; then
echo "PF not supported without configured ip address!" >&2
return
fi
# TODO: # TODO:
# - put this into a separate function # - put this into a separate function
@@ -520,7 +525,7 @@ rc_ports() {
rw=$5 rw=$5
rcscript=ports rcscript=ports
load-jail-config $jail load_jail_config $jail
if test -z "$ports"; then if test -z "$ports"; then
# ports not configured, abort # ports not configured, abort
@@ -563,7 +568,7 @@ rc_mount() {
rw=$5 rw=$5
rcscript=mount rcscript=mount
load-jail-config $jail load_jail_config $jail
conf=$j/etc/$jail/$rcscript.conf conf=$j/etc/$jail/$rcscript.conf
@@ -698,7 +703,7 @@ jaildk_install() {
base='' base=''
version='' version=''
while getopts "r:b:v:wm:" arg; do OPTIND=1; while getopts "r:b:v:wm:" arg; do
case $arg in case $arg in
w) rw=1;; w) rw=1;;
b) base=${OPTARG};; b) base=${OPTARG};;
@@ -709,7 +714,7 @@ jaildk_install() {
esac esac
done done
if test -z "$jail"; then if test -z "$jail" -o "$jail" = "-h"; then
usage_install usage_install
fi fi
@@ -781,7 +786,7 @@ jaildk_uninstall() {
base='' base=''
version='' version=''
while getopts "wa" arg; do OPTIND=1; while getopts "wa" arg; do
case $arg in case $arg in
w) rw="-w";; w) rw="-w";;
a) all=1; rw="-w";; a) all=1; rw="-w";;
@@ -789,7 +794,7 @@ jaildk_uninstall() {
esac esac
done done
if test -z "$jail"; then if test -z "$jail" -o "$jail" = "-h"; then
usage_uninstall usage_uninstall
fi fi
@@ -831,6 +836,8 @@ Build a base directory from bsd install media. Options:
build stuff. Use this if you want to use the ports build stuff. Use this if you want to use the ports
collection. collection.
-f force mode, remove any old dist files. -f force mode, remove any old dist files.
-s <script> install additional scripts to /usr/bin, separate multiple
scripts with whitespace.
" "
} }
@@ -840,11 +847,13 @@ jaildk_base() {
base="" base=""
force="" force=""
rw="" rw=""
scripts=""
while getopts "b:wf" arg; do OPTIND=1; while getopts "b:wfs:" arg; do
case $arg in case $arg in
w) rw=1;; w) rw=1;;
b) base=${OPTARG};; b) base=${OPTARG};;
s) scripts="${OPTARG}";;
f) force=1;; f) force=1;;
*) usage_base;; *) usage_base;;
esac esac
@@ -927,61 +936,66 @@ var/tmp"
if test -d "$basedir"; then if test -d "$basedir"; then
echo "base $basedir already exist!" echo "base $basedir already exist!"
exit 1 exit 1
else fi
ex mkdir -p $basedir
if test -e /usr/freebsd-dist/MANIFEST; then ex mkdir -p $basedir
clean=''
if test -n "$force"; then
clean=1
else
echo "Found old dist files:"
ls -l /usr/freebsd-dist
echo -n "Want to remove them [nY]? "
read yesno
case $yesno in
y|Y) clean=1;;
*) clean='';;
esac
fi
if test -n "$clean"; then if test -e /usr/freebsd-dist/MANIFEST; then
ex rm -f /usr/freebsd-dist/* clean=''
fi if test -n "$force"; then
fi clean=1
bsdinstall jail $basedir || exit 1
if test -z "$rw"; then
# run base
for file in $removelist; do
ex rm -rf $basedir/$file
done
else else
# build base with ports support echo "Found old dist files:"
ex mkdir -p $basedir/usr/ports ls -l /usr/freebsd-dist
fi echo -n "Want to remove them [nY]? "
ex mkdir $basedir/home
ex rm -rf $basedir/var/db
ex ln -s /usr/local/db $basedir/var/db
# add some symlinks from /var to /tmp to make pkg work properly
ex rm -rf $basedir/var/tmp $basedir/var/cache $basedir/var/run
ex ln -s /tmp $basedir/var/tmp
ex ln -s /tmp $basedir/var/cache
ex ln -s /tmp $basedir/var/run
if test -n "$rw"; then
echo "You have choosen to create a build base with ports support"
echo -n "Want to fetch the ports collection now [Yn]? "
read yesno read yesno
case $yesno in case $yesno in
y|Y|yes|YES) y|Y) clean=1;;
jaildk_fetchports *) clean='';;
;;
esac esac
fi fi
if test -n "$clean"; then
ex rm -f /usr/freebsd-dist/*
fi
fi
bsdinstall jail $basedir || exit 1
if test -z "$rw"; then
# run base
for file in $removelist; do
ex rm -rf $basedir/$file
done
else
# build base with ports support
ex mkdir -p $basedir/usr/ports
fi
ex mkdir $basedir/home
ex rm -rf $basedir/var/db
ex ln -s /usr/local/db $basedir/var/db
# add some symlinks from /var to /tmp to make pkg work properly
ex rm -rf $basedir/var/tmp $basedir/var/cache $basedir/var/run
ex ln -s /tmp $basedir/var/tmp
ex ln -s /tmp $basedir/var/cache
ex ln -s /tmp $basedir/var/run
# any scripts?
for script in $scripts; do
ex install -m 755 $script -o root -g wheel $basedir/usr/bin/$script
done
if test -n "$rw"; then
echo "You have choosen to create a build base with ports support"
echo -n "Want to fetch the ports collection now [Yn]? "
read yesno
case $yesno in
y|Y|yes|YES)
jaildk_fetchports
;;
esac
fi fi
} }
@@ -1027,7 +1041,7 @@ Hints:
jaildk_clone() { jaildk_clone() {
local src new srcversion newversion update cloneto clonefrom fs srcmount dstmount opts size perm local src new srcversion newversion update cloneto clonefrom fs srcmount dstmount opts size perm
while getopts "s:d:o:n:" arg; do OPTIND=1; while getopts "s:d:o:n:" arg; do
case $arg in case $arg in
o) srcversion=${OPTARG};; o) srcversion=${OPTARG};;
n) newversion=${OPTARG};; n) newversion=${OPTARG};;
@@ -1051,10 +1065,14 @@ jaildk_clone() {
die "new version must be different from source version!" die "new version must be different from source version!"
fi fi
update=1 update=1
else
if test -e "$j/etc/$new/mount.conf" -o -e "$j/etc/$new/jail.conf"; then
die "Destination jail $new already exist, cloning would overwrite it!"
fi
fi fi
die_if_not_exist $src "Source jail" die_if_not_exist $src "Source jail"
load-jail-config $src load_jail_config $src
if test -z "$srcversion"; then if test -z "$srcversion"; then
srcversion=$version srcversion=$version
@@ -1122,7 +1140,7 @@ jaildk_clone() {
fi fi
bold "To mount the build chroot of the new jail, execute:" bold "To mount the build chroot of the new jail, execute:"
echo "jaildk build $new start" echo "jaildk build $new -m start"
echo echo
bold "To login into the build chroot" bold "To login into the build chroot"
echo "jaildk blogin $new" echo "jaildk blogin $new"
@@ -1141,7 +1159,7 @@ jaildk_clone() {
# FIXME: possibly not needed! see comment in jaildk_create() # FIXME: possibly not needed! see comment in jaildk_create()
# jail=$new # jail=$new
bold "To mount the build chroot of the new jail, execute:" bold "To mount the build chroot of the new jail, execute:"
echo "jaildk build $new start -b $base -v $newversion" echo "jaildk build $new -m start -b $base -v $newversion"
fi fi
} }
@@ -1158,7 +1176,7 @@ jaildk_create() {
src=.template src=.template
if test -z "$jail"; then if test -z "$jail" -o "$jail" = "-h"; then
usage_create usage_create
fi fi
@@ -1169,8 +1187,7 @@ jaildk_create() {
mkdir -p $j/etc/$jail mkdir -p $j/etc/$jail
jaildk_clone -s $src -d $jail -o $srcversion -n $newversion jaildk_clone -s $src -d $jail -o $srcversion -n $newversion
# some perl magic to extract the hostname (if any) from /etc/jail.conf - and write it into the jails rc.conf jailhostname=$(cat /etc/jail.conf | grep -E "^$jail" -A50 | sed '/\}/q' | grep hostname | cut -d\" -f2)
jailhostname=$(cat /etc/jail.conf | tr -d '\t\r\n ' | perl -ne '$_ =~ /.*'"$newjail"'(\{(?:\{.*\}|[^{])*\})|\w+/; print $1;' | grep -oE 'hostname=[^;]+' | cut -d= -f2)
if [ -n "$jailhostname" ]; then if [ -n "$jailhostname" ]; then
echo "new name: $jailhostname" echo "new name: $jailhostname"
echo "in path $j/etc/$jail/local-etc-$newversion/rc.conf" echo "in path $j/etc/$jail/local-etc-$newversion/rc.conf"
@@ -1199,14 +1216,14 @@ jaildk_remove() {
shift shift
version='' version=''
while getopts "v:" arg; do OPTIND=1; while getopts "v:" arg; do
case $arg in case $arg in
v) version=${OPTARG};; v) version=${OPTARG};;
*) usage_remove;; *) usage_remove;;
esac esac
done done
if test -z "$jail"; then if test -z "$jail" -o "$jail" = "-h"; then
usage_remove usage_remove
fi fi
@@ -1273,15 +1290,14 @@ jaildk_jail() {
jail=$2 jail=$2
if test "x$mode" = "xstatus"; then if test "x$mode" = "xstatus"; then
if test -z "$jail" -o "$jail" = "-h"; then
bold "Running jails:"
lookup='*'
else
bold "Status of $jail:"
lookup=$jail
fi
( (
if test -z "$jail"; then
bold "Running jails:"
lookup='*'
else
bold "Status $jail:"
lookup=$jail
fi
echo "Jail IP-Address Path Is-Running RW-mounted Current-Version Base" echo "Jail IP-Address Path Is-Running RW-mounted Current-Version Base"
grep -h "name=" $j/etc/$lookup/jail.conf | cut -d= -f2 | while read jail; do grep -h "name=" $j/etc/$lookup/jail.conf | cut -d= -f2 | while read jail; do
jid='' jid=''
@@ -1291,7 +1307,7 @@ jaildk_jail() {
build='no' build='no'
base='' base=''
load-jail-config $jail load_jail_config $jail
_eip='' _eip=''
for map in $maps; do for map in $maps; do
@@ -1303,8 +1319,8 @@ jaildk_jail() {
done done
if jls -j $jail > /dev/null 2>&1; then if jls -j $jail > /dev/null 2>&1; then
# jail is running # jail is running, get some data about jail
eval `jls -j $jail -qn | perl -n -e 'chomp; %j = map { ($a,$b) = split /=/; $a=~ s/\.//g; $a => $b } split/ /; foreach (keys %j) {print "$_=$j{$_}\n"}'` eval $(jls -j $jail -qn ip4.addr ip6.addr jid path | sed 's/\.addr/addr/g')
if test -n "$ip4addr"; then if test -n "$ip4addr"; then
ip=$ip4addr ip=$ip4addr
else else
@@ -1337,7 +1353,7 @@ jaildk_jail() {
if test -n "$jail"; then if test -n "$jail"; then
jaildk_rc $jail -m status jaildk_rc $jail -m status
fi fi
elif test -z "$jail"; then elif test -z "$jail" -o "$jail" = "-h"; then
usage_$mode usage_$mode
else else
bold "Jail $jail $mode:" bold "Jail $jail $mode:"
@@ -1384,7 +1400,7 @@ jaildk_rc() {
rcd='' rcd=''
while getopts "r:m:" arg; do OPTIND=1; while getopts "r:m:" arg; do
case $arg in case $arg in
r) rcd=${OPTARG};; r) rcd=${OPTARG};;
m) mode=${OPTARG};; m) mode=${OPTARG};;
@@ -1396,7 +1412,7 @@ jaildk_rc() {
rcd='all' rcd='all'
fi fi
if test -z "$jail" -o -z "$mode"; then if test -z "$jail" -o "$jail" = "-h" -o -z "$mode"; then
usage_rc usage_rc
fi fi
@@ -1456,7 +1472,7 @@ jaildk_blogin() {
jail=$1 jail=$1
if test -z "$jail"; then if test -z "$jail" -o "$jail" = "-h"; then
file=`basename $0` file=`basename $0`
if test "$file" = "jaildk"; then if test "$file" = "jaildk"; then
file="$0 blogin" file="$0 blogin"
@@ -1505,7 +1521,7 @@ jaildk_login() {
me=`id -u` me=`id -u`
jexec="jexec" jexec="jexec"
if test -z "$jail"; then if test -z "$jail" -o "$jail" = "-h"; then
file=`basename $0` file=`basename $0`
if test "$file" = "jaildk"; then if test "$file" = "jaildk"; then
file="$0 jlogin" file="$0 jlogin"
@@ -1516,7 +1532,7 @@ jaildk_login() {
fi fi
jid="" jid=""
jid=`jls | grep "$jail" | awk '{print $1}'` jid=$(jls -j "$jail" jid)
if test -z "$jid"; then if test -z "$jid"; then
echo "jail $jail doesn't run!" echo "jail $jail doesn't run!"
@@ -1559,7 +1575,7 @@ jaildk_reinstall() {
jail=$1 jail=$1
shift shift
while getopts "b:v:" arg; do OPTIND=1; while getopts "b:v:" arg; do
case $arg in case $arg in
b) NEWBASE=${OPTARG};; b) NEWBASE=${OPTARG};;
v) NEWVERSION=${OPTARG};; v) NEWVERSION=${OPTARG};;
@@ -1567,7 +1583,7 @@ jaildk_reinstall() {
esac esac
done done
if test -z "$jail"; then if test -z "$jail" -o "$jail" = "-h"; then
usage_reinstall usage_reinstall
fi fi
@@ -1583,7 +1599,7 @@ jaildk_reinstall() {
sync sync
if test -n "$NEWBASE" -o -n "$NEWVERSION"; then if test -n "$NEWBASE" -o -n "$NEWVERSION"; then
load-jail-config $jail load_jail_config $jail
ts=`date +%Y%m%d%H%M` ts=`date +%Y%m%d%H%M`
change='' change=''
if test $NEWBASE != $base; then if test $NEWBASE != $base; then
@@ -1607,7 +1623,7 @@ jaildk_reinstall() {
fi fi
fi fi
jaildk_install -m $jail start jaildk_install $jail -m start
jaildk_jail start $jail jaildk_jail start $jail
sleep 0.2 sleep 0.2
@@ -1644,7 +1660,11 @@ jaildk_setup() {
version=`date +%Y%m%d` version=`date +%Y%m%d`
for subdir in appl/default-$version/db/ports appl/default-$version/etc etc/.template/etc-$version etc/.template/local-etc-$version home/.template/root-$version log/.template-$version; do for subdir in appl/default-$version/db/ports \
appl/default-$version/etc \
etc/.template/etc-$version \
etc/.template/local-etc-$version \
home/.template/root-$version log/.template-$version; do
ex mkdir -p $j/$subdir ex mkdir -p $j/$subdir
done done
@@ -1761,10 +1781,10 @@ jaildk_update() {
rcscript=update rcscript=update
force='' force=''
repo="https://github.com/TLINDEN/jaildk.git" repo="https://codeberg.org/scip/jaildk.git"
mustberoot mustberoot
while getopts "f" arg; do OPTIND=1; while getopts "f" arg; do
case $arg in case $arg in
f) force=1;; f) force=1;;
*) usage_update;; *) usage_update;;
@@ -1804,7 +1824,7 @@ Fetch current portscollection, use <version> or todays timestamp as new version"
jaildk_fetchports() { jaildk_fetchports() {
local version=`date +%Y%m%d` local version=`date +%Y%m%d`
while getopts "v:" arg; do OPTIND=1; while getopts "v:" arg; do
case $arg in case $arg in
v) version=${OPTARG};; v) version=${OPTARG};;
*) usage_fetchports;; *) usage_fetchports;;
@@ -1865,7 +1885,7 @@ jaildk_freeze() {
ADDBASE="" ADDBASE=""
ADDAPPL="" ADDAPPL=""
while getopts "abv:" arg; do OPTIND=1; while getopts "abv:" arg; do
case $arg in case $arg in
a) ADDAPPL=1;; a) ADDAPPL=1;;
b) ADDBASE=1;; b) ADDBASE=1;;
@@ -1874,7 +1894,7 @@ jaildk_freeze() {
esac esac
done done
if test -z "$jail"; then if test -z "$jail" -o "$jail" = "-h"; then
usage_freeze usage_freeze
fi fi
@@ -1891,7 +1911,7 @@ jaildk_freeze() {
esac esac
fi fi
load-jail-config $jail load_jail_config $jail
if test -n "$VERSION"; then if test -n "$VERSION"; then
version=$VERSION version=$VERSION
@@ -2068,7 +2088,12 @@ jaildk_ipfw() {
jail=$1 jail=$1
while getopts "m:" arg; do if ! test -f "$j/etc/$jail/ipfw.conf"; then
# dont do anything in non-ipf shells
return
fi
OPTIND=1; while getopts "m:" arg; do
case $arg in case $arg in
m) mode=${OPTARG};; m) mode=${OPTARG};;
*) usage_ipfw;; *) usage_ipfw;;
@@ -2079,21 +2104,19 @@ jaildk_ipfw() {
usage_ipfw usage_ipfw
fi fi
if test -f "$j/etc/$jail/ipfw.conf"; then echo
echo bold "Managing IPFW Rules..."
bold "Managing IPFW Rules..." case $mode in
case $mode in start)
start) ipfw_delete $jail "y"
ipfw_delete $jail "y" ipfw_add $jail
ipfw_add $jail ;;
;; stop)
stop) ipfw_delete $jail
ipfw_delete $jail ;;
;; esac
esac bold "... done"
bold "... done" echo
echo
fi
} }
ipfw_add() { ipfw_add() {
@@ -2102,7 +2125,7 @@ ipfw_add() {
jail=$1 jail=$1
# support jail variables as well # support jail variables as well
load-jail-config $jail load_jail_config $jail
if test -z $ip; then if test -z $ip; then
# Getting current jails IP.. # Getting current jails IP..
@@ -2183,7 +2206,7 @@ jaildk_vnet() {
BRIDGE='' BRIDGE=''
while getopts "b:i:r:" arg; do OPTIND=1; while getopts "b:i:r:" arg; do
case $arg in case $arg in
b) BRIDGE=${OPTARG};; b) BRIDGE=${OPTARG};;
*) usage_vnet;; *) usage_vnet;;
@@ -2196,7 +2219,7 @@ jaildk_vnet() {
die_if_not_exist $jail die_if_not_exist $jail
load-jail-config $jail load_jail_config $jail
if test -z "$ip" -a -z "$gw"; then if test -z "$ip" -a -z "$gw"; then
usage_vnet usage_vnet
@@ -2273,7 +2296,7 @@ delete directories. Be sure to have backups available!
jaildk_prune() { jaildk_prune() {
local BASE APPL JAIL UNUSED local BASE APPL JAIL UNUSED
while getopts "baj:u" arg; do OPTIND=1; while getopts "baj:u" arg; do
case $arg in case $arg in
b) BASE=1;; b) BASE=1;;
a) APPL=1;; a) APPL=1;;
@@ -2321,7 +2344,7 @@ jaildk_prune() {
elif test -n "$JAIL"; then elif test -n "$JAIL"; then
die_if_not_exist $JAIL die_if_not_exist $JAIL
load-jail-config $JAIL load_jail_config $JAIL
if test -z "$UNUSED"; then if test -z "$UNUSED"; then
bold "Current Active jail version for jail $JAIL:" > /dev/stderr bold "Current Active jail version for jail $JAIL:" > /dev/stderr
@@ -2358,7 +2381,7 @@ jaildk_bootstrap() {
PORTS='' PORTS=''
IP='' IP=''
while getopts "i:b:v:p:a:" arg; do OPTIND=1; while getopts "i:b:v:p:a:" arg; do
case $arg in case $arg in
b) BASE=${OPTARG};; b) BASE=${OPTARG};;
v) VERSION=${OPTARG};; v) VERSION=${OPTARG};;
@@ -2369,7 +2392,7 @@ jaildk_bootstrap() {
esac esac
done done
if test -z "$jail"; then if test -z "$jail" -o "$jail" = "-h"; then
usage_bootstrap usage_bootstrap
fi fi
@@ -2458,6 +2481,16 @@ mustberoot() {
fi fi
} }
sanitycheck() {
# check if certain programs are installed
for program in cpdup; do
if ! command -v $program 2>&1 >/dev/null; then
echo "$program must be installed!" >&2
exit 1
fi
done
}
########################## ##########################
# #
# main() # main()
@@ -2482,6 +2515,8 @@ if test -z "$runner"; then
usage_jaildk usage_jaildk
fi fi
sanitycheck
case $runner in case $runner in
start|stop|restart) start|stop|restart)
# running jails # running jails