fix tar

Fix for issue  #27

.woodpecker/README.md

@@ -0,0 +1,67 @@
+## Running CI Tests with Woodpecker-CI on FreeBSD
+
+By default the woodpecker intance on Codeberg doesn't support
+FreeBSD. Running FreeBSD inside a qemu VM in a linux docker image
+didn't work. Also, this particular tool needs to run outside a jail,
+since it is a jail management tool.
+
+So, this is my setup:
+
+I deployed a freebsd VM on Hetzner Cloud: `ci-agent.daemon.de`. It
+runs the `woodpecker-agent` build for freebsd. The agent runs as rool
+directly on the host. This is a security risk and the reason why we
+use a VM.
+
+The VM does **NOT** run continuously. So in order to execute
+workflows, first unsuspend the VM:
+
+```default
+hcloud server poweron ci-agent
+```
+
+When it's running, execute workflows (i.e. push).
+
+## Setup
+
+Deploy a new FreeBSD VM using the latest freebsd-snapshot.
+
+Upgrade to latest Release (or the one you want to run tests on).
+
+Clone [woodpecker-ci](https://github.com/woodpecker-ci/woodpecker).
+
+Execute:
+
+```default
+make build-agent GOOS=freebsd
+```
+
+Clone [plugin-git](https://github.com/woodpecker-ci/plugin-git.git)
+
+Execute:
+
+```default
+GOOS=freebsd go build
+```
+
+Copy the newly built binaries `dist/woodpecker-agent` into the VM to
+`/usr/local/bin`.
+
+```default
+scp woodpecker-ci/dist/woodpecker-agent agent:/usr/local/bin/
+scp plugin-git/plugin-git agent:/usr/local/bin/
+```
+
+Add the agent token to `/etc/rc.conf`:
+
+```sh
+woodpeckeragent_enable=YES
+woodpeckeragent_token=*****
+```
+
+Create the [rc-Script](woodpeckeragent.sh) in
+`/usr/local/etc/rc.d/woodpeckeragent`.
+
+Install `git-lfs`: `pkg install bash cpdup git git-lfs`.
+
+
+Start it: `service woodpeckeragent start`

.woodpecker/assets/jail.conf

@@ -0,0 +1,16 @@
+* {
+    exec.start = "/bin/sh /etc/rc";
+    exec.stop = "/bin/sh /etc/rc.shutdown";
+    allow.raw_sockets = "false";
+    sysvmsg = "new";
+    sysvsem = "new";
+    sysvshm = "new";
+    host.hostname = $name;
+    path = "/jail/run/$name"; 
+    exec.prestart = "/jail/bin/jaildk install $name start";
+    exec.clean = "true";
+}
+
+test {
+     ip4.addr = "172.16.0.1";
+}

.woodpecker/build.yaml

@@ -0,0 +1,53 @@
+#
+# CAUTION: this pipeline  needs a FreeBSD VM, refer  for the README.md
+# in this directory for details!
+
+matrix:
+  release:
+    - 14.3-RELEASE-p7
+  releaselink:
+    - 14.3-RELEASE
+
+labels:
+  platform: freebsd/amd64
+
+steps:
+  test:
+    image: bash
+    when:
+      event: [push]
+    commands:
+      - freebsd-version
+      - uname -a
+      - sysctl hw.model
+      - sysctl hw.ncpu
+      - sysctl hw.physmem
+      - sysctl hw.usermem
+
+      # clean up earlier runs, if any
+      - if jls | grep -q test; then jail -r test; fi
+      - mount | cut -d' ' -f3 | grep /jail | sed '1!G;h;$!d' | while read D; do umount $D; done
+      - chflags -R noschg /jail
+      - rm -rf /jail
+      
+      - ifconfig vtnet0 172.16.0.1/32 alias
+      - ifconfig vtnet0
+
+      - sysrc jail_enable="YES"
+      - cp .woodpecker/assets/jail.conf /etc/
+
+      - cp src/jaildk.sh jaildk
+      - sh jaildk setup /jail
+
+      - if ! test -e /jail/base/${release}-base.txz; then fetch https://download.freebsd.org/ftp/releases/amd64/amd64/${releaselink}/base.txz -o /jail/base/${release}-base.txz; mkdir -p /jail/base/${release}; tar -xf /jail/base/${release}-base.txz -C /jail/base/${release} --unlink; fi
+
+      - /jail/bin/jaildk create test
+      - ls -l /jail/etc/test
+      - /jail/bin/jaildk build test -m start
+      - df -h /jail/build/test/etc
+
+      - echo 'sshd_enable="Yes"' > /jail/build/test/usr/local/etc/rc.conf
+      - chroot /jail/build/test /etc/rc.d/sshd keygen
+
+      - /jail/bin/jaildk start test
+      - /jail/bin/jaildk status | grep -E "test|Jail"

.woodpecker/release.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+# This is my own simple codeberg generic releaser. It takes to
+# binaries to be uploaded as arguments and takes every other args from
+# env. Works on tags or normal commits (push), tags must start with v.
+
+
+set -e
+
+die() {
+    echo $*
+    exit 1
+}
+
+if test -z "$DEPLOY_TOKEN"; then
+    die "token DEPLOY_TOKEN not set"
+fi
+
+git fetch --all
+
+# determine current tag or commit hash
+version="$CI_COMMIT_TAG"
+previous=""
+log=""
+if test -z "$version"; then
+    version="${CI_COMMIT_SHA:0:6}"
+    log=$(git log -1 --oneline)
+else
+    previous=$(git tag -l | grep -E "^v" | tac | grep -A1 "$version" | tail -1)
+    log=$(git log -1 --oneline "${previous}..${version}" | sed 's|^|- |g')
+fi
+
+# release body
+printf "# Changes\n\n %s\n" "$log" > body.txt
+
+# create the release
+https --ignore-stdin --check-status -b -A bearer -a "$DEPLOY_TOKEN" POST \
+      "https://codeberg.org/api/v1/repos/${CI_REPO_OWNER}/${CI_REPO_NAME}/releases" \
+      tag_name="$version" name="Release $version" body=@body.txt > release.json
+
+# we need the id to upload files
+ID=$(jq -r .id < release.json)
+
+if test -z "$ID"; then
+    cat release.json
+    die "failed to create release"
+fi
+
+# actually upload
+for file in "$@"; do
+    https --ignore-stdin --check-status -A bearer -a "$DEPLOY_TOKEN" -f POST \
+          "https://codeberg.org/api/v1/repos/${CI_REPO_OWNER}/${CI_REPO_NAME}/releases/$ID/assets" \
+          "name=${file}" "attachment@${file}"
+done

.woodpecker/release.yaml

@@ -0,0 +1,28 @@
+# build release
+
+labels:
+  platform: linux/amd64
+    
+steps:
+  compile:
+    when:
+      event: [tag,manual]
+    image: alpine:latest
+    commands:
+      - apk update
+      - apk add --no-cache bash git build-base
+      - make
+      - file ${CI_REPO_NAME}
+      - mv ${CI_REPO_NAME} ${CI_REPO_NAME}-freebsd-all-$CI_COMMIT_TAG
+
+  release:
+    image: alpine:latest
+    when:
+      event: [tag,manual]
+    environment:
+      DEPLOY_TOKEN:
+        from_secret: DEPLOY_TOKEN
+    commands:
+      - apk update
+      - apk add --no-cache bash httpie jq git
+      - .woodpecker/release.sh ${CI_REPO_NAME}-*

.woodpecker/woodpeckeragent.sh

@@ -0,0 +1,37 @@
+#!/bin/sh
+
+# PROVIDE: woodpeckeragent
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# woodpeckeragent_enable (bool):          Set to NO by default.
+#               Set it to YES to enable woodpeckeragent.
+
+. /etc/rc.subr
+
+name=woodpeckeragent
+rcvar=woodpeckeragent_enable
+
+load_rc_config $name
+
+: ${woodpeckeragent_enable:="NO"}
+: ${woodpeckeragent_token:="foo"}
+: ${woodpeckeragent_server:="grpc.ci.codeberg.org"}
+
+
+pidfile=/var/run/woodpeckeragent.pid
+command="/usr/sbin/daemon"
+procname="/usr/local/bin/woodpecker-agent"
+command_args="-f -p ${pidfile} -T ${name} \
+    /usr/bin/env PATH=$PATH:/usr/local/bin ${procname} \
+    --server ${woodpeckeragent_server} \
+    --grpc-token ${woodpeckeragent_token} \
+    --grpc-secure true \
+    --agent-config /tmp/woodpecker-agent \
+    --log-level debug"
+
+load_rc_config $name
+run_rc_command "$1"

README.md

@@ -1,4 +1,6 @@
-## jaildk - a FreeBSD jail development kit v2.0.0
+[![Test status](https://github.com/tlinden/jaildk/actions/workflows/ci.yaml/badge.svg)](https://github.com/tlinden/jaildk/actions/)
+
+## jaildk - a FreeBSD jail development kit v2.0.4
 
 ## Breaking Changes
 
@@ -608,6 +610,45 @@ Manipulate a jail specific table:
 
 `pfctl  -a /jail/myjail -t blocked -T show`
 
+## Generating pf rule sets
+
+It is also possible to let jaildk generate the pf rule sets from the
+jail config. You can generate `map`s and `rule`s. Maps will be used
+for mapping ipv4 connections and rules primarily for ipv6.
+
+A map is defined by a name. You can define many maps. Example:
+
+```toml
+map_prom_exposed_port="9100"
+map_prom_exposed_ip="172.16.1.1"
+map_prom_allow_from="10.2.3.4" # optional, default: any allowed
+```
+
+Then you reference the maps like this:
+
+```toml
+maps="prom web git"
+```
+
+You can also specify the ip address used to connect to the outside:
+
+```toml
+masq_ip="172.16.1.1"
+```
+
+Rules are being used for incoming ipv6 traffic, which is being routed
+only. The semtantics are the same:
+
+```toml
+rules="web git"
+
+rule_web_proto="tcp"
+rule_web_port="{80,443}"
+
+rule_git_proto="tcp"
+rule_git_port="22"
+```
+
 ## Getting help
 
 Although I'm happy to hear from jaildk users in private email,
@@ -615,7 +656,7 @@ that's the best way for me to forget to do something.
 
 In order to report a bug, unexpected behavior, feature requests
 or to submit a patch, please open an issue on github:
-https://github.com/TLINDEN/jaildk/issues.
+https://codeberg.org/scip/jaildk/issues.
 
 ## Copyright and license
 
@@ -629,5 +670,5 @@ F.Sass (Culsu)
 
 ## Project homepage
 
-https://github.com/TLINDEN/jaildk
+https://codeberg.org/scip/jaildk
 

src/jaildk.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-version=2.0.3
+version=2.0.5
 
 # this will  be completed during  build. Don't touch it,  just execute
 # make and use the resulting script!
@@ -1065,6 +1065,10 @@ jaildk_clone() {
             die "new version must be different from source version!"
         fi
         update=1
+    else
+        if test -e "$j/etc/$new/mount.conf" -o -e "$j/etc/$new/jail.conf"; then
+            die "Destination jail $new already exist, cloning would overwrite it!"
+        fi
     fi
 
     die_if_not_exist $src "Source jail"
@@ -1155,7 +1159,7 @@ jaildk_clone() {
         # FIXME: possibly not needed! see comment in jaildk_create()
         # jail=$new
         bold "To mount the build chroot of the new jail, execute:"
-        echo "jaildk build $new start -b $base -v $newversion"
+        echo "jaildk build $new -m start -b $base -v $newversion"
     fi
 }
 
@@ -1286,15 +1290,14 @@ jaildk_jail() {
     jail=$2
 
     if test "x$mode" = "xstatus"; then
-        (
         if test -z "$jail" -o "$jail" = "-h"; then
             bold "Running jails:"
             lookup='*'
         else
-                bold "Status $jail:"
+            bold "Status of $jail:"
             lookup=$jail
         fi
-
+        (
             echo "Jail IP-Address Path Is-Running RW-mounted Current-Version Base"
             grep -h "name=" $j/etc/$lookup/jail.conf | cut -d= -f2 | while read jail; do
                 jid=''
@@ -1317,7 +1320,7 @@ jaildk_jail() {
 
                 if jls -j $jail > /dev/null 2>&1; then
                     # jail is running, get some data about jail
-                    eval $(jls -j v6 -qn ip4.addr ip6.addr jid)
+                    eval $(jls -j $jail -qn ip4.addr ip6.addr jid path | sed 's/\.addr/addr/g')
                     if test -n "$ip4addr"; then
                         ip=$ip4addr
                     else
@@ -1529,7 +1532,7 @@ jaildk_login() {
     fi
 
     jid=""
-    jid=`jls | grep "$jail" | awk '{print $1}'`
+    jid=$(jls -j "$jail" jid)
 
     if test -z "$jid"; then
         echo "jail $jail doesn't run!"
@@ -1778,7 +1781,7 @@ jaildk_update() {
     rcscript=update
     force=''
 
-    repo="https://github.com/TLINDEN/jaildk.git"
+    repo="https://codeberg.org/scip/jaildk.git"
     mustberoot
 
     OPTIND=1; while getopts "f" arg; do