summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorerdgeist <erdgeist@erdgeist.org>2006-03-20 12:30:45 +0000
committererdgeist <erdgeist@erdgeist.org>2006-03-20 12:30:45 +0000
commitd34be4420a086093b328040b3f3fdcb86feda233 (patch)
tree1f057c05f6f0e8e713d776d28f12b09db1aee600
parentc6763b6e35e1cfcd0e6aa3fba945b9326bb9054d (diff)
Cryptoimage creation now works in principle. Follows: a lot of sanity checking and user guidance
-rw-r--r--ezjail-img.sh61
1 files changed, 37 insertions, 24 deletions
diff --git a/ezjail-img.sh b/ezjail-img.sh
index 6e28c45..b41e7ad 100644
--- a/ezjail-img.sh
+++ b/ezjail-img.sh
@@ -32,9 +32,10 @@ exerr () { echo -e "$*"; exit 1; }
32# define detach strategy for image jails 32# define detach strategy for image jails
33detach_images () { 33detach_images () {
34 # unmount and detach memory disc 34 # unmount and detach memory disc
35 if [ "${newjail_device}" ]; then 35 if [ "${newjail_img_device}" ]; then
36 umount ${newjail_root} 36 umount ${newjail_root}
37 mdconfig -d -u ${newjail_device} 37 [ "${newjail_image}" = "crypto" ] && gbde detach /dev/${newjail_img_device}
38 mdconfig -d -u ${newjail_img_device}
38 fi 39 fi
39} 40}
40 41
@@ -45,13 +46,13 @@ case "$1" in
45######################## ezjail-admin CREATE ######################## 46######################## ezjail-admin CREATE ########################
46create) 47create)
47 shift 48 shift
48 args=`getopt xf:r:i: $*` || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-i size] [-xc] jailname jailip" 49 args=`getopt xf:r:is:c $*` || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-i size] [-xc] jailname jailip"
49 50
50 newjail_root= 51 newjail_root=
51 newjail_flavour= 52 newjail_flavour=
52 newjail_softlink= 53 newjail_softlink=
54 newjail_image=
53 newjail_imagesize= 55 newjail_imagesize=
54 newjail_cryptimage=
55 newjail_device= 56 newjail_device=
56 newjail_fill="YES" 57 newjail_fill="YES"
57 58
@@ -61,8 +62,9 @@ create)
61 -x) newjail_fill="NO"; shift;; 62 -x) newjail_fill="NO"; shift;;
62 -r) newjail_root="$2"; shift 2;; 63 -r) newjail_root="$2"; shift 2;;
63 -f) newjail_flavour="$2"; shift 2;; 64 -f) newjail_flavour="$2"; shift 2;;
64 -i) newjail_imagesize="$2"; shift 2;; 65 -i) newjail_image="simple"; shift;;
65 -c) newjail_cryptimage="YES"; shift;; 66 -s) newjail_imagesize="$2"; shift 2;;
67 -c) newjail_image="crypto"; shift;;
66 --) shift; break;; 68 --) shift; break;;
67 esac 69 esac
68 done 70 done
@@ -72,7 +74,7 @@ create)
72 [ "${newjail_name}" -a "${newjail_ip}" -a $# = 2 ] || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-x] jailname jailip" 74 [ "${newjail_name}" -a "${newjail_ip}" -a $# = 2 ] || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-x] jailname jailip"
73 75
74 # check for sanity of settings concerning the image feature 76 # check for sanity of settings concerning the image feature
75 [ "${newjail_cryptimage}" = "YES" -a ! "${newjail_imagesize}" ] && exerr "Cryptimages need an image size." 77 [ "${newjail_image}" -a "$newjail_fill" = "YES" -a ! "${newjail_imagesize}" ] && exerr "Image jails need an image size."
76 78
77 # check, whether ezjail-update has been called. existence of 79 # check, whether ezjail-update has been called. existence of
78 # ezjail_jailbase is our indicator 80 # ezjail_jailbase is our indicator
@@ -121,19 +123,30 @@ create)
121 # All sanity checks that may lead to errors are hopefully passed here 123 # All sanity checks that may lead to errors are hopefully passed here
122 # 124 #
123 125
124 # if image is wanted, check, whether the img-file already is present 126 if [ "${newjail_image}" ]; then
125 if [ "${newjail_imagesize}" ]; then 127 newjail_img=${newjail_root%/}; while [ "${newjail_img}" -a -z "${newjail_img%%*/}" ]; do newjail_img=${newjail_img%/}; done
126 newjail_image=${newjail_root%/}; while [ "${newjail_image}" -a -z "${newjail_image%%*/}" ]; do newjail_image=${newjail_image%/}; done 128 [ -z "${newjail_img}" ] && exerr "Error: Could not determine image file name, something is wrong with the jail root: ${newjail_root}."
127 [ -z "${newjail_image}" ] && exerr "Error: Could not determine image file name, something is wrong with the jail root: ${newjail_root}." 129 newjail_lock=${newjail_img}.lock
128 newjail_image=${newjail_image}.img 130 newjail_img=${newjail_img}.img
129 [ -e "${newjail_image}" ] && exerr "Error: a file exists at the location ${newjail_image}, preventing our own image file to be created." 131 if [ "$newjail_fill" = "YES" ]; then
130 132 [ -e "${newjail_img}" ] && exerr "Error: a file exists at the location ${newjail_img}, preventing our own image file to be created."
131 touch "${newjail_image}" 133 touch "${newjail_img}"
132 dd if=/dev/random of="${newjail_image}" bs="${newjail_imagesize}" count=1 || exerr "Error: Could not (or not fully) create the image file. You might want to check (and possibly remove) the file ${newjail_image}. The image size provided was ${newjail_imagesize}." 134 dd if=/dev/random of="${newjail_img}" bs="${newjail_imagesize}" count=1 || exerr "Error: Could not (or not fully) create the image file. You might want to check (and possibly remove) the file ${newjail_img}. The image size provided was ${newjail_imagesize}."
133 newjail_device=`mdconfig -a -t vnode -f ${newjail_image}` 135 newjail_img_device=`mdconfig -a -t vnode -f ${newjail_img}`
134 newfs /dev/${newjail_device} 136 if [ "${newjail_image}" = "crypto" ]; then
135 mkdir -p ${newjail_root} 137 gbde init /dev/${newjail_img_device} -L ${newjail_lock}
136 mount /dev/${newjail_device} ${newjail_root} 138 gbde attach /dev/${newjail_img_device} -l ${newjail_lock}
139 newjail_device=${newjail_img_device}.bde
140 else
141 newjail_device=${newjail_img_device}
142 fi
143 newfs /dev/${newjail_device}
144 mkdir -p ${newjail_root}
145 mount /dev/${newjail_device} ${newjail_root}
146 else
147 [ -e ${newjail_root} -a ! -d ${newjail_root} ] && exerr "Error: Could not create mount point for your jail image. A file exists at its location. (For existing image jails, call this tool without the .img suffix when specifying jail root.)"
148 [ -d ${newjail_root} ] || mkdir -p ${newjail_root}
149 fi
137 fi 150 fi
138 151
139 # now take a copy of our template jail 152 # now take a copy of our template jail
@@ -149,7 +162,7 @@ create)
149 # if the automount feature is not disabled, this fstab entry for new jail 162 # if the automount feature is not disabled, this fstab entry for new jail
150 # will be obeyed 163 # will be obeyed
151 echo -n > /etc/fstab.${newjail_nname} 164 echo -n > /etc/fstab.${newjail_nname}
152 [ "${newjail_imagesize}" ] && \ 165 [ "${newjail_image}" ] && \
153 echo ${newjail_root}.device ${newjail_root} ufs rw 0 0 >> /etc/fstab.${newjail_nname} 166 echo ${newjail_root}.device ${newjail_root} ufs rw 0 0 >> /etc/fstab.${newjail_nname}
154 echo ${ezjail_jailbase} ${newjail_root}/basejail nullfs ro 0 0 >> /etc/fstab.${newjail_nname} 167 echo ${ezjail_jailbase} ${newjail_root}/basejail nullfs ro 0 0 >> /etc/fstab.${newjail_nname}
155 168
@@ -166,12 +179,12 @@ create)
166 echo export jail_${newjail_nname}_procfs_enable=\"${ezjail_procfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname} 179 echo export jail_${newjail_nname}_procfs_enable=\"${ezjail_procfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
167 echo export jail_${newjail_nname}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname} 180 echo export jail_${newjail_nname}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
168 [ "${newjail_imagesize}" ] && \ 181 [ "${newjail_imagesize}" ] && \
169 echo export jail_${newjail_nname}_image=\"${newjail_image}\" >> ${ezjail_jailcfgs}/${newjail_nname} 182 echo export jail_${newjail_nname}_image=\"${newjail_img}\" >> ${ezjail_jailcfgs}/${newjail_nname}
170 [ "${newjail_cryptimage}" ] && \ 183 [ "${newjail_image}" = "crypto" ] && \
171 echo export jail_${newjail_nname}_cryptimage=\"YES\" >> ${ezjail_jailcfgs}/${newjail_nname} 184 echo export jail_${newjail_nname}_cryptimage=\"YES\" >> ${ezjail_jailcfgs}/${newjail_nname}
172 185
173 # Final steps for flavour installation 186 # Final steps for flavour installation
174 if [ "${newjail_flavour}" ]; then 187 if [ "${newjail_fill}" = "YES" -a "${newjail_flavour}" ]; then
175 # install files and config to new jail 188 # install files and config to new jail
176 cd ${ezjail_flavours}/${newjail_flavour} && find * | cpio -p -v ${newjail_root} > /dev/null 189 cd ${ezjail_flavours}/${newjail_flavour} && find * | cpio -p -v ${newjail_root} > /dev/null
177 [ $? = 0 ] || echo "Warning: Could not fully install flavour." 190 [ $? = 0 ] || echo "Warning: Could not fully install flavour."