diff options
author | erdgeist <erdgeist@erdgeist.org> | 2006-03-20 12:30:45 +0000 |
---|---|---|
committer | erdgeist <erdgeist@erdgeist.org> | 2006-03-20 12:30:45 +0000 |
commit | d34be4420a086093b328040b3f3fdcb86feda233 (patch) | |
tree | 1f057c05f6f0e8e713d776d28f12b09db1aee600 | |
parent | c6763b6e35e1cfcd0e6aa3fba945b9326bb9054d (diff) |
Cryptoimage creation now works in principle. Follows: a lot of sanity checking and user guidance
-rw-r--r-- | ezjail-img.sh | 61 |
1 files changed, 37 insertions, 24 deletions
diff --git a/ezjail-img.sh b/ezjail-img.sh index 6e28c45..b41e7ad 100644 --- a/ezjail-img.sh +++ b/ezjail-img.sh | |||
@@ -32,9 +32,10 @@ exerr () { echo -e "$*"; exit 1; } | |||
32 | # define detach strategy for image jails | 32 | # define detach strategy for image jails |
33 | detach_images () { | 33 | detach_images () { |
34 | # unmount and detach memory disc | 34 | # unmount and detach memory disc |
35 | if [ "${newjail_device}" ]; then | 35 | if [ "${newjail_img_device}" ]; then |
36 | umount ${newjail_root} | 36 | umount ${newjail_root} |
37 | mdconfig -d -u ${newjail_device} | 37 | [ "${newjail_image}" = "crypto" ] && gbde detach /dev/${newjail_img_device} |
38 | mdconfig -d -u ${newjail_img_device} | ||
38 | fi | 39 | fi |
39 | } | 40 | } |
40 | 41 | ||
@@ -45,13 +46,13 @@ case "$1" in | |||
45 | ######################## ezjail-admin CREATE ######################## | 46 | ######################## ezjail-admin CREATE ######################## |
46 | create) | 47 | create) |
47 | shift | 48 | shift |
48 | args=`getopt xf:r:i: $*` || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-i size] [-xc] jailname jailip" | 49 | args=`getopt xf:r:is:c $*` || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-i size] [-xc] jailname jailip" |
49 | 50 | ||
50 | newjail_root= | 51 | newjail_root= |
51 | newjail_flavour= | 52 | newjail_flavour= |
52 | newjail_softlink= | 53 | newjail_softlink= |
54 | newjail_image= | ||
53 | newjail_imagesize= | 55 | newjail_imagesize= |
54 | newjail_cryptimage= | ||
55 | newjail_device= | 56 | newjail_device= |
56 | newjail_fill="YES" | 57 | newjail_fill="YES" |
57 | 58 | ||
@@ -61,8 +62,9 @@ create) | |||
61 | -x) newjail_fill="NO"; shift;; | 62 | -x) newjail_fill="NO"; shift;; |
62 | -r) newjail_root="$2"; shift 2;; | 63 | -r) newjail_root="$2"; shift 2;; |
63 | -f) newjail_flavour="$2"; shift 2;; | 64 | -f) newjail_flavour="$2"; shift 2;; |
64 | -i) newjail_imagesize="$2"; shift 2;; | 65 | -i) newjail_image="simple"; shift;; |
65 | -c) newjail_cryptimage="YES"; shift;; | 66 | -s) newjail_imagesize="$2"; shift 2;; |
67 | -c) newjail_image="crypto"; shift;; | ||
66 | --) shift; break;; | 68 | --) shift; break;; |
67 | esac | 69 | esac |
68 | done | 70 | done |
@@ -72,7 +74,7 @@ create) | |||
72 | [ "${newjail_name}" -a "${newjail_ip}" -a $# = 2 ] || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-x] jailname jailip" | 74 | [ "${newjail_name}" -a "${newjail_ip}" -a $# = 2 ] || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-x] jailname jailip" |
73 | 75 | ||
74 | # check for sanity of settings concerning the image feature | 76 | # check for sanity of settings concerning the image feature |
75 | [ "${newjail_cryptimage}" = "YES" -a ! "${newjail_imagesize}" ] && exerr "Cryptimages need an image size." | 77 | [ "${newjail_image}" -a "$newjail_fill" = "YES" -a ! "${newjail_imagesize}" ] && exerr "Image jails need an image size." |
76 | 78 | ||
77 | # check, whether ezjail-update has been called. existence of | 79 | # check, whether ezjail-update has been called. existence of |
78 | # ezjail_jailbase is our indicator | 80 | # ezjail_jailbase is our indicator |
@@ -121,19 +123,30 @@ create) | |||
121 | # All sanity checks that may lead to errors are hopefully passed here | 123 | # All sanity checks that may lead to errors are hopefully passed here |
122 | # | 124 | # |
123 | 125 | ||
124 | # if image is wanted, check, whether the img-file already is present | 126 | if [ "${newjail_image}" ]; then |
125 | if [ "${newjail_imagesize}" ]; then | 127 | newjail_img=${newjail_root%/}; while [ "${newjail_img}" -a -z "${newjail_img%%*/}" ]; do newjail_img=${newjail_img%/}; done |
126 | newjail_image=${newjail_root%/}; while [ "${newjail_image}" -a -z "${newjail_image%%*/}" ]; do newjail_image=${newjail_image%/}; done | 128 | [ -z "${newjail_img}" ] && exerr "Error: Could not determine image file name, something is wrong with the jail root: ${newjail_root}." |
127 | [ -z "${newjail_image}" ] && exerr "Error: Could not determine image file name, something is wrong with the jail root: ${newjail_root}." | 129 | newjail_lock=${newjail_img}.lock |
128 | newjail_image=${newjail_image}.img | 130 | newjail_img=${newjail_img}.img |
129 | [ -e "${newjail_image}" ] && exerr "Error: a file exists at the location ${newjail_image}, preventing our own image file to be created." | 131 | if [ "$newjail_fill" = "YES" ]; then |
130 | 132 | [ -e "${newjail_img}" ] && exerr "Error: a file exists at the location ${newjail_img}, preventing our own image file to be created." | |
131 | touch "${newjail_image}" | 133 | touch "${newjail_img}" |
132 | dd if=/dev/random of="${newjail_image}" bs="${newjail_imagesize}" count=1 || exerr "Error: Could not (or not fully) create the image file. You might want to check (and possibly remove) the file ${newjail_image}. The image size provided was ${newjail_imagesize}." | 134 | dd if=/dev/random of="${newjail_img}" bs="${newjail_imagesize}" count=1 || exerr "Error: Could not (or not fully) create the image file. You might want to check (and possibly remove) the file ${newjail_img}. The image size provided was ${newjail_imagesize}." |
133 | newjail_device=`mdconfig -a -t vnode -f ${newjail_image}` | 135 | newjail_img_device=`mdconfig -a -t vnode -f ${newjail_img}` |
134 | newfs /dev/${newjail_device} | 136 | if [ "${newjail_image}" = "crypto" ]; then |
135 | mkdir -p ${newjail_root} | 137 | gbde init /dev/${newjail_img_device} -L ${newjail_lock} |
136 | mount /dev/${newjail_device} ${newjail_root} | 138 | gbde attach /dev/${newjail_img_device} -l ${newjail_lock} |
139 | newjail_device=${newjail_img_device}.bde | ||
140 | else | ||
141 | newjail_device=${newjail_img_device} | ||
142 | fi | ||
143 | newfs /dev/${newjail_device} | ||
144 | mkdir -p ${newjail_root} | ||
145 | mount /dev/${newjail_device} ${newjail_root} | ||
146 | else | ||
147 | [ -e ${newjail_root} -a ! -d ${newjail_root} ] && exerr "Error: Could not create mount point for your jail image. A file exists at its location. (For existing image jails, call this tool without the .img suffix when specifying jail root.)" | ||
148 | [ -d ${newjail_root} ] || mkdir -p ${newjail_root} | ||
149 | fi | ||
137 | fi | 150 | fi |
138 | 151 | ||
139 | # now take a copy of our template jail | 152 | # now take a copy of our template jail |
@@ -149,7 +162,7 @@ create) | |||
149 | # if the automount feature is not disabled, this fstab entry for new jail | 162 | # if the automount feature is not disabled, this fstab entry for new jail |
150 | # will be obeyed | 163 | # will be obeyed |
151 | echo -n > /etc/fstab.${newjail_nname} | 164 | echo -n > /etc/fstab.${newjail_nname} |
152 | [ "${newjail_imagesize}" ] && \ | 165 | [ "${newjail_image}" ] && \ |
153 | echo ${newjail_root}.device ${newjail_root} ufs rw 0 0 >> /etc/fstab.${newjail_nname} | 166 | echo ${newjail_root}.device ${newjail_root} ufs rw 0 0 >> /etc/fstab.${newjail_nname} |
154 | echo ${ezjail_jailbase} ${newjail_root}/basejail nullfs ro 0 0 >> /etc/fstab.${newjail_nname} | 167 | echo ${ezjail_jailbase} ${newjail_root}/basejail nullfs ro 0 0 >> /etc/fstab.${newjail_nname} |
155 | 168 | ||
@@ -166,12 +179,12 @@ create) | |||
166 | echo export jail_${newjail_nname}_procfs_enable=\"${ezjail_procfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname} | 179 | echo export jail_${newjail_nname}_procfs_enable=\"${ezjail_procfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname} |
167 | echo export jail_${newjail_nname}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname} | 180 | echo export jail_${newjail_nname}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname} |
168 | [ "${newjail_imagesize}" ] && \ | 181 | [ "${newjail_imagesize}" ] && \ |
169 | echo export jail_${newjail_nname}_image=\"${newjail_image}\" >> ${ezjail_jailcfgs}/${newjail_nname} | 182 | echo export jail_${newjail_nname}_image=\"${newjail_img}\" >> ${ezjail_jailcfgs}/${newjail_nname} |
170 | [ "${newjail_cryptimage}" ] && \ | 183 | [ "${newjail_image}" = "crypto" ] && \ |
171 | echo export jail_${newjail_nname}_cryptimage=\"YES\" >> ${ezjail_jailcfgs}/${newjail_nname} | 184 | echo export jail_${newjail_nname}_cryptimage=\"YES\" >> ${ezjail_jailcfgs}/${newjail_nname} |
172 | 185 | ||
173 | # Final steps for flavour installation | 186 | # Final steps for flavour installation |
174 | if [ "${newjail_flavour}" ]; then | 187 | if [ "${newjail_fill}" = "YES" -a "${newjail_flavour}" ]; then |
175 | # install files and config to new jail | 188 | # install files and config to new jail |
176 | cd ${ezjail_flavours}/${newjail_flavour} && find * | cpio -p -v ${newjail_root} > /dev/null | 189 | cd ${ezjail_flavours}/${newjail_flavour} && find * | cpio -p -v ${newjail_root} > /dev/null |
177 | [ $? = 0 ] || echo "Warning: Could not fully install flavour." | 190 | [ $? = 0 ] || echo "Warning: Could not fully install flavour." |