diff options
author | erdgeist <erdgeist@erdgeist.org> | 2006-04-26 09:31:37 +0000 |
---|---|---|
committer | erdgeist <erdgeist@erdgeist.org> | 2006-04-26 09:31:37 +0000 |
commit | f96dbd4def35d33143bc45c106b0516b6e4dec11 (patch) | |
tree | cfbcb3b47ed3d8f7bfd318ebdb9a9dea0edd60b1 /ezjail-admin | |
parent | d6515f359d438404bb4720179eb78641f065972f (diff) |
Introducing a more generic crypto image strategy
Diffstat (limited to 'ezjail-admin')
-rwxr-xr-x | ezjail-admin | 54 |
1 files changed, 32 insertions, 22 deletions
diff --git a/ezjail-admin b/ezjail-admin index 51377a0..bbabd98 100755 --- a/ezjail-admin +++ b/ezjail-admin | |||
@@ -41,7 +41,10 @@ detach_images () { | |||
41 | # unmount and detach memory disc | 41 | # unmount and detach memory disc |
42 | if [ "${ezjail_imagedevice}" ]; then | 42 | if [ "${ezjail_imagedevice}" ]; then |
43 | umount ${ezjail_rootdir} > /dev/null | 43 | umount ${ezjail_rootdir} > /dev/null |
44 | [ "${ezjail_imagetype}" = "crypto" ] && gbde detach /dev/${ezjail_imagedevice} > /dev/null | 44 | case ${ezjail_imagetype} in |
45 | bde) gbde detach /dev/${ezjail_imagedevice} > /dev/null ;; | ||
46 | eli) ;; | ||
47 | esac | ||
45 | mdconfig -d -u ${ezjail_imagedevice} > /dev/null | 48 | mdconfig -d -u ${ezjail_imagedevice} > /dev/null |
46 | [ "$1" = "success" ] || rm -f ${ezjail_image} | 49 | [ "$1" = "success" ] || rm -f ${ezjail_image} |
47 | fi | 50 | fi |
@@ -135,10 +138,10 @@ case "$1" in | |||
135 | ######################## ezjail-admin CREATE ######################## | 138 | ######################## ezjail-admin CREATE ######################## |
136 | create) | 139 | create) |
137 | shift | 140 | shift |
138 | args=`getopt f:r:s:xic $*` || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-s size] [-xic] jailname jailip" | 141 | args=`getopt f:r:s:xic:C: $*` || exerr "Usage: `basename -- $0` create [-xi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip" |
139 | 142 | ||
140 | # Clean variables, prevent polution | 143 | # Clean variables, prevent polution |
141 | unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imagesize ezjail_device ezjail_config | 144 | unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config |
142 | ezjail_fillme="YES" | 145 | ezjail_fillme="YES" |
143 | 146 | ||
144 | set -- ${args} | 147 | set -- ${args} |
@@ -147,7 +150,8 @@ create) | |||
147 | -x) ezjail_fillme="NO"; shift;; | 150 | -x) ezjail_fillme="NO"; shift;; |
148 | -r) ezjail_rootdir="$2"; shift 2;; | 151 | -r) ezjail_rootdir="$2"; shift 2;; |
149 | -f) ezjail_flavour="$2"; shift 2;; | 152 | -f) ezjail_flavour="$2"; shift 2;; |
150 | -c) ezjail_imagetype="crypto"; shift;; | 153 | -c) ezjail_imagetype=$2; shift 2;; |
154 | -C) ezjail_imageparams=$2; shift 2;; | ||
151 | -i) ezjail_imagetype=${ezjail_imagetype:-"simple"}; shift;; | 155 | -i) ezjail_imagetype=${ezjail_imagetype:-"simple"}; shift;; |
152 | -s) ezjail_imagesize="$2"; shift 2;; | 156 | -s) ezjail_imagesize="$2"; shift 2;; |
153 | --) shift; break;; | 157 | --) shift; break;; |
@@ -156,11 +160,14 @@ create) | |||
156 | ezjail_name=$1; ezjail_ip=$2 | 160 | ezjail_name=$1; ezjail_ip=$2 |
157 | 161 | ||
158 | # we need at least a name and an ip for new jail | 162 | # we need at least a name and an ip for new jail |
159 | [ "${ezjail_name}" -a "${ezjail_ip}" -a $# = 2 ] || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-s size] [-xic] jailname jailip" | 163 | [ "${ezjail_name}" -a "${ezjail_ip}" -a $# = 2 ] || exerr "Usage: `basename -- $0` create [-xi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip" |
160 | 164 | ||
161 | # check for sanity of settings concerning the image feature | 165 | # check for sanity of settings concerning the image feature |
162 | [ "${ezjail_imagetype}" -a "${ezjail_fillme}" = "YES" -a ! "${ezjail_imagesize}" ] && exerr "Image jails need an image size." | 166 | [ "${ezjail_imagetype}" -a "${ezjail_fillme}" = "YES" -a ! "${ezjail_imagesize}" ] && exerr "Image jails need an image size." |
163 | 167 | ||
168 | # check for a sane image type | ||
169 | case ${ezjail_imagetype} in ""|simple|bde|eli) ;; *) exerr "Usage: `basename -- $0` create [-xi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip";; esac | ||
170 | |||
164 | # check, whether ezjail-update has been called. existence of | 171 | # check, whether ezjail-update has been called. existence of |
165 | # ezjail_jailbase is our indicator | 172 | # ezjail_jailbase is our indicator |
166 | [ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. Please run 'ezjail-admin update' first." | 173 | [ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. Please run 'ezjail-admin update' first." |
@@ -180,8 +187,7 @@ create) | |||
180 | # This scenario really will only lead to real troubles in the 'fulljail' | 187 | # This scenario really will only lead to real troubles in the 'fulljail' |
181 | # case, but I should still explain this to the user and not claim that | 188 | # case, but I should still explain this to the user and not claim that |
182 | # "an ezjail would already exist" | 189 | # "an ezjail would already exist" |
183 | [ "${ezjail_hostname}" = "basejail" -o "${ezjail_hostname}" = "newjail" -o "${ezjail_hostname}" = "fulljail" -o "${ezjail_hostname}" = "flavours" -o "${ezjail_hostname}" = "ezjailtemp" ] && \ | 190 | case ${ezjail_hostname} in basejail|newjail|fulljail|flavous|ezjailtemp) exerr "Error: ezjail needs the ${ezjail_hostname} directory for its own administrative purposes. Please rename the ezjail.";; esac |
184 | exerr "Error: ezjail needs the ${ezjail_hostname} directory for its own administrative purposes. Please rename the ezjail." | ||
185 | 191 | ||
186 | # jail names may lead to identical configs, eg. foo.bar.com == foo-bar.com | 192 | # jail names may lead to identical configs, eg. foo.bar.com == foo-bar.com |
187 | # so check, whether we might be running into problems | 193 | # so check, whether we might be running into problems |
@@ -229,17 +235,22 @@ create) | |||
229 | ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` | 235 | ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` |
230 | [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')" | 236 | [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')" |
231 | 237 | ||
232 | if [ "${ezjail_imagetype}" = "crypto" ]; then | 238 | case "${ezjail_imagetype}" in |
233 | # Initialise crypto image | 239 | bde) |
234 | echo "Initialising crypto device. Enter a new passphrase twice..." | 240 | # Initialise crypto image |
235 | gbde init /dev/${ezjail_imagedevice} || detach_images || exerr "Error: Could not initialise crypto image." | 241 | echo "Initialising crypto device. Enter a new passphrase twice..." |
236 | 242 | gbde init /dev/${ezjail_imagedevice} || detach_images || exerr "Error: Could not initialise crypto image." | |
237 | echo "Attaching crypto device. Enter the passphrase..." | 243 | |
238 | gbde attach /dev/${ezjail_imagedevice} || detach_images || exerr "Error: Could not attach crypto image." | 244 | echo "Attaching crypto device. Enter the passphrase..." |
239 | ezjail_device=${ezjail_imagedevice}.bde | 245 | gbde attach /dev/${ezjail_imagedevice} || detach_images || exerr "Error: Could not attach crypto image." |
240 | else | 246 | ezjail_device=${ezjail_imagedevice}.bde |
247 | ;; | ||
248 | eli) | ||
249 | ;; | ||
250 | simple) | ||
241 | ezjail_device=${ezjail_imagedevice} | 251 | ezjail_device=${ezjail_imagedevice} |
242 | fi | 252 | ;; |
253 | esac | ||
243 | 254 | ||
244 | # Format memory image | 255 | # Format memory image |
245 | newfs /dev/${ezjail_device} || detach_images || exerr "Error: Could not newfs /dev/${ezjail_device}." | 256 | newfs /dev/${ezjail_device} || detach_images || exerr "Error: Could not newfs /dev/${ezjail_device}." |
@@ -371,10 +382,8 @@ list) | |||
371 | echo "--- ----- --------------- ---------------------------- -----------------------------" | 382 | echo "--- ----- --------------- ---------------------------- -----------------------------" |
372 | for ezjail in ${ezjail_list}; do | 383 | for ezjail in ${ezjail_list}; do |
373 | fetchjailinfo ${ezjail%.norun} | 384 | fetchjailinfo ${ezjail%.norun} |
374 | ezjail_state="D" | 385 | case ${ezjail_imagetype} in simple) ezjail_state="I";; bde) ezjail_state="B";; eli) ezjail_state="E";; *) ezjail_state="D";; esac |
375 | [ "${ezjail_imagetype}" = "simple" ] && ezjail_state="I" | 386 | [ "${ezjail_id}" ] && ezjail_state=${ezjail_state}R || ezjail_state=${ezjail_state}S |
376 | [ "${ezjail_imagetype}" = "crypto" ] && ezjail_state="C" | ||
377 | [ "${ezjail_id}" ] && ezjail_state=${ezjail_state}R || ezjail_state=${ezjail_state}S | ||
378 | [ "${ezjail_safename}" != "${ezjail}" ] && ezjail_state=${ezjail_state}N | 387 | [ "${ezjail_safename}" != "${ezjail}" ] && ezjail_state=${ezjail_state}N |
379 | 388 | ||
380 | printf "%-3s %-5s %-15s %-28s %s\\n" "${ezjail_state}" "${ezjail_id:-N/A}" "${ezjail_ip}" "${ezjail_hostname}" "${ezjail_rootdir}" | 389 | printf "%-3s %-5s %-15s %-28s %s\\n" "${ezjail_state}" "${ezjail_id:-N/A}" "${ezjail_ip}" "${ezjail_hostname}" "${ezjail_rootdir}" |
@@ -489,13 +498,14 @@ install) | |||
489 | # yes and the set -- all | 498 | # yes and the set -- all |
490 | set -- all | 499 | set -- all |
491 | [ -f install.sh ] && yes | . install.sh | 500 | [ -f install.sh ] && yes | . install.sh |
492 | # XXX error checking. | 501 | [ $? = 0 ] || exerr "Package install script for ${pkg} failed." |
493 | 502 | ||
494 | rm -rf ${ezjail_jailtemp} | 503 | rm -rf ${ezjail_jailtemp} |
495 | else | 504 | else |
496 | cd ${basejail_reldir}/${basejail_dir}/${pkg} || exerr "Could not cd to ${basejail_dir}." | 505 | cd ${basejail_reldir}/${basejail_dir}/${pkg} || exerr "Could not cd to ${basejail_dir}." |
497 | set -- all | 506 | set -- all |
498 | [ -f install.sh ] && yes | . install.sh | 507 | [ -f install.sh ] && yes | . install.sh |
508 | [ $? = 0 ] || exerr "Package install script for ${pkg} failed." | ||
499 | fi | 509 | fi |
500 | done | 510 | done |
501 | 511 | ||