summaryrefslogtreecommitdiff
path: root/ezjail-admin
diff options
context:
space:
mode:
authorerdgeist <erdgeist@erdgeist.org>2006-04-26 09:31:37 +0000
committererdgeist <erdgeist@erdgeist.org>2006-04-26 09:31:37 +0000
commitf96dbd4def35d33143bc45c106b0516b6e4dec11 (patch)
treecfbcb3b47ed3d8f7bfd318ebdb9a9dea0edd60b1 /ezjail-admin
parentd6515f359d438404bb4720179eb78641f065972f (diff)
Introducing a more generic crypto image strategy
Diffstat (limited to 'ezjail-admin')
-rwxr-xr-xezjail-admin54
1 files changed, 32 insertions, 22 deletions
diff --git a/ezjail-admin b/ezjail-admin
index 51377a0..bbabd98 100755
--- a/ezjail-admin
+++ b/ezjail-admin
@@ -41,7 +41,10 @@ detach_images () {
41 # unmount and detach memory disc 41 # unmount and detach memory disc
42 if [ "${ezjail_imagedevice}" ]; then 42 if [ "${ezjail_imagedevice}" ]; then
43 umount ${ezjail_rootdir} > /dev/null 43 umount ${ezjail_rootdir} > /dev/null
44 [ "${ezjail_imagetype}" = "crypto" ] && gbde detach /dev/${ezjail_imagedevice} > /dev/null 44 case ${ezjail_imagetype} in
45 bde) gbde detach /dev/${ezjail_imagedevice} > /dev/null ;;
46 eli) ;;
47 esac
45 mdconfig -d -u ${ezjail_imagedevice} > /dev/null 48 mdconfig -d -u ${ezjail_imagedevice} > /dev/null
46 [ "$1" = "success" ] || rm -f ${ezjail_image} 49 [ "$1" = "success" ] || rm -f ${ezjail_image}
47 fi 50 fi
@@ -135,10 +138,10 @@ case "$1" in
135######################## ezjail-admin CREATE ######################## 138######################## ezjail-admin CREATE ########################
136create) 139create)
137 shift 140 shift
138 args=`getopt f:r:s:xic $*` || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-s size] [-xic] jailname jailip" 141 args=`getopt f:r:s:xic:C: $*` || exerr "Usage: `basename -- $0` create [-xi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip"
139 142
140 # Clean variables, prevent polution 143 # Clean variables, prevent polution
141 unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imagesize ezjail_device ezjail_config 144 unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config
142 ezjail_fillme="YES" 145 ezjail_fillme="YES"
143 146
144 set -- ${args} 147 set -- ${args}
@@ -147,7 +150,8 @@ create)
147 -x) ezjail_fillme="NO"; shift;; 150 -x) ezjail_fillme="NO"; shift;;
148 -r) ezjail_rootdir="$2"; shift 2;; 151 -r) ezjail_rootdir="$2"; shift 2;;
149 -f) ezjail_flavour="$2"; shift 2;; 152 -f) ezjail_flavour="$2"; shift 2;;
150 -c) ezjail_imagetype="crypto"; shift;; 153 -c) ezjail_imagetype=$2; shift 2;;
154 -C) ezjail_imageparams=$2; shift 2;;
151 -i) ezjail_imagetype=${ezjail_imagetype:-"simple"}; shift;; 155 -i) ezjail_imagetype=${ezjail_imagetype:-"simple"}; shift;;
152 -s) ezjail_imagesize="$2"; shift 2;; 156 -s) ezjail_imagesize="$2"; shift 2;;
153 --) shift; break;; 157 --) shift; break;;
@@ -156,11 +160,14 @@ create)
156 ezjail_name=$1; ezjail_ip=$2 160 ezjail_name=$1; ezjail_ip=$2
157 161
158 # we need at least a name and an ip for new jail 162 # we need at least a name and an ip for new jail
159 [ "${ezjail_name}" -a "${ezjail_ip}" -a $# = 2 ] || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-s size] [-xic] jailname jailip" 163 [ "${ezjail_name}" -a "${ezjail_ip}" -a $# = 2 ] || exerr "Usage: `basename -- $0` create [-xi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip"
160 164
161 # check for sanity of settings concerning the image feature 165 # check for sanity of settings concerning the image feature
162 [ "${ezjail_imagetype}" -a "${ezjail_fillme}" = "YES" -a ! "${ezjail_imagesize}" ] && exerr "Image jails need an image size." 166 [ "${ezjail_imagetype}" -a "${ezjail_fillme}" = "YES" -a ! "${ezjail_imagesize}" ] && exerr "Image jails need an image size."
163 167
168 # check for a sane image type
169 case ${ezjail_imagetype} in ""|simple|bde|eli) ;; *) exerr "Usage: `basename -- $0` create [-xi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip";; esac
170
164 # check, whether ezjail-update has been called. existence of 171 # check, whether ezjail-update has been called. existence of
165 # ezjail_jailbase is our indicator 172 # ezjail_jailbase is our indicator
166 [ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. Please run 'ezjail-admin update' first." 173 [ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. Please run 'ezjail-admin update' first."
@@ -180,8 +187,7 @@ create)
180 # This scenario really will only lead to real troubles in the 'fulljail' 187 # This scenario really will only lead to real troubles in the 'fulljail'
181 # case, but I should still explain this to the user and not claim that 188 # case, but I should still explain this to the user and not claim that
182 # "an ezjail would already exist" 189 # "an ezjail would already exist"
183 [ "${ezjail_hostname}" = "basejail" -o "${ezjail_hostname}" = "newjail" -o "${ezjail_hostname}" = "fulljail" -o "${ezjail_hostname}" = "flavours" -o "${ezjail_hostname}" = "ezjailtemp" ] && \ 190 case ${ezjail_hostname} in basejail|newjail|fulljail|flavous|ezjailtemp) exerr "Error: ezjail needs the ${ezjail_hostname} directory for its own administrative purposes. Please rename the ezjail.";; esac
184 exerr "Error: ezjail needs the ${ezjail_hostname} directory for its own administrative purposes. Please rename the ezjail."
185 191
186 # jail names may lead to identical configs, eg. foo.bar.com == foo-bar.com 192 # jail names may lead to identical configs, eg. foo.bar.com == foo-bar.com
187 # so check, whether we might be running into problems 193 # so check, whether we might be running into problems
@@ -229,17 +235,22 @@ create)
229 ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` 235 ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}`
230 [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')" 236 [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')"
231 237
232 if [ "${ezjail_imagetype}" = "crypto" ]; then 238 case "${ezjail_imagetype}" in
233 # Initialise crypto image 239 bde)
234 echo "Initialising crypto device. Enter a new passphrase twice..." 240 # Initialise crypto image
235 gbde init /dev/${ezjail_imagedevice} || detach_images || exerr "Error: Could not initialise crypto image." 241 echo "Initialising crypto device. Enter a new passphrase twice..."
236 242 gbde init /dev/${ezjail_imagedevice} || detach_images || exerr "Error: Could not initialise crypto image."
237 echo "Attaching crypto device. Enter the passphrase..." 243
238 gbde attach /dev/${ezjail_imagedevice} || detach_images || exerr "Error: Could not attach crypto image." 244 echo "Attaching crypto device. Enter the passphrase..."
239 ezjail_device=${ezjail_imagedevice}.bde 245 gbde attach /dev/${ezjail_imagedevice} || detach_images || exerr "Error: Could not attach crypto image."
240 else 246 ezjail_device=${ezjail_imagedevice}.bde
247 ;;
248 eli)
249 ;;
250 simple)
241 ezjail_device=${ezjail_imagedevice} 251 ezjail_device=${ezjail_imagedevice}
242 fi 252 ;;
253 esac
243 254
244 # Format memory image 255 # Format memory image
245 newfs /dev/${ezjail_device} || detach_images || exerr "Error: Could not newfs /dev/${ezjail_device}." 256 newfs /dev/${ezjail_device} || detach_images || exerr "Error: Could not newfs /dev/${ezjail_device}."
@@ -371,10 +382,8 @@ list)
371 echo "--- ----- --------------- ---------------------------- -----------------------------" 382 echo "--- ----- --------------- ---------------------------- -----------------------------"
372 for ezjail in ${ezjail_list}; do 383 for ezjail in ${ezjail_list}; do
373 fetchjailinfo ${ezjail%.norun} 384 fetchjailinfo ${ezjail%.norun}
374 ezjail_state="D" 385 case ${ezjail_imagetype} in simple) ezjail_state="I";; bde) ezjail_state="B";; eli) ezjail_state="E";; *) ezjail_state="D";; esac
375 [ "${ezjail_imagetype}" = "simple" ] && ezjail_state="I" 386 [ "${ezjail_id}" ] && ezjail_state=${ezjail_state}R || ezjail_state=${ezjail_state}S
376 [ "${ezjail_imagetype}" = "crypto" ] && ezjail_state="C"
377 [ "${ezjail_id}" ] && ezjail_state=${ezjail_state}R || ezjail_state=${ezjail_state}S
378 [ "${ezjail_safename}" != "${ezjail}" ] && ezjail_state=${ezjail_state}N 387 [ "${ezjail_safename}" != "${ezjail}" ] && ezjail_state=${ezjail_state}N
379 388
380 printf "%-3s %-5s %-15s %-28s %s\\n" "${ezjail_state}" "${ezjail_id:-N/A}" "${ezjail_ip}" "${ezjail_hostname}" "${ezjail_rootdir}" 389 printf "%-3s %-5s %-15s %-28s %s\\n" "${ezjail_state}" "${ezjail_id:-N/A}" "${ezjail_ip}" "${ezjail_hostname}" "${ezjail_rootdir}"
@@ -489,13 +498,14 @@ install)
489 # yes and the set -- all 498 # yes and the set -- all
490 set -- all 499 set -- all
491 [ -f install.sh ] && yes | . install.sh 500 [ -f install.sh ] && yes | . install.sh
492 # XXX error checking. 501 [ $? = 0 ] || exerr "Package install script for ${pkg} failed."
493 502
494 rm -rf ${ezjail_jailtemp} 503 rm -rf ${ezjail_jailtemp}
495 else 504 else
496 cd ${basejail_reldir}/${basejail_dir}/${pkg} || exerr "Could not cd to ${basejail_dir}." 505 cd ${basejail_reldir}/${basejail_dir}/${pkg} || exerr "Could not cd to ${basejail_dir}."
497 set -- all 506 set -- all
498 [ -f install.sh ] && yes | . install.sh 507 [ -f install.sh ] && yes | . install.sh
508 [ $? = 0 ] || exerr "Package install script for ${pkg} failed."
499 fi 509 fi
500 done 510 done
501 511