diff options
| -rwxr-xr-x | ezjail-admin | 68 | ||||
| -rwxr-xr-x | ezjail.sh | 13 | 
2 files changed, 66 insertions, 15 deletions
| diff --git a/ezjail-admin b/ezjail-admin index 5e30c9f..2c6e7ee 100755 --- a/ezjail-admin +++ b/ezjail-admin | |||
| @@ -43,7 +43,7 @@ detach_images () { | |||
| 43 | umount ${ezjail_rootdir} > /dev/null | 43 | umount ${ezjail_rootdir} > /dev/null | 
| 44 | case ${ezjail_imagetype} in | 44 | case ${ezjail_imagetype} in | 
| 45 | bde) gbde detach /dev/${ezjail_imagedevice} > /dev/null;; | 45 | bde) gbde detach /dev/${ezjail_imagedevice} > /dev/null;; | 
| 46 | eli) geil detach /dev/${ezjail_imagedevice} > /dev/null;; | 46 | eli) geli detach /dev/${ezjail_imagedevice} > /dev/null;; | 
| 47 | esac | 47 | esac | 
| 48 | mdconfig -d -u ${ezjail_imagedevice} > /dev/null | 48 | mdconfig -d -u ${ezjail_imagedevice} > /dev/null | 
| 49 | [ "$1" = "success" ] || rm -f ${ezjail_image} | 49 | [ "$1" = "success" ] || rm -f ${ezjail_image} | 
| @@ -139,7 +139,7 @@ case "$1" in | |||
| 139 | ######################## ezjail-admin CREATE ######################## | 139 | ######################## ezjail-admin CREATE ######################## | 
| 140 | create) | 140 | create) | 
| 141 | # Clean variables, prevent polution | 141 | # Clean variables, prevent polution | 
| 142 | unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config | 142 | unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config ezjail_attachparams | 
| 143 | ezjail_fillme="YES" | 143 | ezjail_fillme="YES" | 
| 144 | 144 | ||
| 145 | shift; while getopts :f:r:s:xic:C: arg; do case ${arg} in | 145 | shift; while getopts :f:r:s:xic:C: arg; do case ${arg} in | 
| @@ -246,16 +246,24 @@ create) | |||
| 246 | [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')" | 246 | [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')" | 
| 247 | 247 | ||
| 248 | case "${ezjail_imagetype}" in | 248 | case "${ezjail_imagetype}" in | 
| 249 | bde) | 249 | bde|eli) | 
| 250 | # Initialise crypto image | 250 | # parse imageparams, generate attachparams | 
| 251 | echo "Initialising crypto device. Enter a new passphrase twice..." | 251 | if [ -n "${ezjail_imageparams}" ] ; then | 
| 252 | gbde init /dev/${ezjail_imagedevice} || detach_images || exerr "Error: Could not initialise crypto image." | 252 | ezjail_attachparams=`echo $0 _parse_g${ezjail_imagetype}_attach_args_ ${ezjail_imageparams} | /bin/sh ` | 
| 253 | 253 | [ 0 -eq $? ] || exerr "processing of ezjail_imageparams failed" | |
| 254 | echo "Attaching crypto device. Enter the passphrase..." | 254 | fi | 
| 255 | gbde attach /dev/${ezjail_imagedevice} || detach_images || exerr "Error: Could not attach crypto image." | 255 | case "${ezjail_imagetype}" in | 
| 256 | ezjail_device=${ezjail_imagedevice}.bde | 256 | bde) init_cmd="gbde init /dev/${ezjail_imagedevice} ${ezjail_imageparams}" | 
| 257 | ;; | 257 | attach_cmd="gbde attach /dev/${ezjail_imagedevice} ${ezjail_attachparams}";; | 
| 258 | eli) | 258 | eli) init_cmd="geli init ${ezjail_imageparams} /dev/${ezjail_imagedevice}" | 
| 259 | attach_cmd="geli attach ${ezjail_attachparams} /dev/${ezjail_imagedevice}";; | ||
| 260 | esac | ||
| 261 | echo "Initialising crypto device. Enter a new passphrase twice... (if necessary)" | ||
| 262 | ( echo ${init_cmd} | /bin/sh ) || detach_images || exerr "Error: Could not initialise crypto image." | ||
| 263 | |||
| 264 | echo "Attaching crypto device. Enter the passphrase... (if necessary)" | ||
| 265 | ( echo ${attach_cmd} | /bin/sh ) || detach_images || exerr "Error: Could not attach crypto image." | ||
| 266 | ezjail_device=${ezjail_imagedevice}.${ezjail_imagetype} | ||
| 259 | ;; | 267 | ;; | 
| 260 | simple) | 268 | simple) | 
| 261 | ezjail_device=${ezjail_imagedevice} | 269 | ezjail_device=${ezjail_imagedevice} | 
| @@ -306,6 +314,7 @@ create) | |||
| 306 | echo export jail_${ezjail_safename}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_config} | 314 | echo export jail_${ezjail_safename}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_config} | 
| 307 | echo export jail_${ezjail_safename}_image=\"${ezjail_image}\" >> ${ezjail_config} | 315 | echo export jail_${ezjail_safename}_image=\"${ezjail_image}\" >> ${ezjail_config} | 
| 308 | echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\" >> ${ezjail_config} | 316 | echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\" >> ${ezjail_config} | 
| 317 | echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\" >> ${ezjail_config} | ||
| 309 | 318 | ||
| 310 | # Final steps for flavour installation | 319 | # Final steps for flavour installation | 
| 311 | if [ "${ezjail_fillme}" = "YES" -a "${ezjail_flavour}" ]; then | 320 | if [ "${ezjail_fillme}" = "YES" -a "${ezjail_flavour}" ]; then | 
| @@ -545,6 +554,41 @@ config) | |||
| 545 | esac | 554 | esac | 
| 546 | 555 | ||
| 547 | ;; | 556 | ;; | 
| 557 | |||
| 558 | ############################################################################## | ||
| 559 | # ezjail_imageparams HACK starts here | ||
| 560 | # | ||
| 561 | # | ||
| 562 | _parse_geli_attach_args_) | ||
| 563 | # create geli(8) attach arguments from geli(8) init arguments: | ||
| 564 | # -P becomes -p if present, -K newkeyfile becomes -k newkeyfile if present, | ||
| 565 | # everything else is dicarded | ||
| 566 | shift; while getopts :bPva:i:K:l:s: arg; do case ${arg} in | ||
| 567 | b|v|a|i|l|s);; # ignore these | ||
| 568 | P) echo -n "-p ";; | ||
| 569 | K) echo -n "-k '$OPTARG' ";; | ||
| 570 | ?) exit 11;; | ||
| 571 | esac; done | ||
| 572 | exit 0 | ||
| 573 | ;; | ||
| 574 | _parse_gbde_attach_args_) | ||
| 575 | # create gbde(8) attach arguments from gbde(8) init arguments: | ||
| 576 | # -L lockfile becomes -l lockfile if present | ||
| 577 | # -K keyfile becomes -k keyfile if present | ||
| 578 | # -P passphrase becomes -p passphrase if present | ||
| 579 | # everything else is discarded | ||
| 580 | shift; while getopts :iK:f:L:P: arg; do case ${arg} in | ||
| 581 | i|f);; # ignore these | ||
| 582 | P) echo -n "-p '$OPTARG' ";; | ||
| 583 | K) echo -n "-k '$OPTARG' ";; | ||
| 584 | L) echo -n "-l '$OPTARG' ";; | ||
| 585 | ?) exit 11;; | ||
| 586 | esac; done | ||
| 587 | exit 0 | ||
| 588 | ;; | ||
| 589 | # | ||
| 590 | # ezjail_imageparams HACK ends here (thank god) | ||
| 591 | ############################################################################## | ||
| 548 | *) | 592 | *) | 
| 549 | exerr "Usage: `basename -- $0` [config|create|delete|install|list|update] {params}" | 593 | exerr "Usage: `basename -- $0` [config|create|delete|install|list|update] {params}" | 
| 550 | ;; | 594 | ;; | 
| @@ -60,6 +60,7 @@ do_cmd() | |||
| 60 | eval ezjail_root=\"\$jail_${ezjail}_rootdir\" | 60 | eval ezjail_root=\"\$jail_${ezjail}_rootdir\" | 
| 61 | eval ezjail_image=\"\$jail_${ezjail}_image\" | 61 | eval ezjail_image=\"\$jail_${ezjail}_image\" | 
| 62 | eval ezjail_imagetype=\"\$jail_${ezjail}_imagetype\" | 62 | eval ezjail_imagetype=\"\$jail_${ezjail}_imagetype\" | 
| 63 | eval ezjail_attachparams=\"\$jail_${ezjail}_attachparams\" | ||
| 63 | 64 | ||
| 64 | # Cannot auto mount crypto jails without interrupting boot process | 65 | # Cannot auto mount crypto jails without interrupting boot process | 
| 65 | [ "${ezjail_fromrc}" = "YES" -a "${ezjail_imagetype}" = "crypto" -a "${action}" = "start" ] && continue | 66 | [ "${ezjail_fromrc}" = "YES" -a "${ezjail_imagetype}" = "crypto" -a "${action}" = "start" ] && continue | 
| @@ -95,12 +96,15 @@ attach_detach_pre () | |||
| 95 | case ${ezjail_imagetype} in | 96 | case ${ezjail_imagetype} in | 
| 96 | crypto|bde) | 97 | crypto|bde) | 
| 97 | echo "Attaching gbde device for image jail ${ezjail}..." | 98 | echo "Attaching gbde device for image jail ${ezjail}..." | 
| 98 | gbde attach /dev/${ezjail_device} | 99 | echo gbde attach /dev/${ezjail_device} ${ezjail_attachparams} | /bin/sh | 
| 99 | |||
| 100 | # Device to mount is not md anymore | 100 | # Device to mount is not md anymore | 
| 101 | ezjail_device=${ezjail_device}.bde | 101 | ezjail_device=${ezjail_device}.bde | 
| 102 | ;; | 102 | ;; | 
| 103 | eli) | 103 | eli) | 
| 104 | echo "Attaching gbde device for image jail ${ezjail}..." | ||
| 105 | echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh | ||
| 106 | # Device to mount is not md anymore | ||
| 107 | ezjail_device=${ezjail_device}.eli | ||
| 104 | ;; | 108 | ;; | 
| 105 | esac | 109 | esac | 
| 106 | 110 | ||
| @@ -115,7 +119,10 @@ attach_detach_pre () | |||
| 115 | ezjail_device=`stat -f "%Y" ${ezjail_root}.device` | 119 | ezjail_device=`stat -f "%Y" ${ezjail_root}.device` | 
| 116 | 120 | ||
| 117 | # Add this device to the list of devices to be unmounted | 121 | # Add this device to the list of devices to be unmounted | 
| 118 | ezjail_mds="${ezjail_mds} ${ezjail_device%.bde}" | 122 | case ${ezjail_imagetype} in | 
| 123 | crypto|bde) ezjail_mds="${ezjail_mds} ${ezjail_device%.bde}" ;; | ||
| 124 | eli) ezjail_mds="${ezjail_mds} ${ezjail_device%.eli}" ;; | ||
| 125 | esac | ||
| 119 | 126 | ||
| 120 | # Remove soft link (which acts as a lock) | 127 | # Remove soft link (which acts as a lock) | 
| 121 | rm -f ${ezjail_root}.device | 128 | rm -f ${ezjail_root}.device | 
