yo/gocage
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Compare commits

base: yo:310564b4aff9225f25916f96741bad4f219aa552
Branches Tags
yo:master
yo:api
yo:v0.42
yo:v0.41
yo:v0.40
yo:v0.39
yo:v0.38
yo:v0.37
yo:v0.35
yo:v0.34
yo:v0.31
yo:v0.30
yo:v0.29f
yo:v0.25
yo:v0.24
yo:v0.23
yo:v0.22a
yo:v0.2
..
compare: yo:09b807c78e663af4483b9ef34f67e352ab876b91
Branches Tags
yo:master
yo:api
yo:v0.42
yo:v0.41
yo:v0.40
yo:v0.39
yo:v0.38
yo:v0.37
yo:v0.35
yo:v0.34
yo:v0.31
yo:v0.30
yo:v0.29f
yo:v0.25
yo:v0.24
yo:v0.23
yo:v0.22a
yo:v0.2

No commits in common. "310564b4aff9225f25916f96741bad4f219aa552" and "09b807c78e663af4483b9ef34f67e352ab876b91" have entirely different histories.
310564b4af ... 09b807c78e

6 changed files with 140 additions and 364 deletions
Show Stats Expand all files Collapse all files

1
cmd/console.go
View File

@ -33,6 +33,7 @@ func shellJail(jail *Jail) error {
jid := strconv.Itoa(jail.JID)
//err := syscall.Exec("/usr/sbin/jexec", []string{"jexec", jid, "/bin/csh"}, os.Environ())
err := syscall.Exec("/usr/sbin/jexec", []string{"jexec", jid, "login", "-f", "root"}, os.Environ())
// We should never get here, as syscall.Exec replace the gocage binary execution with jexec

85
cmd/freebsd-update.conf.go
View File

@ -1,85 +0,0 @@
package cmd
const (
fbsdUpdateConfig = `
# $FreeBSD$
# Trusted keyprint. Changing this is a Bad Idea unless you've received
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
# change it and explaining why.
KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
# Server or server pool from which to fetch updates. You can change
# this to point at a specific server if you want, but in most cases
# using a "nearby" server won't provide a measurable improvement in
# performance.
ServerName update.FreeBSD.org
# Components of the base system which should be kept updated.
Components world
# Example for updating the userland and the kernel source code only:
# Components src/base src/sys world
# Paths which start with anything matching an entry in an IgnorePaths
# statement will be ignored.
IgnorePaths
# Paths which start with anything matching an entry in an IDSIgnorePaths
# statement will be ignored by "freebsd-update IDS".
IDSIgnorePaths /usr/share/man/cat
IDSIgnorePaths /usr/share/man/whatis
IDSIgnorePaths /var/db/locate.database
IDSIgnorePaths /var/log
# Paths which start with anything matching an entry in an UpdateIfUnmodified
# statement will only be updated if the contents of the file have not been
# modified by the user (unless changes are merged; see below).
UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile
# When upgrading to a new FreeBSD release, files which match MergeChanges
# will have any local changes merged into the version from the new release.
MergeChanges /etc/
### Default configuration options:
# Directory in which to store downloaded updates and temporary
# files used by FreeBSD Update.
WorkDir /iocage/freebsd-update
# Destination to send output of "freebsd-update cron" if an error
# occurs or updates have been downloaded.
# MailTo root
# Is FreeBSD Update allowed to create new files?
# AllowAdd yes
# Is FreeBSD Update allowed to delete files?
# AllowDelete yes
# If the user has modified file ownership, permissions, or flags, should
# FreeBSD Update retain this modified metadata when installing a new version
# of that file?
# KeepModifiedMetadata yes
# When upgrading between releases, should the list of Components be
# read strictly (StrictComponents yes) or merely as a list of components
# which *might* be installed of which FreeBSD Update should figure out
# which actually are installed and upgrade those (StrictComponents no)?
StrictComponents yes
# When installing a new kernel perform a backup of the old one first
# so it is possible to boot the old kernel in case of problems.
BackupKernel no
# If BackupKernel is enabled, the backup kernel is saved to this
# directory.
# BackupKernelDir /boot/kernel.old
# When backing up a kernel also back up debug symbol files?
BackupKernelSymbolFiles no
# Create a new boot environment when installing patches
CreateBootEnv no
`
)

23
cmd/root.go
View File

@ -15,7 +15,7 @@ import (
)
const (
gVersion = "0.36a"
gVersion = "0.35"
// TODO : Get from $jail_zpool/defaults.json
MIN_DYN_DEVFS_RULESET = 1000
@ -55,7 +55,6 @@ var (
gFetchRelease string
gFetchIntoDS string
gFetchFrom string
gUpgradeRelease string
gMdevfs sync.Mutex
@ -141,6 +140,8 @@ ex: gocage list srv-db srv-web`,
},
}
restartCmd = &cobra.Command{
Use: "restart",
Short: "restart jail",
@ -304,7 +305,7 @@ You can specify multiple datastores.`,
},
}
updateCmd = &cobra.Command{
UpdateCmd = &cobra.Command{
Use: "update",
Short: "Update FreeBSD release",
Run: func(cmd *cobra.Command, args []string) {
@ -313,15 +314,6 @@ You can specify multiple datastores.`,
},
}
upgradeCmd = &cobra.Command{
Use: "upgrade",
Short: "Upgrade FreeBSD release",
Run: func(cmd *cobra.Command, args []string) {
ListJails(args, false)
UpgradeJail(args)
},
}
testCmd = &cobra.Command{
Use: "test",
Short: "temporary command to test some code snippet",
@ -381,8 +373,6 @@ func init() {
fetchCmd.MarkFlagRequired("release")
fetchCmd.MarkFlagRequired("datastore")
upgradeCmd.Flags().StringVarP(&gUpgradeRelease, "release", "r", "", "Release to upgrade to (e.g.: \"13.1-RELEASE\"")
upgradeCmd.MarkFlagRequired("release")
// Now declare commands
rootCmd.AddCommand(versionCmd)
@ -399,8 +389,7 @@ func init() {
rootCmd.AddCommand(migrateCmd)
rootCmd.AddCommand(datastoreCmd)
rootCmd.AddCommand(fetchCmd)
rootCmd.AddCommand(updateCmd)
rootCmd.AddCommand(upgradeCmd)
rootCmd.AddCommand(UpdateCmd)
rootCmd.AddCommand(testCmd)
@ -533,8 +522,6 @@ func WriteConfigToDisk(jailName string, changeauto bool, forceWrite bool) {
//fmt.Printf("DEBUG: Will write config to disk, with content:\n")
//fmt.Printf(string(marshaled))
fmt.Printf("DEBUG: Will write config to disk, Config.Release=%s\n", jc.Release)
fmt.Printf("DEBUG: Will write config to disk, Config.Last_started=%s\n", jc.Last_started)
if os.WriteFile(j.ConfigPath, []byte(marshaled), 0644); err != nil {
fmt.Printf("Error writing config file %s: %v\n", j.ConfigPath, err)

100
cmd/update.go
View File

@ -7,9 +7,93 @@ import (
"time"
)
const (
fbsdUpdateConfig = `
# $FreeBSD: releng/12.2/usr.sbin/freebsd-update/freebsd-update.conf 337338 2018-08-04 22:25:41Z brd $
# Trusted keyprint. Changing this is a Bad Idea unless you've received
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
# change it and explaining why.
KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
# Server or server pool from which to fetch updates. You can change
# this to point at a specific server if you want, but in most cases
# using a "nearby" server won't provide a measurable improvement in
# performance.
ServerName update.FreeBSD.org
# Components of the base system which should be kept updated.
Components world
# Example for updating the userland and the kernel source code only:
# Components src/base src/sys world
# Paths which start with anything matching an entry in an IgnorePaths
# statement will be ignored.
IgnorePaths
# Paths which start with anything matching an entry in an IDSIgnorePaths
# statement will be ignored by "freebsd-update IDS".
IDSIgnorePaths /usr/share/man/cat
IDSIgnorePaths /usr/share/man/whatis
IDSIgnorePaths /var/db/locate.database
IDSIgnorePaths /var/log
# Paths which start with anything matching an entry in an UpdateIfUnmodified
# statement will only be updated if the contents of the file have not been
# modified by the user (unless changes are merged; see below).
UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile
# When upgrading to a new FreeBSD release, files which match MergeChanges
# will have any local changes merged into the version from the new release.
MergeChanges /etc/
### Default configuration options:
# Directory in which to store downloaded updates and temporary
# files used by FreeBSD Update.
# WorkDir /var/db/freebsd-update
# Destination to send output of "freebsd-update cron" if an error
# occurs or updates have been downloaded.
# MailTo root
# Is FreeBSD Update allowed to create new files?
# AllowAdd yes
# Is FreeBSD Update allowed to delete files?
# AllowDelete yes
# If the user has modified file ownership, permissions, or flags, should
# FreeBSD Update retain this modified metadata when installing a new version
# of that file?
# KeepModifiedMetadata yes
# When upgrading between releases, should the list of Components be
# read strictly (StrictComponents yes) or merely as a list of components
# which *might* be installed of which FreeBSD Update should figure out
# which actually are installed and upgrade those (StrictComponents no)?
# StrictComponents no
# When installing a new kernel perform a backup of the old one first
# so it is possible to boot the old kernel in case of problems.
# BackupKernel yes
# If BackupKernel is enabled, the backup kernel is saved to this
# directory.
# BackupKernelDir /boot/kernel.old
# When backing up a kernel also back up debug symbol files?
# BackupKernelSymbolFiles no
# Create a new boot environment when installing patches
# CreateBootEnv yes
`
)
// Internal usage only
func updateJail(jail *Jail) error {
// Create default config as temporary file
cfgFile, err := os.CreateTemp("", "gocage-jail-update-")
if err != nil {
@ -19,28 +103,20 @@ func updateJail(jail *Jail) error {
cfgFile.Write([]byte(fbsdUpdateConfig))
defer cfgFile.Close()
defer os.Remove(cfgFile.Name())
// Folder containing update/uipgrade temporary files. Common so we save bandwith when upgrading multiple jails
// TODO: Variabilize /iocage/freebsd-update
_, err = os.Stat("/iocage/freebsd-update")
if os.IsNotExist(err) {
if err := os.Mkdir("/iocage/freebsd-update", 0755); err != nil {
return err
}
}
//defer os.Remove(cfgFile.Name())
cmd := fmt.Sprintf("/usr/sbin/freebsd-update --not-running-from-cron -f %s -b %s --currently-running %s fetch install",
cfgFile.Name(), jail.RootPath, jail.Config.Release)
//fmt.Printf("DEBUG: Prepare to execute \"%s\"\n", cmd)
fmt.Printf("DEBUG: Prepare to execute \"%s\"\n", cmd)
err = executeCommandWithOutputToStdout(cmd)
if err != nil {
return err
}
// TODO : Get and write new release into config.json
// Get and write new release into config.json
return nil
}

124
cmd/upgrade.go
View File

@ -1,124 +0,0 @@
package cmd
import (
"os"
"fmt"
//"log"
"time"
"strings"
)
// Internal usage only
func upgradeJail(jail *Jail, version string) error {
// Create default config as temporary file
cfgFile, err := os.CreateTemp("", "gocage-jail-upgrade-")
if err != nil {
return err
}
cfgFile.Write([]byte(fbsdUpdateConfig))
defer cfgFile.Close()
defer os.Remove(cfgFile.Name())
// Folder containing update/uipgrade temporary files. Common so we save bandwith when upgrading multiple jails
// TODO: Variabilize /iocage/freebsd-update
_, err = os.Stat("/iocage/freebsd-update")
if os.IsNotExist(err) {
if err := os.Mkdir("/iocage/freebsd-update", 0755); err != nil {
return err
}
}
// Get current version. Won't work on stopped jail.
fbsdvers, err := executeCommandInJail(jail, "/bin/freebsd-version")
if err != nil {
fmt.Printf("ERROR executeCommandInJail: %s\n", err.Error())
return err
}
fbsdvers = strings.TrimRight(fbsdvers, "\n")
//fbsdvers := jail.Config.Release
cmd := fmt.Sprintf("/usr/sbin/freebsd-update -f %s -b %s --currently-running %s -r %s upgrade",
cfgFile.Name(), jail.RootPath, fbsdvers, version)
//fmt.Printf("DEBUG: Prepare to execute \"%s\"\n", cmd)
// Need to give user control, bc there could be merge edit needs
err = executeCommandWithStdinStdoutStderr(cmd)
if err != nil {
return err
}
cmd = fmt.Sprintf("/usr/sbin/freebsd-update -f %s -b %s --currently-running %s -r %s install",
cfgFile.Name(), jail.RootPath, fbsdvers, version)
//fmt.Printf("DEBUG: Prepare to execute \"%s\"\n", cmd)
err = executeCommandWithStdinStdoutStderr(cmd)
if err != nil {
return err
}
cmd = fmt.Sprintf("/usr/sbin/freebsd-update -f %s -b %s --currently-running %s -r %s install",
cfgFile.Name(), jail.RootPath, fbsdvers, version)
//fmt.Printf("DEBUG: Prepare to execute \"%s\"\n", cmd)
err = executeCommandWithStdinStdoutStderr(cmd)
if err != nil {
return err
}
cmd = fmt.Sprintf("/usr/local/sbin/pkg-static -j %d install -q -f -y pkg", jail.JID)
err = executeCommandWithStdinStdoutStderr(cmd)
if err != nil {
return err
}
// Get and write new release into config.json
return nil
}
func UpgradeJail(args []string) {
// Current jail were stopping
var cj *Jail
var err error
for _, a := range args {
// Check if jail exist and is distinctly named
cj, err = getJailFromArray(a, gJails)
if err != nil {
fmt.Printf("Error getting jail: %s\n", err)
continue
}
if cj.Running == false {
fmt.Printf("Error: jail must be running for upgrade.\n")
return
}
fmt.Printf(" > Snapshot jail %s\n", cj.Name)
// Set snapshot name
dt := time.Now()
curDate := fmt.Sprintf("%s", dt.Format("2006-01-02_15-04-05"))
gSnapshotName = fmt.Sprintf("goc_upgrade_%s_%s", cj.Config.Release, curDate)
err := createJailSnapshot(*cj)
if err != nil {
fmt.Printf(" > Snapshot jail %s: ERROR: %s\n", cj.Name, err.Error())
return
}
fmt.Printf(" > Snapshot jail %s: OK\n", cj.Name)
fmt.Printf(" > Upgrade jail %s to %s\n", cj.Name, gUpgradeRelease)
err = upgradeJail(cj, gUpgradeRelease)
if err != nil {
fmt.Printf("ERROR: %s\n", err.Error())
} else {
fmt.Printf(" > Upgrade jail %s: OK\n", cj.Name)
}
}
}

131
cmd/utils.go
View File

@ -365,83 +365,9 @@ func executeCommandWithOutputToStdout(cmdline string) (error) {
return fmt.Errorf("Unknown error: you shouldn't be here!\n")
}
/* Execute command plugging stdin and stdout to those of the running command.
* Blocking while the command run
*/
func executeCommandWithStdinStdoutStderr(cmdline string) (error) {
var cmd []string
if gUseSudo {
cmd = append(cmd, "sudo")
}
var word string
var in_escaped bool
// Split by words, or " enclosed words
for i, c := range (cmdline) {
if string(c) == "\"" {
if in_escaped {
// This is the closing "
cmd = append(cmd, word)
in_escaped = false
} else {
in_escaped = true
}
continue
}
if string(c) == " " {
if in_escaped {
word = word + string(c)
continue
} else {
cmd = append(cmd, word)
word = ""
continue
}
}
if i == (len(cmdline) - 1) {
word = word + string(c)
cmd = append(cmd, word)
break
}
// else
word = word + string(c)
}
var command *exec.Cmd
if len(cmd) > 1 {
command = exec.Command(cmd[0], cmd[1:]...)
} else {
command = exec.Command(cmd[0])
}
// Get environment
command.Env = os.Environ()
// Connect command to current stdin/out/err
command.Stdin = os.Stdin
command.Stdout = os.Stdout
command.Stderr = os.Stderr
if err := command.Start(); err != nil {
return err
}
err := command.Wait()
return err
}
func executeCommandInJail(jail *Jail, cmdline string) (string, error) {
var cmd []string
// We can't execute on non-running jail
if jail.Running == false {
return "", errors.New("Can't execute command on stopped jail")
}
if gUseSudo {
cmd = append(cmd, "sudo")
}
@ -489,10 +415,6 @@ func executeCommandInJail(jail *Jail, cmdline string) (string, error) {
word = word + string(c)
}
if gDebug {
fmt.Printf("DEBUG: executeCommandInJail: prepare to execute \"%s\"\n", cmd)
}
out, err := exec.Command(cmd[0], cmd[1:]...).CombinedOutput()
return string(out), err
@ -780,33 +702,6 @@ func copyDevfsRuleset(ruleset int, srcrs int) error {
return nil
}
/********************************************************************************
* Add a rule to specified ruleset
* Ex.: addDevfsRuleToRuleset("path bpf* unhide", 1002)
*******************************************************************************/
func addDevfsRuleToRuleset(rule string, ruleset int) error {
// TODO: Check if rule not already enabled. We will need to recurse into includes.
// Get last rule index
rules := getDevfsRuleset(ruleset)
if len(rules) == 0 {
fmt.Printf("Error listing ruleset %d\n", ruleset)
return errors.New(fmt.Sprintf("Error listing rueset %d\n", ruleset))
}
f := strings.Fields(rules[(len(rules)-1)])
//fmt.Printf("Dernier index du ruleset %d: %s\n", ruleset, f[0])
index, _ := strconv.Atoi(f[0])
index += 100
cmd := fmt.Sprintf("/sbin/devfs rule -s %d add %d %s", ruleset, index, rule)
out, err := executeCommand(cmd)
if err != nil {
return errors.New(fmt.Sprintf("Error adding rule \"%s\" to ruleset %d: %s", rule, ruleset, out))
}
return nil
}
/********************************************************************************
* Returns value of parameter as read in /var/run/jail.$InternalName.conf
* Directives without value will return "true" if found
@ -835,6 +730,32 @@ func getValueFromRunningConfig(jname string, param string) (string, error) {
return "", fmt.Errorf("Parameter not found: %s", param)
}
/********************************************************************************
* Add a rule to specified ruleset
* Ex.: addDevfsRuleToRuleset("path bpf* unhide", 1002)
*******************************************************************************/
func addDevfsRuleToRuleset(rule string, ruleset int) error {
// TODO: Check if rule not already enabled. We will need to recurse into includes.
// Get last rule index
rules := getDevfsRuleset(ruleset)
if len(rules) == 0 {
fmt.Printf("Error listing ruleset %d\n", ruleset)
return errors.New(fmt.Sprintf("Error listing rueset %d\n", ruleset))
}
f := strings.Fields(rules[(len(rules)-1)])
//fmt.Printf("Dernier index du ruleset %d: %s\n", ruleset, f[0])
index, _ := strconv.Atoi(f[0])
index += 100
cmd := fmt.Sprintf("/sbin/devfs rule -s %d add %d %s", ruleset, index, rule)
out, err := executeCommand(cmd)
if err != nil {
return errors.New(fmt.Sprintf("Error adding rule \"%s\" to ruleset %d: %s", rule, ruleset, out))
}
return nil
}
/******************************************************************************