#!/bin/sh # #-*- mode: Fundamental; tab-width: 4; -*- # ex:ts=4 # # Copyright (c) 2004 Joe Marcus Clarke # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $Id: mkjail,v 1.5 2004/06/19 06:23:35 marcus Exp $ # ### BEGIN changeable variables jaildir="/usr/jail" srcdir="/usr/src" force="no"; clean_src="yes"; update_src="no" makefile="/etc/make.conf" supfile="/usr/local/etc/cvsup/src-supfile" ### END of changeable variables usage_exit () { echo echo "Usage: $0 -i -n [-m ] [-p ] [-s ]" | fmt 75 79 exit 1 } ## Command line options args=`getopt S:cfi:m:n:p:s:ux $*` if [ $? -ne 0 ]; then usage_exit fi set -- $args for i; do case "$i" in -S) supfile="$2"; shift; shift;; -c) clean_src="yes"; shift;; -f) force="yes"; shift;; -i) jail_ip="$2"; shift; shift;; -m) makefile="$2"; shift; shift;; -n) jail_name="$2"; shift; shift;; -p) jaildir="$2"; shift; shift;; -s) srcdir="$2"; shift; shift;; -u) update_src="yes"; shift;; -x) jail_x11="yes"; shift;; \?) usage_exit; shift;; --) shift; break;; esac done jail=${jaildir}/${jail_ip} ### Bitching as much as I want to... Initial error checking... if [ `id -u` != 0 ]; then echo "ERROR: You must be root to run $0." exit 1 fi if [ -z "${jail_ip}" ]; then echo "ERROR: Please specify an IP address for your jail; aborting..." | fmt 75 79 usage_exit fi if [ -z "${jail_name}" ]; then echo "ERROR: Please provide a name for your jail; aborting..." | fmt 75 79 usage_exit fi if [ -z "${jaildir}" ]; then echo "ERROR: Please specify a location where your jail should be created; aborting..." | fmt 75 79 usage_exit fi if [ -z "${srcdir}" ]; then echo "ERROR: Please specify a location where your src dir is; aborting..." | fmt 75 79 usage_exit fi if [ ${update_src} = "yes" ]; then if [ -z "${supfile}" ]; then echo "ERROR: Update of main ports tree requested but you forgot to set 'supfile' in this script; aborting..." | fmt 75 79 usage_exit fi if [ ! -f ${supfile} ]; then echo "ERROR: Update of main ports tree requested but I could not find 'supfile': ${supfile}; aborting..." | fmt 75 79 usage_exit fi fi if [ ${force} != "yes" ]; then if [ -d ${jail}/usr -o -d ${jaildir}/${jail_name} ]; then echo "ERROR: Either ${jail_ip} or/and ${jail_name} exist, please use jail_upgrade or jail_delete instead, or perhaps it was just a typo. Unless, you had a failure or want to force overwrite then you can use -f flag." | fmt 75 79 exit 1 fi fi ### ### Do we update the source tree? if [ ${update_src} = "yes" ]; then /usr/local/bin/cvsup -g -L 2 ${supfile} if [ $? != 0 ]; then echo "ERROR: Failed to cvsup src tree!" | fmt 75 79 exit 1 fi fi ### ### Build the new jail if [ -n "${makefile}" ]; then export __MAKE_CONF=${makefile} fi if [ ! -f ${srcdir}/Makefile ]; then echo "ERROR: ${srcdir} is missing." | fmt 75 79 exit 1 fi if [ ${clean_src} = "yes" ]; then if [ -d /usr/obj/usr ]; then chflags -R noschg /usr/obj/* rm -rf /usr/obj/* fi cd ${srcdir} make clean ; make cleandir fi cd ${srcdir} mkdir -p ${jail} ln -sf ${jail} ${jaildir}/${jail_name} env DESTDIR=${jail} make world if [ $? != 0 ]; then echo "ERROR: make world failed. See above output." | fmt 75 79 exit 1 fi cd ${srcdir}/etc env DESTDIR=${jail} make distribution if [ $? != 0 ]; then echo "ERROR: make distribution failed. See above output." | fmt 75 79 exit 1 fi if [ ${clean_src} = "yes" ]; then if [ -d /usr/obj/usr ]; then chflags -R noschg /usr/obj/* rm -rf /usr/obj/* fi cd ${srcdir} make clean ; make cleandir fi mount_devfs devfs ${jail}/dev cd ${jail} ln -sf dev/null kernel ### ### Create files, tweak options and etc to have the better default. if [ -f ${jail}/etc/.config_exists ]; then mv -f ${jail}/etc/resolv.conf ${jail}/etc/resolv.conf.bak mv -f ${jail}/etc/rc.conf ${jail}/etc/rc.conf.bak mv -f ${jail}/etc/hosts ${jail}/etc/hosts.bak mv -f ${jail}/etc/profile ${jail}/etc/profile.bak mv -f ${jail}/etc/csh.cshrc ${jail}/etc/csh.cshrc.bak mv -f ${jail}/etc/ssh/sshd_config ${jail}/etc/ssh/sshd_config.bak fi touch ${jail}/etc/.config_exists ln -sf aj ${jail}/etc/malloc.conf touch -f ${jail}/etc/fstab touch -f ${jail}/etc/wall_cmos_clock cp -f /etc/resolv.conf ${jail}/etc/resolv.conf cp -f /etc/localtime ${jail}/etc/localtime chmod 0444 ${jail}/etc/localtime # /etc/rc.conf cat > ${jail}/etc/rc.conf << EOF # -- jail ${jail_name} - (re)installed `date` # `uname -rsp` hostname="${jail_name}" network_interfaces="" sendmail_enable="NONE" rpcbind_enable="NO" sshd_enable="YES" syslogd_flags="-ss" #inetd_enable="YES" #inetd_flags="-wW -a ${jail_ip}" EOF # /etc/hosts cat > ${jail}/etc/hosts << EOF ::1 localhost localhost.my.domain ${jail_name} 127.0.0.1 localhost localhost.my.domain ${jail_name} ${jail_ip} ${jail_name} ${jail_name}.my.domain EOF # /etc/profile cat >> ${jail}/etc/profile << 'EOF' export OSVERSION=$(awk '/^#define __FreeBSD_version/ {print $3}' < /usr/src/sys/sys/param.h) export OSREL=$(awk 'BEGIN {FS="\""}; /^REVISION/ {print $2}' < /usr/src/sys/conf/newvers.sh) export BRANCH=$(awk 'BEGIN {FS="\""}; /^BRANCH/ {print $2}' < /usr/src/sys/conf/newvers.sh) export UNAME_r=${OSREL}-${BRANCH} export UNAME_v="FreeBSD ${OSREL}-${BRANCH} #0: $(date) root@domain:/usr/src/sys/magic/kernel/path" EOF # /etc/csh.cshrc cat >> ${jail}/etc/csh.cshrc << 'EOF' setenv OSVERSION `awk '/^#define __FreeBSD_version/ {print $3}' < /usr/src/sys/sys/param.h` setenv OSREL `awk 'BEGIN {FS="\""}; /^REVISION/ {print $2}' < /usr/src/sys/conf/newvers.sh` setenv BRANCH `awk 'BEGIN {FS="\""}; /^BRANCH/ {print $2}' < /usr/src/sys/conf/newvers.sh` setenv UNAME_r ${OSREL}-${BRANCH} setenv UNAME_v "FreeBSD ${OSREL}-${BRANCH} #0: `date` root@domain:/usr/src/sys/magic/kernel/path" EOF cat >> ${jail}/etc/csh.cshrc << EOF setenv UNAME_n `hostname -s`-${jail_ip} EOF sed -e "s|#ListenAddress 0.0.0.0|ListenAddress ${jail_ip}|g" \ < ${srcdir}/crypto/openssh/sshd_config > ${jail}/etc/ssh/sshd_config chroot ${jail} /usr/bin/newaliases # Do not re-create 'jail' user in case if it already exists. if [ ! -d ${jail}/usr/home/jail ]; then chroot ${jail} /usr/sbin/pw useradd jail -s /bin/sh -m chroot ${jail} /usr/sbin/pw groupmod wheel -m jail chroot ${jail} /bin/sh -c '(echo "jail" | pw usermod jail -h 0)' # /usr/home/jail/.shrc, has to be after above for jail user to be created first cat >> ${jail}/usr/home/jail/.shrc <<-'EOF' PS1="`whoami`@`hostname | sed 's/\..*//'`$ " EOF fi cd ${srcdir} tar -cpf - . | tar -C ${jail}/usr/src -xpf - umount ${jail}/dev # jail_start will mount it again, so avoid to have double. ###