#!/bin/sh
#
#-*- mode: Fundamental; tab-width: 4; -*-
# ex:ts=4
#
# Copyright (c) 2004 Joe Marcus Clarke <marcus@FreeBSD.org>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $Id: mkjail,v 1.5 2004/06/19 06:23:35 marcus Exp $
#

### BEGIN changeable variables
jaildir="/usr/jail"
srcdir="/usr/src"
force="no";
clean_src="yes";
update_src="no"
makefile="/etc/make.conf"
supfile="/usr/local/etc/cvsup/src-supfile"
### END of changeable variables

usage_exit () {
	echo
	echo "Usage: $0 -i <IP address> -n <jail name> [-m <make.conf path>] [-p <jail path>] [-s <src directory>]" | fmt 75 79
	exit 1
}

## Command line options
args=`getopt S:cfi:m:n:p:s:ux $*`

if [ $? -ne 0 ]; then
	usage_exit
fi

set -- $args

for i; do
	case "$i" in
		-S)
			supfile="$2"; shift;
			shift;;
		-c)
			clean_src="yes";
			shift;;
		-f)
			force="yes";
			shift;;
		-i)
			jail_ip="$2"; shift;
			shift;;
		-m)
			makefile="$2"; shift;
			shift;;
		-n)
			jail_name="$2"; shift;
			shift;;
		-p)
			jaildir="$2"; shift;
			shift;;
		-s)
			srcdir="$2"; shift;
			shift;;
		-u)
			update_src="yes";
			shift;;
		-x)
			jail_x11="yes";
			shift;;
		\?)
			usage_exit;
			shift;;
		--)
			shift; break;;
	esac
done

jail=${jaildir}/${jail_ip}

### Bitching as much as I want to... Initial error checking...
if [ `id -u` != 0 ]; then
	echo "ERROR: You must be root to run $0."
	exit 1
fi

if [ -z "${jail_ip}" ]; then
	echo "ERROR: Please specify an IP address for your jail; aborting..." | fmt 75 79
	usage_exit
fi

if [ -z "${jail_name}" ]; then
	echo "ERROR: Please provide a name for your jail; aborting..." | fmt 75 79
	usage_exit
fi

if [ -z "${jaildir}" ]; then
	echo "ERROR: Please specify a location where your jail should be created; aborting..." | fmt 75 79
	usage_exit
fi

if [ -z "${srcdir}" ]; then
	echo "ERROR: Please specify a location where your src dir is; aborting..." | fmt 75 79
	usage_exit
fi

if [ ${update_src} = "yes" ]; then
	if [ -z "${supfile}" ]; then
		echo "ERROR: Update of main ports tree requested but you forgot to set 'supfile' in this script; aborting..." | fmt 75 79
		usage_exit
	fi
	if [ ! -f ${supfile} ]; then
		echo "ERROR: Update of main ports tree requested but I could not find 'supfile': ${supfile}; aborting..." | fmt 75 79
		usage_exit
	fi
fi

if [ ${force} != "yes" ]; then
	if [ -d ${jail}/usr -o -d ${jaildir}/${jail_name} ]; then
		echo "ERROR: Either ${jail_ip} or/and ${jail_name} exist, please use jail_upgrade or jail_delete instead, or perhaps it was just a typo. Unless, you had a failure or want to force overwrite then you can use -f flag." | fmt 75 79
		exit 1
	fi
fi
###

### Do we update the source tree?
if [ ${update_src} = "yes" ]; then
	/usr/local/bin/cvsup -g -L 2 ${supfile}

	if [ $? != 0 ]; then
		echo "ERROR: Failed to cvsup src tree!" | fmt 75 79
		exit 1
	fi
fi
###

### Build the new jail
if [ -n "${makefile}" ]; then
	export __MAKE_CONF=${makefile}
fi

if [ ! -f ${srcdir}/Makefile ]; then
	echo "ERROR: ${srcdir} is missing." | fmt 75 79
	exit 1
fi

if [ ${clean_src} = "yes" ]; then
	if [ -d /usr/obj/usr ]; then
		chflags -R noschg /usr/obj/*
		rm -rf /usr/obj/*
	fi

	cd ${srcdir}
	make clean ; make cleandir
fi

cd ${srcdir}
mkdir -p ${jail}
ln -sf ${jail} ${jaildir}/${jail_name}
env DESTDIR=${jail} make world

if [ $? != 0 ]; then
	echo "ERROR: make world failed.  See above output." | fmt 75 79
	exit 1
fi

cd ${srcdir}/etc
env DESTDIR=${jail} make distribution

if [ $? != 0 ]; then
	echo "ERROR: make distribution failed.  See above output." | fmt 75 79
	exit 1
fi

if [ ${clean_src} = "yes" ]; then
	if [ -d /usr/obj/usr ]; then
		chflags -R noschg /usr/obj/*
		rm -rf /usr/obj/*
	fi

	cd ${srcdir}
	make clean ; make cleandir
fi

mount_devfs devfs ${jail}/dev
cd ${jail}
ln -sf dev/null kernel
###

### Create files, tweak options and etc to have the better default.
if [ -f ${jail}/etc/.config_exists ]; then
	mv -f ${jail}/etc/resolv.conf ${jail}/etc/resolv.conf.bak
	mv -f ${jail}/etc/rc.conf ${jail}/etc/rc.conf.bak
	mv -f ${jail}/etc/hosts ${jail}/etc/hosts.bak
	mv -f ${jail}/etc/profile ${jail}/etc/profile.bak
	mv -f ${jail}/etc/csh.cshrc ${jail}/etc/csh.cshrc.bak
	mv -f ${jail}/etc/ssh/sshd_config ${jail}/etc/ssh/sshd_config.bak
fi

touch ${jail}/etc/.config_exists
ln -sf aj ${jail}/etc/malloc.conf
touch -f ${jail}/etc/fstab
touch -f ${jail}/etc/wall_cmos_clock
cp -f /etc/resolv.conf ${jail}/etc/resolv.conf
cp -f /etc/localtime ${jail}/etc/localtime
chmod 0444 ${jail}/etc/localtime

# /etc/rc.conf
cat > ${jail}/etc/rc.conf << EOF
# -- jail ${jail_name} - (re)installed `date`
#    `uname -rsp`
hostname="${jail_name}"
network_interfaces=""
sendmail_enable="NONE"
rpcbind_enable="NO"
sshd_enable="YES"
syslogd_flags="-ss"
#inetd_enable="YES"
#inetd_flags="-wW -a ${jail_ip}"
EOF

# /etc/hosts
cat > ${jail}/etc/hosts << EOF
::1			localhost localhost.my.domain ${jail_name}
127.0.0.1		localhost localhost.my.domain ${jail_name}
${jail_ip}		${jail_name} ${jail_name}.my.domain
EOF

# /etc/profile
cat >> ${jail}/etc/profile << 'EOF'
export OSVERSION=$(awk '/^#define __FreeBSD_version/ {print $3}' < /usr/src/sys/sys/param.h)
export OSREL=$(awk 'BEGIN {FS="\""}; /^REVISION/ {print $2}' < /usr/src/sys/conf/newvers.sh)
export BRANCH=$(awk 'BEGIN {FS="\""}; /^BRANCH/ {print $2}' < /usr/src/sys/conf/newvers.sh)
export UNAME_r=${OSREL}-${BRANCH}
export UNAME_v="FreeBSD ${OSREL}-${BRANCH} #0: $(date)    root@domain:/usr/src/sys/magic/kernel/path"
EOF

# /etc/csh.cshrc
cat >> ${jail}/etc/csh.cshrc << 'EOF'
setenv OSVERSION `awk '/^#define __FreeBSD_version/ {print $3}' < /usr/src/sys/sys/param.h`
setenv OSREL `awk 'BEGIN {FS="\""}; /^REVISION/ {print $2}' < /usr/src/sys/conf/newvers.sh`
setenv BRANCH `awk 'BEGIN {FS="\""}; /^BRANCH/ {print $2}' < /usr/src/sys/conf/newvers.sh`
setenv UNAME_r ${OSREL}-${BRANCH}
setenv UNAME_v "FreeBSD ${OSREL}-${BRANCH} #0: `date`    root@domain:/usr/src/sys/magic/kernel/path"
EOF

cat >> ${jail}/etc/csh.cshrc << EOF
setenv UNAME_n `hostname -s`-${jail_ip}
EOF

sed -e "s|#ListenAddress 0.0.0.0|ListenAddress ${jail_ip}|g" \
	< ${srcdir}/crypto/openssh/sshd_config > ${jail}/etc/ssh/sshd_config

chroot ${jail} /usr/bin/newaliases

# Do not re-create 'jail' user in case if it already exists.
if [ ! -d ${jail}/usr/home/jail ]; then
	chroot ${jail} /usr/sbin/pw useradd jail -s /bin/sh -m
	chroot ${jail} /usr/sbin/pw groupmod wheel -m jail
	chroot ${jail} /bin/sh -c '(echo "jail" | pw usermod jail -h 0)'

# /usr/home/jail/.shrc, has to be after above for jail user to be created first
	cat >> ${jail}/usr/home/jail/.shrc <<-'EOF'
	PS1="`whoami`@`hostname | sed 's/\..*//'`$ "
	EOF
fi

cd ${srcdir}
tar -cpf - . | tar -C ${jail}/usr/src -xpf -
umount ${jail}/dev # jail_start will mount it again, so avoid to have double.
###