From 554f2293c110c204da69e682f1957ad783a6fde7 Mon Sep 17 00:00:00 2001 From: Chris Wells Date: Sat, 28 Nov 2020 17:21:44 -0500 Subject: [PATCH] Add ability to convert "hook" files to Bastillefile format. --- README.md | 7 ++- usr/local/bin/bastille | 3 ++ usr/local/share/bastille/template.sh | 65 ++++++++++++++++++++++++---- 3 files changed, 66 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 0ca7694a..02d83857 100644 --- a/README.md +++ b/README.md @@ -679,7 +679,7 @@ Note: SYSRC requires NO quotes or that quotes (`"`) be escaped. ie; `\"`) Any name provided in the ARG file can be used as a variable in the other hooks. For example, `name=value` in the ARG file will cause instances of `${name}` to be replaced with `value`. The `RENDER` hook can be used to specify existing files or -directories inside the jail whose contents should have the variables replaced. Values can be +directories inside the jail whose contents should have the variables replaced. Values can be specified either through the command line when applying the template or as a default in the ARG file. @@ -748,6 +748,11 @@ CMD hostname > /usr/local/www/nginx-dist/hostname.txt RDR tcp 80 80 ``` +Use the following command to convert a hook-based template into the Bastillefile format: +```shell +bastille template --convert my-template +``` + Applying Templates ------------------ diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index b984f342..ebf3094f 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -153,6 +153,9 @@ clone|cmd|console|convert|cp|edit|export|htop|limits|mount|pkg|rename|service|st JAILS="${JAILS} ${_jail}" fi done + elif [ "${CMD}" = 'template' ] && [ "${TARGET}" = '--convert' ]; then + # This command does not act on a jail, so we are temporarily bypassing the presence/started + # checks. The command will simply convert a template from hooks to a Bastillefile. -- cwells else JAILS=$(jls name | awk "/^${TARGET}$/") diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index 2f1e7a7e..9efeea3b 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -32,7 +32,7 @@ . /usr/local/etc/bastille/bastille.conf bastille_usage() { - error_exit "Usage: bastille template TARGET project/template" + error_exit "Usage: bastille template TARGET|--convert project/template" } post_command_hook() { @@ -116,7 +116,61 @@ if [ $# -lt 1 ]; then bastille_usage fi +## global variables TEMPLATE="${1}" +bastille_template=${bastille_templatesdir}/${TEMPLATE} +if [ -z "${HOOKS}" ]; then + HOOKS='LIMITS INCLUDE PRE FSTAB PF PKG OVERLAY CONFIG SYSRC SERVICE CMD RENDER' +fi + +# Special case conversion of hook-style template files into a Bastillefile. -- cwells +if [ "${TARGET}" = '--convert' ]; then + if [ -d "${TEMPLATE}" ]; then # A relative path was provided. -- cwells + cd "${TEMPLATE}" + elif [ -d "${bastille_template}" ]; then + cd "${bastille_template}" + else + error_exit "Template not found: ${TEMPLATE}" + fi + + echo "Converting template: ${TEMPLATE}" + + HOOKS="ARG ${HOOKS}" + for _hook in ${HOOKS}; do + if [ -s "${_hook}" ]; then + # Default command is the hook name and default args are the line from the file. -- cwells + _cmd="${_hook}" + _args_template='${_line}' + + # Replace old hook names with Bastille command names. -- cwells + case ${_hook} in + CONFIG|OVERLAY) + _cmd='CP' + _args_template='${_line} /' + ;; + FSTAB) + _cmd='MOUNT' ;; + PF) + _cmd='RDR' ;; + PRE) + _cmd='CMD' ;; + esac + + while read _line; do + if [ -z "${_line}" ]; then + continue + fi + eval "_args=\"${_args_template}\"" + echo "${_cmd} ${_args}" >> Bastillefile + done < "${_hook}" + echo '' >> Bastillefile + rm "${_hook}" + fi + done + + info "Template converted: ${TEMPLATE}" + exit 0 +fi case ${TEMPLATE} in http?://github.com/*/*|http?://gitlab.com/*/*) @@ -128,6 +182,7 @@ case ${TEMPLATE} in fi fi TEMPLATE="${TEMPLATE_DIR}" + bastille_template=${bastille_templatesdir}/${TEMPLATE} ;; */*) if [ ! -d "${bastille_templatesdir}/${TEMPLATE}" ]; then @@ -142,10 +197,6 @@ if [ -z "${JAILS}" ]; then error_exit "Container ${TARGET} is not running." fi -if [ -z "${HOOKS}" ]; then - HOOKS='LIMITS INCLUDE PRE FSTAB PF PKG OVERLAY CONFIG SYSRC SERVICE CMD RENDER' -fi - # Check for an --arg-file parameter. -- cwells for _script_arg in "$@"; do case ${_script_arg} in @@ -166,8 +217,6 @@ if [ -n "${ARG_FILE}" ] && [ ! -f "${ARG_FILE}" ]; then error_exit "File not found: ${ARG_FILE}" fi -## global variables -bastille_template=${bastille_templatesdir}/${TEMPLATE} for _jail in ${JAILS}; do ## jail-specific variables. bastille_jail_path=$(jls -j "${_jail}" path) @@ -322,6 +371,6 @@ for _jail in ${JAILS}; do fi done - info "Template complete." + info "Template applied: ${TEMPLATE}" echo done