From 720c479e731f25e8d54386c27687cca34df8af6f Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Wed, 2 Jan 2019 12:13:38 -0500
Subject: [PATCH 01/52] Improved documentation for example script

Added the description of variables to change into the zzz_evobackup
script comments and updated the path to the repository.
---
 zzz_evobackup | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/zzz_evobackup b/zzz_evobackup
index 6ac5a75..5524448 100755
--- a/zzz_evobackup
+++ b/zzz_evobackup
@@ -1,12 +1,20 @@
 #!/bin/sh
 #
 # Script Evobackup client
-# See https://forge.evolix.org/projects/evobackup
+# See https://gitea.evolix.org/evolix/evobackup
 # 
 # Author: Gregory Colpart <reg@evolix.fr>
 # Contributor: Romain Dessort <rdessort@evolix.fr>, Benoît Série <bserie@evolix.fr>, Tristan Pilat <tpilat@evolix.fr>, Victor Laborie <vlaborie@evolix.fr>,  Jérémy Lecour <jlecour@evolix.fr>
 # Licence: AGPLv3
 #
+# The following variables must be changed:
+# SSH_PORT: The Port used for the ssh(1) jail on the backup server
+# MAIL: The email address to send notifications to.
+# SRV: The hostname or IP address of the backup server.
+# 
+# You must then uncomment the various
+# examples that best suit your case
+#
 
 PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin
 

From 48fb7324d83e4815e5806c65d2f38dc8b2f96de4 Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Wed, 2 Jan 2019 12:20:41 -0500
Subject: [PATCH 02/52] Improved README.md and adjacent files.

 * Fixed the english in README.md and docs/debian.md
 * Moved installation instructions from README.md to docs/install.md
 * Reworked the rest of README.md
 * Added a few comments to bkctld.conf
---
 README.md       | 98 ++++++++++++++++++++-----------------------------
 bkctld.conf     |  5 ++-
 docs/debian.md  |  5 ++-
 docs/install.md | 47 ++++++++++++++++++++++++
 4 files changed, 93 insertions(+), 62 deletions(-)
 create mode 100644 docs/install.md

diff --git a/README.md b/README.md
index 5f77184..8e7e9c2 100644
--- a/README.md
+++ b/README.md
@@ -1,15 +1,18 @@
 Bkctld (aka evobackup)
 =========
 
-Bkctld is a shell script to create and manage a backup server which will
-handle the backup of many servers (clients). Licence is AGPLv3.
+Bkctld is a shell script that creates and manages a backup server
+which can handle the backups of many other servers (clients). It
+is licensed under the AGPLv3.
 
-The main principle uses SSH chroot (called "jails" in the FreeBSD
-world) for each client to backup. Each client will upload his data every day
-using rsync in his chroot (using root account).
-Incrementals are stored outside of the chroot using hard links or btrfs snapshots.
-(So incrementals are not available for clients). Using this method we can keep tens 
-of backup of each client securely and not using too much space.
+It uses SSH chroots (called "jails" in the FreeBSD world) to sandbox
+every clients backups. Each client will upload it's data every day
+using rsync in it's chroot (using the root account).  Prior backups
+are stored incrementally outside of the chroot using hard links or
+BTRFS snapshots.  (So they can not be affected by the client). 
+
+Using this method, we can keep a large quantity of backups of each
+client securely and efficiently.
 
 ~~~
                                     Backup server
@@ -20,56 +23,23 @@ Server 2 ------ SSH/rsync ------->  * tcp/2223 *
                                     ************
 ~~~
 
-This method uses standard tools (ssh, rsync, cp -al, btrfs subvolume). EvoBackup 
-is used for many years by Evolix for back up each day hundreds of servers which
- uses many terabytes of data.
+This method uses standard tools (ssh, rsync, cp -al, btrfs subvolume)
+and has been used for many years by Evolix to backup hundreds of
+servers, totaling many terabytes of data, each day.  bkctld has
+been tested on Debian Jessie and should be compatible with other
+Debian versions or derived distributions like Ubuntu.
 
-bkctld was test on Debian Jessie. It can be compatible with other Debian version
-or derivated distribution like Ubuntu or Debian Wheezy.
-
-A big size volume must be mount on /backup, we recommend usage of **btrfs** for
-subvolume and snapshot fonctionnality.
-This volume can be encrypted by **luks** for security reason.
+A large enough volume must be mounted on `/backup`, we recommend
+the usage of **BTRFS** so you can use sub-volumes and snapshots.
+This volume can also be encrypted with **LUKS**.
 
 ## Install
 
-A Debian package is available in Evolix repository
+See the [installation guide](docs/install.md) for instructions.
 
-~~~
-echo "http://pub.evolix.net/ jessie/" >> /etc/apt/sources.list
-apt update
-apt install bkctld
-~~~
+## Testing
 
-### Chroot dependency
-
-Chroot jail use part of this package
-
-~~~
-apt install bash coreutils sed dash mount rsync openssh-server openssh-sftp-server libc6-i386 libc6
-~~~
-
-#### Install cron for incremental backup
-
-Edit root crontab
-
-~~~
-crontab -e
-~~~
-
-Add this ligne
-
-~~~
-30 10 * * * /usr/sbin/bkctld inc && /usr/sbin/bkctld rm
-~~~ 
-
-> **Notes :**
-> If you want mutiples backups in a day (1 by hour maximum) you can run `bkctld inc` multiples times
-> If you want keep incremental backup **for ever**, you just need don't run `bkctld rm`
-
-## Test
-
-You can deploy tests environmments with Vagrant :
+You can deploy test environments with Vagrant :
 
 ~~~
 vagrant up
@@ -77,7 +47,8 @@ vagrant up
 
 ### Deployment
 
-Launch rsync-auto in a terminal for automatic synchronisation of your local code with Vagrant VM :
+Launch rsync-auto in a terminal for automatic synchronization of
+your local code with Vagrant VM :
 
 ~~~
 vagrant rsync-auto
@@ -85,7 +56,8 @@ vagrant rsync-auto
 
 ### Bats
 
-You can run [bats](https://github.com/sstephenson/bats) test with *test* provisionner :
+You can run [bats](https://github.com/sstephenson/bats) tests with
+the *test* provision :
 
 ~~~
 vagrant provision --provision-with test
@@ -95,21 +67,31 @@ vagrant provision --provision-with test
 
 See [docs/usage.md](docs/usage.md).
 
-Man page, in roff language, can be generated with pandoc :
+The man(1) page, in troff(7) language, can be generated with pandoc:
 
 ~~~
-pandoc -f markdown -t man usage.md --template default.man -V title=bkctld -V section=8 -V date="$(date '+%d %b %Y')" -V footer="$(git describe --tags)" -V header="bkctld man page"
+pandoc -f markdown \
+	-t man usage.md \
+	--template default.man \
+	-V title=bkctld \
+	-V section=8 \
+	-V date="$(date '+%d %b %Y')" \
+	-V footer="$(git describe --tags)" \
+	-V header="bkctld man page"
 ~~~
 
 #### Client configuration
 
-You can save various systems on evobackup jail :  Linux, BSD, Windows, MacOSX. Only prequisites is rsync command.
+You can save various systems in the evobackup jails :  Linux, BSD,
+Windows, MacOSX. The only prerequisite is the rsync command.
 
 ~~~
 rsync -av -e "ssh -p SSH_PORT" /home/ root@SERVER_NAME:/var/backup/home/
 ~~~
 
-An example script is present in zzz_evobackup, clone evobackup repo and read **CLIENT CONFIGURATION** section of the manual.
+An example synchronization script is present in `zzz_evobackup`,
+clone the evobackup repository and read the **CLIENT CONFIGURATION**
+section of the manual.
 
 ~~~
 git clone https://forge.evolix.org/evobackup.git
diff --git a/bkctld.conf b/bkctld.conf
index b876241..ddcb872 100644
--- a/bkctld.conf
+++ b/bkctld.conf
@@ -1,4 +1,5 @@
-# Defaults for bkctld command (evobackup)
+# bkctld.conf(5)
+# Defaults for bkctld(8) command (evobackup)
 # sourced by /usr/sbin/bkctld and /etc/init.d/bkctld
 
 #CONFDIR='/etc/evobackup'
@@ -10,5 +11,5 @@
 #SSHD_PID='/var/run/sshd.pid'
 #SSHD_CONFIG='/etc/ssh/sshd_config'
 #AUTHORIZED_KEYS='/root/.ssh/authorized_keys'
-#FIREWALL_RULES='/etc/firewall.rc.jails'
+#FIREWALL_RULES=''
 #LOGLEVEL=6
diff --git a/docs/debian.md b/docs/debian.md
index ddcc1b3..e99b0cf 100644
--- a/docs/debian.md
+++ b/docs/debian.md
@@ -1,6 +1,7 @@
 # Debian Package
 
-**bkctld** package can be build from the **debian** branch of this Git repository with git-buildpackage and sbuild.
+The **bkctld** package can be built from the **debian** branch of
+this git repository with git-buildpackage and sbuild.
 
 ## Dependencies
 
@@ -37,7 +38,7 @@ sbuild-createchroot --include=eatmydata,ccache,gnupg unstable /srv/chroot/sid ht
 
 ## Build
 
-You must be in **debian** branch :
+You must be in the **debian** branch :
 
 ~~~
 git checkout debian
diff --git a/docs/install.md b/docs/install.md
new file mode 100644
index 0000000..22d3aed
--- /dev/null
+++ b/docs/install.md
@@ -0,0 +1,47 @@
+# Install
+
+A Debian package is available in the Evolix repository
+
+~~~
+echo "http://pub.evolix.net/jessie/" >> /etc/apt/sources.list
+apt update
+apt install bkctld
+~~~
+
+Then edit `/etc//bkctld`
+
+## Chroot dependencies
+
+The chroot jails depend on these packages
+
+~~~
+apt install \
+	bash \
+	coreutils \
+	sed \
+	dash \
+	mount \
+	rsync \
+	openssh-server \
+	openssh-sftp-server \
+	libc6-i386 \
+	libc6
+~~~
+
+## Client dependencies
+
+The clients only require OpenSSH and rsync.
+
+### Cron job for incremental backups
+
+Edit the root crontab
+
+~~~
+# crontab -e
++ 30 10 * * * /usr/sbin/bkctld inc && /usr/sbin/bkctld rm
+~~~
+
+## Notes
+If you want mutiples backups in a day (1 by hour maximum) you can
+run `bkctld inc` multiples times, if you want to keep incremental
+backups **for ever**, just don't run `bkctld rm`.
\ No newline at end of file

From 15819ca867155e1a3eeb8b07277c4435ac5b9c63 Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Wed, 2 Jan 2019 13:40:33 -0500
Subject: [PATCH 03/52] Split docs/usage.md into 3 files.

One for incremental configuration, one for bkctld.conf, and one for usage.
---
 docs/configuration.md |  20 ++++++
 docs/incrementals.md  |  63 +++++++++++++++++
 docs/usage.md         | 156 ++++++++++++------------------------------
 3 files changed, 126 insertions(+), 113 deletions(-)
 create mode 100644 docs/configuration.md
 create mode 100644 docs/incrementals.md

diff --git a/docs/configuration.md b/docs/configuration.md
new file mode 100644
index 0000000..8045a6c
--- /dev/null
+++ b/docs/configuration.md
@@ -0,0 +1,20 @@
+# CONFIGURATION VARS
+
+bkctld configuration has to be set in /etc/default/bkctld file.
+
+## REQUIREDS VARS
+
+Default required vars are defined in bkctld script. Alter them to override default values.
+
+* CONFDIR (default: /etc/evobackup) : Dir where incremental backup is configured. See INCS CONFIGURATION section for details.
+* JAILDIR (default : /backup/jails) : Dir for jail's root dir. BTRFS recommended.
+* INCDIR (default : /backups/incs) : Dir where incremental backup is stored. BTRFS recommended.
+* TPLDIR (default : /usr/share/bkctld) : Dir where jail template file is stored.
+* LOCALTPLDIR (default : /usr/local/share/bkctld) : Dir for surcharge jail templates.
+* LOGLEVEL (default : 6) : Define loglevel, based on syslog severity level.
+
+## OPTIONALS VARS
+
+Optionnals vars are no default value. No set them desactivate correspondant fonctionnality.
+
+* FIREWALL_RULES (default: no firewall auto configuration) : Configuration file were firewall was configured to allow jail access. This file must be sourced by your firewall configuration tool.
diff --git a/docs/incrementals.md b/docs/incrementals.md
new file mode 100644
index 0000000..9cd3c9d
--- /dev/null
+++ b/docs/incrementals.md
@@ -0,0 +1,63 @@
+# INCS CONFIGURATION
+
+Located by default in /etc/evobackup/, each incl.tpl file is named
+after the EvoBackup for which the rules it contains must apply.
+
+The rules it defines decide which incremental backups are kept when
+running `bkctl rm`
+
+Each line defines a single rule.  The first part of the rule describes
+when the backup was taken, the second part decides how long to keep
+it.  Lines beginning with the # character are comments and are
+ignored.  The order of the rules does not matter.
+
+Evobackups that do not have their nominal incl.tpl file use the
+default rules defined in /usr/share/bkctld/inc.tpl
+
+Keep today's backup:
+
+```
++%Y-%m-%d.-0day
+```
+
+Keep yesterday's backup:
+
+```
++%Y-%m-%d.-1day
+```
+
+Keep the first day of this month:
+
+```
++%Y-%m-01.-0month
+```
+
+Keep the first day of last month:
+
+```
++%Y-%m-01.-1month
+```
+
+Keep backups for every 15 days:
+
+```
++%Y-%m-01.-1month
++%Y-%m-15.-1month
+```
+
+Keep a backup of the first day of january:
+
+```
++%Y-01-01.-1month
+```
+
+Keep backups of the last 4 days and the first day of the last 2 months:
+
+```
++%Y-%m-%d.-0day
++%Y-%m-%d.-1day
++%Y-%m-%d.-2day
++%Y-%m-%d.-3day
++%Y-%m-01.-0month
++%Y-%m-01.-1month
+```
\ No newline at end of file
diff --git a/docs/usage.md b/docs/usage.md
index 0c67284..f67ca1d 100644
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -10,13 +10,18 @@ bkctld <command> [<args>]
 
 # DESCRIPTION
 
-bkctld is a shell script used to set up and manage a backup server able to receive data from many servers (clients).
+bkctld is a shell script that creates and manages a backup server
+which can handle the backups of many other servers (clients).
+It uses OPENSSH and chroot's to sandbox every client's backups.
+Each client will upload it's data every day using rsync in it's chroot
+(using the root account).
 
-The aim is to run a SSH chroot environment (called "jails" in the FreeBSD world) for every single client. The client will then be able to send data over SSH using rsync in his own chroot environment (using root account).
+Prior backups are stored incrementally outside of the chroot
+using hard links or BTRFS snapshots (So they can not be affected
+by the client). Which backups are kept over time can be configured in the jail's nominal [incl.tpl](incrementals.md) configuration file. A large enough volume must be mounted on `/backup`, if the filesystem is formatted 
+with BTRFS, bkctld will use sub-volumes and snapshots to save space.
 
-Incrementals are stored outside the chroot using hard links or btrfs snapshots (thus incrementals are not accessible by clients). This method has the advantage to keep incrementals securely isolated using low space on device.
-
-A suitable volume size must be mounted on /backup (usage of **btrfs** is preferable, providing subvolume and snapshot fonctionnality). For security reason, you can use an encrypted volume (e.g. **luks**)
+It's default settings can be overridden in the [configuration file](configuration.md).
 
 # BKCTLD COMMANDS
 
@@ -107,125 +112,50 @@ Remove old inc of an evobackup jail :
 bkctld rm
 ~~~
 
-# CONFIGURATION VARS
-
-bkctld configuration has to be set in /etc/default/bkctld file.
-
-## REQUIREDS VARS
-
-Default required vars are defined in bkctld script. Alter them to override default values.
-
-* CONFDIR (default: /etc/evobackup) : Dir where incremental backup is configured. See INCS CONFIGURATION section for details.
-* JAILDIR (default : /backup/jails) : Dir for jail's root dir. BTRFS recommended.
-* INCDIR (default : /backups/incs) : Dir where incremental backup is stored. BTRFS recommended.
-* TPLDIR (default : /usr/share/bkctld) : Dir where jail template file is stored.
-* LOCALTPLDIR (default : /usr/local/share/bkctld) : Dir for surcharge jail templates.
-* LOGLEVEL (default : 6) : Define loglevel, based on syslog severity level.
-
-## OPTIONALS VARS
-
-Optionnals vars are no default value. No set them desactivate correspondant fonctionnality.
-
-* FIREWALL_RULES (default: no firewall auto configuration) : Configuration file were firewall was configured to allow jail access. This file must be sourced by your firewall configuration tool.
-
-# INCS CONFIGURATION
-
-Incremental backups was configured in $CONFDIR/<jailname>. Some example of syntax. 
-
-Keep the incrememtal backup of today :
-
-~~~
-+%Y-%m-%d.-0day
-~~~
-
-Keep the incremental backup of yesterday :
-
-~~~
-+%Y-%m-%d.-1day
-~~~
-
-Keep the incremental backup of the first day of this month :
-
-~~~
-+%Y-%m-01.-0month
-~~~
-
-Keep the incremental backup of the first day of last month :
-
-~~~
-+%Y-%m-01.-1month
-~~~
-
-Keep the incremental backup of every 15 days :
-
-~~~
-+%Y-%m-01.-1month
-+%Y-%m-15.-1month
-~~~
-
-Keep the incremental backup of the first january :
-
-~~~
-+%Y-01-01.-1month
-~~~
-
-Default value : keep incremental of last 4 days and last 2 months. Change default in $LOCALTPLDIR/inc.tpl :
-
-~~~
-+%Y-%m-%d.-0day
-+%Y-%m-%d.-1day
-+%Y-%m-%d.-2day
-+%Y-%m-%d.-3day
-+%Y-%m-01.-0month
-+%Y-%m-01.-1month
-~~~
-
 # CLIENT CONFIGURATION
+Before creating a jail and backing up a client,
+the backup server administrator will need:
 
-You can save various systems on evobackup jail :  Linux, BSD, Windows, MacOSX. Only prequisites is rsync command.
+* The host name of the client system.
+* The public RSA OpenSSH key for the root user of the client system,
+it is recommended the private key be password-less if automation is desired.
+* The IPv4 address of the client system is needed
+if the administrator wishes to maintain a whitelist,
+see the FIREWALL_RULES variable in [bkctld.conf](configuration.md)
 
-~~~
-rsync -av -e "ssh -p SSH_PORT" /home/ root@SERVER_NAME:/var/backup/home/
-~~~
+He can then create the jail:
 
-You  can  simply create a shell script which use rsync for backup your's servers. An example script is available in zzz_evobackup for quickstart.
+```
+# bkctld init CLIENT_HOST_NAME
+# bkctld key CLIENT_HOST_NAME /root/CLIENT_HOST_NAME.pub
+# bkctld ip CLIENT_HOST_NAME CLIENT_IP_ADDRESS
+# bkctld start CLIENT_HOST_NAME
+# bkctld status CLIENT_HOST_NAME
+```
 
-This documentation explain how to use this example script.
+And override the default [incremental](incrementals.md) rules
 
-Install example script in crontab :
+```
+# $EDITOR /etc/evobackup/CLIENT_HOST_NAME
+```
 
-~~~
-# For Linux
-install -v -m700 zzz_evobackup /etc/cron.daily/
+To sync itself, the client server will need to install rsync.
+It can then be run manually:
 
-# For FreeBSD
-install -v -m700 zzz_evobackup /etc/periodic/daily/
-~~~
+```
+# rsync -av -e "ssh -p JAIL_PORT" /home/ root@BACKUP_SERVER:/var/backup/home/
+```
 
-Generate an SSH key for root account with no passphrase :
+If a more automated setup is required,
+a script can be written in any programming language. In this case,
+it may be useful to validate the backup server's identity before hand.
 
-~~~
-ssh-keygen
-~~~
+```
+# ssh -p JAIL_PORT BACKUP_SERVER
+```
 
-Sent /root/.ssh/id_rsa.pub to backup server administrator or read BKCTLD COMMANDS section.
-
-Edit zzz_evobackup script and update this variables :
-
-* SSH_PORT : Port of corespondant evobackup jail.
-* MAIL : Email address for notification.
-* NODE : Use for alternate between mutiple backup servers. Default value permit to save on node0 on pair day and on node1 on impair day.
-* SRV : Adress of your backup serveur.
-
-Uncomment service dump, ex Mysql / LDAP / PostgreQL / ...
-
-Itiniate SSH connection and validate fingerprint :
-
-~~~
-ssh -p SSH_PORT SERVER_NAME
-~~~
-
-Your daily evobackup is in place !
+A bash example to be run under the root user's crontab
+can be found in the  [source repository](https://gitea.evolix.org/evolix/evobackup/src/branch/master/zzz_evobackup)
 
 # SEE ALSO
 

From eda30a013c6de871b08429a15278537a45685f97 Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Wed, 2 Jan 2019 13:45:21 -0500
Subject: [PATCH 04/52] Switch documentation to mdoc(7)

Markdown is not a suitable language for technical documentation.
---
 bkctld.8              | 179 ++++++++++++++++++++++++++++++
 bkctld.conf.5         |  67 ++++++++++++
 docs/configuration.md |  92 +++++++++++++---
 docs/incrementals.md  |  93 +++++++++-------
 docs/usage.md         | 249 +++++++++++++++++++++++++-----------------
 evobackup-incl.5      |  79 ++++++++++++++
 6 files changed, 606 insertions(+), 153 deletions(-)
 create mode 100644 bkctld.8
 create mode 100644 bkctld.conf.5
 create mode 100644 evobackup-incl.5

diff --git a/bkctld.8 b/bkctld.8
new file mode 100644
index 0000000..ae8d2f6
--- /dev/null
+++ b/bkctld.8
@@ -0,0 +1,179 @@
+.Dd December 27, 2018
+.Dt BKCTLD 8
+.Os
+.Sh NAME
+.Nm bkctld
+.Nd tool to manage evobackup jails
+.Sh SYNOPSIS
+.Nm
+.Op Ar operand...
+.Sh DESCRIPTION
+.Nm
+is a shell script that creates and manages a backup server
+which can handle the backups of many other servers (clients).
+.Pp
+It uses
+.Xr ssh 1
+and
+.Xr chroot 8
+to sandbox every client's backups.
+Each client will upload it's data every day
+using
+.Xr rsync 1
+in it's
+.Xr chroot 8
+(using the root account).
+.Pp
+Prior backups are stored incrementally outside of the
+.Xr chroot 8
+using
+.Xr ln 1
+hard links or BTRFS snapshots. 
+(So they can not be affected by the client), 
+which backups are kept over time can be configured in the jail's nominal
+.Xr evobackup-incl 5
+configuration file.
+.Pp
+A large enough volume must be mounted on
+.Pa /backup ,
+if the filesystem is formatted with BTRFS,
+.Nm
+will use sub-volumes and snapshots to save space.
+.Pp
+It's default settings can be overridden in
+.Xr bkctld.conf 5
+file.
+.Pp
+The following operands are available:
+.Bl -tag -width Ds
+.It Cm init Ar jailname
+Create an evobackup jail
+.It Cm update Cm all | Ar jailname
+Update an evobackup jail
+.It Cm remove Cm all | Ar jailname
+Remove an evobackup jail
+.It Cm start Cm all | Ar jailname
+Start an evobackup jail
+.It Cm stop Cm all | Ar jailname
+Stop an evobackup jail
+.It Cm reload Cm all | Ar jailname
+Reload an evobackup jail
+.It Cm restart Cm all | Ar jailname
+Restart an evobackup jail
+.It Cm sync Cm all | Ar jailname
+Sync an evobackup jail, the mirror server is defined by the
+.Ev $NODE
+variable in
+.Pa /etc/default/bkctld
+.It Cm status Op Ar jailname
+Print the status of all jails or only
+.Op Ar jailname .
+.It Cm key Ar jailname Op Ar keyfile
+Print or set the
+.Xr ssh 1
+public key of an evobackup jail
+.It Cm port Ar jailname Op Cm auto | Ar port
+Print or set the
+.Xr ssh 1
+.Op Ar port
+of an evobackup jail.
+Using
+.Op Cm auto
+will set it to the next available port.
+.It Cm ip Ar jailname Op Cm all | Ar address
+Print or set the whitelisted IP
+.Op Ar address
+for an evobackup jail.
+.Op Cm all
+allows unrestricted access and is the default.
+.It Cm inc
+Generate incremental backups
+.It Cm rm
+Remove old incremental backups
+.El
+.Sh FILES
+.Bl -tag -width Ds
+.It Pa /usr/share/bkctld/bkctld.conf
+Template for
+.Xr bkctld.conf 5
+.It Pa /usr/share/bkctld/incl.tpl
+Default rules for the incremental backups are stored here.
+.El
+.Sh EXAMPLES
+Before creating a jail and backing up a client,
+the backup server administrator will need:
+.Bl -bullet
+.It
+The host name of the client system.
+.It
+The public RSA
+.Xr ssh 1
+key for the
+.Dq root
+user of the client system,
+it is recommended the private key be password-less if automation is desired.
+.It
+The IPv4 address of the client system is needed
+if the administrator wishes to maintain a whitelist,
+see
+.Va FIREWALL_RULES
+in
+.Xr bkctld.conf 5
+.El
+.Pp
+He can then create the jail:
+.Bd -literal -offset indent
+# bkctld init CLIENT_HOST_NAME
+# bkctld key CLIENT_HOST_NAME /root/CLIENT_HOST_NAME.pub
+# bkctld ip CLIENT_HOST_NAME CLIENT_IP_ADDRESS
+# bkctld start CLIENT_HOST_NAME
+# bkctld status CLIENT_HOST_NAME
+.Ed
+.Pp
+And override the default
+.Xr evobackup-incl 5
+rules
+.Bd -literal -offset indent
+# $EDITOR /etc/evobackup/CLIENT_HOST_NAME
+.Ed
+.Pp
+To sync itself,
+the client server will need to install
+.Xr rsync 1 .
+It can then be run manually:
+.Bd -literal -offset indent
+# rsync -av -e "ssh -p JAIL_PORT" /home/ root@BACKUP_SERVER:/var/backup/home/
+.Ed
+.Pp
+If a more automated setup is required,
+a script can be written in any programming language.
+In this case,
+it may be useful to validate the backup server's identity before hand.
+.Bd -literal -offset indent
+# ssh -p JAIL_PORT BACKUP_SERVER
+.Ed
+.Pp
+A
+.Xr bash 1
+example to be run under the
+.Dq root
+user's
+.Xr crontab 5
+can be found in the
+.Lk https://gitea.evolix.org/evolix/evobackup/src/branch/master/zzz_evobackup "source repository"
+.\" .Sh EXIT STATUS
+.\" For sections 1, 6, and 8 only.
+.\" .Sh DIAGNOSTICS
+.\" For sections 1, 4, 6, 7, 8, and 9 printf/stderr messages only.
+.Sh SEE ALSO
+.Xr rsync 1 ,
+.Xr ssh-keygen 1 ,
+.Xr bkctld 5 ,
+.Xr evobackup-incl 5 ,
+.Xr chroot 8 ,
+.Xr cron 8 ,
+.Xr sshd 8
+.Sh AUTHORS
+.An Victor Laborie
+.\" .Sh CAVEATS
+.\" .Sh BUGS
\ No newline at end of file
diff --git a/bkctld.conf.5 b/bkctld.conf.5
new file mode 100644
index 0000000..f281354
--- /dev/null
+++ b/bkctld.conf.5
@@ -0,0 +1,67 @@
+.Dd December 28, 2018
+.Dt BKCTLD.CONF 5
+.Os
+.Sh NAME
+.Nm bkctld.conf
+.Nd configuration file for
+.Xr bkctld 8
+.Sh SYNOPSIS
+.D1 name=[value]
+.Sh DESCRIPTION
+The
+.Nm
+file contains variables that override the behavior of the
+.Xr bkctld 8
+script.
+By default, it is located at
+.Pa /usr/share/bkctld/bkctld.conf .
+.Pp
+Each line must be a valid
+.Xr bash 1
+variable definition.
+Lines beginning with the
+.Sq #
+character are comments and are ignored.
+The order of the definitions does not matter.
+.Pp
+The following variables may be defined:
+.Bl -tag -width Ds
+.It Va CONFDIR
+Directory where
+.Xr evobackup-incl 5
+files are kept.
+It's default value is
+.Pa /etc/evobackup/ .
+.It Va JAILDIR
+Directory where the jails are stored,
+it is recommended that this be inside a BTRFS file system.
+It's default value is
+.Pa /backup/jails/ .
+.It Va INCDIR
+Directory where incremental backups are stored,
+it is recommended that this be inside a BTRFS file system.
+It's default value is
+.Pa /backup/incs/ .
+.It Va TPLDIR
+Directory where the default configuration files are stored.
+It's default value is
+.Pa /usr/share/bkctld/ .
+.It Va LOCALTPLDIR
+Directory where custom configuration files are stored.
+It's default is
+.Pa /usr/local/share/bkctld/ .
+.It Va LOGLEVEL
+Defines the amount of information to log, follows the same scale as in
+.In syslog.h
+and defaults to 6.
+.It Va FIREWALL_RULES
+Configuration file containing the firewall rules that govern jail access.
+This file must be sourced by your firewall.
+It does not have a default value and, if unset,
+.Xr bkctld 8
+will not automatically update the firewall.
+.El
+.Sh SEE ALSO
+.Xr bash 1 ,
+.Xr evobackup-incl 5 ,
+.Xr bkctld 8
diff --git a/docs/configuration.md b/docs/configuration.md
index 8045a6c..310bdb9 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -1,20 +1,86 @@
-# CONFIGURATION VARS
+BKCTLD.CONF(5) - File Formats Manual
 
-bkctld configuration has to be set in /etc/default/bkctld file.
+# NAME
 
-## REQUIREDS VARS
+**bkctld.conf** - configuration file for
+bkctld(8)
 
-Default required vars are defined in bkctld script. Alter them to override default values.
+# SYNOPSIS
 
-* CONFDIR (default: /etc/evobackup) : Dir where incremental backup is configured. See INCS CONFIGURATION section for details.
-* JAILDIR (default : /backup/jails) : Dir for jail's root dir. BTRFS recommended.
-* INCDIR (default : /backups/incs) : Dir where incremental backup is stored. BTRFS recommended.
-* TPLDIR (default : /usr/share/bkctld) : Dir where jail template file is stored.
-* LOCALTPLDIR (default : /usr/local/share/bkctld) : Dir for surcharge jail templates.
-* LOGLEVEL (default : 6) : Define loglevel, based on syslog severity level.
+> name=\[value]
 
-## OPTIONALS VARS
+# DESCRIPTION
 
-Optionnals vars are no default value. No set them desactivate correspondant fonctionnality.
+The
+**bkctld.conf**
+file contains variables that override the behavior of the
+bkctld(8)
+script.
+By default, it is located at
+*/usr/share/bkctld/bkctld.conf*.
 
-* FIREWALL_RULES (default: no firewall auto configuration) : Configuration file were firewall was configured to allow jail access. This file must be sourced by your firewall configuration tool.
+Each line must be a valid
+bash(1)
+variable definition.
+Lines beginning with the
+'#'
+character are comments and are ignored.
+The order of the definitions does not matter.
+
+The following variables may be defined:
+
+*CONFDIR*
+
+> Directory where
+> evobackup-incl(5)
+> files are kept.
+> It's default value is
+> */etc/evobackup/*.
+
+*JAILDIR*
+
+> Directory where the jails are stored,
+> it is recommended that this be inside a BTRFS file system.
+> It's default value is
+> */backup/jails/*.
+
+*INCDIR*
+
+> Directory where incremental backups are stored,
+> it is recommended that this be inside a BTRFS file system.
+> It's default value is
+> */backup/incs/*.
+
+*TPLDIR*
+
+> Directory where the default configuration files are stored.
+> It's default value is
+> */usr/share/bkctld/*.
+
+*LOCALTPLDIR*
+
+> Directory where custom configuration files are stored.
+> It's default is
+> */usr/local/share/bkctld/*.
+
+*LOGLEVEL*
+
+> Defines the amount of information to log, follows the same scale as in
+> &lt;*syslog.h*>
+> and defaults to 6.
+
+*FIREWALL\_RULES*
+
+> Configuration file containing the firewall rules that govern jail access.
+> This file must be sourced by your firewall.
+> It does not have a default value and, if unset,
+> bkctld(8)
+> will not automatically update the firewall.
+
+# SEE ALSO
+
+bash(1),
+evobackup-incl(5),
+bkctld(8)
+
+OpenBSD 6.4 - December 28, 2018
diff --git a/docs/incrementals.md b/docs/incrementals.md
index 9cd3c9d..046fc7d 100644
--- a/docs/incrementals.md
+++ b/docs/incrementals.md
@@ -1,63 +1,80 @@
-# INCS CONFIGURATION
+EVOBACKUP-INCL(5) - File Formats Manual
 
-Located by default in /etc/evobackup/, each incl.tpl file is named
-after the EvoBackup for which the rules it contains must apply.
+# NAME
 
-The rules it defines decide which incremental backups are kept when
-running `bkctl rm`
+**evobackup-incl** - incremental backup configuration
 
-Each line defines a single rule.  The first part of the rule describes
-when the backup was taken, the second part decides how long to keep
-it.  Lines beginning with the # character are comments and are
-ignored.  The order of the rules does not matter.
+# SYNOPSIS
 
-Evobackups that do not have their nominal incl.tpl file use the
-default rules defined in /usr/share/bkctld/inc.tpl
+> \+%Y-%m-%d.-%day
+
+# DESCRIPTION
+
+Located by default in
+*/etc/evobackup/*,
+each
+**evobackup-incl**
+file is named after the
+bkctld(8)
+backup for which the rules it contains must apply.
+
+The rules it defines decide which incremental backups are kept when running
+
+	# bkctld rm
+
+Each line defines a single rule.
+The first part of the rule describes when the backup was taken,
+the second part decides how long to keep it.
+Lines beginning with the
+'#'
+character are comments and are ignored.
+The order of the rules does not matter.
+
+Evobackups that do not have their nominal
+**evobackup-incl**
+file use the default rules defined in
+*/usr/share/bkctld/inc.tpl*
+
+# EXAMPLES
 
 Keep today's backup:
 
-```
-+%Y-%m-%d.-0day
-```
+	+%Y-%m-%d.-0day
 
 Keep yesterday's backup:
 
-```
-+%Y-%m-%d.-1day
-```
+	+%Y-%m-%d.-1day
 
 Keep the first day of this month:
 
-```
-+%Y-%m-01.-0month
-```
+	+%Y-%m-01.-0month
 
 Keep the first day of last month:
 
-```
-+%Y-%m-01.-1month
-```
+	+%Y-%m-01.-1month
 
 Keep backups for every 15 days:
 
-```
-+%Y-%m-01.-1month
-+%Y-%m-15.-1month
-```
+	+%Y-%m-01.-1month
+	+%Y-%m-15.-1month
 
 Keep a backup of the first day of january:
 
-```
-+%Y-01-01.-1month
-```
+	+%Y-01-01.-1month
 
 Keep backups of the last 4 days and the first day of the last 2 months:
 
-```
-+%Y-%m-%d.-0day
-+%Y-%m-%d.-1day
-+%Y-%m-%d.-2day
-+%Y-%m-%d.-3day
-+%Y-%m-01.-0month
-+%Y-%m-01.-1month
-```
\ No newline at end of file
+	+%Y-%m-%d.-0day
+	+%Y-%m-%d.-1day
+	+%Y-%m-%d.-2day
+	+%Y-%m-%d.-3day
+	+%Y-%m-01.-0month
+	+%Y-%m-01.-1month
+
+# SEE ALSO
+
+bkctld(8),
+cron(8),
+*/etc/evobackup/tpl/inc.tpl*
+
+OpenBSD 6.4 - December 28, 2018
diff --git a/docs/usage.md b/docs/usage.md
index f67ca1d..bb22e64 100644
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -1,162 +1,207 @@
+BKCTLD(8) - System Manager's Manual
+
 # NAME
 
-bkctld - tool to manage evobackup jail
+**bkctld** - tool to manage evobackup jails
 
 # SYNOPSIS
 
-~~~
-bkctld <command> [<args>]
-~~~
+**bkctld**
+\[*operand...*]
 
 # DESCRIPTION
 
-bkctld is a shell script that creates and manages a backup server
+**bkctld**
+is a shell script that creates and manages a backup server
 which can handle the backups of many other servers (clients).
-It uses OPENSSH and chroot's to sandbox every client's backups.
-Each client will upload it's data every day using rsync in it's chroot
+
+It uses
+ssh(1)
+and
+chroot(8)
+to sandbox every client's backups.
+Each client will upload it's data every day
+using
+rsync(1)
+in it's
+chroot(8)
 (using the root account).
 
-Prior backups are stored incrementally outside of the chroot
-using hard links or BTRFS snapshots (So they can not be affected
-by the client). Which backups are kept over time can be configured in the jail's nominal [incl.tpl](incrementals.md) configuration file. A large enough volume must be mounted on `/backup`, if the filesystem is formatted 
-with BTRFS, bkctld will use sub-volumes and snapshots to save space.
+Prior backups are stored incrementally outside of the
+chroot(8)
+using
+ln(1)
+hard links or BTRFS snapshots.
+(So they can not be affected by the client),
+which backups are kept over time can be configured in the jail's nominal
+evobackup-incl(5)
+configuration file.
 
-It's default settings can be overridden in the [configuration file](configuration.md).
+A large enough volume must be mounted on
+*/backup*,
+if the filesystem is formatted with BTRFS,
+**bkctld**
+will use sub-volumes and snapshots to save space.
 
-# BKCTLD COMMANDS
+It's default settings can be overridden in
+bkctld.conf(5)
+file.
 
-Create an evobackup jail :
+The following operands are available:
 
-~~~
-bkctld init <jailname>
-~~~
+**init** *jailname*
 
-Update an evobackup jail or all :
+> Create an evobackup jail
 
-~~~
-bkctld update <jailname>|all
-~~~
+**update** **all** | *jailname*
 
-Remove an evobackup jail or all :
+> Update an evobackup jail
 
-~~~
-bkctld remove <jailname>|all
-~~~
+**remove** **all** | *jailname*
 
-Start an evobackup jail or all :
+> Remove an evobackup jail
 
-~~~
-bkctld start <jailname>|all
-~~~
+**start** **all** | *jailname*
 
-Stop an evobackup jail or all :
+> Start an evobackup jail
 
-~~~
-bkctld stop <jailname>|all
-~~~
+**stop** **all** | *jailname*
 
-Reload an evobackup jail or all :
+> Stop an evobackup jail
 
-~~~
-bkctld reload <jailname>|all
-~~~
-        
-Restart an evobackup jail or all :
+**reload** **all** | *jailname*
 
-~~~
-bkctld restart <jailname>|all
-~~~
+> Reload an evobackup jail
 
-Sync an evobackup jail or all.
-Second server is defined by $NODE var in /etc/default/bkctld :
+**restart** **all** | *jailname*
 
-~~~
-bkctld sync <jailname>|all
-~~~
+> Restart an evobackup jail
 
-Print status of all evobackup jail or one jail :
+**sync** **all** | *jailname*
 
-~~~
-bkctld status [<jailname>]
-~~~
+> Sync an evobackup jail, the mirror server is defined by the
+> `$NODE`
+> variable in
+> */etc/default/bkctld*
 
-Print or set the SSH public key of an evobackup jail :
+**status** \[*jailname*]
 
-~~~
-bkctld key <jailname> [<keyfile>]
-~~~
+> Print the status of all jails or only
+> \[*jailname*].
 
-Print or set the SSH port of an evobackup jail.
-Auto to set next available port (last + 1) :
+**key** *jailname* \[*keyfile*]
 
-~~~
-bkctld port <jailname> [<ssh_port>|auto]
-~~~
+> Print or set the
+> ssh(1)
+> public key of an evobackup jail
 
-Print or set allowed IP of an evobackup jail.
-All for unrestricted access (default) :
+**port** *jailname* \[**auto** | *port*]
 
-~~~
-bkctld ip <jailname> [<ip>|all]
-~~~
+> Print or set the
+> ssh(1)
+> \[*port*]
+> of an evobackup jail.
+> Using
+> \[**auto**]
+> will set it to the next available port.
 
-Generate inc of an evobackup jail :
+**ip** *jailname* \[**all** | *address*]
 
-~~~
-bkctld inc
-~~~
+> Print or set the whitelisted IP
+> \[*address*]
+> for an evobackup jail.
+> \[**all**]
+> allows unrestricted access and is the default.
 
-Remove old inc of an evobackup jail :
+**inc**
 
-~~~
-bkctld rm
-~~~
+> Generate incremental backups
+
+**rm**
+
+> Remove old incremental backups
+
+# FILES
+
+*/usr/share/bkctld/bkctld.conf*
+
+> Template for
+> bkctld.conf(5)
+
+*/usr/share/bkctld/incl.tpl*
+
+> Default rules for the incremental backups are stored here.
+
+# EXAMPLES
 
-# CLIENT CONFIGURATION
 Before creating a jail and backing up a client,
 the backup server administrator will need:
 
-* The host name of the client system.
-* The public RSA OpenSSH key for the root user of the client system,
-it is recommended the private key be password-less if automation is desired.
-* The IPv4 address of the client system is needed
-if the administrator wishes to maintain a whitelist,
-see the FIREWALL_RULES variable in [bkctld.conf](configuration.md)
+*	The host name of the client system.
+
+*	The public RSA
+	ssh(1)
+	key for the
+	"root"
+	user of the client system,
+	it is recommended the private key be password-less if automation is desired.
+
+*	The IPv4 address of the client system is needed
+	if the administrator wishes to maintain a whitelist,
+	see
+	*FIREWALL\_RULES*
+	in
+	bkctld.conf(5)
 
 He can then create the jail:
 
-```
-# bkctld init CLIENT_HOST_NAME
-# bkctld key CLIENT_HOST_NAME /root/CLIENT_HOST_NAME.pub
-# bkctld ip CLIENT_HOST_NAME CLIENT_IP_ADDRESS
-# bkctld start CLIENT_HOST_NAME
-# bkctld status CLIENT_HOST_NAME
-```
+	# bkctld init CLIENT_HOST_NAME
+	# bkctld key CLIENT_HOST_NAME /root/CLIENT_HOST_NAME.pub
+	# bkctld ip CLIENT_HOST_NAME CLIENT_IP_ADDRESS
+	# bkctld start CLIENT_HOST_NAME
+	# bkctld status CLIENT_HOST_NAME
 
-And override the default [incremental](incrementals.md) rules
+And override the default
+evobackup-incl(5)
+rules
 
-```
-# $EDITOR /etc/evobackup/CLIENT_HOST_NAME
-```
+	# $EDITOR /etc/evobackup/CLIENT_HOST_NAME
 
-To sync itself, the client server will need to install rsync.
+To sync itself,
+the client server will need to install
+rsync(1).
 It can then be run manually:
 
-```
-# rsync -av -e "ssh -p JAIL_PORT" /home/ root@BACKUP_SERVER:/var/backup/home/
-```
+	# rsync -av -e "ssh -p JAIL_PORT" /home/ root@BACKUP_SERVER:/var/backup/home/
 
 If a more automated setup is required,
-a script can be written in any programming language. In this case,
+a script can be written in any programming language.
+In this case,
 it may be useful to validate the backup server's identity before hand.
 
-```
-# ssh -p JAIL_PORT BACKUP_SERVER
-```
+	# ssh -p JAIL_PORT BACKUP_SERVER
 
-A bash example to be run under the root user's crontab
-can be found in the  [source repository](https://gitea.evolix.org/evolix/evobackup/src/branch/master/zzz_evobackup)
+A
+bash(1)
+example to be run under the
+"root"
+user's
+crontab(5)
+can be found in the
+[source repository](https://gitea.evolix.org/evolix/evobackup/src/branch/master/zzz_evobackup)
 
 # SEE ALSO
 
-rsync(1), sshd(8), chroot(8).
+rsync(1),
+ssh-keygen(1),
+bkctld(5),
+evobackup-incl(5),
+chroot(8),
+cron(8),
+sshd(8)
+
+# AUTHORS
+
+Victor Laborie
+
+OpenBSD 6.4 - December 27, 2018
diff --git a/evobackup-incl.5 b/evobackup-incl.5
new file mode 100644
index 0000000..48f5453
--- /dev/null
+++ b/evobackup-incl.5
@@ -0,0 +1,79 @@
+.Dd December 28, 2018
+.Dt EVOBACKUP-INCL 5
+.Os
+.Sh NAME
+.Nm evobackup-incl
+.Nd incremental backup configuration
+.Sh SYNOPSIS
+.D1 +%Y-%m-%d.-%day
+.Sh DESCRIPTION
+Located by default in
+.Pa /etc/evobackup/ ,
+each
+.Nm
+file is named after the
+.Xr bkctld 8
+backup for which the rules it contains must apply.
+.Pp
+The rules it defines decide which incremental backups are kept when running
+.Bd -literal -offset indent
+# bkctld rm
+.Ed
+.Pp
+Each line defines a single rule.
+The first part of the rule describes when the backup was taken,
+the second part decides how long to keep it.
+Lines beginning with the
+.Sq #
+character are comments and are ignored.
+The order of the rules does not matter.
+.Pp
+Evobackups that do not have their nominal
+.Nm
+file use the default rules defined in
+.Pa /usr/share/bkctld/inc.tpl
+.Sh EXAMPLES
+Keep today's backup:
+.Bd -literal -offset indent
++%Y-%m-%d.-0day
+.Ed
+.Pp
+Keep yesterday's backup:
+.Bd -literal -offset indent
++%Y-%m-%d.-1day
+.Ed
+.Pp
+Keep the first day of this month:
+.Bd -literal -offset indent
++%Y-%m-01.-0month
+.Ed
+.Pp
+Keep the first day of last month:
+.Bd -literal -offset indent
++%Y-%m-01.-1month
+.Ed
+.Pp
+Keep backups for every 15 days:
+.Bd -literal -offset indent
++%Y-%m-01.-1month
++%Y-%m-15.-1month
+.Ed
+.Pp
+Keep a backup of the first day of january:
+.Bd -literal -offset indent
++%Y-01-01.-1month
+.Ed
+.Pp
+Keep backups of the last 4 days and the first day of the last 2 months:
+.Bd -literal -offset indent
++%Y-%m-%d.-0day
++%Y-%m-%d.-1day
++%Y-%m-%d.-2day
++%Y-%m-%d.-3day
++%Y-%m-01.-0month
++%Y-%m-01.-1month
+.Ed
+.Sh SEE ALSO
+.Xr bkctld 8 ,
+.Xr cron 8 ,
+.Pa /etc/evobackup/tpl/inc.tpl
\ No newline at end of file

From e062a05a4bd15a146ad94a728309c32bc075caa2 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Fri, 4 Jan 2019 13:51:05 +0100
Subject: [PATCH 05/52] Split bkctld into multiples scripts

---
 Vagrantfile        |   1 +
 bkctld             | 685 +++------------------------------------------
 lib/bkctld-check   |  67 +++++
 lib/bkctld-inc     |  23 ++
 lib/bkctld-init    |  29 ++
 lib/bkctld-ip      |   1 +
 lib/bkctld-key     |   1 +
 lib/bkctld-params  |  17 ++
 lib/bkctld-port    |   1 +
 lib/bkctld-reload  |  12 +
 lib/bkctld-remove  |  30 ++
 lib/bkctld-restart |  11 +
 lib/bkctld-rm      |  44 +++
 lib/bkctld-start   |  36 +++
 lib/bkctld-stats   |  23 ++
 lib/bkctld-status  |  17 ++
 lib/bkctld-stop    |  16 ++
 lib/bkctld-sync    |  21 ++
 lib/bkctld-update  |  11 +
 lib/config         |  23 ++
 lib/functions      | 133 +++++++++
 lib/logging        |  42 +++
 lib/mkjail         |  44 +++
 23 files changed, 648 insertions(+), 640 deletions(-)
 create mode 100755 lib/bkctld-check
 create mode 100755 lib/bkctld-inc
 create mode 100755 lib/bkctld-init
 create mode 120000 lib/bkctld-ip
 create mode 120000 lib/bkctld-key
 create mode 100755 lib/bkctld-params
 create mode 120000 lib/bkctld-port
 create mode 100755 lib/bkctld-reload
 create mode 100755 lib/bkctld-remove
 create mode 100755 lib/bkctld-restart
 create mode 100755 lib/bkctld-rm
 create mode 100755 lib/bkctld-start
 create mode 100755 lib/bkctld-stats
 create mode 100755 lib/bkctld-status
 create mode 100755 lib/bkctld-stop
 create mode 100755 lib/bkctld-sync
 create mode 100755 lib/bkctld-update
 create mode 100755 lib/config
 create mode 100755 lib/functions
 create mode 100755 lib/logging
 create mode 100755 lib/mkjail

diff --git a/Vagrantfile b/Vagrantfile
index 9fa28e9..66e0cd7 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -16,6 +16,7 @@ Vagrant.configure('2') do |config|
 
   $install = <<SCRIPT
 ln -fs /vagrant/bkctld /usr/sbin/bkctld
+ln -fs /vagrant/lib /usr/lib/bkctld
 ln -fs /vagrant/tpl /usr/share/bkctld
 ln -fs /vagrant/bash_completion /usr/share/bash-completion/completions/bkctld
 ln -fs /vagrant/bkctld.conf /etc/default/bkctld
diff --git a/bkctld b/bkctld
index 03a7a32..d1c01a7 100755
--- a/bkctld
+++ b/bkctld
@@ -10,652 +10,57 @@
 
 set -u
 
-usage(){
-    cat <<EOF
-Usage: $0 <subcommand> [options]
-Subcommands:
-    init        <jailname>                      Init jail <jailname>
-    update      <jailname>|all                  Update jail <jailname> or all
-    remove      <jailname>|all                  Remove jail <jailname> or all
-    start       <jailname>|all                  Start jail <jailname> or all
-    stop        <jailname>|all                  Stop jail <jailname> or all
-    reload      <jailname>|all                  Reload jail <jailname> or all
-    restart     <jailname>|all                  Restart jail <jailname> or all
-    sync        <jailname>|all                  Sync jail <jailname> or all to another node
-    status      [<jailname>]                    Print status of <jailname> (default all jail)
-    key         <jailname>      [<keyfile>]     Set or get ssh pubic key of <jailname>
-    port        <jailname>      [<port>|auto]   Set or get ssh port of <jailname>
-    ip          <jailname>      [<ip>|all]      Set or get allowed(s) ip(s) of <jailname>
-    inc                                         Make incremental inc of all jails
-    rm                                          Remove old incremtal inc of all jails
-    check                                       Run check on jails (NRPE output)
-    stats                                       Make and display stats on jails (size, lastconn)
+[ "$(id -u)" -ne 0 ] && error "You need to be root to run ${0} !"
 
-EOF
-}
+[ -d './lib' ] && LIBDIR='lib'
+[ -d '/usr/lib/bkctld' ] && LIBDIR='/usr/lib/bkctld'
+. "${LIBDIR}/config"
 
-## logging functions
+mkdir -p "${CONFDIR}" "${JAILDIR}" "${INCDIR}" "${INDEX_DIR}"
+subcommand="${1:-}"
+jail="${2:-}"
+option="${3:-}"
 
-debug() {
-    msg="${1:-$(cat /dev/stdin)}"
-    if [ "${LOGLEVEL}" -ge 7 ]; then
-        echo "${msg}"
-        logger -t bkctld -p daemon.debug "${msg}"
-    fi
-}
+[ -x "${LIBDIR}/bkctld-${subcommand}" ] || usage
 
-info() {
-    msg="${1:-$(cat /dev/stdin)}"
-    if [ "${LOGLEVEL}" -ge 6 ]; then
-        tty -s && echo "${msg}"
-        logger -t bkctld -p daemon.info "${msg}"
-    fi
-}
-
-notice() {
-    msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "${msg}"
-    [ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "${msg}"
-}
-
-warning() {
-    msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "WARNING : ${msg}" >&2
-    if [ "${LOGLEVEL}" -ge 4 ]; then
-        tty -s || echo "WARNING : ${msg}" >&2
-        logger -t bkctld -p daemon.warning "${msg}"
-    fi
-}
-
-error() {
-    msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "ERROR : ${msg}" >&2
-    if [ "${LOGLEVEL}" -ge 5 ]; then
-        tty -s || echo "ERROR : ${msg}" >&2
-        logger -t bkctld -p daemon.error "${msg}"
-    fi
-    exit 1
-}
-
-## check functions
-
-check_jail() {
-    jail="${1}"
-    [ -d "${JAILDIR}/${jail}" ] && return 0
-    return 1
-}
-
-check_jail_on() {
-    jail="${1}"
-    return=1
-    if [ -f "${JAILDIR}/${jail}/${SSHD_PID}" ]; then
-        pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
-        ps -p "${pid}" > /dev/null && return=0
-    fi
-    if [ "${return}" -eq 1 ]; then
-        rm -f "${JAILDIR}/${jail}/${SSHD_PID}"
-        grep -q "${JAILDIR}/${jail}/proc" /proc/mounts && umount --lazy "${JAILDIR}/${jail}/proc/"
-        grep -q "${JAILDIR}/${jail}/dev" /proc/mounts && umount --lazy --recursive "${JAILDIR}/${jail}/dev"
-    fi
-    return "${return}"
-}
-
-## get functions : get info on jail
-
-get_port() {
-    jail="${1}"
-    port=$(grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+")
-    echo "${port}"
-}
-
-get_key() {
-    jail="${1}"
-    if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
-        cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
-    fi
-}
-
-get_ip() {
-    jail="${1}"
-    grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
-        echo "${allow}"|cut -d'@' -f2
-    done
-}
-
-get_inc() {
-    jail="${1}"
-    inc="0"
-        if [ -f "${CONFDIR}/${jail}" ]; then
-            day=$(grep -c "day" "${CONFDIR}/${jail}")
-            month=$(grep -c "month" "${CONFDIR}/${jail}")
-            inc="${day}/${month}"
-        fi
-    echo "${inc}"
-}
-
-## set functions : set info on jail
-
-set_port() {
-    jail="${1}"
-    port="${2}"
-    if [ "${port}" = "auto" ]; then
-        port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1)
-        port=$((port+1))
-        [ "${port}" -le 1 ] && port=2222
-    fi
-    sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
-    set_firewall "${jail}"
-}
-
-set_key() {
-    jail="${1}"
-    keyfile="${2}"
-    [ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !"
-    cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
-    chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
-}
-
-set_ip() {
-    jail="${1}"
-    ip="${2}"
-    if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
-        ips="0.0.0.0/0"
+case "${subcommand}" in
+    "inc" | "rm" | "check" | "stats")
+        "${LIBDIR}/bkctld-${subcommand}"
+    ;;
+        "init")
+        "${LIBDIR}/bkctld-${subcommand}" "${jail}"
+    ;;
+    "key" | "port" | "ip")
+        "${LIBDIR}/bkctld-params" "${jail}" "${subcommand}" "${option}"
+    ;;
+    "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
+    if [ "${jail}" = "all" ]; then
+        jails=$(ls "${JAILDIR}")
+        for jail in ${jails}; do
+            case "${subcommand}" in
+                "start")
+                    check_jail_on "${jail}" || "${LIBDIR}/bkctld-${subcommand}" "${jail}"
+                ;;
+                "stop" | "reload" | "restart")
+                    check_jail_on "${jail}" && "${LIBDIR}/bkctld-${subcommand}" "${jail}"
+                ;;
+                *)
+                    "${LIBDIR}/bkctld-${subcommand}" "${jail}"
+                ;;
+            esac
+                done
     else
-        ips=$(get_ip "${jail}")
-        ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
+        "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     fi
-    allow="AllowUsers"
-    for ip in $ips; do
-        allow="${allow} root@${ip}"
-    done
-    sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
-    set_firewall "${jail}"
-}
-
-set_firewall() {
-    jail="${1}"
-    if [ -n "${FIREWALL_RULES}" ]; then
-        if [ -f "${FIREWALL_RULES}" ]; then
-            sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
-        fi
-        if ( check_jail "${jail}" ); then
-            port=$(get_port "${jail}")
-            for ip in $(get_ip "${jail}"); do
-                echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
-            done
-            if [ -f /etc/init.d/minifirewall ]; then
-                /etc/init.d/minifirewall restart >/dev/null
-            fi
-        fi
-    fi
-}
-
-## mk_jail function : create or update a jail
-
-mk_jail() {
-    jail="${1}"
-    passwd="${TPLDIR}/passwd"
-    shadow="${TPLDIR}/shadow"
-    group="${TPLDIR}/group"
-    sshrc="${TPLDIR}/sshrc"
-    [ -f "${LOCALTPLDIR}/passwd" ] && passwd="${LOCALTPLDIR}/passwd"
-    [ -f "${LOCALTPLDIR}/shadow" ] && shadow="${LOCALTPLDIR}/shadow"
-    [ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group"
-    [ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc"
-    umask 077
-
-    info "1 - Creating the chroot"
-    cd "${JAILDIR}/${jail}"
-    rm -rf bin lib lib64 run usr var/run etc/ssh/*key
-    mkdir -p dev proc
-    mkdir -p usr/bin usr/sbin usr/lib usr/lib/x86_64-linux-gnu usr/lib/openssh usr/lib64
-    mkdir -p etc/ssh var/log run/sshd
-    mkdir -p root/.ssh var/backup -m 0700
-    ln -s usr/bin bin
-    ln -s usr/lib lib
-    ln -s usr/lib64 lib64
-    ln -st var ../run
-    touch var/log/lastlog var/log/wtmp run/utmp
-
-    info "2 - Copying essential files"
-    [ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key etc/ssh
-    [ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key etc/ssh
-    [ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key etc/ssh
-    cp "${passwd}" etc
-    cp "${shadow}" etc
-    cp "${group}" etc
-    cp "${sshrc}" etc/ssh
-
-    info "3 - Copying binaries"
-    cp -f /lib/ld-linux.so.2 lib 2>/dev/null || cp -f /lib64/ld-linux-x86-64.so.2 lib64
-    cp /lib/x86_64-linux-gnu/libnss* lib/x86_64-linux-gnu
-
-    for dbin in /bin/sh /bin/ls /bin/mkdir /bin/cat /bin/rm /bin/sed /usr/bin/rsync /usr/bin/lastlog /usr/bin/touch /usr/sbin/sshd /usr/lib/openssh/sftp-server; do
-        cp -f "${dbin}" "${JAILDIR}/${jail}/${dbin}";
-        for lib in $(ldd "${dbin}" | grep -Eo "/.*so.[0-9\.]+"); do
-            cp -p "${lib}" "${JAILDIR}/${jail}/${lib}"
+    ;;
+    "status")
+    if [ -z "${jail}" ]; then
+        jails=$(ls "${JAILDIR}")
+        for jail in ${jails}; do
+            "${LIBDIR}/bkctld-${subcommand}" "${jail}"
         done
-    done
-}
-
-## sub functions : functions call by subcommand
-  
-sub_init() {
-    jail="${1}"
-    sshd_config="${TPLDIR}/sshd_config"
-    inctpl="${TPLDIR}/inc.tpl"
-    [ -f "${LOCALTPLDIR}/sshd_config" ] && sshd_config="${LOCALTPLDIR}/sshd_config"
-    [ -f "${LOCALTPLDIR}/inc.tpl" ] && inctpl="${LOCALTPLDIR}/inc.tpl"
-    check_jail "${jail}" && error "${jail} : trying to create existant jail"
-
-    rootdir=$(dirname "${JAILDIR}")
-    rootdir_inode=$(stat --format=%i "${rootdir}")
-    jaildir_inode=$(stat --format=%i "${JAILDIR}")
-    if [ "${rootdir_inode}" -eq 256 ] || [ "${jaildir_inode}" -eq 256 ]; then
-        /bin/btrfs subvolume create "${JAILDIR}/${jail}"
     else
-        mkdir -p "${JAILDIR}/${jail}"
+        "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     fi
-    mk_jail "${jail}"
-    info "4 - Copie default sshd_config"
-    install -m 0640 "${sshd_config}" "${JAILDIR}/${jail}/${SSHD_CONFIG}"
-    info "5 - Set usable sshd port"
-    set_port "${jail}" auto
-    info "6 - Copie default inc configuration"
-    install -m 0640 "${inctpl}" "${CONFDIR}/${jail}"
-    notice "${jail} : created jail"
-}
-
-sub_update() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : trying to update inexistant jail"
-    check_jail_on "${jail}" && sub_stop "${jail}"
-
-    mk_jail "${jail}"
-    notice "${jail} : updated jail"
-}
-
-sub_remove() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : trying to remove inexistant jail"
-
-    check_jail_on "${jail}" && sub_stop "${jail}"
-    
-    rm -f "${CONFDIR}/${jail}"
-    jail_inode=$(stat --format=%i "${JAILDIR}/${jail}")
-    if [ "${jail_inode}" -eq 256 ]; then
-        /bin/btrfs subvolume delete "${JAILDIR}/${jail}" | debug
-    else
-        rm -rf "${JAILDIR}/${jail}" | debug
-    fi
-    if [ -d  "${INCDIR}/${jail}" ]; then
-        incs=$(ls "${INCDIR}/${jail}")
-        for inc in ${incs}; do
-            inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${inc}")
-            if [ "${inc_inode}" -eq 256 ]; then
-                /bin/btrfs subvolume delete "${INCDIR}/${jail}/${inc}" | debug
-            else
-                warning "You need to purge ${INCDIR}/${jail}/${inc} manually !"
-            fi
-        done
-        rmdir --ignore-fail-on-non-empty "${INCDIR}/${jail}" | debug
-    fi
-    set_firewall "${jail}"
-    notice "${jail} : deleted jail"
-}
-
-sub_start() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : trying to start inexistant jail"
-    check_jail_on "${jail}" && error "${jail} : trying to start already running jail"
-
-    cd "${JAILDIR}/${jail}"
-    grep -q "${JAILDIR}/${jail}/proc" /proc/mounts || mount -t proc "proc-${jail}" proc
-    grep -q "${JAILDIR}/${jail}/dev" /proc/mounts || mount -nt tmpfs "dev-${jail}" dev
-    [ -e "dev/console" ] || mknod -m 622 dev/console c 5 1
-    [ -e "dev/null" ] || mknod -m 666 dev/null c 1 3
-    [ -e "dev/zero" ] || mknod -m 666 dev/zero c 1 5
-    [ -e "dev/ptmx" ] || mknod -m 666 dev/ptmx c 5 2
-    [ -e "dev/tty" ] || mknod -m 666 dev/tty c 5 0
-    [ -e "dev/random" ] || mknod -m 444 dev/random c 1 8
-    [ -e "dev/urandom" ] || mknod -m 444 dev/urandom c 1 9
-    chown root:tty dev/console dev/ptmx dev/tty
-    ln -fs proc/self/fd dev/fd
-    ln -fs proc/self/fd/0 dev/stdin
-    ln -fs proc/self/fd/1 dev/stdout
-    ln -fs proc/self/fd/2 dev/stderr
-    ln -fs proc/kcore dev/core
-    mkdir -p dev/pts
-    mkdir -p dev/shm
-    grep -q "${JAILDIR}/${jail}/dev/pts" /proc/mounts || mount -t devpts -o gid=4,mode=620 none dev/pts
-    grep -q "${JAILDIR}/${jail}/dev/shm" /proc/mounts || mount -t tmpfs none dev/shm
-    chroot "${JAILDIR}/${jail}" /usr/sbin/sshd -E /var/log/authlog || error "${jail} : error on starting sshd"
-    pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
-    notice "${jail} was started [${pid}]"
-}
-
-sub_stop() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : trying to stop inexistant jail"
-    check_jail_on "${jail}" || error "${jail} : trying to stop not running jail"
-
-    pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
-    for conn in $(ps --ppid "${pid}" -o pid=); do
-        kill "${conn}"
-    done
-    kill "${pid}" && notice "${jail} was stopped [${pid}]"
-    umount --lazy --recursive "${JAILDIR}/${jail}/dev"
-    umount --lazy "${JAILDIR}/${jail}/proc/"
-}
-
-sub_reload() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : trying to reload inexistant jail"
-    check_jail_on "${jail}" || error "${jail} : trying to reload not running jail"
-
-    pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
-
-    kill -HUP "${pid}" && notice "${jail} was reloaded [${pid}]"
-}
-
-sub_status() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : inexistant jail ! Use '$0 status' for list all"
-
-    inc=$(get_inc "${jail}")
-    if ( check_jail_on "${jail}" ); then
-        status="ON "
-    else
-        status="OFF"
-    fi
-    port=$(get_port "${jail}")
-    ip=$(get_ip "${jail}"|xargs|tr -s ' ' ',')
-    echo "${jail} ${status} ${port} ${inc} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
-}
-
-sub_params() {
-    jail="${1}"
-    params="${2}"
-    option="${3}"
-    check_jail "${jail}" || error "${jail} : inexistant jail'"
-
-    if [ -z "${option}" ]; then
-        "get_${params}" "${jail}"
-    else
-        "set_${params}" "${jail}" "${option}"
-        check_jail_on "${jail}" && sub_reload "${jail}"
-        notice "${jail} : update ${params} => ${option}"
-    fi
-}
-
-sub_sync() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : trying to sync inexistant jail"
-
-    [ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !"
-
-    jail="${1}"
-    ssh "${NODE}" bkctld init "${jail}" | debug
-    rsync -a "${JAILDIR}/${jail}/" "${NODE}:${JAILDIR}/${jail}/" --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/*
-    rsync -a "${CONFDIR}/${jail}" "${NODE}:${CONFDIR}/${jail}"
-    if ( check_jail_on "${jail}" ); then
-        ssh "${NODE}" bkctld start "${jail}" | debug
-    fi
-    if [ -n "${FIREWALL_RULES}" ]; then
-        rsync -a "${FIREWALL_RULES}" "${NODE}:${FIREWALL_RULES}"
-        ssh "${NODE}" /etc/init.d/minifirewall restart | debug
-    fi
-}
-
-sub_inc() {
-    date=$(date +"%Y-%m-%d-%H")
-    jails=$(ls "${JAILDIR}")
-    for jail in ${jails}; do
-        inc="${INCDIR}/${jail}/${date}"
-        mkdir -p "${INCDIR}/${jail}"
-        if [ ! -d "${inc}" ]; then
-            start=$(date +"%H:%M:%S")
-            jail_inode=$(stat --format=%i "${JAILDIR}/${jail}")
-            if [ "$jail_inode" -eq 256 ]; then
-                /bin/btrfs subvolume snapshot -r "${JAILDIR}/${jail}" "${inc}" | debug
-            else
-                cp -alx "${JAILDIR}/${jail}/" "${inc}" | debug
-            fi
-            end=$(date +"%H:%M:%S")
-            notice "${jail} : made ${date} inc [${start}/${end}]"
-        else
-            warning "${jail} : trying to made already existant inc"
-        fi
-    done
-}
-
-sub_rm() {
-    empty="/tmp/bkctld-${$}-$(date +%N))"
-    mkdir "${empty}"
-    pidfile="/var/run/bkctld-rm.pid"
-    if [ -f "${pidfile}" ]; then
-        pid=$(cat "${pidfile}")
-        ps -u "${pid}" >/dev/null
-        if [ "${?}" -eq 0 ]; then
-            kill -9 "${pid}"
-            warning "${0} rm always run (PID ${pid}), killed by ${$} !"
-        fi
-        rm "${pidfile}"
-        fi
-    echo "${$}" > "${pidfile}"
-    jails=$(ls "${JAILDIR}")
-    for jail in ${jails}; do
-        incs=$(ls "${INCDIR}/${jail}")
-        if [ -f "${CONFDIR}/${jail}" ]; then
-            keepfile="${CONFDIR}/.keep-${jail}"
-            while read j; do
-                date=$( echo "${j}" | cut -d. -f1 )
-                before=$( echo "${j}" | cut -d. -f2 )
-                date -d "$(date "${date}") ${before}" "+%Y-%m-%d"
-            done < "${CONFDIR}/${jail}" > "${keepfile}"
-            for j in $(echo "${incs}" | grep -v -f "${keepfile}"); do
-                start=$(date +"%H:%M:%S")
-                inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${j}")
-                if [ "${inc_inode}" -eq 256 ]; then
-                    /bin/btrfs subvolume delete "${INCDIR}/${jail}/${j}" | debug
-                else
-                    cd "${INCDIR}/${jail}"
-                    rsync -a --delete "${empty}/" "${j}/"
-                    rmdir "${j}"
-                fi
-                end=$(date +"%H:%M:%S")
-                notice "${jail} : deleted ${j} inc [${start}/${end}]"
-            done
-        fi
-    done
-    rmdir "${empty}"
-    rm "${pidfile}"
-}
-
-sub_check() {
-    cur_time=$(date "+%s")
-    return=0
-    nb_crit=0
-    nb_warn=0
-    nb_ok=0
-    nb_unkn=0
-    output=""
-
-    if [ -b "${BACKUP_DISK}" ]; then
-	cryptsetup isLuks "${BACKUP_DISK}"
-        if [ "$?" -eq 0 ]; then
-            if [ ! -b '/dev/mapper/backup' ]; then
-                echo "Luks disk ${BACKUP_DISK} is not mounted !\n"
-                echo "cryptsetup luksOpen ${BACKUP_DISK} backup"
-                exit 2
-            fi
-            BACKUP_DISK='/dev/mapper/backup'
-        fi
-        grep -qE "^${BACKUP_DISK} " /etc/mtab
-        if [ "$?" -ne 0 ]; then
-             echo "Backup disk ${BACKUP_DISK} is not mounted !\n"
-             echo "mount ${BACKUP_DISK} /backup"
-             exit 2
-        fi
-    fi
-
-    jails=$(ls "${JAILDIR}")
-    for jail in ${jails}; do
-        if [ -f "${JAILDIR}/${jail}/var/log/lastlog" ]; then
-            last_conn=$(stat --format=%Y "${JAILDIR}/${jail}/var/log/lastlog")
-            date_diff=$(( (cur_time - last_conn) / (60*60) ))
-            if [ "${date_diff}" -gt "${CRITICAL}" ]; then
-                nb_crit=$((nb_crit + 1))
-                output="${output}CRITICAL - ${jail} - ${date_diff} hours\n"
-                [ "${return}" -le 2 ] && return=2
-            elif [ "${date_diff}" -gt "${WARNING}" ]; then
-                nb_warn=$((nb_warn + 1))
-                output="${output}WARNING - ${jail} - ${date_diff} hours\n"
-                [ "${return}" -le 1 ] && return=1
-            else
-                nb_ok=$((nb_ok + 1))
-                output="${output}OK - ${jail} - ${date_diff} hours\n"
-            fi
-        else
-            nb_unkn=$((nb_unkn + 1))
-            output="${output}UNKNOWN - ${jail} doesn't have lastlog !\n"
-            [ "${return}" -le 3 ] && return=3
-        fi
-    done
-
-    [ "${return}" -ge 0 ] && header="OK"
-    [ "${return}" -ge 1 ] && header="WARNING"
-    [ "${return}" -ge 2 ] && header="CRITICAL"
-    [ "${return}" -ge 3 ] && header="UNKNOW"
-
-    printf "%s - %s UNK / %s CRIT / %s WARN / %s OK\n\n" "${header}" "${nb_unkn}" "${nb_crit}" "${nb_warn}" "${nb_ok}"
-
-    printf "${output}" | grep -E "^UNKNOW"
-    printf "${output}" | grep -E "^CRITICAL"
-    printf "${output}" | grep -E "^WARNING"
-    printf "${output}" | grep -E "^OK"
-
-    exit "${return}"
-}
-
-sub_stats() {
-    lsof "${IDX_FILE}" >/dev/null 2>&1 || nohup sh -s -- <<EOF >/dev/null 2>&1 &
-ionice -c3 "${DUC}" index -d "${IDX_FILE}" "${JAILDIR}"
-touch "${INDEX_DIR}/.lastrun.duc"
-EOF
-    [ ! -f "${INDEX_DIR}/.lastrun.duc" ] && notice "First run of DUC always in progress ..." && exit 0
-    [ ! -f ${IDX_FILE} ] && error "Index file do not exits !"
-    printf "Last update of index file : "
-    stat --format=%Y "${INDEX_DIR}/.lastrun.duc" | xargs -i -n1 date -R -d "@{}"
-    echo "<jail> <size> <incs> <lastconn>" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $1, $2, $3, $4); }'
-    duc_output=$(mktemp)
-    stat_output=$(mktemp)
-    incs_output=$(mktemp)
-    trap "rm ${duc_output} ${incs_output} ${stat_output}" 0
-    "${DUC}" ls -d "${IDX_FILE}" "${JAILDIR}" > "${duc_output}"
-    awk '{ print $2 }' "${duc_output}" | while read jail; do
-        stat --format=%Y "/backup/jails/${jail}/var/log/lastlog" | xargs -i -n1 date -d "@{}" "+%d-%m-%Y" >> "${stat_output}"
-        get_inc "${jail}" >> "${incs_output}"
-    done
-    paste "${duc_output}" "${incs_output}" "${stat_output}" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $2, $1, $3, $4); }'
-}
-
-## main function : check usage and valid params
-
-main() {
-    [ "$(id -u)" -ne 0 ] && error "You need to be root to run ${0} !"
-
-    [ -f /etc/default/bkctld ] && . /etc/default/bkctld
-    CONFDIR="${CONFDIR:-/etc/evobackup}"
-    BACKUP_DISK="${BACKUP_DISK:-}"
-    JAILDIR="${JAILDIR:-/backup/jails}"
-    INCDIR="${INCDIR:-/backup/incs}"
-    TPLDIR="${TPLDIR:-/usr/share/bkctld}"
-    INDEX_DIR="${INDEX_DIR:-/backup/index}"
-    IDX_FILE="${IDX_FILE:-${INDEX_DIR}/bkctld-jails.idx}"
-    LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"
-    SSHD_PID="${SSHD_PID:-/run/sshd.pid}"
-    SSHD_CONFIG="${SSHD_CONFIG:-/etc/ssh/sshd_config}"
-    AUTHORIZED_KEYS="${AUTHORIZED_KEYS:-/root/.ssh/authorized_keys}"
-    FIREWALL_RULES="${FIREWALL_RULES:-}"
-    LOGLEVEL="${LOGLEVEL:-6}"
-    CRITICAL="${CRITICAL:-48}"
-    WARNING="${WARNING:-24}"
-    DUC=$(command -v duc-nox||command -v duc)
-    mkdir -p "${CONFDIR}" "${JAILDIR}" "${INCDIR}" "${INDEX_DIR}"
-    subcommand="${1:-}"
-    jail="${2:-}"
-    option="${3:-}"
-    case "${subcommand}" in
-        "" | "-h" | "--help")
-            usage
-            ;;
-        "inc" | "rm" | "check" | "stats")
-            "sub_${subcommand}"
-        ;;
-            "init")
-        if [ -n "${jail}" ]; then
-            "sub_${subcommand}" "${jail}"
-        else
-            usage
-        fi
-        ;;
-        "key" | "port" | "ip")
-        if [ -n "${jail}" ]; then
-            sub_params "${jail}" "${subcommand}" "${option}"
-        else
-            usage
-        fi
-        ;;
-        "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
-        if [ -n "${jail}" ]; then
-            if [ "${jail}" = "all" ]; then
-                jails=$(ls "${JAILDIR}")
-                for jail in ${jails}; do
-                    case "${subcommand}" in
-                        "start")
-                            check_jail_on "${jail}" || "sub_${subcommand}" "${jail}"
-                        ;;
-                        "stop" | "reload")
-                            check_jail_on "${jail}" && "sub_${subcommand}" "${jail}"
-                        ;;
-                        "restart")
-                            check_jail_on "${jail}" && sub_stop "${jail}"
-                            sub_start "${jail}"
-                        ;;
-                        *)
-                            "sub_${subcommand}" "${jail}"
-                        ;;
-                    esac
-                        done
-            else
-                if [ "${subcommand}" != "restart" ]; then
-                    "sub_${subcommand}" "${jail}"
-                else
-                    check_jail_on "${jail}" && sub_stop "${jail}"
-                    sub_start "${jail}"
-                fi
-            fi
-        else
-            usage
-        fi
-        ;;
-        "status")
-        if [ -z "${jail}" ]; then
-            jails=$(ls "${JAILDIR}")
-            for jail in ${jails}; do
-                "sub_${subcommand}" "${jail}"
-            done
-        else
-            "sub_${subcommand}" "${jail}"
-        fi
-        ;;
-        *)
-            shift
-            warning "'${subcommand}' is not a known subcommand." && usage
-            exit 1
-            ;;
-    esac
-}
-
-main "${@}"
+    ;;
+esac
diff --git a/lib/bkctld-check b/lib/bkctld-check
new file mode 100755
index 0000000..0e957b0
--- /dev/null
+++ b/lib/bkctld-check
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+cur_time=$(date "+%s")
+return=0
+nb_crit=0
+nb_warn=0
+nb_ok=0
+nb_unkn=0
+output=""
+
+if [ -b "${BACKUP_DISK}" ]; then
+    cryptsetup isLuks "${BACKUP_DISK}"
+    if [ "$?" -eq 0 ]; then
+        if [ ! -b '/dev/mapper/backup' ]; then
+            echo "Luks disk ${BACKUP_DISK} is not mounted !\n"
+            echo "cryptsetup luksOpen ${BACKUP_DISK} backup"
+            exit 2
+        fi
+        BACKUP_DISK='/dev/mapper/backup'
+    fi
+    grep -qE "^${BACKUP_DISK} " /etc/mtab
+    if [ "$?" -ne 0 ]; then
+         echo "Backup disk ${BACKUP_DISK} is not mounted !\n"
+         echo "mount ${BACKUP_DISK} /backup"
+         exit 2
+    fi
+fi
+
+jails=$(ls "${JAILDIR}")
+for jail in ${jails}; do
+    if [ -f "${JAILDIR}/${jail}/var/log/lastlog" ]; then
+        last_conn=$(stat --format=%Y "${JAILDIR}/${jail}/var/log/lastlog")
+        date_diff=$(( (cur_time - last_conn) / (60*60) ))
+        if [ "${date_diff}" -gt "${CRITICAL}" ]; then
+            nb_crit=$((nb_crit + 1))
+            output="${output}CRITICAL - ${jail} - ${date_diff} hours\n"
+            [ "${return}" -le 2 ] && return=2
+        elif [ "${date_diff}" -gt "${WARNING}" ]; then
+            nb_warn=$((nb_warn + 1))
+            output="${output}WARNING - ${jail} - ${date_diff} hours\n"
+            [ "${return}" -le 1 ] && return=1
+        else
+            nb_ok=$((nb_ok + 1))
+            output="${output}OK - ${jail} - ${date_diff} hours\n"
+        fi
+    else
+        nb_unkn=$((nb_unkn + 1))
+        output="${output}UNKNOWN - ${jail} doesn't have lastlog !\n"
+        [ "${return}" -le 3 ] && return=3
+    fi
+done
+
+[ "${return}" -ge 0 ] && header="OK"
+[ "${return}" -ge 1 ] && header="WARNING"
+[ "${return}" -ge 2 ] && header="CRITICAL"
+[ "${return}" -ge 3 ] && header="UNKNOW"
+
+printf "%s - %s UNK / %s CRIT / %s WARN / %s OK\n\n" "${header}" "${nb_unkn}" "${nb_crit}" "${nb_warn}" "${nb_ok}"
+
+printf "${output}" | grep -E "^UNKNOW"
+printf "${output}" | grep -E "^CRITICAL"
+printf "${output}" | grep -E "^WARNING"
+printf "${output}" | grep -E "^OK"
+
+exit "${return}"
diff --git a/lib/bkctld-inc b/lib/bkctld-inc
new file mode 100755
index 0000000..f55a28c
--- /dev/null
+++ b/lib/bkctld-inc
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+date=$(date +"%Y-%m-%d-%H")
+jails=$(ls "${JAILDIR}")
+for jail in ${jails}; do
+    inc="${INCDIR}/${jail}/${date}"
+    mkdir -p "${INCDIR}/${jail}"
+    if [ ! -d "${inc}" ]; then
+        start=$(date +"%H:%M:%S")
+        jail_inode=$(stat --format=%i "${JAILDIR}/${jail}")
+        if [ "$jail_inode" -eq 256 ]; then
+            /bin/btrfs subvolume snapshot -r "${JAILDIR}/${jail}" "${inc}" | debug
+        else
+            cp -alx "${JAILDIR}/${jail}/" "${inc}" | debug
+        fi
+        end=$(date +"%H:%M:%S")
+        notice "${jail} : made ${date} inc [${start}/${end}]"
+    else
+        warning "${jail} : trying to made already existant inc"
+    fi
+done
diff --git a/lib/bkctld-init b/lib/bkctld-init
new file mode 100755
index 0000000..ddbe8ae
--- /dev/null
+++ b/lib/bkctld-init
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" && error "${jail} : trying to create existant jail"
+
+sshd_config="${TPLDIR}/sshd_config"
+inctpl="${TPLDIR}/inc.tpl"
+[ -f "${LOCALTPLDIR}/sshd_config" ] && sshd_config="${LOCALTPLDIR}/sshd_config"
+[ -f "${LOCALTPLDIR}/inc.tpl" ] && inctpl="${LOCALTPLDIR}/inc.tpl"
+
+rootdir=$(dirname "${JAILDIR}")
+rootdir_inode=$(stat --format=%i "${rootdir}")
+jaildir_inode=$(stat --format=%i "${JAILDIR}")
+if [ "${rootdir_inode}" -eq 256 ] || [ "${jaildir_inode}" -eq 256 ]; then
+    /bin/btrfs subvolume create "${JAILDIR}/${jail}"
+else
+    mkdir -p "${JAILDIR}/${jail}"
+fi
+. "${LIBDIR}/mkjail"
+info "4 - Copie default sshd_config"
+install -m 0640 "${sshd_config}" "${JAILDIR}/${jail}/${SSHD_CONFIG}"
+info "5 - Set usable sshd port"
+set_port "${jail}" auto
+info "6 - Copie default inc configuration"
+install -m 0640 "${inctpl}" "${CONFDIR}/${jail}"
+notice "${jail} : created jail"
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
new file mode 120000
index 0000000..5b4f890
--- /dev/null
+++ b/lib/bkctld-ip
@@ -0,0 +1 @@
+bkctld-params
\ No newline at end of file
diff --git a/lib/bkctld-key b/lib/bkctld-key
new file mode 120000
index 0000000..5b4f890
--- /dev/null
+++ b/lib/bkctld-key
@@ -0,0 +1 @@
+bkctld-params
\ No newline at end of file
diff --git a/lib/bkctld-params b/lib/bkctld-params
new file mode 100755
index 0000000..f0fae46
--- /dev/null
+++ b/lib/bkctld-params
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+params="${2:-}"
+option="${3:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : inexistant jail'"
+
+if [ -z "${option}" ]; then
+    "get_${params}" "${jail}"
+else
+    "set_${params}" "${jail}" "${option}"
+    check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
+    notice "${jail} : update ${params} => ${option}"
+fi
diff --git a/lib/bkctld-port b/lib/bkctld-port
new file mode 120000
index 0000000..5b4f890
--- /dev/null
+++ b/lib/bkctld-port
@@ -0,0 +1 @@
+bkctld-params
\ No newline at end of file
diff --git a/lib/bkctld-reload b/lib/bkctld-reload
new file mode 100755
index 0000000..4c05dd4
--- /dev/null
+++ b/lib/bkctld-reload
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to reload inexistant jail"
+check_jail_on "${jail}" || error "${jail} : trying to reload not running jail"
+
+pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
+
+kill -HUP "${pid}" && notice "${jail} was reloaded [${pid}]"
diff --git a/lib/bkctld-remove b/lib/bkctld-remove
new file mode 100755
index 0000000..13f668e
--- /dev/null
+++ b/lib/bkctld-remove
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to remove inexistant jail"
+check_jail_on "${jail}" && . "${LIBDIR}/bkctld-stop" "${jail}"
+
+rm -f "${CONFDIR}/${jail}"
+jail_inode=$(stat --format=%i "${JAILDIR}/${jail}")
+if [ "${jail_inode}" -eq 256 ]; then
+    /bin/btrfs subvolume delete "${JAILDIR}/${jail}" | debug
+else
+    rm -rf "${JAILDIR}/${jail}" | debug
+fi
+if [ -d  "${INCDIR}/${jail}" ]; then
+    incs=$(ls "${INCDIR}/${jail}")
+    for inc in ${incs}; do
+        inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${inc}")
+        if [ "${inc_inode}" -eq 256 ]; then
+            /bin/btrfs subvolume delete "${INCDIR}/${jail}/${inc}" | debug
+        else
+            warning "You need to purge ${INCDIR}/${jail}/${inc} manually !"
+        fi
+    done
+    rmdir --ignore-fail-on-non-empty "${INCDIR}/${jail}" | debug
+fi
+set_firewall "${jail}"
+notice "${jail} : deleted jail"
diff --git a/lib/bkctld-restart b/lib/bkctld-restart
new file mode 100755
index 0000000..3cef9ca
--- /dev/null
+++ b/lib/bkctld-restart
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -eu
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to restart inexistant jail"
+check_jail_on "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
+"${LIBDIR}/bkctld-start" "${jail}"
diff --git a/lib/bkctld-rm b/lib/bkctld-rm
new file mode 100755
index 0000000..30e80a8
--- /dev/null
+++ b/lib/bkctld-rm
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+empty="/tmp/bkctld-${$}-$(date +%N))"
+mkdir "${empty}"
+pidfile="/var/run/bkctld-rm.pid"
+if [ -f "${pidfile}" ]; then
+    pid=$(cat "${pidfile}")
+    ps -u "${pid}" >/dev/null
+    if [ "${?}" -eq 0 ]; then
+        kill -9 "${pid}"
+        warning "${0} rm always run (PID ${pid}), killed by ${$} !"
+    fi
+    rm "${pidfile}"
+    fi
+echo "${$}" > "${pidfile}"
+jails=$(ls "${JAILDIR}")
+for jail in ${jails}; do
+    incs=$(ls "${INCDIR}/${jail}")
+    if [ -f "${CONFDIR}/${jail}" ]; then
+        keepfile="${CONFDIR}/.keep-${jail}"
+        while read j; do
+            date=$( echo "${j}" | cut -d. -f1 )
+            before=$( echo "${j}" | cut -d. -f2 )
+            date -d "$(date "${date}") ${before}" "+%Y-%m-%d"
+        done < "${CONFDIR}/${jail}" > "${keepfile}"
+        for j in $(echo "${incs}" | grep -v -f "${keepfile}"); do
+            start=$(date +"%H:%M:%S")
+            inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${j}")
+            if [ "${inc_inode}" -eq 256 ]; then
+                /bin/btrfs subvolume delete "${INCDIR}/${jail}/${j}" | debug
+            else
+                cd "${INCDIR}/${jail}"
+                rsync -a --delete "${empty}/" "${j}/"
+                rmdir "${j}"
+            fi
+            end=$(date +"%H:%M:%S")
+            notice "${jail} : deleted ${j} inc [${start}/${end}]"
+        done
+    fi
+done
+rmdir "${empty}"
+rm "${pidfile}"
diff --git a/lib/bkctld-start b/lib/bkctld-start
new file mode 100755
index 0000000..f2514ab
--- /dev/null
+++ b/lib/bkctld-start
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to start inexistant jail"
+check_jail_on "${jail}" && error "${jail} : trying to start already running jail"
+
+cd "${JAILDIR}/${jail}"
+grep -q "${JAILDIR}/${jail}/proc" /proc/mounts || mount -t proc "proc-${jail}" proc
+grep -q "${JAILDIR}/${jail}/dev" /proc/mounts || mount -nt tmpfs "dev-${jail}" dev
+[ -e "dev/console" ] || mknod -m 622 dev/console c 5 1
+[ -e "dev/null" ] || mknod -m 666 dev/null c 1 3
+[ -e "dev/zero" ] || mknod -m 666 dev/zero c 1 5
+[ -e "dev/ptmx" ] || mknod -m 666 dev/ptmx c 5 2
+[ -e "dev/tty" ] || mknod -m 666 dev/tty c 5 0
+[ -e "dev/random" ] || mknod -m 444 dev/random c 1 8
+[ -e "dev/urandom" ] || mknod -m 444 dev/urandom c 1 9
+chown root:tty dev/console dev/ptmx dev/tty
+ln -fs proc/self/fd dev/fd
+ln -fs proc/self/fd/0 dev/stdin
+ln -fs proc/self/fd/1 dev/stdout
+ln -fs proc/self/fd/2 dev/stderr
+ln -fs proc/kcore dev/core
+mkdir -p dev/pts
+mkdir -p dev/shm
+grep -q "${JAILDIR}/${jail}/dev/pts" /proc/mounts || mount -t devpts -o gid=4,mode=620 none dev/pts
+grep -q "${JAILDIR}/${jail}/dev/shm" /proc/mounts || mount -t tmpfs none dev/shm
+chroot "${JAILDIR}/${jail}" /usr/sbin/sshd -E /var/log/authlog || error "${jail} : error on starting sshd"
+pidfile="${JAILDIR}/${jail}/${SSHD_PID}"
+for try in {1..10}; do
+    [ -f "${pidfile}" ] || sleep 0.3
+done
+pid=$(cat "${pidfile}")
+notice "${jail} was started [${pid}]"
diff --git a/lib/bkctld-stats b/lib/bkctld-stats
new file mode 100755
index 0000000..9e955ed
--- /dev/null
+++ b/lib/bkctld-stats
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+lsof "${IDX_FILE}" >/dev/null 2>&1 || nohup sh -s -- <<EOF >/dev/null 2>&1 &
+ce -c3 "${DUC}" index -d "${IDX_FILE}" "${JAILDIR}"
+touch "${INDEX_DIR}/.lastrun.duc"
+EOF
+[ ! -f "${INDEX_DIR}/.lastrun.duc" ] && notice "First run of DUC always in progress ..." && exit 0
+[ ! -f ${IDX_FILE} ] && error "Index file do not exits !"
+printf "Last update of index file : "
+stat --format=%Y "${INDEX_DIR}/.lastrun.duc" | xargs -i -n1 date -R -d "@{}"
+echo "<jail> <size> <incs> <lastconn>" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $1, $2, $3, $4); }'
+duc_output=$(mktemp)
+stat_output=$(mktemp)
+incs_output=$(mktemp)
+trap "rm ${duc_output} ${incs_output} ${stat_output}" 0
+"${DUC}" ls -d "${IDX_FILE}" "${JAILDIR}" > "${duc_output}"
+awk '{ print $2 }' "${duc_output}" | while read jail; do
+    stat --format=%Y "/backup/jails/${jail}/var/log/lastlog" | xargs -i -n1 date -d "@{}" "+%d-%m-%Y" >> "${stat_output}"
+    get_inc "${jail}" >> "${incs_output}"
+done
+paste "${duc_output}" "${incs_output}" "${stat_output}" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $2, $1, $3, $4); }'
diff --git a/lib/bkctld-status b/lib/bkctld-status
new file mode 100755
index 0000000..e0082d2
--- /dev/null
+++ b/lib/bkctld-status
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : inexistant jail ! Use '$0 status' for list all"
+
+inc=$(get_inc "${jail}")
+if ( check_jail_on "${jail}" ); then
+    status="ON "
+else
+    status="OFF"
+fi
+port=$(get_port "${jail}")
+ip=$(get_ip "${jail}"|xargs|tr -s ' ' ',')
+echo "${jail} ${status} ${port} ${inc} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
diff --git a/lib/bkctld-stop b/lib/bkctld-stop
new file mode 100755
index 0000000..1bafc0b
--- /dev/null
+++ b/lib/bkctld-stop
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to stop inexistant jail"
+check_jail_on "${jail}" || error "${jail} : trying to stop not running jail"
+
+pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
+for conn in $(ps --ppid "${pid}" -o pid=); do
+    kill "${conn}"
+done
+kill "${pid}" && notice "${jail} was stopped [${pid}]"
+umount --lazy --recursive "${JAILDIR}/${jail}/dev"
+umount --lazy "${JAILDIR}/${jail}/proc/"
diff --git a/lib/bkctld-sync b/lib/bkctld-sync
new file mode 100755
index 0000000..6081b7b
--- /dev/null
+++ b/lib/bkctld-sync
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to sync inexistant jail"
+
+[ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !"
+
+jail="${1}"
+ssh "${NODE}" "${LIBDIR}/bkctld-init" "${jail}" | debug
+rsync -a "${JAILDIR}/${jail}/" "${NODE}:${JAILDIR}/${jail}/" --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/*
+rsync -a "${CONFDIR}/${jail}" "${NODE}:${CONFDIR}/${jail}"
+if ( check_jail_on "${jail}" ); then
+    ssh "${NODE}" "${LIBDIR}/bkctld-start" "${jail}" | debug
+fi
+if [ -n "${FIREWALL_RULES}" ]; then
+    rsync -a "${FIREWALL_RULES}" "${NODE}:${FIREWALL_RULES}"
+    ssh "${NODE}" /etc/init.d/minifirewall restart | debug
+fi
diff --git a/lib/bkctld-update b/lib/bkctld-update
new file mode 100755
index 0000000..8ccaf50
--- /dev/null
+++ b/lib/bkctld-update
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to update inexistant jail"
+check_jail_on "${jail}" && . "${LIBDIR}$/bkctld-stop" "${jail}"
+
+. "${LIBDIR}/mkjail"
+notice "${jail} : updated jail"
diff --git a/lib/config b/lib/config
new file mode 100755
index 0000000..0c14959
--- /dev/null
+++ b/lib/config
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+[ -f /etc/default/bkctld ] && . /etc/default/bkctld
+LIBDIR=${LIBDIR:-/usr/lib/bkctld}
+CONFDIR="${CONFDIR:-/etc/evobackup}"
+BACKUP_DISK="${BACKUP_DISK:-}"
+JAILDIR="${JAILDIR:-/backup/jails}"
+INCDIR="${INCDIR:-/backup/incs}"
+TPLDIR="${TPLDIR:-/usr/share/bkctld}"
+INDEX_DIR="${INDEX_DIR:-/backup/index}"
+IDX_FILE="${IDX_FILE:-${INDEX_DIR}/bkctld-jails.idx}"
+LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"
+SSHD_PID="${SSHD_PID:-/run/sshd.pid}"
+SSHD_CONFIG="${SSHD_CONFIG:-/etc/ssh/sshd_config}"
+AUTHORIZED_KEYS="${AUTHORIZED_KEYS:-/root/.ssh/authorized_keys}"
+FIREWALL_RULES="${FIREWALL_RULES:-}"
+LOGLEVEL="${LOGLEVEL:-6}"
+CRITICAL="${CRITICAL:-48}"
+WARNING="${WARNING:-24}"
+DUC=$(command -v duc-nox||command -v duc)
+
+. "${LIBDIR}/logging"
+. "${LIBDIR}/functions"
diff --git a/lib/functions b/lib/functions
new file mode 100755
index 0000000..d694c84
--- /dev/null
+++ b/lib/functions
@@ -0,0 +1,133 @@
+#!/bin/sh
+
+usage() {
+    cat <<EOF
+Usage: $0 <subcommand> [options]
+Subcommands:
+    init        <jailname>                      Init jail <jailname>
+    update      <jailname>|all                  Update jail <jailname> or all
+    remove      <jailname>|all                  Remove jail <jailname> or all
+    start       <jailname>|all                  Start jail <jailname> or all
+    stop        <jailname>|all                  Stop jail <jailname> or all
+    reload      <jailname>|all                  Reload jail <jailname> or all
+    restart     <jailname>|all                  Restart jail <jailname> or all
+    sync        <jailname>|all                  Sync jail <jailname> or all to another node
+    status      [<jailname>]                    Print status of <jailname> (default all jail)
+    key         <jailname>      [<keyfile>]     Set or get ssh pubic key of <jailname>
+    port        <jailname>      [<port>|auto]   Set or get ssh port of <jailname>
+    ip          <jailname>      [<ip>|all]      Set or get allowed(s) ip(s) of <jailname>
+    inc                                         Make incremental inc of all jails
+    rm                                          Remove old incremtal inc of all jails
+    check                                       Run check on jails (NRPE output)
+    stats                                       Make and display stats on jails (size, lastconn)
+
+EOF
+exit 1
+}
+
+check_jail() {
+    jail="${1}"
+    [ -d "${JAILDIR}/${jail}" ] && return 0
+    return 1
+}
+
+check_jail_on() {
+    jail="${1}"
+    return=1
+    if [ -f "${JAILDIR}/${jail}/${SSHD_PID}" ]; then
+        pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
+        ps -p "${pid}" > /dev/null && return=0
+    fi
+    if [ "${return}" -eq 1 ]; then
+        rm -f "${JAILDIR}/${jail}/${SSHD_PID}"
+        grep -q "${JAILDIR}/${jail}/proc" /proc/mounts && umount --lazy "${JAILDIR}/${jail}/proc/"
+        grep -q "${JAILDIR}/${jail}/dev" /proc/mounts && umount --lazy --recursive "${JAILDIR}/${jail}/dev"
+    fi
+    return "${return}"
+}
+
+get_port() {
+    jail="${1}"
+    port=$(grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+")
+    echo "${port}"
+}
+
+get_key() {
+    jail="${1}"
+    if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
+        cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
+    fi
+}
+
+get_ip() {
+    jail="${1}"
+    grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
+        echo "${allow}"|cut -d'@' -f2
+    done
+}
+
+get_inc() {
+    jail="${1}"
+    inc="0"
+        if [ -f "${CONFDIR}/${jail}" ]; then
+            day=$(grep -c "day" "${CONFDIR}/${jail}")
+            month=$(grep -c "month" "${CONFDIR}/${jail}")
+            inc="${day}/${month}"
+        fi
+    echo "${inc}"
+}
+
+set_port() {
+    jail="${1}"
+    port="${2}"
+    if [ "${port}" = "auto" ]; then
+        port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1)
+        port=$((port+1))
+        [ "${port}" -le 1 ] && port=2222
+    fi
+    sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
+    set_firewall "${jail}"
+}
+
+set_key() {
+    jail="${1}"
+    keyfile="${2}"
+    [ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !"
+    cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
+    chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
+}
+
+set_ip() {
+    jail="${1}"
+    ip="${2}"
+    if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
+        ips="0.0.0.0/0"
+    else
+        ips=$(get_ip "${jail}")
+        ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
+    fi
+    allow="AllowUsers"
+    for ip in $ips; do
+        allow="${allow} root@${ip}"
+    done
+    sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
+    set_firewall "${jail}"
+}
+
+set_firewall() {
+    jail="${1}"
+    if [ -n "${FIREWALL_RULES}" ]; then
+        if [ -f "${FIREWALL_RULES}" ]; then
+            sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
+        fi
+        if ( check_jail "${jail}" ); then
+            port=$(get_port "${jail}")
+            for ip in $(get_ip "${jail}"); do
+                echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
+            done
+            if [ -f /etc/init.d/minifirewall ]; then
+                /etc/init.d/minifirewall restart >/dev/null
+            fi
+        fi
+    fi
+}
diff --git a/lib/logging b/lib/logging
new file mode 100755
index 0000000..529de4c
--- /dev/null
+++ b/lib/logging
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+debug() {
+    msg="${1:-$(cat /dev/stdin)}"
+    if [ "${LOGLEVEL}" -ge 7 ]; then
+        echo "${msg}"
+        logger -t bkctld -p daemon.debug "${msg}"
+    fi
+}
+
+info() {
+    msg="${1:-$(cat /dev/stdin)}"
+    if [ "${LOGLEVEL}" -ge 6 ]; then
+        tty -s && echo "${msg}"
+        logger -t bkctld -p daemon.info "${msg}"
+    fi
+}
+
+notice() {
+    msg="${1:-$(cat /dev/stdin)}"
+    tty -s && echo "${msg}"
+    [ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "${msg}"
+}
+
+warning() {
+    msg="${1:-$(cat /dev/stdin)}"
+    tty -s && echo "WARNING : ${msg}" >&2
+    if [ "${LOGLEVEL}" -ge 4 ]; then
+        tty -s || echo "WARNING : ${msg}" >&2
+        logger -t bkctld -p daemon.warning "${msg}"
+    fi
+}
+
+error() {
+    msg="${1:-$(cat /dev/stdin)}"
+    tty -s && echo "ERROR : ${msg}" >&2
+    if [ "${LOGLEVEL}" -ge 5 ]; then
+        tty -s || echo "ERROR : ${msg}" >&2
+        logger -t bkctld -p daemon.error "${msg}"
+    fi
+    exit 1
+}
diff --git a/lib/mkjail b/lib/mkjail
new file mode 100755
index 0000000..e21374d
--- /dev/null
+++ b/lib/mkjail
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+passwd="${TPLDIR}/passwd"
+shadow="${TPLDIR}/shadow"
+group="${TPLDIR}/group"
+sshrc="${TPLDIR}/sshrc"
+[ -f "${LOCALTPLDIR}/passwd" ] && passwd="${LOCALTPLDIR}/passwd"
+[ -f "${LOCALTPLDIR}/shadow" ] && shadow="${LOCALTPLDIR}/shadow"
+[ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group"
+[ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc"
+umask 077
+
+info "1 - Creating the chroot"
+cd "${JAILDIR}/${jail}"
+rm -rf bin lib lib64 run usr var/run etc/ssh/*key
+mkdir -p dev proc
+mkdir -p usr/bin usr/sbin usr/lib usr/lib/x86_64-linux-gnu usr/lib/openssh usr/lib64
+mkdir -p etc/ssh var/log run/sshd
+mkdir -p root/.ssh var/backup -m 0700
+ln -s usr/bin bin
+ln -s usr/lib lib
+ln -s usr/lib64 lib64
+ln -st var ../run
+touch var/log/lastlog var/log/wtmp run/utmp
+
+info "2 - Copying essential files"
+[ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key etc/ssh
+[ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key etc/ssh
+[ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key etc/ssh
+cp "${passwd}" etc
+cp "${shadow}" etc
+cp "${group}" etc
+cp "${sshrc}" etc/ssh
+
+info "3 - Copying binaries"
+cp -f /lib/ld-linux.so.2 lib 2>/dev/null || cp -f /lib64/ld-linux-x86-64.so.2 lib64
+cp /lib/x86_64-linux-gnu/libnss* lib/x86_64-linux-gnu
+
+for dbin in /bin/sh /bin/ls /bin/mkdir /bin/cat /bin/rm /bin/sed /usr/bin/rsync /usr/bin/lastlog /usr/bin/touch /usr/sbin/sshd /usr/lib/openssh/sftp-server; do
+    cp -f "${dbin}" "${JAILDIR}/${jail}/${dbin}";
+    for lib in $(ldd "${dbin}" | grep -Eo "/.*so.[0-9\.]+"); do
+        cp -p "${lib}" "${JAILDIR}/${jail}/${lib}"
+    done
+done

From 6255cb23f23ee33c81c7abcf1bdd45083d12bff6 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Fri, 4 Jan 2019 13:53:56 +0100
Subject: [PATCH 06/52] Drop Debian Jessie support

---
 Vagrantfile | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/Vagrantfile b/Vagrantfile
index 66e0cd7..7db7458 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -24,7 +24,7 @@ mkdir -p /usr/lib/nagios/plugins/
 SCRIPT
 
   $deps = <<SCRIPT
-DEBIAN_FRONTEND=noninteractive apt-get -yq install openssh-server btrfs-tools rsync lsb-base coreutils sed dash mount openssh-sftp-server libc6 bash-completion duc-nox cryptsetup
+DEBIAN_FRONTEND=noninteractive apt-get -yq install openssh-server btrfs-tools rsync lsb-base coreutils sed dash mount openssh-sftp-server libc6 bash-completion duc-nox cryptsetup bats
 SCRIPT
 
   $pre_part = <<SCRIPT
@@ -39,8 +39,6 @@ mount /dev/vdb /backup
 SCRIPT
 
   nodes = [
-    { :version => "jessie", :fs => "btrfs" },
-    { :version => "jessie", :fs => "ext4" },
     { :version => "stretch", :fs => "btrfs" },
     { :version => "stretch", :fs => "ext4" }
   ]
@@ -50,14 +48,6 @@ SCRIPT
       node.vm.hostname = "bkctld-#{i[:version]}-#{i[:fs]}"
       node.vm.box = "debian/#{i[:version]}64"
       config.vm.provision "deps", type: "shell", :inline => $deps
-      if ("#{i[:version]}" == "jessie") then
-        config.vm.provision "backports", type: "shell" do |s|
-          s.inline = "echo 'deb http://deb.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/backports.list && apt-get update"
-        end
-        config.vm.provision "bats", type: "shell", :inline => "DEBIAN_FRONTEND=noninteractive apt-get -yq install -t jessie-backports bats"
-      else
-        config.vm.provision "bats", type: "shell", :inline => "DEBIAN_FRONTEND=noninteractive apt-get -yq install bats"
-      end
       config.vm.provision "install", type: "shell", :inline => $install
       config.vm.provision "pre_part", type: "shell", :inline => $pre_part
       config.vm.provision "part", type: "shell", :inline => "mkfs.btrfs -f /dev/vdb" if "#{i[:fs]}" == "btrfs"

From 16014f3c4ff3a3f7849c09825a8f1633838db481 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Fri, 4 Jan 2019 15:55:34 +0100
Subject: [PATCH 07/52] Fix typo in bkctld-update

---
 lib/bkctld-update | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/bkctld-update b/lib/bkctld-update
index 8ccaf50..289c873 100755
--- a/lib/bkctld-update
+++ b/lib/bkctld-update
@@ -5,7 +5,7 @@ LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 jail="${1:-}"
 [ -n "${jail}" ] || usage
 check_jail "${jail}" || error "${jail} : trying to update inexistant jail"
-check_jail_on "${jail}" && . "${LIBDIR}$/bkctld-stop" "${jail}"
+check_jail_on "${jail}" && . "${LIBDIR}/bkctld-stop" "${jail}"
 
 . "${LIBDIR}/mkjail"
 notice "${jail} : updated jail"

From 6caa9078e6644e5b72c044adf297ccaccc285354 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Fri, 4 Jan 2019 16:00:31 +0100
Subject: [PATCH 08/52] Parallelize bkctld <subcommand> all

---
 bkctld            | 15 +--------------
 lib/bkctld-reload |  2 +-
 lib/bkctld-start  |  2 +-
 lib/bkctld-stop   |  2 +-
 4 files changed, 4 insertions(+), 17 deletions(-)

diff --git a/bkctld b/bkctld
index d1c01a7..79f9209 100755
--- a/bkctld
+++ b/bkctld
@@ -35,20 +35,7 @@ case "${subcommand}" in
     ;;
     "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
     if [ "${jail}" = "all" ]; then
-        jails=$(ls "${JAILDIR}")
-        for jail in ${jails}; do
-            case "${subcommand}" in
-                "start")
-                    check_jail_on "${jail}" || "${LIBDIR}/bkctld-${subcommand}" "${jail}"
-                ;;
-                "stop" | "reload" | "restart")
-                    check_jail_on "${jail}" && "${LIBDIR}/bkctld-${subcommand}" "${jail}"
-                ;;
-                *)
-                    "${LIBDIR}/bkctld-${subcommand}" "${jail}"
-                ;;
-            esac
-                done
+        ls "${JAILDIR}"|xargs --no-run-if-empty --max-args=1 --max-procs=0 "${LIBDIR}/bkctld-${subcommand}"
     else
         "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     fi
diff --git a/lib/bkctld-reload b/lib/bkctld-reload
index 4c05dd4..1e97039 100755
--- a/lib/bkctld-reload
+++ b/lib/bkctld-reload
@@ -5,7 +5,7 @@ LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 jail="${1:-}"
 [ -n "${jail}" ] || usage
 check_jail "${jail}" || error "${jail} : trying to reload inexistant jail"
-check_jail_on "${jail}" || error "${jail} : trying to reload not running jail"
+check_jail_on "${jail}" || exit 0
 
 pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
 
diff --git a/lib/bkctld-start b/lib/bkctld-start
index f2514ab..cf0daa1 100755
--- a/lib/bkctld-start
+++ b/lib/bkctld-start
@@ -5,7 +5,7 @@ LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 jail="${1:-}"
 [ -n "${jail}" ] || usage
 check_jail "${jail}" || error "${jail} : trying to start inexistant jail"
-check_jail_on "${jail}" && error "${jail} : trying to start already running jail"
+check_jail_on "${jail}" && exit 0
 
 cd "${JAILDIR}/${jail}"
 grep -q "${JAILDIR}/${jail}/proc" /proc/mounts || mount -t proc "proc-${jail}" proc
diff --git a/lib/bkctld-stop b/lib/bkctld-stop
index 1bafc0b..da2f93a 100755
--- a/lib/bkctld-stop
+++ b/lib/bkctld-stop
@@ -5,7 +5,7 @@ LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 jail="${1:-}"
 [ -n "${jail}" ] || usage
 check_jail "${jail}" || error "${jail} : trying to stop inexistant jail"
-check_jail_on "${jail}" || error "${jail} : trying to stop not running jail"
+check_jail_on "${jail}" || exit 0
 
 pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
 for conn in $(ps --ppid "${pid}" -o pid=); do

From 1522d2f6cdba8d7b322d6e159990928474f190a8 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Fri, 4 Jan 2019 16:38:20 +0100
Subject: [PATCH 09/52] Merge bkctld-params and some functions into
 bkctld-(ip|port|key) scripts

---
 bkctld            |  2 +-
 lib/bkctld-init   |  5 ++--
 lib/bkctld-ip     | 31 +++++++++++++++++++++++-
 lib/bkctld-key    | 22 ++++++++++++++++-
 lib/bkctld-params | 17 -------------
 lib/bkctld-port   | 24 ++++++++++++++++++-
 lib/bkctld-status |  4 ++--
 lib/functions     | 61 ++---------------------------------------------
 8 files changed, 81 insertions(+), 85 deletions(-)
 mode change 120000 => 100755 lib/bkctld-ip
 mode change 120000 => 100755 lib/bkctld-key
 delete mode 100755 lib/bkctld-params
 mode change 120000 => 100755 lib/bkctld-port

diff --git a/bkctld b/bkctld
index 79f9209..9e54e6b 100755
--- a/bkctld
+++ b/bkctld
@@ -31,7 +31,7 @@ case "${subcommand}" in
         "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     ;;
     "key" | "port" | "ip")
-        "${LIBDIR}/bkctld-params" "${jail}" "${subcommand}" "${option}"
+        "${LIBDIR}/bkctld-${subcommand}" "${jail}" "${option}"
     ;;
     "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
     if [ "${jail}" = "all" ]; then
diff --git a/lib/bkctld-init b/lib/bkctld-init
index ddbe8ae..c816b0f 100755
--- a/lib/bkctld-init
+++ b/lib/bkctld-init
@@ -22,8 +22,7 @@ fi
 . "${LIBDIR}/mkjail"
 info "4 - Copie default sshd_config"
 install -m 0640 "${sshd_config}" "${JAILDIR}/${jail}/${SSHD_CONFIG}"
-info "5 - Set usable sshd port"
-set_port "${jail}" auto
-info "6 - Copie default inc configuration"
+info "5 - Copie default inc configuration"
 install -m 0640 "${inctpl}" "${CONFDIR}/${jail}"
+"${LIBDIR}/bkctld-port" "${jail}" auto
 notice "${jail} : created jail"
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
deleted file mode 120000
index 5b4f890..0000000
--- a/lib/bkctld-ip
+++ /dev/null
@@ -1 +0,0 @@
-bkctld-params
\ No newline at end of file
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
new file mode 100755
index 0000000..3b8f10e
--- /dev/null
+++ b/lib/bkctld-ip
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+ip="${2:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : inexistant jail'"
+
+if [ -z "${ip}" ]; then
+    grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
+        echo "${allow}"|cut -d'@' -f2
+    done
+else
+    if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
+        ips="0.0.0.0/0"
+    else
+        ips=$("${LIBDIR}/bkctld-ip" "${jail}")
+        ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
+    fi
+    allow="AllowUsers"
+    for ip in $ips; do
+        allow="${allow} root@${ip}"
+    done
+    sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
+    set_firewall "${jail}"
+    notice "${jail} : update ip => ${ip}"
+
+    check_jail_on "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
+fi
diff --git a/lib/bkctld-key b/lib/bkctld-key
deleted file mode 120000
index 5b4f890..0000000
--- a/lib/bkctld-key
+++ /dev/null
@@ -1 +0,0 @@
-bkctld-params
\ No newline at end of file
diff --git a/lib/bkctld-key b/lib/bkctld-key
new file mode 100755
index 0000000..4f26cf7
--- /dev/null
+++ b/lib/bkctld-key
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+keyfile="${2:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : inexistant jail'"
+
+if [ -z "${keyfile}" ]; then
+    if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
+        cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
+    fi
+else
+    [ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !"
+    cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
+    chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
+    notice "${jail} : update key => ${keyfile}"
+
+    check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
+fi
diff --git a/lib/bkctld-params b/lib/bkctld-params
deleted file mode 100755
index f0fae46..0000000
--- a/lib/bkctld-params
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/sh
-
-LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
-
-jail="${1:-}"
-params="${2:-}"
-option="${3:-}"
-[ -n "${jail}" ] || usage
-check_jail "${jail}" || error "${jail} : inexistant jail'"
-
-if [ -z "${option}" ]; then
-    "get_${params}" "${jail}"
-else
-    "set_${params}" "${jail}" "${option}"
-    check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
-    notice "${jail} : update ${params} => ${option}"
-fi
diff --git a/lib/bkctld-port b/lib/bkctld-port
deleted file mode 120000
index 5b4f890..0000000
--- a/lib/bkctld-port
+++ /dev/null
@@ -1 +0,0 @@
-bkctld-params
\ No newline at end of file
diff --git a/lib/bkctld-port b/lib/bkctld-port
new file mode 100755
index 0000000..ee73356
--- /dev/null
+++ b/lib/bkctld-port
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+port="${2:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : inexistant jail'"
+
+if [ -z "${port}" ]; then
+    grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+"
+else
+    if [ "${port}" = "auto" ]; then
+        port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1)
+        port=$((port+1))
+        [ "${port}" -le 1 ] && port=2222
+    fi
+    sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
+    set_firewall "${jail}"
+    notice "${jail} : update port => ${port}"
+
+    check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
+fi
diff --git a/lib/bkctld-status b/lib/bkctld-status
index e0082d2..2d3e9ba 100755
--- a/lib/bkctld-status
+++ b/lib/bkctld-status
@@ -12,6 +12,6 @@ if ( check_jail_on "${jail}" ); then
 else
     status="OFF"
 fi
-port=$(get_port "${jail}")
-ip=$(get_ip "${jail}"|xargs|tr -s ' ' ',')
+port=$("${LIBDIR}/bkctld-port" "${jail}")
+ip=$("${LIBDIR}/bkctld-ip" "${jail}"|xargs|tr -s ' ' ',')
 echo "${jail} ${status} ${port} ${inc} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
diff --git a/lib/functions b/lib/functions
index d694c84..74d5b4f 100755
--- a/lib/functions
+++ b/lib/functions
@@ -46,26 +46,6 @@ check_jail_on() {
     return "${return}"
 }
 
-get_port() {
-    jail="${1}"
-    port=$(grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+")
-    echo "${port}"
-}
-
-get_key() {
-    jail="${1}"
-    if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
-        cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
-    fi
-}
-
-get_ip() {
-    jail="${1}"
-    grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
-        echo "${allow}"|cut -d'@' -f2
-    done
-}
-
 get_inc() {
     jail="${1}"
     inc="0"
@@ -77,43 +57,6 @@ get_inc() {
     echo "${inc}"
 }
 
-set_port() {
-    jail="${1}"
-    port="${2}"
-    if [ "${port}" = "auto" ]; then
-        port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1)
-        port=$((port+1))
-        [ "${port}" -le 1 ] && port=2222
-    fi
-    sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
-    set_firewall "${jail}"
-}
-
-set_key() {
-    jail="${1}"
-    keyfile="${2}"
-    [ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !"
-    cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
-    chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
-}
-
-set_ip() {
-    jail="${1}"
-    ip="${2}"
-    if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
-        ips="0.0.0.0/0"
-    else
-        ips=$(get_ip "${jail}")
-        ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
-    fi
-    allow="AllowUsers"
-    for ip in $ips; do
-        allow="${allow} root@${ip}"
-    done
-    sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
-    set_firewall "${jail}"
-}
-
 set_firewall() {
     jail="${1}"
     if [ -n "${FIREWALL_RULES}" ]; then
@@ -121,8 +64,8 @@ set_firewall() {
             sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
         fi
         if ( check_jail "${jail}" ); then
-            port=$(get_port "${jail}")
-            for ip in $(get_ip "${jail}"); do
+            port=$("${LIBDIR}/bkctld-port" "${jail}")
+            for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do
                 echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
             done
             if [ -f /etc/init.d/minifirewall ]; then

From d0165a9e3c3fd103ad5a949e8cea6932450b5659 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Fri, 4 Jan 2019 16:55:56 +0100
Subject: [PATCH 10/52] Move firewall functions into bkctld-firewall script

---
 bkctld              |  2 +-
 lib/bkctld-firewall | 18 ++++++++++++++++++
 lib/bkctld-ip       |  3 +--
 lib/bkctld-port     |  3 +--
 lib/bkctld-remove   |  2 +-
 lib/functions       | 19 +------------------
 6 files changed, 23 insertions(+), 24 deletions(-)
 create mode 100755 lib/bkctld-firewall

diff --git a/bkctld b/bkctld
index 9e54e6b..98200ce 100755
--- a/bkctld
+++ b/bkctld
@@ -33,7 +33,7 @@ case "${subcommand}" in
     "key" | "port" | "ip")
         "${LIBDIR}/bkctld-${subcommand}" "${jail}" "${option}"
     ;;
-    "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
+    "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove" | "firewall")
     if [ "${jail}" = "all" ]; then
         ls "${JAILDIR}"|xargs --no-run-if-empty --max-args=1 --max-procs=0 "${LIBDIR}/bkctld-${subcommand}"
     else
diff --git a/lib/bkctld-firewall b/lib/bkctld-firewall
new file mode 100755
index 0000000..264398f
--- /dev/null
+++ b/lib/bkctld-firewall
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+
+if [ -n "${FIREWALL_RULES}" ]; then
+    [ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
+    if ( check_jail "${jail}" ); then
+        port=$("${LIBDIR}/bkctld-port" "${jail}")
+        for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do
+            echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
+        done
+        [ -f /etc/init.d/minifirewall ] && /etc/init.d/minifirewall restart >/dev/null
+    fi
+    notice "${jail} : firewall rules updated"
+fi
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
index 3b8f10e..25b326c 100755
--- a/lib/bkctld-ip
+++ b/lib/bkctld-ip
@@ -23,8 +23,7 @@ else
         allow="${allow} root@${ip}"
     done
     sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
-    set_firewall "${jail}"
     notice "${jail} : update ip => ${ip}"
-
     check_jail_on "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
+    "${LIBDIR}/bkctld-firewall" "${jail}"
 fi
diff --git a/lib/bkctld-port b/lib/bkctld-port
index ee73356..6c8b0fb 100755
--- a/lib/bkctld-port
+++ b/lib/bkctld-port
@@ -16,8 +16,7 @@ else
         [ "${port}" -le 1 ] && port=2222
     fi
     sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
-    set_firewall "${jail}"
     notice "${jail} : update port => ${port}"
-
     check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
+    "${LIBDIR}/bkctld-firewall" "${jail}"
 fi
diff --git a/lib/bkctld-remove b/lib/bkctld-remove
index 13f668e..c423a43 100755
--- a/lib/bkctld-remove
+++ b/lib/bkctld-remove
@@ -26,5 +26,5 @@ if [ -d  "${INCDIR}/${jail}" ]; then
     done
     rmdir --ignore-fail-on-non-empty "${INCDIR}/${jail}" | debug
 fi
-set_firewall "${jail}"
+"${LIBDIR}/bkctld-firewall" "${jail}"
 notice "${jail} : deleted jail"
diff --git a/lib/functions b/lib/functions
index 74d5b4f..9a66bc4 100755
--- a/lib/functions
+++ b/lib/functions
@@ -12,6 +12,7 @@ Subcommands:
     reload      <jailname>|all                  Reload jail <jailname> or all
     restart     <jailname>|all                  Restart jail <jailname> or all
     sync        <jailname>|all                  Sync jail <jailname> or all to another node
+    firewall    <jailname>|all                  Update firewall rules of <jailname> or all
     status      [<jailname>]                    Print status of <jailname> (default all jail)
     key         <jailname>      [<keyfile>]     Set or get ssh pubic key of <jailname>
     port        <jailname>      [<port>|auto]   Set or get ssh port of <jailname>
@@ -56,21 +57,3 @@ get_inc() {
         fi
     echo "${inc}"
 }
-
-set_firewall() {
-    jail="${1}"
-    if [ -n "${FIREWALL_RULES}" ]; then
-        if [ -f "${FIREWALL_RULES}" ]; then
-            sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
-        fi
-        if ( check_jail "${jail}" ); then
-            port=$("${LIBDIR}/bkctld-port" "${jail}")
-            for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do
-                echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
-            done
-            if [ -f /etc/init.d/minifirewall ]; then
-                /etc/init.d/minifirewall restart >/dev/null
-            fi
-        fi
-    fi
-}

From 0272c43751a49e998c76f7eb892ba79e7c31ba8c Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 14:47:05 +0100
Subject: [PATCH 11/52] Move usage functions into bkctld-help script

* Usage output is now auto-generated
---
 bkctld              |  6 ++++--
 lib/bkctld-check    |  4 ++++
 lib/bkctld-firewall |  8 +++++++-
 lib/bkctld-help     | 21 +++++++++++++++++++++
 lib/bkctld-inc      |  4 ++++
 lib/bkctld-init     |  8 +++++++-
 lib/bkctld-ip       |  8 +++++++-
 lib/bkctld-key      |  8 +++++++-
 lib/bkctld-port     |  8 +++++++-
 lib/bkctld-reload   |  8 +++++++-
 lib/bkctld-remove   |  8 +++++++-
 lib/bkctld-restart  |  8 +++++++-
 lib/bkctld-rm       |  4 ++++
 lib/bkctld-start    |  8 +++++++-
 lib/bkctld-stats    |  4 ++++
 lib/bkctld-status   |  8 +++++++-
 lib/bkctld-stop     |  8 +++++++-
 lib/bkctld-sync     |  8 +++++++-
 lib/bkctld-update   |  8 +++++++-
 lib/functions       | 26 --------------------------
 20 files changed, 132 insertions(+), 41 deletions(-)
 create mode 100755 lib/bkctld-help

diff --git a/bkctld b/bkctld
index 98200ce..f8d30d1 100755
--- a/bkctld
+++ b/bkctld
@@ -21,10 +21,12 @@ subcommand="${1:-}"
 jail="${2:-}"
 option="${3:-}"
 
-[ -x "${LIBDIR}/bkctld-${subcommand}" ] || usage
+if [ ! -x "${LIBDIR}/bkctld-${subcommand}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 
 case "${subcommand}" in
-    "inc" | "rm" | "check" | "stats")
+    "inc" | "rm" | "check" | "stats" | "help")
         "${LIBDIR}/bkctld-${subcommand}"
     ;;
         "init")
diff --git a/lib/bkctld-check b/lib/bkctld-check
index 0e957b0..df3fd29 100755
--- a/lib/bkctld-check
+++ b/lib/bkctld-check
@@ -1,4 +1,8 @@
 #!/bin/sh
+#
+# Run check on jails (NRPE output)
+# Usage: check
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
diff --git a/lib/bkctld-firewall b/lib/bkctld-firewall
index 264398f..d063fb4 100755
--- a/lib/bkctld-firewall
+++ b/lib/bkctld-firewall
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Update firewall rules of <jailname> or all
+# Usage: firewall <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 
 if [ -n "${FIREWALL_RULES}" ]; then
     [ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
diff --git a/lib/bkctld-help b/lib/bkctld-help
new file mode 100755
index 0000000..6fd76f1
--- /dev/null
+++ b/lib/bkctld-help
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# Print this help
+# Usage: help
+#
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+cat <<EOF
+Usage: bkctld <subcommand> [options]
+Subcommands:
+EOF
+
+for subcommand in ${LIBDIR}/bkctld-*; do
+    name=$(basename "${subcommand}"|cut -d'-' -f2)
+    desc=$(grep -E "^#" "${subcommand}"|sed -n '3p'|sed "s/^# //")
+    usage=$(grep -E "^# Usage: ${name}" "${subcommand}"|sed "s/^# Usage: ${name}//")
+    printf "    %- 10s %- 30s %- 40s\n" "${name}" "${usage}" "${desc}"
+done
+
+printf "\n"
diff --git a/lib/bkctld-inc b/lib/bkctld-inc
index f55a28c..7a04d2b 100755
--- a/lib/bkctld-inc
+++ b/lib/bkctld-inc
@@ -1,4 +1,8 @@
 #!/bin/sh
+#
+# Make incremental inc of all jails
+# Usage: inc
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
diff --git a/lib/bkctld-init b/lib/bkctld-init
index c816b0f..8010c6c 100755
--- a/lib/bkctld-init
+++ b/lib/bkctld-init
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Init jail <jailname>
+# Usage: init <jailname>
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" && error "${jail} : trying to create existant jail"
 
 sshd_config="${TPLDIR}/sshd_config"
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
index 25b326c..f381c02 100755
--- a/lib/bkctld-ip
+++ b/lib/bkctld-ip
@@ -1,10 +1,16 @@
 #!/bin/sh
+#
+# Set or get allowed(s) ip(s) of <jailname>
+# Usage: ip <jailname> [<ip>|all]
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
 ip="${2:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : inexistant jail'"
 
 if [ -z "${ip}" ]; then
diff --git a/lib/bkctld-key b/lib/bkctld-key
index 4f26cf7..67e6662 100755
--- a/lib/bkctld-key
+++ b/lib/bkctld-key
@@ -1,10 +1,16 @@
 #!/bin/sh
+#
+# Set or get ssh pubic key of <jailname>
+# Usage: key <jailname> [<keyfile>]
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
 keyfile="${2:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : inexistant jail'"
 
 if [ -z "${keyfile}" ]; then
diff --git a/lib/bkctld-port b/lib/bkctld-port
index 6c8b0fb..ac28d09 100755
--- a/lib/bkctld-port
+++ b/lib/bkctld-port
@@ -1,10 +1,16 @@
 #!/bin/sh
+#
+# Set or get ssh port of <jailname>
+# Usage: port <jailname> [<port>|auto]
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
 port="${2:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : inexistant jail'"
 
 if [ -z "${port}" ]; then
diff --git a/lib/bkctld-reload b/lib/bkctld-reload
index 1e97039..70f1adf 100755
--- a/lib/bkctld-reload
+++ b/lib/bkctld-reload
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Reload jail <jailname> or all
+# Usage: reload <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to reload inexistant jail"
 check_jail_on "${jail}" || exit 0
 
diff --git a/lib/bkctld-remove b/lib/bkctld-remove
index c423a43..942dd82 100755
--- a/lib/bkctld-remove
+++ b/lib/bkctld-remove
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Remove jail <jailname> or all
+# Usage: remove <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to remove inexistant jail"
 check_jail_on "${jail}" && . "${LIBDIR}/bkctld-stop" "${jail}"
 
diff --git a/lib/bkctld-restart b/lib/bkctld-restart
index 3cef9ca..21db5b0 100755
--- a/lib/bkctld-restart
+++ b/lib/bkctld-restart
@@ -1,11 +1,17 @@
 #!/bin/sh
+#
+# Restart jail <jailname> or all
+# Usage: restart <jailname>|all
+#
 
 set -eu
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to restart inexistant jail"
 check_jail_on "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 "${LIBDIR}/bkctld-start" "${jail}"
diff --git a/lib/bkctld-rm b/lib/bkctld-rm
index 30e80a8..a89c0c5 100755
--- a/lib/bkctld-rm
+++ b/lib/bkctld-rm
@@ -1,4 +1,8 @@
 #!/bin/sh
+#
+# Remove old incremtal inc of all jails
+# Usage: rm
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
diff --git a/lib/bkctld-start b/lib/bkctld-start
index cf0daa1..4aa5a65 100755
--- a/lib/bkctld-start
+++ b/lib/bkctld-start
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Start jail <jailname> or all
+# Usage: start <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to start inexistant jail"
 check_jail_on "${jail}" && exit 0
 
diff --git a/lib/bkctld-stats b/lib/bkctld-stats
index 9e955ed..7077f8e 100755
--- a/lib/bkctld-stats
+++ b/lib/bkctld-stats
@@ -1,4 +1,8 @@
 #!/bin/sh
+#
+# Make and display stats on jails (size, lastconn)
+# Usage: stats
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
diff --git a/lib/bkctld-status b/lib/bkctld-status
index 2d3e9ba..aaa2c7a 100755
--- a/lib/bkctld-status
+++ b/lib/bkctld-status
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Print status of <jailname> (default all jail)
+# Usage: status [<jailname>]
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : inexistant jail ! Use '$0 status' for list all"
 
 inc=$(get_inc "${jail}")
diff --git a/lib/bkctld-stop b/lib/bkctld-stop
index da2f93a..3ca4f02 100755
--- a/lib/bkctld-stop
+++ b/lib/bkctld-stop
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Stop jail <jailname> or all
+# Usage: stop <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to stop inexistant jail"
 check_jail_on "${jail}" || exit 0
 
diff --git a/lib/bkctld-sync b/lib/bkctld-sync
index 6081b7b..50db934 100755
--- a/lib/bkctld-sync
+++ b/lib/bkctld-sync
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Sync jail <jailname> or all to another node
+# Usage: sync <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to sync inexistant jail"
 
 [ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !"
diff --git a/lib/bkctld-update b/lib/bkctld-update
index 289c873..7c34038 100755
--- a/lib/bkctld-update
+++ b/lib/bkctld-update
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Update jail <jailname> or all
+# Usage: update <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to update inexistant jail"
 check_jail_on "${jail}" && . "${LIBDIR}/bkctld-stop" "${jail}"
 
diff --git a/lib/functions b/lib/functions
index 9a66bc4..b1584d5 100755
--- a/lib/functions
+++ b/lib/functions
@@ -1,31 +1,5 @@
 #!/bin/sh
 
-usage() {
-    cat <<EOF
-Usage: $0 <subcommand> [options]
-Subcommands:
-    init        <jailname>                      Init jail <jailname>
-    update      <jailname>|all                  Update jail <jailname> or all
-    remove      <jailname>|all                  Remove jail <jailname> or all
-    start       <jailname>|all                  Start jail <jailname> or all
-    stop        <jailname>|all                  Stop jail <jailname> or all
-    reload      <jailname>|all                  Reload jail <jailname> or all
-    restart     <jailname>|all                  Restart jail <jailname> or all
-    sync        <jailname>|all                  Sync jail <jailname> or all to another node
-    firewall    <jailname>|all                  Update firewall rules of <jailname> or all
-    status      [<jailname>]                    Print status of <jailname> (default all jail)
-    key         <jailname>      [<keyfile>]     Set or get ssh pubic key of <jailname>
-    port        <jailname>      [<port>|auto]   Set or get ssh port of <jailname>
-    ip          <jailname>      [<ip>|all]      Set or get allowed(s) ip(s) of <jailname>
-    inc                                         Make incremental inc of all jails
-    rm                                          Remove old incremtal inc of all jails
-    check                                       Run check on jails (NRPE output)
-    stats                                       Make and display stats on jails (size, lastconn)
-
-EOF
-exit 1
-}
-
 check_jail() {
     jail="${1}"
     [ -d "${JAILDIR}/${jail}" ] && return 0

From a028d3abee466153d67ee3b521bd2e717ccc9d5b Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 16:11:57 +0100
Subject: [PATCH 12/52] Fix typo in bkctld-stats

---
 lib/bkctld-stats | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/bkctld-stats b/lib/bkctld-stats
index 7077f8e..0f7d261 100755
--- a/lib/bkctld-stats
+++ b/lib/bkctld-stats
@@ -7,7 +7,7 @@
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 lsof "${IDX_FILE}" >/dev/null 2>&1 || nohup sh -s -- <<EOF >/dev/null 2>&1 &
-ce -c3 "${DUC}" index -d "${IDX_FILE}" "${JAILDIR}"
+ionice -c3 "${DUC}" index -d "${IDX_FILE}" "${JAILDIR}"
 touch "${INDEX_DIR}/.lastrun.duc"
 EOF
 [ ! -f "${INDEX_DIR}/.lastrun.duc" ] && notice "First run of DUC always in progress ..." && exit 0

From 41b3536bcf346ba5394c6dd1f14ca2d159075a57 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 16:12:51 +0100
Subject: [PATCH 13/52] Remove get_inc function

---
 lib/bkctld-stats  |  8 +++++++-
 lib/bkctld-status |  7 ++++++-
 lib/functions     | 11 -----------
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/lib/bkctld-stats b/lib/bkctld-stats
index 0f7d261..896b195 100755
--- a/lib/bkctld-stats
+++ b/lib/bkctld-stats
@@ -22,6 +22,12 @@ trap "rm ${duc_output} ${incs_output} ${stat_output}" 0
 "${DUC}" ls -d "${IDX_FILE}" "${JAILDIR}" > "${duc_output}"
 awk '{ print $2 }' "${duc_output}" | while read jail; do
     stat --format=%Y "/backup/jails/${jail}/var/log/lastlog" | xargs -i -n1 date -d "@{}" "+%d-%m-%Y" >> "${stat_output}"
-    get_inc "${jail}" >> "${incs_output}"
+    inc=0
+    if [ -f "${CONFDIR}/${jail}" ]; then
+        day=$(grep -c "day" "${CONFDIR}/${jail}")
+        month=$(grep -c "month" "${CONFDIR}/${jail}")
+        inc="${day}/${month}"
+    fi
+    echo "${inc}" >> "${incs_output}"
 done
 paste "${duc_output}" "${incs_output}" "${stat_output}" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $2, $1, $3, $4); }'
diff --git a/lib/bkctld-status b/lib/bkctld-status
index aaa2c7a..fa057ac 100755
--- a/lib/bkctld-status
+++ b/lib/bkctld-status
@@ -12,7 +12,12 @@ if [ ! -n "${jail}" ]; then
 fi
 check_jail "${jail}" || error "${jail} : inexistant jail ! Use '$0 status' for list all"
 
-inc=$(get_inc "${jail}")
+inc="0"
+if [ -f "${CONFDIR}/${jail}" ]; then
+    day=$(grep -c "day" "${CONFDIR}/${jail}")
+    month=$(grep -c "month" "${CONFDIR}/${jail}")
+    inc="${day}/${month}"
+fi
 if ( check_jail_on "${jail}" ); then
     status="ON "
 else
diff --git a/lib/functions b/lib/functions
index b1584d5..5fb1461 100755
--- a/lib/functions
+++ b/lib/functions
@@ -20,14 +20,3 @@ check_jail_on() {
     fi
     return "${return}"
 }
-
-get_inc() {
-    jail="${1}"
-    inc="0"
-        if [ -f "${CONFDIR}/${jail}" ]; then
-            day=$(grep -c "day" "${CONFDIR}/${jail}")
-            month=$(grep -c "month" "${CONFDIR}/${jail}")
-            inc="${day}/${month}"
-        fi
-    echo "${inc}"
-}

From 5856cb2011786800439f40fdba09afd87feefd3c Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 16:33:08 +0100
Subject: [PATCH 14/52] Fix help output (command can have dash)

---
 lib/bkctld-help | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/bkctld-help b/lib/bkctld-help
index 6fd76f1..e38380f 100755
--- a/lib/bkctld-help
+++ b/lib/bkctld-help
@@ -12,7 +12,7 @@ Subcommands:
 EOF
 
 for subcommand in ${LIBDIR}/bkctld-*; do
-    name=$(basename "${subcommand}"|cut -d'-' -f2)
+    name=$(basename "${subcommand}"|sed 's/^bkctld-//')
     desc=$(grep -E "^#" "${subcommand}"|sed -n '3p'|sed "s/^# //")
     usage=$(grep -E "^# Usage: ${name}" "${subcommand}"|sed "s/^# Usage: ${name}//")
     printf "    %- 10s %- 30s %- 40s\n" "${name}" "${usage}" "${desc}"

From d9f8ae7036abdfee1b4a0e987ad90833fc19e4f9 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 16:34:14 +0100
Subject: [PATCH 15/52] Move check_jail_on functions into bkctld-is-on script

---
 bkctld             |  2 +-
 lib/bkctld-ip      |  2 +-
 lib/bkctld-is-on   | 26 ++++++++++++++++++++++++++
 lib/bkctld-key     |  2 +-
 lib/bkctld-port    |  2 +-
 lib/bkctld-reload  |  2 +-
 lib/bkctld-remove  |  2 +-
 lib/bkctld-restart |  2 +-
 lib/bkctld-start   |  2 +-
 lib/bkctld-status  |  7 ++-----
 lib/bkctld-stop    |  2 +-
 lib/bkctld-sync    |  4 +---
 lib/bkctld-update  |  2 +-
 lib/functions      | 15 ---------------
 14 files changed, 39 insertions(+), 33 deletions(-)
 create mode 100755 lib/bkctld-is-on

diff --git a/bkctld b/bkctld
index f8d30d1..80a93ef 100755
--- a/bkctld
+++ b/bkctld
@@ -29,7 +29,7 @@ case "${subcommand}" in
     "inc" | "rm" | "check" | "stats" | "help")
         "${LIBDIR}/bkctld-${subcommand}"
     ;;
-        "init")
+        "init" | "is-on")
         "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     ;;
     "key" | "port" | "ip")
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
index f381c02..49cb1b8 100755
--- a/lib/bkctld-ip
+++ b/lib/bkctld-ip
@@ -30,6 +30,6 @@ else
     done
     sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
     notice "${jail} : update ip => ${ip}"
-    check_jail_on "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
+    "${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
     "${LIBDIR}/bkctld-firewall" "${jail}"
 fi
diff --git a/lib/bkctld-is-on b/lib/bkctld-is-on
new file mode 100755
index 0000000..41f548a
--- /dev/null
+++ b/lib/bkctld-is-on
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# Check if a jail is on or not
+# Usage: is-on <jailname>
+#
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
+check_jail "${jail}" || error "${jail} : trying to check inexistant jail"
+
+jail="${1}"
+return=1
+if [ -f "${JAILDIR}/${jail}/${SSHD_PID}" ]; then
+    pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
+    ps -p "${pid}" > /dev/null && return=0
+fi
+if [ "${return}" -eq 1 ]; then
+    rm -f "${JAILDIR}/${jail}/${SSHD_PID}"
+    grep -q "${JAILDIR}/${jail}/proc" /proc/mounts && umount --lazy "${JAILDIR}/${jail}/proc/"
+    grep -q "${JAILDIR}/${jail}/dev" /proc/mounts && umount --lazy --recursive "${JAILDIR}/${jail}/dev"
+fi
+exit "${return}"
diff --git a/lib/bkctld-key b/lib/bkctld-key
index 67e6662..bf75f8d 100755
--- a/lib/bkctld-key
+++ b/lib/bkctld-key
@@ -23,5 +23,5 @@ else
     chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
     notice "${jail} : update key => ${keyfile}"
 
-    check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
+    "${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
 fi
diff --git a/lib/bkctld-port b/lib/bkctld-port
index ac28d09..86f05fc 100755
--- a/lib/bkctld-port
+++ b/lib/bkctld-port
@@ -23,6 +23,6 @@ else
     fi
     sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
     notice "${jail} : update port => ${port}"
-    check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
+    "${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
     "${LIBDIR}/bkctld-firewall" "${jail}"
 fi
diff --git a/lib/bkctld-reload b/lib/bkctld-reload
index 70f1adf..1b8701f 100755
--- a/lib/bkctld-reload
+++ b/lib/bkctld-reload
@@ -11,7 +11,7 @@ if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
 check_jail "${jail}" || error "${jail} : trying to reload inexistant jail"
-check_jail_on "${jail}" || exit 0
+"${LIBDIR}/bkctld-is-on" "${jail}" || exit 0
 
 pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
 
diff --git a/lib/bkctld-remove b/lib/bkctld-remove
index 942dd82..bbd4884 100755
--- a/lib/bkctld-remove
+++ b/lib/bkctld-remove
@@ -11,7 +11,7 @@ if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
 check_jail "${jail}" || error "${jail} : trying to remove inexistant jail"
-check_jail_on "${jail}" && . "${LIBDIR}/bkctld-stop" "${jail}"
+"${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 
 rm -f "${CONFDIR}/${jail}"
 jail_inode=$(stat --format=%i "${JAILDIR}/${jail}")
diff --git a/lib/bkctld-restart b/lib/bkctld-restart
index 21db5b0..40701bc 100755
--- a/lib/bkctld-restart
+++ b/lib/bkctld-restart
@@ -13,5 +13,5 @@ if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
 check_jail "${jail}" || error "${jail} : trying to restart inexistant jail"
-check_jail_on "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
+"${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 "${LIBDIR}/bkctld-start" "${jail}"
diff --git a/lib/bkctld-start b/lib/bkctld-start
index 4aa5a65..9749633 100755
--- a/lib/bkctld-start
+++ b/lib/bkctld-start
@@ -11,7 +11,7 @@ if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
 check_jail "${jail}" || error "${jail} : trying to start inexistant jail"
-check_jail_on "${jail}" && exit 0
+"${LIBDIR}/bkctld-is-on" "${jail}" && exit 0
 
 cd "${JAILDIR}/${jail}"
 grep -q "${JAILDIR}/${jail}/proc" /proc/mounts || mount -t proc "proc-${jail}" proc
diff --git a/lib/bkctld-status b/lib/bkctld-status
index fa057ac..d2e3dfa 100755
--- a/lib/bkctld-status
+++ b/lib/bkctld-status
@@ -18,11 +18,8 @@ if [ -f "${CONFDIR}/${jail}" ]; then
     month=$(grep -c "month" "${CONFDIR}/${jail}")
     inc="${day}/${month}"
 fi
-if ( check_jail_on "${jail}" ); then
-    status="ON "
-else
-    status="OFF"
-fi
+status="OFF"
+"${LIBDIR}/bkctld-is-on" "${jail}" && status="ON "
 port=$("${LIBDIR}/bkctld-port" "${jail}")
 ip=$("${LIBDIR}/bkctld-ip" "${jail}"|xargs|tr -s ' ' ',')
 echo "${jail} ${status} ${port} ${inc} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
diff --git a/lib/bkctld-stop b/lib/bkctld-stop
index 3ca4f02..8f76cd7 100755
--- a/lib/bkctld-stop
+++ b/lib/bkctld-stop
@@ -11,7 +11,7 @@ if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
 check_jail "${jail}" || error "${jail} : trying to stop inexistant jail"
-check_jail_on "${jail}" || exit 0
+"${LIBDIR}/bkctld-is-on" "${jail}" || exit 0
 
 pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
 for conn in $(ps --ppid "${pid}" -o pid=); do
diff --git a/lib/bkctld-sync b/lib/bkctld-sync
index 50db934..b484bac 100755
--- a/lib/bkctld-sync
+++ b/lib/bkctld-sync
@@ -18,9 +18,7 @@ jail="${1}"
 ssh "${NODE}" "${LIBDIR}/bkctld-init" "${jail}" | debug
 rsync -a "${JAILDIR}/${jail}/" "${NODE}:${JAILDIR}/${jail}/" --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/*
 rsync -a "${CONFDIR}/${jail}" "${NODE}:${CONFDIR}/${jail}"
-if ( check_jail_on "${jail}" ); then
-    ssh "${NODE}" "${LIBDIR}/bkctld-start" "${jail}" | debug
-fi
+"${LIBDIR}/bkctld-is-on" "${jail}" && ssh "${NODE}" "${LIBDIR}/bkctld-start" "${jail}" | debug
 if [ -n "${FIREWALL_RULES}" ]; then
     rsync -a "${FIREWALL_RULES}" "${NODE}:${FIREWALL_RULES}"
     ssh "${NODE}" /etc/init.d/minifirewall restart | debug
diff --git a/lib/bkctld-update b/lib/bkctld-update
index 7c34038..1998fea 100755
--- a/lib/bkctld-update
+++ b/lib/bkctld-update
@@ -11,7 +11,7 @@ if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
 check_jail "${jail}" || error "${jail} : trying to update inexistant jail"
-check_jail_on "${jail}" && . "${LIBDIR}/bkctld-stop" "${jail}"
+"${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 
 . "${LIBDIR}/mkjail"
 notice "${jail} : updated jail"
diff --git a/lib/functions b/lib/functions
index 5fb1461..c21fc2c 100755
--- a/lib/functions
+++ b/lib/functions
@@ -5,18 +5,3 @@ check_jail() {
     [ -d "${JAILDIR}/${jail}" ] && return 0
     return 1
 }
-
-check_jail_on() {
-    jail="${1}"
-    return=1
-    if [ -f "${JAILDIR}/${jail}/${SSHD_PID}" ]; then
-        pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
-        ps -p "${pid}" > /dev/null && return=0
-    fi
-    if [ "${return}" -eq 1 ]; then
-        rm -f "${JAILDIR}/${jail}/${SSHD_PID}"
-        grep -q "${JAILDIR}/${jail}/proc" /proc/mounts && umount --lazy "${JAILDIR}/${jail}/proc/"
-        grep -q "${JAILDIR}/${jail}/dev" /proc/mounts && umount --lazy --recursive "${JAILDIR}/${jail}/dev"
-    fi
-    return "${return}"
-}

From 91272f49d51bd22e8731f6119cbe6c68dea262d5 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 16:41:29 +0100
Subject: [PATCH 16/52] Remove check_jail function

---
 lib/bkctld-firewall | 2 +-
 lib/bkctld-init     | 2 +-
 lib/bkctld-ip       | 2 +-
 lib/bkctld-is-on    | 2 +-
 lib/bkctld-key      | 2 +-
 lib/bkctld-port     | 2 +-
 lib/bkctld-reload   | 2 +-
 lib/bkctld-remove   | 2 +-
 lib/bkctld-restart  | 2 +-
 lib/bkctld-start    | 2 +-
 lib/bkctld-status   | 2 +-
 lib/bkctld-stop     | 2 +-
 lib/bkctld-sync     | 2 +-
 lib/bkctld-update   | 2 +-
 lib/config          | 1 -
 lib/functions       | 7 -------
 16 files changed, 14 insertions(+), 22 deletions(-)
 delete mode 100755 lib/functions

diff --git a/lib/bkctld-firewall b/lib/bkctld-firewall
index d063fb4..eacb752 100755
--- a/lib/bkctld-firewall
+++ b/lib/bkctld-firewall
@@ -13,7 +13,7 @@ fi
 
 if [ -n "${FIREWALL_RULES}" ]; then
     [ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
-    if ( check_jail "${jail}" ); then
+    if [ -d "${JAILDIR}/${jail}" ]; then
         port=$("${LIBDIR}/bkctld-port" "${jail}")
         for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do
             echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
diff --git a/lib/bkctld-init b/lib/bkctld-init
index 8010c6c..29fe670 100755
--- a/lib/bkctld-init
+++ b/lib/bkctld-init
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" && error "${jail} : trying to create existant jail"
+[ -d "${JAILDIR}/${jail}" ] && error "${jail} : trying to create existant jail"
 
 sshd_config="${TPLDIR}/sshd_config"
 inctpl="${TPLDIR}/inc.tpl"
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
index 49cb1b8..5512b12 100755
--- a/lib/bkctld-ip
+++ b/lib/bkctld-ip
@@ -11,7 +11,7 @@ ip="${2:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : inexistant jail'"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail'"
 
 if [ -z "${ip}" ]; then
     grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
diff --git a/lib/bkctld-is-on b/lib/bkctld-is-on
index 41f548a..ac19ce0 100755
--- a/lib/bkctld-is-on
+++ b/lib/bkctld-is-on
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to check inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to check inexistant jail"
 
 jail="${1}"
 return=1
diff --git a/lib/bkctld-key b/lib/bkctld-key
index bf75f8d..5fb8c53 100755
--- a/lib/bkctld-key
+++ b/lib/bkctld-key
@@ -11,7 +11,7 @@ keyfile="${2:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : inexistant jail'"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail'"
 
 if [ -z "${keyfile}" ]; then
     if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
diff --git a/lib/bkctld-port b/lib/bkctld-port
index 86f05fc..6f86092 100755
--- a/lib/bkctld-port
+++ b/lib/bkctld-port
@@ -11,7 +11,7 @@ port="${2:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : inexistant jail'"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail'"
 
 if [ -z "${port}" ]; then
     grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+"
diff --git a/lib/bkctld-reload b/lib/bkctld-reload
index 1b8701f..3f2fb56 100755
--- a/lib/bkctld-reload
+++ b/lib/bkctld-reload
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to reload inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to reload inexistant jail"
 "${LIBDIR}/bkctld-is-on" "${jail}" || exit 0
 
 pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
diff --git a/lib/bkctld-remove b/lib/bkctld-remove
index bbd4884..a8d6df7 100755
--- a/lib/bkctld-remove
+++ b/lib/bkctld-remove
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to remove inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to remove inexistant jail"
 "${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 
 rm -f "${CONFDIR}/${jail}"
diff --git a/lib/bkctld-restart b/lib/bkctld-restart
index 40701bc..22d778e 100755
--- a/lib/bkctld-restart
+++ b/lib/bkctld-restart
@@ -12,6 +12,6 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to restart inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to restart inexistant jail"
 "${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 "${LIBDIR}/bkctld-start" "${jail}"
diff --git a/lib/bkctld-start b/lib/bkctld-start
index 9749633..810c5ce 100755
--- a/lib/bkctld-start
+++ b/lib/bkctld-start
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to start inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to start inexistant jail"
 "${LIBDIR}/bkctld-is-on" "${jail}" && exit 0
 
 cd "${JAILDIR}/${jail}"
diff --git a/lib/bkctld-status b/lib/bkctld-status
index d2e3dfa..b873ced 100755
--- a/lib/bkctld-status
+++ b/lib/bkctld-status
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : inexistant jail ! Use '$0 status' for list all"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail ! Use '$0 status' for list all"
 
 inc="0"
 if [ -f "${CONFDIR}/${jail}" ]; then
diff --git a/lib/bkctld-stop b/lib/bkctld-stop
index 8f76cd7..cdb2b25 100755
--- a/lib/bkctld-stop
+++ b/lib/bkctld-stop
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to stop inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to stop inexistant jail"
 "${LIBDIR}/bkctld-is-on" "${jail}" || exit 0
 
 pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
diff --git a/lib/bkctld-sync b/lib/bkctld-sync
index b484bac..65eb58b 100755
--- a/lib/bkctld-sync
+++ b/lib/bkctld-sync
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to sync inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to sync inexistant jail"
 
 [ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !"
 
diff --git a/lib/bkctld-update b/lib/bkctld-update
index 1998fea..4e8f141 100755
--- a/lib/bkctld-update
+++ b/lib/bkctld-update
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to update inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to update inexistant jail"
 "${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 
 . "${LIBDIR}/mkjail"
diff --git a/lib/config b/lib/config
index 0c14959..d71ad55 100755
--- a/lib/config
+++ b/lib/config
@@ -20,4 +20,3 @@ WARNING="${WARNING:-24}"
 DUC=$(command -v duc-nox||command -v duc)
 
 . "${LIBDIR}/logging"
-. "${LIBDIR}/functions"
diff --git a/lib/functions b/lib/functions
deleted file mode 100755
index c21fc2c..0000000
--- a/lib/functions
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-check_jail() {
-    jail="${1}"
-    [ -d "${JAILDIR}/${jail}" ] && return 0
-    return 1
-}

From cda35bba6e5e65f8e099eefaf6e4f1185d123b52 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 16:57:12 +0100
Subject: [PATCH 17/52] Move logging functions into config

---
 lib/config  | 44 +++++++++++++++++++++++++++++++++++++++++++-
 lib/logging | 42 ------------------------------------------
 2 files changed, 43 insertions(+), 43 deletions(-)
 delete mode 100755 lib/logging

diff --git a/lib/config b/lib/config
index d71ad55..dac4f09 100755
--- a/lib/config
+++ b/lib/config
@@ -1,4 +1,7 @@
 #!/bin/sh
+#
+# Config for bkctld
+#
 
 [ -f /etc/default/bkctld ] && . /etc/default/bkctld
 LIBDIR=${LIBDIR:-/usr/lib/bkctld}
@@ -19,4 +22,43 @@ CRITICAL="${CRITICAL:-48}"
 WARNING="${WARNING:-24}"
 DUC=$(command -v duc-nox||command -v duc)
 
-. "${LIBDIR}/logging"
+debug() {
+    msg="${1:-$(cat /dev/stdin)}"
+    if [ "${LOGLEVEL}" -ge 7 ]; then
+        echo "${msg}"
+        logger -t bkctld -p daemon.debug "${msg}"
+    fi
+}
+
+info() {
+    msg="${1:-$(cat /dev/stdin)}"
+    if [ "${LOGLEVEL}" -ge 6 ]; then
+        tty -s && echo "${msg}"
+        logger -t bkctld -p daemon.info "${msg}"
+    fi
+}
+
+notice() {
+    msg="${1:-$(cat /dev/stdin)}"
+    tty -s && echo "${msg}"
+    [ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "${msg}"
+}
+
+warning() {
+    msg="${1:-$(cat /dev/stdin)}"
+    tty -s && echo "WARNING : ${msg}" >&2
+    if [ "${LOGLEVEL}" -ge 4 ]; then
+        tty -s || echo "WARNING : ${msg}" >&2
+        logger -t bkctld -p daemon.warning "${msg}"
+    fi
+}
+
+error() {
+    msg="${1:-$(cat /dev/stdin)}"
+    tty -s && echo "ERROR : ${msg}" >&2
+    if [ "${LOGLEVEL}" -ge 5 ]; then
+        tty -s || echo "ERROR : ${msg}" >&2
+        logger -t bkctld -p daemon.error "${msg}"
+    fi
+    exit 1
+}
diff --git a/lib/logging b/lib/logging
deleted file mode 100755
index 529de4c..0000000
--- a/lib/logging
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/sh
-
-debug() {
-    msg="${1:-$(cat /dev/stdin)}"
-    if [ "${LOGLEVEL}" -ge 7 ]; then
-        echo "${msg}"
-        logger -t bkctld -p daemon.debug "${msg}"
-    fi
-}
-
-info() {
-    msg="${1:-$(cat /dev/stdin)}"
-    if [ "${LOGLEVEL}" -ge 6 ]; then
-        tty -s && echo "${msg}"
-        logger -t bkctld -p daemon.info "${msg}"
-    fi
-}
-
-notice() {
-    msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "${msg}"
-    [ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "${msg}"
-}
-
-warning() {
-    msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "WARNING : ${msg}" >&2
-    if [ "${LOGLEVEL}" -ge 4 ]; then
-        tty -s || echo "WARNING : ${msg}" >&2
-        logger -t bkctld -p daemon.warning "${msg}"
-    fi
-}
-
-error() {
-    msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "ERROR : ${msg}" >&2
-    if [ "${LOGLEVEL}" -ge 5 ]; then
-        tty -s || echo "ERROR : ${msg}" >&2
-        logger -t bkctld -p daemon.error "${msg}"
-    fi
-    exit 1
-}

From 4db5dcac03af9b4035281fc09f46c44b6fdeadbc Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 17:52:19 +0100
Subject: [PATCH 18/52] Subcommand list are now dynamic in bash completion

---
 bash_completion | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bash_completion b/bash_completion
index 3f2c6f8..17d0192 100644
--- a/bash_completion
+++ b/bash_completion
@@ -9,7 +9,7 @@ function _bkctld()
 
 	cur=${COMP_WORDS[COMP_CWORD]};
 	prev=${COMP_WORDS[COMP_CWORD-1]};
-	commands="init update remove start stop reload restart sync status key port ip inc rm check stats"
+	commands=$(find /usr/lib/bkctld/ -name "bkctld-*" -exec basename {} \;|sed 's/^bkctld-//')
 
 	if [ $COMP_CWORD -eq 1 ]; then
 		COMPREPLY=($(compgen -W '${commands}' -- ${cur}))

From b1905eeffeeb1a497a70160b1d258b0bcef705fe Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Tue, 8 Jan 2019 11:01:17 +0100
Subject: [PATCH 19/52] Rewrite bats test

---
 test/generate.bats |  11 ----
 test/main.bats     | 128 ++++++++++++++++++++++-----------------------
 test/nrpe.bats     |  26 ---------
 3 files changed, 64 insertions(+), 101 deletions(-)
 delete mode 100755 test/generate.bats
 delete mode 100755 test/nrpe.bats

diff --git a/test/generate.bats b/test/generate.bats
deleted file mode 100755
index 278ee51..0000000
--- a/test/generate.bats
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/env bats
-
-@test "generate" {
-    jails="test0 test1 test2 test3 test4 test5"
-    for jail in ${jails}; do
-        bkctld init "${jail}"
-        random=$(od -An -N4 -i < /dev/urandom|grep -Eo "[0-9]{2}$")
-        date=$(date -d "${random} hour ago")
-        touch -m --date="${date}" "/backup/jails/${jail}/var/log/lastlog"
-    done
-}
diff --git a/test/main.bats b/test/main.bats
index ee3e70e..0ecb339 100755
--- a/test/main.bats
+++ b/test/main.bats
@@ -5,129 +5,129 @@ setup() {
     date=$(date +"%Y-%m-%d-%H")
     inode=$(stat --format=%i /backup)
     rm -f /root/bkctld.key* && ssh-keygen -t rsa -N "" -f /root/bkctld.key -q
-    [ -f /etc/default/bkctld ] && . /etc/default/bkctld
-    CONFDIR="${CONFDIR:-/etc/evobackup}"
-    JAILDIR="${JAILDIR:-/backup/jails}"
-    INCDIR="${INCDIR:-/backup/incs}"
-    TPLDIR="${TPLDIR:-/usr/share/bkctld}"
-    LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"
-    SSHD_PID="${SSHD_PID:-/run/sshd.pid}"
-    SSHD_CONFIG="${SSHD_CONFIG:-/etc/ssh/sshd_config}"
-    AUTHORIZED_KEYS="${AUTHORIZED_KEYS:-/root/.ssh/authorized_keys}"
-    FIREWALL_RULES="${FIREWALL_RULES:-}"
-    LOGLEVEL="${LOGLEVEL:-6}"
+    . /usr/lib/bkctld/config
+    JAILNAME=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w15 | head -n1)
 }
 
 teardown() {
-    bkctld remove all && rm -rf "${INCDIR}/*"
+    /usr/lib/bkctld/bkctld-remove "${JAILNAME}" && rm -rf "${INCDIR}/*"
 }
 
 @test "init" {
-    bkctld init test
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    inode=$(stat --format=%i /backup)
     if [ "${inode}" -eq 256 ]; then
-        run stat --format=%i "${JAILDIR}/test"
+        run stat --format=%i "${JAILDIR}/${JAILNAME}"
         [ "${output}" -eq 256 ]
     else
-        run test -d "${JAILDIR}/test"
+        run test -d "${JAILDIR}/${JAILNAME}"
         [ "${status}" -eq 0 ]
     fi
 }
 
-@test "update" {
-    skip
-}
-
 @test "start" {
-    bkctld init test
-    bkctld start test
-    pid=$(cat "${JAILDIR}/test/${SSHD_PID}")
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    pid=$(cat "${JAILDIR}/${JAILNAME}/${SSHD_PID}")
     run ps --pid "${pid}"
     [ "${status}" -eq 0 ]
 }
 
 @test "stop" {
-    bkctld init test
-    bkctld start test
-    pid=$(cat "${JAILDIR}/test/${SSHD_PID}")
-    bkctld stop test
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    pid=$(cat "${JAILDIR}/${JAILNAME}/${SSHD_PID}")
+    /usr/lib/bkctld/bkctld-stop "${JAILNAME}"
     run ps --pid "${pid}"
     [ "${status}" -ne 0 ]
 }
 
 @test "reload" {
-    bkctld init test
-    bkctld start test
-    bkctld reload test
-    run grep "Received SIGHUP; restarting." "${JAILDIR}/test/var/log/authlog"
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-reload "${JAILNAME}"
+    run grep "Received SIGHUP; restarting." "${JAILDIR}/${JAILNAME}/var/log/authlog"
     [ "${status}" -eq 0 ]
 }
 
 @test "restart" {
-    bkctld init test
-    bkctld start test
-    bpid=$(cat "${JAILDIR}/test/${SSHD_PID}")
-    bkctld restart test
-    apid=$(cat "${JAILDIR}/test/${SSHD_PID}")
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    bpid=$(cat "${JAILDIR}/${JAILNAME}/${SSHD_PID}")
+    /usr/lib/bkctld/bkctld-restart "${JAILNAME}"
+    apid=$(cat "${JAILDIR}/${JAILNAME}/${SSHD_PID}")
     [ "${bpid}" -ne "${apid}" ]
 }
 
 @test "status" {
-    bkctld init test
-    run bkctld status test
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    run /usr/lib/bkctld/bkctld-status "${JAILNAME}"
     [ "${status}" -eq 0 ]
 }
 
 @test "key" {
-    bkctld init test
-    bkctld start test
-    bkctld key test /root/bkctld.key.pub
-    run cat /backup/jails/test/root/.ssh/authorized_keys
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
+    run cat "/backup/jails/${JAILNAME}/root/.ssh/authorized_keys"
     [ "${status}" -eq 0 ]
     [ "${output}" = $(cat /root/bkctld.key.pub) ]
 }
 
 @test "port" {
-    bkctld init test
-    bkctld start test
-    bkctld port test "${port}"
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-port "${JAILNAME}" "${port}"
     run nc -vz 127.0.0.1 "${port}"
     [ "${status}" -eq 0 ]
 }
 
-@test "ip" {
-    skip
-}
-
 @test "inc" {
-    bkctld init test
-    bkctld inc
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-inc
     if [ "${inode}" -eq 256 ]; then
-        run stat --format=%i "${INCDIR}/test/${date}"
+        run stat --format=%i "${INCDIR}/${JAILNAME}/${date}"
         [ "${output}" -eq 256 ]
     else
-        run test -d "${INCDIR}/test/${date}"
+        run test -d "${INCDIR}/${JAILNAME}/${date}"
         [ "${status}" -eq 0 ]
     fi
 }
 
-@test "rm" {
-    skip
-}
-
 @test "ssh" {
-    bkctld init test
-    bkctld start test
-    bkctld port test "${port}"
-    bkctld key test /root/bkctld.key.pub
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-port "${JAILNAME}" "${port}"
+    /usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
     run ssh -p "${port}" -i /root/bkctld.key -oStrictHostKeyChecking=no root@127.0.0.1 ls
     [ "$status" -eq 0 ]
 }
 
 @test "rsync" {
-    bkctld init test
-    bkctld start test
-    bkctld port test "${port}"
-    bkctld key test /root/bkctld.key.pub
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-port "${JAILNAME}" "${port}"
+    /usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
     run rsync -a -e "ssh -p ${port} -i /root/bkctld.key -oStrictHostKeyChecking=no" /tmp/ root@127.0.0.1:/var/backup/
     [ "$status" -eq 0 ]
 }
+
+@test "check-ok" {
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    run /usr/lib/bkctld/bkctld-check
+    [ "$status" -eq 0 ]
+}
+
+@test "check-warning" {
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    touch --date="$(date -d -2days)" "/backup/jails/${JAILNAME}/var/log/lastlog"
+    run /usr/lib/bkctld/bkctld-check
+    [ "$status" -eq 1 ]
+}
+
+@test "check-critical" {
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    touch --date="$(date -d -3days)" "/backup/jails/${JAILNAME}/var/log/lastlog"
+    run /usr/lib/bkctld/bkctld-check
+    [ "$status" -eq 2 ]
+}
diff --git a/test/nrpe.bats b/test/nrpe.bats
deleted file mode 100755
index 6b72133..0000000
--- a/test/nrpe.bats
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/bin/env bats
-
-setup() {
-    bkctld init test
-}
-
-teardown() {
-    bkctld remove all
-}
-
-@test "ok" {
-    run bkctld check
-    [ "$status" -eq 0 ]
-}
-
-@test "warning" {
-    touch --date="$(date -d -2days)" /backup/jails/*/var/log/lastlog
-    run bkctld check
-    [ "$status" -eq 1 ]
-}
-
-@test "critical" {
-    touch --date="$(date -d -3days)" /backup/jails/*/var/log/lastlog
-    run bkctld check
-    [ "$status" -eq 2 ]
-}

From 16d19b4a28ded5e714e3aed062d3fb5cd47024e2 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Tue, 8 Jan 2019 11:11:47 +0100
Subject: [PATCH 20/52] Use lastlog in sshrc

---
 tpl/sshrc | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)
 mode change 100644 => 100755 tpl/sshrc

diff --git a/tpl/sshrc b/tpl/sshrc
old mode 100644
new mode 100755
index 78266bb..015983f
--- a/tpl/sshrc
+++ b/tpl/sshrc
@@ -1,5 +1,3 @@
 #!/bin/sh
 
-# lastlog -S isn't available in login package on Debian Jessie (need Debian Stretch or superior)
-#/usr/bin/lastlog -Su root
-/usr/bin/touch /var/log/lastlog
+/usr/bin/lastlog -Su root

From 8fa127c5912b31d874a273ae6a1c906d4be9e9fa Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Tue, 8 Jan 2019 11:26:42 +0100
Subject: [PATCH 21/52] Transform bkctld SysVinit script into systemd oneshot
 service

---
 Vagrantfile     |  1 +
 bkctld.service  | 14 ++++++++++++++
 bkctld.sysvinit | 42 ------------------------------------------
 3 files changed, 15 insertions(+), 42 deletions(-)
 create mode 100644 bkctld.service
 delete mode 100755 bkctld.sysvinit

diff --git a/Vagrantfile b/Vagrantfile
index 7db7458..a5c1926 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -20,6 +20,7 @@ ln -fs /vagrant/lib /usr/lib/bkctld
 ln -fs /vagrant/tpl /usr/share/bkctld
 ln -fs /vagrant/bash_completion /usr/share/bash-completion/completions/bkctld
 ln -fs /vagrant/bkctld.conf /etc/default/bkctld
+ln -fs /vagrant/bkctld.service /etc/systemd/system/bkctld.service && systemctl daemon-reload
 mkdir -p /usr/lib/nagios/plugins/
 SCRIPT
 
diff --git a/bkctld.service b/bkctld.service
new file mode 100644
index 0000000..393ecb3
--- /dev/null
+++ b/bkctld.service
@@ -0,0 +1,14 @@
+[Unit]
+Documentation=man:bkctld(8)
+Description=Backup manager using rsync and OpenSSH chroot.
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/bkctld start all
+ExecStop=/usr/sbin/bkctld stop all
+RemainAfterExit=true
+KillMode=control-group
+GuessMainPID=no
+
+[Install]
+WantedBy=multi-user.target
diff --git a/bkctld.sysvinit b/bkctld.sysvinit
deleted file mode 100755
index c790184..0000000
--- a/bkctld.sysvinit
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/sh
-
-### BEGIN INIT INFO
-# Provides:             evobackup
-# Required-Start:       $syslog
-# Required-Stop:        $syslog
-# Default-Start:        2 3 4 5
-# Default-Stop:
-# Short-Description:    Backup manager using rsync and OpenSSH chroot.
-### END INIT INFO
-
-. /lib/lsb/init-functions
-
-case "$1" in
-    start)
-	bkctld start all
-    ;;
-
-    stop)
-	bkctld stop all
-    ;;
-
-    reload|force-reload)
-        bkctld reload all
-    ;;
-
-    restart)
-	bkctld restart all
-    ;;
-
-    status)
-	bkctld status
-    ;;
-
-  *)
-
-    echo "Usage: $0 {start|stop|restart|reload|status}"
-    exit 1
-
-esac
-
-exit 0

From 183bc05ec4ece2d8037dcbdceecbc985d73f7fd2 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Tue, 8 Jan 2019 16:23:46 +0100
Subject: [PATCH 22/52] Use bkctld-list script for jails listing

---
 bkctld           |  9 +++------
 lib/bkctld-check |  3 +--
 lib/bkctld-inc   |  3 +--
 lib/bkctld-list  | 12 ++++++++++++
 lib/bkctld-rm    |  3 +--
 5 files changed, 18 insertions(+), 12 deletions(-)
 create mode 100755 lib/bkctld-list

diff --git a/bkctld b/bkctld
index 80a93ef..d50e8e8 100755
--- a/bkctld
+++ b/bkctld
@@ -26,7 +26,7 @@ if [ ! -x "${LIBDIR}/bkctld-${subcommand}" ]; then
 fi
 
 case "${subcommand}" in
-    "inc" | "rm" | "check" | "stats" | "help")
+    "inc" | "rm" | "check" | "stats" | "help" | "list")
         "${LIBDIR}/bkctld-${subcommand}"
     ;;
         "init" | "is-on")
@@ -37,17 +37,14 @@ case "${subcommand}" in
     ;;
     "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove" | "firewall")
     if [ "${jail}" = "all" ]; then
-        ls "${JAILDIR}"|xargs --no-run-if-empty --max-args=1 --max-procs=0 "${LIBDIR}/bkctld-${subcommand}"
+        "${LIBDIR}/bkctld-list"|xargs --no-run-if-empty --max-args=1 --max-procs=0 "${LIBDIR}/bkctld-${subcommand}"
     else
         "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     fi
     ;;
     "status")
     if [ -z "${jail}" ]; then
-        jails=$(ls "${JAILDIR}")
-        for jail in ${jails}; do
-            "${LIBDIR}/bkctld-${subcommand}" "${jail}"
-        done
+        "${LIBDIR}/bkctld-list"|xargs --no-run-if-empty --max-args=1 "${LIBDIR}/bkctld-${subcommand}"
     else
         "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     fi
diff --git a/lib/bkctld-check b/lib/bkctld-check
index df3fd29..a5faced 100755
--- a/lib/bkctld-check
+++ b/lib/bkctld-check
@@ -32,8 +32,7 @@ if [ -b "${BACKUP_DISK}" ]; then
     fi
 fi
 
-jails=$(ls "${JAILDIR}")
-for jail in ${jails}; do
+for jail in $("${LIBDIR}/bkctld-list"); do
     if [ -f "${JAILDIR}/${jail}/var/log/lastlog" ]; then
         last_conn=$(stat --format=%Y "${JAILDIR}/${jail}/var/log/lastlog")
         date_diff=$(( (cur_time - last_conn) / (60*60) ))
diff --git a/lib/bkctld-inc b/lib/bkctld-inc
index 7a04d2b..3ee7fb8 100755
--- a/lib/bkctld-inc
+++ b/lib/bkctld-inc
@@ -7,8 +7,7 @@
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 date=$(date +"%Y-%m-%d-%H")
-jails=$(ls "${JAILDIR}")
-for jail in ${jails}; do
+for jail in $("${LIBDIR}/bkctld-list"); do
     inc="${INCDIR}/${jail}/${date}"
     mkdir -p "${INCDIR}/${jail}"
     if [ ! -d "${inc}" ]; then
diff --git a/lib/bkctld-list b/lib/bkctld-list
new file mode 100755
index 0000000..f7f4f85
--- /dev/null
+++ b/lib/bkctld-list
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# List jails
+# Usage: list
+#
+
+set -eu
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+[ -d "${JAILDIR}" ] || exit 0
+find "${JAILDIR}" -mindepth 1 -maxdepth 1 -type d|sed 's!.*/!!'
diff --git a/lib/bkctld-rm b/lib/bkctld-rm
index a89c0c5..6770c57 100755
--- a/lib/bkctld-rm
+++ b/lib/bkctld-rm
@@ -19,8 +19,7 @@ if [ -f "${pidfile}" ]; then
     rm "${pidfile}"
     fi
 echo "${$}" > "${pidfile}"
-jails=$(ls "${JAILDIR}")
-for jail in ${jails}; do
+for jail in $("${LIBDIR}/bkctld-list"); do
     incs=$(ls "${INCDIR}/${jail}")
     if [ -f "${CONFDIR}/${jail}" ]; then
         keepfile="${CONFDIR}/.keep-${jail}"

From d09d0b05727ce5672db30249be57c788f600cc5f Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Tue, 8 Jan 2019 16:29:03 +0100
Subject: [PATCH 23/52] Do not create dirs in bkctld script

---
 bkctld           | 1 -
 lib/bkctld-init  | 1 +
 lib/bkctld-stats | 1 +
 3 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/bkctld b/bkctld
index d50e8e8..f9748b8 100755
--- a/bkctld
+++ b/bkctld
@@ -16,7 +16,6 @@ set -u
 [ -d '/usr/lib/bkctld' ] && LIBDIR='/usr/lib/bkctld'
 . "${LIBDIR}/config"
 
-mkdir -p "${CONFDIR}" "${JAILDIR}" "${INCDIR}" "${INDEX_DIR}"
 subcommand="${1:-}"
 jail="${2:-}"
 option="${3:-}"
diff --git a/lib/bkctld-init b/lib/bkctld-init
index 29fe670..35c59dc 100755
--- a/lib/bkctld-init
+++ b/lib/bkctld-init
@@ -12,6 +12,7 @@ if [ ! -n "${jail}" ]; then
 fi
 [ -d "${JAILDIR}/${jail}" ] && error "${jail} : trying to create existant jail"
 
+mkdir -p "${CONFDIR}" "${JAILDIR}"
 sshd_config="${TPLDIR}/sshd_config"
 inctpl="${TPLDIR}/inc.tpl"
 [ -f "${LOCALTPLDIR}/sshd_config" ] && sshd_config="${LOCALTPLDIR}/sshd_config"
diff --git a/lib/bkctld-stats b/lib/bkctld-stats
index 896b195..93b46e9 100755
--- a/lib/bkctld-stats
+++ b/lib/bkctld-stats
@@ -6,6 +6,7 @@
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
+mkdir -p "${INDEX_DIR}"
 lsof "${IDX_FILE}" >/dev/null 2>&1 || nohup sh -s -- <<EOF >/dev/null 2>&1 &
 ionice -c3 "${DUC}" index -d "${IDX_FILE}" "${JAILDIR}"
 touch "${INDEX_DIR}/.lastrun.duc"

From 8eb9c72f4e7acc733bc1824656da04e5734de030 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Wed, 16 Jan 2019 16:19:09 +0100
Subject: [PATCH 24/52] Fix shell error on vagrant provision

---
 Vagrantfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Vagrantfile b/Vagrantfile
index a5c1926..8d0b67d 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -9,6 +9,7 @@ load File.expand_path(vagrantfile) if File.exists?(vagrantfile)
 
 Vagrant.configure('2') do |config|
   config.vm.synced_folder "./", "/vagrant", type: "rsync", rsync__exclude: [ '.vagrant', '.git' ]
+  config.ssh.shell="/bin/sh"
 
   config.vm.provider :libvirt do |libvirt|
     libvirt.storage :file, :size => '10G', :device => 'vdb'

From c25db32a4539f01fb2c0de899a01ab0806a23f0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20S?= <bserie@evolix.fr>
Date: Mon, 21 Jan 2019 14:42:02 +0100
Subject: [PATCH 25/52] Break line for contributors header infos

---
 zzz_evobackup | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/zzz_evobackup b/zzz_evobackup
index 5524448..6292a79 100755
--- a/zzz_evobackup
+++ b/zzz_evobackup
@@ -4,7 +4,9 @@
 # See https://gitea.evolix.org/evolix/evobackup
 # 
 # Author: Gregory Colpart <reg@evolix.fr>
-# Contributor: Romain Dessort <rdessort@evolix.fr>, Benoît Série <bserie@evolix.fr>, Tristan Pilat <tpilat@evolix.fr>, Victor Laborie <vlaborie@evolix.fr>,  Jérémy Lecour <jlecour@evolix.fr>
+# Contributors: Romain Dessort <rdessort@evolix.fr>, Benoît Série
+# <bserie@evolix.fr>, Tristan Pilat <tpilat@evolix.fr>, Victor Laborie
+# <vlaborie@evolix.fr>,  Jérémy Lecour <jlecour@evolix.fr>
 # Licence: AGPLv3
 #
 # The following variables must be changed:

From 2b911cff1dfb7bd195c64c267d70ba23e7c38161 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20S?= <bserie@evolix.fr>
Date: Mon, 21 Jan 2019 14:44:30 +0100
Subject: [PATCH 26/52] Break line after every contributor name

---
 zzz_evobackup | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/zzz_evobackup b/zzz_evobackup
index 6292a79..6e3d2d7 100755
--- a/zzz_evobackup
+++ b/zzz_evobackup
@@ -4,9 +4,13 @@
 # See https://gitea.evolix.org/evolix/evobackup
 # 
 # Author: Gregory Colpart <reg@evolix.fr>
-# Contributors: Romain Dessort <rdessort@evolix.fr>, Benoît Série
-# <bserie@evolix.fr>, Tristan Pilat <tpilat@evolix.fr>, Victor Laborie
-# <vlaborie@evolix.fr>,  Jérémy Lecour <jlecour@evolix.fr>
+# Contributors:
+# Romain Dessort <rdessort@evolix.fr>
+# Benoît Série <bserie@evolix.fr>
+# Tristan Pilat <tpilat@evolix.fr>
+# Victor Laborie <vlaborie@evolix.fr>
+# Jérémy Lecour <jlecour@evolix.fr>
+#
 # Licence: AGPLv3
 #
 # The following variables must be changed:

From 15fa2dab0f656804d2264c695d81396a64dd6111 Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Wed, 2 Jan 2019 12:13:38 -0500
Subject: [PATCH 27/52] Improved documentation for example script

Added the description of variables to change into the zzz_evobackup
script comments and updated the path to the repository.
---
 zzz_evobackup | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/zzz_evobackup b/zzz_evobackup
index 6ac5a75..5524448 100755
--- a/zzz_evobackup
+++ b/zzz_evobackup
@@ -1,12 +1,20 @@
 #!/bin/sh
 #
 # Script Evobackup client
-# See https://forge.evolix.org/projects/evobackup
+# See https://gitea.evolix.org/evolix/evobackup
 # 
 # Author: Gregory Colpart <reg@evolix.fr>
 # Contributor: Romain Dessort <rdessort@evolix.fr>, Benoît Série <bserie@evolix.fr>, Tristan Pilat <tpilat@evolix.fr>, Victor Laborie <vlaborie@evolix.fr>,  Jérémy Lecour <jlecour@evolix.fr>
 # Licence: AGPLv3
 #
+# The following variables must be changed:
+# SSH_PORT: The Port used for the ssh(1) jail on the backup server
+# MAIL: The email address to send notifications to.
+# SRV: The hostname or IP address of the backup server.
+# 
+# You must then uncomment the various
+# examples that best suit your case
+#
 
 PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin
 

From 3af8ac1510dfc467c150aa408e08e307d4eafc35 Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Wed, 2 Jan 2019 12:20:41 -0500
Subject: [PATCH 28/52] Improved README.md and adjacent files.

 * Fixed the english in README.md and docs/debian.md
 * Moved installation instructions from README.md to docs/install.md
 * Reworked the rest of README.md
 * Added a few comments to bkctld.conf
---
 README.md       | 98 ++++++++++++++++++++-----------------------------
 bkctld.conf     |  5 ++-
 docs/debian.md  |  5 ++-
 docs/install.md | 47 ++++++++++++++++++++++++
 4 files changed, 93 insertions(+), 62 deletions(-)
 create mode 100644 docs/install.md

diff --git a/README.md b/README.md
index 5f77184..8e7e9c2 100644
--- a/README.md
+++ b/README.md
@@ -1,15 +1,18 @@
 Bkctld (aka evobackup)
 =========
 
-Bkctld is a shell script to create and manage a backup server which will
-handle the backup of many servers (clients). Licence is AGPLv3.
+Bkctld is a shell script that creates and manages a backup server
+which can handle the backups of many other servers (clients). It
+is licensed under the AGPLv3.
 
-The main principle uses SSH chroot (called "jails" in the FreeBSD
-world) for each client to backup. Each client will upload his data every day
-using rsync in his chroot (using root account).
-Incrementals are stored outside of the chroot using hard links or btrfs snapshots.
-(So incrementals are not available for clients). Using this method we can keep tens 
-of backup of each client securely and not using too much space.
+It uses SSH chroots (called "jails" in the FreeBSD world) to sandbox
+every clients backups. Each client will upload it's data every day
+using rsync in it's chroot (using the root account).  Prior backups
+are stored incrementally outside of the chroot using hard links or
+BTRFS snapshots.  (So they can not be affected by the client). 
+
+Using this method, we can keep a large quantity of backups of each
+client securely and efficiently.
 
 ~~~
                                     Backup server
@@ -20,56 +23,23 @@ Server 2 ------ SSH/rsync ------->  * tcp/2223 *
                                     ************
 ~~~
 
-This method uses standard tools (ssh, rsync, cp -al, btrfs subvolume). EvoBackup 
-is used for many years by Evolix for back up each day hundreds of servers which
- uses many terabytes of data.
+This method uses standard tools (ssh, rsync, cp -al, btrfs subvolume)
+and has been used for many years by Evolix to backup hundreds of
+servers, totaling many terabytes of data, each day.  bkctld has
+been tested on Debian Jessie and should be compatible with other
+Debian versions or derived distributions like Ubuntu.
 
-bkctld was test on Debian Jessie. It can be compatible with other Debian version
-or derivated distribution like Ubuntu or Debian Wheezy.
-
-A big size volume must be mount on /backup, we recommend usage of **btrfs** for
-subvolume and snapshot fonctionnality.
-This volume can be encrypted by **luks** for security reason.
+A large enough volume must be mounted on `/backup`, we recommend
+the usage of **BTRFS** so you can use sub-volumes and snapshots.
+This volume can also be encrypted with **LUKS**.
 
 ## Install
 
-A Debian package is available in Evolix repository
+See the [installation guide](docs/install.md) for instructions.
 
-~~~
-echo "http://pub.evolix.net/ jessie/" >> /etc/apt/sources.list
-apt update
-apt install bkctld
-~~~
+## Testing
 
-### Chroot dependency
-
-Chroot jail use part of this package
-
-~~~
-apt install bash coreutils sed dash mount rsync openssh-server openssh-sftp-server libc6-i386 libc6
-~~~
-
-#### Install cron for incremental backup
-
-Edit root crontab
-
-~~~
-crontab -e
-~~~
-
-Add this ligne
-
-~~~
-30 10 * * * /usr/sbin/bkctld inc && /usr/sbin/bkctld rm
-~~~ 
-
-> **Notes :**
-> If you want mutiples backups in a day (1 by hour maximum) you can run `bkctld inc` multiples times
-> If you want keep incremental backup **for ever**, you just need don't run `bkctld rm`
-
-## Test
-
-You can deploy tests environmments with Vagrant :
+You can deploy test environments with Vagrant :
 
 ~~~
 vagrant up
@@ -77,7 +47,8 @@ vagrant up
 
 ### Deployment
 
-Launch rsync-auto in a terminal for automatic synchronisation of your local code with Vagrant VM :
+Launch rsync-auto in a terminal for automatic synchronization of
+your local code with Vagrant VM :
 
 ~~~
 vagrant rsync-auto
@@ -85,7 +56,8 @@ vagrant rsync-auto
 
 ### Bats
 
-You can run [bats](https://github.com/sstephenson/bats) test with *test* provisionner :
+You can run [bats](https://github.com/sstephenson/bats) tests with
+the *test* provision :
 
 ~~~
 vagrant provision --provision-with test
@@ -95,21 +67,31 @@ vagrant provision --provision-with test
 
 See [docs/usage.md](docs/usage.md).
 
-Man page, in roff language, can be generated with pandoc :
+The man(1) page, in troff(7) language, can be generated with pandoc:
 
 ~~~
-pandoc -f markdown -t man usage.md --template default.man -V title=bkctld -V section=8 -V date="$(date '+%d %b %Y')" -V footer="$(git describe --tags)" -V header="bkctld man page"
+pandoc -f markdown \
+	-t man usage.md \
+	--template default.man \
+	-V title=bkctld \
+	-V section=8 \
+	-V date="$(date '+%d %b %Y')" \
+	-V footer="$(git describe --tags)" \
+	-V header="bkctld man page"
 ~~~
 
 #### Client configuration
 
-You can save various systems on evobackup jail :  Linux, BSD, Windows, MacOSX. Only prequisites is rsync command.
+You can save various systems in the evobackup jails :  Linux, BSD,
+Windows, MacOSX. The only prerequisite is the rsync command.
 
 ~~~
 rsync -av -e "ssh -p SSH_PORT" /home/ root@SERVER_NAME:/var/backup/home/
 ~~~
 
-An example script is present in zzz_evobackup, clone evobackup repo and read **CLIENT CONFIGURATION** section of the manual.
+An example synchronization script is present in `zzz_evobackup`,
+clone the evobackup repository and read the **CLIENT CONFIGURATION**
+section of the manual.
 
 ~~~
 git clone https://forge.evolix.org/evobackup.git
diff --git a/bkctld.conf b/bkctld.conf
index b876241..ddcb872 100644
--- a/bkctld.conf
+++ b/bkctld.conf
@@ -1,4 +1,5 @@
-# Defaults for bkctld command (evobackup)
+# bkctld.conf(5)
+# Defaults for bkctld(8) command (evobackup)
 # sourced by /usr/sbin/bkctld and /etc/init.d/bkctld
 
 #CONFDIR='/etc/evobackup'
@@ -10,5 +11,5 @@
 #SSHD_PID='/var/run/sshd.pid'
 #SSHD_CONFIG='/etc/ssh/sshd_config'
 #AUTHORIZED_KEYS='/root/.ssh/authorized_keys'
-#FIREWALL_RULES='/etc/firewall.rc.jails'
+#FIREWALL_RULES=''
 #LOGLEVEL=6
diff --git a/docs/debian.md b/docs/debian.md
index ddcc1b3..e99b0cf 100644
--- a/docs/debian.md
+++ b/docs/debian.md
@@ -1,6 +1,7 @@
 # Debian Package
 
-**bkctld** package can be build from the **debian** branch of this Git repository with git-buildpackage and sbuild.
+The **bkctld** package can be built from the **debian** branch of
+this git repository with git-buildpackage and sbuild.
 
 ## Dependencies
 
@@ -37,7 +38,7 @@ sbuild-createchroot --include=eatmydata,ccache,gnupg unstable /srv/chroot/sid ht
 
 ## Build
 
-You must be in **debian** branch :
+You must be in the **debian** branch :
 
 ~~~
 git checkout debian
diff --git a/docs/install.md b/docs/install.md
new file mode 100644
index 0000000..22d3aed
--- /dev/null
+++ b/docs/install.md
@@ -0,0 +1,47 @@
+# Install
+
+A Debian package is available in the Evolix repository
+
+~~~
+echo "http://pub.evolix.net/jessie/" >> /etc/apt/sources.list
+apt update
+apt install bkctld
+~~~
+
+Then edit `/etc//bkctld`
+
+## Chroot dependencies
+
+The chroot jails depend on these packages
+
+~~~
+apt install \
+	bash \
+	coreutils \
+	sed \
+	dash \
+	mount \
+	rsync \
+	openssh-server \
+	openssh-sftp-server \
+	libc6-i386 \
+	libc6
+~~~
+
+## Client dependencies
+
+The clients only require OpenSSH and rsync.
+
+### Cron job for incremental backups
+
+Edit the root crontab
+
+~~~
+# crontab -e
++ 30 10 * * * /usr/sbin/bkctld inc && /usr/sbin/bkctld rm
+~~~
+
+## Notes
+If you want mutiples backups in a day (1 by hour maximum) you can
+run `bkctld inc` multiples times, if you want to keep incremental
+backups **for ever**, just don't run `bkctld rm`.
\ No newline at end of file

From e960946285465cb1e3ae8f06a11b18d1b1ab4779 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Fri, 4 Jan 2019 13:51:05 +0100
Subject: [PATCH 29/52] Split bkctld into multiples scripts

---
 Vagrantfile        |   1 +
 bkctld             | 685 +++------------------------------------------
 lib/bkctld-check   |  67 +++++
 lib/bkctld-inc     |  23 ++
 lib/bkctld-init    |  29 ++
 lib/bkctld-ip      |   1 +
 lib/bkctld-key     |   1 +
 lib/bkctld-params  |  17 ++
 lib/bkctld-port    |   1 +
 lib/bkctld-reload  |  12 +
 lib/bkctld-remove  |  30 ++
 lib/bkctld-restart |  11 +
 lib/bkctld-rm      |  44 +++
 lib/bkctld-start   |  36 +++
 lib/bkctld-stats   |  23 ++
 lib/bkctld-status  |  17 ++
 lib/bkctld-stop    |  16 ++
 lib/bkctld-sync    |  21 ++
 lib/bkctld-update  |  11 +
 lib/config         |  23 ++
 lib/functions      | 133 +++++++++
 lib/logging        |  42 +++
 lib/mkjail         |  44 +++
 23 files changed, 648 insertions(+), 640 deletions(-)
 create mode 100755 lib/bkctld-check
 create mode 100755 lib/bkctld-inc
 create mode 100755 lib/bkctld-init
 create mode 120000 lib/bkctld-ip
 create mode 120000 lib/bkctld-key
 create mode 100755 lib/bkctld-params
 create mode 120000 lib/bkctld-port
 create mode 100755 lib/bkctld-reload
 create mode 100755 lib/bkctld-remove
 create mode 100755 lib/bkctld-restart
 create mode 100755 lib/bkctld-rm
 create mode 100755 lib/bkctld-start
 create mode 100755 lib/bkctld-stats
 create mode 100755 lib/bkctld-status
 create mode 100755 lib/bkctld-stop
 create mode 100755 lib/bkctld-sync
 create mode 100755 lib/bkctld-update
 create mode 100755 lib/config
 create mode 100755 lib/functions
 create mode 100755 lib/logging
 create mode 100755 lib/mkjail

diff --git a/Vagrantfile b/Vagrantfile
index 9fa28e9..66e0cd7 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -16,6 +16,7 @@ Vagrant.configure('2') do |config|
 
   $install = <<SCRIPT
 ln -fs /vagrant/bkctld /usr/sbin/bkctld
+ln -fs /vagrant/lib /usr/lib/bkctld
 ln -fs /vagrant/tpl /usr/share/bkctld
 ln -fs /vagrant/bash_completion /usr/share/bash-completion/completions/bkctld
 ln -fs /vagrant/bkctld.conf /etc/default/bkctld
diff --git a/bkctld b/bkctld
index 03a7a32..d1c01a7 100755
--- a/bkctld
+++ b/bkctld
@@ -10,652 +10,57 @@
 
 set -u
 
-usage(){
-    cat <<EOF
-Usage: $0 <subcommand> [options]
-Subcommands:
-    init        <jailname>                      Init jail <jailname>
-    update      <jailname>|all                  Update jail <jailname> or all
-    remove      <jailname>|all                  Remove jail <jailname> or all
-    start       <jailname>|all                  Start jail <jailname> or all
-    stop        <jailname>|all                  Stop jail <jailname> or all
-    reload      <jailname>|all                  Reload jail <jailname> or all
-    restart     <jailname>|all                  Restart jail <jailname> or all
-    sync        <jailname>|all                  Sync jail <jailname> or all to another node
-    status      [<jailname>]                    Print status of <jailname> (default all jail)
-    key         <jailname>      [<keyfile>]     Set or get ssh pubic key of <jailname>
-    port        <jailname>      [<port>|auto]   Set or get ssh port of <jailname>
-    ip          <jailname>      [<ip>|all]      Set or get allowed(s) ip(s) of <jailname>
-    inc                                         Make incremental inc of all jails
-    rm                                          Remove old incremtal inc of all jails
-    check                                       Run check on jails (NRPE output)
-    stats                                       Make and display stats on jails (size, lastconn)
+[ "$(id -u)" -ne 0 ] && error "You need to be root to run ${0} !"
 
-EOF
-}
+[ -d './lib' ] && LIBDIR='lib'
+[ -d '/usr/lib/bkctld' ] && LIBDIR='/usr/lib/bkctld'
+. "${LIBDIR}/config"
 
-## logging functions
+mkdir -p "${CONFDIR}" "${JAILDIR}" "${INCDIR}" "${INDEX_DIR}"
+subcommand="${1:-}"
+jail="${2:-}"
+option="${3:-}"
 
-debug() {
-    msg="${1:-$(cat /dev/stdin)}"
-    if [ "${LOGLEVEL}" -ge 7 ]; then
-        echo "${msg}"
-        logger -t bkctld -p daemon.debug "${msg}"
-    fi
-}
+[ -x "${LIBDIR}/bkctld-${subcommand}" ] || usage
 
-info() {
-    msg="${1:-$(cat /dev/stdin)}"
-    if [ "${LOGLEVEL}" -ge 6 ]; then
-        tty -s && echo "${msg}"
-        logger -t bkctld -p daemon.info "${msg}"
-    fi
-}
-
-notice() {
-    msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "${msg}"
-    [ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "${msg}"
-}
-
-warning() {
-    msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "WARNING : ${msg}" >&2
-    if [ "${LOGLEVEL}" -ge 4 ]; then
-        tty -s || echo "WARNING : ${msg}" >&2
-        logger -t bkctld -p daemon.warning "${msg}"
-    fi
-}
-
-error() {
-    msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "ERROR : ${msg}" >&2
-    if [ "${LOGLEVEL}" -ge 5 ]; then
-        tty -s || echo "ERROR : ${msg}" >&2
-        logger -t bkctld -p daemon.error "${msg}"
-    fi
-    exit 1
-}
-
-## check functions
-
-check_jail() {
-    jail="${1}"
-    [ -d "${JAILDIR}/${jail}" ] && return 0
-    return 1
-}
-
-check_jail_on() {
-    jail="${1}"
-    return=1
-    if [ -f "${JAILDIR}/${jail}/${SSHD_PID}" ]; then
-        pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
-        ps -p "${pid}" > /dev/null && return=0
-    fi
-    if [ "${return}" -eq 1 ]; then
-        rm -f "${JAILDIR}/${jail}/${SSHD_PID}"
-        grep -q "${JAILDIR}/${jail}/proc" /proc/mounts && umount --lazy "${JAILDIR}/${jail}/proc/"
-        grep -q "${JAILDIR}/${jail}/dev" /proc/mounts && umount --lazy --recursive "${JAILDIR}/${jail}/dev"
-    fi
-    return "${return}"
-}
-
-## get functions : get info on jail
-
-get_port() {
-    jail="${1}"
-    port=$(grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+")
-    echo "${port}"
-}
-
-get_key() {
-    jail="${1}"
-    if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
-        cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
-    fi
-}
-
-get_ip() {
-    jail="${1}"
-    grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
-        echo "${allow}"|cut -d'@' -f2
-    done
-}
-
-get_inc() {
-    jail="${1}"
-    inc="0"
-        if [ -f "${CONFDIR}/${jail}" ]; then
-            day=$(grep -c "day" "${CONFDIR}/${jail}")
-            month=$(grep -c "month" "${CONFDIR}/${jail}")
-            inc="${day}/${month}"
-        fi
-    echo "${inc}"
-}
-
-## set functions : set info on jail
-
-set_port() {
-    jail="${1}"
-    port="${2}"
-    if [ "${port}" = "auto" ]; then
-        port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1)
-        port=$((port+1))
-        [ "${port}" -le 1 ] && port=2222
-    fi
-    sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
-    set_firewall "${jail}"
-}
-
-set_key() {
-    jail="${1}"
-    keyfile="${2}"
-    [ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !"
-    cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
-    chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
-}
-
-set_ip() {
-    jail="${1}"
-    ip="${2}"
-    if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
-        ips="0.0.0.0/0"
+case "${subcommand}" in
+    "inc" | "rm" | "check" | "stats")
+        "${LIBDIR}/bkctld-${subcommand}"
+    ;;
+        "init")
+        "${LIBDIR}/bkctld-${subcommand}" "${jail}"
+    ;;
+    "key" | "port" | "ip")
+        "${LIBDIR}/bkctld-params" "${jail}" "${subcommand}" "${option}"
+    ;;
+    "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
+    if [ "${jail}" = "all" ]; then
+        jails=$(ls "${JAILDIR}")
+        for jail in ${jails}; do
+            case "${subcommand}" in
+                "start")
+                    check_jail_on "${jail}" || "${LIBDIR}/bkctld-${subcommand}" "${jail}"
+                ;;
+                "stop" | "reload" | "restart")
+                    check_jail_on "${jail}" && "${LIBDIR}/bkctld-${subcommand}" "${jail}"
+                ;;
+                *)
+                    "${LIBDIR}/bkctld-${subcommand}" "${jail}"
+                ;;
+            esac
+                done
     else
-        ips=$(get_ip "${jail}")
-        ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
+        "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     fi
-    allow="AllowUsers"
-    for ip in $ips; do
-        allow="${allow} root@${ip}"
-    done
-    sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
-    set_firewall "${jail}"
-}
-
-set_firewall() {
-    jail="${1}"
-    if [ -n "${FIREWALL_RULES}" ]; then
-        if [ -f "${FIREWALL_RULES}" ]; then
-            sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
-        fi
-        if ( check_jail "${jail}" ); then
-            port=$(get_port "${jail}")
-            for ip in $(get_ip "${jail}"); do
-                echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
-            done
-            if [ -f /etc/init.d/minifirewall ]; then
-                /etc/init.d/minifirewall restart >/dev/null
-            fi
-        fi
-    fi
-}
-
-## mk_jail function : create or update a jail
-
-mk_jail() {
-    jail="${1}"
-    passwd="${TPLDIR}/passwd"
-    shadow="${TPLDIR}/shadow"
-    group="${TPLDIR}/group"
-    sshrc="${TPLDIR}/sshrc"
-    [ -f "${LOCALTPLDIR}/passwd" ] && passwd="${LOCALTPLDIR}/passwd"
-    [ -f "${LOCALTPLDIR}/shadow" ] && shadow="${LOCALTPLDIR}/shadow"
-    [ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group"
-    [ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc"
-    umask 077
-
-    info "1 - Creating the chroot"
-    cd "${JAILDIR}/${jail}"
-    rm -rf bin lib lib64 run usr var/run etc/ssh/*key
-    mkdir -p dev proc
-    mkdir -p usr/bin usr/sbin usr/lib usr/lib/x86_64-linux-gnu usr/lib/openssh usr/lib64
-    mkdir -p etc/ssh var/log run/sshd
-    mkdir -p root/.ssh var/backup -m 0700
-    ln -s usr/bin bin
-    ln -s usr/lib lib
-    ln -s usr/lib64 lib64
-    ln -st var ../run
-    touch var/log/lastlog var/log/wtmp run/utmp
-
-    info "2 - Copying essential files"
-    [ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key etc/ssh
-    [ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key etc/ssh
-    [ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key etc/ssh
-    cp "${passwd}" etc
-    cp "${shadow}" etc
-    cp "${group}" etc
-    cp "${sshrc}" etc/ssh
-
-    info "3 - Copying binaries"
-    cp -f /lib/ld-linux.so.2 lib 2>/dev/null || cp -f /lib64/ld-linux-x86-64.so.2 lib64
-    cp /lib/x86_64-linux-gnu/libnss* lib/x86_64-linux-gnu
-
-    for dbin in /bin/sh /bin/ls /bin/mkdir /bin/cat /bin/rm /bin/sed /usr/bin/rsync /usr/bin/lastlog /usr/bin/touch /usr/sbin/sshd /usr/lib/openssh/sftp-server; do
-        cp -f "${dbin}" "${JAILDIR}/${jail}/${dbin}";
-        for lib in $(ldd "${dbin}" | grep -Eo "/.*so.[0-9\.]+"); do
-            cp -p "${lib}" "${JAILDIR}/${jail}/${lib}"
+    ;;
+    "status")
+    if [ -z "${jail}" ]; then
+        jails=$(ls "${JAILDIR}")
+        for jail in ${jails}; do
+            "${LIBDIR}/bkctld-${subcommand}" "${jail}"
         done
-    done
-}
-
-## sub functions : functions call by subcommand
-  
-sub_init() {
-    jail="${1}"
-    sshd_config="${TPLDIR}/sshd_config"
-    inctpl="${TPLDIR}/inc.tpl"
-    [ -f "${LOCALTPLDIR}/sshd_config" ] && sshd_config="${LOCALTPLDIR}/sshd_config"
-    [ -f "${LOCALTPLDIR}/inc.tpl" ] && inctpl="${LOCALTPLDIR}/inc.tpl"
-    check_jail "${jail}" && error "${jail} : trying to create existant jail"
-
-    rootdir=$(dirname "${JAILDIR}")
-    rootdir_inode=$(stat --format=%i "${rootdir}")
-    jaildir_inode=$(stat --format=%i "${JAILDIR}")
-    if [ "${rootdir_inode}" -eq 256 ] || [ "${jaildir_inode}" -eq 256 ]; then
-        /bin/btrfs subvolume create "${JAILDIR}/${jail}"
     else
-        mkdir -p "${JAILDIR}/${jail}"
+        "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     fi
-    mk_jail "${jail}"
-    info "4 - Copie default sshd_config"
-    install -m 0640 "${sshd_config}" "${JAILDIR}/${jail}/${SSHD_CONFIG}"
-    info "5 - Set usable sshd port"
-    set_port "${jail}" auto
-    info "6 - Copie default inc configuration"
-    install -m 0640 "${inctpl}" "${CONFDIR}/${jail}"
-    notice "${jail} : created jail"
-}
-
-sub_update() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : trying to update inexistant jail"
-    check_jail_on "${jail}" && sub_stop "${jail}"
-
-    mk_jail "${jail}"
-    notice "${jail} : updated jail"
-}
-
-sub_remove() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : trying to remove inexistant jail"
-
-    check_jail_on "${jail}" && sub_stop "${jail}"
-    
-    rm -f "${CONFDIR}/${jail}"
-    jail_inode=$(stat --format=%i "${JAILDIR}/${jail}")
-    if [ "${jail_inode}" -eq 256 ]; then
-        /bin/btrfs subvolume delete "${JAILDIR}/${jail}" | debug
-    else
-        rm -rf "${JAILDIR}/${jail}" | debug
-    fi
-    if [ -d  "${INCDIR}/${jail}" ]; then
-        incs=$(ls "${INCDIR}/${jail}")
-        for inc in ${incs}; do
-            inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${inc}")
-            if [ "${inc_inode}" -eq 256 ]; then
-                /bin/btrfs subvolume delete "${INCDIR}/${jail}/${inc}" | debug
-            else
-                warning "You need to purge ${INCDIR}/${jail}/${inc} manually !"
-            fi
-        done
-        rmdir --ignore-fail-on-non-empty "${INCDIR}/${jail}" | debug
-    fi
-    set_firewall "${jail}"
-    notice "${jail} : deleted jail"
-}
-
-sub_start() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : trying to start inexistant jail"
-    check_jail_on "${jail}" && error "${jail} : trying to start already running jail"
-
-    cd "${JAILDIR}/${jail}"
-    grep -q "${JAILDIR}/${jail}/proc" /proc/mounts || mount -t proc "proc-${jail}" proc
-    grep -q "${JAILDIR}/${jail}/dev" /proc/mounts || mount -nt tmpfs "dev-${jail}" dev
-    [ -e "dev/console" ] || mknod -m 622 dev/console c 5 1
-    [ -e "dev/null" ] || mknod -m 666 dev/null c 1 3
-    [ -e "dev/zero" ] || mknod -m 666 dev/zero c 1 5
-    [ -e "dev/ptmx" ] || mknod -m 666 dev/ptmx c 5 2
-    [ -e "dev/tty" ] || mknod -m 666 dev/tty c 5 0
-    [ -e "dev/random" ] || mknod -m 444 dev/random c 1 8
-    [ -e "dev/urandom" ] || mknod -m 444 dev/urandom c 1 9
-    chown root:tty dev/console dev/ptmx dev/tty
-    ln -fs proc/self/fd dev/fd
-    ln -fs proc/self/fd/0 dev/stdin
-    ln -fs proc/self/fd/1 dev/stdout
-    ln -fs proc/self/fd/2 dev/stderr
-    ln -fs proc/kcore dev/core
-    mkdir -p dev/pts
-    mkdir -p dev/shm
-    grep -q "${JAILDIR}/${jail}/dev/pts" /proc/mounts || mount -t devpts -o gid=4,mode=620 none dev/pts
-    grep -q "${JAILDIR}/${jail}/dev/shm" /proc/mounts || mount -t tmpfs none dev/shm
-    chroot "${JAILDIR}/${jail}" /usr/sbin/sshd -E /var/log/authlog || error "${jail} : error on starting sshd"
-    pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
-    notice "${jail} was started [${pid}]"
-}
-
-sub_stop() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : trying to stop inexistant jail"
-    check_jail_on "${jail}" || error "${jail} : trying to stop not running jail"
-
-    pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
-    for conn in $(ps --ppid "${pid}" -o pid=); do
-        kill "${conn}"
-    done
-    kill "${pid}" && notice "${jail} was stopped [${pid}]"
-    umount --lazy --recursive "${JAILDIR}/${jail}/dev"
-    umount --lazy "${JAILDIR}/${jail}/proc/"
-}
-
-sub_reload() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : trying to reload inexistant jail"
-    check_jail_on "${jail}" || error "${jail} : trying to reload not running jail"
-
-    pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
-
-    kill -HUP "${pid}" && notice "${jail} was reloaded [${pid}]"
-}
-
-sub_status() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : inexistant jail ! Use '$0 status' for list all"
-
-    inc=$(get_inc "${jail}")
-    if ( check_jail_on "${jail}" ); then
-        status="ON "
-    else
-        status="OFF"
-    fi
-    port=$(get_port "${jail}")
-    ip=$(get_ip "${jail}"|xargs|tr -s ' ' ',')
-    echo "${jail} ${status} ${port} ${inc} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
-}
-
-sub_params() {
-    jail="${1}"
-    params="${2}"
-    option="${3}"
-    check_jail "${jail}" || error "${jail} : inexistant jail'"
-
-    if [ -z "${option}" ]; then
-        "get_${params}" "${jail}"
-    else
-        "set_${params}" "${jail}" "${option}"
-        check_jail_on "${jail}" && sub_reload "${jail}"
-        notice "${jail} : update ${params} => ${option}"
-    fi
-}
-
-sub_sync() {
-    jail="${1}"
-    check_jail "${jail}" || error "${jail} : trying to sync inexistant jail"
-
-    [ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !"
-
-    jail="${1}"
-    ssh "${NODE}" bkctld init "${jail}" | debug
-    rsync -a "${JAILDIR}/${jail}/" "${NODE}:${JAILDIR}/${jail}/" --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/*
-    rsync -a "${CONFDIR}/${jail}" "${NODE}:${CONFDIR}/${jail}"
-    if ( check_jail_on "${jail}" ); then
-        ssh "${NODE}" bkctld start "${jail}" | debug
-    fi
-    if [ -n "${FIREWALL_RULES}" ]; then
-        rsync -a "${FIREWALL_RULES}" "${NODE}:${FIREWALL_RULES}"
-        ssh "${NODE}" /etc/init.d/minifirewall restart | debug
-    fi
-}
-
-sub_inc() {
-    date=$(date +"%Y-%m-%d-%H")
-    jails=$(ls "${JAILDIR}")
-    for jail in ${jails}; do
-        inc="${INCDIR}/${jail}/${date}"
-        mkdir -p "${INCDIR}/${jail}"
-        if [ ! -d "${inc}" ]; then
-            start=$(date +"%H:%M:%S")
-            jail_inode=$(stat --format=%i "${JAILDIR}/${jail}")
-            if [ "$jail_inode" -eq 256 ]; then
-                /bin/btrfs subvolume snapshot -r "${JAILDIR}/${jail}" "${inc}" | debug
-            else
-                cp -alx "${JAILDIR}/${jail}/" "${inc}" | debug
-            fi
-            end=$(date +"%H:%M:%S")
-            notice "${jail} : made ${date} inc [${start}/${end}]"
-        else
-            warning "${jail} : trying to made already existant inc"
-        fi
-    done
-}
-
-sub_rm() {
-    empty="/tmp/bkctld-${$}-$(date +%N))"
-    mkdir "${empty}"
-    pidfile="/var/run/bkctld-rm.pid"
-    if [ -f "${pidfile}" ]; then
-        pid=$(cat "${pidfile}")
-        ps -u "${pid}" >/dev/null
-        if [ "${?}" -eq 0 ]; then
-            kill -9 "${pid}"
-            warning "${0} rm always run (PID ${pid}), killed by ${$} !"
-        fi
-        rm "${pidfile}"
-        fi
-    echo "${$}" > "${pidfile}"
-    jails=$(ls "${JAILDIR}")
-    for jail in ${jails}; do
-        incs=$(ls "${INCDIR}/${jail}")
-        if [ -f "${CONFDIR}/${jail}" ]; then
-            keepfile="${CONFDIR}/.keep-${jail}"
-            while read j; do
-                date=$( echo "${j}" | cut -d. -f1 )
-                before=$( echo "${j}" | cut -d. -f2 )
-                date -d "$(date "${date}") ${before}" "+%Y-%m-%d"
-            done < "${CONFDIR}/${jail}" > "${keepfile}"
-            for j in $(echo "${incs}" | grep -v -f "${keepfile}"); do
-                start=$(date +"%H:%M:%S")
-                inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${j}")
-                if [ "${inc_inode}" -eq 256 ]; then
-                    /bin/btrfs subvolume delete "${INCDIR}/${jail}/${j}" | debug
-                else
-                    cd "${INCDIR}/${jail}"
-                    rsync -a --delete "${empty}/" "${j}/"
-                    rmdir "${j}"
-                fi
-                end=$(date +"%H:%M:%S")
-                notice "${jail} : deleted ${j} inc [${start}/${end}]"
-            done
-        fi
-    done
-    rmdir "${empty}"
-    rm "${pidfile}"
-}
-
-sub_check() {
-    cur_time=$(date "+%s")
-    return=0
-    nb_crit=0
-    nb_warn=0
-    nb_ok=0
-    nb_unkn=0
-    output=""
-
-    if [ -b "${BACKUP_DISK}" ]; then
-	cryptsetup isLuks "${BACKUP_DISK}"
-        if [ "$?" -eq 0 ]; then
-            if [ ! -b '/dev/mapper/backup' ]; then
-                echo "Luks disk ${BACKUP_DISK} is not mounted !\n"
-                echo "cryptsetup luksOpen ${BACKUP_DISK} backup"
-                exit 2
-            fi
-            BACKUP_DISK='/dev/mapper/backup'
-        fi
-        grep -qE "^${BACKUP_DISK} " /etc/mtab
-        if [ "$?" -ne 0 ]; then
-             echo "Backup disk ${BACKUP_DISK} is not mounted !\n"
-             echo "mount ${BACKUP_DISK} /backup"
-             exit 2
-        fi
-    fi
-
-    jails=$(ls "${JAILDIR}")
-    for jail in ${jails}; do
-        if [ -f "${JAILDIR}/${jail}/var/log/lastlog" ]; then
-            last_conn=$(stat --format=%Y "${JAILDIR}/${jail}/var/log/lastlog")
-            date_diff=$(( (cur_time - last_conn) / (60*60) ))
-            if [ "${date_diff}" -gt "${CRITICAL}" ]; then
-                nb_crit=$((nb_crit + 1))
-                output="${output}CRITICAL - ${jail} - ${date_diff} hours\n"
-                [ "${return}" -le 2 ] && return=2
-            elif [ "${date_diff}" -gt "${WARNING}" ]; then
-                nb_warn=$((nb_warn + 1))
-                output="${output}WARNING - ${jail} - ${date_diff} hours\n"
-                [ "${return}" -le 1 ] && return=1
-            else
-                nb_ok=$((nb_ok + 1))
-                output="${output}OK - ${jail} - ${date_diff} hours\n"
-            fi
-        else
-            nb_unkn=$((nb_unkn + 1))
-            output="${output}UNKNOWN - ${jail} doesn't have lastlog !\n"
-            [ "${return}" -le 3 ] && return=3
-        fi
-    done
-
-    [ "${return}" -ge 0 ] && header="OK"
-    [ "${return}" -ge 1 ] && header="WARNING"
-    [ "${return}" -ge 2 ] && header="CRITICAL"
-    [ "${return}" -ge 3 ] && header="UNKNOW"
-
-    printf "%s - %s UNK / %s CRIT / %s WARN / %s OK\n\n" "${header}" "${nb_unkn}" "${nb_crit}" "${nb_warn}" "${nb_ok}"
-
-    printf "${output}" | grep -E "^UNKNOW"
-    printf "${output}" | grep -E "^CRITICAL"
-    printf "${output}" | grep -E "^WARNING"
-    printf "${output}" | grep -E "^OK"
-
-    exit "${return}"
-}
-
-sub_stats() {
-    lsof "${IDX_FILE}" >/dev/null 2>&1 || nohup sh -s -- <<EOF >/dev/null 2>&1 &
-ionice -c3 "${DUC}" index -d "${IDX_FILE}" "${JAILDIR}"
-touch "${INDEX_DIR}/.lastrun.duc"
-EOF
-    [ ! -f "${INDEX_DIR}/.lastrun.duc" ] && notice "First run of DUC always in progress ..." && exit 0
-    [ ! -f ${IDX_FILE} ] && error "Index file do not exits !"
-    printf "Last update of index file : "
-    stat --format=%Y "${INDEX_DIR}/.lastrun.duc" | xargs -i -n1 date -R -d "@{}"
-    echo "<jail> <size> <incs> <lastconn>" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $1, $2, $3, $4); }'
-    duc_output=$(mktemp)
-    stat_output=$(mktemp)
-    incs_output=$(mktemp)
-    trap "rm ${duc_output} ${incs_output} ${stat_output}" 0
-    "${DUC}" ls -d "${IDX_FILE}" "${JAILDIR}" > "${duc_output}"
-    awk '{ print $2 }' "${duc_output}" | while read jail; do
-        stat --format=%Y "/backup/jails/${jail}/var/log/lastlog" | xargs -i -n1 date -d "@{}" "+%d-%m-%Y" >> "${stat_output}"
-        get_inc "${jail}" >> "${incs_output}"
-    done
-    paste "${duc_output}" "${incs_output}" "${stat_output}" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $2, $1, $3, $4); }'
-}
-
-## main function : check usage and valid params
-
-main() {
-    [ "$(id -u)" -ne 0 ] && error "You need to be root to run ${0} !"
-
-    [ -f /etc/default/bkctld ] && . /etc/default/bkctld
-    CONFDIR="${CONFDIR:-/etc/evobackup}"
-    BACKUP_DISK="${BACKUP_DISK:-}"
-    JAILDIR="${JAILDIR:-/backup/jails}"
-    INCDIR="${INCDIR:-/backup/incs}"
-    TPLDIR="${TPLDIR:-/usr/share/bkctld}"
-    INDEX_DIR="${INDEX_DIR:-/backup/index}"
-    IDX_FILE="${IDX_FILE:-${INDEX_DIR}/bkctld-jails.idx}"
-    LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"
-    SSHD_PID="${SSHD_PID:-/run/sshd.pid}"
-    SSHD_CONFIG="${SSHD_CONFIG:-/etc/ssh/sshd_config}"
-    AUTHORIZED_KEYS="${AUTHORIZED_KEYS:-/root/.ssh/authorized_keys}"
-    FIREWALL_RULES="${FIREWALL_RULES:-}"
-    LOGLEVEL="${LOGLEVEL:-6}"
-    CRITICAL="${CRITICAL:-48}"
-    WARNING="${WARNING:-24}"
-    DUC=$(command -v duc-nox||command -v duc)
-    mkdir -p "${CONFDIR}" "${JAILDIR}" "${INCDIR}" "${INDEX_DIR}"
-    subcommand="${1:-}"
-    jail="${2:-}"
-    option="${3:-}"
-    case "${subcommand}" in
-        "" | "-h" | "--help")
-            usage
-            ;;
-        "inc" | "rm" | "check" | "stats")
-            "sub_${subcommand}"
-        ;;
-            "init")
-        if [ -n "${jail}" ]; then
-            "sub_${subcommand}" "${jail}"
-        else
-            usage
-        fi
-        ;;
-        "key" | "port" | "ip")
-        if [ -n "${jail}" ]; then
-            sub_params "${jail}" "${subcommand}" "${option}"
-        else
-            usage
-        fi
-        ;;
-        "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
-        if [ -n "${jail}" ]; then
-            if [ "${jail}" = "all" ]; then
-                jails=$(ls "${JAILDIR}")
-                for jail in ${jails}; do
-                    case "${subcommand}" in
-                        "start")
-                            check_jail_on "${jail}" || "sub_${subcommand}" "${jail}"
-                        ;;
-                        "stop" | "reload")
-                            check_jail_on "${jail}" && "sub_${subcommand}" "${jail}"
-                        ;;
-                        "restart")
-                            check_jail_on "${jail}" && sub_stop "${jail}"
-                            sub_start "${jail}"
-                        ;;
-                        *)
-                            "sub_${subcommand}" "${jail}"
-                        ;;
-                    esac
-                        done
-            else
-                if [ "${subcommand}" != "restart" ]; then
-                    "sub_${subcommand}" "${jail}"
-                else
-                    check_jail_on "${jail}" && sub_stop "${jail}"
-                    sub_start "${jail}"
-                fi
-            fi
-        else
-            usage
-        fi
-        ;;
-        "status")
-        if [ -z "${jail}" ]; then
-            jails=$(ls "${JAILDIR}")
-            for jail in ${jails}; do
-                "sub_${subcommand}" "${jail}"
-            done
-        else
-            "sub_${subcommand}" "${jail}"
-        fi
-        ;;
-        *)
-            shift
-            warning "'${subcommand}' is not a known subcommand." && usage
-            exit 1
-            ;;
-    esac
-}
-
-main "${@}"
+    ;;
+esac
diff --git a/lib/bkctld-check b/lib/bkctld-check
new file mode 100755
index 0000000..0e957b0
--- /dev/null
+++ b/lib/bkctld-check
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+cur_time=$(date "+%s")
+return=0
+nb_crit=0
+nb_warn=0
+nb_ok=0
+nb_unkn=0
+output=""
+
+if [ -b "${BACKUP_DISK}" ]; then
+    cryptsetup isLuks "${BACKUP_DISK}"
+    if [ "$?" -eq 0 ]; then
+        if [ ! -b '/dev/mapper/backup' ]; then
+            echo "Luks disk ${BACKUP_DISK} is not mounted !\n"
+            echo "cryptsetup luksOpen ${BACKUP_DISK} backup"
+            exit 2
+        fi
+        BACKUP_DISK='/dev/mapper/backup'
+    fi
+    grep -qE "^${BACKUP_DISK} " /etc/mtab
+    if [ "$?" -ne 0 ]; then
+         echo "Backup disk ${BACKUP_DISK} is not mounted !\n"
+         echo "mount ${BACKUP_DISK} /backup"
+         exit 2
+    fi
+fi
+
+jails=$(ls "${JAILDIR}")
+for jail in ${jails}; do
+    if [ -f "${JAILDIR}/${jail}/var/log/lastlog" ]; then
+        last_conn=$(stat --format=%Y "${JAILDIR}/${jail}/var/log/lastlog")
+        date_diff=$(( (cur_time - last_conn) / (60*60) ))
+        if [ "${date_diff}" -gt "${CRITICAL}" ]; then
+            nb_crit=$((nb_crit + 1))
+            output="${output}CRITICAL - ${jail} - ${date_diff} hours\n"
+            [ "${return}" -le 2 ] && return=2
+        elif [ "${date_diff}" -gt "${WARNING}" ]; then
+            nb_warn=$((nb_warn + 1))
+            output="${output}WARNING - ${jail} - ${date_diff} hours\n"
+            [ "${return}" -le 1 ] && return=1
+        else
+            nb_ok=$((nb_ok + 1))
+            output="${output}OK - ${jail} - ${date_diff} hours\n"
+        fi
+    else
+        nb_unkn=$((nb_unkn + 1))
+        output="${output}UNKNOWN - ${jail} doesn't have lastlog !\n"
+        [ "${return}" -le 3 ] && return=3
+    fi
+done
+
+[ "${return}" -ge 0 ] && header="OK"
+[ "${return}" -ge 1 ] && header="WARNING"
+[ "${return}" -ge 2 ] && header="CRITICAL"
+[ "${return}" -ge 3 ] && header="UNKNOW"
+
+printf "%s - %s UNK / %s CRIT / %s WARN / %s OK\n\n" "${header}" "${nb_unkn}" "${nb_crit}" "${nb_warn}" "${nb_ok}"
+
+printf "${output}" | grep -E "^UNKNOW"
+printf "${output}" | grep -E "^CRITICAL"
+printf "${output}" | grep -E "^WARNING"
+printf "${output}" | grep -E "^OK"
+
+exit "${return}"
diff --git a/lib/bkctld-inc b/lib/bkctld-inc
new file mode 100755
index 0000000..f55a28c
--- /dev/null
+++ b/lib/bkctld-inc
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+date=$(date +"%Y-%m-%d-%H")
+jails=$(ls "${JAILDIR}")
+for jail in ${jails}; do
+    inc="${INCDIR}/${jail}/${date}"
+    mkdir -p "${INCDIR}/${jail}"
+    if [ ! -d "${inc}" ]; then
+        start=$(date +"%H:%M:%S")
+        jail_inode=$(stat --format=%i "${JAILDIR}/${jail}")
+        if [ "$jail_inode" -eq 256 ]; then
+            /bin/btrfs subvolume snapshot -r "${JAILDIR}/${jail}" "${inc}" | debug
+        else
+            cp -alx "${JAILDIR}/${jail}/" "${inc}" | debug
+        fi
+        end=$(date +"%H:%M:%S")
+        notice "${jail} : made ${date} inc [${start}/${end}]"
+    else
+        warning "${jail} : trying to made already existant inc"
+    fi
+done
diff --git a/lib/bkctld-init b/lib/bkctld-init
new file mode 100755
index 0000000..ddbe8ae
--- /dev/null
+++ b/lib/bkctld-init
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" && error "${jail} : trying to create existant jail"
+
+sshd_config="${TPLDIR}/sshd_config"
+inctpl="${TPLDIR}/inc.tpl"
+[ -f "${LOCALTPLDIR}/sshd_config" ] && sshd_config="${LOCALTPLDIR}/sshd_config"
+[ -f "${LOCALTPLDIR}/inc.tpl" ] && inctpl="${LOCALTPLDIR}/inc.tpl"
+
+rootdir=$(dirname "${JAILDIR}")
+rootdir_inode=$(stat --format=%i "${rootdir}")
+jaildir_inode=$(stat --format=%i "${JAILDIR}")
+if [ "${rootdir_inode}" -eq 256 ] || [ "${jaildir_inode}" -eq 256 ]; then
+    /bin/btrfs subvolume create "${JAILDIR}/${jail}"
+else
+    mkdir -p "${JAILDIR}/${jail}"
+fi
+. "${LIBDIR}/mkjail"
+info "4 - Copie default sshd_config"
+install -m 0640 "${sshd_config}" "${JAILDIR}/${jail}/${SSHD_CONFIG}"
+info "5 - Set usable sshd port"
+set_port "${jail}" auto
+info "6 - Copie default inc configuration"
+install -m 0640 "${inctpl}" "${CONFDIR}/${jail}"
+notice "${jail} : created jail"
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
new file mode 120000
index 0000000..5b4f890
--- /dev/null
+++ b/lib/bkctld-ip
@@ -0,0 +1 @@
+bkctld-params
\ No newline at end of file
diff --git a/lib/bkctld-key b/lib/bkctld-key
new file mode 120000
index 0000000..5b4f890
--- /dev/null
+++ b/lib/bkctld-key
@@ -0,0 +1 @@
+bkctld-params
\ No newline at end of file
diff --git a/lib/bkctld-params b/lib/bkctld-params
new file mode 100755
index 0000000..f0fae46
--- /dev/null
+++ b/lib/bkctld-params
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+params="${2:-}"
+option="${3:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : inexistant jail'"
+
+if [ -z "${option}" ]; then
+    "get_${params}" "${jail}"
+else
+    "set_${params}" "${jail}" "${option}"
+    check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
+    notice "${jail} : update ${params} => ${option}"
+fi
diff --git a/lib/bkctld-port b/lib/bkctld-port
new file mode 120000
index 0000000..5b4f890
--- /dev/null
+++ b/lib/bkctld-port
@@ -0,0 +1 @@
+bkctld-params
\ No newline at end of file
diff --git a/lib/bkctld-reload b/lib/bkctld-reload
new file mode 100755
index 0000000..4c05dd4
--- /dev/null
+++ b/lib/bkctld-reload
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to reload inexistant jail"
+check_jail_on "${jail}" || error "${jail} : trying to reload not running jail"
+
+pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
+
+kill -HUP "${pid}" && notice "${jail} was reloaded [${pid}]"
diff --git a/lib/bkctld-remove b/lib/bkctld-remove
new file mode 100755
index 0000000..13f668e
--- /dev/null
+++ b/lib/bkctld-remove
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to remove inexistant jail"
+check_jail_on "${jail}" && . "${LIBDIR}/bkctld-stop" "${jail}"
+
+rm -f "${CONFDIR}/${jail}"
+jail_inode=$(stat --format=%i "${JAILDIR}/${jail}")
+if [ "${jail_inode}" -eq 256 ]; then
+    /bin/btrfs subvolume delete "${JAILDIR}/${jail}" | debug
+else
+    rm -rf "${JAILDIR}/${jail}" | debug
+fi
+if [ -d  "${INCDIR}/${jail}" ]; then
+    incs=$(ls "${INCDIR}/${jail}")
+    for inc in ${incs}; do
+        inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${inc}")
+        if [ "${inc_inode}" -eq 256 ]; then
+            /bin/btrfs subvolume delete "${INCDIR}/${jail}/${inc}" | debug
+        else
+            warning "You need to purge ${INCDIR}/${jail}/${inc} manually !"
+        fi
+    done
+    rmdir --ignore-fail-on-non-empty "${INCDIR}/${jail}" | debug
+fi
+set_firewall "${jail}"
+notice "${jail} : deleted jail"
diff --git a/lib/bkctld-restart b/lib/bkctld-restart
new file mode 100755
index 0000000..3cef9ca
--- /dev/null
+++ b/lib/bkctld-restart
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -eu
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to restart inexistant jail"
+check_jail_on "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
+"${LIBDIR}/bkctld-start" "${jail}"
diff --git a/lib/bkctld-rm b/lib/bkctld-rm
new file mode 100755
index 0000000..30e80a8
--- /dev/null
+++ b/lib/bkctld-rm
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+empty="/tmp/bkctld-${$}-$(date +%N))"
+mkdir "${empty}"
+pidfile="/var/run/bkctld-rm.pid"
+if [ -f "${pidfile}" ]; then
+    pid=$(cat "${pidfile}")
+    ps -u "${pid}" >/dev/null
+    if [ "${?}" -eq 0 ]; then
+        kill -9 "${pid}"
+        warning "${0} rm always run (PID ${pid}), killed by ${$} !"
+    fi
+    rm "${pidfile}"
+    fi
+echo "${$}" > "${pidfile}"
+jails=$(ls "${JAILDIR}")
+for jail in ${jails}; do
+    incs=$(ls "${INCDIR}/${jail}")
+    if [ -f "${CONFDIR}/${jail}" ]; then
+        keepfile="${CONFDIR}/.keep-${jail}"
+        while read j; do
+            date=$( echo "${j}" | cut -d. -f1 )
+            before=$( echo "${j}" | cut -d. -f2 )
+            date -d "$(date "${date}") ${before}" "+%Y-%m-%d"
+        done < "${CONFDIR}/${jail}" > "${keepfile}"
+        for j in $(echo "${incs}" | grep -v -f "${keepfile}"); do
+            start=$(date +"%H:%M:%S")
+            inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${j}")
+            if [ "${inc_inode}" -eq 256 ]; then
+                /bin/btrfs subvolume delete "${INCDIR}/${jail}/${j}" | debug
+            else
+                cd "${INCDIR}/${jail}"
+                rsync -a --delete "${empty}/" "${j}/"
+                rmdir "${j}"
+            fi
+            end=$(date +"%H:%M:%S")
+            notice "${jail} : deleted ${j} inc [${start}/${end}]"
+        done
+    fi
+done
+rmdir "${empty}"
+rm "${pidfile}"
diff --git a/lib/bkctld-start b/lib/bkctld-start
new file mode 100755
index 0000000..f2514ab
--- /dev/null
+++ b/lib/bkctld-start
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to start inexistant jail"
+check_jail_on "${jail}" && error "${jail} : trying to start already running jail"
+
+cd "${JAILDIR}/${jail}"
+grep -q "${JAILDIR}/${jail}/proc" /proc/mounts || mount -t proc "proc-${jail}" proc
+grep -q "${JAILDIR}/${jail}/dev" /proc/mounts || mount -nt tmpfs "dev-${jail}" dev
+[ -e "dev/console" ] || mknod -m 622 dev/console c 5 1
+[ -e "dev/null" ] || mknod -m 666 dev/null c 1 3
+[ -e "dev/zero" ] || mknod -m 666 dev/zero c 1 5
+[ -e "dev/ptmx" ] || mknod -m 666 dev/ptmx c 5 2
+[ -e "dev/tty" ] || mknod -m 666 dev/tty c 5 0
+[ -e "dev/random" ] || mknod -m 444 dev/random c 1 8
+[ -e "dev/urandom" ] || mknod -m 444 dev/urandom c 1 9
+chown root:tty dev/console dev/ptmx dev/tty
+ln -fs proc/self/fd dev/fd
+ln -fs proc/self/fd/0 dev/stdin
+ln -fs proc/self/fd/1 dev/stdout
+ln -fs proc/self/fd/2 dev/stderr
+ln -fs proc/kcore dev/core
+mkdir -p dev/pts
+mkdir -p dev/shm
+grep -q "${JAILDIR}/${jail}/dev/pts" /proc/mounts || mount -t devpts -o gid=4,mode=620 none dev/pts
+grep -q "${JAILDIR}/${jail}/dev/shm" /proc/mounts || mount -t tmpfs none dev/shm
+chroot "${JAILDIR}/${jail}" /usr/sbin/sshd -E /var/log/authlog || error "${jail} : error on starting sshd"
+pidfile="${JAILDIR}/${jail}/${SSHD_PID}"
+for try in {1..10}; do
+    [ -f "${pidfile}" ] || sleep 0.3
+done
+pid=$(cat "${pidfile}")
+notice "${jail} was started [${pid}]"
diff --git a/lib/bkctld-stats b/lib/bkctld-stats
new file mode 100755
index 0000000..9e955ed
--- /dev/null
+++ b/lib/bkctld-stats
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+lsof "${IDX_FILE}" >/dev/null 2>&1 || nohup sh -s -- <<EOF >/dev/null 2>&1 &
+ce -c3 "${DUC}" index -d "${IDX_FILE}" "${JAILDIR}"
+touch "${INDEX_DIR}/.lastrun.duc"
+EOF
+[ ! -f "${INDEX_DIR}/.lastrun.duc" ] && notice "First run of DUC always in progress ..." && exit 0
+[ ! -f ${IDX_FILE} ] && error "Index file do not exits !"
+printf "Last update of index file : "
+stat --format=%Y "${INDEX_DIR}/.lastrun.duc" | xargs -i -n1 date -R -d "@{}"
+echo "<jail> <size> <incs> <lastconn>" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $1, $2, $3, $4); }'
+duc_output=$(mktemp)
+stat_output=$(mktemp)
+incs_output=$(mktemp)
+trap "rm ${duc_output} ${incs_output} ${stat_output}" 0
+"${DUC}" ls -d "${IDX_FILE}" "${JAILDIR}" > "${duc_output}"
+awk '{ print $2 }' "${duc_output}" | while read jail; do
+    stat --format=%Y "/backup/jails/${jail}/var/log/lastlog" | xargs -i -n1 date -d "@{}" "+%d-%m-%Y" >> "${stat_output}"
+    get_inc "${jail}" >> "${incs_output}"
+done
+paste "${duc_output}" "${incs_output}" "${stat_output}" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $2, $1, $3, $4); }'
diff --git a/lib/bkctld-status b/lib/bkctld-status
new file mode 100755
index 0000000..e0082d2
--- /dev/null
+++ b/lib/bkctld-status
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : inexistant jail ! Use '$0 status' for list all"
+
+inc=$(get_inc "${jail}")
+if ( check_jail_on "${jail}" ); then
+    status="ON "
+else
+    status="OFF"
+fi
+port=$(get_port "${jail}")
+ip=$(get_ip "${jail}"|xargs|tr -s ' ' ',')
+echo "${jail} ${status} ${port} ${inc} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
diff --git a/lib/bkctld-stop b/lib/bkctld-stop
new file mode 100755
index 0000000..1bafc0b
--- /dev/null
+++ b/lib/bkctld-stop
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to stop inexistant jail"
+check_jail_on "${jail}" || error "${jail} : trying to stop not running jail"
+
+pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
+for conn in $(ps --ppid "${pid}" -o pid=); do
+    kill "${conn}"
+done
+kill "${pid}" && notice "${jail} was stopped [${pid}]"
+umount --lazy --recursive "${JAILDIR}/${jail}/dev"
+umount --lazy "${JAILDIR}/${jail}/proc/"
diff --git a/lib/bkctld-sync b/lib/bkctld-sync
new file mode 100755
index 0000000..6081b7b
--- /dev/null
+++ b/lib/bkctld-sync
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to sync inexistant jail"
+
+[ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !"
+
+jail="${1}"
+ssh "${NODE}" "${LIBDIR}/bkctld-init" "${jail}" | debug
+rsync -a "${JAILDIR}/${jail}/" "${NODE}:${JAILDIR}/${jail}/" --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/*
+rsync -a "${CONFDIR}/${jail}" "${NODE}:${CONFDIR}/${jail}"
+if ( check_jail_on "${jail}" ); then
+    ssh "${NODE}" "${LIBDIR}/bkctld-start" "${jail}" | debug
+fi
+if [ -n "${FIREWALL_RULES}" ]; then
+    rsync -a "${FIREWALL_RULES}" "${NODE}:${FIREWALL_RULES}"
+    ssh "${NODE}" /etc/init.d/minifirewall restart | debug
+fi
diff --git a/lib/bkctld-update b/lib/bkctld-update
new file mode 100755
index 0000000..8ccaf50
--- /dev/null
+++ b/lib/bkctld-update
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : trying to update inexistant jail"
+check_jail_on "${jail}" && . "${LIBDIR}$/bkctld-stop" "${jail}"
+
+. "${LIBDIR}/mkjail"
+notice "${jail} : updated jail"
diff --git a/lib/config b/lib/config
new file mode 100755
index 0000000..0c14959
--- /dev/null
+++ b/lib/config
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+[ -f /etc/default/bkctld ] && . /etc/default/bkctld
+LIBDIR=${LIBDIR:-/usr/lib/bkctld}
+CONFDIR="${CONFDIR:-/etc/evobackup}"
+BACKUP_DISK="${BACKUP_DISK:-}"
+JAILDIR="${JAILDIR:-/backup/jails}"
+INCDIR="${INCDIR:-/backup/incs}"
+TPLDIR="${TPLDIR:-/usr/share/bkctld}"
+INDEX_DIR="${INDEX_DIR:-/backup/index}"
+IDX_FILE="${IDX_FILE:-${INDEX_DIR}/bkctld-jails.idx}"
+LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"
+SSHD_PID="${SSHD_PID:-/run/sshd.pid}"
+SSHD_CONFIG="${SSHD_CONFIG:-/etc/ssh/sshd_config}"
+AUTHORIZED_KEYS="${AUTHORIZED_KEYS:-/root/.ssh/authorized_keys}"
+FIREWALL_RULES="${FIREWALL_RULES:-}"
+LOGLEVEL="${LOGLEVEL:-6}"
+CRITICAL="${CRITICAL:-48}"
+WARNING="${WARNING:-24}"
+DUC=$(command -v duc-nox||command -v duc)
+
+. "${LIBDIR}/logging"
+. "${LIBDIR}/functions"
diff --git a/lib/functions b/lib/functions
new file mode 100755
index 0000000..d694c84
--- /dev/null
+++ b/lib/functions
@@ -0,0 +1,133 @@
+#!/bin/sh
+
+usage() {
+    cat <<EOF
+Usage: $0 <subcommand> [options]
+Subcommands:
+    init        <jailname>                      Init jail <jailname>
+    update      <jailname>|all                  Update jail <jailname> or all
+    remove      <jailname>|all                  Remove jail <jailname> or all
+    start       <jailname>|all                  Start jail <jailname> or all
+    stop        <jailname>|all                  Stop jail <jailname> or all
+    reload      <jailname>|all                  Reload jail <jailname> or all
+    restart     <jailname>|all                  Restart jail <jailname> or all
+    sync        <jailname>|all                  Sync jail <jailname> or all to another node
+    status      [<jailname>]                    Print status of <jailname> (default all jail)
+    key         <jailname>      [<keyfile>]     Set or get ssh pubic key of <jailname>
+    port        <jailname>      [<port>|auto]   Set or get ssh port of <jailname>
+    ip          <jailname>      [<ip>|all]      Set or get allowed(s) ip(s) of <jailname>
+    inc                                         Make incremental inc of all jails
+    rm                                          Remove old incremtal inc of all jails
+    check                                       Run check on jails (NRPE output)
+    stats                                       Make and display stats on jails (size, lastconn)
+
+EOF
+exit 1
+}
+
+check_jail() {
+    jail="${1}"
+    [ -d "${JAILDIR}/${jail}" ] && return 0
+    return 1
+}
+
+check_jail_on() {
+    jail="${1}"
+    return=1
+    if [ -f "${JAILDIR}/${jail}/${SSHD_PID}" ]; then
+        pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
+        ps -p "${pid}" > /dev/null && return=0
+    fi
+    if [ "${return}" -eq 1 ]; then
+        rm -f "${JAILDIR}/${jail}/${SSHD_PID}"
+        grep -q "${JAILDIR}/${jail}/proc" /proc/mounts && umount --lazy "${JAILDIR}/${jail}/proc/"
+        grep -q "${JAILDIR}/${jail}/dev" /proc/mounts && umount --lazy --recursive "${JAILDIR}/${jail}/dev"
+    fi
+    return "${return}"
+}
+
+get_port() {
+    jail="${1}"
+    port=$(grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+")
+    echo "${port}"
+}
+
+get_key() {
+    jail="${1}"
+    if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
+        cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
+    fi
+}
+
+get_ip() {
+    jail="${1}"
+    grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
+        echo "${allow}"|cut -d'@' -f2
+    done
+}
+
+get_inc() {
+    jail="${1}"
+    inc="0"
+        if [ -f "${CONFDIR}/${jail}" ]; then
+            day=$(grep -c "day" "${CONFDIR}/${jail}")
+            month=$(grep -c "month" "${CONFDIR}/${jail}")
+            inc="${day}/${month}"
+        fi
+    echo "${inc}"
+}
+
+set_port() {
+    jail="${1}"
+    port="${2}"
+    if [ "${port}" = "auto" ]; then
+        port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1)
+        port=$((port+1))
+        [ "${port}" -le 1 ] && port=2222
+    fi
+    sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
+    set_firewall "${jail}"
+}
+
+set_key() {
+    jail="${1}"
+    keyfile="${2}"
+    [ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !"
+    cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
+    chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
+}
+
+set_ip() {
+    jail="${1}"
+    ip="${2}"
+    if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
+        ips="0.0.0.0/0"
+    else
+        ips=$(get_ip "${jail}")
+        ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
+    fi
+    allow="AllowUsers"
+    for ip in $ips; do
+        allow="${allow} root@${ip}"
+    done
+    sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
+    set_firewall "${jail}"
+}
+
+set_firewall() {
+    jail="${1}"
+    if [ -n "${FIREWALL_RULES}" ]; then
+        if [ -f "${FIREWALL_RULES}" ]; then
+            sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
+        fi
+        if ( check_jail "${jail}" ); then
+            port=$(get_port "${jail}")
+            for ip in $(get_ip "${jail}"); do
+                echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
+            done
+            if [ -f /etc/init.d/minifirewall ]; then
+                /etc/init.d/minifirewall restart >/dev/null
+            fi
+        fi
+    fi
+}
diff --git a/lib/logging b/lib/logging
new file mode 100755
index 0000000..529de4c
--- /dev/null
+++ b/lib/logging
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+debug() {
+    msg="${1:-$(cat /dev/stdin)}"
+    if [ "${LOGLEVEL}" -ge 7 ]; then
+        echo "${msg}"
+        logger -t bkctld -p daemon.debug "${msg}"
+    fi
+}
+
+info() {
+    msg="${1:-$(cat /dev/stdin)}"
+    if [ "${LOGLEVEL}" -ge 6 ]; then
+        tty -s && echo "${msg}"
+        logger -t bkctld -p daemon.info "${msg}"
+    fi
+}
+
+notice() {
+    msg="${1:-$(cat /dev/stdin)}"
+    tty -s && echo "${msg}"
+    [ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "${msg}"
+}
+
+warning() {
+    msg="${1:-$(cat /dev/stdin)}"
+    tty -s && echo "WARNING : ${msg}" >&2
+    if [ "${LOGLEVEL}" -ge 4 ]; then
+        tty -s || echo "WARNING : ${msg}" >&2
+        logger -t bkctld -p daemon.warning "${msg}"
+    fi
+}
+
+error() {
+    msg="${1:-$(cat /dev/stdin)}"
+    tty -s && echo "ERROR : ${msg}" >&2
+    if [ "${LOGLEVEL}" -ge 5 ]; then
+        tty -s || echo "ERROR : ${msg}" >&2
+        logger -t bkctld -p daemon.error "${msg}"
+    fi
+    exit 1
+}
diff --git a/lib/mkjail b/lib/mkjail
new file mode 100755
index 0000000..e21374d
--- /dev/null
+++ b/lib/mkjail
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+passwd="${TPLDIR}/passwd"
+shadow="${TPLDIR}/shadow"
+group="${TPLDIR}/group"
+sshrc="${TPLDIR}/sshrc"
+[ -f "${LOCALTPLDIR}/passwd" ] && passwd="${LOCALTPLDIR}/passwd"
+[ -f "${LOCALTPLDIR}/shadow" ] && shadow="${LOCALTPLDIR}/shadow"
+[ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group"
+[ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc"
+umask 077
+
+info "1 - Creating the chroot"
+cd "${JAILDIR}/${jail}"
+rm -rf bin lib lib64 run usr var/run etc/ssh/*key
+mkdir -p dev proc
+mkdir -p usr/bin usr/sbin usr/lib usr/lib/x86_64-linux-gnu usr/lib/openssh usr/lib64
+mkdir -p etc/ssh var/log run/sshd
+mkdir -p root/.ssh var/backup -m 0700
+ln -s usr/bin bin
+ln -s usr/lib lib
+ln -s usr/lib64 lib64
+ln -st var ../run
+touch var/log/lastlog var/log/wtmp run/utmp
+
+info "2 - Copying essential files"
+[ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key etc/ssh
+[ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key etc/ssh
+[ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key etc/ssh
+cp "${passwd}" etc
+cp "${shadow}" etc
+cp "${group}" etc
+cp "${sshrc}" etc/ssh
+
+info "3 - Copying binaries"
+cp -f /lib/ld-linux.so.2 lib 2>/dev/null || cp -f /lib64/ld-linux-x86-64.so.2 lib64
+cp /lib/x86_64-linux-gnu/libnss* lib/x86_64-linux-gnu
+
+for dbin in /bin/sh /bin/ls /bin/mkdir /bin/cat /bin/rm /bin/sed /usr/bin/rsync /usr/bin/lastlog /usr/bin/touch /usr/sbin/sshd /usr/lib/openssh/sftp-server; do
+    cp -f "${dbin}" "${JAILDIR}/${jail}/${dbin}";
+    for lib in $(ldd "${dbin}" | grep -Eo "/.*so.[0-9\.]+"); do
+        cp -p "${lib}" "${JAILDIR}/${jail}/${lib}"
+    done
+done

From e788aa152a81ba469c389c3da169e396c23e1ab2 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Fri, 4 Jan 2019 13:53:56 +0100
Subject: [PATCH 30/52] Drop Debian Jessie support

---
 Vagrantfile | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/Vagrantfile b/Vagrantfile
index 66e0cd7..7db7458 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -24,7 +24,7 @@ mkdir -p /usr/lib/nagios/plugins/
 SCRIPT
 
   $deps = <<SCRIPT
-DEBIAN_FRONTEND=noninteractive apt-get -yq install openssh-server btrfs-tools rsync lsb-base coreutils sed dash mount openssh-sftp-server libc6 bash-completion duc-nox cryptsetup
+DEBIAN_FRONTEND=noninteractive apt-get -yq install openssh-server btrfs-tools rsync lsb-base coreutils sed dash mount openssh-sftp-server libc6 bash-completion duc-nox cryptsetup bats
 SCRIPT
 
   $pre_part = <<SCRIPT
@@ -39,8 +39,6 @@ mount /dev/vdb /backup
 SCRIPT
 
   nodes = [
-    { :version => "jessie", :fs => "btrfs" },
-    { :version => "jessie", :fs => "ext4" },
     { :version => "stretch", :fs => "btrfs" },
     { :version => "stretch", :fs => "ext4" }
   ]
@@ -50,14 +48,6 @@ SCRIPT
       node.vm.hostname = "bkctld-#{i[:version]}-#{i[:fs]}"
       node.vm.box = "debian/#{i[:version]}64"
       config.vm.provision "deps", type: "shell", :inline => $deps
-      if ("#{i[:version]}" == "jessie") then
-        config.vm.provision "backports", type: "shell" do |s|
-          s.inline = "echo 'deb http://deb.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/backports.list && apt-get update"
-        end
-        config.vm.provision "bats", type: "shell", :inline => "DEBIAN_FRONTEND=noninteractive apt-get -yq install -t jessie-backports bats"
-      else
-        config.vm.provision "bats", type: "shell", :inline => "DEBIAN_FRONTEND=noninteractive apt-get -yq install bats"
-      end
       config.vm.provision "install", type: "shell", :inline => $install
       config.vm.provision "pre_part", type: "shell", :inline => $pre_part
       config.vm.provision "part", type: "shell", :inline => "mkfs.btrfs -f /dev/vdb" if "#{i[:fs]}" == "btrfs"

From 0ff5d216a9ac288409fa3a064c6f6d3ac5ff905b Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Fri, 4 Jan 2019 15:55:34 +0100
Subject: [PATCH 31/52] Fix typo in bkctld-update

---
 lib/bkctld-update | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/bkctld-update b/lib/bkctld-update
index 8ccaf50..289c873 100755
--- a/lib/bkctld-update
+++ b/lib/bkctld-update
@@ -5,7 +5,7 @@ LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 jail="${1:-}"
 [ -n "${jail}" ] || usage
 check_jail "${jail}" || error "${jail} : trying to update inexistant jail"
-check_jail_on "${jail}" && . "${LIBDIR}$/bkctld-stop" "${jail}"
+check_jail_on "${jail}" && . "${LIBDIR}/bkctld-stop" "${jail}"
 
 . "${LIBDIR}/mkjail"
 notice "${jail} : updated jail"

From 51f25080d3b8932813dcb5d43b6307bd93586f8e Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Fri, 4 Jan 2019 16:00:31 +0100
Subject: [PATCH 32/52] Parallelize bkctld <subcommand> all

---
 bkctld            | 15 +--------------
 lib/bkctld-reload |  2 +-
 lib/bkctld-start  |  2 +-
 lib/bkctld-stop   |  2 +-
 4 files changed, 4 insertions(+), 17 deletions(-)

diff --git a/bkctld b/bkctld
index d1c01a7..79f9209 100755
--- a/bkctld
+++ b/bkctld
@@ -35,20 +35,7 @@ case "${subcommand}" in
     ;;
     "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
     if [ "${jail}" = "all" ]; then
-        jails=$(ls "${JAILDIR}")
-        for jail in ${jails}; do
-            case "${subcommand}" in
-                "start")
-                    check_jail_on "${jail}" || "${LIBDIR}/bkctld-${subcommand}" "${jail}"
-                ;;
-                "stop" | "reload" | "restart")
-                    check_jail_on "${jail}" && "${LIBDIR}/bkctld-${subcommand}" "${jail}"
-                ;;
-                *)
-                    "${LIBDIR}/bkctld-${subcommand}" "${jail}"
-                ;;
-            esac
-                done
+        ls "${JAILDIR}"|xargs --no-run-if-empty --max-args=1 --max-procs=0 "${LIBDIR}/bkctld-${subcommand}"
     else
         "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     fi
diff --git a/lib/bkctld-reload b/lib/bkctld-reload
index 4c05dd4..1e97039 100755
--- a/lib/bkctld-reload
+++ b/lib/bkctld-reload
@@ -5,7 +5,7 @@ LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 jail="${1:-}"
 [ -n "${jail}" ] || usage
 check_jail "${jail}" || error "${jail} : trying to reload inexistant jail"
-check_jail_on "${jail}" || error "${jail} : trying to reload not running jail"
+check_jail_on "${jail}" || exit 0
 
 pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
 
diff --git a/lib/bkctld-start b/lib/bkctld-start
index f2514ab..cf0daa1 100755
--- a/lib/bkctld-start
+++ b/lib/bkctld-start
@@ -5,7 +5,7 @@ LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 jail="${1:-}"
 [ -n "${jail}" ] || usage
 check_jail "${jail}" || error "${jail} : trying to start inexistant jail"
-check_jail_on "${jail}" && error "${jail} : trying to start already running jail"
+check_jail_on "${jail}" && exit 0
 
 cd "${JAILDIR}/${jail}"
 grep -q "${JAILDIR}/${jail}/proc" /proc/mounts || mount -t proc "proc-${jail}" proc
diff --git a/lib/bkctld-stop b/lib/bkctld-stop
index 1bafc0b..da2f93a 100755
--- a/lib/bkctld-stop
+++ b/lib/bkctld-stop
@@ -5,7 +5,7 @@ LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 jail="${1:-}"
 [ -n "${jail}" ] || usage
 check_jail "${jail}" || error "${jail} : trying to stop inexistant jail"
-check_jail_on "${jail}" || error "${jail} : trying to stop not running jail"
+check_jail_on "${jail}" || exit 0
 
 pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
 for conn in $(ps --ppid "${pid}" -o pid=); do

From 503ecf23f5b54f0c4abac73b5114bd1367207b7a Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Fri, 4 Jan 2019 16:38:20 +0100
Subject: [PATCH 33/52] Merge bkctld-params and some functions into
 bkctld-(ip|port|key) scripts

---
 bkctld            |  2 +-
 lib/bkctld-init   |  5 ++--
 lib/bkctld-ip     | 31 +++++++++++++++++++++++-
 lib/bkctld-key    | 22 ++++++++++++++++-
 lib/bkctld-params | 17 -------------
 lib/bkctld-port   | 24 ++++++++++++++++++-
 lib/bkctld-status |  4 ++--
 lib/functions     | 61 ++---------------------------------------------
 8 files changed, 81 insertions(+), 85 deletions(-)
 mode change 120000 => 100755 lib/bkctld-ip
 mode change 120000 => 100755 lib/bkctld-key
 delete mode 100755 lib/bkctld-params
 mode change 120000 => 100755 lib/bkctld-port

diff --git a/bkctld b/bkctld
index 79f9209..9e54e6b 100755
--- a/bkctld
+++ b/bkctld
@@ -31,7 +31,7 @@ case "${subcommand}" in
         "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     ;;
     "key" | "port" | "ip")
-        "${LIBDIR}/bkctld-params" "${jail}" "${subcommand}" "${option}"
+        "${LIBDIR}/bkctld-${subcommand}" "${jail}" "${option}"
     ;;
     "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
     if [ "${jail}" = "all" ]; then
diff --git a/lib/bkctld-init b/lib/bkctld-init
index ddbe8ae..c816b0f 100755
--- a/lib/bkctld-init
+++ b/lib/bkctld-init
@@ -22,8 +22,7 @@ fi
 . "${LIBDIR}/mkjail"
 info "4 - Copie default sshd_config"
 install -m 0640 "${sshd_config}" "${JAILDIR}/${jail}/${SSHD_CONFIG}"
-info "5 - Set usable sshd port"
-set_port "${jail}" auto
-info "6 - Copie default inc configuration"
+info "5 - Copie default inc configuration"
 install -m 0640 "${inctpl}" "${CONFDIR}/${jail}"
+"${LIBDIR}/bkctld-port" "${jail}" auto
 notice "${jail} : created jail"
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
deleted file mode 120000
index 5b4f890..0000000
--- a/lib/bkctld-ip
+++ /dev/null
@@ -1 +0,0 @@
-bkctld-params
\ No newline at end of file
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
new file mode 100755
index 0000000..3b8f10e
--- /dev/null
+++ b/lib/bkctld-ip
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+ip="${2:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : inexistant jail'"
+
+if [ -z "${ip}" ]; then
+    grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
+        echo "${allow}"|cut -d'@' -f2
+    done
+else
+    if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
+        ips="0.0.0.0/0"
+    else
+        ips=$("${LIBDIR}/bkctld-ip" "${jail}")
+        ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
+    fi
+    allow="AllowUsers"
+    for ip in $ips; do
+        allow="${allow} root@${ip}"
+    done
+    sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
+    set_firewall "${jail}"
+    notice "${jail} : update ip => ${ip}"
+
+    check_jail_on "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
+fi
diff --git a/lib/bkctld-key b/lib/bkctld-key
deleted file mode 120000
index 5b4f890..0000000
--- a/lib/bkctld-key
+++ /dev/null
@@ -1 +0,0 @@
-bkctld-params
\ No newline at end of file
diff --git a/lib/bkctld-key b/lib/bkctld-key
new file mode 100755
index 0000000..4f26cf7
--- /dev/null
+++ b/lib/bkctld-key
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+keyfile="${2:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : inexistant jail'"
+
+if [ -z "${keyfile}" ]; then
+    if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
+        cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
+    fi
+else
+    [ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !"
+    cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
+    chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
+    notice "${jail} : update key => ${keyfile}"
+
+    check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
+fi
diff --git a/lib/bkctld-params b/lib/bkctld-params
deleted file mode 100755
index f0fae46..0000000
--- a/lib/bkctld-params
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/sh
-
-LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
-
-jail="${1:-}"
-params="${2:-}"
-option="${3:-}"
-[ -n "${jail}" ] || usage
-check_jail "${jail}" || error "${jail} : inexistant jail'"
-
-if [ -z "${option}" ]; then
-    "get_${params}" "${jail}"
-else
-    "set_${params}" "${jail}" "${option}"
-    check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
-    notice "${jail} : update ${params} => ${option}"
-fi
diff --git a/lib/bkctld-port b/lib/bkctld-port
deleted file mode 120000
index 5b4f890..0000000
--- a/lib/bkctld-port
+++ /dev/null
@@ -1 +0,0 @@
-bkctld-params
\ No newline at end of file
diff --git a/lib/bkctld-port b/lib/bkctld-port
new file mode 100755
index 0000000..ee73356
--- /dev/null
+++ b/lib/bkctld-port
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+port="${2:-}"
+[ -n "${jail}" ] || usage
+check_jail "${jail}" || error "${jail} : inexistant jail'"
+
+if [ -z "${port}" ]; then
+    grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+"
+else
+    if [ "${port}" = "auto" ]; then
+        port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1)
+        port=$((port+1))
+        [ "${port}" -le 1 ] && port=2222
+    fi
+    sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
+    set_firewall "${jail}"
+    notice "${jail} : update port => ${port}"
+
+    check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
+fi
diff --git a/lib/bkctld-status b/lib/bkctld-status
index e0082d2..2d3e9ba 100755
--- a/lib/bkctld-status
+++ b/lib/bkctld-status
@@ -12,6 +12,6 @@ if ( check_jail_on "${jail}" ); then
 else
     status="OFF"
 fi
-port=$(get_port "${jail}")
-ip=$(get_ip "${jail}"|xargs|tr -s ' ' ',')
+port=$("${LIBDIR}/bkctld-port" "${jail}")
+ip=$("${LIBDIR}/bkctld-ip" "${jail}"|xargs|tr -s ' ' ',')
 echo "${jail} ${status} ${port} ${inc} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
diff --git a/lib/functions b/lib/functions
index d694c84..74d5b4f 100755
--- a/lib/functions
+++ b/lib/functions
@@ -46,26 +46,6 @@ check_jail_on() {
     return "${return}"
 }
 
-get_port() {
-    jail="${1}"
-    port=$(grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+")
-    echo "${port}"
-}
-
-get_key() {
-    jail="${1}"
-    if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
-        cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
-    fi
-}
-
-get_ip() {
-    jail="${1}"
-    grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
-        echo "${allow}"|cut -d'@' -f2
-    done
-}
-
 get_inc() {
     jail="${1}"
     inc="0"
@@ -77,43 +57,6 @@ get_inc() {
     echo "${inc}"
 }
 
-set_port() {
-    jail="${1}"
-    port="${2}"
-    if [ "${port}" = "auto" ]; then
-        port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1)
-        port=$((port+1))
-        [ "${port}" -le 1 ] && port=2222
-    fi
-    sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
-    set_firewall "${jail}"
-}
-
-set_key() {
-    jail="${1}"
-    keyfile="${2}"
-    [ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !"
-    cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
-    chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
-}
-
-set_ip() {
-    jail="${1}"
-    ip="${2}"
-    if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
-        ips="0.0.0.0/0"
-    else
-        ips=$(get_ip "${jail}")
-        ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
-    fi
-    allow="AllowUsers"
-    for ip in $ips; do
-        allow="${allow} root@${ip}"
-    done
-    sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
-    set_firewall "${jail}"
-}
-
 set_firewall() {
     jail="${1}"
     if [ -n "${FIREWALL_RULES}" ]; then
@@ -121,8 +64,8 @@ set_firewall() {
             sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
         fi
         if ( check_jail "${jail}" ); then
-            port=$(get_port "${jail}")
-            for ip in $(get_ip "${jail}"); do
+            port=$("${LIBDIR}/bkctld-port" "${jail}")
+            for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do
                 echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
             done
             if [ -f /etc/init.d/minifirewall ]; then

From 54261e7bcc262e50c3af942c0b44391b3c305ea6 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Fri, 4 Jan 2019 16:55:56 +0100
Subject: [PATCH 34/52] Move firewall functions into bkctld-firewall script

---
 bkctld              |  2 +-
 lib/bkctld-firewall | 18 ++++++++++++++++++
 lib/bkctld-ip       |  3 +--
 lib/bkctld-port     |  3 +--
 lib/bkctld-remove   |  2 +-
 lib/functions       | 19 +------------------
 6 files changed, 23 insertions(+), 24 deletions(-)
 create mode 100755 lib/bkctld-firewall

diff --git a/bkctld b/bkctld
index 9e54e6b..98200ce 100755
--- a/bkctld
+++ b/bkctld
@@ -33,7 +33,7 @@ case "${subcommand}" in
     "key" | "port" | "ip")
         "${LIBDIR}/bkctld-${subcommand}" "${jail}" "${option}"
     ;;
-    "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
+    "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove" | "firewall")
     if [ "${jail}" = "all" ]; then
         ls "${JAILDIR}"|xargs --no-run-if-empty --max-args=1 --max-procs=0 "${LIBDIR}/bkctld-${subcommand}"
     else
diff --git a/lib/bkctld-firewall b/lib/bkctld-firewall
new file mode 100755
index 0000000..264398f
--- /dev/null
+++ b/lib/bkctld-firewall
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+[ -n "${jail}" ] || usage
+
+if [ -n "${FIREWALL_RULES}" ]; then
+    [ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
+    if ( check_jail "${jail}" ); then
+        port=$("${LIBDIR}/bkctld-port" "${jail}")
+        for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do
+            echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
+        done
+        [ -f /etc/init.d/minifirewall ] && /etc/init.d/minifirewall restart >/dev/null
+    fi
+    notice "${jail} : firewall rules updated"
+fi
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
index 3b8f10e..25b326c 100755
--- a/lib/bkctld-ip
+++ b/lib/bkctld-ip
@@ -23,8 +23,7 @@ else
         allow="${allow} root@${ip}"
     done
     sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
-    set_firewall "${jail}"
     notice "${jail} : update ip => ${ip}"
-
     check_jail_on "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
+    "${LIBDIR}/bkctld-firewall" "${jail}"
 fi
diff --git a/lib/bkctld-port b/lib/bkctld-port
index ee73356..6c8b0fb 100755
--- a/lib/bkctld-port
+++ b/lib/bkctld-port
@@ -16,8 +16,7 @@ else
         [ "${port}" -le 1 ] && port=2222
     fi
     sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
-    set_firewall "${jail}"
     notice "${jail} : update port => ${port}"
-
     check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
+    "${LIBDIR}/bkctld-firewall" "${jail}"
 fi
diff --git a/lib/bkctld-remove b/lib/bkctld-remove
index 13f668e..c423a43 100755
--- a/lib/bkctld-remove
+++ b/lib/bkctld-remove
@@ -26,5 +26,5 @@ if [ -d  "${INCDIR}/${jail}" ]; then
     done
     rmdir --ignore-fail-on-non-empty "${INCDIR}/${jail}" | debug
 fi
-set_firewall "${jail}"
+"${LIBDIR}/bkctld-firewall" "${jail}"
 notice "${jail} : deleted jail"
diff --git a/lib/functions b/lib/functions
index 74d5b4f..9a66bc4 100755
--- a/lib/functions
+++ b/lib/functions
@@ -12,6 +12,7 @@ Subcommands:
     reload      <jailname>|all                  Reload jail <jailname> or all
     restart     <jailname>|all                  Restart jail <jailname> or all
     sync        <jailname>|all                  Sync jail <jailname> or all to another node
+    firewall    <jailname>|all                  Update firewall rules of <jailname> or all
     status      [<jailname>]                    Print status of <jailname> (default all jail)
     key         <jailname>      [<keyfile>]     Set or get ssh pubic key of <jailname>
     port        <jailname>      [<port>|auto]   Set or get ssh port of <jailname>
@@ -56,21 +57,3 @@ get_inc() {
         fi
     echo "${inc}"
 }
-
-set_firewall() {
-    jail="${1}"
-    if [ -n "${FIREWALL_RULES}" ]; then
-        if [ -f "${FIREWALL_RULES}" ]; then
-            sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
-        fi
-        if ( check_jail "${jail}" ); then
-            port=$("${LIBDIR}/bkctld-port" "${jail}")
-            for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do
-                echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
-            done
-            if [ -f /etc/init.d/minifirewall ]; then
-                /etc/init.d/minifirewall restart >/dev/null
-            fi
-        fi
-    fi
-}

From ff65126537a70b1865bdc51f987104441f83e9f7 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 14:47:05 +0100
Subject: [PATCH 35/52] Move usage functions into bkctld-help script

* Usage output is now auto-generated
---
 bkctld              |  6 ++++--
 lib/bkctld-check    |  4 ++++
 lib/bkctld-firewall |  8 +++++++-
 lib/bkctld-help     | 21 +++++++++++++++++++++
 lib/bkctld-inc      |  4 ++++
 lib/bkctld-init     |  8 +++++++-
 lib/bkctld-ip       |  8 +++++++-
 lib/bkctld-key      |  8 +++++++-
 lib/bkctld-port     |  8 +++++++-
 lib/bkctld-reload   |  8 +++++++-
 lib/bkctld-remove   |  8 +++++++-
 lib/bkctld-restart  |  8 +++++++-
 lib/bkctld-rm       |  4 ++++
 lib/bkctld-start    |  8 +++++++-
 lib/bkctld-stats    |  4 ++++
 lib/bkctld-status   |  8 +++++++-
 lib/bkctld-stop     |  8 +++++++-
 lib/bkctld-sync     |  8 +++++++-
 lib/bkctld-update   |  8 +++++++-
 lib/functions       | 26 --------------------------
 20 files changed, 132 insertions(+), 41 deletions(-)
 create mode 100755 lib/bkctld-help

diff --git a/bkctld b/bkctld
index 98200ce..f8d30d1 100755
--- a/bkctld
+++ b/bkctld
@@ -21,10 +21,12 @@ subcommand="${1:-}"
 jail="${2:-}"
 option="${3:-}"
 
-[ -x "${LIBDIR}/bkctld-${subcommand}" ] || usage
+if [ ! -x "${LIBDIR}/bkctld-${subcommand}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 
 case "${subcommand}" in
-    "inc" | "rm" | "check" | "stats")
+    "inc" | "rm" | "check" | "stats" | "help")
         "${LIBDIR}/bkctld-${subcommand}"
     ;;
         "init")
diff --git a/lib/bkctld-check b/lib/bkctld-check
index 0e957b0..df3fd29 100755
--- a/lib/bkctld-check
+++ b/lib/bkctld-check
@@ -1,4 +1,8 @@
 #!/bin/sh
+#
+# Run check on jails (NRPE output)
+# Usage: check
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
diff --git a/lib/bkctld-firewall b/lib/bkctld-firewall
index 264398f..d063fb4 100755
--- a/lib/bkctld-firewall
+++ b/lib/bkctld-firewall
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Update firewall rules of <jailname> or all
+# Usage: firewall <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 
 if [ -n "${FIREWALL_RULES}" ]; then
     [ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
diff --git a/lib/bkctld-help b/lib/bkctld-help
new file mode 100755
index 0000000..6fd76f1
--- /dev/null
+++ b/lib/bkctld-help
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# Print this help
+# Usage: help
+#
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+cat <<EOF
+Usage: bkctld <subcommand> [options]
+Subcommands:
+EOF
+
+for subcommand in ${LIBDIR}/bkctld-*; do
+    name=$(basename "${subcommand}"|cut -d'-' -f2)
+    desc=$(grep -E "^#" "${subcommand}"|sed -n '3p'|sed "s/^# //")
+    usage=$(grep -E "^# Usage: ${name}" "${subcommand}"|sed "s/^# Usage: ${name}//")
+    printf "    %- 10s %- 30s %- 40s\n" "${name}" "${usage}" "${desc}"
+done
+
+printf "\n"
diff --git a/lib/bkctld-inc b/lib/bkctld-inc
index f55a28c..7a04d2b 100755
--- a/lib/bkctld-inc
+++ b/lib/bkctld-inc
@@ -1,4 +1,8 @@
 #!/bin/sh
+#
+# Make incremental inc of all jails
+# Usage: inc
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
diff --git a/lib/bkctld-init b/lib/bkctld-init
index c816b0f..8010c6c 100755
--- a/lib/bkctld-init
+++ b/lib/bkctld-init
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Init jail <jailname>
+# Usage: init <jailname>
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" && error "${jail} : trying to create existant jail"
 
 sshd_config="${TPLDIR}/sshd_config"
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
index 25b326c..f381c02 100755
--- a/lib/bkctld-ip
+++ b/lib/bkctld-ip
@@ -1,10 +1,16 @@
 #!/bin/sh
+#
+# Set or get allowed(s) ip(s) of <jailname>
+# Usage: ip <jailname> [<ip>|all]
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
 ip="${2:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : inexistant jail'"
 
 if [ -z "${ip}" ]; then
diff --git a/lib/bkctld-key b/lib/bkctld-key
index 4f26cf7..67e6662 100755
--- a/lib/bkctld-key
+++ b/lib/bkctld-key
@@ -1,10 +1,16 @@
 #!/bin/sh
+#
+# Set or get ssh pubic key of <jailname>
+# Usage: key <jailname> [<keyfile>]
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
 keyfile="${2:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : inexistant jail'"
 
 if [ -z "${keyfile}" ]; then
diff --git a/lib/bkctld-port b/lib/bkctld-port
index 6c8b0fb..ac28d09 100755
--- a/lib/bkctld-port
+++ b/lib/bkctld-port
@@ -1,10 +1,16 @@
 #!/bin/sh
+#
+# Set or get ssh port of <jailname>
+# Usage: port <jailname> [<port>|auto]
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
 port="${2:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : inexistant jail'"
 
 if [ -z "${port}" ]; then
diff --git a/lib/bkctld-reload b/lib/bkctld-reload
index 1e97039..70f1adf 100755
--- a/lib/bkctld-reload
+++ b/lib/bkctld-reload
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Reload jail <jailname> or all
+# Usage: reload <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to reload inexistant jail"
 check_jail_on "${jail}" || exit 0
 
diff --git a/lib/bkctld-remove b/lib/bkctld-remove
index c423a43..942dd82 100755
--- a/lib/bkctld-remove
+++ b/lib/bkctld-remove
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Remove jail <jailname> or all
+# Usage: remove <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to remove inexistant jail"
 check_jail_on "${jail}" && . "${LIBDIR}/bkctld-stop" "${jail}"
 
diff --git a/lib/bkctld-restart b/lib/bkctld-restart
index 3cef9ca..21db5b0 100755
--- a/lib/bkctld-restart
+++ b/lib/bkctld-restart
@@ -1,11 +1,17 @@
 #!/bin/sh
+#
+# Restart jail <jailname> or all
+# Usage: restart <jailname>|all
+#
 
 set -eu
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to restart inexistant jail"
 check_jail_on "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 "${LIBDIR}/bkctld-start" "${jail}"
diff --git a/lib/bkctld-rm b/lib/bkctld-rm
index 30e80a8..a89c0c5 100755
--- a/lib/bkctld-rm
+++ b/lib/bkctld-rm
@@ -1,4 +1,8 @@
 #!/bin/sh
+#
+# Remove old incremtal inc of all jails
+# Usage: rm
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
diff --git a/lib/bkctld-start b/lib/bkctld-start
index cf0daa1..4aa5a65 100755
--- a/lib/bkctld-start
+++ b/lib/bkctld-start
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Start jail <jailname> or all
+# Usage: start <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to start inexistant jail"
 check_jail_on "${jail}" && exit 0
 
diff --git a/lib/bkctld-stats b/lib/bkctld-stats
index 9e955ed..7077f8e 100755
--- a/lib/bkctld-stats
+++ b/lib/bkctld-stats
@@ -1,4 +1,8 @@
 #!/bin/sh
+#
+# Make and display stats on jails (size, lastconn)
+# Usage: stats
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
diff --git a/lib/bkctld-status b/lib/bkctld-status
index 2d3e9ba..aaa2c7a 100755
--- a/lib/bkctld-status
+++ b/lib/bkctld-status
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Print status of <jailname> (default all jail)
+# Usage: status [<jailname>]
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : inexistant jail ! Use '$0 status' for list all"
 
 inc=$(get_inc "${jail}")
diff --git a/lib/bkctld-stop b/lib/bkctld-stop
index da2f93a..3ca4f02 100755
--- a/lib/bkctld-stop
+++ b/lib/bkctld-stop
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Stop jail <jailname> or all
+# Usage: stop <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to stop inexistant jail"
 check_jail_on "${jail}" || exit 0
 
diff --git a/lib/bkctld-sync b/lib/bkctld-sync
index 6081b7b..50db934 100755
--- a/lib/bkctld-sync
+++ b/lib/bkctld-sync
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Sync jail <jailname> or all to another node
+# Usage: sync <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to sync inexistant jail"
 
 [ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !"
diff --git a/lib/bkctld-update b/lib/bkctld-update
index 289c873..7c34038 100755
--- a/lib/bkctld-update
+++ b/lib/bkctld-update
@@ -1,9 +1,15 @@
 #!/bin/sh
+#
+# Update jail <jailname> or all
+# Usage: update <jailname>|all
+#
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 jail="${1:-}"
-[ -n "${jail}" ] || usage
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
 check_jail "${jail}" || error "${jail} : trying to update inexistant jail"
 check_jail_on "${jail}" && . "${LIBDIR}/bkctld-stop" "${jail}"
 
diff --git a/lib/functions b/lib/functions
index 9a66bc4..b1584d5 100755
--- a/lib/functions
+++ b/lib/functions
@@ -1,31 +1,5 @@
 #!/bin/sh
 
-usage() {
-    cat <<EOF
-Usage: $0 <subcommand> [options]
-Subcommands:
-    init        <jailname>                      Init jail <jailname>
-    update      <jailname>|all                  Update jail <jailname> or all
-    remove      <jailname>|all                  Remove jail <jailname> or all
-    start       <jailname>|all                  Start jail <jailname> or all
-    stop        <jailname>|all                  Stop jail <jailname> or all
-    reload      <jailname>|all                  Reload jail <jailname> or all
-    restart     <jailname>|all                  Restart jail <jailname> or all
-    sync        <jailname>|all                  Sync jail <jailname> or all to another node
-    firewall    <jailname>|all                  Update firewall rules of <jailname> or all
-    status      [<jailname>]                    Print status of <jailname> (default all jail)
-    key         <jailname>      [<keyfile>]     Set or get ssh pubic key of <jailname>
-    port        <jailname>      [<port>|auto]   Set or get ssh port of <jailname>
-    ip          <jailname>      [<ip>|all]      Set or get allowed(s) ip(s) of <jailname>
-    inc                                         Make incremental inc of all jails
-    rm                                          Remove old incremtal inc of all jails
-    check                                       Run check on jails (NRPE output)
-    stats                                       Make and display stats on jails (size, lastconn)
-
-EOF
-exit 1
-}
-
 check_jail() {
     jail="${1}"
     [ -d "${JAILDIR}/${jail}" ] && return 0

From d47b21343b783088b7458b83679145fb5bd1a886 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 16:11:57 +0100
Subject: [PATCH 36/52] Fix typo in bkctld-stats

---
 lib/bkctld-stats | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/bkctld-stats b/lib/bkctld-stats
index 7077f8e..0f7d261 100755
--- a/lib/bkctld-stats
+++ b/lib/bkctld-stats
@@ -7,7 +7,7 @@
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 lsof "${IDX_FILE}" >/dev/null 2>&1 || nohup sh -s -- <<EOF >/dev/null 2>&1 &
-ce -c3 "${DUC}" index -d "${IDX_FILE}" "${JAILDIR}"
+ionice -c3 "${DUC}" index -d "${IDX_FILE}" "${JAILDIR}"
 touch "${INDEX_DIR}/.lastrun.duc"
 EOF
 [ ! -f "${INDEX_DIR}/.lastrun.duc" ] && notice "First run of DUC always in progress ..." && exit 0

From c9dcca1a776c9fa81045e57028188a7dcc4f42f3 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 16:12:51 +0100
Subject: [PATCH 37/52] Remove get_inc function

---
 lib/bkctld-stats  |  8 +++++++-
 lib/bkctld-status |  7 ++++++-
 lib/functions     | 11 -----------
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/lib/bkctld-stats b/lib/bkctld-stats
index 0f7d261..896b195 100755
--- a/lib/bkctld-stats
+++ b/lib/bkctld-stats
@@ -22,6 +22,12 @@ trap "rm ${duc_output} ${incs_output} ${stat_output}" 0
 "${DUC}" ls -d "${IDX_FILE}" "${JAILDIR}" > "${duc_output}"
 awk '{ print $2 }' "${duc_output}" | while read jail; do
     stat --format=%Y "/backup/jails/${jail}/var/log/lastlog" | xargs -i -n1 date -d "@{}" "+%d-%m-%Y" >> "${stat_output}"
-    get_inc "${jail}" >> "${incs_output}"
+    inc=0
+    if [ -f "${CONFDIR}/${jail}" ]; then
+        day=$(grep -c "day" "${CONFDIR}/${jail}")
+        month=$(grep -c "month" "${CONFDIR}/${jail}")
+        inc="${day}/${month}"
+    fi
+    echo "${inc}" >> "${incs_output}"
 done
 paste "${duc_output}" "${incs_output}" "${stat_output}" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $2, $1, $3, $4); }'
diff --git a/lib/bkctld-status b/lib/bkctld-status
index aaa2c7a..fa057ac 100755
--- a/lib/bkctld-status
+++ b/lib/bkctld-status
@@ -12,7 +12,12 @@ if [ ! -n "${jail}" ]; then
 fi
 check_jail "${jail}" || error "${jail} : inexistant jail ! Use '$0 status' for list all"
 
-inc=$(get_inc "${jail}")
+inc="0"
+if [ -f "${CONFDIR}/${jail}" ]; then
+    day=$(grep -c "day" "${CONFDIR}/${jail}")
+    month=$(grep -c "month" "${CONFDIR}/${jail}")
+    inc="${day}/${month}"
+fi
 if ( check_jail_on "${jail}" ); then
     status="ON "
 else
diff --git a/lib/functions b/lib/functions
index b1584d5..5fb1461 100755
--- a/lib/functions
+++ b/lib/functions
@@ -20,14 +20,3 @@ check_jail_on() {
     fi
     return "${return}"
 }
-
-get_inc() {
-    jail="${1}"
-    inc="0"
-        if [ -f "${CONFDIR}/${jail}" ]; then
-            day=$(grep -c "day" "${CONFDIR}/${jail}")
-            month=$(grep -c "month" "${CONFDIR}/${jail}")
-            inc="${day}/${month}"
-        fi
-    echo "${inc}"
-}

From 18b44ce95801fecebd28fc73e962a1670f1fe08a Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 16:33:08 +0100
Subject: [PATCH 38/52] Fix help output (command can have dash)

---
 lib/bkctld-help | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/bkctld-help b/lib/bkctld-help
index 6fd76f1..e38380f 100755
--- a/lib/bkctld-help
+++ b/lib/bkctld-help
@@ -12,7 +12,7 @@ Subcommands:
 EOF
 
 for subcommand in ${LIBDIR}/bkctld-*; do
-    name=$(basename "${subcommand}"|cut -d'-' -f2)
+    name=$(basename "${subcommand}"|sed 's/^bkctld-//')
     desc=$(grep -E "^#" "${subcommand}"|sed -n '3p'|sed "s/^# //")
     usage=$(grep -E "^# Usage: ${name}" "${subcommand}"|sed "s/^# Usage: ${name}//")
     printf "    %- 10s %- 30s %- 40s\n" "${name}" "${usage}" "${desc}"

From 79e0d28dcc6f663b246a99912c208b0725838b96 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 16:34:14 +0100
Subject: [PATCH 39/52] Move check_jail_on functions into bkctld-is-on script

---
 bkctld             |  2 +-
 lib/bkctld-ip      |  2 +-
 lib/bkctld-is-on   | 26 ++++++++++++++++++++++++++
 lib/bkctld-key     |  2 +-
 lib/bkctld-port    |  2 +-
 lib/bkctld-reload  |  2 +-
 lib/bkctld-remove  |  2 +-
 lib/bkctld-restart |  2 +-
 lib/bkctld-start   |  2 +-
 lib/bkctld-status  |  7 ++-----
 lib/bkctld-stop    |  2 +-
 lib/bkctld-sync    |  4 +---
 lib/bkctld-update  |  2 +-
 lib/functions      | 15 ---------------
 14 files changed, 39 insertions(+), 33 deletions(-)
 create mode 100755 lib/bkctld-is-on

diff --git a/bkctld b/bkctld
index f8d30d1..80a93ef 100755
--- a/bkctld
+++ b/bkctld
@@ -29,7 +29,7 @@ case "${subcommand}" in
     "inc" | "rm" | "check" | "stats" | "help")
         "${LIBDIR}/bkctld-${subcommand}"
     ;;
-        "init")
+        "init" | "is-on")
         "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     ;;
     "key" | "port" | "ip")
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
index f381c02..49cb1b8 100755
--- a/lib/bkctld-ip
+++ b/lib/bkctld-ip
@@ -30,6 +30,6 @@ else
     done
     sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
     notice "${jail} : update ip => ${ip}"
-    check_jail_on "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
+    "${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
     "${LIBDIR}/bkctld-firewall" "${jail}"
 fi
diff --git a/lib/bkctld-is-on b/lib/bkctld-is-on
new file mode 100755
index 0000000..41f548a
--- /dev/null
+++ b/lib/bkctld-is-on
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# Check if a jail is on or not
+# Usage: is-on <jailname>
+#
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+jail="${1:-}"
+if [ ! -n "${jail}" ]; then
+    "${LIBDIR}/bkctld-help" && exit 1
+fi
+check_jail "${jail}" || error "${jail} : trying to check inexistant jail"
+
+jail="${1}"
+return=1
+if [ -f "${JAILDIR}/${jail}/${SSHD_PID}" ]; then
+    pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
+    ps -p "${pid}" > /dev/null && return=0
+fi
+if [ "${return}" -eq 1 ]; then
+    rm -f "${JAILDIR}/${jail}/${SSHD_PID}"
+    grep -q "${JAILDIR}/${jail}/proc" /proc/mounts && umount --lazy "${JAILDIR}/${jail}/proc/"
+    grep -q "${JAILDIR}/${jail}/dev" /proc/mounts && umount --lazy --recursive "${JAILDIR}/${jail}/dev"
+fi
+exit "${return}"
diff --git a/lib/bkctld-key b/lib/bkctld-key
index 67e6662..bf75f8d 100755
--- a/lib/bkctld-key
+++ b/lib/bkctld-key
@@ -23,5 +23,5 @@ else
     chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
     notice "${jail} : update key => ${keyfile}"
 
-    check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
+    "${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
 fi
diff --git a/lib/bkctld-port b/lib/bkctld-port
index ac28d09..86f05fc 100755
--- a/lib/bkctld-port
+++ b/lib/bkctld-port
@@ -23,6 +23,6 @@ else
     fi
     sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
     notice "${jail} : update port => ${port}"
-    check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
+    "${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
     "${LIBDIR}/bkctld-firewall" "${jail}"
 fi
diff --git a/lib/bkctld-reload b/lib/bkctld-reload
index 70f1adf..1b8701f 100755
--- a/lib/bkctld-reload
+++ b/lib/bkctld-reload
@@ -11,7 +11,7 @@ if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
 check_jail "${jail}" || error "${jail} : trying to reload inexistant jail"
-check_jail_on "${jail}" || exit 0
+"${LIBDIR}/bkctld-is-on" "${jail}" || exit 0
 
 pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
 
diff --git a/lib/bkctld-remove b/lib/bkctld-remove
index 942dd82..bbd4884 100755
--- a/lib/bkctld-remove
+++ b/lib/bkctld-remove
@@ -11,7 +11,7 @@ if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
 check_jail "${jail}" || error "${jail} : trying to remove inexistant jail"
-check_jail_on "${jail}" && . "${LIBDIR}/bkctld-stop" "${jail}"
+"${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 
 rm -f "${CONFDIR}/${jail}"
 jail_inode=$(stat --format=%i "${JAILDIR}/${jail}")
diff --git a/lib/bkctld-restart b/lib/bkctld-restart
index 21db5b0..40701bc 100755
--- a/lib/bkctld-restart
+++ b/lib/bkctld-restart
@@ -13,5 +13,5 @@ if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
 check_jail "${jail}" || error "${jail} : trying to restart inexistant jail"
-check_jail_on "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
+"${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 "${LIBDIR}/bkctld-start" "${jail}"
diff --git a/lib/bkctld-start b/lib/bkctld-start
index 4aa5a65..9749633 100755
--- a/lib/bkctld-start
+++ b/lib/bkctld-start
@@ -11,7 +11,7 @@ if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
 check_jail "${jail}" || error "${jail} : trying to start inexistant jail"
-check_jail_on "${jail}" && exit 0
+"${LIBDIR}/bkctld-is-on" "${jail}" && exit 0
 
 cd "${JAILDIR}/${jail}"
 grep -q "${JAILDIR}/${jail}/proc" /proc/mounts || mount -t proc "proc-${jail}" proc
diff --git a/lib/bkctld-status b/lib/bkctld-status
index fa057ac..d2e3dfa 100755
--- a/lib/bkctld-status
+++ b/lib/bkctld-status
@@ -18,11 +18,8 @@ if [ -f "${CONFDIR}/${jail}" ]; then
     month=$(grep -c "month" "${CONFDIR}/${jail}")
     inc="${day}/${month}"
 fi
-if ( check_jail_on "${jail}" ); then
-    status="ON "
-else
-    status="OFF"
-fi
+status="OFF"
+"${LIBDIR}/bkctld-is-on" "${jail}" && status="ON "
 port=$("${LIBDIR}/bkctld-port" "${jail}")
 ip=$("${LIBDIR}/bkctld-ip" "${jail}"|xargs|tr -s ' ' ',')
 echo "${jail} ${status} ${port} ${inc} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
diff --git a/lib/bkctld-stop b/lib/bkctld-stop
index 3ca4f02..8f76cd7 100755
--- a/lib/bkctld-stop
+++ b/lib/bkctld-stop
@@ -11,7 +11,7 @@ if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
 check_jail "${jail}" || error "${jail} : trying to stop inexistant jail"
-check_jail_on "${jail}" || exit 0
+"${LIBDIR}/bkctld-is-on" "${jail}" || exit 0
 
 pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
 for conn in $(ps --ppid "${pid}" -o pid=); do
diff --git a/lib/bkctld-sync b/lib/bkctld-sync
index 50db934..b484bac 100755
--- a/lib/bkctld-sync
+++ b/lib/bkctld-sync
@@ -18,9 +18,7 @@ jail="${1}"
 ssh "${NODE}" "${LIBDIR}/bkctld-init" "${jail}" | debug
 rsync -a "${JAILDIR}/${jail}/" "${NODE}:${JAILDIR}/${jail}/" --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/*
 rsync -a "${CONFDIR}/${jail}" "${NODE}:${CONFDIR}/${jail}"
-if ( check_jail_on "${jail}" ); then
-    ssh "${NODE}" "${LIBDIR}/bkctld-start" "${jail}" | debug
-fi
+"${LIBDIR}/bkctld-is-on" "${jail}" && ssh "${NODE}" "${LIBDIR}/bkctld-start" "${jail}" | debug
 if [ -n "${FIREWALL_RULES}" ]; then
     rsync -a "${FIREWALL_RULES}" "${NODE}:${FIREWALL_RULES}"
     ssh "${NODE}" /etc/init.d/minifirewall restart | debug
diff --git a/lib/bkctld-update b/lib/bkctld-update
index 7c34038..1998fea 100755
--- a/lib/bkctld-update
+++ b/lib/bkctld-update
@@ -11,7 +11,7 @@ if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
 check_jail "${jail}" || error "${jail} : trying to update inexistant jail"
-check_jail_on "${jail}" && . "${LIBDIR}/bkctld-stop" "${jail}"
+"${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 
 . "${LIBDIR}/mkjail"
 notice "${jail} : updated jail"
diff --git a/lib/functions b/lib/functions
index 5fb1461..c21fc2c 100755
--- a/lib/functions
+++ b/lib/functions
@@ -5,18 +5,3 @@ check_jail() {
     [ -d "${JAILDIR}/${jail}" ] && return 0
     return 1
 }
-
-check_jail_on() {
-    jail="${1}"
-    return=1
-    if [ -f "${JAILDIR}/${jail}/${SSHD_PID}" ]; then
-        pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
-        ps -p "${pid}" > /dev/null && return=0
-    fi
-    if [ "${return}" -eq 1 ]; then
-        rm -f "${JAILDIR}/${jail}/${SSHD_PID}"
-        grep -q "${JAILDIR}/${jail}/proc" /proc/mounts && umount --lazy "${JAILDIR}/${jail}/proc/"
-        grep -q "${JAILDIR}/${jail}/dev" /proc/mounts && umount --lazy --recursive "${JAILDIR}/${jail}/dev"
-    fi
-    return "${return}"
-}

From 3cb0bea28eb33443b99c40f5ace597b0245fe77e Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 16:41:29 +0100
Subject: [PATCH 40/52] Remove check_jail function

---
 lib/bkctld-firewall | 2 +-
 lib/bkctld-init     | 2 +-
 lib/bkctld-ip       | 2 +-
 lib/bkctld-is-on    | 2 +-
 lib/bkctld-key      | 2 +-
 lib/bkctld-port     | 2 +-
 lib/bkctld-reload   | 2 +-
 lib/bkctld-remove   | 2 +-
 lib/bkctld-restart  | 2 +-
 lib/bkctld-start    | 2 +-
 lib/bkctld-status   | 2 +-
 lib/bkctld-stop     | 2 +-
 lib/bkctld-sync     | 2 +-
 lib/bkctld-update   | 2 +-
 lib/config          | 1 -
 lib/functions       | 7 -------
 16 files changed, 14 insertions(+), 22 deletions(-)
 delete mode 100755 lib/functions

diff --git a/lib/bkctld-firewall b/lib/bkctld-firewall
index d063fb4..eacb752 100755
--- a/lib/bkctld-firewall
+++ b/lib/bkctld-firewall
@@ -13,7 +13,7 @@ fi
 
 if [ -n "${FIREWALL_RULES}" ]; then
     [ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
-    if ( check_jail "${jail}" ); then
+    if [ -d "${JAILDIR}/${jail}" ]; then
         port=$("${LIBDIR}/bkctld-port" "${jail}")
         for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do
             echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
diff --git a/lib/bkctld-init b/lib/bkctld-init
index 8010c6c..29fe670 100755
--- a/lib/bkctld-init
+++ b/lib/bkctld-init
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" && error "${jail} : trying to create existant jail"
+[ -d "${JAILDIR}/${jail}" ] && error "${jail} : trying to create existant jail"
 
 sshd_config="${TPLDIR}/sshd_config"
 inctpl="${TPLDIR}/inc.tpl"
diff --git a/lib/bkctld-ip b/lib/bkctld-ip
index 49cb1b8..5512b12 100755
--- a/lib/bkctld-ip
+++ b/lib/bkctld-ip
@@ -11,7 +11,7 @@ ip="${2:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : inexistant jail'"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail'"
 
 if [ -z "${ip}" ]; then
     grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
diff --git a/lib/bkctld-is-on b/lib/bkctld-is-on
index 41f548a..ac19ce0 100755
--- a/lib/bkctld-is-on
+++ b/lib/bkctld-is-on
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to check inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to check inexistant jail"
 
 jail="${1}"
 return=1
diff --git a/lib/bkctld-key b/lib/bkctld-key
index bf75f8d..5fb8c53 100755
--- a/lib/bkctld-key
+++ b/lib/bkctld-key
@@ -11,7 +11,7 @@ keyfile="${2:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : inexistant jail'"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail'"
 
 if [ -z "${keyfile}" ]; then
     if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
diff --git a/lib/bkctld-port b/lib/bkctld-port
index 86f05fc..6f86092 100755
--- a/lib/bkctld-port
+++ b/lib/bkctld-port
@@ -11,7 +11,7 @@ port="${2:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : inexistant jail'"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail'"
 
 if [ -z "${port}" ]; then
     grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+"
diff --git a/lib/bkctld-reload b/lib/bkctld-reload
index 1b8701f..3f2fb56 100755
--- a/lib/bkctld-reload
+++ b/lib/bkctld-reload
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to reload inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to reload inexistant jail"
 "${LIBDIR}/bkctld-is-on" "${jail}" || exit 0
 
 pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
diff --git a/lib/bkctld-remove b/lib/bkctld-remove
index bbd4884..a8d6df7 100755
--- a/lib/bkctld-remove
+++ b/lib/bkctld-remove
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to remove inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to remove inexistant jail"
 "${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 
 rm -f "${CONFDIR}/${jail}"
diff --git a/lib/bkctld-restart b/lib/bkctld-restart
index 40701bc..22d778e 100755
--- a/lib/bkctld-restart
+++ b/lib/bkctld-restart
@@ -12,6 +12,6 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to restart inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to restart inexistant jail"
 "${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 "${LIBDIR}/bkctld-start" "${jail}"
diff --git a/lib/bkctld-start b/lib/bkctld-start
index 9749633..810c5ce 100755
--- a/lib/bkctld-start
+++ b/lib/bkctld-start
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to start inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to start inexistant jail"
 "${LIBDIR}/bkctld-is-on" "${jail}" && exit 0
 
 cd "${JAILDIR}/${jail}"
diff --git a/lib/bkctld-status b/lib/bkctld-status
index d2e3dfa..b873ced 100755
--- a/lib/bkctld-status
+++ b/lib/bkctld-status
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : inexistant jail ! Use '$0 status' for list all"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail ! Use '$0 status' for list all"
 
 inc="0"
 if [ -f "${CONFDIR}/${jail}" ]; then
diff --git a/lib/bkctld-stop b/lib/bkctld-stop
index 8f76cd7..cdb2b25 100755
--- a/lib/bkctld-stop
+++ b/lib/bkctld-stop
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to stop inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to stop inexistant jail"
 "${LIBDIR}/bkctld-is-on" "${jail}" || exit 0
 
 pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
diff --git a/lib/bkctld-sync b/lib/bkctld-sync
index b484bac..65eb58b 100755
--- a/lib/bkctld-sync
+++ b/lib/bkctld-sync
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to sync inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to sync inexistant jail"
 
 [ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !"
 
diff --git a/lib/bkctld-update b/lib/bkctld-update
index 1998fea..4e8f141 100755
--- a/lib/bkctld-update
+++ b/lib/bkctld-update
@@ -10,7 +10,7 @@ jail="${1:-}"
 if [ ! -n "${jail}" ]; then
     "${LIBDIR}/bkctld-help" && exit 1
 fi
-check_jail "${jail}" || error "${jail} : trying to update inexistant jail"
+[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to update inexistant jail"
 "${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
 
 . "${LIBDIR}/mkjail"
diff --git a/lib/config b/lib/config
index 0c14959..d71ad55 100755
--- a/lib/config
+++ b/lib/config
@@ -20,4 +20,3 @@ WARNING="${WARNING:-24}"
 DUC=$(command -v duc-nox||command -v duc)
 
 . "${LIBDIR}/logging"
-. "${LIBDIR}/functions"
diff --git a/lib/functions b/lib/functions
deleted file mode 100755
index c21fc2c..0000000
--- a/lib/functions
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-check_jail() {
-    jail="${1}"
-    [ -d "${JAILDIR}/${jail}" ] && return 0
-    return 1
-}

From 084c7653dd81fcec31074784709f6d842fa75a7b Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 16:57:12 +0100
Subject: [PATCH 41/52] Move logging functions into config

---
 lib/config  | 44 +++++++++++++++++++++++++++++++++++++++++++-
 lib/logging | 42 ------------------------------------------
 2 files changed, 43 insertions(+), 43 deletions(-)
 delete mode 100755 lib/logging

diff --git a/lib/config b/lib/config
index d71ad55..dac4f09 100755
--- a/lib/config
+++ b/lib/config
@@ -1,4 +1,7 @@
 #!/bin/sh
+#
+# Config for bkctld
+#
 
 [ -f /etc/default/bkctld ] && . /etc/default/bkctld
 LIBDIR=${LIBDIR:-/usr/lib/bkctld}
@@ -19,4 +22,43 @@ CRITICAL="${CRITICAL:-48}"
 WARNING="${WARNING:-24}"
 DUC=$(command -v duc-nox||command -v duc)
 
-. "${LIBDIR}/logging"
+debug() {
+    msg="${1:-$(cat /dev/stdin)}"
+    if [ "${LOGLEVEL}" -ge 7 ]; then
+        echo "${msg}"
+        logger -t bkctld -p daemon.debug "${msg}"
+    fi
+}
+
+info() {
+    msg="${1:-$(cat /dev/stdin)}"
+    if [ "${LOGLEVEL}" -ge 6 ]; then
+        tty -s && echo "${msg}"
+        logger -t bkctld -p daemon.info "${msg}"
+    fi
+}
+
+notice() {
+    msg="${1:-$(cat /dev/stdin)}"
+    tty -s && echo "${msg}"
+    [ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "${msg}"
+}
+
+warning() {
+    msg="${1:-$(cat /dev/stdin)}"
+    tty -s && echo "WARNING : ${msg}" >&2
+    if [ "${LOGLEVEL}" -ge 4 ]; then
+        tty -s || echo "WARNING : ${msg}" >&2
+        logger -t bkctld -p daemon.warning "${msg}"
+    fi
+}
+
+error() {
+    msg="${1:-$(cat /dev/stdin)}"
+    tty -s && echo "ERROR : ${msg}" >&2
+    if [ "${LOGLEVEL}" -ge 5 ]; then
+        tty -s || echo "ERROR : ${msg}" >&2
+        logger -t bkctld -p daemon.error "${msg}"
+    fi
+    exit 1
+}
diff --git a/lib/logging b/lib/logging
deleted file mode 100755
index 529de4c..0000000
--- a/lib/logging
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/sh
-
-debug() {
-    msg="${1:-$(cat /dev/stdin)}"
-    if [ "${LOGLEVEL}" -ge 7 ]; then
-        echo "${msg}"
-        logger -t bkctld -p daemon.debug "${msg}"
-    fi
-}
-
-info() {
-    msg="${1:-$(cat /dev/stdin)}"
-    if [ "${LOGLEVEL}" -ge 6 ]; then
-        tty -s && echo "${msg}"
-        logger -t bkctld -p daemon.info "${msg}"
-    fi
-}
-
-notice() {
-    msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "${msg}"
-    [ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "${msg}"
-}
-
-warning() {
-    msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "WARNING : ${msg}" >&2
-    if [ "${LOGLEVEL}" -ge 4 ]; then
-        tty -s || echo "WARNING : ${msg}" >&2
-        logger -t bkctld -p daemon.warning "${msg}"
-    fi
-}
-
-error() {
-    msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "ERROR : ${msg}" >&2
-    if [ "${LOGLEVEL}" -ge 5 ]; then
-        tty -s || echo "ERROR : ${msg}" >&2
-        logger -t bkctld -p daemon.error "${msg}"
-    fi
-    exit 1
-}

From 09adad03e3354dd8d18f6cc3b96d73f8aa54ab79 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 7 Jan 2019 17:52:19 +0100
Subject: [PATCH 42/52] Subcommand list are now dynamic in bash completion

---
 bash_completion | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bash_completion b/bash_completion
index 3f2c6f8..17d0192 100644
--- a/bash_completion
+++ b/bash_completion
@@ -9,7 +9,7 @@ function _bkctld()
 
 	cur=${COMP_WORDS[COMP_CWORD]};
 	prev=${COMP_WORDS[COMP_CWORD-1]};
-	commands="init update remove start stop reload restart sync status key port ip inc rm check stats"
+	commands=$(find /usr/lib/bkctld/ -name "bkctld-*" -exec basename {} \;|sed 's/^bkctld-//')
 
 	if [ $COMP_CWORD -eq 1 ]; then
 		COMPREPLY=($(compgen -W '${commands}' -- ${cur}))

From 43abccd6a435007feaef9af1f34ea493fd619155 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Tue, 8 Jan 2019 11:01:17 +0100
Subject: [PATCH 43/52] Rewrite bats test

---
 test/generate.bats |  11 ----
 test/main.bats     | 128 ++++++++++++++++++++++-----------------------
 test/nrpe.bats     |  26 ---------
 3 files changed, 64 insertions(+), 101 deletions(-)
 delete mode 100755 test/generate.bats
 delete mode 100755 test/nrpe.bats

diff --git a/test/generate.bats b/test/generate.bats
deleted file mode 100755
index 278ee51..0000000
--- a/test/generate.bats
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/env bats
-
-@test "generate" {
-    jails="test0 test1 test2 test3 test4 test5"
-    for jail in ${jails}; do
-        bkctld init "${jail}"
-        random=$(od -An -N4 -i < /dev/urandom|grep -Eo "[0-9]{2}$")
-        date=$(date -d "${random} hour ago")
-        touch -m --date="${date}" "/backup/jails/${jail}/var/log/lastlog"
-    done
-}
diff --git a/test/main.bats b/test/main.bats
index ee3e70e..0ecb339 100755
--- a/test/main.bats
+++ b/test/main.bats
@@ -5,129 +5,129 @@ setup() {
     date=$(date +"%Y-%m-%d-%H")
     inode=$(stat --format=%i /backup)
     rm -f /root/bkctld.key* && ssh-keygen -t rsa -N "" -f /root/bkctld.key -q
-    [ -f /etc/default/bkctld ] && . /etc/default/bkctld
-    CONFDIR="${CONFDIR:-/etc/evobackup}"
-    JAILDIR="${JAILDIR:-/backup/jails}"
-    INCDIR="${INCDIR:-/backup/incs}"
-    TPLDIR="${TPLDIR:-/usr/share/bkctld}"
-    LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"
-    SSHD_PID="${SSHD_PID:-/run/sshd.pid}"
-    SSHD_CONFIG="${SSHD_CONFIG:-/etc/ssh/sshd_config}"
-    AUTHORIZED_KEYS="${AUTHORIZED_KEYS:-/root/.ssh/authorized_keys}"
-    FIREWALL_RULES="${FIREWALL_RULES:-}"
-    LOGLEVEL="${LOGLEVEL:-6}"
+    . /usr/lib/bkctld/config
+    JAILNAME=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w15 | head -n1)
 }
 
 teardown() {
-    bkctld remove all && rm -rf "${INCDIR}/*"
+    /usr/lib/bkctld/bkctld-remove "${JAILNAME}" && rm -rf "${INCDIR}/*"
 }
 
 @test "init" {
-    bkctld init test
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    inode=$(stat --format=%i /backup)
     if [ "${inode}" -eq 256 ]; then
-        run stat --format=%i "${JAILDIR}/test"
+        run stat --format=%i "${JAILDIR}/${JAILNAME}"
         [ "${output}" -eq 256 ]
     else
-        run test -d "${JAILDIR}/test"
+        run test -d "${JAILDIR}/${JAILNAME}"
         [ "${status}" -eq 0 ]
     fi
 }
 
-@test "update" {
-    skip
-}
-
 @test "start" {
-    bkctld init test
-    bkctld start test
-    pid=$(cat "${JAILDIR}/test/${SSHD_PID}")
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    pid=$(cat "${JAILDIR}/${JAILNAME}/${SSHD_PID}")
     run ps --pid "${pid}"
     [ "${status}" -eq 0 ]
 }
 
 @test "stop" {
-    bkctld init test
-    bkctld start test
-    pid=$(cat "${JAILDIR}/test/${SSHD_PID}")
-    bkctld stop test
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    pid=$(cat "${JAILDIR}/${JAILNAME}/${SSHD_PID}")
+    /usr/lib/bkctld/bkctld-stop "${JAILNAME}"
     run ps --pid "${pid}"
     [ "${status}" -ne 0 ]
 }
 
 @test "reload" {
-    bkctld init test
-    bkctld start test
-    bkctld reload test
-    run grep "Received SIGHUP; restarting." "${JAILDIR}/test/var/log/authlog"
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-reload "${JAILNAME}"
+    run grep "Received SIGHUP; restarting." "${JAILDIR}/${JAILNAME}/var/log/authlog"
     [ "${status}" -eq 0 ]
 }
 
 @test "restart" {
-    bkctld init test
-    bkctld start test
-    bpid=$(cat "${JAILDIR}/test/${SSHD_PID}")
-    bkctld restart test
-    apid=$(cat "${JAILDIR}/test/${SSHD_PID}")
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    bpid=$(cat "${JAILDIR}/${JAILNAME}/${SSHD_PID}")
+    /usr/lib/bkctld/bkctld-restart "${JAILNAME}"
+    apid=$(cat "${JAILDIR}/${JAILNAME}/${SSHD_PID}")
     [ "${bpid}" -ne "${apid}" ]
 }
 
 @test "status" {
-    bkctld init test
-    run bkctld status test
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    run /usr/lib/bkctld/bkctld-status "${JAILNAME}"
     [ "${status}" -eq 0 ]
 }
 
 @test "key" {
-    bkctld init test
-    bkctld start test
-    bkctld key test /root/bkctld.key.pub
-    run cat /backup/jails/test/root/.ssh/authorized_keys
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
+    run cat "/backup/jails/${JAILNAME}/root/.ssh/authorized_keys"
     [ "${status}" -eq 0 ]
     [ "${output}" = $(cat /root/bkctld.key.pub) ]
 }
 
 @test "port" {
-    bkctld init test
-    bkctld start test
-    bkctld port test "${port}"
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-port "${JAILNAME}" "${port}"
     run nc -vz 127.0.0.1 "${port}"
     [ "${status}" -eq 0 ]
 }
 
-@test "ip" {
-    skip
-}
-
 @test "inc" {
-    bkctld init test
-    bkctld inc
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-inc
     if [ "${inode}" -eq 256 ]; then
-        run stat --format=%i "${INCDIR}/test/${date}"
+        run stat --format=%i "${INCDIR}/${JAILNAME}/${date}"
         [ "${output}" -eq 256 ]
     else
-        run test -d "${INCDIR}/test/${date}"
+        run test -d "${INCDIR}/${JAILNAME}/${date}"
         [ "${status}" -eq 0 ]
     fi
 }
 
-@test "rm" {
-    skip
-}
-
 @test "ssh" {
-    bkctld init test
-    bkctld start test
-    bkctld port test "${port}"
-    bkctld key test /root/bkctld.key.pub
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-port "${JAILNAME}" "${port}"
+    /usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
     run ssh -p "${port}" -i /root/bkctld.key -oStrictHostKeyChecking=no root@127.0.0.1 ls
     [ "$status" -eq 0 ]
 }
 
 @test "rsync" {
-    bkctld init test
-    bkctld start test
-    bkctld port test "${port}"
-    bkctld key test /root/bkctld.key.pub
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    /usr/lib/bkctld/bkctld-port "${JAILNAME}" "${port}"
+    /usr/lib/bkctld/bkctld-key "${JAILNAME}" /root/bkctld.key.pub
     run rsync -a -e "ssh -p ${port} -i /root/bkctld.key -oStrictHostKeyChecking=no" /tmp/ root@127.0.0.1:/var/backup/
     [ "$status" -eq 0 ]
 }
+
+@test "check-ok" {
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    run /usr/lib/bkctld/bkctld-check
+    [ "$status" -eq 0 ]
+}
+
+@test "check-warning" {
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    touch --date="$(date -d -2days)" "/backup/jails/${JAILNAME}/var/log/lastlog"
+    run /usr/lib/bkctld/bkctld-check
+    [ "$status" -eq 1 ]
+}
+
+@test "check-critical" {
+    /usr/lib/bkctld/bkctld-init "${JAILNAME}"
+    touch --date="$(date -d -3days)" "/backup/jails/${JAILNAME}/var/log/lastlog"
+    run /usr/lib/bkctld/bkctld-check
+    [ "$status" -eq 2 ]
+}
diff --git a/test/nrpe.bats b/test/nrpe.bats
deleted file mode 100755
index 6b72133..0000000
--- a/test/nrpe.bats
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/bin/env bats
-
-setup() {
-    bkctld init test
-}
-
-teardown() {
-    bkctld remove all
-}
-
-@test "ok" {
-    run bkctld check
-    [ "$status" -eq 0 ]
-}
-
-@test "warning" {
-    touch --date="$(date -d -2days)" /backup/jails/*/var/log/lastlog
-    run bkctld check
-    [ "$status" -eq 1 ]
-}
-
-@test "critical" {
-    touch --date="$(date -d -3days)" /backup/jails/*/var/log/lastlog
-    run bkctld check
-    [ "$status" -eq 2 ]
-}

From f535b77f93f086e550793e1d5c44afdb5e302cd6 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Tue, 8 Jan 2019 11:11:47 +0100
Subject: [PATCH 44/52] Use lastlog in sshrc

---
 tpl/sshrc | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)
 mode change 100644 => 100755 tpl/sshrc

diff --git a/tpl/sshrc b/tpl/sshrc
old mode 100644
new mode 100755
index 78266bb..015983f
--- a/tpl/sshrc
+++ b/tpl/sshrc
@@ -1,5 +1,3 @@
 #!/bin/sh
 
-# lastlog -S isn't available in login package on Debian Jessie (need Debian Stretch or superior)
-#/usr/bin/lastlog -Su root
-/usr/bin/touch /var/log/lastlog
+/usr/bin/lastlog -Su root

From cba53d8ae7faf799df10fd14e20092a7cf355fa6 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Tue, 8 Jan 2019 11:26:42 +0100
Subject: [PATCH 45/52] Transform bkctld SysVinit script into systemd oneshot
 service

---
 Vagrantfile     |  1 +
 bkctld.service  | 14 ++++++++++++++
 bkctld.sysvinit | 42 ------------------------------------------
 3 files changed, 15 insertions(+), 42 deletions(-)
 create mode 100644 bkctld.service
 delete mode 100755 bkctld.sysvinit

diff --git a/Vagrantfile b/Vagrantfile
index 7db7458..a5c1926 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -20,6 +20,7 @@ ln -fs /vagrant/lib /usr/lib/bkctld
 ln -fs /vagrant/tpl /usr/share/bkctld
 ln -fs /vagrant/bash_completion /usr/share/bash-completion/completions/bkctld
 ln -fs /vagrant/bkctld.conf /etc/default/bkctld
+ln -fs /vagrant/bkctld.service /etc/systemd/system/bkctld.service && systemctl daemon-reload
 mkdir -p /usr/lib/nagios/plugins/
 SCRIPT
 
diff --git a/bkctld.service b/bkctld.service
new file mode 100644
index 0000000..393ecb3
--- /dev/null
+++ b/bkctld.service
@@ -0,0 +1,14 @@
+[Unit]
+Documentation=man:bkctld(8)
+Description=Backup manager using rsync and OpenSSH chroot.
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/bkctld start all
+ExecStop=/usr/sbin/bkctld stop all
+RemainAfterExit=true
+KillMode=control-group
+GuessMainPID=no
+
+[Install]
+WantedBy=multi-user.target
diff --git a/bkctld.sysvinit b/bkctld.sysvinit
deleted file mode 100755
index c790184..0000000
--- a/bkctld.sysvinit
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/sh
-
-### BEGIN INIT INFO
-# Provides:             evobackup
-# Required-Start:       $syslog
-# Required-Stop:        $syslog
-# Default-Start:        2 3 4 5
-# Default-Stop:
-# Short-Description:    Backup manager using rsync and OpenSSH chroot.
-### END INIT INFO
-
-. /lib/lsb/init-functions
-
-case "$1" in
-    start)
-	bkctld start all
-    ;;
-
-    stop)
-	bkctld stop all
-    ;;
-
-    reload|force-reload)
-        bkctld reload all
-    ;;
-
-    restart)
-	bkctld restart all
-    ;;
-
-    status)
-	bkctld status
-    ;;
-
-  *)
-
-    echo "Usage: $0 {start|stop|restart|reload|status}"
-    exit 1
-
-esac
-
-exit 0

From 023fbd18baefe0255fb5c5d894a148965ac40624 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Tue, 8 Jan 2019 16:23:46 +0100
Subject: [PATCH 46/52] Use bkctld-list script for jails listing

---
 bkctld           |  9 +++------
 lib/bkctld-check |  3 +--
 lib/bkctld-inc   |  3 +--
 lib/bkctld-list  | 12 ++++++++++++
 lib/bkctld-rm    |  3 +--
 5 files changed, 18 insertions(+), 12 deletions(-)
 create mode 100755 lib/bkctld-list

diff --git a/bkctld b/bkctld
index 80a93ef..d50e8e8 100755
--- a/bkctld
+++ b/bkctld
@@ -26,7 +26,7 @@ if [ ! -x "${LIBDIR}/bkctld-${subcommand}" ]; then
 fi
 
 case "${subcommand}" in
-    "inc" | "rm" | "check" | "stats" | "help")
+    "inc" | "rm" | "check" | "stats" | "help" | "list")
         "${LIBDIR}/bkctld-${subcommand}"
     ;;
         "init" | "is-on")
@@ -37,17 +37,14 @@ case "${subcommand}" in
     ;;
     "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove" | "firewall")
     if [ "${jail}" = "all" ]; then
-        ls "${JAILDIR}"|xargs --no-run-if-empty --max-args=1 --max-procs=0 "${LIBDIR}/bkctld-${subcommand}"
+        "${LIBDIR}/bkctld-list"|xargs --no-run-if-empty --max-args=1 --max-procs=0 "${LIBDIR}/bkctld-${subcommand}"
     else
         "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     fi
     ;;
     "status")
     if [ -z "${jail}" ]; then
-        jails=$(ls "${JAILDIR}")
-        for jail in ${jails}; do
-            "${LIBDIR}/bkctld-${subcommand}" "${jail}"
-        done
+        "${LIBDIR}/bkctld-list"|xargs --no-run-if-empty --max-args=1 "${LIBDIR}/bkctld-${subcommand}"
     else
         "${LIBDIR}/bkctld-${subcommand}" "${jail}"
     fi
diff --git a/lib/bkctld-check b/lib/bkctld-check
index df3fd29..a5faced 100755
--- a/lib/bkctld-check
+++ b/lib/bkctld-check
@@ -32,8 +32,7 @@ if [ -b "${BACKUP_DISK}" ]; then
     fi
 fi
 
-jails=$(ls "${JAILDIR}")
-for jail in ${jails}; do
+for jail in $("${LIBDIR}/bkctld-list"); do
     if [ -f "${JAILDIR}/${jail}/var/log/lastlog" ]; then
         last_conn=$(stat --format=%Y "${JAILDIR}/${jail}/var/log/lastlog")
         date_diff=$(( (cur_time - last_conn) / (60*60) ))
diff --git a/lib/bkctld-inc b/lib/bkctld-inc
index 7a04d2b..3ee7fb8 100755
--- a/lib/bkctld-inc
+++ b/lib/bkctld-inc
@@ -7,8 +7,7 @@
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
 date=$(date +"%Y-%m-%d-%H")
-jails=$(ls "${JAILDIR}")
-for jail in ${jails}; do
+for jail in $("${LIBDIR}/bkctld-list"); do
     inc="${INCDIR}/${jail}/${date}"
     mkdir -p "${INCDIR}/${jail}"
     if [ ! -d "${inc}" ]; then
diff --git a/lib/bkctld-list b/lib/bkctld-list
new file mode 100755
index 0000000..f7f4f85
--- /dev/null
+++ b/lib/bkctld-list
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# List jails
+# Usage: list
+#
+
+set -eu
+
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
+
+[ -d "${JAILDIR}" ] || exit 0
+find "${JAILDIR}" -mindepth 1 -maxdepth 1 -type d|sed 's!.*/!!'
diff --git a/lib/bkctld-rm b/lib/bkctld-rm
index a89c0c5..6770c57 100755
--- a/lib/bkctld-rm
+++ b/lib/bkctld-rm
@@ -19,8 +19,7 @@ if [ -f "${pidfile}" ]; then
     rm "${pidfile}"
     fi
 echo "${$}" > "${pidfile}"
-jails=$(ls "${JAILDIR}")
-for jail in ${jails}; do
+for jail in $("${LIBDIR}/bkctld-list"); do
     incs=$(ls "${INCDIR}/${jail}")
     if [ -f "${CONFDIR}/${jail}" ]; then
         keepfile="${CONFDIR}/.keep-${jail}"

From 29f4fd6e960255ae1eee1a644fc9b774b520d752 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Tue, 8 Jan 2019 16:29:03 +0100
Subject: [PATCH 47/52] Do not create dirs in bkctld script

---
 bkctld           | 1 -
 lib/bkctld-init  | 1 +
 lib/bkctld-stats | 1 +
 3 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/bkctld b/bkctld
index d50e8e8..f9748b8 100755
--- a/bkctld
+++ b/bkctld
@@ -16,7 +16,6 @@ set -u
 [ -d '/usr/lib/bkctld' ] && LIBDIR='/usr/lib/bkctld'
 . "${LIBDIR}/config"
 
-mkdir -p "${CONFDIR}" "${JAILDIR}" "${INCDIR}" "${INDEX_DIR}"
 subcommand="${1:-}"
 jail="${2:-}"
 option="${3:-}"
diff --git a/lib/bkctld-init b/lib/bkctld-init
index 29fe670..35c59dc 100755
--- a/lib/bkctld-init
+++ b/lib/bkctld-init
@@ -12,6 +12,7 @@ if [ ! -n "${jail}" ]; then
 fi
 [ -d "${JAILDIR}/${jail}" ] && error "${jail} : trying to create existant jail"
 
+mkdir -p "${CONFDIR}" "${JAILDIR}"
 sshd_config="${TPLDIR}/sshd_config"
 inctpl="${TPLDIR}/inc.tpl"
 [ -f "${LOCALTPLDIR}/sshd_config" ] && sshd_config="${LOCALTPLDIR}/sshd_config"
diff --git a/lib/bkctld-stats b/lib/bkctld-stats
index 896b195..93b46e9 100755
--- a/lib/bkctld-stats
+++ b/lib/bkctld-stats
@@ -6,6 +6,7 @@
 
 LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
 
+mkdir -p "${INDEX_DIR}"
 lsof "${IDX_FILE}" >/dev/null 2>&1 || nohup sh -s -- <<EOF >/dev/null 2>&1 &
 ionice -c3 "${DUC}" index -d "${IDX_FILE}" "${JAILDIR}"
 touch "${INDEX_DIR}/.lastrun.duc"

From 835ccc5729ee23978b1c221e374fbc3936dad6d9 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Wed, 16 Jan 2019 16:19:09 +0100
Subject: [PATCH 48/52] Fix shell error on vagrant provision

---
 Vagrantfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Vagrantfile b/Vagrantfile
index a5c1926..8d0b67d 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -9,6 +9,7 @@ load File.expand_path(vagrantfile) if File.exists?(vagrantfile)
 
 Vagrant.configure('2') do |config|
   config.vm.synced_folder "./", "/vagrant", type: "rsync", rsync__exclude: [ '.vagrant', '.git' ]
+  config.ssh.shell="/bin/sh"
 
   config.vm.provider :libvirt do |libvirt|
     libvirt.storage :file, :size => '10G', :device => 'vdb'

From cdcedbd141c0f6aedc97a6d8ef09f41d39a07192 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20S?= <bserie@evolix.fr>
Date: Mon, 21 Jan 2019 14:42:02 +0100
Subject: [PATCH 49/52] Break line for contributors header infos

---
 zzz_evobackup | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/zzz_evobackup b/zzz_evobackup
index 5524448..6292a79 100755
--- a/zzz_evobackup
+++ b/zzz_evobackup
@@ -4,7 +4,9 @@
 # See https://gitea.evolix.org/evolix/evobackup
 # 
 # Author: Gregory Colpart <reg@evolix.fr>
-# Contributor: Romain Dessort <rdessort@evolix.fr>, Benoît Série <bserie@evolix.fr>, Tristan Pilat <tpilat@evolix.fr>, Victor Laborie <vlaborie@evolix.fr>,  Jérémy Lecour <jlecour@evolix.fr>
+# Contributors: Romain Dessort <rdessort@evolix.fr>, Benoît Série
+# <bserie@evolix.fr>, Tristan Pilat <tpilat@evolix.fr>, Victor Laborie
+# <vlaborie@evolix.fr>,  Jérémy Lecour <jlecour@evolix.fr>
 # Licence: AGPLv3
 #
 # The following variables must be changed:

From 3222ee3145b708e4cb6ffda0593d4fed81528f9e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20S?= <bserie@evolix.fr>
Date: Mon, 21 Jan 2019 14:44:30 +0100
Subject: [PATCH 50/52] Break line after every contributor name

---
 zzz_evobackup | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/zzz_evobackup b/zzz_evobackup
index 6292a79..6e3d2d7 100755
--- a/zzz_evobackup
+++ b/zzz_evobackup
@@ -4,9 +4,13 @@
 # See https://gitea.evolix.org/evolix/evobackup
 # 
 # Author: Gregory Colpart <reg@evolix.fr>
-# Contributors: Romain Dessort <rdessort@evolix.fr>, Benoît Série
-# <bserie@evolix.fr>, Tristan Pilat <tpilat@evolix.fr>, Victor Laborie
-# <vlaborie@evolix.fr>,  Jérémy Lecour <jlecour@evolix.fr>
+# Contributors:
+# Romain Dessort <rdessort@evolix.fr>
+# Benoît Série <bserie@evolix.fr>
+# Tristan Pilat <tpilat@evolix.fr>
+# Victor Laborie <vlaborie@evolix.fr>
+# Jérémy Lecour <jlecour@evolix.fr>
+#
 # Licence: AGPLv3
 #
 # The following variables must be changed:

From 77fe70aa7023f080fabc21b29bda6badf62e900a Mon Sep 17 00:00:00 2001
From: Patrick Marchand <pmarchand+git@evolix.ca>
Date: Tue, 29 Jan 2019 10:48:52 -0500
Subject: [PATCH 51/52] Fix default bkctld.conf path in docs

---
 bkctld.8              | 6 +++---
 bkctld.conf.5         | 2 +-
 docs/configuration.md | 2 +-
 docs/usage.md         | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/bkctld.8 b/bkctld.8
index ae8d2f6..a162bb8 100644
--- a/bkctld.8
+++ b/bkctld.8
@@ -28,8 +28,8 @@ Prior backups are stored incrementally outside of the
 .Xr chroot 8
 using
 .Xr ln 1
-hard links or BTRFS snapshots. 
-(So they can not be affected by the client), 
+hard links or BTRFS snapshots.
+(So they can not be affected by the client),
 which backups are kept over time can be configured in the jail's nominal
 .Xr evobackup-incl 5
 configuration file.
@@ -93,7 +93,7 @@ Remove old incremental backups
 .El
 .Sh FILES
 .Bl -tag -width Ds
-.It Pa /usr/share/bkctld/bkctld.conf
+.It Pa /etc/default/bkctld
 Template for
 .Xr bkctld.conf 5
 .It Pa /usr/share/bkctld/incl.tpl
diff --git a/bkctld.conf.5 b/bkctld.conf.5
index f281354..3e44bd3 100644
--- a/bkctld.conf.5
+++ b/bkctld.conf.5
@@ -14,7 +14,7 @@ file contains variables that override the behavior of the
 .Xr bkctld 8
 script.
 By default, it is located at
-.Pa /usr/share/bkctld/bkctld.conf .
+.Pa /etc/default/bkctld .
 .Pp
 Each line must be a valid
 .Xr bash 1
diff --git a/docs/configuration.md b/docs/configuration.md
index 310bdb9..7b9456e 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -17,7 +17,7 @@ file contains variables that override the behavior of the
 bkctld(8)
 script.
 By default, it is located at
-*/usr/share/bkctld/bkctld.conf*.
+*/etc/default/bkctld*.
 
 Each line must be a valid
 bash(1)
diff --git a/docs/usage.md b/docs/usage.md
index bb22e64..29c4589 100644
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -123,7 +123,7 @@ The following operands are available:
 
 # FILES
 
-*/usr/share/bkctld/bkctld.conf*
+*/etc/default/bkctld*
 
 > Template for
 > bkctld.conf(5)

From ae883e8ed02f3cb91b6f53e50f3569bb14a4893d Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Mon, 18 Feb 2019 11:32:20 +0100
Subject: [PATCH 52/52] Use mktemp for keepfile and rm it after usage (Fix #9)

---
 lib/bkctld-rm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/bkctld-rm b/lib/bkctld-rm
index 6770c57..1e79a36 100755
--- a/lib/bkctld-rm
+++ b/lib/bkctld-rm
@@ -22,7 +22,7 @@ echo "${$}" > "${pidfile}"
 for jail in $("${LIBDIR}/bkctld-list"); do
     incs=$(ls "${INCDIR}/${jail}")
     if [ -f "${CONFDIR}/${jail}" ]; then
-        keepfile="${CONFDIR}/.keep-${jail}"
+        keepfile="$(mktemp)"
         while read j; do
             date=$( echo "${j}" | cut -d. -f1 )
             before=$( echo "${j}" | cut -d. -f2 )
@@ -41,6 +41,7 @@ for jail in $("${LIBDIR}/bkctld-list"); do
             end=$(date +"%H:%M:%S")
             notice "${jail} : deleted ${j} inc [${start}/${end}]"
         done
+        rm "${keepfile}"
     fi
 done
 rmdir "${empty}"