Merge branch 'master' into debian
This commit is contained in:
commit
75ac3fccc8
11
CHANGELOG.md
11
CHANGELOG.md
|
@ -18,6 +18,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
||||||
|
## [2.2.2] - 2020-04-19
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
* Reorganize temp files and lock files
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
|
||||||
|
* Properly call subcommands in bkctld-check-incs and bkctld-check-last-incs
|
||||||
|
* Log start time in bkctld-rm
|
||||||
|
|
||||||
## [2.2.1] - 2020-04-18
|
## [2.2.1] - 2020-04-18
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
2
Vagrantfile
vendored
2
Vagrantfile
vendored
|
@ -6,7 +6,7 @@ vagrantfile = File.join("#{Dir.home}", '.VagrantFile')
|
||||||
load File.expand_path(vagrantfile) if File.exists?(vagrantfile)
|
load File.expand_path(vagrantfile) if File.exists?(vagrantfile)
|
||||||
|
|
||||||
Vagrant.configure('2') do |config|
|
Vagrant.configure('2') do |config|
|
||||||
config.vm.synced_folder "./", "/vagrant", type: "rsync", rsync__exclude: [ '.vagrant', '.git' ]
|
config.vm.synced_folder "./", "/vagrant", type: "rsync", rsync__exclude: [ '.vagrant', '.git', 'build' ]
|
||||||
config.ssh.shell="/bin/sh"
|
config.ssh.shell="/bin/sh"
|
||||||
|
|
||||||
config.vm.provider :libvirt do |libvirt|
|
config.vm.provider :libvirt do |libvirt|
|
||||||
|
|
|
@ -21,7 +21,7 @@ if [ -b "${BACKUP_DISK}" ]; then
|
||||||
cryptsetup isLuks "${BACKUP_DISK}"
|
cryptsetup isLuks "${BACKUP_DISK}"
|
||||||
if [ "$?" -eq 0 ]; then
|
if [ "$?" -eq 0 ]; then
|
||||||
if [ ! -b '/dev/mapper/backup' ]; then
|
if [ ! -b '/dev/mapper/backup' ]; then
|
||||||
echo "Luks disk ${BACKUP_DISK} is not mounted !\n"
|
echo "Luks disk \`${BACKUP_DISK}' is not mounted !\n"
|
||||||
echo "cryptsetup luksOpen ${BACKUP_DISK} backup"
|
echo "cryptsetup luksOpen ${BACKUP_DISK} backup"
|
||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
|
@ -31,7 +31,7 @@ if [ -b "${BACKUP_DISK}" ]; then
|
||||||
# Verify that it's mounted and writable
|
# Verify that it's mounted and writable
|
||||||
findmnt --source ${BACKUP_DISK} -O rw > /dev/null
|
findmnt --source ${BACKUP_DISK} -O rw > /dev/null
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
echo "Backup disk ${BACKUP_DISK} is not mounted (or read-only) !\n"
|
echo "Backup disk \`${BACKUP_DISK}' is not mounted (or read-only) !\n"
|
||||||
echo "mount ${BACKUP_DISK} /backup"
|
echo "mount ${BACKUP_DISK} /backup"
|
||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -8,7 +8,7 @@ LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||||
# default return value is 0 (succes)
|
# default return value is 0 (succes)
|
||||||
rc=0
|
rc=0
|
||||||
# loop for each configured jail
|
# loop for each configured jail
|
||||||
for jail_name in $(bkctld list); do
|
for jail_name in $("${LIBDIR}/bkctld-list"); do
|
||||||
incs_policy_file=$(current_jail_incs_policy_file "${jail_name}")
|
incs_policy_file=$(current_jail_incs_policy_file "${jail_name}")
|
||||||
|
|
||||||
# Today in seconds from epoch
|
# Today in seconds from epoch
|
||||||
|
|
|
@ -8,7 +8,7 @@ LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||||
# default return value is 0 (succes)
|
# default return value is 0 (succes)
|
||||||
rc=0
|
rc=0
|
||||||
# loop for each found jail
|
# loop for each found jail
|
||||||
for jail_name in $(bkctld list); do
|
for jail_name in $("${LIBDIR}/bkctld-list"); do
|
||||||
incs_policy_file=$(current_jail_incs_policy_file "${jail_name}")
|
incs_policy_file=$(current_jail_incs_policy_file "${jail_name}")
|
||||||
|
|
||||||
if [ -n "${incs_policy_file}" ]; then
|
if [ -n "${incs_policy_file}" ]; then
|
||||||
|
|
|
@ -8,23 +8,12 @@
|
||||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||||
|
|
||||||
create_inc_btrfs() {
|
create_inc_btrfs() {
|
||||||
jail_name=$1
|
jail_name=${1:?}
|
||||||
inc_name=$2
|
inc_name=${2:?}
|
||||||
|
|
||||||
jail_path=$(jail_path "${jail_name}")
|
jail_path=$(jail_path "${jail_name}")
|
||||||
inc_path=$(inc_path "${jail_name}" "${inc_name}")
|
inc_path=$(inc_path "${jail_name}" "${inc_name}")
|
||||||
|
|
||||||
# The lock file prevents from starting a new copy when one is already being done
|
|
||||||
lock_file="${LOCKDIR}/inc-${jail_name}-${inc_name}.lock"
|
|
||||||
if [ -f "${lock_file}" ]; then
|
|
||||||
warning "${jail_name}: skipping '${inc_name}', it is already being created."
|
|
||||||
else
|
|
||||||
(
|
|
||||||
start=$(current_time)
|
|
||||||
mkdir --parents "${LOCKDIR}" && touch "${lock_file}"
|
|
||||||
# shellcheck disable=SC2064
|
|
||||||
trap "rm -f ${lock_file}" 0
|
|
||||||
|
|
||||||
if dry_run; then
|
if dry_run; then
|
||||||
echo "[dry-run] btrfs subvolume snapshot of ${jail_path} to ${inc_path}"
|
echo "[dry-run] btrfs subvolume snapshot of ${jail_path} to ${inc_path}"
|
||||||
else
|
else
|
||||||
|
@ -32,30 +21,14 @@ create_inc_btrfs() {
|
||||||
# create a btrfs readonly snapshot from the jail
|
# create a btrfs readonly snapshot from the jail
|
||||||
/bin/btrfs subvolume snapshot -r "${jail_path}" "${inc_path}" | debug
|
/bin/btrfs subvolume snapshot -r "${jail_path}" "${inc_path}" | debug
|
||||||
fi
|
fi
|
||||||
|
|
||||||
end=$(current_time)
|
|
||||||
notice "${jail_name}: inc '${inc_name}' has been created [${start}/${end}]"
|
|
||||||
)
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
create_inc_ext4() {
|
create_inc_ext4() {
|
||||||
jail_name=$1
|
jail_name=${1:?}
|
||||||
inc_name=$2
|
inc_name=${2:?}
|
||||||
|
|
||||||
jail_path=$(jail_path "${jail_name}")
|
jail_path=$(jail_path "${jail_name}")
|
||||||
inc_path=$(inc_path "${jail_name}" "${inc_name}")
|
inc_path=$(inc_path "${jail_name}" "${inc_name}")
|
||||||
|
|
||||||
# The lock file prevents from starting a new copy when one is already being done
|
|
||||||
lock_file="${LOCKDIR}/inc-${jail_name}-${inc_name}.lock"
|
|
||||||
if [ -f "${lock_file}" ]; then
|
|
||||||
warning "${jail_name}: skipping '${inc_name}', it is already being created."
|
|
||||||
else
|
|
||||||
(
|
|
||||||
start=$(current_time)
|
|
||||||
mkdir --parents "${LOCKDIR}" && touch "${lock_file}"
|
|
||||||
# shellcheck disable=SC2064
|
|
||||||
trap "rm -f ${lock_file}" 0
|
|
||||||
|
|
||||||
if dry_run; then
|
if dry_run; then
|
||||||
echo "[dry-run] copy of ${jail_path} to ${inc_path}"
|
echo "[dry-run] copy of ${jail_path} to ${inc_path}"
|
||||||
else
|
else
|
||||||
|
@ -63,11 +36,6 @@ create_inc_ext4() {
|
||||||
# create a copy of the jail with hard links
|
# create a copy of the jail with hard links
|
||||||
cp --archive --link --one-file-system "${jail_path}/" "${inc_path}"
|
cp --archive --link --one-file-system "${jail_path}/" "${inc_path}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
end=$(current_time)
|
|
||||||
notice "${jail_name}: in '${inc_name}' has been created [${start}/${end}]"
|
|
||||||
)
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
inc_name=$(date +"%Y-%m-%d-%H")
|
inc_name=$(date +"%Y-%m-%d-%H")
|
||||||
|
@ -79,17 +47,22 @@ for jail_name in $(jails_list); do
|
||||||
|
|
||||||
# If no incs policy is found, we don't create incs
|
# If no incs policy is found, we don't create incs
|
||||||
if [ -n "${incs_policy_file}" ]; then
|
if [ -n "${incs_policy_file}" ]; then
|
||||||
# If not incs directory is found, we don't create incs
|
# If no incs directory is found, we don't create incs
|
||||||
if [ ! -d "${inc_path}" ]; then
|
if [ ! -d "${inc_path}" ]; then
|
||||||
|
start=$(current_time)
|
||||||
|
|
||||||
if is_btrfs "${jail_path}"; then
|
if is_btrfs "${jail_path}"; then
|
||||||
create_inc_btrfs "${jail_name}" "${inc_name}"
|
create_inc_btrfs "${jail_name}" "${inc_name}"
|
||||||
else
|
else
|
||||||
create_inc_ext4 "${jail_name}" "${inc_name}"
|
create_inc_ext4 "${jail_name}" "${inc_name}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
end=$(current_time)
|
||||||
|
notice "${jail_name}: \`${inc_name}' has been created [${start}/${end}]"
|
||||||
else
|
else
|
||||||
warning "${jail_name}: skipping ${inc_name}, it already exists."
|
warning "${jail_name}: skipping \`${inc_name}', it already exists."
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
warning "${jail_name}: skipping ${inc_name}, incs policy not found."
|
notice "${jail_name}: skipping \`${inc_name}', incs policy not found."
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
|
@ -31,18 +31,18 @@ else
|
||||||
new_ips="0.0.0.0/0"
|
new_ips="0.0.0.0/0"
|
||||||
else
|
else
|
||||||
existing_ips=$("${LIBDIR}/bkctld-ip" "${jail_name}")
|
existing_ips=$("${LIBDIR}/bkctld-ip" "${jail_name}")
|
||||||
new_ips=$(echo "${existing_ips}" "${ip}" | xargs -n1 | grep -v "0.0.0.0/0" | sort | uniq)
|
new_ips=$(echo ${existing_ips} ${ip} | xargs -n1 | grep -v "0.0.0.0/0" | sort | uniq)
|
||||||
fi
|
fi
|
||||||
allow_users="AllowUsers"
|
allow_users="AllowUsers"
|
||||||
for ip in ${new_ips}; do
|
for new_ip in ${new_ips}; do
|
||||||
allow_users="${allow_users} root@${ip}"
|
allow_users="${allow_users} root@${new_ip}"
|
||||||
done
|
done
|
||||||
if grep -q -E "^AllowUsers" "${jail_sshd_config}"; then
|
if grep -q -E "^AllowUsers" "${jail_sshd_config}"; then
|
||||||
sed -i "s~^AllowUsers .*~${allow_users}~" "${jail_sshd_config}"
|
sed -i "s~^AllowUsers .*~${allow_users}~" "${jail_sshd_config}"
|
||||||
else
|
else
|
||||||
error "${jail_name}: No 'AllowUsers' directive found in '${jail_sshd_config}'"
|
error "${jail_name}: No \`AllowUsers' directive found in \`${jail_sshd_config}'"
|
||||||
fi
|
fi
|
||||||
notice "${jail_name}: IP whitelist updated to ${ip}"
|
notice "${jail_name}: IP whitelist updated with \`${ip}'"
|
||||||
"${LIBDIR}/bkctld-reload" "${jail_name}"
|
"${LIBDIR}/bkctld-reload" "${jail_name}"
|
||||||
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -22,8 +22,8 @@ if [ -z "${keyfile}" ]; then
|
||||||
cat "${jail_path}/${AUTHORIZED_KEYS}"
|
cat "${jail_path}/${AUTHORIZED_KEYS}"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
test -r "${keyfile}" || error "${jail_name}: SSH key '${keyfile}' is missing or is not readable."
|
test -r "${keyfile}" || error "${jail_name}: SSH key \`${keyfile}' is missing or is not readable."
|
||||||
cat "${keyfile}" > "${jail_path}/${AUTHORIZED_KEYS}"
|
cat "${keyfile}" > "${jail_path}/${AUTHORIZED_KEYS}"
|
||||||
chmod 600 "${jail_path}/${AUTHORIZED_KEYS}"
|
chmod 600 "${jail_path}/${AUTHORIZED_KEYS}"
|
||||||
notice "${jail_name}: SSH key has been updated with ${keyfile}"
|
notice "${jail_name}: SSH key has been updated with \`${keyfile}'"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -29,7 +29,7 @@ else
|
||||||
fi
|
fi
|
||||||
sed -i "s/^Port .*/Port ${port}/" "${jail_sshd_config}"
|
sed -i "s/^Port .*/Port ${port}/" "${jail_sshd_config}"
|
||||||
|
|
||||||
notice "${jail_name}: port has been updated to ${port}"
|
notice "${jail_name}: port has been updated to \`${port}'"
|
||||||
|
|
||||||
"${LIBDIR}/bkctld-reload" "${jail_name}"
|
"${LIBDIR}/bkctld-reload" "${jail_name}"
|
||||||
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
||||||
|
|
121
lib/bkctld-rm
121
lib/bkctld-rm
|
@ -7,71 +7,35 @@
|
||||||
# shellcheck source=./includes
|
# shellcheck source=./includes
|
||||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||||
|
|
||||||
delete_inc_btrfs() {
|
kill_or_clean_lockfile() {
|
||||||
jail_name=$1
|
lock_file=${1:-}
|
||||||
inc_name=$2
|
|
||||||
|
|
||||||
inc_path=$(inc_path "${jail_name}" "${inc_name}")
|
|
||||||
|
|
||||||
start=$(current_time)
|
|
||||||
|
|
||||||
if dry_run; then
|
|
||||||
echo "[dry-run] delete btrfs subvolume ${inc_path}"
|
|
||||||
else
|
|
||||||
/bin/btrfs subvolume delete "${inc_path}" | debug
|
|
||||||
fi
|
|
||||||
|
|
||||||
end=$(current_time)
|
|
||||||
notice "${jail_name}: inc '${inc_name}' has been deleted [${start}/${end}]"
|
|
||||||
}
|
|
||||||
delete_inc_ext4() {
|
|
||||||
jail_name=$1
|
|
||||||
inc_name=$2
|
|
||||||
|
|
||||||
inc_path=$(inc_path "${jail_name}" "${inc_name}")
|
|
||||||
|
|
||||||
lock_file="${LOCKDIR}/rm-global.lock"
|
|
||||||
if [ -f "${lock_file}" ]; then
|
if [ -f "${lock_file}" ]; then
|
||||||
# Get Process ID from the lock file
|
# Get Process ID from the lock file
|
||||||
pid=$(cat "${lock_file}")
|
pid=$(cat "${lock_file}")
|
||||||
|
if [ -n "${pid}" ]; then
|
||||||
if kill -0 ${pid} 2> /dev/null; then
|
if kill -0 ${pid} 2> /dev/null; then
|
||||||
# Kill the children
|
# Kill the children
|
||||||
pkill -9 --parent "${pid}"
|
pkill -9 --parent "${pid}"
|
||||||
# Kill the parent
|
# Kill the parent
|
||||||
kill -9 "${pid}"
|
kill -9 "${pid}"
|
||||||
# Remove the lock file
|
|
||||||
rm -f ${lock_file}
|
|
||||||
warning "Process ${pid} has been killed. Only one ${0} can run in parallel, the latest wins."
|
warning "Process ${pid} has been killed. Only one ${0} can run in parallel, the latest wins."
|
||||||
else
|
else
|
||||||
error "Empty lockfile '${lock_file}'. It should contain a PID."
|
warning "Process not found at PID \`${pid}'. Ignoring lock file \`${lock_file}'."
|
||||||
fi
|
fi
|
||||||
fi
|
|
||||||
|
|
||||||
mkdir --parents "${LOCKDIR}" && echo $$ > ${lock_file} || error "Failed to acquire lock file '${lock_file}'"
|
|
||||||
empty=$(mktemp -d --suffix ".${$}" bkctld.XXXXX)
|
|
||||||
# shellcheck disable=SC2064
|
|
||||||
trap "rm -f ${lock_file}; rmdir ${empty}" 0
|
|
||||||
|
|
||||||
if dry_run; then
|
|
||||||
echo "[dry-run] delete ${inc_path} with rsync from ${empty}"
|
|
||||||
else
|
else
|
||||||
rsync --archive --delete "${empty}/" "${inc_path}/"
|
error "Empty lockfile \`${lock_file}'. It should contain a PID."
|
||||||
rmdir "${inc_path}/"
|
fi
|
||||||
|
# Remove the lock file
|
||||||
|
rm -f ${lock_file}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
end=$(current_time)
|
|
||||||
notice "${jail_name}: inc '${inc_name}' has been deleted [${start}/${end}]"
|
|
||||||
}
|
}
|
||||||
|
incs_to_delete() {
|
||||||
|
jail_name=${1:?}
|
||||||
|
incs_policy_file=${2:?}
|
||||||
|
|
||||||
for jail_name in $(jails_list); do
|
incs_policy_keep_file=$(new_tmp_file "${jail_name}.incs_policy_keep")
|
||||||
incs_policy_file=$(current_jail_incs_policy_file ${jail_name})
|
incs_list_file=$(new_tmp_file "${jail_name}.incs_list")
|
||||||
|
|
||||||
# If not incs policy if found, we don't remove incs
|
|
||||||
if [ -n "${incs_policy_file}" ]; then
|
|
||||||
incs_policy_keep_file="$(mktemp)"
|
|
||||||
incs_list_file="$(mktemp)"
|
|
||||||
# shellcheck disable=SC2064
|
|
||||||
trap "rm -f ${incs_policy_keep_file} ${incs_list_file}" 0
|
|
||||||
|
|
||||||
# loop for each line in jail configuration
|
# loop for each line in jail configuration
|
||||||
for incs_policy_line in $(grep "^\+" ${incs_policy_file}); do
|
for incs_policy_line in $(grep "^\+" ${incs_policy_file}); do
|
||||||
|
@ -82,21 +46,80 @@ for jail_name in $(jails_list); do
|
||||||
for inc_name in $(incs_list "${jail_name}"); do
|
for inc_name in $(incs_list "${jail_name}"); do
|
||||||
echo "${inc_name}" >> ${incs_list_file}
|
echo "${inc_name}" >> ${incs_list_file}
|
||||||
done
|
done
|
||||||
|
|
||||||
# shellcheck disable=SC2046
|
# shellcheck disable=SC2046
|
||||||
incs_to_delete=$(grep -v -f "${incs_policy_keep_file}" "${incs_list_file}")
|
incs_to_delete=$(grep -v -f "${incs_policy_keep_file}" "${incs_list_file}")
|
||||||
|
|
||||||
|
rm -f "${incs_policy_keep_file}" "${incs_list_file}"
|
||||||
|
|
||||||
|
echo ${incs_to_delete}
|
||||||
|
}
|
||||||
|
delete_inc_btrfs() {
|
||||||
|
jail_name=$1
|
||||||
|
inc_name=$2
|
||||||
|
|
||||||
|
inc_path=$(inc_path "${jail_name}" "${inc_name}")
|
||||||
|
|
||||||
|
if dry_run; then
|
||||||
|
echo "[dry-run] delete btrfs subvolume ${inc_path}"
|
||||||
|
else
|
||||||
|
/bin/btrfs subvolume delete "${inc_path}" | debug
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
delete_inc_ext4() {
|
||||||
|
jail_name=$1
|
||||||
|
inc_name=$2
|
||||||
|
|
||||||
|
inc_path=$(inc_path "${jail_name}" "${inc_name}")
|
||||||
|
|
||||||
|
if dry_run; then
|
||||||
|
echo "[dry-run] delete ${inc_path} with rsync from empty directory"
|
||||||
|
else
|
||||||
|
empty=$(new_tmp_dir "empty")
|
||||||
|
rsync --archive --delete "${empty}/" "${inc_path}/"
|
||||||
|
rmdir "${inc_path}/"
|
||||||
|
rmdir "${empty}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
lock_file="${LOCKDIR}/rm-global.lock"
|
||||||
|
# shellcheck disable=SC2064
|
||||||
|
trap "rm -f ${lock_file}; cleanup_tmp;" 0
|
||||||
|
|
||||||
|
kill_or_clean_lockfile "${lock_file}"
|
||||||
|
new_lock_file "${lock_file}"
|
||||||
|
|
||||||
|
for jail_name in $(jails_list); do
|
||||||
|
incs_policy_file=$(current_jail_incs_policy_file ${jail_name})
|
||||||
|
# If no incs policy is found, we don't remove incs
|
||||||
|
if [ -n "${incs_policy_file}" ]; then
|
||||||
|
# shellcheck disable=SC2046
|
||||||
|
incs_to_delete=$(incs_to_delete "${jail_name}" "${incs_policy_file}")
|
||||||
|
|
||||||
if [ -n "${incs_to_delete}" ]; then
|
if [ -n "${incs_to_delete}" ]; then
|
||||||
debug "${jail_name}: incs to be deleted : $(echo "${incs_to_delete}" | tr '\n', ',' | sed 's/,$//')."
|
debug "${jail_name}: incs to be deleted : $(echo "${incs_to_delete}" | tr '\n', ',' | sed 's/,$//')."
|
||||||
for inc_name in ${incs_to_delete}; do
|
for inc_name in ${incs_to_delete}; do
|
||||||
|
start=$(current_time)
|
||||||
|
|
||||||
inc_path=$(inc_path "${jail_name}" "${inc_name}")
|
inc_path=$(inc_path "${jail_name}" "${inc_name}")
|
||||||
if is_btrfs "${inc_path}"; then
|
if is_btrfs "${inc_path}"; then
|
||||||
delete_inc_btrfs "${jail_name}" "${inc_name}"
|
delete_inc_btrfs "${jail_name}" "${inc_name}"
|
||||||
else
|
else
|
||||||
delete_inc_ext4 "${jail_name}" "${inc_name}"
|
delete_inc_ext4 "${jail_name}" "${inc_name}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
end=$(current_time)
|
||||||
|
notice "${jail_name}: inc \`${inc_name}' has been deleted [${start}/${end}]"
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
notice "${jail_name}: no inc to be deleted."
|
notice "${jail_name}: no inc to be deleted."
|
||||||
fi
|
fi
|
||||||
|
else
|
||||||
|
notice "${jail_name}: skipping jail because incs policy is missing."
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# Remove the lock file and cleanup tmp files
|
||||||
|
rm -f "${lock_file}"
|
||||||
|
cleanup_tmp
|
||||||
|
|
19
lib/includes
19
lib/includes
|
@ -177,6 +177,25 @@ relative_date() {
|
||||||
|
|
||||||
echo ${past_date}
|
echo ${past_date}
|
||||||
}
|
}
|
||||||
|
new_tmp_file() {
|
||||||
|
name=${1:-}
|
||||||
|
|
||||||
|
mktemp --tmpdir=/tmp "bkctld.${$}.${name}.XXXXX"
|
||||||
|
}
|
||||||
|
new_tmp_dir() {
|
||||||
|
name=${1:-}
|
||||||
|
|
||||||
|
mktemp --directory --tmpdir=/tmp "bkctld.${$}.${name}.XXXXX"
|
||||||
|
}
|
||||||
|
cleanup_tmp() {
|
||||||
|
find /tmp -name "bkctld.${$}.*" -delete
|
||||||
|
}
|
||||||
|
new_lock_file() {
|
||||||
|
lock_file=${1:-}
|
||||||
|
lock_dir=$(dirname "${lock_file}")
|
||||||
|
|
||||||
|
mkdir --parents "${lock_dir}" && echo $$ > ${lock_file} || error "Failed to acquire lock file '${lock_file}'"
|
||||||
|
}
|
||||||
|
|
||||||
setup_jail_chroot() {
|
setup_jail_chroot() {
|
||||||
jail_name=${1:?}
|
jail_name=${1:?}
|
||||||
|
|
Loading…
Reference in a new issue