Skip to content

Releases: BastilleBSD/bastille

Bastille 0.11.20241022

22 Oct 17:45
@cedwards cedwards
0.11.20241022
cee6f20
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Bastille 0.11.20241022 Latest
Latest

What's Changed

New Contributors

Full Changelog: 0.10.20231125...0.11.20241017

Contributors

tedhen, yaazkal, and 5 other contributors
Assets 2
Loading

Bastille 0.10.20231125 - Thanksgiving 2023

26 Nov 02:48
@cedwards cedwards
0.10.20231125
3a4ebc6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Bastille 0.10.20231125 - Thanksgiving 2023 Pre-release
Pre-release

We're Thankful For First-Time Contributors!

This release had eight first-time contributors. Thank you for becoming a part of Bastille history. Welcome to the club!

New Contributors

Release Highlights

Support BETA and RC branches

Bastille now supports bootstrapping and testing FreeBSD BETA and RC branches. While we didn't get this out in time for 14.0-RELEASE, this will be a great way to help test future releases.

Example:

bastille bootstrap 14.0-RC4
bastille bootstrap 14.0-BETA1

Support EOL releases (>=9.0-RELEASE)

In addition to BETA and RC releases, Bastille now supports bootstrapping EOL releases all the way back to FreeBSD 9.0-RELEASE! Documentation on how to bootstrap EOL releases is now found in the Bastille bootstrap documentation.

Example:

export BASTILLE_URL_FREEBSD=http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/
bastille bootstrap 11.1-RELEASE
bastille bootstrap 12.2-RELEASE

sysrc bastille_rcorder=YES

This release introduces an improvement to the Bastille startup script that supports an alternative startup/shutdown ordering of jails using rcorder. The existing bastille_list="jail1 jail2 jail3" is still supported, but alternatively you can use bastille_rcorder=YES instead to dynamically build the startup/shutdown list. If you enable bastille_rcorder, disable bastille_list.

Example:

sysrc bastille_enable=YES
sysrc bastille_rcorder=YES

This method will ignore any jail with # KEYWORD: nostart in the jail.conf. Additionally, it will build dependencies using the # REQUIRE: foo and # PROVIDE: foo syntax. See #629 for details.

beta/jail.conf

# KEYWORD: nostart
beta {
...
}

alpha/jail.conf

# REQUIRE: db
alpha {
...
}

db/jail.conf

# PROVIDE: db
db {
...
}

What this means is you can define jail dependencies by adding # PROVIDE: and # REQUIRE: statements to jail.conf files.

bastille rcp

Bastille now includes an rcp sub-command. Reverse-copy, for when you want to copy files from containers back to the host.
This command should essentially do the opposite of the cp sub-command.

osrelease

Bastille now sets osrelease = ${RELEASE}; in jail.conf for new containers. This variable will be set to match the jail's FreeBSD release. The result of this change means uname -r will properly report jail release version instead of host release version.

combine create options

Bastille now supports combining create options.

Example:

 bastille create -CV 01-clone-vnet 14.0-RELEASE DHCP em0 
 bastille create -TB 01-thick-bridge 14.0-RELEASE DHCP bridge0
 bastille create -TV 01-thick-vnet 14.0-RELEASE DHCP em0
 bastille create -CB 01-clone-bridge 14.0-RELEASE DHCP bridge0

Note: combined options are supported in any order (-CV|-VC), (-TB|-BT), etc and each respective base template should be applied.

bastille setup vnet

Bastille setup will now populate an /etc/devfs.rules file for use with VNET jails. The file will include these rules:

[bastille_vnet=13]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add include $devfsrules_jail
add include $devfsrules_jail_vnet
add path 'bpf*' unhide

bastille_zfs_enable=([Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)

Long overdue, Bastille no longer includes any tests looking for a hard-coded uppercase "YES" when testing whether ZFS is enabled. It now uses a standard test throughout the code that runs a simple checkyesno function. This function tests for any combination of upper and/or lowercase values for: yes, true, on, 1 for enabled. It will treat any combination of upper and/or lowercase values for no, false, off, 0 for disabled. Anything else reports that the value is not properly configured.

Documentation Updates

We've made a number of updates to the Bastille documentation. New and upgraded documents include:

  • iocage migration example
  • notes regarding container MOTD, uname and the use of .hushlogin
  • examples on how to compile ports inside containers
  • documented the "official" container upgrade/downgrade process
  • bootstrap EOL releases of FreeBSD (>=9.0-RELEASE)

As always, the latest documentation can be found at https://docs.bastillebsd.org

Merged Changes

Full Changelog: 0.10.20231013...0.10.20231125

Contributors

adriel-tech, smortex, and 9 other contributors
Assets 2
Loading

Worth The Wait

17 Oct 18:43
@cedwards cedwards
0.10.20231013
a0d6d58
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Worth The Wait Pre-release
Pre-release

Bastille Version 0.10.20231013 Release Announcement

Greetings!

I am excited to announce the long-awaited release of Bastille version 0.10.20231013. This release has been worth the wait, and I'm thrilled to present you with a host of great improvements.

The astute reader may notice that much of these release notes are similar or duplicated from the previous release. Good eye. The previous release, 0.10.20230714, was tagged and published but never packaged for FreeBSD ports. Due to lack of time and resources surrounding that release, it was primarily used by testers but never released more widely.

Well, I'm pleased now to re-release those changes (with a few minor improvements) to a wider audience and give them the credit they are due. Some great work went into making this the best version of Bastille to date. I truly hope you enjoy!

I want to express my gratitude to everyone who contributed to this project, including the sixteen first-time contributors. Your time and effort have played a vital role in shaping this release, and I appreciate your dedication to improving Bastille.

Thank you for your continued support, and I hope you enjoy using Bastille version 0.10.20231013. It's my commitment to keep improving and simplifying container management on FreeBSD.

Christer

Improvements & New Features

Dual Stack Networking

One of the major highlights of this release is the introduction of Dual Stack Networking. You can now create containers with both IPv4 and IPv6 stacks, opening up new possibilities for networking configurations. We've also added DHCP support, making it easier than ever to manage IP addresses within your containers.

Important changes:

  • we now support passing "DHCP" in the IP parameter.
  • we also support "SLAAC" as a value for the IP parameter, which enables accepting route advertisement
  • fixed an oddity in the way the gateway was being handled for IPv6 (in certain cases it was being passed as the GATEWAY template parameter
  • allow passing multiple values to the IP parameter, this would work as a quoted parameter that means that, e.g. bastille create -V test 13.2-RELEASE "SLAAC DHCP" is possible and creates a dual-stack jail
  • passing both DHCP, SLAAC and fixed IPs is also possible, but only one IP per protocol number is supported; last one wins

bastille setup [--help]

We understand that setting up Bastille hosts for the first time can take a little time. No more! We're introducing the new bastille setup command. This command automates the initial configuration of firewall settings, networking, and ZFS storage, streamlining the setup process.

You can use this command for individual components (zfs, pf, bastille0) or run it without arguments to configure all options at once.

Note: This command is new. Please double-check the configuration and provide us any feedback you can on improving this new utility.

Usage: bastille setup [pf|bastille0|zfs|vnet]

Extended Linux Support

Bastille continues to push boundaries by supporting experimental Linux containers. In this release, we've extended our Linux container support with two exciting additions:

  • Ubuntu Jammy (22.04) support has been added, allowing you to containerize applications on the latest Ubuntu release.
  • Debian 12 "Bookworm" support is now available for those who prefer Debian-based systems.
  • Please note that support for Debian 9 "Stretch" has been dropped in this release.

Getting started with these Linux containers is as simple as using the following commands:

  • bastille bootstrap jammy (for Ubuntu 22.04)
  • bastille bootstrap bookworm (for Debian 12)

bastille tags [--help]

We've added a new tags sub-command for tagging containers. You can use this to add arbitrary tags to your containers for internal labeling and tracking.

bastille tags --help
Usage: bastille tags TARGET add tag1[,tag2,...]
       bastille tags TARGET delete tag1[,tag2,...]
       bastille tags TARGET list [tag]

bastille pkg -H

The pkg sub-command can now be used with -H or --host to use the host's package manager instead of the in-jail pkg binary, offering more flexibility.

To keep your containers even more lightweight, use bastille pkg -H TARGET .... The container will not need to install the pkg binary or use container storage / resources to track packages. All container packages are tracked by the host.

bastille pkg -H ALL upgrade

Additional Enhancements

We haven't stopped there. This release also brings several miscellaneous improvements:

  • When installing Bastille from source code using the make install method, the bastille version variable will now match the commit hash, providing better version tracking.
  • We've addressed regressions in cmd and VNET creation to ensure smoother operations.
  • Our documentation has received extensive updates, making it easier for you to find the information you need. The README has been cleaned up and migrated to the docs website.

What's Changed

Full Changelog: 0.10.20230714...0.10.20231013

Contributors

cedwards and bmac2
Assets 2
Loading

Bastille Day 2023

15 Jul 04:20
@cedwards cedwards
0.10.20230714
61e7084
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Bastille Day 2023 Pre-release
Pre-release

0.10.20230714 - Bastille Day 2023

This release is long overdue but I couldn't let another Bastille Day come and go without publishing the latest fixes and features. Changes in this release include nearly a years worth of fixes, feedback and features. Thank you to everyone that contributed to this project including the sixteen first-time contributors. I appreciate your time and effort to improve Bastille!

Dual Stack Networking

Support now added to create containers with ip4 and ip6 stack. DHCP also supported.

bastille setup command

New bastille setup command automates the initial configuration of firewall, networking and ZFS storage.
You can use this for individual components (zfs, pf, bastille0) or use without arguments for all options.
Hopefully this simplifies the process of configuring new Bastille hosts.

note: For best results, check and define configuration in your bastille.conf before running setup.
Usage: bastille setup [pf|bastille0|zfs|vnet]

Extended Linux Support

Bastille continues to support experimental Linux containers. This has now been extended with two more releases.

  • Ubuntu Jammy (2204) support added.
  • Debian 12 "Bookworm" support added.
  • Support for Debian 9 "Stretch" was dropped.

bastille bootstrap jammy (Ubuntu 2204)
bastille bootstrap bookworm (Debian 12)

Misc:

  • Using make install method to install Bastille from source code will now rewrite the bastille version variable to match the commit hash.
  • Added new tags sub-command for tagging containers.
  • pkg sub-command can now be used with -H or --host to use host pkg manager instead of in-jail pkg binary.
  • fixed regressions in cmd and VNET creation
  • lots of documentation improvements

What's Changed

  • bugfix for cmd when using ALL target by @cedwards in #531
  • Update the exec.* with uniq_epair when cloning jails by @JRGTH in #530
  • update versions from 12.x to 13.x by @cedwards in #532
  • Enable colour only when writing to a tty by @cqexbesd in #533
  • Updated "export" sub-command docs (0.9.20220216) by @tofazzz in #543
  • [WIP] [feedback required] Improve dualstack and IPv6 support on jail creation by @evilham in #435
  • Advanced Mount Types Support by @JartX in #549
  • PKG::ADDED:: return error code and print error message when 'bastille pkg' fails by @frikilax in #553
  • Fixed typo in README.md by @Stormle in #550
  • Document Bastille VNET on GCP by @patmaddox in #539
  • Minor Changes by @cqexbesd in #536
  • Makefile install target updates version to match git rev of HEAD by @cedwards in #554
  • fixes #389 regarding shutdown order by @cedwards in #556
  • fixing regression in create.sh for Linux containers by @cedwards in #558
  • Updating the Docs for Clouds with IPV6 networking. by @PythonLinks in #546
  • Use "bastille config" to get ipv4.addr. by @chriswells0 in #559
  • Make pf table name and external interface configurable. by @chriswells0 in #560
  • Fix bug in ip-in-use test by @web-vertalo in #561
  • Make parsing on jail.conf more robust by @cqexbesd in #534
  • Accept ssh git addresses in bootstrap by @nwisemanII in #566
  • Rename command now affects name of created vnet interfaces by @UrsusDominatus in #572
  • Added zfs_destroy_snapshot functionality by @Efiartes in #564
  • Fix link by @drbrain in #573
  • Add "tags" subcommand to add /delete / list tags by @bsdlme in #578
  • Sort bastille usage ouput and update README.md for newer FreeBSD releases by @bsdlme in #579
  • add ipv6 rdr support by @android-ucet in #580
  • Updates for HardenedBSD Installer URL updates by @shirkdog in #581
  • Fix missing version by @JRGTH in #585
  • Add missing spaces for consistency by @JRGTH in #586
  • [FIX] Support ALL in pkg command when using the -H or --host option. by @yaazkal in #588
  • fix rdr issue detecting IP6 when disabled or not set by @cedwards in #592
  • /etc/pf.conf path for rdr.sh set by a variable in bastille configuration by @skenizen in #595
  • Updated supported Linux releases by @gqgunhed in #593
  • Added initial upgrading documentation. by @tobiastom in #590
  • list cmd enhancement by @JRGTH in #587
  • 2023 release by @cedwards in #596

New Contributors

Full Changelog: 0.9.20220714...0.10.20230101

Contributors

patmaddox, drbrain, and 21 other contributors
Assets 2
Loading

Bastille Day 2022

14 Jul 03:38
@cedwards cedwards
0.9.20220714
da377f4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Bastille Day 2022 Pre-release
Pre-release

0.9.20220714 - Bastille Day

This release includes five months of contributions from the Bastille community. Fixes include improvements to IP6 support, documentation, VNET improvements and more.

We're excited to welcome 7 new contributors with this release. Thank you!

What's Changed

  • Update bootstrap.rst by @fellmoon in #511
  • Add variable JAIL_IP6 to access ip6.addr in templates by @ddowse in #515
  • fix non-unique epair creation when using vnet by @ellislm in #507
  • Allow Linux jails to see their mount points by @ctuffli in #505
  • Extend RDR to support logging by @nmurali94 in #502
  • Permit outgoing network connections during stop action by @eborisch in #500
  • Repair table, fix incorrect descriptions by @cyrilst in #510
  • Allow 'bastille cmd' on Linux jails by @JRGTH in #520
  • The text speaks of defining an OVERLAY but the example uses CP. by @boogiewookie in #526
  • Avoid cache/RELEASE dirs creation on Linux jails by @JRGTH in #519

New Contributors

Full Changelog: 0.9.20220216...0.9.20220714

Contributors

ctuffli, boogiewookie, and 7 other contributors
Assets 2
Loading

0.9.20220216

17 Feb 06:43
@cedwards cedwards
0.9.20220216
ff7de91
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
0.9.20220216 Pre-release
Pre-release

0.9.20220216

This release fixes a regression in VNET creation, adds support for ZFS clone jails and allows listing point releases.

ZFS Clone Jail

bastille create -C alcatraz 13.0-RELEASE 10.17.89.99 bastille0

Include Point Releases

bastille list release -p

What's Changed

New Contributors

Full Changelog: 0.9.20211225...0.9.20220216

Contributors

gogolok, robarnold, and 5 other contributors
Assets 2
Loading

Happy Holidays 2021

25 Dec 04:06
@cedwards cedwards
0.9.20211225
00d9e03
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Happy Holidays 2021 Pre-release
Pre-release

Bastille 0.9.20211225 "Happy Holidays"

Happy Holidays! Bastille development continues with five months of new features and fixes! These release notes outline the changes you can expect to find in our latest version.

More Linux Improvements

This release adds additional experimental support for Debian 11 "Bullseye", Debian 10 "Buster", Debian 9 "Stretch", Ubuntu 18.04 "Bionic" and Ubuntu 20.04 "Focal". Linux support is maturing thanks to feedback and contributions from the community!

What's more, the CMD and PKG sub-commands support these Linux releases!

These changes open up initial support for using templates with Linux containers. Currently limited to CMD and PKG only.

Note: this release updates the bastille.conf. If you are upgrading please merge config changes.

Debian releases

Bullseye

bastille bootstrap bullseye
bastille create -L debian11 bullseye 10.17.89.11

Buster

bastille bootstrap buster
bastille create -L debian10 buster 10.17.89.10

Stretch

bastille bootstrap stretch
bastille create -L debian9 stretch 10.17.89.9

Ubuntu releases

Bionic

bastille bootstrap bionic
bastille create -L ubuntu18 bionic 10.17.89.18

Focal

bastille bootstrap focal
bastille create -L ubuntu20 focal 10.17.89.20

Improvements have also been made to simplify future Linux additions to the codebase.

Linux support for PKG

The pkg sub-command now supports Ubuntu & Debian containers by using apt transparently inside the container.

bastille pkg debian11 upgrade

Linux support for CMD

The cmd sub-command now supports Ubuntu & Debian containers.

bastille cmd debian11 ps -ef

New PKG option

The pkg sub-command now optionally supports using the hosts package manager instead of the container pkg binary.

bastille pkg -H alcatraz upgrade
bastille pkg --host alcatraz install htop

Exit Codes

CMD now returns exit code for individual jails and ALL jails.

If CMD is executed against ALL jails and any return an error the command will return exit code 1. All jails need to return 0 for the command to return 0.

Timezone settings

Bastille will now use the timezone configured on the host unless otherwise defined in the bastille.conf.

VNET Improvements

This release adds more options to VNET containers including descriptions and usage of existing bridge interfaces.

VNET Bridge

The create command now supports a -B option to attach a VNET container to an existing bridge.

bastille create -B alcatraz 13.0-RELEASE 192.168.1.5/24 bridge0

VNET descriptions

VNET interfaces will now be given an interface description including the container name. This will help map containers with interfaces in VNET configurations.

Template Improvements

recursive verify

When using bastille verify against a template that contains an INCLUDE statement Bastille will now recursively verify every template in the chain.

bastille update supports templates

You can now easily update templates using bastille update .... The syntax supports multiple options as described here:

Update all templates (using git)

bastille update TEMPLATES

Update the bastillebsd-templates/nginx template only

bastille update bastillebsd-templates/nginx

What's Changed

  • Fix creation of Linux jails by @cynix in #422
  • Fix minor typo in README by @yaazkal in #425
  • Refactor: Creates Linux jails bootstrap functions by @yaazkal in #426
  • Adds: Debian 9 (Stretch) as a release for linux jails by @yaazkal in #427
  • Added logic for setting ipv6_defaultrouter for vnet template by @FloGatt in #429
  • Adds: Debian 10 (Buster) as a release for linux jails by @yaazkal in #430
  • bastille cmd exit code not respected #272 by @yerrysherry in #303
  • improve NO_COLOR detection by @cedwards in #431
  • fix overloaded variable in mount command by @cedwards in #432
  • basic PKG support for ubuntu/debian containers by @cedwards in #433
  • Sets require NETWORKING in the rc script by @yaazkal in #436
  • Zfs support to docs by @Bennykillua in #453
  • fix image path for zfs support screenshot by @cedwards in #454
  • add zfs-support doc to toctree by @cedwards in #455
  • minor fix for docs path by @cedwards in #456
  • fixing issue with docs (conflict with docutils v0.18) by @cedwards in #457
  • Added code and -B option to "create" to allow creating/managing jails attached to external bridge by @draga79 in #465
  • Use the devfs_ruleset number from imported iocage jails by @robarnold in #461
  • add recursive verify for includes in Bastillefile by @w4andy in #452
  • Fix for issue #403 by @zilti in #442
  • Fixed to update_fstab() in clone.sh by @frikilax in #446
  • update vagrant to FreeBSD-13.0 and install git by @w4andy in #451
  • [REF] bootsrap: Removes code duplication to prevent future errors by @yaazkal in #466
  • Add a description to the host vnet interface by @robarnold in #459
  • TEMPLATE.SH::ADDED:: ability to apply templates using a custom directory path by @frikilax in #445
  • Use host's time zone by default for jails by @yaazkal in #467
  • use full path when calling jls binary by @cedwards in #469
  • hotfix for the VNET interface description patch by @cedwards in #471
  • easy way to update templates by @w4andy in #450
  • Extra validation for Linux jails, small changes by @JRGTH in #420
  • add Debian 11 'bullseye' to Linux supported list by @cedwards in #473
  • jls path fix + support using host package manager by @cedwards in #474
  • change new PKG option from -P to -H by @cedwards in #475
  • accidentally the jail name in run test by @cedwards in #476

New Contributors

Full Changelog: 0.9.20210714...0.9.20211225

Contributors

cynix, w4andy, and 10 other contributors
Assets 2
Loading

Bastille Day 2021

15 Jul 00:47
@cedwards cedwards
0.9.20210714
cc60df5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Bastille Day 2021 Pre-release
Pre-release

Bastille 0.9.20210714

Features

  • Initial support for Ubuntu 18.04 and 20.04.
  • Support for NO_COLOR environment variable. (#416 )
  • Preliminary support for MidnightBSD.
  • List extended to display Up/Down state, Published Ports and container release. (#396, #366 )

Fixes

  • CP sub-command now supports quiet (-q) option (#350 )
  • Improvements to import and export commands.
  • Fix to properly use jailed root environment for CMD. (#410 )
  • Fix for BSD grep change in FreeBSD 13.0.

Ubuntu Jails

Example usage for creating a Linux container (Ubuntu). Supported releases are 18.04 (bionic) and 20.04 (focal).

bastille create -L ubuntu focal 10.17.89.90

NO_COLOR

Bastille now attempts to support the NO_COLOR environment variable. See https://no-color.org/.

Support for MidnightBSD

We've added support for MidnightBSD version 2.x including transparent support for mport (via standard PKG command).

bastille list -a

brick ~ # bastille list -a
 JID            State  IP Address       Published Ports  Hostname       Release          Path
 elasticsearch  Up     0.0.0.0          -                elasticsearch  13.0-RELEASE-p3  /usr/local/bastille/jails/elasticsearch/root
 fatso          Up     10.17.89.44      -                fatso          13.0-RELEASE-p3  /usr/local/bastille/jails/fatso/root
 folsom         Up     10.17.89.20      -                folsom         13.0-RELEASE-p3  /usr/local/bastille/jails/folsom/root
 ubuntu         Up     10.17.89.25      -                ubuntu         -                /usr/local/bastille/jails/ubuntu/root
Assets 2
Loading

New Year 2021 Bug Fix

16 Jan 03:40
@cedwards cedwards
0.8.20210115
113beb5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
New Year 2021 Bug Fix Pre-release
Pre-release

Bastille 0.8.20210115

This is a bug-fix release to address a few small issues discovered in the New Years release.

Primary fixes include:

  • rdr now persists by default & code cleanup (#313)
  • don't start empty jails by default (#311)

Be sure to merge changes into the the bastille.conf

Assets 2
Loading

New Year 2021

01 Jan 16:39
@cedwards cedwards
0.8.20210101
7c271df
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
New Year 2021 Pre-release
Pre-release

Bastille 0.8.20210101

I figured we should start out 2021 with a brand new Bastille release. Happy New Year!

This release increments the version number from 0.7.x to 0.8.x
Note: there is also a change to the bastille.conf in this release.

Bastille 0.8.20210101 brings a number of improvements, bug-fixes and new features. Details are included below.

Features

Default Templates

Bastille templates are now fully native. This means all new containers will automatically have one of the default templates applied when created. Default templates include: base, empty, thick, thin, and vnet.

bastille.conf changes

## Default Templates
bastille_template_base="default/base"                                 ## default: "default/base"
bastille_template_empty="default/empty"                            ## default: "default/empty"
bastille_template_thick="default/thick"                                ## default: "default/thick"
bastille_template_thin="default/thin"                                    ## default: "default/thin"
bastille_template_vnet="default/vnet"                                  ## default: "default/vnet"

Development RELEASE

Bastille now supports bootstrapping 13-CURRENT releases for testing and development. Note: container version(s) must be <= host version. ie; only bootstrap 13-CURRENT containers on 13-CURRENT hosts.

32bit containers on 64bit hosts

Bastille supports bootstrapping and running 32bit (i386) containers on 64bit (amd64) hosts. Use the --32bit|--i386 option when bootstrapping the release.

bastille bootstrap 12.2-RELEASE --32bit

Template ARGS

Bastille templates now support dynamic definition of variables. By default $JAIL_NAME and $JAIL_IP are defined.

Bastillefile

# With a default:
ARG user=root
# Without a default:
ARG domain
# Then used in subsequent values:
CMD echo "${username}@${domain}"

Values can also be applied dynamically at the time of applying the template:

bastille template webjail bastillebsd-templates/nginx --arg username=admin --arg domain=example.com

bastille config

Bastille now supports the config sub-command that allows you to get or set values in the jail.conf. This is a welcome addition for Postgres users that need sysvmsg=new. This can now be done dynamically.

Examples
bastille config TARGET set sysvmsg new
bastille config ALL get securelevel
bastille config TARGET set interface lagg0

Note: this can be used inside a Bastillefile to dynamically configure your containers.

Bastillefile

CONFIG set sysvmsg new
RESTART
PKG postgres...
SYSRC ...

bastille template --convert

With this release we are deprecating the previous hook syntax in favor of the Bastillefile format. For this reason we have included a simple conversion tool that will generate a Bastillefile within an existing template directory based on the legacy hook files.

bastille template --convert template/foo

Bug-fixes

  • bugfix for rctl limits (#289)
  • log rctl events to /var/log/messages (#292 )
  • bastille config sub-command for get/set jail.conf values (#283)
  • respect exec.fib in bastille console command (#290 )
  • convert old-style templates to Bastillefile format (#285)
  • default template VARS include ${JAIL_NAME} and ${JAIL_IP} #287)
  • new render sub-command to find replace Bastille-declared VARS in templates (#255)
  • support 32-bit bootstrap on 64-bit host (#229)
  • detect and report on actions requiring the container to be running (#251)
  • bugfix in Makefile installation (#256)
  • bugfix in overlay hook in Bastillefile (#231)
  • Bastillefile improvements; mount|fstab, copy|cp (#242), (#249)
  • template verify now supports Bastillefile (#236 )
  • support for -CURRENT bootstrap (on -CURRENT host) (#248 )
  • rdr rules now persistent between restarts (#268)
  • fix limits sub-command argument check (#232)
  • template failures now report failing component (#243)
  • fix for bootstrap + update regression (#246)
  • create and leverage global error functions (#250)
  • improvement to upgrade thick jails (#273)
  • template error reporting improvements (#243)
  • pf documentation now supports multi-IP hosts properly (#258)
Assets 2
Loading