History

Bastille has evolved over the years from a small collection of personal shell scripts into a secure container automation toolkit used on hardware ranging from the Raspberry Pi to “The Cloud”.

The early shell scripts evolved into a proof of concept in 2018 which evolved into what we use today.

Many of the automation concepts in Bastille come from lessons learned as a SaltStack contributor and package maintainer since 2011.

Bastille integrates security concepts taken from real-world experience as the Architect of HubbleStack in 2015, (which formed the initial engine for SaltStack SecOps).

Combining these security and automation best practices with FreeBSD‘s production tested container solution and you have Bastille.

Fast-forward to today and Bastille has seen improvements from open-source contributors around the world, making it more robust, more mature and better able to handle a wide range of use cases.

To everyone that has contributed to Bastille, thank you!

November 28, 2019

Thanksgiving 2019 (0.5.20191128)

Nov 28, 2019 – Present

CHANGELOG: This is a minor bug-fix release that improves the reliability of containers when using loopback-based networking. It also adds some safeguards against invalid network configurations and other minor cosmetic improvements.

November 25, 2019

Captain Jack (0.5.20191125)

Nov 25, 2019 – Nov 28, 2019

Features:

standalone “thick” containers now available (create -T|--thick ...)
Bastille Templates: now tested with GitLab CI/CD
Bastille Documentation has been updated and extended
bootstrap now supports optional update command to auto-patch release
Network config validation added to avoid disconnected containers

Fixes:

#49
#50
#53
#54
container target matching improved

October 25, 2019

Halcyon Days (0.4.20191025)

Oct 25, 2019 – Nov 25, 2019

Features:

Added support for FreeBSD 11.3-RELEASE, 12.1-RC1, 12.1-RC2 and 12.1-RELEASE.
Added option to assign network interface during container creation, if empty bastille obeys config file.
Added NIC validation.
Improved IP validation.
Added ability to destroy regex-matching base releases, cache content not affected.
Added validation for the ZFS parameters.

Fixes:

Fix for container and releases output listing.
Fix for prevent double distfile.txz file extraction on bootstrap.
Fix for missing subsequent directory creation for cache/*-RELEASE.
Fix for missing subsequent directory creation for releases/*-RELEASE.
Fix for chflags removal and container/release directory deletion if exist.
Minor code fixes.

July 14, 2019

Bastille Day (0.3.20190714)

Jul 14, 2019 – Oct 25, 2019

Happy Bastille Day! (Of course we had a release to celebrate)

Features:

[email protected] syntax now (optionally) supported during bastille create.
template system now supports INCLUDE and SERVICE.
/usr/local/bastille now 0750 to avoid unprivileged users from accessing Bastille files, container, releases, etc.
template hook CONFIG renamed to OVERLAY.
support for listing container(s), template(s), log(s), release(s).
only reload firewall on start/stop if loopback networking used.
ZFS sub-command additions of get|set|snapshot.

June 22, 2019

Support ZFS! (0.3.2019062202)

Jun 22, 2019 – Jul 14, 2019

Fixes:

fixes bootstrap regression in non-zfs installs
makes cp sub-command verbose (cp -av)
adds support for cloning templates from GitLab
code cleanup and formatting service sub-command added for managing services within container
verify sub-command documented properly