From 0f1484b3a2358f089f80a4c00fc393a9cbe4e562 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Tue, 16 Feb 2021 15:08:04 +0100 Subject: [PATCH] firmware: strict install policy using php version_compare() #4500 We have to see how this holds up in practice. Reinstall was considered as well for further protection but that might be even trickier depending on what locking and version tricks the user did to their install to retain a particular (working) state. --- src/opnsense/scripts/firmware/install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/opnsense/scripts/firmware/install.sh b/src/opnsense/scripts/firmware/install.sh index aec420ad1..7f51a90e5 100755 --- a/src/opnsense/scripts/firmware/install.sh +++ b/src/opnsense/scripts/firmware/install.sh @@ -26,7 +26,7 @@ # POSSIBILITY OF SUCH DAMAGE. PKG_PROGRESS_FILE=/tmp/pkg_upgrade.progress -PACKAGE=$1 +PACKAGE=${1} # Truncate upgrade progress file : > ${PKG_PROGRESS_FILE} @@ -38,8 +38,8 @@ if [ "${PACKAGE#os-}" != "${PACKAGE}" ]; then REPOVER=$(pkg rquery %v ${COREPKG}) # plugins must pass a version check on up-to-date core package - if [ "${REPOVER%_*}" != "${COREVER%_*}" ]; then - echo "Installation is out of date: please install system updates first." >> ${PKG_PROGRESS_FILE} 2>&1 + if ! php -r "exit(version_compare('${COREVER}','${REPOVER}') >= 0 ? 0 : 1);"; then + echo "Installation out of date. The update to ${COREPKG}-${REPOVER} is required." >> ${PKG_PROGRESS_FILE} 2>&1 echo '***DONE***' >> ${PKG_PROGRESS_FILE} exit fi