firmware: switch to new update procedure #4500

plist

@@ -710,6 +710,7 @@
 /usr/local/opnsense/scripts/firmware/sets.sh
 /usr/local/opnsense/scripts/firmware/sync.sh
 /usr/local/opnsense/scripts/firmware/unlock.sh
+/usr/local/opnsense/scripts/firmware/update.sh
 /usr/local/opnsense/scripts/firmware/upgrade.sh
 /usr/local/opnsense/scripts/interfaces/dhclient-script
 /usr/local/opnsense/scripts/interfaces/list_arp.py

src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php

@@ -232,9 +232,13 @@ class FirmwareController extends ApiControllerBase
                 $response['status'] = 'error';
             } elseif (array_key_exists('updates', $response) && $response['updates'] != 0) {
                 if (!empty($target)) {
+                    /* XXX eventually we should return all updates AND release type change to make this look normal */
                     $response['status_msg'] = gettext('The release type requires an update.');
-                    $response['status_msg'] .= ' '; /* XXX eventually we should return all updates AND release type change to make this look normal */
-                    $response['status_msg'] .= gettext('All available updates must be installed in the background as well and this may include a reboot.');
+                    $response['status_msg'] = sprintf(
+                        '%s %s',
+                        $response['status_msg'],
+                        gettext('All available updates will be installed in the background as well.')
+                    );
                     $response['status_upgrade_action'] = 'rel';
                     $response['status'] = 'ok';
                 } else {
@@ -254,13 +258,13 @@ class FirmwareController extends ApiControllerBase
                             $download_size
                         );
                     }
-                    if ($response['upgrade_needs_reboot'] == 1) {
-                        $response['status_msg'] = sprintf(
-                            '%s %s',
-                            $response['status_msg'],
-                            gettext('This update requires a reboot.')
-                        );
-                    }
+                }
+                if ($response['upgrade_needs_reboot'] == 1) {
+                    $response['status_msg'] = sprintf(
+                        '%s %s',
+                        $response['status_msg'],
+                        gettext('This update requires a reboot.')
+                    );
                 }
             } elseif (array_key_exists('updates', $response) && $response['updates'] == 0) {
                 $response['status_msg'] = gettext('There are no updates available on the selected mirror.');
@@ -379,6 +383,25 @@ class FirmwareController extends ApiControllerBase
         return $response;
     }
 
+    /**
+     * perform (stable) update
+     * @return array status
+     * @throws \Exception
+     */
+    public function updateAction()
+    {
+        $backend = new Backend();
+        $response = array();
+        if ($this->request->isPost()) {
+            $response['msg_uuid'] = trim($backend->configdRun('firmware update', true));
+            $response['status'] = 'ok';
+        } else {
+            $response['status'] = 'failure';
+        }
+
+        return $response;
+    }
+
     /**
      * perform actual upgrade
      * @return array status

src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt

@@ -245,7 +245,11 @@
                     cssClass: 'btn-warning',
                     action: function(dialogRef){
                         dialogRef.close();
-                        backend('upgrade', {upgrade:$.upgrade_action});
+                        if ($.upgrade_action == 'maj') {
+                            backend('upgrade', {upgrade:$.upgrade_action});
+                        } else {
+                            backend('update');
+                        }
                     }
                 },{
                     label: "{{ lang._('Abort') }}",
@@ -255,7 +259,11 @@
                 }]
             });
         } else {
-            backend('upgrade', {upgrade:$.upgrade_action});
+            if ($.upgrade_action == 'maj') {
+                backend('upgrade', {upgrade:$.upgrade_action});
+            } else {
+                backend('update');
+            }
         }
     }
 
@@ -270,9 +278,6 @@
         });
     }
 
-    /**
-     * handle check/audit/upgrade status
-     */
     function trackStatus() {
         ajaxGet('/api/core/firmware/upgradestatus', {}, function(data, status) {
            if (status != 'success') {

src/opnsense/scripts/firmware/check.sh

@@ -285,10 +285,7 @@ fi
             done < ${OUTFILE}
           fi
 
-            # the main update from package will provide this during upgrade
-            if [ "${product_id}" != "${product_target}" ]; then # XXX unhide later
-              base_to_reboot=
-            elif [ -z "$base_to_reboot" ]; then
+            if [ -z "$base_to_reboot" ]; then
               if opnsense-update -cbf; then
                   base_to_reboot="$(opnsense-update -v)"
               fi
@@ -304,6 +301,7 @@ fi
                   packages_upgraded=$packages_upgraded", {\"name\":\"base\","
                 fi
                 packages_upgraded=$packages_upgraded"\"size\":\"$base_is_size\","
+                packages_upgraded=$packages_upgraded"\"repository\":\"${UPSTREAM}\","
                 packages_upgraded=$packages_upgraded"\"current_version\":\"$base_to_delete\","
                 packages_upgraded=$packages_upgraded"\"new_version\":\"$base_to_reboot\"}"
                 updates=$(expr $updates + 1)
@@ -311,10 +309,7 @@ fi
               fi
             fi
 
-            # the main update from package will provide this during upgrade
-            if [ "${product_id}" != "${product_target}" ]; then # XXX unhide later
-              kernel_to_reboot=
-            elif [ -z "$kernel_to_reboot" ]; then
+            if [ -z "$kernel_to_reboot" ]; then
               if opnsense-update -cfk; then
                   kernel_to_reboot="$(opnsense-update -v)"
               fi
@@ -330,6 +325,7 @@ fi
                   packages_upgraded=$packages_upgraded", {\"name\":\"kernel\","
                 fi
                 packages_upgraded=$packages_upgraded"\"size\":\"$kernel_is_size\","
+                packages_upgraded=$packages_upgraded"\"repository\":\"${UPSTREAM}\","
                 packages_upgraded=$packages_upgraded"\"current_version\":\"$kernel_to_delete\","
                 packages_upgraded=$packages_upgraded"\"new_version\":\"$kernel_to_reboot\"}"
                 updates=$(expr $updates + 1)
@@ -352,8 +348,8 @@ cat > ${JSONFILE} << EOF
 	"last_check":"$last_check",
 	"new_packages":[$packages_new],
 	"os_version":"$os_version",
-	"product_target":"$product_target",
 	"product_id":"$product_id",
+	"product_target":"$product_target",
 	"product_version":"$product_version",
 	"reinstall_packages":[$packages_reinstall],
 	"remove_packages":[$packages_removed],

src/opnsense/scripts/firmware/launcher.sh

@@ -39,6 +39,7 @@ resync
 security
 sync
 unlock
+update
 upgrade
 "
 

src/opnsense/scripts/firmware/update.sh

@@ -0,0 +1,60 @@
+#!/bin/sh
+
+# Copyright (C) 2015-2021 Franco Fichtner <franco@opnsense.org>
+# Copyright (C) 2014 Deciso B.V.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice,
+#    this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+PKG_PROGRESS_FILE=/tmp/pkg_upgrade.progress
+
+# Truncate upgrade progress file
+: > ${PKG_PROGRESS_FILE}
+
+echo "***GOT REQUEST TO UPDATE***" >> ${PKG_PROGRESS_FILE}
+
+# figure out the release type from config
+SUFFIX="-$(pluginctl -g system.firmware.type)"
+if [ "${SUFFIX}" = "-" ]; then
+	SUFFIX=
+fi
+
+# update all installed packages
+opnsense-update -p >> ${PKG_PROGRESS_FILE} 2>&1
+
+# change the release type
+opnsense-update -t "opnsense${SUFFIX}" >> ${PKG_PROGRESS_FILE} 2>&1
+
+# restart the web server
+/usr/local/etc/rc.restart_webgui >> ${PKG_PROGRESS_FILE} 2>&1
+
+# if we can update base, we'll do that as well
+if opnsense-update -c >> ${PKG_PROGRESS_FILE} 2>&1; then
+	if opnsense-update -bk >> ${PKG_PROGRESS_FILE} 2>&1; then
+		echo '***REBOOT***' >> ${PKG_PROGRESS_FILE}
+		# give the frontend some time to figure out that a reboot is coming
+		sleep 5
+		/usr/local/etc/rc.reboot
+	fi
+fi
+
+echo '***DONE***' >> ${PKG_PROGRESS_FILE}

src/opnsense/service/conf/actions.d/actions_firmware.conf

@@ -66,6 +66,12 @@ parameters:
 type:script_output
 message:retrieve firmware execution status
 
+[update]
+command: /usr/sbin/daemon -f /usr/local/opnsense/scripts/firmware/launcher.sh update
+parameters:
+type:script
+message:Running firmware update
+
 [upgrade]
 command: /usr/sbin/daemon -f /usr/local/opnsense/scripts/firmware/launcher.sh upgrade
 parameters:%s