From 14416172b1d6fa547f0c81b1443d0d69f2ed8b7a Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Mon, 15 Feb 2021 11:33:44 +0100 Subject: [PATCH] firmware: switch to new update procedure #4500 --- plist | 1 + .../OPNsense/Core/Api/FirmwareController.php | 41 ++++++++++--- .../mvc/app/views/OPNsense/Core/firmware.volt | 15 +++-- src/opnsense/scripts/firmware/check.sh | 14 ++--- src/opnsense/scripts/firmware/launcher.sh | 1 + src/opnsense/scripts/firmware/update.sh | 60 +++++++++++++++++++ .../conf/actions.d/actions_firmware.conf | 6 ++ 7 files changed, 115 insertions(+), 23 deletions(-) create mode 100755 src/opnsense/scripts/firmware/update.sh diff --git a/plist b/plist index 0317b60c4..66061bc85 100644 --- a/plist +++ b/plist @@ -710,6 +710,7 @@ /usr/local/opnsense/scripts/firmware/sets.sh /usr/local/opnsense/scripts/firmware/sync.sh /usr/local/opnsense/scripts/firmware/unlock.sh +/usr/local/opnsense/scripts/firmware/update.sh /usr/local/opnsense/scripts/firmware/upgrade.sh /usr/local/opnsense/scripts/interfaces/dhclient-script /usr/local/opnsense/scripts/interfaces/list_arp.py diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php b/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php index a4794e0d7..f156457cd 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php +++ b/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php @@ -232,9 +232,13 @@ class FirmwareController extends ApiControllerBase $response['status'] = 'error'; } elseif (array_key_exists('updates', $response) && $response['updates'] != 0) { if (!empty($target)) { + /* XXX eventually we should return all updates AND release type change to make this look normal */ $response['status_msg'] = gettext('The release type requires an update.'); - $response['status_msg'] .= ' '; /* XXX eventually we should return all updates AND release type change to make this look normal */ - $response['status_msg'] .= gettext('All available updates must be installed in the background as well and this may include a reboot.'); + $response['status_msg'] = sprintf( + '%s %s', + $response['status_msg'], + gettext('All available updates will be installed in the background as well.') + ); $response['status_upgrade_action'] = 'rel'; $response['status'] = 'ok'; } else { @@ -254,13 +258,13 @@ class FirmwareController extends ApiControllerBase $download_size ); } - if ($response['upgrade_needs_reboot'] == 1) { - $response['status_msg'] = sprintf( - '%s %s', - $response['status_msg'], - gettext('This update requires a reboot.') - ); - } + } + if ($response['upgrade_needs_reboot'] == 1) { + $response['status_msg'] = sprintf( + '%s %s', + $response['status_msg'], + gettext('This update requires a reboot.') + ); } } elseif (array_key_exists('updates', $response) && $response['updates'] == 0) { $response['status_msg'] = gettext('There are no updates available on the selected mirror.'); @@ -379,6 +383,25 @@ class FirmwareController extends ApiControllerBase return $response; } + /** + * perform (stable) update + * @return array status + * @throws \Exception + */ + public function updateAction() + { + $backend = new Backend(); + $response = array(); + if ($this->request->isPost()) { + $response['msg_uuid'] = trim($backend->configdRun('firmware update', true)); + $response['status'] = 'ok'; + } else { + $response['status'] = 'failure'; + } + + return $response; + } + /** * perform actual upgrade * @return array status diff --git a/src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt b/src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt index 663a08684..7909d4bc4 100644 --- a/src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt +++ b/src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt @@ -245,7 +245,11 @@ cssClass: 'btn-warning', action: function(dialogRef){ dialogRef.close(); - backend('upgrade', {upgrade:$.upgrade_action}); + if ($.upgrade_action == 'maj') { + backend('upgrade', {upgrade:$.upgrade_action}); + } else { + backend('update'); + } } },{ label: "{{ lang._('Abort') }}", @@ -255,7 +259,11 @@ }] }); } else { - backend('upgrade', {upgrade:$.upgrade_action}); + if ($.upgrade_action == 'maj') { + backend('upgrade', {upgrade:$.upgrade_action}); + } else { + backend('update'); + } } } @@ -270,9 +278,6 @@ }); } - /** - * handle check/audit/upgrade status - */ function trackStatus() { ajaxGet('/api/core/firmware/upgradestatus', {}, function(data, status) { if (status != 'success') { diff --git a/src/opnsense/scripts/firmware/check.sh b/src/opnsense/scripts/firmware/check.sh index c964dc786..23f22c12e 100755 --- a/src/opnsense/scripts/firmware/check.sh +++ b/src/opnsense/scripts/firmware/check.sh @@ -285,10 +285,7 @@ fi done < ${OUTFILE} fi - # the main update from package will provide this during upgrade - if [ "${product_id}" != "${product_target}" ]; then # XXX unhide later - base_to_reboot= - elif [ -z "$base_to_reboot" ]; then + if [ -z "$base_to_reboot" ]; then if opnsense-update -cbf; then base_to_reboot="$(opnsense-update -v)" fi @@ -304,6 +301,7 @@ fi packages_upgraded=$packages_upgraded", {\"name\":\"base\"," fi packages_upgraded=$packages_upgraded"\"size\":\"$base_is_size\"," + packages_upgraded=$packages_upgraded"\"repository\":\"${UPSTREAM}\"," packages_upgraded=$packages_upgraded"\"current_version\":\"$base_to_delete\"," packages_upgraded=$packages_upgraded"\"new_version\":\"$base_to_reboot\"}" updates=$(expr $updates + 1) @@ -311,10 +309,7 @@ fi fi fi - # the main update from package will provide this during upgrade - if [ "${product_id}" != "${product_target}" ]; then # XXX unhide later - kernel_to_reboot= - elif [ -z "$kernel_to_reboot" ]; then + if [ -z "$kernel_to_reboot" ]; then if opnsense-update -cfk; then kernel_to_reboot="$(opnsense-update -v)" fi @@ -330,6 +325,7 @@ fi packages_upgraded=$packages_upgraded", {\"name\":\"kernel\"," fi packages_upgraded=$packages_upgraded"\"size\":\"$kernel_is_size\"," + packages_upgraded=$packages_upgraded"\"repository\":\"${UPSTREAM}\"," packages_upgraded=$packages_upgraded"\"current_version\":\"$kernel_to_delete\"," packages_upgraded=$packages_upgraded"\"new_version\":\"$kernel_to_reboot\"}" updates=$(expr $updates + 1) @@ -352,8 +348,8 @@ cat > ${JSONFILE} << EOF "last_check":"$last_check", "new_packages":[$packages_new], "os_version":"$os_version", - "product_target":"$product_target", "product_id":"$product_id", + "product_target":"$product_target", "product_version":"$product_version", "reinstall_packages":[$packages_reinstall], "remove_packages":[$packages_removed], diff --git a/src/opnsense/scripts/firmware/launcher.sh b/src/opnsense/scripts/firmware/launcher.sh index 6aa45c09f..cb93e5342 100755 --- a/src/opnsense/scripts/firmware/launcher.sh +++ b/src/opnsense/scripts/firmware/launcher.sh @@ -39,6 +39,7 @@ resync security sync unlock +update upgrade " diff --git a/src/opnsense/scripts/firmware/update.sh b/src/opnsense/scripts/firmware/update.sh new file mode 100755 index 000000000..cd32d7b4d --- /dev/null +++ b/src/opnsense/scripts/firmware/update.sh @@ -0,0 +1,60 @@ +#!/bin/sh + +# Copyright (C) 2015-2021 Franco Fichtner +# Copyright (C) 2014 Deciso B.V. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +PKG_PROGRESS_FILE=/tmp/pkg_upgrade.progress + +# Truncate upgrade progress file +: > ${PKG_PROGRESS_FILE} + +echo "***GOT REQUEST TO UPDATE***" >> ${PKG_PROGRESS_FILE} + +# figure out the release type from config +SUFFIX="-$(pluginctl -g system.firmware.type)" +if [ "${SUFFIX}" = "-" ]; then + SUFFIX= +fi + +# update all installed packages +opnsense-update -p >> ${PKG_PROGRESS_FILE} 2>&1 + +# change the release type +opnsense-update -t "opnsense${SUFFIX}" >> ${PKG_PROGRESS_FILE} 2>&1 + +# restart the web server +/usr/local/etc/rc.restart_webgui >> ${PKG_PROGRESS_FILE} 2>&1 + +# if we can update base, we'll do that as well +if opnsense-update -c >> ${PKG_PROGRESS_FILE} 2>&1; then + if opnsense-update -bk >> ${PKG_PROGRESS_FILE} 2>&1; then + echo '***REBOOT***' >> ${PKG_PROGRESS_FILE} + # give the frontend some time to figure out that a reboot is coming + sleep 5 + /usr/local/etc/rc.reboot + fi +fi + +echo '***DONE***' >> ${PKG_PROGRESS_FILE} diff --git a/src/opnsense/service/conf/actions.d/actions_firmware.conf b/src/opnsense/service/conf/actions.d/actions_firmware.conf index 0bc18fee9..6f2fd7814 100644 --- a/src/opnsense/service/conf/actions.d/actions_firmware.conf +++ b/src/opnsense/service/conf/actions.d/actions_firmware.conf @@ -66,6 +66,12 @@ parameters: type:script_output message:retrieve firmware execution status +[update] +command: /usr/sbin/daemon -f /usr/local/opnsense/scripts/firmware/launcher.sh update +parameters: +type:script +message:Running firmware update + [upgrade] command: /usr/sbin/daemon -f /usr/local/opnsense/scripts/firmware/launcher.sh upgrade parameters:%s