From 264c28d1e34d3e2bf8b285d3e594384b27edbf95 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Thu, 12 Mar 2015 09:10:45 +0100 Subject: [PATCH] firmware: remove some obsolete parts of the firmware update system Fear not as we will reintroduce the functionality in the GUI using our new firmware update system which includes pkg(8)/opnsense-update(8). --- src/etc/inc/config.inc | 5 - src/etc/rc.firmware | 315 ------------------------------- src/etc/rc.firmware_auto | 86 --------- src/www/system_firmware.php | 17 +- src/www/system_firmware_auto.php | 10 +- 5 files changed, 4 insertions(+), 429 deletions(-) delete mode 100755 src/etc/rc.firmware_auto diff --git a/src/etc/inc/config.inc b/src/etc/inc/config.inc index e96d19abe..9a8c88314 100644 --- a/src/etc/inc/config.inc +++ b/src/etc/inc/config.inc @@ -142,11 +142,6 @@ else if (file_exists("/var/run/booting") && !file_exists('/conf/config.xml')) { } } - /* write device name to a file for rc.firmware */ - $fd = fopen("{$g['varetc_path']}/cfdevice", "w"); - fwrite($fd, $cfgdevice . "\n"); - fclose($fd); - /* write out an fstab */ $fd = fopen('/etc/fstab', 'w'); diff --git a/src/etc/rc.firmware b/src/etc/rc.firmware index 7a7418435..8e9121667 100755 --- a/src/etc/rc.firmware +++ b/src/etc/rc.firmware @@ -77,305 +77,7 @@ remove_chflags() { done } -binary_update() { - TGZ=$1 - ERR_F="/tmp/bdiff.log" - rm ${ERR_F} 2>/dev/null - /bin/mkdir /tmp/patched /tmp/patches 2>>${ERR_F} - # Save the old shutdown binary. If we switch from i386 to amd64 (or back) the reboot binary won't run at the end since it doesn't match up. - /bin/cp -p /sbin/shutdown /sbin/shutdown.old - backup_chflags - remove_chflags - cd /tmp/patches - for i in `/usr/bin/tar tvzf $TGZ | egrep -v "(^d|_md5)" | nawk '{print $9;}'`; - do - FILE=`basename ${i}` - echo "Working on ${i}" - # Untar patch file and md5 files - /usr/bin/tar xzf ${TGZ} ${i} ${i}.old_file_md5 ${i}.new_patch_md5 ${i}.new_file_md5 2>>${ERR_F} - - # Apply patch - oldfile newfile patchfile - /usr/local/bin/bspatch /${i} /tmp/patched/${FILE} /tmp/patches/${i} 2>>${ERR_F} - - OLD_FILE_MD5=`cat /tmp/patches/${i}.old_file_md5 2>/dev/null` - NEW_PATCH_MD5=`cat /tmp/patches/${i}.new_patch_md5 2>/dev/null` - NEW_FILE_MD5=`cat /tmp/patches/${i}.new_file_md5 2>/dev/null` - PATCHED_MD5=`/sbin/md5 -q /tmp/patched/${FILE} 2>/dev/null` - - if [ "$PATCHED_MD5" = "$NEW_PATCH_MD5" ]; then - /usr/bin/install -S /tmp/patched/${FILE} /${i} - else - #echo "${i} file does not match intended final md5." - echo "${i} file does not match intended final md5." >> ${ERR_F} - fi - - /bin/rm /tmp/patched/${FILE} >> ${ERR_F} - /bin/rm /tmp/patches/${i} >> ${ERR_F} - /bin/rm /tmp/patches/${i}.* >> ${ERR_F} - done - /bin/rm -rf /tmp/patched /tmp/patches >> ${ERR_F} - restore_chflags -} - case $ACTION in -enable) - touch /conf/upgrade_log.txt - echo "" >> /conf/upgrade_log.txt - echo "Enable" >> /conf/upgrade_log.txt - echo "" >> /conf/upgrade_log.txt - /usr/local/etc/rc.conf_mount_ro - ;; -auto) - touch /var/run/firmwarelock.dirty - backup_chflags - remove_chflags - /usr/local/etc/rc.firmware_auto - restore_chflags - /usr/local/etc/rc.conf_mount_ro - ;; -pfSenseNanoBSDupgrade) - - # Sanity check - bail early if there's no firmware file! - if [ ! -r $IMG ]; then - echo "2nd parameter has not been passed or file does not exist. Exiting." >> /conf/upgrade_log.txt 2>&1 - /usr/local/etc/rc.conf_mount_ro - exit 1 - fi - - # Prevent full upgrade file from being used to upgrade - if [ `echo $IMG | grep "full"` ]; then - echo "You cannot use a full file for upgrade. Please use a file labeled nanobsd upgrade." - file_notice "NanoBSDUpgradeFailure" "You have attemped to use a full NanoBSD installation file as an upgrade. Please use a NanoBSD file labeled 'upgrade' instead." - rm -f $IMG - /usr/local/etc/rc.conf_mount_ro - exit 1 - fi - - touch /var/run/firmwarelock.dirty - - echo "NanoBSD Firmware upgrade in progress..." >> /conf/upgrade_log.txt 2>&1 - echo "NanoBSD Firmware upgrade in progress..." | wall - /usr/local/etc/rc.notify_message -e -g -m "NanoBSD Firmware upgrade in progress..." - - # backup config - /bin/mkdir -p /tmp/configbak - cp -Rp /conf/* /tmp/configbak 2>/dev/null - - # Remove logs from backup dir to avoid clobbering upon restore. - rm /tmp/configbak/*_log.txt 2>/dev/null - - echo "" >> /conf/upgrade_log.txt - - echo "Installing ${IMG}." >> /conf/upgrade_log.txt 2>&1 - echo "Installing ${IMG}." | wall - - # resolve glabel label that we booted from - BOOT_DEVICE=`/sbin/mount | /usr/bin/grep pfsense | /usr/bin/cut -d'/' -f4 | /usr/bin/cut -d' ' -f1` - # resolve glabel to the real boot dev entry - REAL_BOOT_DEVICE=`/sbin/glabel list | /usr/bin/grep -B2 ufs/${BOOT_DEVICE} | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' '` - # grab the boot device, example ad1, ad0 - BOOT_DRIVE=`/sbin/glabel list | /usr/bin/grep -B2 ufs/pfsense | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' ' | /usr/bin/cut -d's' -f1` - # test the slice. if we are on slice 1 we need to flash 2 and vica versa - if [ `echo $REAL_BOOT_DEVICE | /usr/bin/grep "s1"` ]; then - SLICE="2" - OLDSLICE="1" - TOFLASH="${BOOT_DRIVE}s${SLICE}" - COMPLETE_PATH="${BOOT_DRIVE}s${SLICE}a" - GLABEL_SLICE="pfsense1" - UFS_ID="1" - OLD_UFS_ID="0" - else - SLICE="1" - OLDSLICE="2" - TOFLASH="${BOOT_DRIVE}s${SLICE}" - COMPLETE_PATH="${BOOT_DRIVE}s${SLICE}a" - GLABEL_SLICE="pfsense0" - UFS_ID="0" - OLD_UFS_ID="1" - fi - - # Output specifc information that this script is using - echo "SLICE ${SLICE}" >> /conf/upgrade_log.txt - echo "OLDSLICE ${OLDSLICE}" >> /conf/upgrade_log.txt - echo "TOFLASH ${TOFLASH}" >> /conf/upgrade_log.txt - echo "COMPLETE_PATH ${COMPLETE_PATH}" >> /conf/upgrade_log.txt - echo "GLABEL_SLICE ${GLABEL_SLICE}" >> /conf/upgrade_log.txt - - # First ensure the new file can fit inside the - # slice that we are going to be operating on. - NEW_IMG_SIZE=`echo $((\`gzip -l ${IMG} | grep -v compressed | awk '{ print $2}'\` / 1024 / 1024))` - SIZE=`/sbin/fdisk ${COMPLETE_PATH} | /usr/bin/grep Meg | /usr/bin/awk '{ print $5 }' | /usr/bin/cut -d"(" -f2` - # USB slices are under-reported even more than CF slices when viewed - # directly, instead of when looking at the entire disk. Compensate - # by adding exactly 6MB. 4MB was consistently 2MB too few, and - # was resulting in failing upgrades on USB Flash based installs. - SIZE=`expr $SIZE + 6` - if [ "$SIZE" -lt "$NEW_IMG_SIZE" ]; then - file_notice "UpgradeFailure" "Upgrade failed due to the upgrade image being larger than the partition that is configured on disk. Halting. Size on disk: $SIZE < Size of new image: $NEW_IMG_SIZE" - echo "Upgrade failed. Please check the system log file for more information" | wall - rm -f $IMG - rm -f /var/run/firmwarelock.dirty - rm -f /var/run/firmware.lock - rm -f ${IMG} - /usr/local/etc/rc.conf_mount_ro - exit 1 - fi - - # Output environment information to log file - output_env_to_log - - # Grab a before upgrade look at fdisk - echo "" >> /conf/fdisk_upgrade_log.txt - echo "Before upgrade fdisk/bsdlabel" >> /conf/fdisk_upgrade_log.txt - fdisk $BOOT_DRIVE >> /conf/fdisk_upgrade_log.txt - bsdlabel -A ${BOOT_DRIVE}s1 >> /conf/fdisk_upgrade_log.txt - bsdlabel -A ${BOOT_DRIVE}s2 >> /conf/fdisk_upgrade_log.txt - bsdlabel -A ${BOOT_DRIVE}s3 >> /conf/fdisk_upgrade_log.txt - echo "---------------------------------------------------------------" >> /conf/fdisk_upgrade_log.txt - echo "" >> /conf/fdisk_upgrade_log.txt - - # Log that we are really doing a NanoBSD upgrade - echo "" >> /conf/upgrade_log.txt - echo "NanoBSD upgrade starting" >> /conf/upgrade_log.txt - echo "" >> /conf/upgrade_log.txt - - # Remove TOFLASH and get ready for new flash image - echo "" >> /conf/upgrade_log.txt - echo "dd if=/dev/zero of=/dev/${TOFLASH} bs=1m count=1" >> /conf/upgrade_log.txt - dd if=/dev/zero of=/dev/${TOFLASH} bs=1m count=1 >> /conf/upgrade_log.txt 2>&1 - - # Stream gzipped image to dd and explode image to new area - echo "" >> /conf/upgrade_log.txt - echo "/usr/bin/gzip -dc $IMG | /bin/dd of=/dev/${TOFLASH} obs=64k" >> /conf/upgrade_log.txt - /usr/bin/gzip -dc $IMG | /bin/dd of=/dev/${TOFLASH} obs=64k >> /conf/upgrade_log.txt 2>&1 - - # Grab a after upgrade look at fdisk - echo "" >> /conf/fdisk_upgrade_log.txt - echo "After upgrade fdisk/bsdlabel" >> /conf/upgrade_log.txt - fdisk $BOOT_DRIVE >> /conf/fdisk_upgrade_log.txt - bsdlabel -A ${BOOT_DRIVE}s1 >> /conf/fdisk_upgrade_log.txt - bsdlabel -A ${BOOT_DRIVE}s2 >> /conf/fdisk_upgrade_log.txt - bsdlabel -A ${BOOT_DRIVE}s3 >> /conf/fdisk_upgrade_log.txt - echo "---------------------------------------------------------------" >> /conf/fdisk_upgrade_log.txt - echo "" >> /conf/fdisk_upgrade_log.txt - - # Ensure that our new system is sound and bail if it is not and file a notice - echo "" >> /conf/upgrade_log.txt - echo "/sbin/fsck_ufs -y /dev/${COMPLETE_PATH}" >> /conf/upgrade_log.txt - /sbin/fsck_ufs -y /dev/${COMPLETE_PATH} >> /conf/upgrade_log.txt 2>&1 - if [ $? != 0 ]; then - file_notice "UpgradeFailure" "{\$g['product_name']} upgrade has failed. Your system has been left in a usable state." - rm -f $IMG - rm -f /var/run/firmwarelock.dirty - rm -f /var/run/firmware.lock - /usr/local/etc/rc.conf_mount_ro - exit 1 - fi - - # Enable foot shooting - sysctl kern.geom.debugflags=16 - - # Add back the corresponding glabel - echo "" >> /conf/upgrade_log.txt - echo "/sbin/tunefs -L ${GLABEL_SLICE} /dev/${COMPLETE_PATH}" >> /conf/upgrade_log.txt - /sbin/tunefs -L ${GLABEL_SLICE} /dev/${COMPLETE_PATH} >> /conf/upgrade_log.txt 2>&1 - - # restore config - cp -Rp /tmp/configbak/* /conf 2>/dev/null - - # Remove upgrade file - rm -f $IMG - - # Mount newly prepared slice - mkdir /tmp/$GLABEL_SLICE - mount /dev/ufs/$GLABEL_SLICE /tmp/$GLABEL_SLICE - - # If /boot/loader.conf.local exists - # copy to the other slice. - if [ -f /boot/loader.conf.local ]; then - cp /boot/loader.conf.local /tmp/$GLABEL_SLICE/boot/loader.conf.local - fi - - # If /tmp/$GLABEL_SLICE/tmp/post_upgrade_command exists - # after update then execute the command. - echo "Checking for post_upgrade_command..." >> /conf/upgrade_log.txt - if [ -f /tmp/$GLABEL_SLICE/tmp/post_upgrade_command ]; then - echo "Found post_upgrade_command, executing ($GLABEL_SLICE)..." >> /conf/upgrade_log.txt - sh /tmp/$GLABEL_SLICE/tmp/post_upgrade_command $GLABEL_SLICE >> /conf/upgrade_log.txt 2>&1 - fi - - # Update fstab - cp /etc/fstab /tmp/$GLABEL_SLICE/etc/fstab - sed -i "" "s/pfsense${OLD_UFS_ID}/pfsense${UFS_ID}/g" /tmp/$GLABEL_SLICE/etc/fstab - if [ $? != 0 ]; then - echo "Something went wrong when trying to update the fstab entry. Aborting upgrade." - file_notice "UpgradeFailure" "Something went wrong when trying to update the fstab entry. Aborting upgrade." - rm -f $IMG - rm -f /var/run/firmwarelock.dirty - rm -f /var/run/firmware.lock - umount /tmp/$GLABEL_SLICE - /usr/local/etc/rc.conf_mount_ro - exit 1 - fi - echo "" >> /conf/upgrade_log.txt - cat /tmp/$GLABEL_SLICE/etc/fstab >> /conf/upgrade_log.txt - - echo "" >> /conf/upgrade_log.txt - find /tmp/$GLABEL_SLICE >/conf/file_upgrade_log.txt - echo "" >> /conf/upgrade_log.txt - - # Unmount newly prepared slice - umount /tmp/$GLABEL_SLICE - - sync - - # Set active mount slice in fdisk - echo "" >> /conf/upgrade_log.txt - echo "gpart set -a active -i ${SLICE} ${BOOT_DRIVE}" >> /conf/upgrade_log.txt - gpart set -a active -i ${SLICE} ${BOOT_DRIVE} >> /conf/upgrade_log.txt 2>&1 - - sync - - # Set active boot source - NanoBSD does not do this but otherwise we - # end up with the wrong partition being active. - echo "" >> /conf/upgrade_log.txt - echo "/usr/sbin/boot0cfg -s ${SLICE} -v /dev/${BOOT_DRIVE}" >> /conf/upgrade_log.txt - /usr/sbin/boot0cfg -s ${SLICE} -v /dev/${BOOT_DRIVE} >> /conf/upgrade_log.txt 2>&1 - - # Disable foot shooting - sysctl kern.geom.debugflags=0 - - # Grab a final look at fdisk - echo "" >> /conf/fdisk_upgrade_log.txt - echo "Final upgrade fdisk/bsdlabel" >> /conf/fdisk_upgrade_log.txt - fdisk $BOOT_DRIVE >> /conf/fdisk_upgrade_log.txt - bsdlabel -A ${BOOT_DRIVE}s1 >> /conf/fdisk_upgrade_log.txt - bsdlabel -A ${BOOT_DRIVE}s2 >> /conf/fdisk_upgrade_log.txt - bsdlabel -A ${BOOT_DRIVE}s3 >> /conf/fdisk_upgrade_log.txt - echo "---------------------------------------------------------------" >> /conf/fdisk_upgrade_log.txt - echo "" >> /conf/fdisk_upgrade_log.txt - - date >> /conf/upgrade_log.txt - echo "" >> /conf/upgrade_log.txt - - # Trigger a package reinstallation on reobot - touch /conf/needs_package_sync - - # remount /cf ro - /usr/local/etc/rc.conf_mount_ro - /bin/sync - - echo "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds." >> /conf/upgrade_log.txt 2>&1 - echo "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds." | wall - /usr/local/etc/rc.notify_message -e -g -m "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds." - - sleep 10 - - rm -f /var/run/firmwarelock.dirty - rm -f /var/run/firmware.lock - . /usr/local/etc/rc.reboot - - ;; pfSenseupgrade) # Sanity check - bail early if there's no firmware file! @@ -503,22 +205,5 @@ pfSenseupgrade) . /usr/local/etc/rc.reboot fi - ;; -delta_update) - touch /var/run/firmwarelock.dirty - backup_chflags - remove_chflags - binary_update $IMG - restore_chflags - find / -name CVS -type d -exec rm {} \; - /usr/local/etc/rc.conf_mount_ro - /sbin/umount -f /cf 2>/dev/null - /sbin/mount -r /cf 2>/dev/null - /sbin/umount -f / 2>/dev/null - /sbin/mount -r / 2>/dev/null - if [ -e /etc/init_bootloader.sh ]; then - sh /etc/init_bootloader.sh - fi - ;; esac diff --git a/src/etc/rc.firmware_auto b/src/etc/rc.firmware_auto deleted file mode 100755 index 702d4a7bc..000000000 --- a/src/etc/rc.firmware_auto +++ /dev/null @@ -1,86 +0,0 @@ -#!/bin/sh - -FMBASEURL=$1 -FMFILENAME=$2 -FETCHFILENAME=$1/$2 - -product=`cat /usr/local/etc/inc/globals.inc | grep product_name | cut -d'"' -f4` - -# wait 5 seconds before beginning -sleep 5 - -logger -p daemon.info -i -t AutoUpgrade "Auto Upgrade started" - -HTTP_AUTH="" - -# if username and password is passed, let fetch utilize. -if [ $# -gt 3 ]; then -HTTP_AUTH="basic:*:$3:$4" -fi - -#echo "Downloading $FMFILENAME from $FMBASEURL ..." | logger -p daemon.info -i -t AutoUpgrade -#/usr/bin/fetch -o /tmp/latest.tgz $FETCHFILENAME | logger -p daemon.info -i -t AutoUpgrade -#echo "Downloading $FMFILENAME.md5 from $FMBASEURL ..." | logger -p daemon.info -i -t AutoUpgrade -#/usr/bin/fetch -o /tmp/latest.tgz.md5 $FETCHFILENAME.md5 | logger -p daemon.info -i -t AutoUpgrade - -PMD=`/bin/cat /tmp/latest.tgz.md5 | cut -d" " -f4 ` -MD=`/sbin/md5 /tmp/latest.tgz | cut -d" " -f4` - -PLATFORM=`cat /usr/local/etc/platform` - -echo " Package MD5: ${PMD}" | logger -p daemon.info -i -t AutoUpgrade -echo "Downloaded MD5: ${MD}" | logger -p daemon.info -i -t AutoUpgrade - -if [ "$PMD" = "" ]; then - echo "Package MD5 is null md5. Require proxy auth?" | logger -p daemon.info -i -t AutoUpgrade - exit 1 -fi - -if [ "$MD" = "" ]; then - echo "Downloaded MD5 is null md5. Require proxy auth?" | logger -p daemon.info -i -t AutoUpgrade - exit 1 -fi - -if [ "$PMD" = "$MD" ]; then - echo "MD5's match." | logger -p daemon.info -i -t AutoUpgrade - echo "Beginning ${product} upgrade." | wall - if [ "$PLATFORM" = "net45xx" ]; then - /usr/local/etc/rc.conf_mount_rw - fi - if [ "$PLATFORM" = "wrap" ]; then - /usr/local/etc/rc.conf_mount_rw - fi - if [ "$PLATFORM" = "nanobsd" ]; then - /usr/local/etc/rc.conf_mount_rw - fi - if [ -r "/tmp/custom.tgz" ]; then - sh /usr/local/etc/rc.firmware pfSenseupgrade /tmp/latest.tgz /tmp/custom.tgz - else - if [ "$PLATFORM" = "nanobsd" ]; then - sh /usr/local/etc/rc.firmware pfSenseNanoBSDupgrade /tmp/latest.tgz - else - sh /usr/local/etc/rc.firmware pfSenseupgrade /tmp/latest.tgz - fi - fi - if [ "$PLATFORM" = "wrap" ]; then - /bin/sync - sleep 5 - /usr/local/etc/rc.conf_mount_ro - if [ -e /etc/init_bootloader.sh ]; then - sh /etc/init_bootloader.sh - fi - fi - if [ "$PLATFORM" = "net45xx" ]; then - /bin/sync - sleep 5 - /usr/local/etc/rc.conf_mount_ro - if [ -e /etc/init_bootloader.sh ]; then - sh /etc/init_bootloader.sh - fi - fi - exit 0 -fi - -echo "MD5's do not match. Upgrade aborted." | logger -p daemon.info -i -t AutoUpgrade -rm /tmp/latest* -exit 1 diff --git a/src/www/system_firmware.php b/src/www/system_firmware.php index 3a3d9a0f0..3e2d993d4 100644 --- a/src/www/system_firmware.php +++ b/src/www/system_firmware.php @@ -134,7 +134,6 @@ if ($_POST && !is_subsystem_dirty('firmwarelock')) { else if (!file_exists($_FILES['ulfile']['tmp_name'])) { /* probably out of memory for the MFS */ $input_errors[] = gettext("Image upload failed (out of memory?)"); - mwexec("/usr/local/etc/rc.firmware disable"); clear_subsystem_dirty('firmware'); } else { /* move the image so PHP won't delete it */ @@ -155,20 +154,10 @@ if ($_POST && !is_subsystem_dirty('firmwarelock')) { /* fire up the update script in the background */ mark_subsystem_dirty('firmwarelock'); $savemsg = gettext("The firmware is now being updated. The firewall will reboot automatically."); - if (stristr($_FILES['ulfile']['name'],"nanobsd") or $_POST['isnano'] == "yes") - mwexec_bg("/usr/local/etc/rc.firmware pfSenseNanoBSDupgrade {$g['upload_path']}/firmware.tgz"); - else if(stristr($_FILES['ulfile']['name'],"bdiff")) - mwexec_bg("/usr/local/etc/rc.firmware delta_update {$g['upload_path']}/firmware.tgz"); - else { - if($g['platform'] == "nanobsd") - $whichone = "pfSenseNanoBSDupgrade"; - else - $whichone = "pfSenseupgrade"; - mwexec_bg("/usr/local/etc/rc.firmware {$whichone} {$g['upload_path']}/firmware.tgz"); - unset($whichone); - } - } else + mwexec_bg("/usr/local/etc/rc.firmware pfSenseupgrade {$g['upload_path']}/firmware.tgz"); + } else { $savemsg = sprintf(gettext("Firmware image missing or other error, please try again %s."),$errortext); + } } } } diff --git a/src/www/system_firmware_auto.php b/src/www/system_firmware_auto.php index 588ea519b..34d4d2fe3 100755 --- a/src/www/system_firmware_auto.php +++ b/src/www/system_firmware_auto.php @@ -172,15 +172,7 @@ if(!$latest_version) { } /* launch external upgrade helper */ -$external_upgrade_helper_text = "/usr/local/etc/rc.firmware "; - -if($g['platform'] == "nanobsd") - $external_upgrade_helper_text .= "pfSenseNanoBSDupgrade "; -else - $external_upgrade_helper_text .= "pfSenseupgrade "; - -$external_upgrade_helper_text .= "{$g['upload_path']}/latest.tgz"; - +$external_upgrade_helper_text = "/usr/local/etc/rc.firmware pfSenseupgrade {$g['upload_path']}/latest.tgz"; $downloaded_latest_tgz_sha256 = str_replace("\n", "", `/sbin/sha256 -q {$g['upload_path']}/latest.tgz`); $upgrade_latest_tgz_sha256 = str_replace("\n", "", `/bin/cat {$g['upload_path']}/latest.tgz.sha256 | awk '{ print $4 }'`);