From 478d738e8cabb510e07fbcd2e2104e89675ed4ca Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Mon, 2 Mar 2015 12:02:51 +0100 Subject: [PATCH] rc: fix console menu firmware upgrade (#32) Just rewrite that stuff completely... Pretty simple now, right? :) --- src/etc/rc.initial.firmware_update | 226 ++++++----------------------- 1 file changed, 47 insertions(+), 179 deletions(-) diff --git a/src/etc/rc.initial.firmware_update b/src/etc/rc.initial.firmware_update index 06ee42737..8817f1075 100755 --- a/src/etc/rc.initial.firmware_update +++ b/src/etc/rc.initial.firmware_update @@ -1,188 +1,56 @@ -#!/usr/local/bin/php -f - +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. -echo "Starting the {$g['product_name']} console firmware update system"; +set -e -require("functions.inc"); -echo "."; +echo "This will automatically fetch all available updates, apply them," +echo -n "and reboot if necessary. Proceed with this action? [y/N]: " -if(isset($config['system']['firmware']['alturl']['enable'])) - $updater_url = "{$config['system']['firmware']['alturl']['firmwareurl']}"; -else - $updater_url = $g['update_url']; +read YN +case ${YN} in +[yY]) + ;; +*) + exit 0 + ;; +esac -$nanosize = ""; -if ($g['platform'] == "nanobsd") { - if (file_exists("/etc/nano_use_vga.txt")) - $nanosize = "-nanobsd-vga-"; - else - $nanosize = "-nanobsd-"; +trap : 2 +trap : 3 - $nanosize .= strtolower(trim(file_get_contents("/etc/nanosize.txt"))); - $update_filename = "latest{$nanosize}.img.gz"; -} else { - $update_filename = "latest.tgz"; -} -$autoupdateurl = "{$updater_url}/{$update_filename}"; +# upgrade all packages if possible +pkg upgrade -y -$fp = fopen('php://stdin', 'r'); +# refresh the php.ini files now rather than later +/usr/local/etc/rc.php_ini_setup -echo ".\n\n"; +# if we can update base, we'll do that as well +if opnsense-update -c; then + opnsense-update && reboot +fi -$shell_active = true; - -echo "1) Update from a URL\n"; -echo "2) Update from a local file\n"; -echo "Q) Quit\n"; - -echo "\nPlease select an option to continue: "; - -$pkg_interface = 'console'; -$command = strtoupper(chop(fgets($fp))); - -switch ($command) { - case "q": - case "quit": - echo "\n"; - fclose($fp); - die; - break; - case "1": - echo "\nEnter the URL to the .tgz or .img.gz update file. \nType 'auto' to use {$autoupdateurl}\n> "; - $url = chop(fgets($fp)); - if(!$url) { - fclose($fp); - die; - } - if($url == "auto") { - $url = $autoupdateurl; - } - $status = does_url_exist($url); - if($status) { - conf_mount_rw(); - mark_subsystem_dirty('firmware'); - unlink_if_exists("/root/firmware.tgz"); - echo "\nFetching file... "; - download_file_with_progress_bar($url, '/root/firmware.tgz'); - if(!file_exists("/root/firmware.tgz")) { - echo "Something went wrong during file transfer. Exiting.\n\n"; - fclose($fp); - clear_subsystem_dirty('firmware'); - die; - } - $status = does_url_exist("$url.sha256"); - if($status) { - echo "\nFetching sha256... "; - download_file_with_progress_bar($url . ".sha256", '/root/firmware.tgz.sha256'); - echo "\n"; - } else { - echo "\n\nWARNING.\n"; - echo "\nCould not locate a sha256 file. We cannot verify the download once completed.\n\n"; - sleep(15); - } - if(file_exists("/root/firmware.tgz.sha256")) { - $source_sha256 = trim(`cat /root/firmware.tgz.sha256 | awk '{ print \$4 }'`,"\r"); - $file_sha256 = trim(`sha256 /root/firmware.tgz | awk '{ print \$4 }'`,"\r"); - echo "URL sha256: $source_sha256\n"; - echo "Downloaded file sha256: $file_sha256\n"; - if($source_sha256 <> $file_sha256) { - echo "\n\nsha256 checksum does not match. Cancelling upgrade.\n\n"; - unlink_if_exists("/root/firmware.tgz.sha256"); - fclose($fp); - clear_subsystem_dirty('firmware'); - die -1; - } - echo "\nsha256 checksum matches.\n"; - unlink_if_exists("/root/firmware.tgz.sha256"); - } - if(strstr($url,"bdiff")) { - echo "Binary DIFF upgrade file detected...\n"; - $type = "bdiff"; - } elseif(strstr($url,"nanobsd")) { - echo "NanoBSD upgrade file detected...\n"; - $type = "nanobsd"; - } else { - $type = "normal"; - } - do_upgrade("/root/firmware.tgz", $type); - clear_subsystem_dirty('firmware'); - exit; - } - case "2": - echo "\nEnter the complete path to the .tgz or .img.gz update file: "; - $path = chop(fgets($fp)); - if(!$path) { - fclose($fp); - die; - } - if(stristr($path,"bdiff")) - $type = "bdiff"; - if(stristr($path,"nanobsd")) - $type = "nanobsd"; - if(file_exists($path)) { - mark_subsystem_dirty('firmware'); - do_upgrade($path, $type); - clear_subsystem_dirty('firmware'); - } else { - echo "\nCould not find file.\n\n"; - fclose($fp); - die -1; - } -} - -function do_upgrade($path, $type) { - global $g, $fp; - - $sigchk = verify_digital_signature($path); - if ($sigchk == 1) - $sig_warning = "The digital signature on this image is invalid."; - else if ($sigchk == 2) - $sig_warning = "This image is not digitally signed."; - else if (($sigchk == 3) || ($sigchk == 4)) - $sig_warning = "There has been an error verifying the signature on this image."; - if($sig_warning) { - $sig_warning = "\nWARNING! ACHTUNG! DANGER!\n\n{$sig_warning}\n\n" . - "This means that the image you uploaded is not an official/supported image and\n" . - "may lead to unexpected behavior or security compromises.\n\n" . - "Only install images that come from sources that you trust, and make sure\n". - "that the image has not been tampered with.\n\n". - "Do you want to install this image anyway at your own risk [n]?"; - echo $sig_warning; - $command = strtoupper(chop(fgets($fp))); - if(strtoupper($command) == "Y" or strtoupper($command) == "Y" or strtoupper($command) == "YES") { - echo "\nContinuing upgrade..."; - } else { - echo "\nUpgrade cancelled.\n\n"; - die; - } - } - mark_subsystem_dirty('firmwarelock'); - echo "\nOne moment please...\nInvoking firmware upgrade..."; - if($type == "bdiff") - mwexec_bg("/usr/local/etc/rc.firmware delta_update $path"); - elseif($type == "nanobsd") - mwexec_bg("/usr/local/etc/rc.firmware pfSenseNanoBSDupgrade $path"); - else - mwexec_bg("/usr/local/etc/rc.firmware pfSenseupgrade $path"); - sleep(10); - while(is_subsystem_dirty('firmwarelock')) { - sleep(1); - echo "."; - } - sleep(10); - echo "Done. Rebooting...\n\n"; - clear_subsystem_dirty('firmwarelock'); -} - -exec("rm -f /root/*.sha256"); -fclose($fp); - -?> +echo