firmware: implement "always reboot" for #6940

The way this works is a little funky... 1. For console calling update script it will ALWAYS reboot, but at least it says so. We simply do not know how much will be updated / is available but that is by design leaving this as a capable fallback option that will work even if the GUI has issues. That's also true for no updates being installed... it reboots by virtue of calling the update script into active duty. 2. The GUI and API will have the reboot flag set and know this beforehand, but will prevent calling the script when it isn't going to do anything. This makes the reboot behaviour better, but ideally we also need to know if we need to abort the reboot based on package install progress which we currently do not check. That being said the feature is fine to use when updating the box via GUI/API/OPNcentral on a regular basis without messing with the box too much in between. It's not tailored for micro- mangement so it should only be used where the behavior fits the requirement of a consistent system state after firmware updates (and not hammering the update server every hour for hotfixes which will make it reboot also). I guess we need to make further changes, but this is a good step nonetheless.
2026-03-19 19:15:22 +00:00 · 2023-11-01 13:04:47 +01:00 · 2023-11-01 13:04:47 +01:00 · 5c7a8fc4fd
commit 5c7a8fc4fd
parent c1a4584638
4 changed files with 22 additions and 3 deletions
--- a/src/opnsense/scripts/firmware/check.sh
+++ b/src/opnsense/scripts/firmware/check.sh
@ -66,6 +66,11 @@ repository="error"
 sets_upgraded=
 upgrade_needs_reboot="0"

+product_reboot=$(/usr/local/sbin/pluginctl -g system.firmware.reboot)
+if [ -n "${product_reboot}" ]; then
+	needs_reboot="1"
+fi
+
 product_suffix="-$(/usr/local/sbin/pluginctl -g system.firmware.type)"
 if [ "${product_suffix}" = "-" ]; then
    product_suffix=
--- a/src/opnsense/scripts/firmware/reboot.sh
+++ b/src/opnsense/scripts/firmware/reboot.sh
@ -1,6 +1,6 @@
 #!/bin/sh

-# Copyright (C) 2018-2022 Franco Fichtner <franco@opnsense.org>
+# Copyright (C) 2018-2023 Franco Fichtner <franco@opnsense.org>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@ -59,5 +59,10 @@ if [ -n "${LQUERY}" -a -n "${RQUERY}" ]; then
 	fi
 fi

+ALWAYS_REBOOT=$(/usr/local/sbin/pluginctl -g system.firmware.reboot)
+if [ -n "${ALWAYS_REBOOT}" ]; then
+	WANT_REBOOT=0
+fi
+
 # success is reboot:
 exit ${WANT_REBOOT}
--- a/src/opnsense/scripts/firmware/update.sh
+++ b/src/opnsense/scripts/firmware/update.sh
@ -1,6 +1,6 @@
 #!/bin/sh

-# Copyright (C) 2015-2021 Franco Fichtner <franco@opnsense.org>
+# Copyright (C) 2015-2023 Franco Fichtner <franco@opnsense.org>
 # Copyright (C) 2014 Deciso B.V.
 # All rights reserved.
 #
@ -50,6 +50,9 @@ if [ "${SUFFIX}" = "-" ]; then
 	SUFFIX=
 fi

+# read reboot flag
+ALWAYS_REBOOT=$(/usr/local/sbin/pluginctl -g system.firmware.reboot)
+
 # upgrade all packages if possible
 (opnsense-update ${DO_FORCE} -pt "opnsense${SUFFIX}" 2>&1) | ${TEE} ${LOCKFILE}

@ -72,4 +75,10 @@ if opnsense-update ${DO_FORCE} -bk -c > ${PIPEFILE} 2>&1; then
 	fi
 fi

+if [ -n "${ALWAYS_REBOOT}" ]; then
+	echo '***REBOOT***' >> ${LOCKFILE}
+	sleep 5
+	/usr/local/etc/rc.reboot
+fi
+
 echo '***DONE***' >> ${LOCKFILE}
--- a/src/opnsense/scripts/firmware/upgrade.sh
+++ b/src/opnsense/scripts/firmware/upgrade.sh
@ -48,7 +48,7 @@ if opnsense-update -u > ${PIPEFILE} 2>&1; then
 		fi
 	fi

-	# aboort pending upgrades
+	# abort pending upgrades
 	opnsense-update -e >> ${LOCKFILE} 2>&1
 fi