From 5c7a8fc4fd41b45e976328814a6644fb280b46f7 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Wed, 1 Nov 2023 13:04:47 +0100 Subject: [PATCH] firmware: implement "always reboot" for #6940 The way this works is a little funky... 1. For console calling update script it will ALWAYS reboot, but at least it says so. We simply do not know how much will be updated / is available but that is by design leaving this as a capable fallback option that will work even if the GUI has issues. That's also true for no updates being installed... it reboots by virtue of calling the update script into active duty. 2. The GUI and API will have the reboot flag set and know this beforehand, but will prevent calling the script when it isn't going to do anything. This makes the reboot behaviour better, but ideally we also need to know if we need to abort the reboot based on package install progress which we currently do not check. That being said the feature is fine to use when updating the box via GUI/API/OPNcentral on a regular basis without messing with the box too much in between. It's not tailored for micro- mangement so it should only be used where the behavior fits the requirement of a consistent system state after firmware updates (and not hammering the update server every hour for hotfixes which will make it reboot also). I guess we need to make further changes, but this is a good step nonetheless. --- src/opnsense/scripts/firmware/check.sh | 5 +++++ src/opnsense/scripts/firmware/reboot.sh | 7 ++++++- src/opnsense/scripts/firmware/update.sh | 11 ++++++++++- src/opnsense/scripts/firmware/upgrade.sh | 2 +- 4 files changed, 22 insertions(+), 3 deletions(-) diff --git a/src/opnsense/scripts/firmware/check.sh b/src/opnsense/scripts/firmware/check.sh index 609a9adf7..8af552ae1 100755 --- a/src/opnsense/scripts/firmware/check.sh +++ b/src/opnsense/scripts/firmware/check.sh @@ -66,6 +66,11 @@ repository="error" sets_upgraded= upgrade_needs_reboot="0" +product_reboot=$(/usr/local/sbin/pluginctl -g system.firmware.reboot) +if [ -n "${product_reboot}" ]; then + needs_reboot="1" +fi + product_suffix="-$(/usr/local/sbin/pluginctl -g system.firmware.type)" if [ "${product_suffix}" = "-" ]; then product_suffix= diff --git a/src/opnsense/scripts/firmware/reboot.sh b/src/opnsense/scripts/firmware/reboot.sh index a4c24a02b..b279b7454 100755 --- a/src/opnsense/scripts/firmware/reboot.sh +++ b/src/opnsense/scripts/firmware/reboot.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2018-2022 Franco Fichtner +# Copyright (C) 2018-2023 Franco Fichtner # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -59,5 +59,10 @@ if [ -n "${LQUERY}" -a -n "${RQUERY}" ]; then fi fi +ALWAYS_REBOOT=$(/usr/local/sbin/pluginctl -g system.firmware.reboot) +if [ -n "${ALWAYS_REBOOT}" ]; then + WANT_REBOOT=0 +fi + # success is reboot: exit ${WANT_REBOOT} diff --git a/src/opnsense/scripts/firmware/update.sh b/src/opnsense/scripts/firmware/update.sh index 061528532..3c747ae29 100755 --- a/src/opnsense/scripts/firmware/update.sh +++ b/src/opnsense/scripts/firmware/update.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2015-2021 Franco Fichtner +# Copyright (C) 2015-2023 Franco Fichtner # Copyright (C) 2014 Deciso B.V. # All rights reserved. # @@ -50,6 +50,9 @@ if [ "${SUFFIX}" = "-" ]; then SUFFIX= fi +# read reboot flag +ALWAYS_REBOOT=$(/usr/local/sbin/pluginctl -g system.firmware.reboot) + # upgrade all packages if possible (opnsense-update ${DO_FORCE} -pt "opnsense${SUFFIX}" 2>&1) | ${TEE} ${LOCKFILE} @@ -72,4 +75,10 @@ if opnsense-update ${DO_FORCE} -bk -c > ${PIPEFILE} 2>&1; then fi fi +if [ -n "${ALWAYS_REBOOT}" ]; then + echo '***REBOOT***' >> ${LOCKFILE} + sleep 5 + /usr/local/etc/rc.reboot +fi + echo '***DONE***' >> ${LOCKFILE} diff --git a/src/opnsense/scripts/firmware/upgrade.sh b/src/opnsense/scripts/firmware/upgrade.sh index 2ccb12baf..34733710f 100755 --- a/src/opnsense/scripts/firmware/upgrade.sh +++ b/src/opnsense/scripts/firmware/upgrade.sh @@ -48,7 +48,7 @@ if opnsense-update -u > ${PIPEFILE} 2>&1; then fi fi - # aboort pending upgrades + # abort pending upgrades opnsense-update -e >> ${LOCKFILE} 2>&1 fi