firmware: protect details.sh, reboot.sh and query.sh

plist

@@ -1056,6 +1056,7 @@
 /usr/local/opnsense/scripts/firmware/check.sh
 /usr/local/opnsense/scripts/firmware/config.sh
 /usr/local/opnsense/scripts/firmware/connection.sh
+/usr/local/opnsense/scripts/firmware/details.sh
 /usr/local/opnsense/scripts/firmware/health.sh
 /usr/local/opnsense/scripts/firmware/hostnames.sh
 /usr/local/opnsense/scripts/firmware/install.sh

src/opnsense/scripts/firmware/config.sh

@@ -31,6 +31,7 @@ BASEDIR="/usr/local/opnsense/scripts/firmware"
 PIPEFILE="/tmp/pkg_upgrade.pipe"
 FLOCK="/usr/local/bin/flock"
 SELF=$(basename ${1%.sh})
+PKG="/usr/local/sbin/pkg"
 TEE="/usr/bin/tee -a"
 PRODUCT="OPNsense"
 
@@ -39,9 +40,12 @@ COMMANDS="
 changelog
 check
 connection
+details
 health
 install
 lock
+query
+reboot
 reinstall
 remove
 resync

src/opnsense/scripts/firmware/details.sh

@@ -0,0 +1,29 @@
+#!/bin/sh
+
+# Copyright (C) 2024 Franco Fichtner <franco@opnsense.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice,
+#    this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/opnsense/scripts/firmware/config.sh
+
+${PKG} rquery -U "%c\n\n%e\n\nMaintainer: %m" "${1}"

src/opnsense/scripts/firmware/launcher.sh

@@ -29,8 +29,9 @@
 DO_RANDOM=
 DO_SCRIPT=
 DO_UNLOCKED=
+DO_VERBOSE=
 
-while getopts r:s:u OPT; do
+while getopts r:s:uV OPT; do
 	case ${OPT} in
 	r)
 		DO_RANDOM="-r $(jot -r 1 1 ${OPTARG})"
@@ -41,6 +42,9 @@ while getopts r:s:u OPT; do
 	u)
 		DO_UNLOCKED="-u"
 		;;
+	V)
+		DO_VERBOSE="-V"
+		;;
 	*)
 		# ignore unknown
 		;;
@@ -49,6 +53,10 @@ done
 
 shift $((OPTIND - 1))
 
+if [ -n "${DO_VERBOSE}" ]; then
+	set -x
+fi
+
 if [ -n "${DO_SCRIPT}" ]; then
 	COMMAND=${DO_SCRIPT#"-s "}
 else

src/opnsense/scripts/firmware/query.sh

@@ -24,6 +24,8 @@
 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 # POSSIBILITY OF SUCH DAMAGE.
 
+. /usr/local/opnsense/scripts/firmware/config.sh
+
 LIC="BSD2CLAUSE"
 OS="FreeBSD"
 REPO="OPNsense"
@@ -50,14 +52,14 @@ ${BN}${SEP}${BV}${SEP}${OS} userland set${SEP}${BS}${SEP}${BL}${SEP}0${SEP}${LIC
 ${KN}${SEP}${KV}${SEP}${OS} kernel set${SEP}${KS}${SEP}${KL}${SEP}0${SEP}${LIC}${SEP}${REPO}${SEP}opnsense/kernel
 EOF
 
-	pkg query "%n|||%v|||%c|||%sh|||%k|||%a|||%L|||%R|||%o"
+	${PKG} query "%n|||%v|||%c|||%sh|||%k|||%a|||%L|||%R|||%o"
 	;;
 remote)
-	pkg update -q && pkg rquery -U "%n|||%v|||%c|||%sh|||0|||0|||%L|||%R|||%o"
+	${PKG} update -q && ${PKG} rquery -U "%n|||%v|||%c|||%sh|||0|||0|||%L|||%R|||%o"
 	;;
 tiers)
 	# fetching annotations is not as easy to query so always ask for annotations from remote end
-	pkg update -q && pkg rquery '%n|||%At|||%Av' | grep '|||product_tier|||'
+	${PKG} update -q && ${PKG} rquery '%n|||%At|||%Av' | grep '|||product_tier|||'
 	;;
 *)
 	;;

src/opnsense/scripts/firmware/reboot.sh

@@ -24,7 +24,7 @@
 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 # POSSIBILITY OF SUCH DAMAGE.
 
-PKG="/usr/local/sbin/pkg-static"
+. /usr/local/opnsense/scripts/firmware/config.sh
 
 WANT_REBOOT=1
 

src/opnsense/scripts/shell/firmware.sh

@@ -74,7 +74,7 @@ if [ -n "${RELEASE}" ]; then
 	echo
 
 	PROMPT="${RELEASE}/${PROMPT}"
-elif CHANGELOG=$(/usr/local/opnsense/scripts/firmware/reboot.sh); then
+elif CHANGELOG=$(${LAUNCHER} -u reboot); then
 	echo "This update requires a reboot."
 	echo
 fi

src/opnsense/service/conf/actions.d/actions_firmware.conf

@@ -175,25 +175,25 @@ type:script_output
 message:Retrieve upgrade progress status
 
 [details]
-command:pkg rquery -U "%c\n\n%e\n\nMaintainer: %m"
+command:/usr/local/opnsense/scripts/firmware/launcher.sh -u details
 parameters:%s
 type:script_output
 message:Querying %s package details
 
 [local]
-command:/usr/local/opnsense/scripts/firmware/query.sh local
+command:/usr/local/opnsense/scripts/firmware/launcher.sh -u query local
 parameters:
 type:script_output
 message:view local packages
 
 [remote]
-command:/usr/local/opnsense/scripts/firmware/query.sh remote
+command:/usr/local/opnsense/scripts/firmware/launcher.sh -u query remote
 parameters:
 type:script_output
 message:view remote packages
 
 [tiers]
-command:/usr/local/opnsense/scripts/firmware/query.sh tiers
+command:/usr/local/opnsense/scripts/firmware/launcher.sh -u query tiers
 parameters:
 type:script_output
 message:view plugin tiers