From 786bc2cf051795c2cd042a3ade0c69cc2d6fc515 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Mon, 21 Oct 2024 12:08:50 +0200 Subject: [PATCH] firmware: improve the health check a bit Allow for an extra argument as sometimes we just want one component. There's no way to access this easily but it makes sense for testing. Squelch the CRL warnings in the rquery as we want to parse it correctly anyway intead of reading error messages. Add version annotation to core check. --- src/opnsense/scripts/firmware/health.sh | 68 +++++++++++++++---------- 1 file changed, 42 insertions(+), 26 deletions(-) diff --git a/src/opnsense/scripts/firmware/health.sh b/src/opnsense/scripts/firmware/health.sh index ca0977752..f04b26371 100755 --- a/src/opnsense/scripts/firmware/health.sh +++ b/src/opnsense/scripts/firmware/health.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2017-2023 Franco Fichtner +# Copyright (C) 2017-2024 Franco Fichtner # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -28,6 +28,7 @@ TMPFILE=/tmp/pkg_check.exclude MTREE="mtree -e -p /" +CMD=${1} : > ${LOCKFILE} @@ -135,7 +136,7 @@ core_check() return fi - echo "Core package \"${CORE}\" has $(pkg query %#d ${CORE}) dependencies to check." | ${TEE} ${LOCKFILE} + echo "Core package \"${CORE}\" at $(opnsense-version -v) has $(pkg query %#d ${CORE}) dependencies to check." | ${TEE} ${LOCKFILE} for DEP in $( (echo ${CORE}; pkg query %dn ${CORE}) | sort -u); do if [ -z "${PROGRESS}" ]; then @@ -166,7 +167,7 @@ EOF PROGRESS= fi - RVER=$(pkg rquery -r ${PRODUCT} %v ${DEP}) + RVER=$(pkg rquery -r ${PRODUCT} %v ${DEP} 2> /dev/null) if [ -z "${RVER}" ]; then if [ -n "${PROGRESS}" ]; then echo | ${TEE} ${LOCKFILE} @@ -223,34 +224,49 @@ echo "Currently running $(opnsense-version) at $(date)" >> ${LOCKFILE} echo ">>> Root file system: $(mount | awk '$3 == "/" { print $1 }')" | ${TEE} ${LOCKFILE} -set_check kernel -set_check base - -echo ">>> Check installed repositories" | ${TEE} ${LOCKFILE} -(opnsense-verify -l 2>&1) | ${TEE} ${LOCKFILE} - -echo ">>> Check installed plugins" | ${TEE} ${LOCKFILE} -PLUGINS=$(pkg query -g '%n %v' 'os-*' 2>&1) -if [ -n "${PLUGINS}" ]; then - (echo "${PLUGINS}") | ${TEE} ${LOCKFILE} -else - echo "No plugins found." | ${TEE} ${LOCKFILE} +if [ -z "${CMD}" -o "${CMD}" = "kernel" ]; then + set_check kernel fi -echo ">>> Check locked packages" | ${TEE} ${LOCKFILE} -LOCKED=$(pkg lock -lq 2>&1) -if [ -n "${LOCKED}" ]; then - (echo "${LOCKED}") | ${TEE} ${LOCKFILE} -else - echo "No locks found." | ${TEE} ${LOCKFILE} +if [ -z "${CMD}" -o "${CMD}" = "base" ]; then + set_check base fi -echo ">>> Check for missing package dependencies" | ${TEE} ${LOCKFILE} -(pkg check -dan 2>&1) | ${TEE} ${LOCKFILE} +if [ -z "${CMD}" -o "${CMD}" = "repos" ]; then + echo ">>> Check installed repositories" | ${TEE} ${LOCKFILE} + (opnsense-verify -l 2>&1) | ${TEE} ${LOCKFILE} +fi -echo ">>> Check for missing or altered package files" | ${TEE} ${LOCKFILE} -(pkg check -sa 2>&1) | ${TEE} ${LOCKFILE} +if [ -z "${CMD}" -o "${CMD}" = "plugins" ]; then + echo ">>> Check installed plugins" | ${TEE} ${LOCKFILE} + PLUGINS=$(pkg query -g '%n %v' 'os-*' 2>&1) + if [ -n "${PLUGINS}" ]; then + (echo "${PLUGINS}") | ${TEE} ${LOCKFILE} + else + echo "No plugins found." | ${TEE} ${LOCKFILE} + fi +fi -core_check +if [ -z "${CMD}" -o "${CMD}" = "locked" ]; then + echo ">>> Check locked packages" | ${TEE} ${LOCKFILE} + LOCKED=$(pkg lock -lq 2>&1) + if [ -n "${LOCKED}" ]; then + (echo "${LOCKED}") | ${TEE} ${LOCKFILE} + else + echo "No locks found." | ${TEE} ${LOCKFILE} + fi +fi + +if [ -z "${CMD}" -o "${CMD}" = "packages" ]; then + echo ">>> Check for missing package dependencies" | ${TEE} ${LOCKFILE} + (pkg check -dan 2>&1) | ${TEE} ${LOCKFILE} + + echo ">>> Check for missing or altered package files" | ${TEE} ${LOCKFILE} + (pkg check -sa 2>&1) | ${TEE} ${LOCKFILE} +fi + +if [ -z "${CMD}" -o "${CMD}" = "core" ]; then + core_check +fi echo '***DONE***' >> ${LOCKFILE}