firmware: add a functional stub for connectivity audit #4500

pkg update -f is a good starting point, but we also need to check DNS etc. so that is still a subject to debate.
2026-03-17 01:54:49 +00:00 · 2021-02-10 13:39:22 +01:00 · 2021-02-10 13:39:22 +01:00 · 831fcec40b
commit 831fcec40b
parent 2a860c841d
6 changed files with 73 additions and 2 deletions
--- a/1
+++ b/1
@ -692,6 +692,7 @@
 /usr/local/opnsense/scripts/filter/update_tables.py
 /usr/local/opnsense/scripts/firmware/changelog.sh
 /usr/local/opnsense/scripts/firmware/check.sh
+/usr/local/opnsense/scripts/firmware/connection.sh
 /usr/local/opnsense/scripts/firmware/health.sh
 /usr/local/opnsense/scripts/firmware/install.sh
 /usr/local/opnsense/scripts/firmware/launcher.sh
--- a/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php
@ -404,6 +404,27 @@ class FirmwareController extends ApiControllerBase
        return $response;
    }

+    /**
+     * run a connection check
+     * @return array status
+     * @throws \Exception
+     */
+    public function connectionAction()
+    {
+        $this->sessionClose(); // long running action, close session
+        $backend = new Backend();
+        $response = array();
+
+        if ($this->request->isPost()) {
+            $response['status'] = 'ok';
+            $response['msg_uuid'] = trim($backend->configdRun("firmware connection", true));
+        } else {
+            $response['status'] = 'failure';
+        }
+
+        return $response;
+    }
+
    /**
     * run a health check
     * @return array status
--- a/src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt
@ -604,6 +604,7 @@
        $("#plugin_get").click(function () { audit('syncPlugins'); });
        $("#plugin_set").click(function () { audit('resyncPlugins'); });
        $('#audit_security').click(function () { audit('audit'); });
+        $('#audit_connection').click(function () { audit('connection'); });
        $('#audit_health').click(function () { audit('health'); });
        $('#upgrade_maj').click(function () {
            $.upgrade_needs_reboot = 1;
@ -905,8 +906,9 @@
                                            <i class="fa fa-lock"></i> {{ lang._('Run an audit') }} <i class="caret"></i>
                                        </button>
                                        <ul class="dropdown-menu" role="menu">
-                                            <li><a id="audit_security" href="#">{{ lang._('Security') }}</a></li>
+                                            <li><a id="audit_connection" href="#">{{ lang._('Connectivity') }}</a></li>
                                            <li><a id="audit_health" href="#">{{ lang._('Health') }}</a></li>
+                                            <li><a id="audit_security" href="#">{{ lang._('Security') }}</a></li>
                                        </ul>
                                    </div>
                                    <div class="btn-group" id="plugin_actions" style="display:none;">
--- a/src/opnsense/scripts/firmware/connection.sh
+++ b/src/opnsense/scripts/firmware/connection.sh
@ -0,0 +1,40 @@
+#!/bin/sh
+
+# Copyright (C) 2021 Franco Fichtner <franco@opnsense.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice,
+#    this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+LOCKFILE="/tmp/pkg_upgrade.progress"
+PIPEFILE="/tmp/pkg_upgrade.pipe"
+TEE="/usr/bin/tee -a"
+
+: > ${LOCKFILE}
+rm -f ${PIPEFILE}
+mkfifo ${PIPEFILE}
+
+echo "***GOT REQUEST TO AUDIT CONNECTIVITY***" >> ${LOCKFILE}
+echo "Currently running $(opnsense-version) at $(date)" >> ${LOCKFILE}
+${TEE} ${LOCKFILE} < ${PIPEFILE} &
+pkg -d update -f > ${PIPEFILE} 2>&1
+sleep 1 # give the system time to flush the buffer to console
+echo '***DONE***' >> ${LOCKFILE}
--- a/src/opnsense/scripts/firmware/launcher.sh
+++ b/src/opnsense/scripts/firmware/launcher.sh
@ -29,14 +29,15 @@ LOCKFILE="/tmp/pkg_upgrade.progress"
 FLOCK="/usr/local/bin/flock -n -o"
 COMMANDS="
 check
+connection
 health
 install
 lock
 reinstall
 remove
+resync
 security
 sync
-resync
 type
 unlock
 upgrade
--- a/src/opnsense/service/conf/actions.d/actions_firmware.conf
+++ b/src/opnsense/service/conf/actions.d/actions_firmware.conf
@ -59,6 +59,12 @@ parameters:
 type:script
 message:Retrieving health status

+[connection]
+command:/usr/sbin/daemon -f /usr/local/opnsense/scripts/firmware/launcher.sh connection
+parameters:
+type:script
+message:Retrieving connectivity status
+
 [running]
 command:/usr/local/opnsense/scripts/firmware/running.sh
 parameters: