From 996d2bf363ff600554645fbc765ce31a6c7a8a1b Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Mon, 9 Oct 2017 06:15:50 +0000 Subject: [PATCH] firmware: allow `configctl firmware (un)lock' Prevented throught the API action, but useful for an upcoming setting, it locks the base + kernel. --- .../OPNsense/Core/Api/FirmwareController.php | 18 ++++++++++++------ src/opnsense/scripts/firmware/lock.sh | 13 +++++++++---- src/opnsense/scripts/firmware/unlock.sh | 13 +++++++++---- 3 files changed, 30 insertions(+), 14 deletions(-) diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php b/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php index 383644663..08e080c2d 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php +++ b/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php @@ -439,15 +439,18 @@ class FirmwareController extends ApiControllerBase $response = array(); if ($this->request->isPost()) { - $response['status'] = 'ok'; - // sanitize package name $filter = new \Phalcon\Filter(); $filter->add('pkgname', function ($value) { return preg_replace('/[^0-9a-zA-Z-_]/', '', $value); }); $pkg_name = $filter->sanitize($pkg_name, "pkgname"); - // execute action + } else { + $pkg_name = null; + } + + if (!empty($pkg_name)) { $response['msg_uuid'] = trim($backend->configdpRun("firmware lock", array($pkg_name), true)); + $response['status'] = 'ok'; } else { $response['status'] = 'failure'; } @@ -467,15 +470,18 @@ class FirmwareController extends ApiControllerBase $response = array(); if ($this->request->isPost()) { - $response['status'] = 'ok'; - // sanitize package name $filter = new \Phalcon\Filter(); $filter->add('pkgname', function ($value) { return preg_replace('/[^0-9a-zA-Z-_]/', '', $value); }); $pkg_name = $filter->sanitize($pkg_name, "pkgname"); - // execute action + } else { + $pkg_name = null; + } + + if (!empty($pkg_name)) { $response['msg_uuid'] = trim($backend->configdpRun("firmware unlock", array($pkg_name), true)); + $response['status'] = 'ok'; } else { $response['status'] = 'failure'; } diff --git a/src/opnsense/scripts/firmware/lock.sh b/src/opnsense/scripts/firmware/lock.sh index 8c20703a0..eeffbd6c7 100755 --- a/src/opnsense/scripts/firmware/lock.sh +++ b/src/opnsense/scripts/firmware/lock.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2015-2016 Franco Fichtner +# Copyright (C) 2015-2017 Franco Fichtner # Copyright (C) 2014 Deciso B.V. # All rights reserved. # @@ -26,11 +26,16 @@ # POSSIBILITY OF SUCH DAMAGE. PKG_PROGRESS_FILE=/tmp/pkg_upgrade.progress -PACKAGE=$1 +PACKAGE=${1} + +if [ -z "${PACKAGE}" ]; then + opnsense-update -L + exit 0 +fi # Truncate upgrade progress file : > ${PKG_PROGRESS_FILE} -echo "***GOT REQUEST TO LOCK: $PACKAGE***" >> ${PKG_PROGRESS_FILE} -pkg lock -y $PACKAGE >> ${PKG_PROGRESS_FILE} 2>&1 +echo "***GOT REQUEST TO LOCK: ${PACKAGE}***" >> ${PKG_PROGRESS_FILE} +pkg lock -y ${PACKAGE} >> ${PKG_PROGRESS_FILE} 2>&1 echo '***DONE***' >> ${PKG_PROGRESS_FILE} diff --git a/src/opnsense/scripts/firmware/unlock.sh b/src/opnsense/scripts/firmware/unlock.sh index ff2bcbf27..d6f061242 100755 --- a/src/opnsense/scripts/firmware/unlock.sh +++ b/src/opnsense/scripts/firmware/unlock.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2015-2016 Franco Fichtner +# Copyright (C) 2015-2017 Franco Fichtner # Copyright (C) 2014 Deciso B.V. # All rights reserved. # @@ -26,11 +26,16 @@ # POSSIBILITY OF SUCH DAMAGE. PKG_PROGRESS_FILE=/tmp/pkg_upgrade.progress -PACKAGE=$1 +PACKAGE=${1} + +if [ -z "${PACKAGE}" ]; then + opnsense-update -U + exit 0 +fi # Truncate upgrade progress file : > ${PKG_PROGRESS_FILE} -echo "***GOT REQUEST TO UNLOCK: $PACKAGE***" >> ${PKG_PROGRESS_FILE} -pkg unlock -y $PACKAGE >> ${PKG_PROGRESS_FILE} 2>&1 +echo "***GOT REQUEST TO UNLOCK: ${PACKAGE}***" >> ${PKG_PROGRESS_FILE} +pkg unlock -y ${PACKAGE} >> ${PKG_PROGRESS_FILE} 2>&1 echo '***DONE***' >> ${PKG_PROGRESS_FILE}