diff --git a/plist b/plist index 5cc3d4b0d..3f37a962d 100644 --- a/plist +++ b/plist @@ -1009,6 +1009,8 @@ /usr/local/opnsense/scripts/firmware/register.php /usr/local/opnsense/scripts/firmware/reinstall.sh /usr/local/opnsense/scripts/firmware/remove.sh +/usr/local/opnsense/scripts/firmware/repos/OPNsense.php +/usr/local/opnsense/scripts/firmware/repos/README /usr/local/opnsense/scripts/firmware/resync.sh /usr/local/opnsense/scripts/firmware/running.sh /usr/local/opnsense/scripts/firmware/security.sh diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index 826bb97cb..4527a7d4a 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -828,37 +828,21 @@ function get_memory() function system_firmware_configure($verbose = false) { - global $config; + service_log('Writing firmware settings:', $verbose); - service_log('Writing firmware setting...', $verbose); + $scripts = glob('/usr/local/opnsense/scripts/firmware/repos/*'); + natsort($scripts); - /* calculate the effective ABI */ - $args = [ exec_safe('-A %s', shell_safe('opnsense-version -x')) ]; - $url_sub = ''; - - if (!empty($config['system']['firmware']['subscription'])) { - /* - * Append the url now that it is not in the mirror anymore. - * This only ever works if the mirror is set to a non-default. - */ - $url_sub = '/' . $config['system']['firmware']['subscription']; - } else { - /* clear the license file when no subscription key is set */ - @unlink('/usr/local/opnsense/version/core.license'); + foreach ($scripts as $script) { + if (is_executable($script)) { + /* run the script in passthru() but avoid standard output from this side */ + passthru($script . '> /dev/null'); + /* make a note about repo being handled */ + service_log(' ' . preg_replace('/\..*?$/', ' ', basename($script))); + } } - if (!empty($config['system']['firmware']['mirror'])) { - $args[] = exec_safe('-m %s', str_replace('/', '\/', $config['system']['firmware']['mirror'] . $url_sub)); - } - - if (!empty($config['system']['firmware']['flavour'])) { - $args[] = exec_safe('-n %s', str_replace('/', '\/', $config['system']['firmware']['flavour'])); - } - - /* rewrite the config via the defaults and possible arguments */ - mwexec('/usr/local/sbin/opnsense-update -sd ' . join(' ', $args)); - - service_log("done.\n", $verbose); + service_log("\n"); } function system_trust_configure($verbose = false) diff --git a/src/opnsense/scripts/firmware/repos/OPNsense.php b/src/opnsense/scripts/firmware/repos/OPNsense.php new file mode 100755 index 000000000..85db64066 --- /dev/null +++ b/src/opnsense/scripts/firmware/repos/OPNsense.php @@ -0,0 +1,61 @@ +#!/usr/local/bin/php + + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once('util.inc'); +require_once('script/load_phalcon.php'); + +use OPNsense\Core\Config; + +$config = Config::getInstance()->object(); + +/* calculate the effective ABI */ +$args = [ exec_safe('-A %s', shell_safe('opnsense-version -x')) ]; +$url_sub = ''; + +if (!empty($config->system->firmware->subscription)) { + /* + * Append the url now that it is not in the mirror anymore. + * This only ever works if the mirror is set to a non-default. + */ + $url_sub = '/' . $config->system->firmware->subscription; +} else { + /* clear the license file when no subscription key is set */ + @unlink('/usr/local/opnsense/version/core.license'); +} + +if (!empty($config->system->firmware->mirror)) { + $args[] = exec_safe('-m %s', str_replace('/', '\/', $config->system->firmware->mirror . $url_sub)); +} + +if (!empty($config->system->firmware->flavour)) { + $args[] = exec_safe('-n %s', str_replace('/', '\/', (string)$config->system->firmware->flavour)); +} + +/* rewrite the config via the defaults and possible arguments */ +shell_safe('/usr/local/sbin/opnsense-update -sd ' . join(' ', $args)); diff --git a/src/opnsense/scripts/firmware/repos/README b/src/opnsense/scripts/firmware/repos/README new file mode 100755 index 000000000..65257ffd7 --- /dev/null +++ b/src/opnsense/scripts/firmware/repos/README @@ -0,0 +1,7 @@ +Repository-based scripts live here to be provided by plugins. +The firmware configuration will run any script with executable +bit set regardless of the script language. The scripts are not +restricted in scope at the moment because we do not know all +the requirements of other vendors. + +Single script per repository matching in name is recommended.