We already know a new kernel/base is there, but look up the old
one which may fail if it has been deleted. This causes the sets
to be omitted from the update list, even though later on the
upgrade works as expected.
This implementation makes sure the callback is called with the actual field value and may return a list of validation errors.
Related to https://github.com/opnsense/core/issues/1858
While working on https://github.com/opnsense/core/issues/1858 we decided to drop the detailed descriptions, since they won't fit into the new mvc version.
The new version will use a tokenizer to add alias entries, which makes it impossible to add labels on top of single items. When detailed descriptions are needed, we have support for alias nesting so single items can have descriptions. The current solution is hard to port, without the need of generating xml tags per item, which in many cases has quite some overhead.
The new alias code will likely enter in a 18.7.x release, since we don't want to drop support in a minor release, we've chosen to do so in the legacy code.
The format issue has been reported before in https://github.com/opnsense/core/issues/1110, for now we stick to using list types into single xml tags, since this is aligned with the other fieldtypes we use, and drop the impractical aligned descriptions.
As discussed with @fichtner
This is only an improvement and unification of
`src/opnsense/scripts/shell/banner.php`.
Using `openssh_enabled()` both times in this file is preferred over one
time using `isset($config['system']['ssh']['enabled'])` and the other
time using `openssh_enabled()`.
Updates: 00f9b21cb78d9f76a8f94e8e62cbcefad65b7d99
Updates: 81e50abd0afba2d58ce487cdad60c7aedf899bbf
Updates: https://github.com/opnsense/core/pull/2481
Nice thing is that `openssl x509` respects the order of supplied
arguments. It was chosen to print the one line of fingerprint above of
the X509 text dump. `-sha256` is needed because OpenSSL 1.0.2k-freebsd
26 Jan 2017 seems to default to SHA1 currently.
Example of the first line:
```
SHA256 Fingerprint=F0:E6:EB:31:E8:87:AF:52:16:4E:84:05:3B:6C:03:2C:C1:DF:5A:E7:36:F4:32:44:3B:B5:57:63:97:45:C3:77
```
This commit is one piece to make fully trusted bootstrapping easier.
Related to: https://github.com/opnsense/core/issues/2427
URL path of the GUI page involved: /system_certmanager.php
Example output:
```
$ /usr/local/etc/rc.initial.banner
*** test-fw.localdomain: OPNsense 18.1.10 (amd64/OpenSSL) ***
WAN (vtnet0) -> v4/DHCP4: 172.30.23.2/24
SSH: 256 SHA256:fcMIAgT/vZR/TWP0j8AFROTNnudkU1tP9sRhbsIa8vM (ECDSA)
SSH: 256 SHA256:lDenOc5wy2WU0e6sSz2hR9nEFnMqx5c3u1F/pHxgJlY (ED25519)
SSH: 2048 SHA256:dsw9srlQHL0hPJlEdR9rL769N30BTZgXG9gXbdZGOkU (RSA)
HTTPS X.509 cert: SHA256 Fingerprint=F0:E6:EB:31:E8:87:AF:52:16:4E:84:05:3B:6C:03:2C:C1:DF:5A:E7:36:F4:32:44:3B:B5:57:63:97:45:C3:77
```
The list of fingerprints is appended after the interface list because
the interface list might be pretty long and thus would move the
fingerprints out of the screen which we don’t want.
Previously (#2427) I suggested to extract the X.509 certificate from the
xml config but the difficult part for me who is not so familiar with the
implementation of OPNsense is to find the certificate which is actually
used by the local web server. I found that `/var/etc/cert.pem` is used
in the configuration of the local web server and assume that this is the
easier way to implement this in the expectation that the file name does
not change without being also changed in this script and that the file
exists. If it does not exist, OpenSSL would complain with a useful error
message.
This commit is one piece to make fully trusted bootstrapping easier.
Related to: https://github.com/opnsense/core/issues/2427
Tested on: OPNsense 18.1.10-amd64
