From 6f7f35760e0cf7b66639ece9011509854e06d980 Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Wed, 4 Oct 2017 23:32:31 -0500 Subject: Rebrand --- .../pfSense-repo/files/RaptorGuard-repo-devel.conf | 17 + .../files/RaptorGuard-repo-devel.descr | 1 + sysutils/pfSense-repo/files/RaptorGuard-repo.conf | 17 + sysutils/pfSense-repo/files/RaptorGuard-repo.descr | 1 + .../pfSense-repo/files/pfSense-repo-devel.conf | 17 - .../pfSense-repo/files/pfSense-repo-devel.descr | 1 - sysutils/pfSense-repo/files/pfSense-repo.conf | 17 - sysutils/pfSense-repo/files/pfSense-repo.descr | 1 - sysutils/pfSense-upgrade/files/RaptorGuard-upgrade | 1146 ++++++++++++++++++++ .../files/RaptorGuard-upgrade.wrapper | 79 ++ sysutils/pfSense-upgrade/files/pfSense-upgrade | 1146 -------------------- .../pfSense-upgrade/files/pfSense-upgrade.wrapper | 79 -- 12 files changed, 1261 insertions(+), 1261 deletions(-) create mode 100644 sysutils/pfSense-repo/files/RaptorGuard-repo-devel.conf create mode 100644 sysutils/pfSense-repo/files/RaptorGuard-repo-devel.descr create mode 100644 sysutils/pfSense-repo/files/RaptorGuard-repo.conf create mode 100644 sysutils/pfSense-repo/files/RaptorGuard-repo.descr delete mode 100644 sysutils/pfSense-repo/files/pfSense-repo-devel.conf delete mode 100644 sysutils/pfSense-repo/files/pfSense-repo-devel.descr delete mode 100644 sysutils/pfSense-repo/files/pfSense-repo.conf delete mode 100644 sysutils/pfSense-repo/files/pfSense-repo.descr create mode 100755 sysutils/pfSense-upgrade/files/RaptorGuard-upgrade create mode 100644 sysutils/pfSense-upgrade/files/RaptorGuard-upgrade.wrapper delete mode 100755 sysutils/pfSense-upgrade/files/pfSense-upgrade delete mode 100644 sysutils/pfSense-upgrade/files/pfSense-upgrade.wrapper diff --git a/sysutils/pfSense-repo/files/RaptorGuard-repo-devel.conf b/sysutils/pfSense-repo/files/RaptorGuard-repo-devel.conf new file mode 100644 index 0000000..c4e69fa --- /dev/null +++ b/sysutils/pfSense-repo/files/RaptorGuard-repo-devel.conf @@ -0,0 +1,17 @@ +FreeBSD: { enabled: no } + +%%PRODUCT_NAME%%-core: { + url: "%%PKG_REPO_SERVER_DEVEL%%/%%PRODUCT_NAME%%_%%PKG_REPO_BRANCH_DEVEL%%_%%ARCH%%-core", + mirror_type: "srv", + signature_type: "fingerprints", + fingerprints: "/usr/local/share/%%PRODUCT_NAME%%/keys/pkg", + enabled: yes +} + +%%PRODUCT_NAME%%: { + url: "%%PKG_REPO_SERVER_DEVEL%%/%%PRODUCT_NAME%%_%%PKG_REPO_BRANCH_DEVEL%%_%%ARCH%%-%%POUDRIERE_PORTS_NAME%%", + mirror_type: "srv", + signature_type: "fingerprints", + fingerprints: "/usr/local/share/%%PRODUCT_NAME%%/keys/pkg", + enabled: yes +} diff --git a/sysutils/pfSense-repo/files/RaptorGuard-repo-devel.descr b/sysutils/pfSense-repo/files/RaptorGuard-repo-devel.descr new file mode 100644 index 0000000..c2c9eb2 --- /dev/null +++ b/sysutils/pfSense-repo/files/RaptorGuard-repo-devel.descr @@ -0,0 +1 @@ +Development Snapshots (Experimental) diff --git a/sysutils/pfSense-repo/files/RaptorGuard-repo.conf b/sysutils/pfSense-repo/files/RaptorGuard-repo.conf new file mode 100644 index 0000000..c4e69fa --- /dev/null +++ b/sysutils/pfSense-repo/files/RaptorGuard-repo.conf @@ -0,0 +1,17 @@ +FreeBSD: { enabled: no } + +%%PRODUCT_NAME%%-core: { + url: "%%PKG_REPO_SERVER_DEVEL%%/%%PRODUCT_NAME%%_%%PKG_REPO_BRANCH_DEVEL%%_%%ARCH%%-core", + mirror_type: "srv", + signature_type: "fingerprints", + fingerprints: "/usr/local/share/%%PRODUCT_NAME%%/keys/pkg", + enabled: yes +} + +%%PRODUCT_NAME%%: { + url: "%%PKG_REPO_SERVER_DEVEL%%/%%PRODUCT_NAME%%_%%PKG_REPO_BRANCH_DEVEL%%_%%ARCH%%-%%POUDRIERE_PORTS_NAME%%", + mirror_type: "srv", + signature_type: "fingerprints", + fingerprints: "/usr/local/share/%%PRODUCT_NAME%%/keys/pkg", + enabled: yes +} diff --git a/sysutils/pfSense-repo/files/RaptorGuard-repo.descr b/sysutils/pfSense-repo/files/RaptorGuard-repo.descr new file mode 100644 index 0000000..e892126 --- /dev/null +++ b/sysutils/pfSense-repo/files/RaptorGuard-repo.descr @@ -0,0 +1 @@ +Stable (Default) diff --git a/sysutils/pfSense-repo/files/pfSense-repo-devel.conf b/sysutils/pfSense-repo/files/pfSense-repo-devel.conf deleted file mode 100644 index c4e69fa..0000000 --- a/sysutils/pfSense-repo/files/pfSense-repo-devel.conf +++ /dev/null @@ -1,17 +0,0 @@ -FreeBSD: { enabled: no } - -%%PRODUCT_NAME%%-core: { - url: "%%PKG_REPO_SERVER_DEVEL%%/%%PRODUCT_NAME%%_%%PKG_REPO_BRANCH_DEVEL%%_%%ARCH%%-core", - mirror_type: "srv", - signature_type: "fingerprints", - fingerprints: "/usr/local/share/%%PRODUCT_NAME%%/keys/pkg", - enabled: yes -} - -%%PRODUCT_NAME%%: { - url: "%%PKG_REPO_SERVER_DEVEL%%/%%PRODUCT_NAME%%_%%PKG_REPO_BRANCH_DEVEL%%_%%ARCH%%-%%POUDRIERE_PORTS_NAME%%", - mirror_type: "srv", - signature_type: "fingerprints", - fingerprints: "/usr/local/share/%%PRODUCT_NAME%%/keys/pkg", - enabled: yes -} diff --git a/sysutils/pfSense-repo/files/pfSense-repo-devel.descr b/sysutils/pfSense-repo/files/pfSense-repo-devel.descr deleted file mode 100644 index c2c9eb2..0000000 --- a/sysutils/pfSense-repo/files/pfSense-repo-devel.descr +++ /dev/null @@ -1 +0,0 @@ -Development Snapshots (Experimental) diff --git a/sysutils/pfSense-repo/files/pfSense-repo.conf b/sysutils/pfSense-repo/files/pfSense-repo.conf deleted file mode 100644 index c4e69fa..0000000 --- a/sysutils/pfSense-repo/files/pfSense-repo.conf +++ /dev/null @@ -1,17 +0,0 @@ -FreeBSD: { enabled: no } - -%%PRODUCT_NAME%%-core: { - url: "%%PKG_REPO_SERVER_DEVEL%%/%%PRODUCT_NAME%%_%%PKG_REPO_BRANCH_DEVEL%%_%%ARCH%%-core", - mirror_type: "srv", - signature_type: "fingerprints", - fingerprints: "/usr/local/share/%%PRODUCT_NAME%%/keys/pkg", - enabled: yes -} - -%%PRODUCT_NAME%%: { - url: "%%PKG_REPO_SERVER_DEVEL%%/%%PRODUCT_NAME%%_%%PKG_REPO_BRANCH_DEVEL%%_%%ARCH%%-%%POUDRIERE_PORTS_NAME%%", - mirror_type: "srv", - signature_type: "fingerprints", - fingerprints: "/usr/local/share/%%PRODUCT_NAME%%/keys/pkg", - enabled: yes -} diff --git a/sysutils/pfSense-repo/files/pfSense-repo.descr b/sysutils/pfSense-repo/files/pfSense-repo.descr deleted file mode 100644 index e892126..0000000 --- a/sysutils/pfSense-repo/files/pfSense-repo.descr +++ /dev/null @@ -1 +0,0 @@ -Stable (Default) diff --git a/sysutils/pfSense-upgrade/files/RaptorGuard-upgrade b/sysutils/pfSense-upgrade/files/RaptorGuard-upgrade new file mode 100755 index 0000000..52ad05a --- /dev/null +++ b/sysutils/pfSense-upgrade/files/RaptorGuard-upgrade @@ -0,0 +1,1146 @@ +#!/bin/sh +# +# pfSense-upgrade +# +# part of pfSense (https://www.pfsense.org) +# Copyright (c) 2015-2016 Rubicon Communications, LLC (Netgate) +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +usage() { + me=$(basename $0) + cat << EOD >&2 +Usage: ${me} [-46bdfhnRUy] [-l logfile] [-p socket] [-c|-u|[-i|-d] pkg_name]" + -4 - Force IPv4" + -6 - Force IPv6" + -b - Platform is booting" + -d - Turn on debug" + -f - Force package installation" + -h - Show this usage help" + -l logfile - Logfile path (defaults to /cf/conf/upgrade_log.txt)" + -n - Dry run" + -p socket - Write pkg progress to socket" + -R - Do not reboot (this can be dangerous)" + -U - Do not update repository information" + -y - Assume yes as the answer to any possible interaction" +" +The following parameters are mutually exclusive:" + -c - Check if upgrade is necessary" + -i pkg_name - Install package PKG_NAME" + -r pkg_name - Remove package PKG_NAME" + -u - Update repository information" +EOD +} + +_echo() { + local _n="" + if [ "${1}" = "-n" ]; then + shift + _n="-n" + fi + + if [ -z "${logfile}" ]; then + logfile=/dev/null + fi + + echo ${_n} "${@}" | tee -a ${logfile} +} + +_exec() { + local _cmd="${1}" + local _msg="${2}" + local _mute="${3}" + local _ignore_result="${4}" + local _stdout="${stdout}" + + if [ -z "${_cmd}" -o -z "${_msg}" ]; then + return 1 + fi + + if [ "${_mute}" != "mute" ]; then + _stdout='' + fi + + _echo -n ">>> ${_msg}... " + if [ -z "${_stdout}" ]; then + _echo "" + # Ref. https://stackoverflow.com/a/30658405 + exec 4>&1 + local _result=$( \ + { { ${_cmd} 2>&1 3>&-; printf $? 1>&3; } 4>&- \ + | tee -a ${logfile} 1>&4; } 3>&1) + exec 4>&- + else + # Ref. https://stackoverflow.com/a/30658405 + exec 4>&1 + local _result=$( \ + { { ${_cmd} >${_stdout} 2>&1 3>&-; printf $? 1>&3; } 4>&- \ + | tee -a ${logfile} 1>&4; } 3>&1) + exec 4>&- + fi + + if [ ${_result} -eq 0 -o -n "${_ignore_result}" ]; then + [ -n "${_stdout}" ] \ + && _echo "done." + return 0 + else + [ -n "${_stdout}" ] \ + && _echo "failed." + _exit 1 + fi +} + +_exit() { + trap "-" 1 2 15 EXIT + + if [ -n "${delete_pid}" -a -f "${pid_file}" ]; then + rm -f ${pid_file} + fi + + if [ -z "${booting}" -o "${boot_stage}" != "2" ]; then + php /etc/rc.conf_mount_ro + fi + + if [ -n "${nc_pid}" ] && ps -p ${nc_pid} >/dev/null 2>&1; then + kill ${nc_pid} + fi + + if [ -n "${delete_annotation}" ]; then + pkg annotate -q -D ${kernel_pkg} next_stage + fi + + if [ -n "${unlock_additional_pkgs}" ]; then + pkg_unlock "${pkg_prefix}*" + fi + + local _rc=${1:-"0"} + + # If EVENT_PIPE is defined, GUI is calling + if [ -n "${progress_socket}" ]; then + local _need_reboot_str="" + [ -n "${need_reboot}" ] \ + && _need_reboot_str=" __REBOOT_AFTER=${reboot_after}" + _echo "__RC=${_rc}${_need_reboot_str}" + fi + + exit ${_rc} +} + +pkg_with_pb() { + local _event_pipe="" + + if [ -n "${progress_socket}" ]; then + if [ -e "${progress_socket}" ]; then + rm -f ${progress_socket} + fi + + _event_pipe="-o EVENT_PIPE=${progress_socket}" + + nc -lU ${progress_socket} >> ${progress_file} & + nc_pid=$! + + while [ ! -e "${progress_socket}" ]; do + sleep 0.1 + done + fi + + pkg ${_event_pipe} $@ + local _pkg_result=$? + nc_pid="" + return ${_pkg_result} +} + +fetch_upgrade_packages() { + _exec "pkg_with_pb upgrade -F" "Downloading upgrade packages" +} + +pkg_lock() { + local _pkgs="$@" + + if [ -z "${_pkgs}" ]; then + return + fi + + for _pkg in ${_pkgs}; do + for _pkg_name in $(pkg query -g %n "${_pkg}"); do + _locked=$(pkg query %k ${_pkg_name}) + if [ "${_locked}" != "0" ]; then + continue + fi + _exec "pkg lock ${_pkg_name}" \ + "Locking package ${_pkg_name}" mute + done + done +} + +pkg_unlock() { + local _pkgs="$@" + + if [ -z "${_pkgs}" ]; then + return + fi + + for _pkg in ${_pkgs}; do + for _pkg_name in $(pkg query -g %n "${_pkg}"); do + _locked=$(pkg query %k ${_pkg_name}) + if [ "${_locked}" != "1" ]; then + continue + fi + _exec "pkg unlock ${_pkg_name}" \ + "Unlocking package ${_pkg_name}" mute + done + done +} + +set_vital_flag() { + for _pkg in "$@"; do + local _vflag=$(pkg query %V ${_pkg} 2>/dev/null) + + [ "${_vflag}" != "0" ] \ + && continue + + _exec "pkg set -y -v 1 ${_pkg}" \ + "Setting vital flag on ${_pkg}" mute + done +} + +abi_setup() { + local _freebsd_version=$(uname -r) + local _pkg_repo_conf="/usr/local/etc/pkg/repos/${product}.conf" + + local _arch=$(uname -p) + + CUR_ABI="FreeBSD:${_freebsd_version%%.*}:${_arch}" + CUR_ALTABI="freebsd:${_freebsd_version%%.*}" + + if [ "${_arch}" = "armv6" ]; then + CUR_ALTABI="${CUR_ALTABI}:${_arch}:32:el:eabi:hardfp" + elif [ "${_arch}" = "i386" ]; then + CUR_ALTABI="${CUR_ALTABI}:x86:32" + else + CUR_ALTABI="${CUR_ALTABI}:x86:64" + fi + + if [ ! -e ${_pkg_repo_conf} ]; then + validate_repo_conf + fi + + local _repo_abi_file=$(readlink ${_pkg_repo_conf}) + + if [ -f ${_repo_abi_file%%.conf}.abi ]; then + ABI=$(cat ${_repo_abi_file%%.conf}.abi) + else + ABI=${CUR_ABI} + fi + + if [ -f ${_repo_abi_file%%.conf}.altabi ]; then + ALTABI=$(cat ${_repo_abi_file%%.conf}.altabi) + else + ALTABI=${CUR_ALTABI} + fi + + # Make sure pkg.conf is set properly so GUI can work + echo "ABI=${ABI}" > /usr/local/etc/pkg.conf + echo "ALTABI=${ALTABI}" >> /usr/local/etc/pkg.conf + + if [ "${CUR_ABI}" = "${ABI}" -o "${CUR_ABI}" = "${ALTABI}" ] ; then + NEW_MAJOR="" + else + NEW_MAJOR=1 + ABI="${ALTABI}" + fi + + export CUR_ABI CUR_ALTABI ABI ALTABI NEW_MAJOR +} + +pkg_update() { + local _force="" + local _mute="" + + [ "${1}" = "force" ] \ + && _force=" -f" + + if [ -z "${_force}" -a -n "${dont_update}" ]; then + return 0 + fi + + [ "${2}" = "mute" ] \ + && _mute="mute" + + abi_setup + + _exec "pkg update${_force}" "Updating repositories metadata" ${_mute} +} + +pkg_upgrade_repo() { + if [ -z "${NEW_MAJOR}" -a "$(compare_pkg_version pkg)" = "<" ]; then + _exec "pkg upgrade${dont_update} pkg" "Upgrading pkg" mute + pkg_update force + fi + + local _repo_pkg="${product}-repo" + + # Deprecated pa + if is_pkg_installed ${product}-repo-devel; then + _exec "pkg set -A 1 ${product}-repo-devel" \ + "Scheduling package ${product}-repo-devel for removal" + _exec "pkg install${dont_update} ${_repo_pkg}" \ + "Installing ${_repo_pkg}" mute + _exec "pkg delete ${product}-repo-devel" \ + "Removing ${product}-repo-devel" mute ignore_result + validate_repo_conf + pkg_update force + fi + + [ -n "${NEW_MAJOR}" ] \ + && return + + case "$(compare_pkg_version ${_repo_pkg})" in + "<") + local _force="" + ;; + ">") + local _force=" -f" + ;; + "=") + return + ;; + *) + _echo "ERROR: Unable to compare version of ${_repo_pkg}" + _exit 1 + esac + + cp /usr/local/etc/pkg/repos/${product}.conf /tmp/${product}.conf.copy + _exec "pkg upgrade${dont_update}${_force} ${_repo_pkg}" \ + "Upgrading ${_repo_pkg}" mute + abi_setup + # If conf differs, for an update + if ! cmp -s /usr/local/etc/pkg/repos/${product}.conf \ + /tmp/${product}.conf.copy; then + pkg_update force + + # New repo may contain newer pkg + if [ -z "${NEW_MAJOR}" -a "$(compare_pkg_version pkg)" = "<" ] + then + _exec "pkg upgrade pkg" "Upgrading pkg" mute + pkg_update force + fi + fi + rm -f /tmp/${product}.conf.copy +} + +upgrade_available() { + # XXX locked packages message should be printed on stderr by pkg? + local _lines=$(pkg upgrade${dont_update} -nq "$@" 2>/dev/null \ + | sed -e '/^$/d; /is locked and may not be modified/d' \ + | wc -l) + + test ${_lines} -gt 0 + return $? +} + +pkg_upgrade() { + # figure out which kernel variant is running + export kernel_pkg=$(pkg query %n $(pkg info ${product}-kernel-\* | \ + grep -v -- -debug-)) + + # Detect if has u-boot package installed + unset uboot_bin + unset uboot_pkg + unset uboot_mntp + if pkg info ${product}-u-boot-ufw\* >/dev/null 2>&1; then + export uboot_pkg=$(pkg query %n \ + $(pkg info ${product}-u-boot-ufw\*)) + export uboot_mntp=/boot/msdos + export uboot_bin=u-boot.img + fi + if pkg info ${product}-u-boot-sg3100\* >/dev/null 2>&1; then + export uboot_pkg=$(pkg query %n \ + $(pkg info ${product}-u-boot-sg3100\*)) + export uboot_mntp=/boot/u-boot + export uboot_bin=u-boot.bin + fi + + if [ -n "${uboot_pkg}" -a \ + "$(compare_pkg_version ${uboot_pkg})" = "<" ]; then + if [ ! -f ${uboot_mntp}/${uboot_bin} ]; then + # Try to mount /boot/msdos + mount ${uboot_mntp} >/dev/null 2>&1 + fi + + if [ ! -f ${uboot_mntp}/${uboot_bin} ]; then + _echo "ERROR: u-boot partition (${uboot_mntp}) is not" \ + "properly mounted" + _exit 1 + fi + fi + + if [ -z "${kernel_pkg}" ]; then + _echo "ERROR: It was not possible to identify which" \ + "${product} kernel is installed" + _exit 1 + fi + + export next_stage=$(pkg annotate -q -S ${kernel_pkg} next_stage) + export is_pkg_locked=$(pkg annotate -q -S ${kernel_pkg} new_major) + + if [ -n "${next_stage}" -a -n "${booting}" -a -n "${boot_stage}" ]; then + if [ ${boot_stage} != ${next_stage} ]; then + _exit 0 + fi + fi + + # If it's booting and first stage didn't run, just exit + if [ -n "${booting}" -a -z "${next_stage}" ]; then + _exit 0 + fi + + need_reboot=1 + # First upgrade stage + if [ -z "${next_stage}" ]; then + if [ -f "${logfile}" ]; then + rm -f ${logfile} + fi + + pkg_update + + # Lock pkg to avoid having pkg binary for version N+1 installed + # on N + if [ -n "${NEW_MAJOR}" ]; then + pkg_lock pkg + fi + + pkg_upgrade_repo + + # If a new version of pfSense-upgrade is available, upgrade it + # and return a special code 99 used by wrapper to run newer + # version again using the same parameters + if [ "$(compare_pkg_version ${product}-upgrade)" = "<" ]; then + _exec "pkg upgrade${dont_update} ${product}-upgrade" \ + "Upgrading ${product}-upgrade" mute + [ -n "${NEW_MAJOR}" ] \ + && pkg_unlock pkg + _exit 99 + fi + + # Old versions used to lock kernel and uboot, make sure we + # get it reverted + if pkg lock -l 2>&1 | grep -q "kernel"; then + pkg_unlock ${kernel_pkg} + fi + if [ -n "${uboot_pkg}" ] && \ + pkg lock -l 2>&1 | grep -q "u-boot"; then + pkg_unlock ${uboot_pkg} + fi + + # Always make sure important packages are set as vital + set_vital_flag pkg ${kernel_pkg} ${product} ${product}-rc \ + ${product}-base ${uboot_pkg} + + if ! upgrade_available; then + [ -n "${NEW_MAJOR}" ] \ + && pkg_unlock pkg + _echo "Your packages are up to date" + _exit 0 + fi + + if [ -n "${dry_run}" ]; then + [ -n "${NEW_MAJOR}" ] \ + && pkg_unlock pkg + pkg upgrade${dont_update} -nq 2>&1 | tee -a ${logfile} + _exit 0 + fi + + local _meta_pkg=$(get_meta_pkg_name) + if [ "${platform}" = "nanobsd" ]; then + _echo "**** WARNING ****" + _echo "" + _echo "NanoBSD platform is no longer supported." + _echo "" + _echo "You can find instructions on how to convert it" + "to Full Installation at http://bit.ly/2wDinm8" + _exit 1 + fi + + # ZFS panics with reroot, do not use it in this case + # https://redmine.pfsense.org/issues/6045 + if ! kldstat -qm zfs; then + # If kernel is not going to be upgraded, reroot + if ! upgrade_available ${kernel_pkg}; then + reboot_params="-r" + fi + fi + + if [ -z "${yes}" ]; then + # Show user which packages are going to be upgraded + pkg upgrade${dont_update} -nq 2>&1 | tee -a ${logfile} + + _echo "" + _echo "**** WARNING ****" + _echo "Reboot will be required!!" + _echo -n "Proceed with upgrade? (y/N) " + read answer + if [ "${answer}" != "y" ]; then + _echo "Aborting..." + _exit 0 + fi + fi + + # Unlock pkg to make sure it's downloaded + if [ -n "${NEW_MAJOR}" ]; then + pkg_unlock pkg + fi + + # Download all upgrade packages first + fetch_upgrade_packages + + # Then lock it again + if [ -n "${NEW_MAJOR}" ]; then + pkg_lock pkg + fi + + if upgrade_available ${kernel_pkg}; then + # pfSense-SG-3100 is obsolete and must be removed + # before upgrade kernel / rc and preserve + # loader.rc.local just to be extra safe + if is_pkg_installed ${product}-SG-3100; then + rm -f /tmp/loader.rc.local >/dev/null 2>&1 + [ -f /boot/loader.rc.local ] \ + && cp /boot/loader.rc.local /tmp 2>/dev/null + _exec "pkg delete ${product}-SG-3100" \ + "Removing ${product}-SG-3100" mute \ + ignore_result + [ -f /tmp/loader.rc.local ] \ + && cp /tmp/loader.rc.local /boot 2>/dev/null + fi + _exec "pkg upgrade -U ${kernel_pkg}" \ + "Upgrading ${product} kernel" + fi + + if [ -n "${uboot_pkg}" ] && upgrade_available ${uboot_pkg}; then + _exec "pkg upgrade -U ${uboot_pkg}" \ + "Upgrading ${product} u-boot" + fi + + if [ -n "${NEW_MAJOR}" ]; then + pkg annotate -q -M ${kernel_pkg} new_major 1 + fi + + pkg annotate -q -M ${kernel_pkg} next_stage 2 + next_stage=2 + + do_reboot + _exit 0 + fi + + if [ "${next_stage}" = "2" ]; then + pkg_lock "${pkg_prefix}*" + unlock_additional_pkgs=1 + + # XXX: Workaround to upgrade strongswan + # If those symlinks are present, pkg exit because it expects + # them to be a directory + if upgrade_available strongswan; then + [ -L /usr/local/etc/ipsec.d ] \ + && rm -f /usr/local/etc/ipsec.d + [ -L /usr/local/etc/ipsec.conf ] \ + && rm -f /usr/local/etc/ipsec.conf + [ -L /usr/local/etc/strongswan.d ] \ + && rm -f /usr/local/etc/strongswan.d + [ -L /usr/local/etc/strongswan.conf ] \ + && rm -f /usr/local/etc/strongswan.conf + fi + + if upgrade_available; then + delete_annotation=1 + if [ -n "${is_pkg_locked}" ]; then + # Upgrade pkg + pkg_unlock pkg + pkg annotate -q -D ${kernel_pkg} new_major + _exec "pkg-static install -f pkg" \ + "Reinstalling pkg due to ABI change" + + # Upgrade base packages using pkg-static + _exec "pkg-static upgrade -r ${product}-core" \ + "Upgrading necessary core packages" + + # Make sure PHP setup is fine + /etc/rc.php_ini_setup >/dev/null 2>&1 + fi + + _exec "pkg upgrade${dont_update}" \ + "Upgrading necessary packages" + delete_annotation="" + + # Always make sure important packages are set as vital + set_vital_flag pkg ${kernel_pkg} ${product} \ + ${product}-rc ${product}-base ${uboot_pkg} + fi + + pkg annotate -q -M ${kernel_pkg} next_stage 3 + next_stage=3 + + pkg_unlock "${pkg_prefix}*" + unlock_additional_pkgs="" + + # 2nd reboot during new major version upgrade + if [ -n "${is_pkg_locked}" ]; then + # Reboot immediately + do_reboot now + _exit 0 + fi + + if [ -n "${booting}" ]; then + _exit 0 + fi + fi + + if [ "${next_stage}" = "3" ]; then + if upgrade_available; then + delete_annotation=1 + _exec "pkg upgrade${dont_update}" \ + "Upgrading necessary packages" + delete_annotation="" + fi + + pkg annotate -q -D ${kernel_pkg} next_stage + + # cleanup caches + _exec "pkg autoremove" "Removing unnecessary packages" mute \ + ignore_result + _exec "pkg clean" "Cleanup pkg cache" mute ignore_result + fi + + gitsync=$(read_xml_tag.sh boolean system/gitsync/synconupgrade) + if [ "${gitsync}" = "true" ]; then + repository_url=$(read_xml_tag.sh string \ + system/gitsync/repositoryurl) + branch=$(read_xml_tag.sh string system/gitsync/branch) + + minimal=$(read_xml_tag.sh boolean system/gitsync/minimal) + diff=$(read_xml_tag.sh boolean system/gitsync/diff) + show_files=$(read_xml_tag.sh boolean system/gitsync/show_files) + show_command=$(read_xml_tag.sh boolean \ + system/gitsync/show_command) + dryrun=$(read_xml_tag.sh boolean system/gitsync/dryrun) + + mute='mute' + options='' + if [ "${minimal}" = "true" ]; then + options=${options}' --minimal' + fi + if [ "${diff}" = "true" ]; then + options=${options}' --diff' + fi + if [ "${show_files}" = "true" ]; then + options=${options}' --show-files' + mute='off' + fi + if [ "${show_command}" = "true" ]; then + options=${options}' --show-command' + mute='off' + fi + if [ "${dryrun}" = "true" ]; then + options=${options}' --dry-run' + fi + + # Repository URL is not mandatory + if [ -n "${branch}" ]; then + _exec "pfSsh.php playback gitsync ${repositoryurl} \ + ${branch} ${options} --upgrading" \ + "Running gitsync" ${mute} ignore_result + fi + fi + + # Save a copy of latest finished upgrade process + cp -f ${logfile} ${upgrade_logfile} +} + +get_meta_pkg_name() { + # figure out main meta package name + if is_pkg_installed ${product}-vmware; then + echo "${product}-vmware" + elif is_pkg_installed ${product}; then + echo "${product}" + else + _echo "ERROR: It was not possible to identify which" \ + "${product} meta package is installed" + _exit 1 + fi +} + +check_upgrade() { + local _meta_pkg=$(get_meta_pkg_name) + local _core_pkgs=$(pkg query -e \ + "%n ~ ${product}-kernel-* || %n ~ ${product}-base*" %n) + + pkg_update "" mute + + pkg_upgrade_repo + + for _pkg in ${_meta_pkg} ${_core_pkgs}; do + [ "$(compare_pkg_version ${_pkg})" != "<" ] \ + && continue + + local _new_version=$(pkg rquery -U %v ${_pkg}) + _echo "${_new_version} version of ${product} is available" + _exit 2 + done + + _echo "Your system is up to date" + _exit 0 +} + +is_pkg_installed() { + local _pkg_name="${1}" + + pkg info -e ${_pkg_name} + return $? +} + +compare_pkg_version() { + local _pkg_name="${1}" + + if [ -z "${_pkg_name}" ]; then + echo '!' + return 1 + fi + + if ! is_pkg_installed ${_pkg_name}; then + echo '!' + return 1 + fi + + local _lver=$(pkg query %v ${_pkg_name}) + + if [ -z "${_lver}" ]; then + _echo "ERROR: It was not possible to determine ${_pkg_name}" \ + "local version" + _exit 1 + fi + + local _rver=$(pkg rquery -U %v ${_pkg_name}) + + if [ -z "${_rver}" ]; then + _echo "ERROR: It was not possible to determine ${_pkg_name}" \ + "remote version" + _exit 1 + fi + + local _version=$(pkg version -t ${_lver} ${_rver}) + + if [ $? -ne 0 ]; then + _echo "ERROR: Error comparing ${_pkg_name} local and remote" \ + "versions" + _exit 1 + fi + + echo ${_version} + return 0 +} + +pkg_install() { + local _pkg_name="${1}" + + local _force="" + if [ -n "${2}" ]; then + _force="-f" + fi + + if [ -z "${_pkg_name}" ]; then + _echo "ERROR: Blank package name" + _exit 1 + fi + + if is_pkg_installed ${_pkg_name}; then + local _cversion=$(compare_pkg_version ${_pkg_name}) + + if [ -z "${_force}" ]; then + if [ "${_cversion}" = "=" ]; then + _echo "Package ${_pkg_name} is up to date" + _exit 0 + elif [ "${_cversion}" = ">" ]; then + _echo "Installed ${_pkg_name} version is" \ + "newer than remote" + _exit 0 + fi + fi + local _cmd="upgrade ${_force}" + local _msg="Upgrading" + else + local _cmd="install" + local _msg="Installing" + fi + + _exec "pkg_with_pb ${_cmd}${dry_run:+ }${dry_run} ${_pkg_name}" \ + "${_msg} ${_pkg_name}" + _exec "pkg clean" "Cleaning up cache" mute ignore_result +} + +# Reinstall every pfSense-pkg-* package +pkg_reinstall_all() { + for _pkg in $(pkg query -e '%a == 0' %n); do + case ${_pkg} in "${pkg_prefix}"* ) + _echo "Reinstalling ${_pkg}" + pkg_install ${_pkg} 1 + ;; + esac + done +} + +pkg_delete() { + local _pkg_name="${1}" + + if [ -z "${_pkg_name}" ]; then + _echo "ERROR: Blank package name" + _exit 1 + fi + + if ! is_pkg_installed ${_pkg_name}; then + _echo "ERROR: Package ${_pkg_name} is not installed" + _exit 1 + fi + + _exec "pkg_with_pb delete${dry_run:+ }${dry_run} ${_pkg_name}" \ + "Removing ${_pkg_name}" + _exec "pkg autoremove" "Removing stale packages" mute ignore_result +} + +# Delete every pfSense-pkg-* package +pkg_delete_all() { + for _pkg in $(pkg query -e '%a == 0' %n); do + case ${_pkg} in "${pkg_prefix}"* ) + _echo "Removing ${_pkg}" + pkg_delete ${_pkg} + ;; + esac + done +} + +do_reboot() { + local _now="$1" + + local _msg="" + if [ "${_now}" = "now" ]; then + _msg="now." + else + _msg="in ${reboot_after} seconds." + fi + + if [ -z "${dont_reboot}" ]; then + _echo "Upgrade is complete. Rebooting ${_msg}" + echo "Upgrade is complete. Rebooting ${_msg}" | wall + /etc/rc.notify_message -e -g -m \ + "Upgrade is complete. Rebooting ${_msg}" >/dev/null 2>&1 + if [ "${_now}" = "now" ]; then + /etc/rc.reboot ${reboot_params} + else + (sleep ${reboot_after} \ + && /etc/rc.reboot ${reboot_params}) & + fi + else + _echo "Upgrade is complete." + echo "Upgrade is complete." | wall + /etc/rc.notify_message -e -g -m "Upgrade is complete." \ + >/dev/null 2>&1 + fi +} + +validate_repo_conf() { + # Make sure to use default repo conf when it doesn't exist + pkg_repo_conf="/usr/local/etc/pkg/repos/${product}.conf" + default="/usr/local/share/${product}/pkg/repos/${product}-repo.conf" + + pkg_repo_conf_path=$(read_xml_tag.sh string system/pkg_repo_conf_path) + + if [ -z "${pkg_repo_conf_path}" -o ! -f "${pkg_repo_conf_path}" ]; then + pkg_repo_conf_path=${default} + fi + + if [ -f "${pkg_repo_conf_path}" ]; then + if [ -e "${pkg_repo_conf}" -a ! -L "${pkg_repo_conf}" ]; then + rm -f ${pkg_repo_conf} + ln -sf ${pkg_repo_conf_path} ${pkg_repo_conf} + fi + + if [ "$(readlink ${pkg_repo_conf})" != \ + "${pkg_repo_conf_path}" ]; then + mkdir -p /usr/local/etc/pkg/repos + ln -sf ${pkg_repo_conf_path} ${pkg_repo_conf} + fi + fi +} + +export LANG=C + +pid_file="/var/run/$(basename $0).pid" +logfile="/cf/conf/upgrade_log.txt" +upgrade_logfile="/cf/conf/upgrade_log.latest.txt" +stdout='/dev/null' + +# Export necessary PATH +export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin + +# Setup proxy settings +HTTP_PROXY=$(read_xml_tag.sh string system/proxyurl) +if [ "${HTTP_PROXY}" != "" ]; then + HTTP_PROXY_PORT=$(read_xml_tag.sh string system/proxyport) + if [ "${HTTP_PROXY_PORT}" != "" ]; then + HTTP_PROXY="${HTTP_PROXY}:${HTTP_PROXY_PORT}" + fi + export HTTP_PROXY +fi + +# Only set proxy variables on FreeBSD 11 until the fix is on 10 +# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194483 +if $(uname -r | grep -q '^11'); then + HTTP_PROXY_USER=$(read_xml_tag.sh string system/proxyuser) + HTTP_PROXY_PASS=$(read_xml_tag.sh string system/proxypass) + if [ "${HTTP_PROXY_USER}" != "" ] && + [ "${HTTP_PROXY_PASS}" != "" ]; then + HTTP_PROXY_AUTH="${HTTP_PROXY_USER}:${HTTP_PROXY_PASS}" + HTTP_PROXY_AUTH="basic:*:${HTTP_PROXY_AUTH}" + export HTTP_PROXY_AUTH + fi +fi + +# pkg should not ask for confirmations +export ASSUME_ALWAYS_YES=true +export FETCH_TIMEOUT=5 +export FETCH_RETRY=2 + +export product=$(php -n /usr/local/sbin/read_global_var product_name pfSense) +export pkg_prefix=$(php -n /usr/local/sbin/read_global_var pkg_prefix \ + pfSense-pkg-) +export platform=$(cat /etc/platform) + +USE_MFS_TMPVAR=$(read_xml_tag.sh boolean system/use_mfs_tmpvar) +if [ "${USE_MFS_TMPVAR}" = "true" ]; then + export PKG_DBDIR=/root/var/db/pkg + export PKG_CACHEDIR=/root/var/cache/pkg +fi + +product_version=$(cat /etc/version) +do_not_send_uniqueid=$(read_xml_tag.sh boolean system/do_not_send_uniqueid) +if [ "${do_not_send_uniqueid}" != "true" ]; then + uniqueid=$(gnid) + export HTTP_USER_AGENT="${product}/${product_version}:${uniqueid}" +else + export HTTP_USER_AGENT="${product}/${product_version}" +fi + +validate_repo_conf + +# Flags used in _exit +export delete_annotation="" +export unlock_additional_pkgs="" +export delete_pid="" + +# Save nc_pid to be able to kill it +export nc_pid="" + +# Reboot after 10 seconds +export reboot_after=10 + +# Used to set -r and reroot +export reboot_params="" + +unset dry_run +unset dont_reboot +unset dont_update +unset booting +unset boot_stage +unset force +unset yes +unset progress_file +unset progress_socket +unset action +unset action_pkg +unset force_ipv4 +unset force_ipv6 +while getopts 46b:cdfi:hp:l:nr:RuUy opt; do + case ${opt} in + 4) + if [ -n "${force_ipv6}" ]; then + usage + exit 1 + fi + force_ipv4=1 + ;; + 6) + if [ -n "${force_ipv4}" ]; then + usage + exit 1 + fi + force_ipv6=1 + ;; + b) + booting=1 + boot_stage="${OPTARG}" + ;; + c) + action="check" + ;; + d) + stdout='' + ;; + f) + force=1 + ;; + i) + if [ -n "${action}" ]; then + usage + exit 1 + fi + action="install" + action_pkg="${OPTARG}" + ;; + h) + usage + exit 0 + ;; + l) + logfile="${OPTARG}" + if [ -z "${logfile}" ]; then + usage + exit 1 + fi + ;; + n) + dry_run="-n" + ;; + p) + progress_socket="${OPTARG}" + if [ -z "${progress_socket}" ]; then + usage + exit 1 + fi + ;; + r) + if [ -n "${action}" ]; then + usage + exit 1 + fi + action="delete" + action_pkg="${OPTARG}" + ;; + R) + dont_reboot=1 + ;; + u) + if [ -n "${action}" ]; then + usage + exit 1 + fi + action="update" + ;; + U) + dont_update=" -U" + ;; + y) + yes=1 + ;; + *) + usage + exit 1 + ;; + esac +done + +if [ -n "${force_ipv4}" ]; then + export IP_VERSION="4" +elif [ -n "${force_ipv6}" ]; then + export IP_VERSION="6" +fi + +# Set default action when no parameter is set +: ${action:="upgrade"} + +if pgrep -qF ${pid_file} >/dev/null 2>&1; then + echo "Another instance is already running... Aborting!" + exit 1 +fi + +echo $$ > ${pid_file} + +# Since this point it's safe to remove pid_file +delete_pid=1 + +trap _exit 1 2 15 EXIT + +block_external_services=$(read_xml_tag.sh boolean \ + system/block_external_services) + +if [ "${block_external_services}" = "true" ]; then + echo "Aborted due to block_external_services flag" + exit 0 +fi + +if [ -z "${booting}" -o "${boot_stage}" != "2" ]; then + php /etc/rc.conf_mount_rw +fi + +if [ -n "${booting}" ]; then + export REPO_AUTOUPDATE=false +fi + +if [ "${action}" != "upgrade" -a -f "${logfile}" ]; then + rm -f ${logfile} +fi + +progress_file=${logfile%.*}.json + +if [ -e "${progress_file}" ]; then + rm -f ${progress_file} +fi + +abi_setup + +if [ -n "${NEW_MAJOR}" -a "${action}" = "install" ]; then + _echo "WARNING: Current pkg repository has a new OS major version." + _echo " ${product} should be upgraded before doing any other" + _echo " operation" + _exit 1 +fi + +case "${action}" in + check) + check_upgrade + ;; + upgrade) + pkg_upgrade + ;; + update) + pkg_update force + ;; + install) + if [ ${action_pkg} = "ALL_PACKAGES" ] && [ -n ${force} ]; then + pkg_reinstall_all + else + pkg_install ${action_pkg} ${force} + fi + ;; + delete) + if [ ${action_pkg} = "ALL_PACKAGES" ] && [ -n ${force} ]; then + pkg_delete_all + else + pkg_delete ${action_pkg} + fi + ;; + *) + _echo "ERROR: Invalid action!" + _exit 1 +esac + +_exit 0 diff --git a/sysutils/pfSense-upgrade/files/RaptorGuard-upgrade.wrapper b/sysutils/pfSense-upgrade/files/RaptorGuard-upgrade.wrapper new file mode 100644 index 0000000..1c02471 --- /dev/null +++ b/sysutils/pfSense-upgrade/files/RaptorGuard-upgrade.wrapper @@ -0,0 +1,79 @@ +#!/bin/sh +# +# pfSense-upgrade.wrapper +# +# part of pfSense (https://www.pfsense.org) +# Copyright (c) 2015-2016 Rubicon Communications, LLC (Netgate) +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +pfsense_upgrade=$(realpath $(dirname $0)/../libexec/$(basename $0)) +lockfile="/tmp/$(basename $0).lock" + +if [ ! -f ${pfsense_upgrade} ]; then + echo "ERROR: Unable to find ${pfsense_upgrade}" + exit 1 +fi + +# lockf return codes, from sysexits(3) +EX_TEMPFAIL=75 # The specified lock file was already locked by another process. +EX_CANTCREAT=73 # The lockf utility was unable to create the lock file, e.g., + # because of insufficient access privileges. +EX_OSERR=71 # A system call (e.g., fork(2)) failed unexpectedly. +EX_SOFTWARE=70 # The command did not exit normally, but may have been signaled + # or stopped. + +# Special return code to detect when pfSense-upgrade was upgraded and must +# be called again to make sure latest version is running +EX_UPGRADE=99 + +while true; do + unset run_again + /usr/bin/lockf -s -t 5 ${lockfile} ${pfsense_upgrade} "$@" + rc=$? + + unset error + case "$rc" in + ${EX_TEMPFAIL}) + echo "Another instance is already running... Aborting!" + exit 1 + ;; + ${EX_CANTCREAT}) + echo "ERROR: Unable to create lockfile ${lockfile}" + exit 1 + ;; + ${EX_OSERR}) + echo "ERROR: An unexpected OS error happened" + error=1 + ;; + ${EX_SOFTWARE}) + echo "ERROR: An unexpected error happened" + error=1 + ;; + ${EX_UPGRADE}) + run_again=1 + ;; + esac + + [ -f "${lockfile}" ] \ + && rm -f ${lockfile} + + [ -n "${error}" ] \ + && exit 1 + + [ -n "${run_again}" ] \ + && continue + + exit $rc +done diff --git a/sysutils/pfSense-upgrade/files/pfSense-upgrade b/sysutils/pfSense-upgrade/files/pfSense-upgrade deleted file mode 100755 index 52ad05a..0000000 --- a/sysutils/pfSense-upgrade/files/pfSense-upgrade +++ /dev/null @@ -1,1146 +0,0 @@ -#!/bin/sh -# -# pfSense-upgrade -# -# part of pfSense (https://www.pfsense.org) -# Copyright (c) 2015-2016 Rubicon Communications, LLC (Netgate) -# All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -usage() { - me=$(basename $0) - cat << EOD >&2 -Usage: ${me} [-46bdfhnRUy] [-l logfile] [-p socket] [-c|-u|[-i|-d] pkg_name]" - -4 - Force IPv4" - -6 - Force IPv6" - -b - Platform is booting" - -d - Turn on debug" - -f - Force package installation" - -h - Show this usage help" - -l logfile - Logfile path (defaults to /cf/conf/upgrade_log.txt)" - -n - Dry run" - -p socket - Write pkg progress to socket" - -R - Do not reboot (this can be dangerous)" - -U - Do not update repository information" - -y - Assume yes as the answer to any possible interaction" -" -The following parameters are mutually exclusive:" - -c - Check if upgrade is necessary" - -i pkg_name - Install package PKG_NAME" - -r pkg_name - Remove package PKG_NAME" - -u - Update repository information" -EOD -} - -_echo() { - local _n="" - if [ "${1}" = "-n" ]; then - shift - _n="-n" - fi - - if [ -z "${logfile}" ]; then - logfile=/dev/null - fi - - echo ${_n} "${@}" | tee -a ${logfile} -} - -_exec() { - local _cmd="${1}" - local _msg="${2}" - local _mute="${3}" - local _ignore_result="${4}" - local _stdout="${stdout}" - - if [ -z "${_cmd}" -o -z "${_msg}" ]; then - return 1 - fi - - if [ "${_mute}" != "mute" ]; then - _stdout='' - fi - - _echo -n ">>> ${_msg}... " - if [ -z "${_stdout}" ]; then - _echo "" - # Ref. https://stackoverflow.com/a/30658405 - exec 4>&1 - local _result=$( \ - { { ${_cmd} 2>&1 3>&-; printf $? 1>&3; } 4>&- \ - | tee -a ${logfile} 1>&4; } 3>&1) - exec 4>&- - else - # Ref. https://stackoverflow.com/a/30658405 - exec 4>&1 - local _result=$( \ - { { ${_cmd} >${_stdout} 2>&1 3>&-; printf $? 1>&3; } 4>&- \ - | tee -a ${logfile} 1>&4; } 3>&1) - exec 4>&- - fi - - if [ ${_result} -eq 0 -o -n "${_ignore_result}" ]; then - [ -n "${_stdout}" ] \ - && _echo "done." - return 0 - else - [ -n "${_stdout}" ] \ - && _echo "failed." - _exit 1 - fi -} - -_exit() { - trap "-" 1 2 15 EXIT - - if [ -n "${delete_pid}" -a -f "${pid_file}" ]; then - rm -f ${pid_file} - fi - - if [ -z "${booting}" -o "${boot_stage}" != "2" ]; then - php /etc/rc.conf_mount_ro - fi - - if [ -n "${nc_pid}" ] && ps -p ${nc_pid} >/dev/null 2>&1; then - kill ${nc_pid} - fi - - if [ -n "${delete_annotation}" ]; then - pkg annotate -q -D ${kernel_pkg} next_stage - fi - - if [ -n "${unlock_additional_pkgs}" ]; then - pkg_unlock "${pkg_prefix}*" - fi - - local _rc=${1:-"0"} - - # If EVENT_PIPE is defined, GUI is calling - if [ -n "${progress_socket}" ]; then - local _need_reboot_str="" - [ -n "${need_reboot}" ] \ - && _need_reboot_str=" __REBOOT_AFTER=${reboot_after}" - _echo "__RC=${_rc}${_need_reboot_str}" - fi - - exit ${_rc} -} - -pkg_with_pb() { - local _event_pipe="" - - if [ -n "${progress_socket}" ]; then - if [ -e "${progress_socket}" ]; then - rm -f ${progress_socket} - fi - - _event_pipe="-o EVENT_PIPE=${progress_socket}" - - nc -lU ${progress_socket} >> ${progress_file} & - nc_pid=$! - - while [ ! -e "${progress_socket}" ]; do - sleep 0.1 - done - fi - - pkg ${_event_pipe} $@ - local _pkg_result=$? - nc_pid="" - return ${_pkg_result} -} - -fetch_upgrade_packages() { - _exec "pkg_with_pb upgrade -F" "Downloading upgrade packages" -} - -pkg_lock() { - local _pkgs="$@" - - if [ -z "${_pkgs}" ]; then - return - fi - - for _pkg in ${_pkgs}; do - for _pkg_name in $(pkg query -g %n "${_pkg}"); do - _locked=$(pkg query %k ${_pkg_name}) - if [ "${_locked}" != "0" ]; then - continue - fi - _exec "pkg lock ${_pkg_name}" \ - "Locking package ${_pkg_name}" mute - done - done -} - -pkg_unlock() { - local _pkgs="$@" - - if [ -z "${_pkgs}" ]; then - return - fi - - for _pkg in ${_pkgs}; do - for _pkg_name in $(pkg query -g %n "${_pkg}"); do - _locked=$(pkg query %k ${_pkg_name}) - if [ "${_locked}" != "1" ]; then - continue - fi - _exec "pkg unlock ${_pkg_name}" \ - "Unlocking package ${_pkg_name}" mute - done - done -} - -set_vital_flag() { - for _pkg in "$@"; do - local _vflag=$(pkg query %V ${_pkg} 2>/dev/null) - - [ "${_vflag}" != "0" ] \ - && continue - - _exec "pkg set -y -v 1 ${_pkg}" \ - "Setting vital flag on ${_pkg}" mute - done -} - -abi_setup() { - local _freebsd_version=$(uname -r) - local _pkg_repo_conf="/usr/local/etc/pkg/repos/${product}.conf" - - local _arch=$(uname -p) - - CUR_ABI="FreeBSD:${_freebsd_version%%.*}:${_arch}" - CUR_ALTABI="freebsd:${_freebsd_version%%.*}" - - if [ "${_arch}" = "armv6" ]; then - CUR_ALTABI="${CUR_ALTABI}:${_arch}:32:el:eabi:hardfp" - elif [ "${_arch}" = "i386" ]; then - CUR_ALTABI="${CUR_ALTABI}:x86:32" - else - CUR_ALTABI="${CUR_ALTABI}:x86:64" - fi - - if [ ! -e ${_pkg_repo_conf} ]; then - validate_repo_conf - fi - - local _repo_abi_file=$(readlink ${_pkg_repo_conf}) - - if [ -f ${_repo_abi_file%%.conf}.abi ]; then - ABI=$(cat ${_repo_abi_file%%.conf}.abi) - else - ABI=${CUR_ABI} - fi - - if [ -f ${_repo_abi_file%%.conf}.altabi ]; then - ALTABI=$(cat ${_repo_abi_file%%.conf}.altabi) - else - ALTABI=${CUR_ALTABI} - fi - - # Make sure pkg.conf is set properly so GUI can work - echo "ABI=${ABI}" > /usr/local/etc/pkg.conf - echo "ALTABI=${ALTABI}" >> /usr/local/etc/pkg.conf - - if [ "${CUR_ABI}" = "${ABI}" -o "${CUR_ABI}" = "${ALTABI}" ] ; then - NEW_MAJOR="" - else - NEW_MAJOR=1 - ABI="${ALTABI}" - fi - - export CUR_ABI CUR_ALTABI ABI ALTABI NEW_MAJOR -} - -pkg_update() { - local _force="" - local _mute="" - - [ "${1}" = "force" ] \ - && _force=" -f" - - if [ -z "${_force}" -a -n "${dont_update}" ]; then - return 0 - fi - - [ "${2}" = "mute" ] \ - && _mute="mute" - - abi_setup - - _exec "pkg update${_force}" "Updating repositories metadata" ${_mute} -} - -pkg_upgrade_repo() { - if [ -z "${NEW_MAJOR}" -a "$(compare_pkg_version pkg)" = "<" ]; then - _exec "pkg upgrade${dont_update} pkg" "Upgrading pkg" mute - pkg_update force - fi - - local _repo_pkg="${product}-repo" - - # Deprecated pa - if is_pkg_installed ${product}-repo-devel; then - _exec "pkg set -A 1 ${product}-repo-devel" \ - "Scheduling package ${product}-repo-devel for removal" - _exec "pkg install${dont_update} ${_repo_pkg}" \ - "Installing ${_repo_pkg}" mute - _exec "pkg delete ${product}-repo-devel" \ - "Removing ${product}-repo-devel" mute ignore_result - validate_repo_conf - pkg_update force - fi - - [ -n "${NEW_MAJOR}" ] \ - && return - - case "$(compare_pkg_version ${_repo_pkg})" in - "<") - local _force="" - ;; - ">") - local _force=" -f" - ;; - "=") - return - ;; - *) - _echo "ERROR: Unable to compare version of ${_repo_pkg}" - _exit 1 - esac - - cp /usr/local/etc/pkg/repos/${product}.conf /tmp/${product}.conf.copy - _exec "pkg upgrade${dont_update}${_force} ${_repo_pkg}" \ - "Upgrading ${_repo_pkg}" mute - abi_setup - # If conf differs, for an update - if ! cmp -s /usr/local/etc/pkg/repos/${product}.conf \ - /tmp/${product}.conf.copy; then - pkg_update force - - # New repo may contain newer pkg - if [ -z "${NEW_MAJOR}" -a "$(compare_pkg_version pkg)" = "<" ] - then - _exec "pkg upgrade pkg" "Upgrading pkg" mute - pkg_update force - fi - fi - rm -f /tmp/${product}.conf.copy -} - -upgrade_available() { - # XXX locked packages message should be printed on stderr by pkg? - local _lines=$(pkg upgrade${dont_update} -nq "$@" 2>/dev/null \ - | sed -e '/^$/d; /is locked and may not be modified/d' \ - | wc -l) - - test ${_lines} -gt 0 - return $? -} - -pkg_upgrade() { - # figure out which kernel variant is running - export kernel_pkg=$(pkg query %n $(pkg info ${product}-kernel-\* | \ - grep -v -- -debug-)) - - # Detect if has u-boot package installed - unset uboot_bin - unset uboot_pkg - unset uboot_mntp - if pkg info ${product}-u-boot-ufw\* >/dev/null 2>&1; then - export uboot_pkg=$(pkg query %n \ - $(pkg info ${product}-u-boot-ufw\*)) - export uboot_mntp=/boot/msdos - export uboot_bin=u-boot.img - fi - if pkg info ${product}-u-boot-sg3100\* >/dev/null 2>&1; then - export uboot_pkg=$(pkg query %n \ - $(pkg info ${product}-u-boot-sg3100\*)) - export uboot_mntp=/boot/u-boot - export uboot_bin=u-boot.bin - fi - - if [ -n "${uboot_pkg}" -a \ - "$(compare_pkg_version ${uboot_pkg})" = "<" ]; then - if [ ! -f ${uboot_mntp}/${uboot_bin} ]; then - # Try to mount /boot/msdos - mount ${uboot_mntp} >/dev/null 2>&1 - fi - - if [ ! -f ${uboot_mntp}/${uboot_bin} ]; then - _echo "ERROR: u-boot partition (${uboot_mntp}) is not" \ - "properly mounted" - _exit 1 - fi - fi - - if [ -z "${kernel_pkg}" ]; then - _echo "ERROR: It was not possible to identify which" \ - "${product} kernel is installed" - _exit 1 - fi - - export next_stage=$(pkg annotate -q -S ${kernel_pkg} next_stage) - export is_pkg_locked=$(pkg annotate -q -S ${kernel_pkg} new_major) - - if [ -n "${next_stage}" -a -n "${booting}" -a -n "${boot_stage}" ]; then - if [ ${boot_stage} != ${next_stage} ]; then - _exit 0 - fi - fi - - # If it's booting and first stage didn't run, just exit - if [ -n "${booting}" -a -z "${next_stage}" ]; then - _exit 0 - fi - - need_reboot=1 - # First upgrade stage - if [ -z "${next_stage}" ]; then - if [ -f "${logfile}" ]; then - rm -f ${logfile} - fi - - pkg_update - - # Lock pkg to avoid having pkg binary for version N+1 installed - # on N - if [ -n "${NEW_MAJOR}" ]; then - pkg_lock pkg - fi - - pkg_upgrade_repo - - # If a new version of pfSense-upgrade is available, upgrade it - # and return a special code 99 used by wrapper to run newer - # version again using the same parameters - if [ "$(compare_pkg_version ${product}-upgrade)" = "<" ]; then - _exec "pkg upgrade${dont_update} ${product}-upgrade" \ - "Upgrading ${product}-upgrade" mute - [ -n "${NEW_MAJOR}" ] \ - && pkg_unlock pkg - _exit 99 - fi - - # Old versions used to lock kernel and uboot, make sure we - # get it reverted - if pkg lock -l 2>&1 | grep -q "kernel"; then - pkg_unlock ${kernel_pkg} - fi - if [ -n "${uboot_pkg}" ] && \ - pkg lock -l 2>&1 | grep -q "u-boot"; then - pkg_unlock ${uboot_pkg} - fi - - # Always make sure important packages are set as vital - set_vital_flag pkg ${kernel_pkg} ${product} ${product}-rc \ - ${product}-base ${uboot_pkg} - - if ! upgrade_available; then - [ -n "${NEW_MAJOR}" ] \ - && pkg_unlock pkg - _echo "Your packages are up to date" - _exit 0 - fi - - if [ -n "${dry_run}" ]; then - [ -n "${NEW_MAJOR}" ] \ - && pkg_unlock pkg - pkg upgrade${dont_update} -nq 2>&1 | tee -a ${logfile} - _exit 0 - fi - - local _meta_pkg=$(get_meta_pkg_name) - if [ "${platform}" = "nanobsd" ]; then - _echo "**** WARNING ****" - _echo "" - _echo "NanoBSD platform is no longer supported." - _echo "" - _echo "You can find instructions on how to convert it" - "to Full Installation at http://bit.ly/2wDinm8" - _exit 1 - fi - - # ZFS panics with reroot, do not use it in this case - # https://redmine.pfsense.org/issues/6045 - if ! kldstat -qm zfs; then - # If kernel is not going to be upgraded, reroot - if ! upgrade_available ${kernel_pkg}; then - reboot_params="-r" - fi - fi - - if [ -z "${yes}" ]; then - # Show user which packages are going to be upgraded - pkg upgrade${dont_update} -nq 2>&1 | tee -a ${logfile} - - _echo "" - _echo "**** WARNING ****" - _echo "Reboot will be required!!" - _echo -n "Proceed with upgrade? (y/N) " - read answer - if [ "${answer}" != "y" ]; then - _echo "Aborting..." - _exit 0 - fi - fi - - # Unlock pkg to make sure it's downloaded - if [ -n "${NEW_MAJOR}" ]; then - pkg_unlock pkg - fi - - # Download all upgrade packages first - fetch_upgrade_packages - - # Then lock it again - if [ -n "${NEW_MAJOR}" ]; then - pkg_lock pkg - fi - - if upgrade_available ${kernel_pkg}; then - # pfSense-SG-3100 is obsolete and must be removed - # before upgrade kernel / rc and preserve - # loader.rc.local just to be extra safe - if is_pkg_installed ${product}-SG-3100; then - rm -f /tmp/loader.rc.local >/dev/null 2>&1 - [ -f /boot/loader.rc.local ] \ - && cp /boot/loader.rc.local /tmp 2>/dev/null - _exec "pkg delete ${product}-SG-3100" \ - "Removing ${product}-SG-3100" mute \ - ignore_result - [ -f /tmp/loader.rc.local ] \ - && cp /tmp/loader.rc.local /boot 2>/dev/null - fi - _exec "pkg upgrade -U ${kernel_pkg}" \ - "Upgrading ${product} kernel" - fi - - if [ -n "${uboot_pkg}" ] && upgrade_available ${uboot_pkg}; then - _exec "pkg upgrade -U ${uboot_pkg}" \ - "Upgrading ${product} u-boot" - fi - - if [ -n "${NEW_MAJOR}" ]; then - pkg annotate -q -M ${kernel_pkg} new_major 1 - fi - - pkg annotate -q -M ${kernel_pkg} next_stage 2 - next_stage=2 - - do_reboot - _exit 0 - fi - - if [ "${next_stage}" = "2" ]; then - pkg_lock "${pkg_prefix}*" - unlock_additional_pkgs=1 - - # XXX: Workaround to upgrade strongswan - # If those symlinks are present, pkg exit because it expects - # them to be a directory - if upgrade_available strongswan; then - [ -L /usr/local/etc/ipsec.d ] \ - && rm -f /usr/local/etc/ipsec.d - [ -L /usr/local/etc/ipsec.conf ] \ - && rm -f /usr/local/etc/ipsec.conf - [ -L /usr/local/etc/strongswan.d ] \ - && rm -f /usr/local/etc/strongswan.d - [ -L /usr/local/etc/strongswan.conf ] \ - && rm -f /usr/local/etc/strongswan.conf - fi - - if upgrade_available; then - delete_annotation=1 - if [ -n "${is_pkg_locked}" ]; then - # Upgrade pkg - pkg_unlock pkg - pkg annotate -q -D ${kernel_pkg} new_major - _exec "pkg-static install -f pkg" \ - "Reinstalling pkg due to ABI change" - - # Upgrade base packages using pkg-static - _exec "pkg-static upgrade -r ${product}-core" \ - "Upgrading necessary core packages" - - # Make sure PHP setup is fine - /etc/rc.php_ini_setup >/dev/null 2>&1 - fi - - _exec "pkg upgrade${dont_update}" \ - "Upgrading necessary packages" - delete_annotation="" - - # Always make sure important packages are set as vital - set_vital_flag pkg ${kernel_pkg} ${product} \ - ${product}-rc ${product}-base ${uboot_pkg} - fi - - pkg annotate -q -M ${kernel_pkg} next_stage 3 - next_stage=3 - - pkg_unlock "${pkg_prefix}*" - unlock_additional_pkgs="" - - # 2nd reboot during new major version upgrade - if [ -n "${is_pkg_locked}" ]; then - # Reboot immediately - do_reboot now - _exit 0 - fi - - if [ -n "${booting}" ]; then - _exit 0 - fi - fi - - if [ "${next_stage}" = "3" ]; then - if upgrade_available; then - delete_annotation=1 - _exec "pkg upgrade${dont_update}" \ - "Upgrading necessary packages" - delete_annotation="" - fi - - pkg annotate -q -D ${kernel_pkg} next_stage - - # cleanup caches - _exec "pkg autoremove" "Removing unnecessary packages" mute \ - ignore_result - _exec "pkg clean" "Cleanup pkg cache" mute ignore_result - fi - - gitsync=$(read_xml_tag.sh boolean system/gitsync/synconupgrade) - if [ "${gitsync}" = "true" ]; then - repository_url=$(read_xml_tag.sh string \ - system/gitsync/repositoryurl) - branch=$(read_xml_tag.sh string system/gitsync/branch) - - minimal=$(read_xml_tag.sh boolean system/gitsync/minimal) - diff=$(read_xml_tag.sh boolean system/gitsync/diff) - show_files=$(read_xml_tag.sh boolean system/gitsync/show_files) - show_command=$(read_xml_tag.sh boolean \ - system/gitsync/show_command) - dryrun=$(read_xml_tag.sh boolean system/gitsync/dryrun) - - mute='mute' - options='' - if [ "${minimal}" = "true" ]; then - options=${options}' --minimal' - fi - if [ "${diff}" = "true" ]; then - options=${options}' --diff' - fi - if [ "${show_files}" = "true" ]; then - options=${options}' --show-files' - mute='off' - fi - if [ "${show_command}" = "true" ]; then - options=${options}' --show-command' - mute='off' - fi - if [ "${dryrun}" = "true" ]; then - options=${options}' --dry-run' - fi - - # Repository URL is not mandatory - if [ -n "${branch}" ]; then - _exec "pfSsh.php playback gitsync ${repositoryurl} \ - ${branch} ${options} --upgrading" \ - "Running gitsync" ${mute} ignore_result - fi - fi - - # Save a copy of latest finished upgrade process - cp -f ${logfile} ${upgrade_logfile} -} - -get_meta_pkg_name() { - # figure out main meta package name - if is_pkg_installed ${product}-vmware; then - echo "${product}-vmware" - elif is_pkg_installed ${product}; then - echo "${product}" - else - _echo "ERROR: It was not possible to identify which" \ - "${product} meta package is installed" - _exit 1 - fi -} - -check_upgrade() { - local _meta_pkg=$(get_meta_pkg_name) - local _core_pkgs=$(pkg query -e \ - "%n ~ ${product}-kernel-* || %n ~ ${product}-base*" %n) - - pkg_update "" mute - - pkg_upgrade_repo - - for _pkg in ${_meta_pkg} ${_core_pkgs}; do - [ "$(compare_pkg_version ${_pkg})" != "<" ] \ - && continue - - local _new_version=$(pkg rquery -U %v ${_pkg}) - _echo "${_new_version} version of ${product} is available" - _exit 2 - done - - _echo "Your system is up to date" - _exit 0 -} - -is_pkg_installed() { - local _pkg_name="${1}" - - pkg info -e ${_pkg_name} - return $? -} - -compare_pkg_version() { - local _pkg_name="${1}" - - if [ -z "${_pkg_name}" ]; then - echo '!' - return 1 - fi - - if ! is_pkg_installed ${_pkg_name}; then - echo '!' - return 1 - fi - - local _lver=$(pkg query %v ${_pkg_name}) - - if [ -z "${_lver}" ]; then - _echo "ERROR: It was not possible to determine ${_pkg_name}" \ - "local version" - _exit 1 - fi - - local _rver=$(pkg rquery -U %v ${_pkg_name}) - - if [ -z "${_rver}" ]; then - _echo "ERROR: It was not possible to determine ${_pkg_name}" \ - "remote version" - _exit 1 - fi - - local _version=$(pkg version -t ${_lver} ${_rver}) - - if [ $? -ne 0 ]; then - _echo "ERROR: Error comparing ${_pkg_name} local and remote" \ - "versions" - _exit 1 - fi - - echo ${_version} - return 0 -} - -pkg_install() { - local _pkg_name="${1}" - - local _force="" - if [ -n "${2}" ]; then - _force="-f" - fi - - if [ -z "${_pkg_name}" ]; then - _echo "ERROR: Blank package name" - _exit 1 - fi - - if is_pkg_installed ${_pkg_name}; then - local _cversion=$(compare_pkg_version ${_pkg_name}) - - if [ -z "${_force}" ]; then - if [ "${_cversion}" = "=" ]; then - _echo "Package ${_pkg_name} is up to date" - _exit 0 - elif [ "${_cversion}" = ">" ]; then - _echo "Installed ${_pkg_name} version is" \ - "newer than remote" - _exit 0 - fi - fi - local _cmd="upgrade ${_force}" - local _msg="Upgrading" - else - local _cmd="install" - local _msg="Installing" - fi - - _exec "pkg_with_pb ${_cmd}${dry_run:+ }${dry_run} ${_pkg_name}" \ - "${_msg} ${_pkg_name}" - _exec "pkg clean" "Cleaning up cache" mute ignore_result -} - -# Reinstall every pfSense-pkg-* package -pkg_reinstall_all() { - for _pkg in $(pkg query -e '%a == 0' %n); do - case ${_pkg} in "${pkg_prefix}"* ) - _echo "Reinstalling ${_pkg}" - pkg_install ${_pkg} 1 - ;; - esac - done -} - -pkg_delete() { - local _pkg_name="${1}" - - if [ -z "${_pkg_name}" ]; then - _echo "ERROR: Blank package name" - _exit 1 - fi - - if ! is_pkg_installed ${_pkg_name}; then - _echo "ERROR: Package ${_pkg_name} is not installed" - _exit 1 - fi - - _exec "pkg_with_pb delete${dry_run:+ }${dry_run} ${_pkg_name}" \ - "Removing ${_pkg_name}" - _exec "pkg autoremove" "Removing stale packages" mute ignore_result -} - -# Delete every pfSense-pkg-* package -pkg_delete_all() { - for _pkg in $(pkg query -e '%a == 0' %n); do - case ${_pkg} in "${pkg_prefix}"* ) - _echo "Removing ${_pkg}" - pkg_delete ${_pkg} - ;; - esac - done -} - -do_reboot() { - local _now="$1" - - local _msg="" - if [ "${_now}" = "now" ]; then - _msg="now." - else - _msg="in ${reboot_after} seconds." - fi - - if [ -z "${dont_reboot}" ]; then - _echo "Upgrade is complete. Rebooting ${_msg}" - echo "Upgrade is complete. Rebooting ${_msg}" | wall - /etc/rc.notify_message -e -g -m \ - "Upgrade is complete. Rebooting ${_msg}" >/dev/null 2>&1 - if [ "${_now}" = "now" ]; then - /etc/rc.reboot ${reboot_params} - else - (sleep ${reboot_after} \ - && /etc/rc.reboot ${reboot_params}) & - fi - else - _echo "Upgrade is complete." - echo "Upgrade is complete." | wall - /etc/rc.notify_message -e -g -m "Upgrade is complete." \ - >/dev/null 2>&1 - fi -} - -validate_repo_conf() { - # Make sure to use default repo conf when it doesn't exist - pkg_repo_conf="/usr/local/etc/pkg/repos/${product}.conf" - default="/usr/local/share/${product}/pkg/repos/${product}-repo.conf" - - pkg_repo_conf_path=$(read_xml_tag.sh string system/pkg_repo_conf_path) - - if [ -z "${pkg_repo_conf_path}" -o ! -f "${pkg_repo_conf_path}" ]; then - pkg_repo_conf_path=${default} - fi - - if [ -f "${pkg_repo_conf_path}" ]; then - if [ -e "${pkg_repo_conf}" -a ! -L "${pkg_repo_conf}" ]; then - rm -f ${pkg_repo_conf} - ln -sf ${pkg_repo_conf_path} ${pkg_repo_conf} - fi - - if [ "$(readlink ${pkg_repo_conf})" != \ - "${pkg_repo_conf_path}" ]; then - mkdir -p /usr/local/etc/pkg/repos - ln -sf ${pkg_repo_conf_path} ${pkg_repo_conf} - fi - fi -} - -export LANG=C - -pid_file="/var/run/$(basename $0).pid" -logfile="/cf/conf/upgrade_log.txt" -upgrade_logfile="/cf/conf/upgrade_log.latest.txt" -stdout='/dev/null' - -# Export necessary PATH -export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin - -# Setup proxy settings -HTTP_PROXY=$(read_xml_tag.sh string system/proxyurl) -if [ "${HTTP_PROXY}" != "" ]; then - HTTP_PROXY_PORT=$(read_xml_tag.sh string system/proxyport) - if [ "${HTTP_PROXY_PORT}" != "" ]; then - HTTP_PROXY="${HTTP_PROXY}:${HTTP_PROXY_PORT}" - fi - export HTTP_PROXY -fi - -# Only set proxy variables on FreeBSD 11 until the fix is on 10 -# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194483 -if $(uname -r | grep -q '^11'); then - HTTP_PROXY_USER=$(read_xml_tag.sh string system/proxyuser) - HTTP_PROXY_PASS=$(read_xml_tag.sh string system/proxypass) - if [ "${HTTP_PROXY_USER}" != "" ] && - [ "${HTTP_PROXY_PASS}" != "" ]; then - HTTP_PROXY_AUTH="${HTTP_PROXY_USER}:${HTTP_PROXY_PASS}" - HTTP_PROXY_AUTH="basic:*:${HTTP_PROXY_AUTH}" - export HTTP_PROXY_AUTH - fi -fi - -# pkg should not ask for confirmations -export ASSUME_ALWAYS_YES=true -export FETCH_TIMEOUT=5 -export FETCH_RETRY=2 - -export product=$(php -n /usr/local/sbin/read_global_var product_name pfSense) -export pkg_prefix=$(php -n /usr/local/sbin/read_global_var pkg_prefix \ - pfSense-pkg-) -export platform=$(cat /etc/platform) - -USE_MFS_TMPVAR=$(read_xml_tag.sh boolean system/use_mfs_tmpvar) -if [ "${USE_MFS_TMPVAR}" = "true" ]; then - export PKG_DBDIR=/root/var/db/pkg - export PKG_CACHEDIR=/root/var/cache/pkg -fi - -product_version=$(cat /etc/version) -do_not_send_uniqueid=$(read_xml_tag.sh boolean system/do_not_send_uniqueid) -if [ "${do_not_send_uniqueid}" != "true" ]; then - uniqueid=$(gnid) - export HTTP_USER_AGENT="${product}/${product_version}:${uniqueid}" -else - export HTTP_USER_AGENT="${product}/${product_version}" -fi - -validate_repo_conf - -# Flags used in _exit -export delete_annotation="" -export unlock_additional_pkgs="" -export delete_pid="" - -# Save nc_pid to be able to kill it -export nc_pid="" - -# Reboot after 10 seconds -export reboot_after=10 - -# Used to set -r and reroot -export reboot_params="" - -unset dry_run -unset dont_reboot -unset dont_update -unset booting -unset boot_stage -unset force -unset yes -unset progress_file -unset progress_socket -unset action -unset action_pkg -unset force_ipv4 -unset force_ipv6 -while getopts 46b:cdfi:hp:l:nr:RuUy opt; do - case ${opt} in - 4) - if [ -n "${force_ipv6}" ]; then - usage - exit 1 - fi - force_ipv4=1 - ;; - 6) - if [ -n "${force_ipv4}" ]; then - usage - exit 1 - fi - force_ipv6=1 - ;; - b) - booting=1 - boot_stage="${OPTARG}" - ;; - c) - action="check" - ;; - d) - stdout='' - ;; - f) - force=1 - ;; - i) - if [ -n "${action}" ]; then - usage - exit 1 - fi - action="install" - action_pkg="${OPTARG}" - ;; - h) - usage - exit 0 - ;; - l) - logfile="${OPTARG}" - if [ -z "${logfile}" ]; then - usage - exit 1 - fi - ;; - n) - dry_run="-n" - ;; - p) - progress_socket="${OPTARG}" - if [ -z "${progress_socket}" ]; then - usage - exit 1 - fi - ;; - r) - if [ -n "${action}" ]; then - usage - exit 1 - fi - action="delete" - action_pkg="${OPTARG}" - ;; - R) - dont_reboot=1 - ;; - u) - if [ -n "${action}" ]; then - usage - exit 1 - fi - action="update" - ;; - U) - dont_update=" -U" - ;; - y) - yes=1 - ;; - *) - usage - exit 1 - ;; - esac -done - -if [ -n "${force_ipv4}" ]; then - export IP_VERSION="4" -elif [ -n "${force_ipv6}" ]; then - export IP_VERSION="6" -fi - -# Set default action when no parameter is set -: ${action:="upgrade"} - -if pgrep -qF ${pid_file} >/dev/null 2>&1; then - echo "Another instance is already running... Aborting!" - exit 1 -fi - -echo $$ > ${pid_file} - -# Since this point it's safe to remove pid_file -delete_pid=1 - -trap _exit 1 2 15 EXIT - -block_external_services=$(read_xml_tag.sh boolean \ - system/block_external_services) - -if [ "${block_external_services}" = "true" ]; then - echo "Aborted due to block_external_services flag" - exit 0 -fi - -if [ -z "${booting}" -o "${boot_stage}" != "2" ]; then - php /etc/rc.conf_mount_rw -fi - -if [ -n "${booting}" ]; then - export REPO_AUTOUPDATE=false -fi - -if [ "${action}" != "upgrade" -a -f "${logfile}" ]; then - rm -f ${logfile} -fi - -progress_file=${logfile%.*}.json - -if [ -e "${progress_file}" ]; then - rm -f ${progress_file} -fi - -abi_setup - -if [ -n "${NEW_MAJOR}" -a "${action}" = "install" ]; then - _echo "WARNING: Current pkg repository has a new OS major version." - _echo " ${product} should be upgraded before doing any other" - _echo " operation" - _exit 1 -fi - -case "${action}" in - check) - check_upgrade - ;; - upgrade) - pkg_upgrade - ;; - update) - pkg_update force - ;; - install) - if [ ${action_pkg} = "ALL_PACKAGES" ] && [ -n ${force} ]; then - pkg_reinstall_all - else - pkg_install ${action_pkg} ${force} - fi - ;; - delete) - if [ ${action_pkg} = "ALL_PACKAGES" ] && [ -n ${force} ]; then - pkg_delete_all - else - pkg_delete ${action_pkg} - fi - ;; - *) - _echo "ERROR: Invalid action!" - _exit 1 -esac - -_exit 0 diff --git a/sysutils/pfSense-upgrade/files/pfSense-upgrade.wrapper b/sysutils/pfSense-upgrade/files/pfSense-upgrade.wrapper deleted file mode 100644 index 1c02471..0000000 --- a/sysutils/pfSense-upgrade/files/pfSense-upgrade.wrapper +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/sh -# -# pfSense-upgrade.wrapper -# -# part of pfSense (https://www.pfsense.org) -# Copyright (c) 2015-2016 Rubicon Communications, LLC (Netgate) -# All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -pfsense_upgrade=$(realpath $(dirname $0)/../libexec/$(basename $0)) -lockfile="/tmp/$(basename $0).lock" - -if [ ! -f ${pfsense_upgrade} ]; then - echo "ERROR: Unable to find ${pfsense_upgrade}" - exit 1 -fi - -# lockf return codes, from sysexits(3) -EX_TEMPFAIL=75 # The specified lock file was already locked by another process. -EX_CANTCREAT=73 # The lockf utility was unable to create the lock file, e.g., - # because of insufficient access privileges. -EX_OSERR=71 # A system call (e.g., fork(2)) failed unexpectedly. -EX_SOFTWARE=70 # The command did not exit normally, but may have been signaled - # or stopped. - -# Special return code to detect when pfSense-upgrade was upgraded and must -# be called again to make sure latest version is running -EX_UPGRADE=99 - -while true; do - unset run_again - /usr/bin/lockf -s -t 5 ${lockfile} ${pfsense_upgrade} "$@" - rc=$? - - unset error - case "$rc" in - ${EX_TEMPFAIL}) - echo "Another instance is already running... Aborting!" - exit 1 - ;; - ${EX_CANTCREAT}) - echo "ERROR: Unable to create lockfile ${lockfile}" - exit 1 - ;; - ${EX_OSERR}) - echo "ERROR: An unexpected OS error happened" - error=1 - ;; - ${EX_SOFTWARE}) - echo "ERROR: An unexpected error happened" - error=1 - ;; - ${EX_UPGRADE}) - run_again=1 - ;; - esac - - [ -f "${lockfile}" ] \ - && rm -f ${lockfile} - - [ -n "${error}" ] \ - && exit 1 - - [ -n "${run_again}" ] \ - && continue - - exit $rc -done -- cgit v1.1