diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2008-05-24 05:50:40 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2008-05-24 05:50:40 +0000 |
| commit | 563f5b510631a8c6454e1dfa323d6477f4e7ecbc (patch) | |
| tree | 280b2238185a3737fd581ee07b9bdeb8f7db6f94 /usr/local/www/system_firmware_auto.php | |
| parent | ef794b01aee9e1a2439359555184da5ec4b7b5f8 (diff) | |
| download | pfsense-563f5b510631a8c6454e1dfa323d6477f4e7ecbc.zip pfsense-563f5b510631a8c6454e1dfa323d6477f4e7ecbc.tar.gz | |
Add manifests option (Default Auto Update URLS)
Diffstat (limited to 'usr/local/www/system_firmware_auto.php')
| -rwxr-xr-x | usr/local/www/system_firmware_auto.php | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/usr/local/www/system_firmware_auto.php b/usr/local/www/system_firmware_auto.php index 6994be6..aef4a71 100755 --- a/usr/local/www/system_firmware_auto.php +++ b/usr/local/www/system_firmware_auto.php @@ -1,4 +1,3 @@ -#!/usr/local/bin/php <?php /* $Id$ */ /* @@ -135,11 +134,38 @@ if($needs_system_upgrade == true) $downloaded_latest_tgz_sha256 = str_replace("\n", "", `sha256 /tmp/latest.tgz | awk '{ print $4 }'`); $upgrade_latest_tgz_sha256 = str_replace("\n", "", `cat /tmp/latest.tgz.sha256 | awk '{ print $4 }'`); +$sigchk = 0; + +if(!isset($curcfg['alturl']['enable'])) + $sigchk = verify_digital_signature("/tmp/latest.tgz"); + +if ($sigchk == 1) + $sig_warning = "The digital signature on this image is invalid."; +else if ($sigchk == 2) + $sig_warning = "This image is not digitally signed."; +else if (($sigchk == 3) || ($sigchk == 4)) + $sig_warning = "There has been an error verifying the signature on this image."; + +if (!verify_gzip_file("/tmp/latest.tgz")) { + update_status("The image file is corrupt."); + update_output_window("Update cannot continue"); + unlink("{$g['upload_path']}/latest.tgz"); + require("fend.inc"); + exit; +} + +if ($sigchk) { + update_status($sig_warning); + update_output_window("Update cannot continue"); + unlink("{$g['upload_path']}/latest.tgz"); + require("fend.inc"); + exit; +} + if($downloaded_latest_tgz_sha256 <> $upgrade_latest_tgz_sha256) { update_status("Downloading complete but sha256 does not match."); update_output_window("Auto upgrade aborted. \n\nDownloaded SHA256: $downloaded_latest_tgz_sha256 \n\nNeeded SHA256: $upgrade_latest_tgz_sha256"); } else { - update_status("Downloading complete."); update_output_window("{$g['product_name']} is now upgrading.\\n\\nThe firewall will reboot once the operation is completed."); echo "\n<script language=\"JavaScript\">document.progressbar.style.visibility='hidden';\n</script>"; exec_rc_script_async("{$external_upgrade_helper_text}"); |
