diff options
author | Ermal <eri@pfsense.org> | 2010-03-24 17:00:39 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2010-03-24 17:00:39 +0000 |
commit | a0116247ddcb7ac1ffc37a2d1ac967952171f4f3 (patch) | |
tree | 17a673652afd1608efe5467c4fb97189a2b62fe0 /usr/local/www | |
parent | 7554ab8ca355952a3048a8ee64c54810949cad7f (diff) | |
download | pfsense-a0116247ddcb7ac1ffc37a2d1ac967952171f4f3.zip pfsense-a0116247ddcb7ac1ffc37a2d1ac967952171f4f3.tar.gz |
Ticket #318. Add an option to updater settings to allow updates for images with no signature. This makes auto-updater work and will not display an confirmation message during manual update.
Diffstat (limited to 'usr/local/www')
-rwxr-xr-x | usr/local/www/system_firmware.php | 4 | ||||
-rwxr-xr-x | usr/local/www/system_firmware_auto.php | 11 | ||||
-rwxr-xr-x | usr/local/www/system_firmware_settings.php | 19 |
3 files changed, 30 insertions, 4 deletions
diff --git a/usr/local/www/system_firmware.php b/usr/local/www/system_firmware.php index 93fe96b..ed40a97 100755 --- a/usr/local/www/system_firmware.php +++ b/usr/local/www/system_firmware.php @@ -160,9 +160,9 @@ if ($_POST && !is_subsystem_dirty('firmwarelock')) { if ($sigchk == 1) $sig_warning = "The digital signature on this image is invalid."; - else if ($sigchk == 2) + else if ($sigchk == 2 && !isset($config['system']['firmware']['allowinvalidsig'])) $sig_warning = "This image is not digitally signed."; - else if (($sigchk == 3) || ($sigchk == 4)) + else if (($sigchk >= 3)) $sig_warning = "There has been an error verifying the signature on this image."; if (!verify_gzip_file("{$g['upload_path']}/firmware.tgz")) { diff --git a/usr/local/www/system_firmware_auto.php b/usr/local/www/system_firmware_auto.php index a777d18..938f5b0 100755 --- a/usr/local/www/system_firmware_auto.php +++ b/usr/local/www/system_firmware_auto.php @@ -178,8 +178,13 @@ if ($sigchk == 1) $sig_warning = "The digital signature on this image is invalid."; else if ($sigchk == 2) $sig_warning = "This image is not digitally signed."; -else if (($sigchk == 3) || ($sigchk == 4)) +else if (($sigchk >= 3)) { $sig_warning = "There has been an error verifying the signature on this image."; + update_status($sig_warning); + update_output_window("Update cannot continue"); + require("fend.inc"); + exit; +} if (!verify_gzip_file("{$g['upload_path']}/latest.tgz")) { update_status("The image file is corrupt."); @@ -193,7 +198,9 @@ if (!verify_gzip_file("{$g['upload_path']}/latest.tgz")) { exit; } -if ($sigchk) { +if ($sigchk == 2 && isset($config['system']['firmware']['allowinvalidsig'])) + update_output_window("\nrImage has no signature but the system configured to allow unsigned images.\n"); +else if ($sigchk) { update_status($sig_warning); update_output_window("Update cannot continue"); if (file_exists("{$g['upload_path']}/latest.tgz")) { diff --git a/usr/local/www/system_firmware_settings.php b/usr/local/www/system_firmware_settings.php index 622e355..8fa06ec 100755 --- a/usr/local/www/system_firmware_settings.php +++ b/usr/local/www/system_firmware_settings.php @@ -52,6 +52,11 @@ if ($_POST) { unset($config['system']['firmware']['alturl']); unset($config['system']['firmware']); } + if($_POST['allowinvalidsig'] == "yes") + $config['system']['firmware']['allowinvalidsig'] = true; + else + unset($config['system']['firmware']['allowinvalidsig']); + write_config(); } } @@ -137,6 +142,20 @@ function enable_altfirmwareurl(enable_over) { </span> </td> </tr> + <tr> + <td colspan="2" class="list" height="12"> </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Updates</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Not signed images.</td> + <td width="78%" class="vtable"> + <input name="allowinvalidsig" type="checkbox" id="allowinvalidsig" value="yes" <?php if (isset($curcfg['allowinvalidsig'])) echo "checked"; ?> /> + <br /> + Allow to update the system with auto-updater and images with no signature. + </td> + </tr> <script>enable_altfirmwareurl();</script> <tr> <td width="22%" valign="top"> </td> |