Add manifests option (Default Auto Update URLS)

2 files changed, 50 insertions, 4 deletions

diff --git a/usr/local/www/system_firmware_auto.php b/usr/local/www/system_firmware_auto.php
index 6994be6..aef4a71 100755
--- a/usr/local/www/system_firmware_auto.php
+++ b/usr/local/www/system_firmware_auto.php
@@ -1,4 +1,3 @@
-#!/usr/local/bin/php
 <?php
 /* $Id$ */
 /*
@@ -135,11 +134,38 @@ if($needs_system_upgrade == true)
 $downloaded_latest_tgz_sha256 = str_replace("\n", "", `sha256 /tmp/latest.tgz  | awk '{ print $4 }'`);
 $upgrade_latest_tgz_sha256 = str_replace("\n", "", `cat /tmp/latest.tgz.sha256 | awk '{ print $4 }'`);
 
+$sigchk = 0;
+
+if(!isset($curcfg['alturl']['enable']))
+	$sigchk = verify_digital_signature("/tmp/latest.tgz");
+
+if ($sigchk == 1)
+	$sig_warning = "The digital signature on this image is invalid.";
+else if ($sigchk == 2)
+	$sig_warning = "This image is not digitally signed.";
+else if (($sigchk == 3) || ($sigchk == 4))
+	$sig_warning = "There has been an error verifying the signature on this image.";
+
+if (!verify_gzip_file("/tmp/latest.tgz")) {
+	update_status("The image file is corrupt.");
+	update_output_window("Update cannot continue");
+	unlink("{$g['upload_path']}/latest.tgz");
+	require("fend.inc");
+	exit;
+}
+
+if ($sigchk) {
+	update_status($sig_warning);
+	update_output_window("Update cannot continue");
+	unlink("{$g['upload_path']}/latest.tgz");
+	require("fend.inc");
+	exit;
+}
+
 if($downloaded_latest_tgz_sha256 <> $upgrade_latest_tgz_sha256) {
 	update_status("Downloading complete but sha256 does not match.");
 	update_output_window("Auto upgrade aborted.  \n\nDownloaded SHA256: $downloaded_latest_tgz_sha256 \n\nNeeded SHA256: $upgrade_latest_tgz_sha256");	
 } else {
-	update_status("Downloading complete.");
 	update_output_window("{$g['product_name']} is now upgrading.\\n\\nThe firewall will reboot once the operation is completed.");
 	echo "\n<script language=\"JavaScript\">document.progressbar.style.visibility='hidden';\n</script>";
 	exec_rc_script_async("{$external_upgrade_helper_text}");
diff --git a/usr/local/www/system_firmware_settings.php b/usr/local/www/system_firmware_settings.php
index 9f7d32f..916a3c2 100755
--- a/usr/local/www/system_firmware_settings.php
+++ b/usr/local/www/system_firmware_settings.php
@@ -49,8 +49,13 @@ $curcfg = $config['system']['firmware'];
 $pgtitle = array("System","Firmware","Settings");
 include("head.inc");
 
-?>
+exec("fetch -q -o /tmp/manifest \"{$g['update_manifest']}\"");
+if(file_exists("/tmp/manifest")) {
+	$preset_urls_split = split("\n", file_get_contents("/tmp/manifest"));
+}
 
+?>
+<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script>
 <script language="JavaScript">
 <!--
 
@@ -88,7 +93,22 @@ function enable_altfirmwareurl(enable_over) {
 	<tr>
 		<td colspan="2" valign="top" class="listtopic">Firmware Branch</td>
 	</tr>
-
+<?php if(is_array($preset_urls_split)): ?>
+	<tr>
+		<td valign="top" class="vncell">Default Auto Update URLs</td>
+		<td class="vtable">
+			<select name='preseturls' id='preseturls' onChange="firmwareurl.value = preseturls.value; document.iform.firmwareurl.disabled = 0; alturlenable.checked=true;">
+					<option></option>
+				<?php 
+					foreach($preset_urls_split as $pus) {
+						$pus_text = split("\t", $pus);
+						echo "<option value='{$pus_text[1]}'>{$pus_text[0]}</option>";
+					}
+				?>
+			</select>
+		</td>
+	</tr>
+<?php endif; ?>
 	<tr>
 		<td valign="top" class="vncell">Firmware Auto Update URL</td>
 		<td class="vtable">