diff options
59 files changed, 360 insertions, 1742 deletions
@@ -20,11 +20,10 @@ set +e usage() { - echo "Usage $0 [options] [ iso | nanobsd | ova | nanobsd-vga | memstick | memstickserial | memstickadi | all | none ]" - echo " all = iso nanobsd nanobsd-vga memstick memstickserial memstickadi" + echo "Usage $0 [options] [ iso | ova | memstick | memstickserial | memstickadi | all | none ]" + echo " all = iso memstick memstickserial memstickadi" echo " none = upgrade only pkg repo" echo " [ options ]: " - echo " --flash-size|-f size(s) - a list of flash sizes to build with nanobsd i.e. '2g 4g'. Default: 2g" echo " --no-buildworld|-c - Will set NO_BUILDWORLD NO_BUILDKERNEL to not build kernel and world" echo " --no-cleanobjdir|-d - Will not clean FreeBSD object built dir to allow restarting a build with NO_CLEAN" echo " --resume-image-build|-r - Includes -c -d and also will just move directly to image creation using pre-staged data" @@ -70,15 +69,6 @@ while test "$1" != ""; do --no-cleanobjdir|-d) export NO_CLEAN_FREEBSD_OBJ=YES ;; - --flash-size|-f) - shift - if [ $# -eq 0 ]; then - echo "--flash-size needs extra parameter." - echo - usage - fi - export FLASH_SIZE="${1}" - ;; --resume-image-build|-r) export NO_BUILDWORLD=YES export NO_BUILDKERNEL=YES @@ -153,7 +143,7 @@ while test "$1" != ""; do --do-not-upload|-u) export DO_NOT_UPLOAD=1 ;; - all|none|*iso*|*ova*|*memstick*|*memstickserial*|*memstickadi*|*nanobsd*|*nanobsd-vga*) + all|none|*iso*|*ova*|*memstick*|*memstickserial*|*memstickadi*) BUILDACTION="images" IMAGETYPE="${1}" ;; @@ -302,7 +292,7 @@ fi if [ "$IMAGETYPE" = "none" ]; then _IMAGESTOBUILD="" elif [ "$IMAGETYPE" = "all" ]; then - _IMAGESTOBUILD="iso nanobsd nanobsd-vga memstick memstickserial" + _IMAGESTOBUILD="iso memstick memstickserial" if [ "${TARGET}" = "amd64" ]; then _IMAGESTOBUILD="${_IMAGESTOBUILD} memstickadi" if [ -n "${_IS_RELEASE}" ]; then @@ -389,9 +379,6 @@ for _IMGTOBUILD in $_IMAGESTOBUILD; do memstickadi) create_memstick_adi_image ;; - nanobsd|nanobsd-vga) - create_nanobsd_diskimage ${_IMGTOBUILD} "${FLASH_SIZE}" - ;; ova) old_custom_package_list="${custom_package_list}" export custom_package_list="${custom_package_list} ${PRODUCT_NAME}-pkg-Open-VM-Tools" diff --git a/src/etc/inc/gwlb.inc b/src/etc/inc/gwlb.inc index f1d5e3b..06e6997 100644 --- a/src/etc/inc/gwlb.inc +++ b/src/etc/inc/gwlb.inc @@ -923,26 +923,26 @@ function return_gateway_groups_array() { $gwdown = true; } if ($gwdown == true) { - if (!file_exists("/tmp/.down.$gwname")) { - $msg .= "\n".implode("|", $status); - touch("/tmp/.down.$gwname"); - log_error($msg); - notify_via_growl($msg); - notify_via_smtp($msg); - } + if (!file_exists("/tmp/.down.{$gwname}")) { + $msg .= "\n".implode("|", $status); + touch("/tmp/.down.{$gwname}"); + log_error($msg); + notify_via_growl($msg); + notify_via_smtp($msg); + } } else { /* Online add member */ if (!is_array($tiers[$tier])) { $tiers[$tier] = array(); } $tiers[$tier][] = $gwname; - if (file_exists("/tmp/.down.$gwname")) { - $msg = "MONITOR: {$gwname} is available now, adding to routing group"; + if (file_exists("/tmp/.down.{$gwname}")) { + $msg = sprintf(gettext('MONITOR: %1$s is available now, adding to routing group %2$s'), $gwname, $group['name']); $msg .= "\n".implode("|", $status); + unlink("/tmp/.down.{$gwname}"); log_error($msg); notify_via_growl($msg); notify_via_smtp($msg); - unlink("/tmp/.down.$gwname"); } } } else if (isset($gateways_arr[$gwname]['monitor_disable'])) { diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index 3d47e39..749d930 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -2838,7 +2838,8 @@ EOD; /* add line to script to restore old mac to make hostapd happy */ if (file_exists("{$g['tmp_path']}/{$if}_oldmac")) { $if_oldmac = file_get_contents("{$g['tmp_path']}/{$if}_oldmac"); - if (is_macaddr($if_oldmac)) { + $if_curmac = get_interface_mac($if); + if ($if_curmac != $if_oldmac && is_macaddr($if_oldmac)) { fwrite($fd_set, "{$ifconfig} " . escapeshellarg($if) . " link " . escapeshellarg($if_oldmac) . "\n"); } @@ -2847,15 +2848,11 @@ EOD; fwrite($fd_set, "{$hostapd} -B -P {$g['varrun_path']}/hostapd_{$if}.pid {$g['varetc_path']}/hostapd_{$if}.conf\n"); /* add line to script to restore spoofed mac after running hostapd */ - if (file_exists("{$g['tmp_path']}/{$if}_oldmac")) { - if ($wl['spoofmac']) { - $if_curmac = $wl['spoofmac']; - } else { - $if_curmac = get_interface_mac($if); - } - if (is_macaddr($if_curmac)) { + if ($wl['spoofmac']) { + $if_curmac = get_interface_mac($if); + if ($wl['spoofmac'] != $if_curmac && is_macaddr($wl['spoofmac'])) { fwrite($fd_set, "{$ifconfig} " . escapeshellarg($if) . - " link " . escapeshellarg($if_curmac) . "\n"); + " link " . escapeshellarg($wl['spoofmac']) . "\n"); } } } @@ -2950,13 +2947,14 @@ EOD; } } - /* 20150318 cmb - Note: the below no longer appears to be true on FreeBSD 10.x, so don't set - * mode twice (for now at least). This can be removed entirely in the future if no problems are found - - * The mode must be specified in a separate command before ifconfig - * will allow the mode and channel at the same time in the next. */ - //mwexec("/sbin/ifconfig " . escapeshellarg($if) . " mode " . escapeshellarg($standard)); - //fwrite($wlan_setup_log, "/sbin/ifconfig " . escapeshellarg($if) . " mode " . escapeshellarg($standard) . "\n"); + /* The mode must be specified in a separate command before ifconfig + * will allow the mode and channel at the same time in the next. + * Only do this for AP mode as this breaks client mode (PR 198680). + */ + if ($wlcfg['mode'] == "hostap") { + mwexec("/sbin/ifconfig " . escapeshellarg($if) . " mode " . escapeshellarg($standard)); + fwrite($wlan_setup_log, "/sbin/ifconfig " . escapeshellarg($if) . " mode " . escapeshellarg($standard) . "\n"); + } /* configure wireless */ $wlcmd_args = implode(" ", $wlcmd); diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc index 426f06b..dd303c5 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/openvpn.inc @@ -368,11 +368,11 @@ function openvpn_port_next($prot, $interface = "wan") { function openvpn_get_cipherlist() { $ciphers = array(); - $cipher_out = shell_exec('/usr/local/sbin/openvpn --show-ciphers | /usr/bin/grep "default key" | /usr/bin/awk \'{print $1, "(" $2 "-" $3 ")";}\''); + $cipher_out = shell_exec('/usr/local/sbin/openvpn --show-ciphers | /usr/bin/grep \'(.*key\' | sed \'s/, TLS client\/server mode only//\''); $cipher_lines = explode("\n", trim($cipher_out)); sort($cipher_lines); foreach ($cipher_lines as $line) { - $words = explode(' ', $line); + $words = explode(' ', $line, 2); $ciphers[$words[0]] = "{$words[0]} {$words[1]}"; } $ciphers["none"] = gettext("None (No Encryption)"); diff --git a/src/etc/inc/pkg-utils.inc b/src/etc/inc/pkg-utils.inc index 0531415..ad16d71 100644 --- a/src/etc/inc/pkg-utils.inc +++ b/src/etc/inc/pkg-utils.inc @@ -340,7 +340,7 @@ function get_package_internal_name($package_data) { } // Get information about packages. -function get_pkg_info($pkgs = 'all', $info = 'all', $only_local = false) { +function get_pkg_info($pkgs = 'all', $only_local = false) { global $g, $input_errors; $out = ''; @@ -456,7 +456,7 @@ function get_pkg_info($pkgs = 'all', $info = 'all', $only_local = false) { function register_all_installed_packages() { global $g, $config, $pkg_interface; - $pkg_info = get_pkg_info('all', 'all', true); + $pkg_info = get_pkg_info('all', true); foreach ($pkg_info as $pkg) { if (!isset($pkg['installed'])) { @@ -1199,6 +1199,21 @@ function pkg_switch_repo($path) { @unlink("/usr/local/etc/pkg/repos/{$g['product_name']}.conf"); @symlink($path, "/usr/local/etc/pkg/repos/{$g['product_name']}.conf"); + $abi_file = str_replace('.conf', '.abi', $path); + $altabi_file = str_replace('.conf', '.altabi', $path); + + if (file_exists($abi_file) && file_exists($altabi_file)) { + $abi = file_get_contents($abi_file); + $altabi = file_get_contents($altabi_file); + + $pkg_conf = array( + "ABI={$abi}", + "ALTABI={$altabi}" + ); + + file_put_contents("/usr/local/etc/pkg.conf", $pkg_conf); + } + return pkg_update(true); } diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index 0914c19..f25a861 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -655,7 +655,7 @@ function system_staticroutes_configure($interface = "", $update_dns = false) { $interfacegw = $gateway['interface']; $blackhole = ""; - if (!strcasecmp("Null", substr($rtent['gateway'], 0, 3))) { + if (!strcasecmp("Null", substr($rtent['gateway'], 0, 4))) { $blackhole = "-blackhole"; } @@ -1808,7 +1808,7 @@ function system_ntp_configure() { foreach ($networkacl as $acl) { $ntpcfg .= "\nrestrict "; if (is_ipaddrv6($acl['acl_network'])) { - $ntpcfg .= "-6 {$acl['acl_network']} mask " . gen_subnet_mask_v6($acl['mask']) . " "; + $ntpcfg .= "{$acl['acl_network']} mask " . gen_subnet_mask_v6($acl['mask']) . " "; } elseif (is_ipaddrv4($acl['acl_network'])) { $ntpcfg .= "{$acl['acl_network']} mask " . gen_subnet_mask($acl['mask']) . " "; } else { diff --git a/src/etc/inc/xmlrpc_client.inc b/src/etc/inc/xmlrpc_client.inc index 45c4910..3db6bfe 100644 --- a/src/etc/inc/xmlrpc_client.inc +++ b/src/etc/inc/xmlrpc_client.inc @@ -21,6 +21,8 @@ require_once("XML/RPC2/Client.php"); +define('PEAR_IGNORE_BACKTRACE', 1); + class pfsense_xmlrpc_client { private $username, $password, $url, $filenotice, $error; @@ -45,35 +47,34 @@ class pfsense_xmlrpc_client { } $this->setConnectionData($hasync['synchronizetoip'], $port, $username, $hasync['password']); } - - public function setConnectionData($syncip, $port, $username, $password) { + + public function setConnectionData($syncip, $port, $username, $password, $scheme = "") { global $config; $this->username = $username; $this->password = $password; $this->filenotice = "sync_settings"; - - $protocol = "http"; - if (is_array($config['system']) && - is_array($config['system']['webgui']) && - !empty($config['system']['webgui']['protocol']) && - $config['system']['webgui']['protocol'] == "https") { - $protocol = "https"; + if (empty($scheme)) { + $scheme = "http"; + if ($port == "443") { + $scheme = "https"; + } else if (is_array($config['system']) && + is_array($config['system']['webgui']) && + !empty($config['system']['webgui']['protocol']) && + $config['system']['webgui']['protocol'] == "https") { + $scheme = "https"; + } } if (is_ipaddrv6($syncip)) { $syncip = "[{$syncip}]"; } - if ($protocol == "https" || $port == "443") { - $this->url = "https://{$syncip}:{$port}/xmlrpc.php"; - } else { - $this->url = "http://{$syncip}:{$port}/xmlrpc.php"; - } + $this->url = "{$scheme}://{$syncip}:{$port}/xmlrpc.php"; } - - function set_noticefile($noticefile) { + + public function set_noticefile($noticefile) { $this->filenotice = $noticefile; } - - function xmlrpc_internal($method, $parameter, $timeout = 240) { + + private function xmlrpc_internal($method, $parameter, $timeout = 240) { $this->error = null; $options = array( 'prefix' => 'pfsense.', @@ -94,6 +95,8 @@ class pfsense_xmlrpc_client { continue; } try {//restore_config_section + $REQUEST_URI = $_SERVER['REQUEST_URI']; + unset($_SERVER['REQUEST_URI']); // force use of 'toText()' when setting XML_RPC2_CurlException message $resp = $cli->$method($this->username, $this->password, $parameter); } catch (XML_RPC2_FaultException $e) { // The XMLRPC server returns a XMLRPC error @@ -101,12 +104,29 @@ class pfsense_xmlrpc_client { log_error($this->error); file_notice($this->filenotice, $this->error, "Communications error occurred", ""); continue; + } catch (XML_RPC2_CurlException $e) { + $previouserror = $e->getPrevious();// HTTP_Request2_ConnectionException + if ($previouserror == null) { + // CurlException doesnt get filled with PreviousError, + // however we dont want to show the stacktrace included in the 'message' to non sysadmin users + $this->error = "CurlException calling XMLRPC method {$method} #" . strtok($e->getMessage(), "\n"); + } else { + $this->error = "CurlException calling XMLRPC method {$method} #" . $previouserror->getMessage(); + } + log_error($this->error); + file_notice($this->filenotice, $this->error, "Communications error occurred", ""); + continue; } catch (Exception $e) { // Other errors (HTTP or networking problems...) $this->error = "Exception calling XMLRPC method {$method} # " . $e->getMessage(); log_error($this->error); file_notice($this->filenotice, $this->error, gettext("Error code received"), ""); continue; + } finally { + if (isset($REQUEST_URI)) { + // restore the unset variable to its previous state. + $_SERVER['REQUEST_URI'] = $REQUEST_URI; + } } if (!is_array($resp) && trim($resp) == "Authentication failed") { @@ -121,17 +141,21 @@ class pfsense_xmlrpc_client { return null; } - function xmlrpc_exec_php($execcmd, $timeout = 240) { + public function xmlrpc_exec_php($execcmd, $timeout = 240) { $resp = $this->xmlrpc_internal("exec_php", $execcmd, $timeout); return $resp; } - function xmlrpc_method($method, $parameter = "", $timeout = 240) { + public function xmlrpc_method($method, $parameter = "", $timeout = 240) { $resp = $this->xmlrpc_internal($method, $parameter, $timeout); return $resp; } - function get_error() { + public function get_error() { return $this->error; } + + public function getUrl() { + return $this->url; + } }
\ No newline at end of file diff --git a/src/etc/pfSense-rc b/src/etc/pfSense-rc index ef1f105..ed0c6ae 100755 --- a/src/etc/pfSense-rc +++ b/src/etc/pfSense-rc @@ -244,7 +244,7 @@ if [ "$PLATFORM" = "cdrom" ] ; then fi # make some directories in /var -/bin/mkdir -p $varrunpath /var/log /var/etc /var/db/entropy /var/db/rrd /var/at/jobs/ /var/empty 2>/dev/null +/bin/mkdir -p $varrunpath /var/log /var/etc /var/db/entropy /var/db/rrd /var/at/jobs/ /var/empty /var/log/nginx 2>/dev/null /bin/rm -rf $varrunpath/* if [ "$PLATFORM" != "${product}" ]; then /bin/rm /var/log/* 2>/dev/null diff --git a/src/etc/phpshellsessions/gitsync b/src/etc/phpshellsessions/gitsync index 60dfc7b..522ba2b 100644 --- a/src/etc/phpshellsessions/gitsync +++ b/src/etc/phpshellsessions/gitsync @@ -49,14 +49,15 @@ if (is_array($command_split)) { } $valid_args = array( - "--minimal" => "\tPerform a minimal copy of only the updated files.\n" . + "--minimal" => "\tPerform a copy of only the updated files.\n" . "\tNot recommended if the system has files modified by any method other\n" . "\tthan gitsync.\n", - "--diff" => "\tPerform a copy of only the files that are different or missing.\n" . + "--diff" => "\tPerform a copy of only the different and missing files.\n" . "\tRecommended for SSD if system has files modified by any method other\n" . "\tthan gitsync.\n", - "--verbose" => "\tDisplay constructed command. In combination with the --diff\n" . - "\toption, display the array of different and missing files.\n", + "--show_files" => "\tShow the updated, different and missing files.\n" . + "\t(when used with --minimal and --diff options)\n", + "--show_command" => "\tShow the constructed command.\n", "--dry-run" => "\tDry-run only. No files copied.\n", "--help" => "\tDisplay this help list.\n" ); @@ -374,21 +375,30 @@ foreach ($merge_repos as $merge_repo) { } } +$updated_files_array[1] = array(); if (isset($args["--minimal"])) { if (file_exists("/etc/version.gitsync")) { $old_revision = trim(file_get_contents("/etc/version.gitsync")); } else if (file_exists("/etc/version.lastcommit")) { $old_revision = trim(file_get_contents("/etc/version.lastcommit")); } - $files_to_copy = strtr(shell_exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} diff --name-only --relative=src " . escapeshellarg($old_revision)), "\n", " "); - $tar_options = '-C ./src'; -} else { - $files_to_copy = '.'; - $tar_options = '-C ./src'; + + # Find updated files. + $updated_files = shell_exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} diff --name-only --relative=src " . escapeshellarg($old_revision)); + + # Get the path of each updated file. + preg_match_all('@(?:^(.+?)$)@sim', $updated_files, $updated_files_array, PREG_PATTERN_ORDER); + + if(isset($args["--show_files"])) { + echo "===> Updated Files: \n"; + print_r($updated_files_array[1]); + } } // Save new commit ID for later minimal file copies -exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} rev-parse -q --verify HEAD > /etc/version.gitsync"); +if(!isset($args["--dry-run"])) { + exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} rev-parse -q --verify HEAD > /etc/version.gitsync"); +} // Remove files that we do not want to overwrite the system with @unlink("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/crontab"); @@ -409,13 +419,15 @@ exec("rm -rf {$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/conf*"); exec("rm -rf {$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/cf 2>/dev/null"); @chmod("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/tmp", 01777); +$different_files_array[1] = array(); +$missing_files_array[1] = array(); if(isset($args["--diff"])) { # Find different and missing files. $different_missing_files = shell_exec("/usr/bin/diff -qr / $CODIR/pfSenseGITREPO/pfSenseGITREPO/src/ | /usr/bin/grep -E '^(Files .*? and $CODIR/pfSenseGITREPO/pfSenseGITREPO/src/.*? differ)|(Only in $CODIR/pfSenseGITREPO/pfSenseGITREPO/src/)'"); # Get the path of each different or missing file. - preg_match_all('@(?:^Files .*? and '.$CODIR.'/pfSenseGITREPO/pfSenseGITREPO/src/(.*?) differ.*?$)@sim', $different_missing_files, $different_files_array, PREG_PATTERN_ORDER); - preg_match_all('@(?:^Only in '.$CODIR.'/pfSenseGITREPO/pfSenseGITREPO/src/(.*?)$)@sim', $different_missing_files, $missing_files_array, PREG_PATTERN_ORDER); + preg_match_all('@(?:^Files .*? and '.$CODIR.'/pfSenseGITREPO/pfSenseGITREPO/src/(.+?) differ.*?$)@sim', $different_missing_files, $different_files_array, PREG_PATTERN_ORDER); + preg_match_all('@(?:^Only in '.$CODIR.'/pfSenseGITREPO/pfSenseGITREPO/src/(.+?)$)@sim', $different_missing_files, $missing_files_array, PREG_PATTERN_ORDER); # Deal with diff's output format of missing files (path: missing_file). foreach ($missing_files_array[1] as $key => $file) { @@ -443,18 +455,7 @@ if(isset($args["--diff"])) { $missing_files_array[1][$key] = $file; } - # Convert the list from array to space separated quoted strings. Quoted for white space file name support. - $different_files = $missing_files = ''; - if (count($different_files_array[1]) > 0) - $different_files .= '"' . implode('" "', $different_files_array[1]) . '"'; - if (count($missing_files_array[1]) > 0) - $missing_files .= '"' . implode('" "', $missing_files_array[1]) . '"'; - - # Files to be copied. - $files_to_copy = trim($different_files . " " . $missing_files); - $tar_options = '-C ./src'; - - if(isset($args["--verbose"])) { + if(isset($args["--show_files"])) { echo "===> Different Files: \n"; print_r($different_files_array[1]); echo "===> Missing Files: \n"; @@ -462,7 +463,27 @@ if(isset($args["--diff"])) { } } -echo "===> Installing new files...\n"; +# Files to be copied. +if(isset($args["--minimal"]) || isset($args["--diff"])) { + $files_to_copy_array = array_merge($updated_files_array[1], $different_files_array[1], $missing_files_array[1]); + $files_to_copy_array = array_unique($files_to_copy_array); + + unset($updated_files_array, $different_files_array, $missing_files_array); + + # Convert the list from an array to a space separated quoted string. Quoted for white space file name support. + if (count($files_to_copy_array) > 0) { # Leave the string empty/unset if there is nothing to copy. + $files_to_copy = '"' . implode('" "', $files_to_copy_array) . '"'; + } + $qty_files_to_copy = count($files_to_copy_array); + unset($files_to_copy_array); +} else { + $files_to_copy = '.'; + $qty_files_to_copy = chr(8); +} + +$tar_options = '-C ./src'; + +echo "===> Installing $qty_files_to_copy new files...\n"; if ($g['platform'] == $g['product_name']) { $command = "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO ; tar -cpf - {$tar_options} {$files_to_copy} | (cd / ; tar -Uxpf -)"; @@ -471,7 +492,7 @@ if ($g['platform'] == $g['product_name']) { } if (!empty($files_to_copy)) { - if(isset($args["--verbose"])) { + if(isset($args["--show_command"])) { echo "===> Command: \n$command\n"; } if(!isset($args["--dry-run"])) { diff --git a/src/etc/rc.filter_synchronize b/src/etc/rc.filter_synchronize index c363ff2..a6f6aa7 100755 --- a/src/etc/rc.filter_synchronize +++ b/src/etc/rc.filter_synchronize @@ -212,7 +212,8 @@ function carp_sync_xml($sections) { $rpc_client = new pfsense_xmlrpc_client(); $resp = $rpc_client->xmlrpc_method('restore_config_section', $xml); if ($resp != null) { - update_filter_reload_status("XMLRPC sync successfully completed with {$syncip}:{$port}."); + $url = $rpc_client->getUrl(); + update_filter_reload_status("XMLRPC sync successfully completed with {$url}."); return true; } return false; diff --git a/src/usr/local/sbin/pfSense-upgrade b/src/usr/local/sbin/pfSense-upgrade deleted file mode 100755 index c6c97a3..0000000 --- a/src/usr/local/sbin/pfSense-upgrade +++ /dev/null @@ -1,930 +0,0 @@ -#!/bin/sh -# -# pfSense-upgrade -# -# part of pfSense (https://www.pfsense.org) -# Copyright (c) 2015-2016 Rubicon Communications, LLC (Netgate) -# All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -usage() { - echo "Usage: $(basename ${0}) [-46bdyf] [-u|-i PKG_NAME|-r PKG_NAME]" >&2 - echo " -4 - Force IPv4" - echo " -6 - Force IPv6" - echo " -b - Platform is booting" >&2 - echo " -c - Check if upgrade is necessary" >&2 - echo " -d - Turn on debug" >&2 - echo " -f - Force package installation" >&2 - echo " -h - Show this usage help" >&2 - echo " -l - Logfile path (defaults to /cf/conf/upgrade_log.txt)" >&2 - echo " -n - Dry run" >&2 - echo " -p socket - Write pkg progress to socket" - echo " -R - Do not reboot (this can be dangerous)" - echo " -y - Assume yes as the answer to any possible interaction" >&2 - echo "" >&2 - echo "The following parameters are mutually exclusive:" >&2 - echo " -i PKG_NAME - Install package PKG_NAME" >&2 - echo " -r PKG_NAME - Remove package PKG_NAME" >&2 - echo " -u - Update repository information" >&2 -} - -_echo() { - local _n="" - if [ "${1}" = "-n" ]; then - shift - _n="-n" - fi - - if [ -z "${logfile}" ]; then - logfile=/dev/null - fi - - echo ${_n} "${1}" | tee -a ${logfile} -} - -_exec() { - local _cmd="${1}" - local _msg="${2}" - local _mute="${3}" - local _ignore_result="${4}" - local _stdout="${stdout}" - - if [ -z "${_cmd}" -o -z "${_msg}" ]; then - return 1 - fi - - if [ "${_mute}" != "mute" ]; then - _stdout='' - fi - - _echo -n ">>> ${_msg}... " - if [ -z "${_stdout}" ]; then - _echo "" - # Ref. http://stackoverflow.com/questions/1221833/bash-pipe-output-and-capture-exit-status - exec 4>&1 - local _result=$({ { ${_cmd} 2>&1 3>&-; printf $? 1>&3; } 4>&- | \ - tee -a ${logfile} 1>&4; } 3>&1) - exec 4>&- - else - # Ref. http://stackoverflow.com/questions/1221833/bash-pipe-output-and-capture-exit-status - exec 4>&1 - local _result=$({ { ${_cmd} >${_stdout} 2>&1 3>&-; printf $? 1>&3; } 4>&- | \ - tee -a ${logfile} 1>&4; } 3>&1) - exec 4>&- - fi - - if [ ${_result} -eq 0 -o -n "${_ignore_result}" ]; then - [ -n "${_stdout}" ] \ - && _echo "done." - return 0 - else - [ -n "${_stdout}" ] \ - && _echo "failed." - _exit 1 - fi -} - -_exit() { - trap "-" 1 2 15 EXIT - - pkg_lock ${kernel_pkg} - - if [ -f "${pid_file}" ]; then - rm -f ${pid_file} - fi - - if [ -n "${chroot_dir}" ]; then - umount -f ${chroot_dir} >/dev/null 2>&1 - fi - - if [ -z "${booting}" -o "${boot_stage}" != "2" ]; then - /usr/local/bin/php /etc/rc.conf_mount_ro - fi - - if [ -n "${nc_pid}" ] && ps -p ${nc_pid} >/dev/null 2>&1; then - kill ${nc_pid} - fi - - if [ -n "${delete_annotation}" ]; then - pkg ${pkg_chroot} annotate -q -D ${kernel_pkg} next_stage - fi - - if [ -n "${unlock_additional_pkgs}" ]; then - pkg_unlock "${pkg_prefix}*" - fi - - local _rc=${1:-"0"} - - # If EVENT_PIPE is defined, GUI is calling - if [ -n "${progress_socket}" ]; then - local _need_reboot_str="" - [ -n "${need_reboot}" ] \ - && _need_reboot_str=" __REBOOT_AFTER=${reboot_after}" - _echo "__RC=${_rc}${_need_reboot_str}" - fi - - exit ${_rc} -} - -pkg_with_pb() { - local _event_pipe="" - - if [ -n "${progress_socket}" ]; then - if [ -e "${chroot_dir}${progress_socket}" ]; then - rm -f ${chroot_dir}${progress_socket} - fi - - _event_pipe="-o EVENT_PIPE=${progress_socket}" - - nc -lU ${chroot_dir}${progress_socket} >> ${progress_file} & - nc_pid=$! - - while [ ! -e "${chroot_dir}${progress_socket}" ]; do - sleep 0.1 - done - fi - - pkg ${_event_pipe} $@ - local _pkg_result=$? - nc_pid="" - return ${_pkg_result} -} - -fetch_upgrade_packages() { - local _pkgs_to_fetch="" - if [ "${platform}" = "nanobsd" ]; then - local _pkg="" - - # Check if all non-auto packages installed on 2nd partition are - # installed on current one, if not, mark them to be deleted by - # pkg autoremove - for _pkg in $(pkg ${pkg_chroot} query -e '%a == 0' %n); do - if ! pkg info -e ${_pkg}; then - _exec "pkg ${pkg_chroot} set -A 1 ${_pkg}" "Scheduling package ${_pkg} for removal" - fi - done - - # Check if all non-auto packages installed on current partition are - # installed on 2nd one, if not, we need to fetch them - for _pkg in $(pkg query -e '%a == 0' %n); do - if ! pkg ${pkg_chroot} info -e ${_pkg}; then - _pkgs_to_fetch="${_pkgs_to_fetch}${_pkgs_to_fetch:+ }${_pkg}" - fi - done - - fi - - _exec "pkg_with_pb ${pkg_chroot} upgrade -F" "Downloading upgrade packages" - - if [ -n "${_pkgs_to_fetch}" ]; then - _exec "pkg_with_pb ${pkg_chroot} fetch -d ${_pkgs_to_fetch}" \ - "Fetching packages not present on upgrade partition" - fi -} - -pkg_lock() { - local _pkg="${1}" - - if [ -z "${_pkg}" ]; then - return - fi - - if [ "$(pkg ${pkg_chroot} query %k ${_pkg})" = "0" ]; then - _exec "pkg ${pkg_chroot} lock ${_pkg}" "Locking package ${_pkg}" mute - fi -} - -pkg_unlock() { - local _pkg="${1}" - - if [ -z "${_pkg}" ]; then - return - fi - - if [ "$(pkg ${pkg_chroot} query %k ${_pkg})" = "1" ]; then - _exec "pkg ${pkg_chroot} unlock ${_pkg}" "Unlocking package ${_pkg}" mute - fi -} - -pkg_update() { - local _run_update=1 - - local _force="" - if [ "${1}" = "force" ]; then - _force=" -f" - fi - - _exec "pkg ${pkg_chroot} update${_force}" "Updating repositories metadata" -} - -pkg_upgrade() { - # figure out which kernel variant is running - export kernel_pkg=$(pkg query %n $(pkg info ${product}-kernel-\* | grep -v -- -debug-)) - - if [ -z "${kernel_pkg}" ]; then - _echo "ERROR: It was not possible to identify which ${product} kernel is installed" - _exit 1 - fi - - export next_stage=$(pkg annotate -q -S ${kernel_pkg} next_stage) - - if [ -n "${next_stage}" -a -n "${booting}" -a -n "${boot_stage}" ]; then - if [ ${boot_stage} != ${next_stage} ]; then - _exit 0 - fi - fi - - # If it's booting and first stage didn't run, just exit - if [ -n "${booting}" -a -z "${next_stage}" ]; then - _exit 0 - fi - - unset need_reboot - # First upgrade stage - if [ -z "${next_stage}" ]; then - if [ -f "${logfile}" ]; then - rm -f ${logfile} - fi - - pkg_update - - if [ "$(compare_pkg_version pkg)" = "<" ]; then - _exec "pkg upgrade pkg" "Upgrading pkg" mute - pkg_update force - fi - - local _repo_pkg="${product}-repo" - - # Deprecated pa - if is_pkg_installed ${product}-repo-devel; then - _exec "pkg ${pkg_chroot} set -A 1 ${product}-repo-devel" \ - "Scheduling package ${product}-repo-devel for removal" - _exec "pkg install ${_repo_pkg}" "Installing ${_repo_pkg}" mute - _exec "pkg delete ${product}-repo-devel" "Removing ${product}-repo-devel" \ - mute ignore_result - validate_repo_conf - pkg_update force - fi - - if [ "$(compare_pkg_version ${_repo_pkg})" = "<" ]; then - cp /usr/local/etc/pkg/repos/${product}.conf \ - /tmp/${product}.conf.copy - _exec "pkg upgrade ${_repo_pkg}" "Upgrading ${_repo_pkg}" mute - # If conf differs, for an update - if ! cmp -s /usr/local/etc/pkg/repos/${product}.conf /tmp/${product}.conf.copy; then - pkg_update force - - # New repo may contain newer pkg - if [ "$(compare_pkg_version pkg)" = "<" ]; then - _exec "pkg upgrade pkg" "Upgrading pkg" mute - pkg_update force - fi - fi - rm -f /tmp/${product}.conf.copy - fi - - if [ $(pkg upgrade -nq | wc -l) -le 1 ]; then - _echo "Your packages are up to date" - _exit 0 - fi - - if [ -n "${dry_run}" ]; then - pkg_unlock ${kernel_pkg} - pkg ${pkg_chroot} upgrade -nq 2>&1 | tee -a ${logfile} - pkg_lock ${kernel_pkg} - _exit 0 - fi - - local _meta_pkg=$(get_meta_pkg_name) - if [ $(pkg upgrade -r ${product}-core -nq | wc -l) -gt 1 ]; then - if [ "${platform}" = "nanobsd" ]; then - _echo "**** WARNING ****" - _echo "Duplicate slice required!!" - _echo "" - _echo "Before starting the upgrade process, the currently mounted nanobsd partition" - _echo "needs to be cloned to the secondary partition, where the update will happen" - _echo "" - _echo "After installation a reboot will be required to switch partition." - _echo "" - if [ -z "${yes}" ]; then - _echo -n "Proceed with upgrade? (y/N) " - read answer - if [ "${answer}" != "y" ]; then - _echo "Aborting..." - _exit 0 - fi - # Do not make the user have to answer again. - yes=1 - fi - setup_nanobsd_env - fi - need_reboot=1 - elif pkg upgrade -r ${product} -nq ${_meta_pkg} >/dev/null 2>&1; then - need_reboot=1 - fi - - pkg_unlock ${kernel_pkg} - - if [ -z "${yes}" ]; then - # Show user which packages are going to be upgraded - pkg ${pkg_chroot} upgrade -nq 2>&1 | tee -a ${logfile} - - _echo "" - if [ -n "${need_reboot}" ]; then - _echo "**** WARNING ****" - _echo "Reboot will be required!!" - fi - _echo -n "Proceed with upgrade? (y/N) " - read answer - if [ "${answer}" != "y" ]; then - _echo "Aborting..." - _exit 0 - fi - fi - - # Download all upgrade packages first - fetch_upgrade_packages - - if [ $(pkg ${pkg_chroot} upgrade -nq ${kernel_pkg} | wc -l) -gt 1 ]; then - _exec "pkg ${pkg_chroot} upgrade ${kernel_pkg}" "Upgrading ${product} kernel" - fi - - pkg ${pkg_chroot} annotate -q -M ${kernel_pkg} next_stage 2 - next_stage=2 - - if [ -n "${need_reboot}" -a "${platform}" != "nanobsd" ]; then - do_reboot - _exit 0 - fi - fi - - if [ "${next_stage}" = "2" ]; then - pkg_lock "${pkg_prefix}*" - unlock_additional_pkgs=1 - - # XXX: Workaround to upgrade strongswan - # If those symlinks are present, pkg exit because it expects them - # to be a directory - if [ $(pkg ${pkg_chroot} upgrade -nq strongswan | wc -l) -gt 1 ]; then - if [ -L ${chroot_dir}/usr/local/etc/ipsec.d ]; then - rm -f ${chroot_dir}/usr/local/etc/ipsec.d - fi - if [ -L ${chroot_dir}/usr/local/etc/ipsec.conf ]; then - rm -f ${chroot_dir}/usr/local/etc/ipsec.conf - fi - if [ -L ${chroot_dir}/usr/local/etc/strongswan.d ]; then - rm -f ${chroot_dir}/usr/local/etc/strongswan.d - fi - if [ -L ${chroot_dir}/usr/local/etc/strongswan.conf ]; then - rm -f ${chroot_dir}/usr/local/etc/strongswan.conf - fi - fi - - if [ $(pkg ${pkg_chroot} upgrade -nq | wc -l) -gt 1 ]; then - delete_annotation=1 - _exec "pkg ${pkg_chroot} upgrade" "Upgrading necessary packages" - delete_annotation="" - fi - - pkg ${pkg_chroot} annotate -q -M ${kernel_pkg} next_stage 3 - next_stage=3 - - pkg_unlock "${pkg_prefix}*" - unlock_additional_pkgs="" - - if [ -n "${need_reboot}" -a "${platform}" = "nanobsd" ]; then - switch_active_nanobsd_partition - do_reboot - _exit 0 - fi - - if [ -n "${booting}" ]; then - _exit 0 - fi - fi - - if [ "${next_stage}" = "3" ]; then - if [ $(pkg upgrade -nq | wc -l) -gt 1 ]; then - delete_annotation=1 - _exec "pkg ${pkg_chroot} upgrade" "Upgrading necessary packages" - delete_annotation="" - fi - - pkg ${pkg_chroot} annotate -q -D ${kernel_pkg} next_stage - - # cleanup caches - _exec "pkg ${pkg_chroot} autoremove" "Removing unnecessary packages" mute ignore_result - _exec "pkg ${pkg_chroot} clean" "Cleanup pkg cache" mute ignore_result - fi - - gitsync=$(/usr/local/sbin/read_xml_tag.sh boolean system/gitsync/synconupgrade) - if [ "${gitsync}" = "true" ]; then - repository_url=$(/usr/local/sbin/read_xml_tag.sh string system/gitsync/repositoryurl) - branch=$(/usr/local/sbin/read_xml_tag.sh string system/gitsync/branch) - - # Repository URL is not mandatory - if [ -n "${branch}" ]; then - _exec "/usr/local/sbin/pfSsh.php playback gitsync \ - ${repositoryurl} ${branch} --upgrading" \ - "Running gitsync" mute ignore_result - fi - fi -} - -get_meta_pkg_name() { - # figure out main meta package name - if is_pkg_installed ${product}-vmware; then - echo "${product}-vmware" - elif is_pkg_installed ${product}; then - echo "${product}" - else - _echo "ERROR: It was not possible to identify which ${product} meta package is installed" - _exit 1 - fi -} - -check_upgrade() { - local _meta_pkg=$(get_meta_pkg_name) - - pkg_update - - if [ "$(compare_pkg_version ${_meta_pkg})" = "<" ]; then - local _new_version=$(pkg rquery %v ${_meta_pkg}) - _echo "${_new_version} version of ${product} is available" - _exit 2 - else - for _pkg in $(pkg query -e "%n ~ ${product}-*" %n); do - # Ignore additional packages - if echo "${_pkg}" | grep -q "^${pkg_prefix}"; then - continue - fi - if [ "$(compare_pkg_version ${_pkg})" = "<" ]; then - local _new_version=$(pkg rquery %v ${_pkg}) - _echo "${_new_version} version of ${_pkg} is available" - _exit 2 - fi - done - fi - - _echo "Your system is up to date" - _exit 0 -} - -setup_nanobsd_env() { - if [ "${platform}" != "nanobsd" ]; then - return; - fi - - chroot_dir=/tmp/nanobsd_upgrade - mkdir -p ${chroot_dir} 2>/dev/null - local _cur_partition=$(mount -p / | cut -f1) - local _update_partition=$(echo ${_cur_partition} | sed -e 's,0$,2,; s,1$,0,; s,2$,1,') - - if [ ! -e "${_update_partition}" ]; then - _echo "Secondary partition (${_update_partition}), used for upgrade not found" - _exit 1 - fi - - # Remove /dev - _update_partition=$(echo ${_update_partition} | sed 's,^/dev/,,') - local _update_slice=$(glabel status -s | awk "\$1 == \"${_update_partition}\" { print \$3 }") - - if [ -z "${_update_slice}" -o ! -e "/dev/${_update_slice}" ]; then - _echo "Secondary slice (${_update_slice}), use_update_sliced for upgrade not found" - _exit 1 - fi - - _update_slice="/dev/${_update_slice}" - - # Clone slice using same logic from nanobsd_clone_slice() - sysctl kern.geom.debugflags=16 >/dev/null 2>&1 - _exec "dd if=/dev/zero of=${_update_slice} bs=1m count=1" "Cleaning secondary partition" mute - _exec "dd if=${_cur_partition} of=${_update_slice} bs=64k" "Duplicating current slice" mute - _exec "tunefs -L ${_update_partition##*/} ${_update_slice}" "Restoring slice label" mute - sysctl kern.geom.debugflags=0 >/dev/null 2>&1 - - _exec "/sbin/fsck -y -t ufs /dev/${_update_partition}" "Testing duplicated partition integrity" mute - _exec "mount /dev/${_update_partition} ${chroot_dir}" "Mounting second partition to run upgrade" mute - - # Make sure resolv.conf is present, otherwise upgrade may fail (bug #6557) - local _resolv_conf=$(readlink -f /etc/resolv.conf) - _exec "cp -f ${_resolv_conf} ${chroot_dir}/etc/resolv.conf" \ - "Copying resolv.conf to upgrade partition" mute ignore_result - - sed -i '' -e "s,^${_cur_partition},/dev/${_update_partition}," \ - ${chroot_dir}/etc/fstab - - pkg_chroot="-c ${chroot_dir}" -} - -switch_active_nanobsd_partition() { - if [ "${platform}" != "nanobsd" ]; then - return; - fi - - local _cur_partition=$(mount -p / | cut -f1 | sed 's,^/dev/,,') - local _disk=$(glabel status -s | \ - awk "\$1 == \"${_cur_partition}\" { print substr(\$3, 0, length(\$3)-3)}") - local _i=$(echo ${_cur_partition} | cut -c ${#_cur_partition}) - - if ! echo "${_i}" | egrep -q '^[0-9]$'; then - _echo "Invalid partition label ${_cur_partition}" - _exit 1 - fi - - # pfsense0 == part 1 / pfsense1 == part 2 - if [ ${_i} -eq 0 ]; then - _i=2 - else - _i=1 - fi - - _exec "gpart set -a active -i ${_i} ${_disk}" "Setting secondary partition as active" mute -} - -is_pkg_installed() { - local _pkg_name="${1}" - shift - local _pkg_chroot="$@" - - pkg ${_pkg_chroot} info -e ${_pkg_name} - return $? -} - -compare_pkg_version() { - local _pkg_name="${1}" - - if ! is_pkg_installed ${_pkg_name} ${pkg_chroot}; then - echo '!' - return 1 - fi - - local _lver=$(pkg ${pkg_chroot} query %v ${_pkg_name}) - - if [ -z "${_lver}" ]; then - _echo "ERROR: It was not possible to determine ${_pkg_name} local version" - _exit 1 - fi - - local _rver=$(pkg ${pkg_chroot} rquery %v ${_pkg_name}) - - if [ -z "${_rver}" ]; then - _echo "ERROR: It was not possible to determine ${_pkg_name} remote version" - _exit 1 - fi - - local _version=$(pkg version -t ${_lver} ${_rver}) - - if [ $? -ne 0 ]; then - _echo "ERROR: Error comparing ${_pkg_name} local and remote versions" - _exit 1 - fi - - echo ${_version} - return 0 -} - -pkg_install() { - local _pkg_name="${1}" - - local _force="" - if [ -n "${2}" ]; then - _force="-f" - fi - - if [ -z "${_pkg_name}" ]; then - _echo "ERROR: Blank package name" - _exit 1 - fi - - if is_pkg_installed ${_pkg_name}; then - local _cversion=$(compare_pkg_version ${_pkg_name}) - - if [ -z "${_force}" ]; then - if [ "${_cversion}" = "=" ]; then - _echo "Package ${_pkg_name} is up to date" - _exit 0 - elif [ "${_cversion}" = ">" ]; then - _echo "Installed ${_pkg_name} version is newer than remote" - _exit 0 - fi - fi - local _cmd="upgrade ${_force}" - local _msg="Upgrading" - else - local _cmd="install" - local _msg="Installing" - fi - - _exec "pkg_with_pb ${_cmd}${dry_run:+ }${dry_run} ${_pkg_name}" "${_msg} ${_pkg_name}" - _exec "pkg clean" "Cleaning up cache" mute ignore_result -} - -# Reinstall every pfSense-pkg-* package -pkg_reinstall_all() { - for _pkg in $(pkg query -e '%a == 0' %n); do - case ${_pkg} in "${pkg_prefix}"* ) - _echo "Reinstalling ${_pkg}" - pkg_install ${_pkg} 1 - ;; - esac - done -} - -pkg_delete() { - local _pkg_name="${1}" - - if [ -z "${_pkg_name}" ]; then - _echo "ERROR: Blank package name" - _exit 1 - fi - - if ! is_pkg_installed ${_pkg_name}; then - _echo "ERROR: Package ${_pkg_name} is not installed" - _exit 1 - fi - - _exec "pkg_with_pb delete${dry_run:+ }${dry_run} ${_pkg_name}" "Removing ${_pkg_name}" - _exec "pkg autoremove" "Removing stale packages" mute ignore_result -} - -# Delete every pfSense-pkg-* package -pkg_delete_all() { - for _pkg in $(pkg query -e '%a == 0' %n); do - case ${_pkg} in "${pkg_prefix}"* ) - _echo "Removing ${_pkg}" - pkg_delete ${_pkg} - ;; - esac - done -} - -do_reboot() { - if [ -z "${dont_reboot}" ]; then - _echo "Upgrade is complete. Rebooting in ${reboot_after} seconds." - echo "Upgrade is complete. Rebooting in ${reboot_after} seconds." | wall - /etc/rc.notify_message -e -g -m "Upgrade is complete. Rebooting in ${reboot_after} seconds." \ - >/dev/null 2>&1 - (sleep ${reboot_after} && /etc/rc.reboot) & - else - _echo "Upgrade is complete." - echo "Upgrade is complete." | wall - /etc/rc.notify_message -e -g -m "Upgrade is complete." >/dev/null 2>&1 - fi -} - -validate_repo_conf() { - # Make sure to use default repo conf when it doesn't exist - pkg_repo_conf="/usr/local/etc/pkg/repos/${product}.conf" - default_pkg_repo_conf_path="/usr/local/share/${product}/pkg/repos/${product}-repo.conf" - - pkg_repo_conf_path=$(/usr/local/sbin/read_xml_tag.sh string system/pkg_repo_conf_path) - - if [ -z "${pkg_repo_conf_path}" -o ! -f "${pkg_repo_conf_path}" ]; then - pkg_repo_conf_path=${default_pkg_repo_conf_path} - fi - - if [ -f "${pkg_repo_conf_path}" ]; then - if [ -e "${pkg_repo_conf}" -a ! -L "${pkg_repo_conf}" ]; then - rm -f ${pkg_repo_conf} - ln -sf ${pkg_repo_conf_path} ${pkg_repo_conf} - fi - - if [ "$(readlink ${pkg_repo_conf})" != "${pkg_repo_conf_path}" ]; then - mkdir -p /usr/local/etc/pkg/repos - ln -sf ${pkg_repo_conf_path} ${pkg_repo_conf} - fi - fi -} - -export LANG=C - -pid_file="/var/run/$(basename $0).pid" -logfile="/cf/conf/upgrade_log.txt" -stdout='/dev/null' - -# Setup proxy settings -HTTP_PROXY=$(/usr/local/sbin/read_xml_tag.sh string system/proxyurl) -if [ "${HTTP_PROXY}" != "" ]; then - HTTP_PROXY_PORT=$(/usr/local/sbin/read_xml_tag.sh string system/proxyport) - if [ "${HTTP_PROXY_PORT}" != "" ]; then - HTTP_PROXY="${HTTP_PROXY}:${HTTP_PROXY_PORT}" - fi - export HTTP_PROXY -fi - -# pkg should not ask for confirmations -export ASSUME_ALWAYS_YES=true -export FETCH_TIMEOUT=5 -export FETCH_RETRY=2 - -export product=$(/usr/local/bin/php -n /usr/local/sbin/read_global_var product_name pfSense) -export pkg_prefix=$(/usr/local/bin/php -n /usr/local/sbin/read_global_var pkg_prefix pfSense-pkg-) -export platform=$(cat /etc/platform) - -USE_MFS_TMPVAR=$(/usr/local/sbin/read_xml_tag.sh boolean system/use_mfs_tmpvar) -if [ "${platform}" = "nanobsd" ] || [ "${USE_MFS_TMPVAR}" = "true" ]; then - export PKG_DBDIR=/root/var/db/pkg - export PKG_CACHEDIR=/root/var/cache/pkg -fi - -product_version=$(cat /etc/version) -do_not_send_host_uuid=$(/usr/local/sbin/read_xml_tag.sh boolean system/do_not_send_host_uuid) -if [ "${do_not_send_host_uuid}" != "true" ]; then - hostuuid=$(sysctl kern.hostuuid) - export HTTP_USER_AGENT="${product}/${product_version}:${hostuuid}" -else - export HTTP_USER_AGENT="${product}/${product_version}" -fi - -validate_repo_conf - -# Flags used in _exit -export delete_annotation="" -export unlock_additional_pkgs="" - -# Upgrade process on nanobsd will happen in chroot -export pkg_chroot="" -export chroot_dir="" - -# Save nc_pid to be able to kill it -export nc_pid="" - -# Reboot after 10 seconds -export reboot_after=10 - -unset dry_run -unset dont_reboot -unset booting -unset boot_stage -unset force -unset yes -unset progress_file -unset progress_socket -unset action -unset action_pkg -unset force_ipv4 -unset force_ipv6 -while getopts 46b:cdfi:hp:l:nr:Ruy opt; do - case ${opt} in - 4) - if [ -n "${force_ipv6}" ]; then - usage - _exit 1 - fi - force_ipv4=1 - ;; - 6) - if [ -n "${force_ipv4}" ]; then - usage - _exit 1 - fi - force_ipv6=1 - ;; - b) - booting=1 - boot_stage="${OPTARG}" - ;; - c) - action="check" - ;; - d) - stdout='' - ;; - f) - force=1 - ;; - i) - if [ -n "${action}" ]; then - usage - _exit 1 - fi - action="install" - action_pkg="${OPTARG}" - ;; - h) - usage - _exit 0 - ;; - l) - logfile="${OPTARG}" - if [ -z "${logfile}" ]; then - usage - _exit 1 - fi - ;; - n) - dry_run="-n" - ;; - p) - progress_socket="${OPTARG}" - if [ -z "${progress_socket}" ]; then - usage - _exit 1 - fi - ;; - r) - if [ -n "${action}" ]; then - usage - _exit 1 - fi - action="delete" - action_pkg="${OPTARG}" - ;; - R) - dont_reboot=1 - ;; - u) - if [ -n "${action}" ]; then - usage - _exit 1 - fi - action="update" - ;; - y) - yes=1 - ;; - *) - usage - _exit 1 - ;; - esac -done - -if [ -n "${force_ipv4}" ]; then - export IP_VERSION="4" -elif [ -n "${force_ipv6}" ]; then - export IP_VERSION="6" -fi - -# Set default action when no parameter is set -: ${action:="upgrade"} - -if pgrep -qF ${pid_file} >/dev/null 2>&1; then - echo "Another instance is already running... Aborting!" - exit 1 -fi - -if [ -z "${booting}" -o "${boot_stage}" != "2" ]; then - /usr/local/bin/php /etc/rc.conf_mount_rw -fi - -if [ -n "${booting}" ]; then - export REPO_AUTOUPDATE=false -fi - -echo $$ > ${pid_file} - -trap _exit 1 2 15 EXIT - -if [ "${action}" != "upgrade" -a -f "${logfile}" ]; then - rm -f ${logfile} -fi - -progress_file=${logfile%.*}.json - -if [ -e "${progress_file}" ]; then - rm -f ${progress_file} -fi - -case "${action}" in - check) - check_upgrade - ;; - upgrade) - pkg_upgrade - ;; - update) - pkg_update force - ;; - install) - if [ ${action_pkg} == "ALL_PACKAGES" ] && [ -n ${force} ]; then - pkg_reinstall_all - else - pkg_install ${action_pkg} ${force} - fi - ;; - delete) - if [ ${action_pkg} == "ALL_PACKAGES" ] && [ -n ${force} ]; then - pkg_delete_all - else - pkg_delete ${action_pkg} - fi - ;; - *) - _echo "ERROR: Invalid action!" - _exit 1 -esac - -_exit 0 diff --git a/src/usr/local/www/diag_arp.php b/src/usr/local/www/diag_arp.php index 4d13b0d..d99bca0 100644 --- a/src/usr/local/www/diag_arp.php +++ b/src/usr/local/www/diag_arp.php @@ -238,15 +238,14 @@ foreach ($ifdescrs as $key => $interface) { $data = array(); foreach ($rawdata as $line) { - $elements = explode(' ', $line); - - if ($elements[3] != "(incomplete)") { - $arpent = array(); - $arpent['ip'] = trim(str_replace(array('(', ')'), '', $elements[1])); - $arpent['mac'] = trim($elements[3]); - $arpent['interface'] = trim($elements[5]); - $data[] = $arpent; - } + $elements = explode(' ', $line, 7); + $arpent = array(); + $arpent['ip'] = trim(str_replace(array('(', ')'), '', $elements[1])); + $arpent['mac'] = trim($elements[3]); + $arpent['interface'] = trim($elements[5]); + $arpent['status'] = trim(substr($elements[6], 0, strrpos($elements[6], ' '))); + $arpent['linktype'] = trim(str_replace(array('[', ']'), '', strrchr($elements[6], ' '))); + $data[] = $arpent; } function _getHostName($mac, $ip) { @@ -334,6 +333,8 @@ $mac_man = load_mac_manufacturer_table(); <th><?= gettext("IP address")?></th> <th><?= gettext("MAC address")?></th> <th><?= gettext("Hostname")?></th> + <th><?= gettext("Status")?></th> + <th><?= gettext("Link Type")?></th> <th data-sortable="false"><?=gettext("Actions")?></th> </tr> </thead> @@ -356,6 +357,8 @@ $mac_man = load_mac_manufacturer_table(); ?> </td> <td><?=trim(str_replace("Z_ ", "", $entry['dnsresolve']))?></td> + <td><?=ucfirst($entry['status'])?></td> + <td><?=$entry['linktype']?></td> <td> <a class="fa fa-trash" title="<?=gettext('Delete arp cache entry')?>" href="diag_arp.php?deleteentry=<?=$entry['ip']?>"></a> </td> @@ -379,7 +382,10 @@ events.push(function() { <div class="infoblock blockopen"> <?php -print_info_box(gettext("Local IPv6 peers use ") . '<a href="diag_ndp.php">' . gettext("NDP") . '</a>' . gettext(" instead of ARP."), 'info', false); +print_info_box(gettext("Local IPv6 peers use ") . '<a href="diag_ndp.php">' . gettext("NDP") . '</a>' . gettext(" instead of ARP.") . '<br />' . + '<br />' . gettext("Permanent ARP entries are shown for local interfaces or static ARP entries.") . + '<br />' . gettext("Normal dynamic ARP entries show a countdown timer until they will expire and then be re-checked.") . + '<br />' . gettext("Incomplete ARP entries indicate that the target host has not yet replied to an ARP request."), 'info', false); ?> </div> diff --git a/src/usr/local/www/diag_pftop.php b/src/usr/local/www/diag_pftop.php index c625209..95d5d1d 100644 --- a/src/usr/local/www/diag_pftop.php +++ b/src/usr/local/www/diag_pftop.php @@ -53,7 +53,7 @@ if ($_REQUEST['getactivity']) { $numstate = "100"; } - $text = `pftop -b {$sorttype} -v {$viewtype} {$numstate}`; + $text = `pftop -b {$sorttype} -w 135 -v {$viewtype} {$numstate}`; echo trim($text); exit; } diff --git a/src/usr/local/www/firewall_nat.php b/src/usr/local/www/firewall_nat.php index 71cd143..0a6dfcb 100644 --- a/src/usr/local/www/firewall_nat.php +++ b/src/usr/local/www/firewall_nat.php @@ -129,6 +129,7 @@ if (isset($_POST['del_x'])) { /* delete selected rules */ if (is_array($_POST['rule']) && count($_POST['rule'])) { $a_separators = &$config['nat']['separator']; + $num_deleted = 0; foreach ($_POST['rule'] as $rulei) { $target = $rule['target']; @@ -136,16 +137,17 @@ if (isset($_POST['del_x'])) { // Check for filter rule associations if (isset($a_nat[$rulei]['associated-rule-id'])) { delete_id($a_nat[$rulei]['associated-rule-id'], $config['filter']['rule']); - mark_subsystem_dirty('filter'); } unset($a_nat[$rulei]); // Update the separators - $ridx = $rulei; + // As rules are deleted, $ridx has to be decremented or separator position will break + $ridx = $rulei - $num_deleted; $mvnrows = -1; move_separators($a_separators, $ridx, $mvnrows); + $num_deleted++; } if (write_config()) { diff --git a/src/usr/local/www/firewall_nat_out_edit.php b/src/usr/local/www/firewall_nat_out_edit.php index 31c8be9..f357714 100644 --- a/src/usr/local/www/firewall_nat_out_edit.php +++ b/src/usr/local/www/firewall_nat_out_edit.php @@ -557,7 +557,7 @@ $section->addInput(new Form_IpAddress( 'targetip', 'Other subnet', $pconfig['targetip'] -))->addMask('targetip_subnet', $pconfig['targetip_subnet'])->addClass('othersubnet')->setHelp( +))->addMask('targetip_subnet', $pconfig['targetip_subnet'])->setHelp( 'Packets matching this rule will be mapped to the IP address given here.' . '<br />' . 'To apply this rule to a different IP address than the IP address of the interface chosen above, ' . 'select it here (' . @@ -591,7 +591,7 @@ $section->addInput(new Form_Input( 'Source Hash Key', 'text', $pconfig['source_hash_key'] -))->setHelp('The key that is fed to the hashing algorithm in hex format, preceeded by "0x", or any string. A non-hex string is hashed using md5 to a hexadecimal key. Defaults to a randomly generated value.')->setWidth(10)->addClass('othersubnet'); +))->setHelp('The key that is fed to the hashing algorithm in hex format, preceeded by "0x", or any string. A non-hex string is hashed using md5 to a hexadecimal key. Defaults to a randomly generated value.')->setWidth(10); $group = new Form_Group('Port'); $group->addClass('natportgrp'); @@ -736,13 +736,15 @@ events.push(function() { function poolopts_change() { if ($('#target option:selected').text().trim().substring(0,4) == "Host") { hideInput('poolopts', false); - hideGroupClass('othersubnet', true); + hideInput('source_hash_key', true); + hideIpAddress('targetip', true); } else if ($('#target option:selected').text().trim().substring(0,6) == "Subnet") { hideInput('poolopts', false); - hideGroupClass('othersubnet', true); + hideInput('source_hash_key', true); + hideIpAddress('targetip', true); } else if ($('#target option:selected').text().trim().substring(0,5) == "Other") { hideInput('poolopts', false); - hideGroupClass('othersubnet', false); + hideIpAddress('targetip', false); if ($('#poolopts option:selected').text().trim().substring(0,6) == "Source") { hideInput('source_hash_key', false); }else { @@ -751,8 +753,8 @@ events.push(function() { } else { $('#poolopts').prop('selectedIndex',0); hideInput('poolopts', true); - hideGroupClass('othersubnet', true); hideInput('source_hash_key', true); + hideIpAddress('targetip', true); $('#targetip').val(''); $('#targetip_subnet').val('0'); } diff --git a/src/usr/local/www/firewall_rules.php b/src/usr/local/www/firewall_rules.php index f5d4d5d..28a7ab6 100644 --- a/src/usr/local/www/firewall_rules.php +++ b/src/usr/local/www/firewall_rules.php @@ -163,14 +163,10 @@ if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"] } if (!$if || !isset($iflist[$if])) { - if ("any" == $if) { + if ($if != "any" && $if != "FloatingRules" && isset($iflist['wan'])) { + $if = "wan"; + } else { $if = "FloatingRules"; - } else if ("FloatingRules" != $if) { - if (isset($iflist['wan'])) { - $if = "wan"; - } else { - $if = "FloatingRules"; - } } } @@ -221,6 +217,7 @@ if (isset($_POST['del_x'])) { if (is_array($_POST['rule']) && count($_POST['rule'])) { $a_separators = &$config['filter']['separator'][strtolower($if)]; + $num_deleted = 0; foreach ($_POST['rule'] as $rulei) { delete_nat_association($a_filter[$rulei]['associated-rule-id']); @@ -228,9 +225,11 @@ if (isset($_POST['del_x'])) { $deleted = true; // Update the separators - $ridx = ifridx($if, $rulei); // get rule index within interface + // As rules are deleted, $ridx has to be decremented or separator position will break + $ridx = ifridx($if, $rulei) - $num_deleted; // get rule index within interface $mvnrows = -1; move_separators($a_separators, $ridx, $mvnrows); + $num_deleted++; } if ($deleted) { diff --git a/src/usr/local/www/guiconfig.inc b/src/usr/local/www/guiconfig.inc index 1da88ce..38a6c17 100644 --- a/src/usr/local/www/guiconfig.inc +++ b/src/usr/local/www/guiconfig.inc @@ -27,6 +27,7 @@ /* THIS MUST BE ABOVE ALL OTHER CODE */ if (!$nocsrf) { function csrf_startup() { + global $config; csrf_conf('rewrite-js', '/csrf/csrf-magic.js'); $timeout_minutes = isset($config['system']['webgui']['session_timeout']) ? $config['system']['webgui']['session_timeout'] : 240; csrf_conf('expires', $timeout_minutes * 60); diff --git a/src/usr/local/www/js/pfSenseHelpers.js b/src/usr/local/www/js/pfSenseHelpers.js index 22f0e5f..1744a5b 100644 --- a/src/usr/local/www/js/pfSenseHelpers.js +++ b/src/usr/local/www/js/pfSenseHelpers.js @@ -58,14 +58,6 @@ function hideClass(s_class, hide) { $('.' + s_class).show(); } -// Hides all elements of the specified class assigned to a group. This will usually be a group -function hideGroupClass(s_class, hide) { - if (hide) - $('.' + s_class).parent().parent().parent().hide(); - else - $('.' + s_class).parent().parent().parent().show(); -} - function hideSelect(id, hide) { if (hide) $('#' + id).parent('div').parent('div').addClass('hidden'); @@ -80,7 +72,7 @@ function hideMultiCheckbox(id, hide) { $("[name=" + id + "]").parent().removeClass('hidden'); } -// Hides the <div> in which the specified IP address element lives so that the input, its label and help text are hidden +// Hides the <div> in which the specified IP address element lives so that the input, any mask selector, its label and help text are hidden function hideIpAddress(id, hide) { if (hide) $('#' + id).parent().parent().parent('div').addClass('hidden'); diff --git a/src/usr/local/www/services_captiveportal_filemanager.php b/src/usr/local/www/services_captiveportal_filemanager.php index 82acfdb..1f4e93e 100644 --- a/src/usr/local/www/services_captiveportal_filemanager.php +++ b/src/usr/local/www/services_captiveportal_filemanager.php @@ -52,7 +52,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); if (empty($cpzone)) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_hostname.php b/src/usr/local/www/services_captiveportal_hostname.php index a4e46b0..6c2af91 100644 --- a/src/usr/local/www/services_captiveportal_hostname.php +++ b/src/usr/local/www/services_captiveportal_hostname.php @@ -43,7 +43,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_hostname_edit.php b/src/usr/local/www/services_captiveportal_hostname_edit.php index 6d8102d..cabc214 100644 --- a/src/usr/local/www/services_captiveportal_hostname_edit.php +++ b/src/usr/local/www/services_captiveportal_hostname_edit.php @@ -47,7 +47,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); $cpzoneid = $config['captiveportal'][$cpzone]['zoneid']; diff --git a/src/usr/local/www/services_captiveportal_ip.php b/src/usr/local/www/services_captiveportal_ip.php index b09cc94..9487ba5 100644 --- a/src/usr/local/www/services_captiveportal_ip.php +++ b/src/usr/local/www/services_captiveportal_ip.php @@ -43,7 +43,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_ip_edit.php b/src/usr/local/www/services_captiveportal_ip_edit.php index c014e86..daed6da 100644 --- a/src/usr/local/www/services_captiveportal_ip_edit.php +++ b/src/usr/local/www/services_captiveportal_ip_edit.php @@ -51,7 +51,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_mac.php b/src/usr/local/www/services_captiveportal_mac.php index 0c7b058..193cffb 100644 --- a/src/usr/local/www/services_captiveportal_mac.php +++ b/src/usr/local/www/services_captiveportal_mac.php @@ -44,7 +44,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_mac_edit.php b/src/usr/local/www/services_captiveportal_mac_edit.php index 0fba378..270daf3 100644 --- a/src/usr/local/www/services_captiveportal_mac_edit.php +++ b/src/usr/local/www/services_captiveportal_mac_edit.php @@ -54,7 +54,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_vouchers.php b/src/usr/local/www/services_captiveportal_vouchers.php index 5bb2b3d..4ce7982 100644 --- a/src/usr/local/www/services_captiveportal_vouchers.php +++ b/src/usr/local/www/services_captiveportal_vouchers.php @@ -43,7 +43,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); if ($_REQUEST['generatekey']) { exec("/usr/bin/openssl genrsa 64 > /tmp/key64.private"); diff --git a/src/usr/local/www/services_captiveportal_vouchers_edit.php b/src/usr/local/www/services_captiveportal_vouchers_edit.php index c7eebc8..3912e74 100644 --- a/src/usr/local/www/services_captiveportal_vouchers_edit.php +++ b/src/usr/local/www/services_captiveportal_vouchers_edit.php @@ -38,7 +38,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_zones.php b/src/usr/local/www/services_captiveportal_zones.php index 8014ca8..2a9fc67 100644 --- a/src/usr/local/www/services_captiveportal_zones.php +++ b/src/usr/local/www/services_captiveportal_zones.php @@ -41,7 +41,7 @@ if (!is_array($config['captiveportal'])) { $a_cp = &$config['captiveportal']; if ($_GET['act'] == "del" && !empty($_GET['zone'])) { - $cpzone = htmlspecialchars($_GET['zone']); + $cpzone = strtolower(htmlspecialchars($_GET['zone'])); if ($a_cp[$cpzone]) { $cpzoneid = $a_cp[$cpzone]['zoneid']; unset($a_cp[$cpzone]['enable']); diff --git a/src/usr/local/www/services_captiveportal_zones_edit.php b/src/usr/local/www/services_captiveportal_zones_edit.php index 4ad1013..6e9ae88 100644 --- a/src/usr/local/www/services_captiveportal_zones_edit.php +++ b/src/usr/local/www/services_captiveportal_zones_edit.php @@ -62,7 +62,7 @@ if ($_POST) { } if (!$input_errors) { - $cpzone = strtolower($_POST['zone']); + $cpzone = strtolower(htmlspecialchars($_POST['zone'])); $a_cp[$cpzone] = array(); $a_cp[$cpzone]['zone'] = str_replace(" ", "", $_POST['zone']); $a_cp[$cpzone]['descr'] = $_POST['descr']; diff --git a/src/usr/local/www/services_dhcp.php b/src/usr/local/www/services_dhcp.php index 5c90fe3..58dec83 100644 --- a/src/usr/local/www/services_dhcp.php +++ b/src/usr/local/www/services_dhcp.php @@ -632,6 +632,10 @@ if ($act == "delpool") { if ($act == "del") { if ($a_maps[$_GET['id']]) { + /* Remove static ARP entry, if necessary */ + if (isset($a_maps[$_GET['id']]['arp_table_static_entry'])) { + mwexec("/usr/sbin/arp -d " . escapeshellarg($a_maps[$_GET['id']]['ipaddr'])); + } unset($a_maps[$_GET['id']]); write_config(); if (isset($config['dhcpd'][$if]['enable'])) { diff --git a/src/usr/local/www/services_dhcp_edit.php b/src/usr/local/www/services_dhcp_edit.php index f599610..097a660 100644 --- a/src/usr/local/www/services_dhcp_edit.php +++ b/src/usr/local/www/services_dhcp_edit.php @@ -362,6 +362,13 @@ if ($_POST) { } } + /* Configure static ARP entry, or remove ARP entry if this host is dynamic. See https://redmine.pfsense.org/issues/6821 */ + if ($mapent['arp_table_static_entry']) { + mwexec("/usr/sbin/arp -S " . escapeshellarg($mapent['ipaddr']) . " " . escapeshellarg($mapent['mac'])); + } else { + mwexec("/usr/sbin/arp -d " . escapeshellarg($mapent['ipaddr'])); + } + header("Location: services_dhcp.php?if={$if}"); exit; } diff --git a/src/usr/local/www/status.php b/src/usr/local/www/status.php index 5dc890c..da2c762 100644 --- a/src/usr/local/www/status.php +++ b/src/usr/local/www/status.php @@ -165,7 +165,7 @@ defCmdT("System Uptime", "/usr/bin/uptime"); defCmdT("Interfaces", "/sbin/ifconfig -a"); defCmdT("Interface Statistics", "/usr/bin/netstat -nWi"); defCmdT("Top Process Info", "/usr/bin/top | /usr/bin/head -n5"); -defCmdT("Processes", "/bin/ps xauww"); +defCmdT("Processes", "/bin/ps xauwwd"); defCmdT("Mounted Filesystems", "/sbin/mount"); defCmdT("Free Disk Space", "/bin/df -hi"); defCmdT("Routing tables", "/usr/bin/netstat -nWr"); @@ -185,7 +185,7 @@ defCmdT("pf Info", "/sbin/pfctl -si"); defCmdT("pf Show All", "/sbin/pfctl -sa"); defCmdT("pf Queues", "/sbin/pfctl -s queue -v"); defCmdT("pf OSFP", "/sbin/pfctl -s osfp"); -defCmdT("pfsync Stats", "/usr/bin/netstat -s -ppfsync"); +defCmdT("Network Protocol Statistics", "/usr/bin/netstat -s"); defCmdT("pftop Default", "/usr/local/sbin/pftop -a -b"); defCmdT("pftop Long", "/usr/local/sbin/pftop -w 150 -a -b -v long"); defCmdT("pftop Queue", "/usr/local/sbin/pftop -w 150 -a -b -v queue"); diff --git a/src/usr/local/www/system_authservers.php b/src/usr/local/www/system_authservers.php index 782ad69..6be6589 100644 --- a/src/usr/local/www/system_authservers.php +++ b/src/usr/local/www/system_authservers.php @@ -733,7 +733,7 @@ $section->addInput(new Form_Input( $section->addInput(new Form_Input( 'radius_secret', 'Shared Secret', - 'text', + 'password', $pconfig['radius_secret'] )); diff --git a/src/usr/local/www/system_crlmanager.php b/src/usr/local/www/system_crlmanager.php index b21b7b7..58ea4cd 100644 --- a/src/usr/local/www/system_crlmanager.php +++ b/src/usr/local/www/system_crlmanager.php @@ -505,7 +505,7 @@ if ($act == "new" || $act == gettext("Save") || $input_errors) { $ca_certs = array(); foreach ($a_cert as $cert) { - if ($cert['caref'] == $crl['caref']) { + if ($cert['caref'] == $crl['caref'] && !is_cert_revoked($cert, $id)) { $ca_certs[] = $cert; } } diff --git a/src/usr/local/www/system_gateways.php b/src/usr/local/www/system_gateways.php index 3c74ff7..1da123d 100644 --- a/src/usr/local/www/system_gateways.php +++ b/src/usr/local/www/system_gateways.php @@ -235,7 +235,7 @@ display_top_tabs($tab_array); <div class="panel-heading"><h2 class="panel-title"><?=gettext('Gateways')?></h2></div> <div class="panel-body"> <div class="table-responsive"> - <table class="table table-striped tabel-hover table-condensed table-rowdblclickedit"> + <table class="table table-striped table-hover table-condensed table-rowdblclickedit"> <thead> <tr> <th></th> diff --git a/src/usr/local/www/system_usermanager_settings.php b/src/usr/local/www/system_usermanager_settings.php index 5101526..5a4e322 100644 --- a/src/usr/local/www/system_usermanager_settings.php +++ b/src/usr/local/www/system_usermanager_settings.php @@ -188,8 +188,8 @@ $section->addInput(new Form_Input( 'risk!'); $auth_servers = array(); -foreach (auth_get_authserver_list() as $auth_server) { - $auth_servers[ $auth_server['name'] ] = $auth_server['name']; +foreach (auth_get_authserver_list() as $idx_authserver => $auth_server) { + $auth_servers[ $idx_authserver ] = $auth_server['name']; } $section->addInput(new Form_Select( diff --git a/src/usr/local/www/vpn_ipsec_phase2.php b/src/usr/local/www/vpn_ipsec_phase2.php index 02f73db..43a1a6f 100644 --- a/src/usr/local/www/vpn_ipsec_phase2.php +++ b/src/usr/local/www/vpn_ipsec_phase2.php @@ -97,6 +97,7 @@ if ($ph2found === true) { if (isset($ph2['mobile'])) { $pconfig['mobile'] = true; + $pconfig['remoteid_type'] = "mobile"; } } else { $pconfig['ikeid'] = $_GET['ikeid']; @@ -114,6 +115,7 @@ if ($ph2found === true) { /* mobile client */ if ($_GET['mobile']) { $pconfig['mobile']=true; + $pconfig['remoteid_type'] = "mobile"; } } diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 0e9fe4a..81861b1 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -1183,6 +1183,7 @@ else: <tr> <th><?=gettext("Protocol / Port")?></th> <th><?=gettext("Tunnel Network")?></th> + <th><?=gettext("Crypto")?></th> <th><?=gettext("Description")?></th> <th><?=gettext("Actions")?></th> </tr> @@ -1202,7 +1203,10 @@ else: <?=htmlspecialchars($server['tunnel_networkv6'])?> </td> <td> - <?=htmlspecialchars($server['description'])?> + <?=sprintf("Crypto: %s/%s<br/>D-H Params: %d bits", $server['crypto'], $server['digest'], $server['dh_length'])?><br /> + </td> + <td> + <?=htmlspecialchars(sprintf('%s (%s)', $server['description'], $server['dev_mode']))?> </td> <td> <a class="fa fa-pencil" title="<?=gettext('Edit server')?>" href="vpn_openvpn_server.php?act=edit&id=<?=$i?>"></a> diff --git a/src/usr/local/www/widgets/widgets/system_information.widget.php b/src/usr/local/www/widgets/widgets/system_information.widget.php index 6520d09..3310288 100644 --- a/src/usr/local/www/widgets/widgets/system_information.widget.php +++ b/src/usr/local/www/widgets/widgets/system_information.widget.php @@ -27,6 +27,7 @@ require_once("functions.inc"); require_once("guiconfig.inc"); require_once('notices.inc'); +require_once('system.inc'); include_once("includes/functions.inc.php"); if ($_REQUEST['getupdatestatus']) { @@ -93,6 +94,21 @@ $filesystems = get_mounted_filesystems(); <td><?php echo htmlspecialchars($config['system']['hostname'] . "." . $config['system']['domain']); ?></td> </tr> <tr> + <th><?=gettext("System");?></th> + <td> + <?php + $platform = system_identify_specific_platform(); + if (isset($platform['descr'])) { + echo $platform['descr']; + } else { + echo gettext('Unknown system'); + } + ?> + <br /> + <?=gettext("Serial: ");?><strong><?=system_get_serial();?></strong> + </td> + </tr> + <tr> <th><?=gettext("Version");?></th> <td> <strong><?=$g['product_version_string']?></strong> diff --git a/src/usr/local/www/wizards/openvpn_wizard.xml b/src/usr/local/www/wizards/openvpn_wizard.xml index 9e9f021..3d898d7 100644 --- a/src/usr/local/www/wizards/openvpn_wizard.xml +++ b/src/usr/local/www/wizards/openvpn_wizard.xml @@ -510,27 +510,47 @@ <field> <name>keylength</name> <displayname>Key length</displayname> - <description><br/>Size of the key which will be generated. The larger the key, the more security it offers, but larger keys are generally slower to use.</description> + <description><br/>Size of the key which will be generated. The larger the key, the more security it offers, but larger keys take considerably more time to generate, and take slightly longer to validate leading to a slight slowdown in setting up new sessions (not always noticeable). As of 2016, 2048 bit is the minimum and most common selection and 4096 is the maximum in common use. For more information see <a href="https://keylength.com">keylength.com</a></description> <type>select</type> <value>2048</value> <bindstofield>ovpnserver->step9->keylength</bindstofield> <options> <option> - <name>512 bits</name> + <name>512 bit</name> <value>512</value> </option> <option> - <name>1024 bits</name> + <name>1024 bit</name> <value>1024</value> </option> <option> - <name>2048 bits</name> + <name>2048 bit</name> <value>2048</value> </option> <option> - <name>4096 bits</name> + <name>3072 bit</name> + <value>3072</value> + </option> + <option> + <name>4096 bit</name> <value>4096</value> </option> + <option> + <name>7680 bit</name> + <value>7680</value> + </option> + <option> + <name>8192 bit</name> + <value>8192</value> + </option> + <option> + <name>15360 bit</name> + <value>15360</value> + </option> + <option> + <name>16384 bit</name> + <value>16384</value> + </option> </options> </field> <field> @@ -685,11 +705,31 @@ <value>2048</value> </option> <option> + <name>3072 bit</name> + <value>3072</value> + </option> + <option> <name>4096 bit</name> <value>4096</value> </option> + <option> + <name>7680 bit</name> + <value>7680</value> + </option> + <option> + <name>8192 bit</name> + <value>8192</value> + </option> + <option> + <name>15360 bit</name> + <value>15360</value> + </option> + <option> + <name>16384 bit</name> + <value>16384</value> + </option> </options> - <description><br/>Length of Diffie-Hellman (DH) key exchange parameters, used for establishing a secure communications channel. As with other such settings, the larger values are more secure, but may be slower in operation.</description> + <description><br/>Length of Diffie-Hellman (DH) key exchange parameters, used for establishing a secure communications channel. The DH parameters are different from key sizes, but as with other such settings, the larger the key, the more security it offers, but larger keys take considerably more time to generate. As of 2016, 2048 bit is a common and typical selection.</description> </field> <field> <name>crypto</name> diff --git a/src/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc b/src/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc index b9d398c..7ac38ec 100644 --- a/src/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc +++ b/src/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc @@ -132,6 +132,10 @@ function step2_stepbeforeformdisplay() { $field['typehint'] = "Queueing discipline to apply on the download of this connection."; $field['options']['option'] = array(); $opts = array(); + $opts['name'] = "PRIQ"; + $opts['value'] = "PRIQ"; + $field['options']['option'][] = $opts; + $opts = array(); $opts['name'] = "HFSC"; $opts['value'] = "HFSC"; $field['options']['option'][] = $opts; @@ -139,10 +143,6 @@ function step2_stepbeforeformdisplay() { $opts['name'] = "CBQ"; $opts['value'] = "CBQ"; $field['options']['option'][] = $opts; - $opts = array(); - $opts['name'] = "PRIQ"; - $opts['value'] = "PRIQ"; - $field['options']['option'][] = $opts; $field['bindstofield'] = "ezshaper->step2->local{$i}downloadscheduler"; $fields[] = $field; @@ -178,6 +178,10 @@ function step2_stepbeforeformdisplay() { $field['typehint'] = "Queueing discipline to apply on the upload of this connection."; $field['options']['option'] = array(); $opts = array(); + $opts['name'] = "PRIQ"; + $opts['value'] = "PRIQ"; + $field['options']['option'][] = $opts; + $opts = array(); $opts['name'] = "HFSC"; $opts['value'] = "HFSC"; $field['options']['option'][] = $opts; @@ -185,10 +189,6 @@ function step2_stepbeforeformdisplay() { $opts['name'] = "CBQ"; $opts['value'] = "CBQ"; $field['options']['option'][] = $opts; - $opts = array(); - $opts['name'] = "PRIQ"; - $opts['value'] = "PRIQ"; - $field['options']['option'][] = $opts; $field['bindstofield'] = "ezshaper->step2->conn{$i}uploadscheduler"; $fields[] = $field; diff --git a/src/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc b/src/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc index 1b8be4e..5cfba52 100644 --- a/src/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc +++ b/src/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc @@ -155,6 +155,10 @@ function step2_stepbeforeformdisplay() { $field['typehint'] = "Queueing discipline to apply on this local interface."; $field['options']['option'] = array(); $opts = array(); + $opts['name'] = "PRIQ"; + $opts['value'] = "PRIQ"; + $field['options']['option'][] = $opts; + $opts = array(); $opts['name'] = "HFSC"; $opts['value'] = "HFSC"; $field['options']['option'][] = $opts; @@ -162,10 +166,6 @@ function step2_stepbeforeformdisplay() { $opts['name'] = "CBQ"; $opts['value'] = "CBQ"; $field['options']['option'][] = $opts; - $opts = array(); - $opts['name'] = "PRIQ"; - $opts['value'] = "PRIQ"; - $field['options']['option'][] = $opts; $field['bindstofield'] = "ezshaper->step2->local{$i}downloadscheduler"; $fields[] = $field; } @@ -209,6 +209,10 @@ function step2_stepbeforeformdisplay() { $field['typehint'] = "Queueing discipline to apply on the upload of this connection."; $field['options']['option'] = array(); $opts = array(); + $opts['name'] = "PRIQ"; + $opts['value'] = "PRIQ"; + $field['options']['option'][] = $opts; + $opts = array(); $opts['name'] = "HFSC"; $opts['value'] = "HFSC"; $field['options']['option'][] = $opts; @@ -216,10 +220,6 @@ function step2_stepbeforeformdisplay() { $opts['name'] = "CBQ"; $opts['value'] = "CBQ"; $field['options']['option'][] = $opts; - $opts = array(); - $opts['name'] = "PRIQ"; - $opts['value'] = "PRIQ"; - $field['options']['option'][] = $opts; $field['bindstofield'] = "ezshaper->step2->conn{$i}uploadscheduler"; $fields[] = $field; diff --git a/tools/build_snapshots.sh b/tools/build_snapshots.sh index 9600985..2f546bc 100755 --- a/tools/build_snapshots.sh +++ b/tools/build_snapshots.sh @@ -181,7 +181,7 @@ while [ /bin/true ]; do snapshot_update_status "${LINE}" done - (${BUILDER_ROOT}/build.sh ${NO_UPLOAD} --flash-size '2g 4g' \ + (${BUILDER_ROOT}/build.sh ${NO_UPLOAD} \ --snapshots ${NO_IMAGES} "memstick memstickadi memstickserial iso" 2>&1) \ | while read -r LINE; do snapshot_update_status "${LINE}" diff --git a/tools/builder_common.sh b/tools/builder_common.sh index 0c23090..18b0773 100644 --- a/tools/builder_common.sh +++ b/tools/builder_common.sh @@ -6,11 +6,6 @@ # Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate) # All rights reserved. # -# NanoBSD portions of the code -# Copyright (c) 2005 Poul-Henning Kamp. -# and copied from nanobsd.sh -# All rights reserved. -# # FreeSBIE portions of the code # Copyright (c) 2005 Dario Freni # and copied from FreeSBIE project @@ -266,341 +261,6 @@ make_world() { unset makeargs } -nanobsd_image_filename() { - local _size="$1" - local _type="$2" - - echo "$NANOBSD_IMG_TEMPLATE" | sed \ - -e "s,%%SIZE%%,${_size},g" \ - -e "s,%%TYPE%%,${_type},g" - - return 0 -} - -# This routine originated in nanobsd.sh -nanobsd_set_flash_details () { - a1=$(echo $1 | tr '[:upper:]' '[:lower:]') - - # Source: - # SanDisk CompactFlash Memory Card - # Product Manual - # Version 10.9 - # Document No. 20-10-00038 - # April 2005 - # Table 2-7 - # NB: notice math error in SDCFJ-4096-388 line. - # - case "${a1}" in - 2048|2048m|2048mb|2g) - NANO_MEDIASIZE=$((1989999616/512)) - ;; - 4096|4096m|4096mb|4g) - NANO_MEDIASIZE=$((3989999616/512)) - ;; - 8192|8192m|8192mb|8g) - NANO_MEDIASIZE=$((7989999616/512)) - ;; - 16384|16384m|16384mb|16g) - NANO_MEDIASIZE=$((15989999616/512)) - ;; - *) - echo "Unknown Flash capacity" - exit 2 - ;; - esac - - NANO_HEADS=16 - NANO_SECTS=63 - - echo ">>> [nanoo] $1" - echo ">>> [nanoo] NANO_MEDIASIZE: $NANO_MEDIASIZE" - echo ">>> [nanoo] NANO_HEADS: $NANO_HEADS" - echo ">>> [nanoo] NANO_SECTS: $NANO_SECTS" - echo ">>> [nanoo] NANO_BOOT0CFG: $NANO_BOOT0CFG" -} - -# This routine originated in nanobsd.sh -create_nanobsd_diskimage () { - if [ -z "${1}" ]; then - echo ">>> ERROR: Type of image has not been specified" - print_error_pfS - fi - if [ -z "${2}" ]; then - echo ">>> ERROR: Size of image has not been specified" - print_error_pfS - fi - - if [ "${1}" = "nanobsd" ]; then - # It's serial - export NANO_BOOTLOADER="boot/boot0sio" - elif [ "${1}" = "nanobsd-vga" ]; then - # It's vga - export NANO_BOOTLOADER="boot/boot0" - else - echo ">>> ERROR: Type of image to create unknown" - print_error_pfS - fi - - if [ -z "${2}" ]; then - echo ">>> ERROR: Media size(s) not specified." - print_error_pfS - fi - - if [ -z "${2}" ]; then - echo ">>> ERROR: FLASH_SIZE is not set." - print_error_pfS - fi - - LOGFILE=${BUILDER_LOGS}/${1}.${TARGET} - # Prepare folder to be put in image - customize_stagearea_for_image "${1}" - install_default_kernel ${DEFAULT_KERNEL} "no" - - echo ">>> Fixing up NanoBSD Specific items..." | tee -a ${LOGFILE} - - local BOOTCONF=${FINAL_CHROOT_DIR}/boot.config - local LOADERCONF=${FINAL_CHROOT_DIR}/boot/loader.conf - - if [ "${1}" = "nanobsd" ]; then - # Tell loader to use serial console early. - echo "-S115200 -h" >> ${BOOTCONF} - - # Remove old console options if present. - [ -f "${LOADERCONF}" ] \ - && sed -i "" -Ee "/(console|boot_multicons|boot_serial|hint.uart)/d" ${LOADERCONF} - # Activate serial console+video console in loader.conf - echo 'loader_color="NO"' >> ${LOADERCONF} - echo 'beastie_disable="YES"' >> ${LOADERCONF} - echo 'boot_serial="YES"' >> ${LOADERCONF} - echo 'console="comconsole"' >> ${LOADERCONF} - echo 'comconsole_speed="115200"' >> ${LOADERCONF} - fi - echo 'autoboot_delay="5"' >> ${LOADERCONF} - - # Old systems will run (pre|post)_upgrade_command from /tmp - if [ -f ${FINAL_CHROOT_DIR}${PRODUCT_SHARE_DIR}/pre_upgrade_command ]; then - cp -p \ - ${FINAL_CHROOT_DIR}${PRODUCT_SHARE_DIR}/pre_upgrade_command \ - ${FINAL_CHROOT_DIR}/tmp - fi - if [ -f ${FINAL_CHROOT_DIR}${PRODUCT_SHARE_DIR}/post_upgrade_command ]; then - cp -p \ - ${FINAL_CHROOT_DIR}${PRODUCT_SHARE_DIR}/post_upgrade_command \ - ${FINAL_CHROOT_DIR}/tmp - fi - - mkdir -p ${IMAGES_FINAL_DIR}/nanobsd - - for _NANO_MEDIASIZE in ${2}; do - if [ -z "${_NANO_MEDIASIZE}" ]; then - continue; - fi - - echo ">>> building NanoBSD(${1}) disk image with size ${_NANO_MEDIASIZE} for platform (${TARGET})..." | tee -a ${LOGFILE} - echo "" > $BUILDER_LOGS/nanobsd_cmds.sh - - IMG="${IMAGES_FINAL_DIR}/nanobsd/$(nanobsd_image_filename ${_NANO_MEDIASIZE} ${1})" - - nanobsd_set_flash_details ${_NANO_MEDIASIZE} - - # These are defined in FlashDevice and on builder_default.sh - echo $NANO_MEDIASIZE \ - $NANO_IMAGES \ - $NANO_SECTS \ - $NANO_HEADS \ - $NANO_CODESIZE \ - $NANO_CONFSIZE \ - $NANO_DATASIZE | -awk ' -{ - printf "# %s\n", $0 - - # size of cylinder in sectors - cs = $3 * $4 - - # number of full cylinders on media - cyl = int ($1 / cs) - - # output fdisk geometry spec, truncate cyls to 1023 - if (cyl <= 1023) - print "g c" cyl " h" $4 " s" $3 - else - print "g c" 1023 " h" $4 " s" $3 - - if ($7 > 0) { - # size of data partition in full cylinders - dsl = int (($7 + cs - 1) / cs) - } else { - dsl = 0; - } - - # size of config partition in full cylinders - csl = int (($6 + cs - 1) / cs) - - if ($5 == 0) { - # size of image partition(s) in full cylinders - isl = int ((cyl - dsl - csl) / $2) - } else { - isl = int (($5 + cs - 1) / cs) - } - - # First image partition start at second track - print "p 1 165 " $3, isl * cs - $3 - c = isl * cs; - - # Second image partition (if any) also starts offset one - # track to keep them identical. - if ($2 > 1) { - print "p 2 165 " $3 + c, isl * cs - $3 - c += isl * cs; - } - - # Config partition starts at cylinder boundary. - print "p 3 165 " c, csl * cs - c += csl * cs - - # Data partition (if any) starts at cylinder boundary. - if ($7 > 0) { - print "p 4 165 " c, dsl * cs - } else if ($7 < 0 && $1 > c) { - print "p 4 165 " c, $1 - c - } else if ($1 < c) { - print "Disk space overcommitted by", \ - c - $1, "sectors" > "/dev/stderr" - exit 2 - } - - # Force slice 1 to be marked active. This is necessary - # for booting the image from a USB device to work. - print "a 1" -} - ' > ${SCRATCHDIR}/_.fdisk - - MNT=${SCRATCHDIR}/_.mnt - mkdir -p ${MNT} - - dd if=/dev/zero of=${IMG} bs=${NANO_SECTS}b \ - count=0 seek=$((${NANO_MEDIASIZE}/${NANO_SECTS})) 2>&1 >> ${LOGFILE} - - MD=$(mdconfig -a -t vnode -f ${IMG} -x ${NANO_SECTS} -y ${NANO_HEADS}) - trap "mdconfig -d -u ${MD}; return" 1 2 15 EXIT - - fdisk -i -f ${SCRATCHDIR}/_.fdisk ${MD} 2>&1 >> ${LOGFILE} - fdisk ${MD} 2>&1 >> ${LOGFILE} - - boot0cfg -t 100 -B -b ${FINAL_CHROOT_DIR}/${NANO_BOOTLOADER} ${NANO_BOOT0CFG} ${MD} 2>&1 >> ${LOGFILE} - - # Create first image - bsdlabel -m i386 -w -B -b ${FINAL_CHROOT_DIR}/boot/boot ${MD}s1 2>&1 >> ${LOGFILE} - bsdlabel -m i386 ${MD}s1 2>&1 >> ${LOGFILE} - local _label=$(lc ${PRODUCT_NAME}) - newfs -L ${_label}0 ${NANO_NEWFS} /dev/${MD}s1a 2>&1 >> ${LOGFILE} - mount /dev/ufs/${_label}0 ${MNT} - if [ $? -ne 0 ]; then - echo ">>> ERROR: Something wrong happened during mount of first slice image creation. STOPPING!" | tee -a ${LOGFILE} - print_error_pfS - fi - # Consider the unmounting as well - trap "umount /dev/ufs/${_label}0; mdconfig -d -u ${MD}; return" 1 2 15 EXIT - - clone_directory_contents ${FINAL_CHROOT_DIR} ${MNT} - - # Set NanoBSD image size - echo "${_NANO_MEDIASIZE}" > ${MNT}/etc/nanosize.txt - - echo "/dev/ufs/${_label}0 / ufs ro,sync,noatime 1 1" > ${MNT}/etc/fstab - if [ $NANO_CONFSIZE -gt 0 ] ; then - echo "/dev/ufs/cf /cf ufs ro,sync,noatime 1 1" >> ${MNT}/etc/fstab - fi - - umount ${MNT} - # Restore the original trap - trap "mdconfig -d -u ${MD}; return" 1 2 15 EXIT - - # Setting NANO_IMAGES to 1 and NANO_INIT_IMG2 will tell - # NanoBSD to only create one partition. We default to 2 - # partitions in case anything happens to the first the - # operator can boot from the 2nd and should be OK. - - # Before just going to use dd for duplicate think! - # The images are created as sparse so lets take advantage - # of that by just exec some commands. - if [ $NANO_IMAGES -gt 1 -a $NANO_INIT_IMG2 -gt 0 ] ; then - # Duplicate to second image (if present) - echo ">>> Creating NanoBSD second slice by duplicating first slice." | tee -a ${LOGFILE} - # Create second image - dd if=/dev/${MD}s1 of=/dev/${MD}s2 conv=sparse bs=64k 2>&1 >> ${LOGFILE} - tunefs -L ${_label}1 /dev/${MD}s2a 2>&1 >> ${LOGFILE} - mount /dev/ufs/${_label}1 ${MNT} - if [ $? -ne 0 ]; then - echo ">>> ERROR: Something wrong happened during mount of second slice image creation. STOPPING!" | tee -a ${LOGFILE} - print_error_pfS - fi - # Consider the unmounting as well - trap "umount /dev/ufs/${_label}1; mdconfig -d -u ${MD}; return" 1 2 15 EXIT - - echo "/dev/ufs/${_label}1 / ufs ro,sync,noatime 1 1" > ${MNT}/etc/fstab - if [ $NANO_CONFSIZE -gt 0 ] ; then - echo "/dev/ufs/cf /cf ufs ro,sync,noatime 1 1" >> ${MNT}/etc/fstab - fi - - umount ${MNT} - # Restore the trap back - trap "mdconfig -d -u ${MD}; return" 1 2 15 EXIT - fi - - # Create Data slice, if any. - # Note the changing of the variable to NANO_CONFSIZE - # from NANO_DATASIZE. We also added glabel support - # and populate the Product configuration from the /cf - # directory located in FINAL_CHROOT_DIR - if [ $NANO_CONFSIZE -gt 0 ] ; then - echo ">>> Creating /cf area to hold config.xml" - newfs -L cf ${NANO_NEWFS} /dev/${MD}s3 2>&1 >> ${LOGFILE} - # Mount data partition and copy contents of /cf - # Can be used later to create custom default config.xml while building - mount /dev/ufs/cf ${MNT} - if [ $? -ne 0 ]; then - echo ">>> ERROR: Something wrong happened during mount of cf slice image creation. STOPPING!" | tee -a ${LOGFILE} - print_error_pfS - fi - # Consider the unmounting as well - trap "umount /dev/ufs/cf; mdconfig -d -u ${MD}; return" 1 2 15 EXIT - - clone_directory_contents ${FINAL_CHROOT_DIR}/cf ${MNT} - - umount ${MNT} - # Restore the trap back - trap "mdconfig -d -u ${MD}; return" 1 2 15 EXIT - else - ">>> [nanoo] NANO_CONFSIZE is not set. Not adding a /conf partition.. You sure about this??" | tee -a ${LOGFILE} - fi - - mdconfig -d -u $MD - # Restore default action - trap "-" 1 2 15 EXIT - - # Check each image and ensure that they are over - # 3 megabytes. If either image is under 20 megabytes - # in size then error out. - IMGSIZE=$(stat -f "%z" ${IMG}) - CHECKSIZE="20040710" - if [ "$IMGSIZE" -lt "$CHECKSIZE" ]; then - echo ">>> ERROR: Something went wrong when building NanoBSD. The image size is under 20 megabytes!" | tee -a ${LOGFILE} - print_error_pfS - fi - - # Wrap up the show, Johnny - echo ">>> NanoBSD Image completed for size: $_NANO_MEDIASIZE." | tee -a ${LOGFILE} - - gzip -qf $IMG & - _bg_pids="${_bg_pids}${_bg_pids:+ }$!" - done - - unset IMG - unset IMGSIZE -} - # This routine creates a ova image that contains # a ovf and vmdk file. These files can be imported # right into vmware or virtual box. @@ -673,14 +333,15 @@ create_ova_image() { echo ">>> ERROR: Error mounting temporary vmdk image. STOPPING!" | tee -a ${LOGFILE} print_error_pfS fi - trap "umount ${_mntdir}; mdconfig -d -u ${_md}; return" 1 2 15 EXIT + trap "sync; sleep 3; umount ${_mntdir} || umount -f ${_mntdir}; mdconfig -d -u ${_md}; return" 1 2 15 EXIT echo "Done!" | tee -a ${LOGFILE} clone_directory_contents ${FINAL_CHROOT_DIR} ${_mntdir} sync - umount ${_mntdir} 2>&1 >>${LOGFILE} + sleep 3 + umount ${_mntdir} || umount -f ${_mntdir} >>${LOGFILE} 2>&1 mdconfig -d -u ${_md} trap "-" 1 2 15 EXIT @@ -909,58 +570,8 @@ clone_to_staging_area() { -X ${_exclude_files} \ . - local _share_repos_path="${SCRATCHDIR}/repo-tmp/${PRODUCT_SHARE_DIR}/pkg/repos" - rm -rf ${SCRATCHDIR}/repo-tmp >/dev/null 2>&1 - mkdir -p ${_share_repos_path} >/dev/null 2>&1 - - local _freebsd_major_version=$( \ - sed -n '/^REVISION=/ {; s,\.[0-9]*"$,,; s,^.*",,; p; q; };' \ - ${FREEBSD_SRC_DIR}/sys/conf/newvers.sh \ - ) - local _default_abi="FreeBSD:${_freebsd_major_version}:${TARGET_ARCH}" - - local _default_altabi="freebsd:${_freebsd_major_version}" - if [ "${TARGET_ARCH}" = "armv6" ]; then - _default_altabi="${_default_altabi}:${TARGET_ARCH}:32:el:eabi:hardfp" - elif [ "${TARGET_ARCH}" = "i386" ]; then - _default_altabi="${_default_altabi}:x86:32" - else - _default_altabi="${_default_altabi}:x86:64" - fi - - # Add all repos - for _template in ${PKG_REPO_BASE}/${PRODUCT_NAME}-repo*.conf; do - _template_filename=$(basename ${_template}) - setup_pkg_repo \ - ${_template} \ - ${_share_repos_path}/${_template_filename} \ - ${TARGET} \ - ${TARGET_ARCH} - - cp -f ${_template%%.conf}.descr ${_share_repos_path} - - if [ -f ${_template%%.conf}.abi ]; then - sed -e "s,%%ARCH%%,${TARGET_ARCH},g" ${_template%%.conf}.abi \ - > ${_share_repos_path}/${_template_filename%%.conf}.abi - else - echo ${_default_abi} \ - > ${_share_repos_path}/${_template_filename%%.conf}.abi - fi - - if [ -f ${_template%%.conf}.altabi ]; then - sed -e "s,%%ARCH%%,${TARGET_ARCH},g" ${_template%%.conf}.altabi \ - > ${_share_repos_path}/${_template_filename%%.conf}.altabi - else - echo ${_default_altabi} \ - > ${_share_repos_path}/${_template_filename%%.conf}.altabi - fi - done - - core_pkg_create repo "" ${CORE_PKG_VERSION} ${SCRATCHDIR}/repo-tmp - core_pkg_create rc "" ${CORE_PKG_VERSION} ${STAGE_CHROOT_DIR} core_pkg_create base "" ${CORE_PKG_VERSION} ${STAGE_CHROOT_DIR} - core_pkg_create base-nanobsd "" ${CORE_PKG_VERSION} ${STAGE_CHROOT_DIR} core_pkg_create default-config "" ${CORE_PKG_VERSION} ${STAGE_CHROOT_DIR} local DEFAULTCONF=${STAGE_CHROOT_DIR}/conf.default/config.xml @@ -1028,8 +639,7 @@ customize_stagearea_for_image() { if [ -n "$2" ]; then _default_config="$2" - elif [ "${_image_type}" = "nanobsd" -o \ - "${_image_type}" = "memstickserial" -o \ + elif [ "${_image_type}" = "memstickserial" -o \ "${_image_type}" = "memstickadi" ]; then _default_config="default-config-serial" elif [ "${_image_type}" = "ova" ]; then @@ -1042,24 +652,7 @@ customize_stagearea_for_image() { create_final_staging_area pkg_chroot_add ${FINAL_CHROOT_DIR} rc - pkg_chroot_add ${FINAL_CHROOT_DIR} repo - - if [ "${_image_type}" = "nanobsd" -o \ - "${_image_type}" = "nanobsd-vga" ]; then - - mkdir -p ${FINAL_CHROOT_DIR}/root/var/db \ - ${FINAL_CHROOT_DIR}/root/var/cache \ - ${FINAL_CHROOT_DIR}/var/db/pkg \ - ${FINAL_CHROOT_DIR}/var/cache/pkg - mv -f ${FINAL_CHROOT_DIR}/var/db/pkg ${FINAL_CHROOT_DIR}/root/var/db - mv -f ${FINAL_CHROOT_DIR}/var/cache/pkg ${FINAL_CHROOT_DIR}/root/var/cache - ln -sf ../../root/var/db/pkg ${FINAL_CHROOT_DIR}/var/db/pkg - ln -sf ../../root/var/cache/pkg ${FINAL_CHROOT_DIR}/var/cache/pkg - - pkg_chroot_add ${FINAL_CHROOT_DIR} base-nanobsd - else - pkg_chroot_add ${FINAL_CHROOT_DIR} base - fi + pkg_chroot_add ${FINAL_CHROOT_DIR} base if [ "${_image_type}" = "iso" -o \ "${_image_type}" = "memstick" -o \ @@ -2033,18 +1626,34 @@ poudriere_bulk() { mkdir -p /usr/local/etc/poudriere.d if [ -f "${BUILDER_TOOLS}/conf/pfPorts/make.conf" ]; then - cp -f "${BUILDER_TOOLS}/conf/pfPorts/make.conf" /usr/local/etc/poudriere.d/${POUDRIERE_PORTS_NAME}-make.conf + cp -f "${BUILDER_TOOLS}/conf/pfPorts/make.conf" \ + /usr/local/etc/poudriere.d/${POUDRIERE_PORTS_NAME}-make.conf fi + cat <<EOF >>/usr/local/etc/poudriere.d/${POUDRIERE_PORTS_NAME}-make.conf +PKG_REPO_BRANCH_DEVEL=${PKG_REPO_BRANCH_DEVEL} +PKG_REPO_BRANCH_RELEASE=${PKG_REPO_BRANCH_RELEASE} +PKG_REPO_SERVER_DEVEL=${PKG_REPO_SERVER_DEVEL} +PKG_REPO_SERVER_RELEASE=${PKG_REPO_SERVER_RELEASE} +POUDRIERE_PORTS_NAME=${POUDRIERE_PORTS_NAME} +PRODUCT_NAME=${PRODUCT_NAME} +EOF + # Change version of pfSense meta ports for snapshots if [ -z "${_IS_RELEASE}" ]; then local _meta_pkg_version="$(echo "${PRODUCT_VERSION}" | sed 's,DEVELOPMENT,ALPHA,')-${DATESTRING}" sed -i '' \ -e "/^DISTVERSION/ s,^.*,DISTVERSION= ${_meta_pkg_version}," \ -e "/^PORTREVISION=/d" \ - /usr/local/poudriere/ports/${POUDRIERE_PORTS_NAME}/security/${PRODUCT_NAME}/Makefile + /usr/local/poudriere/ports/${POUDRIERE_PORTS_NAME}/security/${PRODUCT_NAME}/Makefile \ + /usr/local/poudriere/ports/${POUDRIERE_PORTS_NAME}/sysutils/${PRODUCT_NAME}-repo/Makefile fi + # Copy over pkg repo templates to pfSense-repo + mkdir -p /usr/local/poudriere/ports/${POUDRIERE_PORTS_NAME}/sysutils/${PRODUCT_NAME}-repo/files + cp -f ${BUILDER_TOOLS}/templates/pkg_repos/* \ + /usr/local/poudriere/ports/${POUDRIERE_PORTS_NAME}/sysutils/${PRODUCT_NAME}-repo/files + for jail_arch in ${_archs}; do jail_name=$(poudriere_jail_name ${jail_arch}) @@ -2144,16 +1753,6 @@ snapshots_create_sha256() { create_sha256 ${_img} snapshots_create_latest_symlink ${_img} done - - for NANOTYPE in nanobsd nanobsd-vga; do - for FILESIZE in ${FLASH_SIZE}; do - FILENAMEFULL="$(nanobsd_image_filename ${FILESIZE} ${NANOTYPE}).gz" - - if [ -f $IMAGES_FINAL_DIR/nanobsd/$FILENAMEFULL ]; then - create_sha256 $IMAGES_FINAL_DIR/nanobsd/$FILENAMEFULL - fi - done - done } snapshots_scp_files() { @@ -2170,7 +1769,6 @@ snapshots_scp_files() { # Ensure directory(s) are available ssh ${RSYNCUSER}@${_rsyncip} "mkdir -p ${RSYNCPATH}/installer" - ssh ${RSYNCUSER}@${_rsyncip} "mkdir -p ${RSYNCPATH}/nanobsd" if [ -d $IMAGES_FINAL_DIR/virtualization ]; then ssh ${RSYNCUSER}@${_rsyncip} "mkdir -p ${RSYNCPATH}/virtualization" fi @@ -2178,8 +1776,6 @@ snapshots_scp_files() { ssh ${RSYNCUSER}@${_rsyncip} "chmod -R ug+rw ${RSYNCPATH}/." rsync $RSYNC_COPY_ARGUMENTS $IMAGES_FINAL_DIR/installer/* \ ${RSYNCUSER}@${_rsyncip}:${RSYNCPATH}/installer/ - rsync $RSYNC_COPY_ARGUMENTS $IMAGES_FINAL_DIR/nanobsd/* \ - ${RSYNCUSER}@${_rsyncip}:${RSYNCPATH}/nanobsd/ if [ -d $IMAGES_FINAL_DIR/virtualization ]; then rsync $RSYNC_COPY_ARGUMENTS $IMAGES_FINAL_DIR/virtualization/* \ ${RSYNCUSER}@${_rsyncip}:${RSYNCPATH}/virtualization/ diff --git a/tools/builder_defaults.sh b/tools/builder_defaults.sh index b782d95..159dc52 100644 --- a/tools/builder_defaults.sh +++ b/tools/builder_defaults.sh @@ -54,18 +54,9 @@ fi # Make sure pkg will not be interactive export ASSUME_ALWAYS_YES=true -# Architecture, supported ARCH values are: -# Tier 1: i386, AMD64, and PC98 -# Tier 2: ARM, PowerPC, ia64, Sparc64 and sun4v -# Tier 3: MIPS and S/390 -# Tier 4: None at the moment -# Source: http://www.freebsd.org/doc/en/articles/committers-guide/archs.html -export TARGET=${TARGET:-"`uname -m`"} -export TARGET_ARCH=${TARGET_ARCH:-${TARGET}} -# Set TARGET_ARCH_CONF_DIR -if [ "$TARGET_ARCH" = "" ]; then - export TARGET_ARCH=`uname -p` -fi +# Architecture +export TARGET=${TARGET:-"$(uname -m)"} +export TARGET_ARCH=${TARGET_ARCH:-"$(uname -p)"} # Directory to be used for writing temporary information export SCRATCHDIR=${SCRATCHDIR:-"${BUILDER_ROOT}/tmp"} @@ -180,25 +171,6 @@ export OVA_SWAP_PART_SIZE_IN_GB=${OVA_SWAP_PART_SIZE_IN_GB:-"0"} export OVA_TMP=${OVA_TMP:-"${SCRATCHDIR}/ova_tmp"} # end of OVF -# Number of code images on media (1 or 2) -export NANO_IMAGES=2 -# 0 -> Leave second image all zeroes so it compresses better. -# 1 -> Initialize second image with a copy of the first -export NANO_INIT_IMG2=1 -export NANO_NEWFS="-b 4096 -f 512 -i 8192 -O1" -export FLASH_SIZE=${FLASH_SIZE:-"2g"} -# Size of code file system in 512 bytes sectors -# If zero, size will be as large as possible. -export NANO_CODESIZE=0 -# Size of data file system in 512 bytes sectors -# If zero: no partition configured. -# If negative: max size possible -export NANO_DATASIZE=0 -# Size of Product /conf partition # 102400 = 50 megabytes. -export NANO_CONFSIZE=102400 -# packet is OK for 90% of embedded -export NANO_BOOT0CFG="-o packet -s 1 -m 3" - # NOTE: Date string is used for creating file names of images # The file is used for sharing the same value with build_snapshots.sh export DATESTRINGFILE=${DATESTRINGFILE:-"$SCRATCHDIR/version.snapshots"} @@ -274,7 +246,6 @@ export PKG_RSYNC_HOSTNAME=${PKG_RSYNC_HOSTNAME:-${STAGING_HOSTNAME}} export PKG_RSYNC_USERNAME=${PKG_RSYNC_USERNAME:-"wwwsync"} export PKG_RSYNC_SSH_PORT=${PKG_RSYNC_SSH_PORT:-"22"} export PKG_RSYNC_DESTDIR=${PKG_RSYNC_DESTDIR:-"/staging/ce/packages"} -export PKG_RSYNC_LOGS=${PKG_RSYNC_LOGS:-"/staging/ce/packages/logs/${POUDRIERE_BRANCH}/${TARGET}"} # Final packages server if [ -n "${_IS_RELEASE}" ]; then @@ -319,7 +290,7 @@ export CORE_PKG_PATH=${CORE_PKG_PATH:-"${SCRATCHDIR}/${PRODUCT_NAME}_${POUDRIERE export CORE_PKG_REAL_PATH="${CORE_PKG_PATH}/.real_${DATESTRING}" export CORE_PKG_ALL_PATH="${CORE_PKG_PATH}/All" -export PKG_REPO_BASE=${PKG_REPO_BASE:-"${FREEBSD_SRC_DIR}/release/pkg_repos"} +export PKG_REPO_BASE=${PKG_REPO_BASE:-"${BUILDER_TOOLS}/templates/pkg_repos"} export PKG_REPO_DEFAULT=${PKG_REPO_DEFAULT:-"${PKG_REPO_BASE}/${PRODUCT_NAME}-repo.conf"} export PKG_REPO_PATH=${PKG_REPO_PATH:-"/usr/local/etc/pkg/repos/${PRODUCT_NAME}.conf"} @@ -344,9 +315,6 @@ export MEMSTICK_VARIANTS=${MEMSTICK_VARIANTS:-} export VARIANTIMAGES="" export VARIANTUPDATES="" -# nanobsd templates -export NANOBSD_IMG_TEMPLATE=${NANOBSD_IMG_TEMPLATE:-"${PRODUCT_NAME}${PRODUCT_NAME_SUFFIX}-${PRODUCT_VERSION}${PRODUCT_REVISION:+-p}${PRODUCT_REVISION}-%%SIZE%%-${TARGET}-%%TYPE%%${TIMESTAMP_SUFFIX}.img"} - # Rsync data to send snapshots export RSYNCUSER=${RSYNCUSER:-"snapshots"} export RSYNCPATH=${RSYNCPATH:-"/usr/local/www/snapshots/${TARGET}/${PRODUCT_NAME}_${GIT_REPO_BRANCH_OR_TAG}"} diff --git a/tools/templates/core_pkg/base-nanobsd/exclude_files b/tools/templates/core_pkg/base-nanobsd/exclude_files deleted file mode 100644 index 0cd0f41..0000000 --- a/tools/templates/core_pkg/base-nanobsd/exclude_files +++ /dev/null @@ -1,31 +0,0 @@ -./boot.config -./boot/loader.conf -./boot/loader.conf.local -./boot/modules/bwi_v3_ucode.ko -./cf/conf/config.xml -./cf/conf/enableserial_force -./cf/conf/trigger_initial_wizard -./conf.default/config.xml -./etc/bogons -./etc/bogonsv6 -./etc/dh-parameters.1024 -./etc/dh-parameters.2048 -./etc/dh-parameters.4096 -./etc/fstab -./etc/group -./etc/hosts -./etc/master.passwd -./etc/passwd -./etc/platform -./etc/pwd.db -./etc/rc.conf -./etc/spwd.db -./etc/syslog.conf -./media -./mnt -./proc -./sys -./tmp -./usr/local/share/%%PRODUCT_NAME%%/base.mtree -./usr/local/share/%%PRODUCT_NAME%%/base.txz -./usr/local/etc/pkg/repos/%%PRODUCT_NAME%%.conf diff --git a/tools/templates/core_pkg/base-nanobsd/metadir/+DEINSTALL b/tools/templates/core_pkg/base-nanobsd/metadir/+DEINSTALL deleted file mode 100644 index 715125f..0000000 --- a/tools/templates/core_pkg/base-nanobsd/metadir/+DEINSTALL +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - -if [ "${2}" != "DEINSTALL" ]; then - exit 0 -fi - -echo "===> Keeping a copy of current version mtree" - -# Check if there is a current mtree to be saved -if [ ! -f /usr/local/share/%%PRODUCT_NAME%%/base.mtree ]; then - echo "===> Current mtree file not found" - exit 1 -fi - -[ -f /usr/local/share/%%PRODUCT_NAME%%/base.mtree.previous ] \ - && rm -f /usr/local/share/%%PRODUCT_NAME%%/base.mtree.previous - -cp -f /usr/local/share/%%PRODUCT_NAME%%/base.mtree \ - /usr/local/share/%%PRODUCT_NAME%%/base.mtree.previous - -exit $? diff --git a/tools/templates/core_pkg/base-nanobsd/metadir/+DESC b/tools/templates/core_pkg/base-nanobsd/metadir/+DESC deleted file mode 100644 index 34b9159..0000000 --- a/tools/templates/core_pkg/base-nanobsd/metadir/+DESC +++ /dev/null @@ -1,3 +0,0 @@ -%%PRODUCT_NAME%% core files - -WWW: %%PRODUCT_URL%% diff --git a/tools/templates/core_pkg/base-nanobsd/metadir/+INSTALL b/tools/templates/core_pkg/base-nanobsd/metadir/+INSTALL deleted file mode 100644 index a2d9d82..0000000 --- a/tools/templates/core_pkg/base-nanobsd/metadir/+INSTALL +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - -if [ "${2}" != "POST-INSTALL" ]; then - exit 0 -fi - -if [ ! -f /usr/local/share/%%PRODUCT_NAME%%/base.txz ]; then - echo "===> ERROR: base tarball not found!" - exit 1 -fi - -echo nanobsd > /etc/platform - -echo "===> Removing schg flag from base files" - -# Cleanup schg flags -chflags -R noschg \ - /boot \ - /bin \ - /sbin \ - /usr/bin \ - /usr/sbin \ - /libexec \ - /lib \ - /usr/lib >/dev/null 2>&1 - -echo "===> Extracting new base tarball" - -# Install new base files -tar -C / -xJPUf /usr/local/share/%%PRODUCT_NAME%%/base.txz - -echo "===> Removing static obsoleted files" - -# Set IFS to \n to deal with filenames containing spaces -oIFS=${IFS} -IFS=" -" - -PLATFORM=$(cat /etc/platform) - -# Process obsolete files -if [ -f /etc/%%PRODUCT_NAME%%.obsoletedfiles ]; then - for f in $(cat /etc/%%PRODUCT_NAME%%.obsoletedfiles); do - if [ -n "${f}" -a -d "${f}" ]; then - chflags -R noschg "${f}" - rm -rf "${f}" - elif [ -n "${f}" -a -f "${f}" ]; then - chflags noschg "${f}" - rm -f "${f}" - elif [ -n "${f}" -a -L "${f}" ]; then - rm -f "${f}" - fi - done -fi - -# Restore IFS -IFS=${oIFS} - -exit 0 diff --git a/tools/templates/core_pkg/base-nanobsd/metadir/+MANIFEST b/tools/templates/core_pkg/base-nanobsd/metadir/+MANIFEST deleted file mode 100644 index 19229a3..0000000 --- a/tools/templates/core_pkg/base-nanobsd/metadir/+MANIFEST +++ /dev/null @@ -1,16 +0,0 @@ -name: "%%PRODUCT_NAME%%-base-nanobsd" -version: "%%VERSION%%" -origin: "security/%%PRODUCT_NAME%%-base-nanobsd" -comment: <<EOD -%%PRODUCT_NAME%% core files -EOD -maintainer: development@pfsense.org -prefix: /usr/local -deps: { -"%%PRODUCT_NAME%%-rc": {origin: "security/%%PRODUCT_NAME%%-rc", version: "%%VERSION%%"}, -"%%PRODUCT_NAME%%-repo": {origin: "security/%%PRODUCT_NAME%%-repo", version: "%%VERSION%%"} -} -categories [ security, ] -licenselogic: single -licenses: [ APACHE20, ] -options: { } diff --git a/tools/templates/core_pkg/base-nanobsd/pkg-plist b/tools/templates/core_pkg/base-nanobsd/pkg-plist deleted file mode 100644 index f531fae..0000000 --- a/tools/templates/core_pkg/base-nanobsd/pkg-plist +++ /dev/null @@ -1,2 +0,0 @@ -share/%%PRODUCT_NAME%%/base.txz -share/%%PRODUCT_NAME%%/base.mtree diff --git a/tools/templates/core_pkg/base/metadir/+MANIFEST b/tools/templates/core_pkg/base/metadir/+MANIFEST index 3e0a111..131620e 100644 --- a/tools/templates/core_pkg/base/metadir/+MANIFEST +++ b/tools/templates/core_pkg/base/metadir/+MANIFEST @@ -8,7 +8,6 @@ maintainer: development@pfsense.org prefix: /usr/local deps: { "%%PRODUCT_NAME%%-rc": {origin: "security/%%PRODUCT_NAME%%-rc", version: "%%VERSION%%"}, -"%%PRODUCT_NAME%%-repo": {origin: "security/%%PRODUCT_NAME%%-repo", version: "%%VERSION%%"} } categories [ security, ] licenselogic: single diff --git a/tools/templates/core_pkg/repo/metadir/+DESC b/tools/templates/core_pkg/repo/metadir/+DESC deleted file mode 100644 index ec6bbc5..0000000 --- a/tools/templates/core_pkg/repo/metadir/+DESC +++ /dev/null @@ -1,3 +0,0 @@ -%%PRODUCT_NAME%% pkg repository configuration (stable) - -WWW: %%PRODUCT_URL%% diff --git a/tools/templates/core_pkg/repo/metadir/+INSTALL b/tools/templates/core_pkg/repo/metadir/+INSTALL deleted file mode 100644 index 8e67eca..0000000 --- a/tools/templates/core_pkg/repo/metadir/+INSTALL +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh - -if [ "${2}" != "POST-INSTALL" ]; then - exit 0 -fi - -if [ ! -f /usr/local/share/%%PRODUCT_NAME%%/pkg/repos/%%PRODUCT_NAME%%-repo.conf ]; then - echo "===> ERROR: Default repo conf not found!" - exit 1 -fi - -if [ ! -L /usr/local/etc/pkg/repos/%%PRODUCT_NAME%%.conf ]; then - if [ -f /usr/local/etc/pkg/repos/%%PRODUCT_NAME%%.conf ]; then - rm -f /usr/local/etc/pkg/repos/%%PRODUCT_NAME%%.conf - fi - mkdir -p /usr/local/etc/pkg/repos - ln -sf \ - /usr/local/share/%%PRODUCT_NAME%%/pkg/repos/%%PRODUCT_NAME%%-repo.conf \ - /usr/local/etc/pkg/repos/%%PRODUCT_NAME%%.conf -fi - -exit 0 diff --git a/tools/templates/core_pkg/repo/metadir/+MANIFEST b/tools/templates/core_pkg/repo/metadir/+MANIFEST deleted file mode 100644 index bcec7f2..0000000 --- a/tools/templates/core_pkg/repo/metadir/+MANIFEST +++ /dev/null @@ -1,15 +0,0 @@ -name: "%%PRODUCT_NAME%%-repo" -version: "%%VERSION%%" -origin: "security/%%PRODUCT_NAME%%-repo" -comment: <<EOD -%%PRODUCT_NAME%% pkg repository configuration (stable) -EOD -maintainer: development@pfsense.org -prefix: /usr/local -deps: { - -} -categories [ security, ] -licenselogic: single -licenses: [ APACHE20, ] -options: { } diff --git a/tools/templates/pkg_repos/pfSense-repo-devel.conf b/tools/templates/pkg_repos/pfSense-repo-devel.conf new file mode 100644 index 0000000..c4e69fa --- /dev/null +++ b/tools/templates/pkg_repos/pfSense-repo-devel.conf @@ -0,0 +1,17 @@ +FreeBSD: { enabled: no } + +%%PRODUCT_NAME%%-core: { + url: "%%PKG_REPO_SERVER_DEVEL%%/%%PRODUCT_NAME%%_%%PKG_REPO_BRANCH_DEVEL%%_%%ARCH%%-core", + mirror_type: "srv", + signature_type: "fingerprints", + fingerprints: "/usr/local/share/%%PRODUCT_NAME%%/keys/pkg", + enabled: yes +} + +%%PRODUCT_NAME%%: { + url: "%%PKG_REPO_SERVER_DEVEL%%/%%PRODUCT_NAME%%_%%PKG_REPO_BRANCH_DEVEL%%_%%ARCH%%-%%POUDRIERE_PORTS_NAME%%", + mirror_type: "srv", + signature_type: "fingerprints", + fingerprints: "/usr/local/share/%%PRODUCT_NAME%%/keys/pkg", + enabled: yes +} diff --git a/tools/templates/pkg_repos/pfSense-repo-devel.descr b/tools/templates/pkg_repos/pfSense-repo-devel.descr new file mode 100644 index 0000000..c2c9eb2 --- /dev/null +++ b/tools/templates/pkg_repos/pfSense-repo-devel.descr @@ -0,0 +1 @@ +Development Snapshots (Experimental) diff --git a/tools/templates/pkg_repos/pfSense-repo.conf b/tools/templates/pkg_repos/pfSense-repo.conf new file mode 100644 index 0000000..c4e69fa --- /dev/null +++ b/tools/templates/pkg_repos/pfSense-repo.conf @@ -0,0 +1,17 @@ +FreeBSD: { enabled: no } + +%%PRODUCT_NAME%%-core: { + url: "%%PKG_REPO_SERVER_DEVEL%%/%%PRODUCT_NAME%%_%%PKG_REPO_BRANCH_DEVEL%%_%%ARCH%%-core", + mirror_type: "srv", + signature_type: "fingerprints", + fingerprints: "/usr/local/share/%%PRODUCT_NAME%%/keys/pkg", + enabled: yes +} + +%%PRODUCT_NAME%%: { + url: "%%PKG_REPO_SERVER_DEVEL%%/%%PRODUCT_NAME%%_%%PKG_REPO_BRANCH_DEVEL%%_%%ARCH%%-%%POUDRIERE_PORTS_NAME%%", + mirror_type: "srv", + signature_type: "fingerprints", + fingerprints: "/usr/local/share/%%PRODUCT_NAME%%/keys/pkg", + enabled: yes +} diff --git a/tools/templates/pkg_repos/pfSense-repo.descr b/tools/templates/pkg_repos/pfSense-repo.descr new file mode 100644 index 0000000..e892126 --- /dev/null +++ b/tools/templates/pkg_repos/pfSense-repo.descr @@ -0,0 +1 @@ +Stable (Default) |
