diff options
Diffstat (limited to 'src/etc/rc.initial.firmware_update')
| -rwxr-xr-x | src/etc/rc.initial.firmware_update | 190 |
1 files changed, 190 insertions, 0 deletions
diff --git a/src/etc/rc.initial.firmware_update b/src/etc/rc.initial.firmware_update new file mode 100755 index 0000000..2dff066 --- /dev/null +++ b/src/etc/rc.initial.firmware_update @@ -0,0 +1,190 @@ +#!/usr/local/bin/php-cgi -f + +<?php + +require("globals.inc"); +require("config.inc"); +require("functions.inc"); + +echo "Starting the {$g['product_name']} console firmware update system"; + +require("functions.inc"); +echo "."; + +if (isset($config['system']['firmware']['alturl']['enable'])) { + $updater_url = "{$config['system']['firmware']['alturl']['firmwareurl']}"; +} else { + $updater_url = $g['update_url']; +} + +$nanosize = ""; +if ($g['platform'] == "nanobsd") { + if (file_exists("/etc/nano_use_vga.txt")) { + $nanosize = "-nanobsd-vga-"; + } else { + $nanosize = "-nanobsd-"; + } + + $nanosize .= strtolower(trim(file_get_contents("/etc/nanosize.txt"))); + $update_filename = "latest{$nanosize}.img.gz"; +} else { + $update_filename = "latest.tgz"; +} +$autoupdateurl = "{$updater_url}/{$update_filename}"; + +$fp = fopen('php://stdin', 'r'); + +echo ".\n\n"; + +$shell_active = true; + +echo "1) Update from a URL\n"; +echo "2) Update from a local file\n"; +echo "Q) Quit\n"; + +echo "\nPlease select an option to continue: "; + +$pkg_interface = 'console'; +$command = strtoupper(chop(fgets($fp))); + +switch ($command) { + case "q": + case "quit": + echo "\n"; + fclose($fp); + die; + break; + case "1": + echo "\nEnter the URL to the .tgz or .img.gz update file. \nType 'auto' to use {$autoupdateurl}\n> "; + $url = chop(fgets($fp)); + if (!$url) { + fclose($fp); + die; + } + if ($url == "auto") { + $url = $autoupdateurl; + } + $status = does_url_exist($url); + if ($status) { + conf_mount_rw(); + mark_subsystem_dirty('firmware'); + unlink_if_exists("/root/firmware.tgz"); + echo "\nFetching file... "; + download_file_with_progress_bar($url, '/root/firmware.tgz'); + if (!file_exists("/root/firmware.tgz")) { + echo "Something went wrong during file transfer. Exiting.\n\n"; + fclose($fp); + clear_subsystem_dirty('firmware'); + die; + } + $status = does_url_exist("$url.sha256"); + if ($status) { + echo "\nFetching sha256... "; + download_file_with_progress_bar($url . ".sha256", '/root/firmware.tgz.sha256'); + echo "\n"; + } else { + echo "\n\nWARNING.\n"; + echo "\nCould not locate a sha256 file. We cannot verify the download once completed.\n\n"; + echo "Do you still want to proceed with the upgrade [n]? "; + $answer = strtoupper(chop(fgets($fp))); + if ($answer == "Y" or $answer == "YES") { + echo "\nContinuing upgrade..."; + } else { + echo "\nUpgrade cancelled.\n\n"; + die; + } + } + if (file_exists("/root/firmware.tgz.sha256")) { + $source_sha256 = trim(`cat /root/firmware.tgz.sha256 | awk '{ print \$4 }'`, "\r"); + $file_sha256 = trim(`sha256 /root/firmware.tgz | awk '{ print \$4 }'`, "\r"); + echo "URL sha256: $source_sha256\n"; + echo "Downloaded file sha256: $file_sha256\n"; + if ($source_sha256 <> $file_sha256) { + echo "\n\nsha256 checksum does not match. Cancelling upgrade.\n\n"; + unlink_if_exists("/root/firmware.tgz.sha256"); + fclose($fp); + clear_subsystem_dirty('firmware'); + die -1; + } + echo "\nsha256 checksum matches.\n"; + unlink_if_exists("/root/firmware.tgz.sha256"); + } + if (strstr($url, "nanobsd")) { + echo "NanoBSD upgrade file detected...\n"; + $type = "nanobsd"; + } else { + $type = "normal"; + } + do_upgrade("/root/firmware.tgz", $type); + clear_subsystem_dirty('firmware'); + exit; + } + case "2": + echo "\nEnter the complete path to the .tgz or .img.gz update file: "; + $path = chop(fgets($fp)); + if (!$path) { + fclose($fp); + die; + } + if (stristr($path, "nanobsd")) { + $type = "nanobsd"; + } + if (file_exists($path)) { + mark_subsystem_dirty('firmware'); + do_upgrade($path, $type); + clear_subsystem_dirty('firmware'); + } else { + echo "\nCould not find file.\n\n"; + fclose($fp); + die -1; + } +} + +function do_upgrade($path, $type) { + global $g, $fp; + + $sigchk = verify_digital_signature($path); + if ($sigchk == 1) { + $sig_warning = "The digital signature on this image is invalid."; + } elseif ($sigchk == 2) { + $sig_warning = "This image is not digitally signed."; + } elseif (($sigchk == 3) || ($sigchk == 4)) { + $sig_warning = "There has been an error verifying the signature on this image."; + } + if ($sig_warning) { + $sig_warning = "\nWARNING! ACHTUNG! DANGER!\n\n{$sig_warning}\n\n" . + "This means that the image you uploaded is not an official/supported image and\n" . + "may lead to unexpected behavior or security compromises.\n\n" . + "Only install images that come from sources that you trust, and make sure\n". + "that the image has not been tampered with.\n\n". + "Do you want to install this image anyway at your own risk [n]?"; + echo $sig_warning; + $command = strtoupper(chop(fgets($fp))); + if (strtoupper($command) == "Y" or strtoupper($command) == "Y" or strtoupper($command) == "YES") { + echo "\nContinuing upgrade..."; + } else { + echo "\nUpgrade cancelled.\n\n"; + die; + } + } + mark_subsystem_dirty('firmwarelock'); + echo "\nOne moment please...\nInvoking firmware upgrade..."; + if ($type == "nanobsd") { + mwexec_bg("/etc/rc.firmware pfSenseNanoBSDupgrade $path"); + } else { + mwexec_bg("/etc/rc.firmware pfSenseupgrade $path"); + } + sleep(10); + while (is_subsystem_dirty('firmwarelock')) { + sleep(1); + echo "."; + } + sleep(10); + echo "Done. Rebooting...\n\n"; + clear_subsystem_dirty('firmwarelock'); +} + +exec("rm -f /root/*.sha256"); +fclose($fp); + +?> |
