From 542c1f172836a804d2f8e3559778405ee4a282ed Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Tue, 8 Sep 2015 14:49:19 -0300 Subject: Add missing operator --- tools/templates/core_pkg/kernel/metadir/+DEINSTALL | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/templates/core_pkg/kernel/metadir/+DEINSTALL b/tools/templates/core_pkg/kernel/metadir/+DEINSTALL index 2ecfa6e..fa2cb42 100644 --- a/tools/templates/core_pkg/kernel/metadir/+DEINSTALL +++ b/tools/templates/core_pkg/kernel/metadir/+DEINSTALL @@ -13,7 +13,7 @@ if [ ! -f /boot/kernel/kernel.gz ]; then fi [ -d /boot/kernel.old ] \ - rm -rf /boot/kernel.old + && rm -rf /boot/kernel.old cp -r /boot/kernel /boot/kernel.old exit $? -- cgit v1.1 From f4105497c4127d9b41f80d8a12e11d4f9127255a Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Tue, 8 Sep 2015 15:08:21 -0300 Subject: Fix carp(master|backup) notification message --- src/etc/rc.carpbackup | 2 +- src/etc/rc.carpmaster | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/etc/rc.carpbackup b/src/etc/rc.carpbackup index 34fca29..7511496 100755 --- a/src/etc/rc.carpbackup +++ b/src/etc/rc.carpbackup @@ -51,7 +51,7 @@ $friendly_descr = convert_friendly_interface_to_friendly_descr($friendly); $vips = link_interface_to_vips($friendly, '', $vhid); $carp_iface = "{$friendly}_vip{$vhid}"; foreach ($vips as $vip) { - $notificationmsg = sprintf('Carp cluster member "{$friendly_descr)(%2$s): {$vip["subnet"]} (%1$s)" has resumed the state "BACKUP" for vhid %s', $argument, $vip['descr'], $vhid); + $notificationmsg = sprintf('Carp cluster member "(%1$s): (%2$s)" has resumed the state "BACKUP" for vhid %3$s', $argument, $friendly_descr, $vhid); notify_via_smtp($notificationmsg); notify_via_growl($notificationmsg); diff --git a/src/etc/rc.carpmaster b/src/etc/rc.carpmaster index 91f3c0e..8413b04 100755 --- a/src/etc/rc.carpmaster +++ b/src/etc/rc.carpmaster @@ -51,7 +51,7 @@ $friendly_descr = convert_friendly_interface_to_friendly_descr($friendly); $vips = link_interface_to_vips($friendly, '', $vhid); $carp_iface = "{$friendly}_vip{$vhid}"; foreach ($vips as $vip) { - $notificationmsg = sprintf('Carp cluster member "{$friendly_descr)(%2$s): {$vip["subnet"]} (%1$s)" has resumed the state "MASTER" for vhid %s', $argument, $vip['descr'], $vhid); + $notificationmsg = sprintf('Carp cluster member "(%1$s): (%2$s)" has resumed the state "MASTER" for vhid %3$s', $argument, $friendly_descr, $vhid); notify_via_smtp($notificationmsg); notify_via_growl($notificationmsg); -- cgit v1.1 From cc145494c282b712a452584b4e15ef716dec183e Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Thu, 10 Sep 2015 08:01:25 -0300 Subject: Add waiting for jobs info to snapshots log too --- build.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/build.sh b/build.sh index dd06fff..ae28d29 100755 --- a/build.sh +++ b/build.sh @@ -413,7 +413,11 @@ done core_pkg_create_repo -echo ">>> NOTE: waiting for jobs: `jobs -l` to finish..." +if [ -n "${SNAPSHOTS}" ]; then + snapshots_update_status ">>> NOTE: waiting for jobs: $(jobs -l) to finish..." +else + echo ">>> NOTE: waiting for jobs: $(jobs -l) to finish..." +fi wait if [ -n "${SNAPSHOTS}" ]; then -- cgit v1.1 From d5a9d5f02acf71a4cddbc7e7c0a7901d6b48e6fd Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Thu, 10 Sep 2015 14:27:15 -0300 Subject: Do not create pbi directories or copy pbi keys --- src/etc/rc | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/src/etc/rc b/src/etc/rc index 1215883..d36a688 100755 --- a/src/etc/rc +++ b/src/etc/rc @@ -166,10 +166,6 @@ elif [ "$PLATFORM" = "nanobsd" ] || [ ${USE_MFS_TMPVAR} -gt 0 ]; then /bin/mkdir -p /root/var/db/pkg /bin/rm -rf /var/db/pkg /bin/ln -s /root/var/db/pkg/ /var/db/pkg - # Ensure that PBI packages can be persistent across reboots - /bin/mkdir -p /root/var/db/pbi - /bin/rm -rf /var/db/pbi - /bin/ln -s /root/var/db/pbi/ /var/db/pbi else SWAPDEVICE=`/bin/cat /etc/fstab | /usr/bin/grep swap | /usr/bin/cut -f1` /sbin/swapon -a 2>/dev/null >/dev/null @@ -179,19 +175,9 @@ else # User must have just disabled RAM disks, move these back into place. /bin/mkdir -p /var/db/pkg /bin/mv /root/var/db/pkg /var/db/pkg - /bin/mkdir -p /var/db/pbi - /bin/mv /root/var/db/pbi /var/db/pbi fi fi -# Copy PBI keys -if ls /usr/local/share/pbi-keys/*.ssl >/dev/null 2>&1; then - if [ ! -d "/var/db/pbi/keys" ]; then - mkdir -p /var/db/pbi/keys - fi - cp -f /usr/local/share/pbi-keys/*.ssl /var/db/pbi/keys -fi - if [ "$PLATFORM" = "cdrom" ] ; then echo -n "Mounting unionfs directories..." /bin/mkdir /tmp/unionfs -- cgit v1.1 From c77e22260b4a3c78b1a24174355fa38dfe994de4 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Thu, 10 Sep 2015 14:29:31 -0300 Subject: Move conf backup dir creation to default-config packages scripts --- src/etc/rc | 4 ---- tools/templates/core_pkg/default-config-serial/metadir/+INSTALL | 4 ++++ tools/templates/core_pkg/default-config-vmware/metadir/+INSTALL | 4 ++++ tools/templates/core_pkg/default-config/metadir/+INSTALL | 4 ++++ 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/src/etc/rc b/src/etc/rc index d36a688..6192d48 100755 --- a/src/etc/rc +++ b/src/etc/rc @@ -266,10 +266,6 @@ if [ ! -d /var/tmp ]; then /bin/mkdir -p /var/tmp fi -if [ ! -d /cf/conf/backup/ ]; then - /bin/mkdir -p /cf/conf/backup/ -fi - set -T trap "echo 'Reboot interrupted'; exit 1" 3 diff --git a/tools/templates/core_pkg/default-config-serial/metadir/+INSTALL b/tools/templates/core_pkg/default-config-serial/metadir/+INSTALL index 11c69cd..56a4548 100644 --- a/tools/templates/core_pkg/default-config-serial/metadir/+INSTALL +++ b/tools/templates/core_pkg/default-config-serial/metadir/+INSTALL @@ -12,4 +12,8 @@ if [ ! -L /conf ]; then ln -sf /cf/conf /conf fi +if [ ! -d /cf/conf/backup ]; then + mkdir /cf/conf/backup +fi + exit 0 diff --git a/tools/templates/core_pkg/default-config-vmware/metadir/+INSTALL b/tools/templates/core_pkg/default-config-vmware/metadir/+INSTALL index 11c69cd..56a4548 100644 --- a/tools/templates/core_pkg/default-config-vmware/metadir/+INSTALL +++ b/tools/templates/core_pkg/default-config-vmware/metadir/+INSTALL @@ -12,4 +12,8 @@ if [ ! -L /conf ]; then ln -sf /cf/conf /conf fi +if [ ! -d /cf/conf/backup ]; then + mkdir /cf/conf/backup +fi + exit 0 diff --git a/tools/templates/core_pkg/default-config/metadir/+INSTALL b/tools/templates/core_pkg/default-config/metadir/+INSTALL index 11c69cd..56a4548 100644 --- a/tools/templates/core_pkg/default-config/metadir/+INSTALL +++ b/tools/templates/core_pkg/default-config/metadir/+INSTALL @@ -12,4 +12,8 @@ if [ ! -L /conf ]; then ln -sf /cf/conf /conf fi +if [ ! -d /cf/conf/backup ]; then + mkdir /cf/conf/backup +fi + exit 0 -- cgit v1.1 From e4d09dca87d4a3fe05c84b976512cc0810950dda Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Thu, 10 Sep 2015 14:41:30 -0300 Subject: pw lock/unlock throws out error messages even when called with -q, send stderr to /dev/null for now --- src/etc/inc/auth.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index 3c0acaa..35e4539 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -522,7 +522,7 @@ function local_user_set(& $user) { } $un = $lock_account ? "" : "un"; - exec("/usr/sbin/pw {$un}lock {$user_name} -q"); + exec("/usr/sbin/pw {$un}lock {$user_name} -q 2>/dev/null"); conf_mount_ro(); } -- cgit v1.1 From 842fc1e2a9f7cd8672773fcfdf7fb14ee2ceea58 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Thu, 10 Sep 2015 14:43:44 -0300 Subject: Add first version of pfsense-upgrade.sh, script that will provide pkg upgrades --- src/etc/rc | 6 + src/usr/local/sbin/pfsense-upgrade.sh | 243 ++++++++++++++++++++++++++++++++++ 2 files changed, 249 insertions(+) create mode 100755 src/usr/local/sbin/pfsense-upgrade.sh diff --git a/src/etc/rc b/src/etc/rc index 6192d48..4c4b848 100755 --- a/src/etc/rc +++ b/src/etc/rc @@ -332,6 +332,12 @@ echo "done." # Recreate capabilities DB /usr/bin/cap_mkdb /etc/login.conf +# Finish update +if [ -f /cf/conf/upgrade_in_progress ]; then + echo "Running second stage of upgrade process..." + /usr/local/sbin/pfsense-upgrade.sh -y +fi + # Run the php.ini setup file and populate # /usr/local/etc/php.ini and /usr/local/lib/php.ini /etc/rc.php_ini_setup 2>/tmp/php_errors.txt diff --git a/src/usr/local/sbin/pfsense-upgrade.sh b/src/usr/local/sbin/pfsense-upgrade.sh new file mode 100755 index 0000000..6081442 --- /dev/null +++ b/src/usr/local/sbin/pfsense-upgrade.sh @@ -0,0 +1,243 @@ +#!/bin/sh + +# Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgment: +# "This product includes software developed by the pfSense Project +# for use in the pfSense® software distribution. (http://www.pfsense.org/). +# +# 4. The names "pfSense" and "pfSense Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# coreteam@pfsense.org. +# +# 5. Products derived from this software may not be called "pfSense" +# nor may "pfSense" appear in their names without prior written +# permission of the Electric Sheep Fencing, LLC. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# +# "This product includes software developed by the pfSense Project +# for use in the pfSense software distribution (http://www.pfsense.org/). +# +# THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. + +# pkg should not ask for confirmations +export ASSUME_ALWAYS_YES=true + +# Firmware lock subsystem +firmwarelock=/var/run/firmwarelock.dirty + +# File used to detect second call, after kernel update and reboot +upgrade_in_progress="/cf/conf/upgrade_in_progress" + +if [ -f "${firmwarelock}" ]; then + echo "ERROR: Another upgrade is running... aborting." + exit 0 +fi + +stdout='/dev/null' +unset yes +while getopts dys opt; do + case ${opt} in + d) + stdout='' + ;; + y) + yes=1 + ;; + *) + usage + exit 1 + ;; + esac +done + +usage() { + echo "Usage: $(basename ${0}) [-d] [-y] [-c]" +} + +_exec() { + local _cmd="${1}" + local _msg="${2}" + local _mute="${3}" + local _ignore_result="${4}" + local _stdout="${stdout}" + + if [ -z "${_cmd}" -o -z "${_msg}" ]; then + return 1 + fi + + if [ "${_mute}" != "mute" ]; then + _stdout='' + fi + + echo -n ">>> ${_msg}... " + if [ -z "${_stdout}" ]; then + echo "" + ${_cmd} 2>&1 + else + ${_cmd} >${_stdout} 2>&1 + fi + local _result=$? + + if [ ${_result} -eq 0 -o -n "${_ignore_result}" ]; then + [ -n "${_stdout}" ] \ + && echo "done." + return 0 + else + [ -n "${_stdout}" ] \ + && echo "failed." + return 1 + fi +} + +_exit() { + if [ -n "${kernel_pkg}" ]; then + _exec "pkg lock ${kernel_pkg}" "Locking kernel package" mute ignore_result + fi + if [ -f "${firmwarelock}" ]; then + rm -f ${firmwarelock} + fi +} + +first_step() { + _exec "pkg update" "Updating repositories" mute ignore_result + + # figure out which kernel variant is running + kernel_pkg=$(pkg query %n $(pkg info pfSense-kernel-\*)) + + if [ -z "${kernel_pkg}" ]; then + echo "ERROR: It was not possible to identify which pfSense kernel is installed" + exit 1 + fi + + kernel_local=$(pkg query %v ${kernel_pkg}) + + if [ -z "${kernel_local}" ]; then + echo "ERROR: It was not possible to determine pfSense kernel local version" + exit 1 + fi + + kernel_remote=$(pkg rquery %v ${kernel_pkg}) + + if [ -z "${kernel_remote}" ]; then + echo "ERROR: It was not possible to determine pfSense kernel remote version" + exit 1 + fi + + kernel_version_compare=$(pkg version -t ${kernel_local} ${kernel_remote}) + + if [ "${kernel_version_compare}" = "<" ]; then + kernel_update=1 + # Make sure we lock kernel package again + trap _exit 1 2 15 EXIT + _exec "pkg unlock ${kernel_pkg}" "Unlocking kernel package" mute ignore_result + elif [ "${kernel_version_compare}" = "=" ]; then + kernel_update=0 + elif [ "${kernel_version_compare}" = ">" ]; then + echo "ERROR: You are using a newer kernel version than remote repository" + exit 1 + else + echo "ERROR: Error comparing pfSense kernel local and remote versions" + exit 1 + fi + + # XXX find a samrter way to do it + l=$(pkg upgrade -Unq | wc -l) + if [ ${l} -eq 1 ]; then + echo "Your packages are up to date" + exit 0 + fi + + if [ -z "${yes}" ]; then + # Show user which packages are going to be upgraded + pkg upgrade -Unq + + echo "" + if [ ${kernel_update} -eq 1 ]; then + echo "**** WARNING ****" + echo "Reboot will be required!!" + fi + echo -n "Proceed with upgrade? (y/N) " + read answer + if [ "${answer}" != "y" ]; then + echo "Aborting..." + exit 0 + fi + fi + + echo ">>> Downloading packages..." + if ! pkg upgrade -UF; then + echo "ERROR: It was not possible to download packages" + exit 1 + fi + + # Mark firmware subsystem dirty + trap _exit 1 2 15 EXIT + touch ${firmwarelock} + + # First upgrade kernel and reboot + if [ ${kernel_update} -eq 1 ]; then + _exec "pkg upgrade -U ${kernel_pkg}" "Upgrading pfSense krenel" + touch ${upgrade_in_progress} + echo "Rebooting..." + reboot + fi +} + +second_step() { + echo "Upgrading necessary packages..." + if ! pkg upgrade -U; then + echo "ERROR: An error occurred when upgrade was running..." + exit 1 + fi + + _exec "pkg autoremove" "Removing unnecessary packages" mute ignore_result + _exec "pkg clean" "Cleanup pkg cache" mute ignore_result + + # cleanup caches + + rm -f ${upgrade_in_progress} + rm -f ${firmwarelock} +} + +unset need_reboot +if [ ! -f "${upgrade_in_progress}" ]; then + first_step +else + need_reboot=1 +fi + +second_step + +if [ -n "${need_reboot}" ]; then + echo "Rebooting..." + reboot +fi + +exit 0 -- cgit v1.1