Commit 264c28d1 authored by Franco Fichtner's avatar Franco Fichtner

firmware: remove some obsolete parts of the firmware update system

Fear not as we will reintroduce the functionality in the GUI using
our new firmware update system which includes pkg(8)/opnsense-update(8).
parent d178bd83
......@@ -142,11 +142,6 @@ else if (file_exists("/var/run/booting") && !file_exists('/conf/config.xml')) {
}
}
/* write device name to a file for rc.firmware */
$fd = fopen("{$g['varetc_path']}/cfdevice", "w");
fwrite($fd, $cfgdevice . "\n");
fclose($fd);
/* write out an fstab */
$fd = fopen('/etc/fstab', 'w');
......
......@@ -77,305 +77,7 @@ remove_chflags() {
done
}
binary_update() {
TGZ=$1
ERR_F="/tmp/bdiff.log"
rm ${ERR_F} 2>/dev/null
/bin/mkdir /tmp/patched /tmp/patches 2>>${ERR_F}
# Save the old shutdown binary. If we switch from i386 to amd64 (or back) the reboot binary won't run at the end since it doesn't match up.
/bin/cp -p /sbin/shutdown /sbin/shutdown.old
backup_chflags
remove_chflags
cd /tmp/patches
for i in `/usr/bin/tar tvzf $TGZ | egrep -v "(^d|_md5)" | nawk '{print $9;}'`;
do
FILE=`basename ${i}`
echo "Working on ${i}"
# Untar patch file and md5 files
/usr/bin/tar xzf ${TGZ} ${i} ${i}.old_file_md5 ${i}.new_patch_md5 ${i}.new_file_md5 2>>${ERR_F}
# Apply patch - oldfile newfile patchfile
/usr/local/bin/bspatch /${i} /tmp/patched/${FILE} /tmp/patches/${i} 2>>${ERR_F}
OLD_FILE_MD5=`cat /tmp/patches/${i}.old_file_md5 2>/dev/null`
NEW_PATCH_MD5=`cat /tmp/patches/${i}.new_patch_md5 2>/dev/null`
NEW_FILE_MD5=`cat /tmp/patches/${i}.new_file_md5 2>/dev/null`
PATCHED_MD5=`/sbin/md5 -q /tmp/patched/${FILE} 2>/dev/null`
if [ "$PATCHED_MD5" = "$NEW_PATCH_MD5" ]; then
/usr/bin/install -S /tmp/patched/${FILE} /${i}
else
#echo "${i} file does not match intended final md5."
echo "${i} file does not match intended final md5." >> ${ERR_F}
fi
/bin/rm /tmp/patched/${FILE} >> ${ERR_F}
/bin/rm /tmp/patches/${i} >> ${ERR_F}
/bin/rm /tmp/patches/${i}.* >> ${ERR_F}
done
/bin/rm -rf /tmp/patched /tmp/patches >> ${ERR_F}
restore_chflags
}
case $ACTION in
enable)
touch /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
echo "Enable" >> /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
/usr/local/etc/rc.conf_mount_ro
;;
auto)
touch /var/run/firmwarelock.dirty
backup_chflags
remove_chflags
/usr/local/etc/rc.firmware_auto
restore_chflags
/usr/local/etc/rc.conf_mount_ro
;;
pfSenseNanoBSDupgrade)
# Sanity check - bail early if there's no firmware file!
if [ ! -r $IMG ]; then
echo "2nd parameter has not been passed or file does not exist. Exiting." >> /conf/upgrade_log.txt 2>&1
/usr/local/etc/rc.conf_mount_ro
exit 1
fi
# Prevent full upgrade file from being used to upgrade
if [ `echo $IMG | grep "full"` ]; then
echo "You cannot use a full file for upgrade. Please use a file labeled nanobsd upgrade."
file_notice "NanoBSDUpgradeFailure" "You have attemped to use a full NanoBSD installation file as an upgrade. Please use a NanoBSD file labeled 'upgrade' instead."
rm -f $IMG
/usr/local/etc/rc.conf_mount_ro
exit 1
fi
touch /var/run/firmwarelock.dirty
echo "NanoBSD Firmware upgrade in progress..." >> /conf/upgrade_log.txt 2>&1
echo "NanoBSD Firmware upgrade in progress..." | wall
/usr/local/etc/rc.notify_message -e -g -m "NanoBSD Firmware upgrade in progress..."
# backup config
/bin/mkdir -p /tmp/configbak
cp -Rp /conf/* /tmp/configbak 2>/dev/null
# Remove logs from backup dir to avoid clobbering upon restore.
rm /tmp/configbak/*_log.txt 2>/dev/null
echo "" >> /conf/upgrade_log.txt
echo "Installing ${IMG}." >> /conf/upgrade_log.txt 2>&1
echo "Installing ${IMG}." | wall
# resolve glabel label that we booted from
BOOT_DEVICE=`/sbin/mount | /usr/bin/grep pfsense | /usr/bin/cut -d'/' -f4 | /usr/bin/cut -d' ' -f1`
# resolve glabel to the real boot dev entry
REAL_BOOT_DEVICE=`/sbin/glabel list | /usr/bin/grep -B2 ufs/${BOOT_DEVICE} | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' '`
# grab the boot device, example ad1, ad0
BOOT_DRIVE=`/sbin/glabel list | /usr/bin/grep -B2 ufs/pfsense | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' ' | /usr/bin/cut -d's' -f1`
# test the slice. if we are on slice 1 we need to flash 2 and vica versa
if [ `echo $REAL_BOOT_DEVICE | /usr/bin/grep "s1"` ]; then
SLICE="2"
OLDSLICE="1"
TOFLASH="${BOOT_DRIVE}s${SLICE}"
COMPLETE_PATH="${BOOT_DRIVE}s${SLICE}a"
GLABEL_SLICE="pfsense1"
UFS_ID="1"
OLD_UFS_ID="0"
else
SLICE="1"
OLDSLICE="2"
TOFLASH="${BOOT_DRIVE}s${SLICE}"
COMPLETE_PATH="${BOOT_DRIVE}s${SLICE}a"
GLABEL_SLICE="pfsense0"
UFS_ID="0"
OLD_UFS_ID="1"
fi
# Output specifc information that this script is using
echo "SLICE ${SLICE}" >> /conf/upgrade_log.txt
echo "OLDSLICE ${OLDSLICE}" >> /conf/upgrade_log.txt
echo "TOFLASH ${TOFLASH}" >> /conf/upgrade_log.txt
echo "COMPLETE_PATH ${COMPLETE_PATH}" >> /conf/upgrade_log.txt
echo "GLABEL_SLICE ${GLABEL_SLICE}" >> /conf/upgrade_log.txt
# First ensure the new file can fit inside the
# slice that we are going to be operating on.
NEW_IMG_SIZE=`echo $((\`gzip -l ${IMG} | grep -v compressed | awk '{ print $2}'\` / 1024 / 1024))`
SIZE=`/sbin/fdisk ${COMPLETE_PATH} | /usr/bin/grep Meg | /usr/bin/awk '{ print $5 }' | /usr/bin/cut -d"(" -f2`
# USB slices are under-reported even more than CF slices when viewed
# directly, instead of when looking at the entire disk. Compensate
# by adding exactly 6MB. 4MB was consistently 2MB too few, and
# was resulting in failing upgrades on USB Flash based installs.
SIZE=`expr $SIZE + 6`
if [ "$SIZE" -lt "$NEW_IMG_SIZE" ]; then
file_notice "UpgradeFailure" "Upgrade failed due to the upgrade image being larger than the partition that is configured on disk. Halting. Size on disk: $SIZE < Size of new image: $NEW_IMG_SIZE"
echo "Upgrade failed. Please check the system log file for more information" | wall
rm -f $IMG
rm -f /var/run/firmwarelock.dirty
rm -f /var/run/firmware.lock
rm -f ${IMG}
/usr/local/etc/rc.conf_mount_ro
exit 1
fi
# Output environment information to log file
output_env_to_log
# Grab a before upgrade look at fdisk
echo "" >> /conf/fdisk_upgrade_log.txt
echo "Before upgrade fdisk/bsdlabel" >> /conf/fdisk_upgrade_log.txt
fdisk $BOOT_DRIVE >> /conf/fdisk_upgrade_log.txt
bsdlabel -A ${BOOT_DRIVE}s1 >> /conf/fdisk_upgrade_log.txt
bsdlabel -A ${BOOT_DRIVE}s2 >> /conf/fdisk_upgrade_log.txt
bsdlabel -A ${BOOT_DRIVE}s3 >> /conf/fdisk_upgrade_log.txt
echo "---------------------------------------------------------------" >> /conf/fdisk_upgrade_log.txt
echo "" >> /conf/fdisk_upgrade_log.txt
# Log that we are really doing a NanoBSD upgrade
echo "" >> /conf/upgrade_log.txt
echo "NanoBSD upgrade starting" >> /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
# Remove TOFLASH and get ready for new flash image
echo "" >> /conf/upgrade_log.txt
echo "dd if=/dev/zero of=/dev/${TOFLASH} bs=1m count=1" >> /conf/upgrade_log.txt
dd if=/dev/zero of=/dev/${TOFLASH} bs=1m count=1 >> /conf/upgrade_log.txt 2>&1
# Stream gzipped image to dd and explode image to new area
echo "" >> /conf/upgrade_log.txt
echo "/usr/bin/gzip -dc $IMG | /bin/dd of=/dev/${TOFLASH} obs=64k" >> /conf/upgrade_log.txt
/usr/bin/gzip -dc $IMG | /bin/dd of=/dev/${TOFLASH} obs=64k >> /conf/upgrade_log.txt 2>&1
# Grab a after upgrade look at fdisk
echo "" >> /conf/fdisk_upgrade_log.txt
echo "After upgrade fdisk/bsdlabel" >> /conf/upgrade_log.txt
fdisk $BOOT_DRIVE >> /conf/fdisk_upgrade_log.txt
bsdlabel -A ${BOOT_DRIVE}s1 >> /conf/fdisk_upgrade_log.txt
bsdlabel -A ${BOOT_DRIVE}s2 >> /conf/fdisk_upgrade_log.txt
bsdlabel -A ${BOOT_DRIVE}s3 >> /conf/fdisk_upgrade_log.txt
echo "---------------------------------------------------------------" >> /conf/fdisk_upgrade_log.txt
echo "" >> /conf/fdisk_upgrade_log.txt
# Ensure that our new system is sound and bail if it is not and file a notice
echo "" >> /conf/upgrade_log.txt
echo "/sbin/fsck_ufs -y /dev/${COMPLETE_PATH}" >> /conf/upgrade_log.txt
/sbin/fsck_ufs -y /dev/${COMPLETE_PATH} >> /conf/upgrade_log.txt 2>&1
if [ $? != 0 ]; then
file_notice "UpgradeFailure" "{\$g['product_name']} upgrade has failed. Your system has been left in a usable state."
rm -f $IMG
rm -f /var/run/firmwarelock.dirty
rm -f /var/run/firmware.lock
/usr/local/etc/rc.conf_mount_ro
exit 1
fi
# Enable foot shooting
sysctl kern.geom.debugflags=16
# Add back the corresponding glabel
echo "" >> /conf/upgrade_log.txt
echo "/sbin/tunefs -L ${GLABEL_SLICE} /dev/${COMPLETE_PATH}" >> /conf/upgrade_log.txt
/sbin/tunefs -L ${GLABEL_SLICE} /dev/${COMPLETE_PATH} >> /conf/upgrade_log.txt 2>&1
# restore config
cp -Rp /tmp/configbak/* /conf 2>/dev/null
# Remove upgrade file
rm -f $IMG
# Mount newly prepared slice
mkdir /tmp/$GLABEL_SLICE
mount /dev/ufs/$GLABEL_SLICE /tmp/$GLABEL_SLICE
# If /boot/loader.conf.local exists
# copy to the other slice.
if [ -f /boot/loader.conf.local ]; then
cp /boot/loader.conf.local /tmp/$GLABEL_SLICE/boot/loader.conf.local
fi
# If /tmp/$GLABEL_SLICE/tmp/post_upgrade_command exists
# after update then execute the command.
echo "Checking for post_upgrade_command..." >> /conf/upgrade_log.txt
if [ -f /tmp/$GLABEL_SLICE/tmp/post_upgrade_command ]; then
echo "Found post_upgrade_command, executing ($GLABEL_SLICE)..." >> /conf/upgrade_log.txt
sh /tmp/$GLABEL_SLICE/tmp/post_upgrade_command $GLABEL_SLICE >> /conf/upgrade_log.txt 2>&1
fi
# Update fstab
cp /etc/fstab /tmp/$GLABEL_SLICE/etc/fstab
sed -i "" "s/pfsense${OLD_UFS_ID}/pfsense${UFS_ID}/g" /tmp/$GLABEL_SLICE/etc/fstab
if [ $? != 0 ]; then
echo "Something went wrong when trying to update the fstab entry. Aborting upgrade."
file_notice "UpgradeFailure" "Something went wrong when trying to update the fstab entry. Aborting upgrade."
rm -f $IMG
rm -f /var/run/firmwarelock.dirty
rm -f /var/run/firmware.lock
umount /tmp/$GLABEL_SLICE
/usr/local/etc/rc.conf_mount_ro
exit 1
fi
echo "" >> /conf/upgrade_log.txt
cat /tmp/$GLABEL_SLICE/etc/fstab >> /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
find /tmp/$GLABEL_SLICE >/conf/file_upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
# Unmount newly prepared slice
umount /tmp/$GLABEL_SLICE
sync
# Set active mount slice in fdisk
echo "" >> /conf/upgrade_log.txt
echo "gpart set -a active -i ${SLICE} ${BOOT_DRIVE}" >> /conf/upgrade_log.txt
gpart set -a active -i ${SLICE} ${BOOT_DRIVE} >> /conf/upgrade_log.txt 2>&1
sync
# Set active boot source - NanoBSD does not do this but otherwise we
# end up with the wrong partition being active.
echo "" >> /conf/upgrade_log.txt
echo "/usr/sbin/boot0cfg -s ${SLICE} -v /dev/${BOOT_DRIVE}" >> /conf/upgrade_log.txt
/usr/sbin/boot0cfg -s ${SLICE} -v /dev/${BOOT_DRIVE} >> /conf/upgrade_log.txt 2>&1
# Disable foot shooting
sysctl kern.geom.debugflags=0
# Grab a final look at fdisk
echo "" >> /conf/fdisk_upgrade_log.txt
echo "Final upgrade fdisk/bsdlabel" >> /conf/fdisk_upgrade_log.txt
fdisk $BOOT_DRIVE >> /conf/fdisk_upgrade_log.txt
bsdlabel -A ${BOOT_DRIVE}s1 >> /conf/fdisk_upgrade_log.txt
bsdlabel -A ${BOOT_DRIVE}s2 >> /conf/fdisk_upgrade_log.txt
bsdlabel -A ${BOOT_DRIVE}s3 >> /conf/fdisk_upgrade_log.txt
echo "---------------------------------------------------------------" >> /conf/fdisk_upgrade_log.txt
echo "" >> /conf/fdisk_upgrade_log.txt
date >> /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
# Trigger a package reinstallation on reobot
touch /conf/needs_package_sync
# remount /cf ro
/usr/local/etc/rc.conf_mount_ro
/bin/sync
echo "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds." >> /conf/upgrade_log.txt 2>&1
echo "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds." | wall
/usr/local/etc/rc.notify_message -e -g -m "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds."
sleep 10
rm -f /var/run/firmwarelock.dirty
rm -f /var/run/firmware.lock
. /usr/local/etc/rc.reboot
;;
pfSenseupgrade)
# Sanity check - bail early if there's no firmware file!
......@@ -503,22 +205,5 @@ pfSenseupgrade)
. /usr/local/etc/rc.reboot
fi
;;
delta_update)
touch /var/run/firmwarelock.dirty
backup_chflags
remove_chflags
binary_update $IMG
restore_chflags
find / -name CVS -type d -exec rm {} \;
/usr/local/etc/rc.conf_mount_ro
/sbin/umount -f /cf 2>/dev/null
/sbin/mount -r /cf 2>/dev/null
/sbin/umount -f / 2>/dev/null
/sbin/mount -r / 2>/dev/null
if [ -e /etc/init_bootloader.sh ]; then
sh /etc/init_bootloader.sh
fi
;;
esac
#!/bin/sh
FMBASEURL=$1
FMFILENAME=$2
FETCHFILENAME=$1/$2
product=`cat /usr/local/etc/inc/globals.inc | grep product_name | cut -d'"' -f4`
# wait 5 seconds before beginning
sleep 5
logger -p daemon.info -i -t AutoUpgrade "Auto Upgrade started"
HTTP_AUTH=""
# if username and password is passed, let fetch utilize.
if [ $# -gt 3 ]; then
HTTP_AUTH="basic:*:$3:$4"
fi
#echo "Downloading $FMFILENAME from $FMBASEURL ..." | logger -p daemon.info -i -t AutoUpgrade
#/usr/bin/fetch -o /tmp/latest.tgz $FETCHFILENAME | logger -p daemon.info -i -t AutoUpgrade
#echo "Downloading $FMFILENAME.md5 from $FMBASEURL ..." | logger -p daemon.info -i -t AutoUpgrade
#/usr/bin/fetch -o /tmp/latest.tgz.md5 $FETCHFILENAME.md5 | logger -p daemon.info -i -t AutoUpgrade
PMD=`/bin/cat /tmp/latest.tgz.md5 | cut -d" " -f4 `
MD=`/sbin/md5 /tmp/latest.tgz | cut -d" " -f4`
PLATFORM=`cat /usr/local/etc/platform`
echo " Package MD5: ${PMD}" | logger -p daemon.info -i -t AutoUpgrade
echo "Downloaded MD5: ${MD}" | logger -p daemon.info -i -t AutoUpgrade
if [ "$PMD" = "" ]; then
echo "Package MD5 is null md5. Require proxy auth?" | logger -p daemon.info -i -t AutoUpgrade
exit 1
fi
if [ "$MD" = "" ]; then
echo "Downloaded MD5 is null md5. Require proxy auth?" | logger -p daemon.info -i -t AutoUpgrade
exit 1
fi
if [ "$PMD" = "$MD" ]; then
echo "MD5's match." | logger -p daemon.info -i -t AutoUpgrade
echo "Beginning ${product} upgrade." | wall
if [ "$PLATFORM" = "net45xx" ]; then
/usr/local/etc/rc.conf_mount_rw
fi
if [ "$PLATFORM" = "wrap" ]; then
/usr/local/etc/rc.conf_mount_rw
fi
if [ "$PLATFORM" = "nanobsd" ]; then
/usr/local/etc/rc.conf_mount_rw
fi
if [ -r "/tmp/custom.tgz" ]; then
sh /usr/local/etc/rc.firmware pfSenseupgrade /tmp/latest.tgz /tmp/custom.tgz
else
if [ "$PLATFORM" = "nanobsd" ]; then
sh /usr/local/etc/rc.firmware pfSenseNanoBSDupgrade /tmp/latest.tgz
else
sh /usr/local/etc/rc.firmware pfSenseupgrade /tmp/latest.tgz
fi
fi
if [ "$PLATFORM" = "wrap" ]; then
/bin/sync
sleep 5
/usr/local/etc/rc.conf_mount_ro
if [ -e /etc/init_bootloader.sh ]; then
sh /etc/init_bootloader.sh
fi
fi
if [ "$PLATFORM" = "net45xx" ]; then
/bin/sync
sleep 5
/usr/local/etc/rc.conf_mount_ro
if [ -e /etc/init_bootloader.sh ]; then
sh /etc/init_bootloader.sh
fi
fi
exit 0
fi
echo "MD5's do not match. Upgrade aborted." | logger -p daemon.info -i -t AutoUpgrade
rm /tmp/latest*
exit 1
......@@ -134,7 +134,6 @@ if ($_POST && !is_subsystem_dirty('firmwarelock')) {
else if (!file_exists($_FILES['ulfile']['tmp_name'])) {
/* probably out of memory for the MFS */
$input_errors[] = gettext("Image upload failed (out of memory?)");
mwexec("/usr/local/etc/rc.firmware disable");
clear_subsystem_dirty('firmware');
} else {
/* move the image so PHP won't delete it */
......@@ -155,20 +154,10 @@ if ($_POST && !is_subsystem_dirty('firmwarelock')) {
/* fire up the update script in the background */
mark_subsystem_dirty('firmwarelock');
$savemsg = gettext("The firmware is now being updated. The firewall will reboot automatically.");
if (stristr($_FILES['ulfile']['name'],"nanobsd") or $_POST['isnano'] == "yes")
mwexec_bg("/usr/local/etc/rc.firmware pfSenseNanoBSDupgrade {$g['upload_path']}/firmware.tgz");
else if(stristr($_FILES['ulfile']['name'],"bdiff"))
mwexec_bg("/usr/local/etc/rc.firmware delta_update {$g['upload_path']}/firmware.tgz");
else {
if($g['platform'] == "nanobsd")
$whichone = "pfSenseNanoBSDupgrade";
else
$whichone = "pfSenseupgrade";
mwexec_bg("/usr/local/etc/rc.firmware {$whichone} {$g['upload_path']}/firmware.tgz");
unset($whichone);
}
} else
mwexec_bg("/usr/local/etc/rc.firmware pfSenseupgrade {$g['upload_path']}/firmware.tgz");
} else {
$savemsg = sprintf(gettext("Firmware image missing or other error, please try again %s."),$errortext);
}
}
}
}
......
......@@ -172,15 +172,7 @@ if(!$latest_version) {
}
/* launch external upgrade helper */
$external_upgrade_helper_text = "/usr/local/etc/rc.firmware ";
if($g['platform'] == "nanobsd")
$external_upgrade_helper_text .= "pfSenseNanoBSDupgrade ";
else
$external_upgrade_helper_text .= "pfSenseupgrade ";
$external_upgrade_helper_text .= "{$g['upload_path']}/latest.tgz";
$external_upgrade_helper_text = "/usr/local/etc/rc.firmware pfSenseupgrade {$g['upload_path']}/latest.tgz";
$downloaded_latest_tgz_sha256 = str_replace("\n", "", `/sbin/sha256 -q {$g['upload_path']}/latest.tgz`);
$upgrade_latest_tgz_sha256 = str_replace("\n", "", `/bin/cat {$g['upload_path']}/latest.tgz.sha256 | awk '{ print $4 }'`);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment