Commit 5fc6cd1b authored by Franco Fichtner's avatar Franco Fichtner

firmware: major upgrade through GUI and Cron improvements

(cherry picked from commit 7e7af55d)
(cherry picked from commit 70253d94)
(cherry picked from commit 0502860e)
(cherry picked from commit 386ea4f4)
(cherry picked from commit 5198b7d4)
(cherry picked from commit b73c0e7d)
(cherry picked from commit 4f88f025)
(cherry picked from commit 650254c1)
(cherry picked from commit e9f999d0)
(cherry picked from commit 5f5e438f)
(cherry picked from commit 5daf7785)
(cherry picked from commit f83f556a)
(cherry picked from commit 39710372)
(cherry picked from commit 321c46c4)
(cherry picked from commit 6a745665)
(cherry picked from commit c985c5d5)
(cherry picked from commit d80cb40a)
(cherry picked from commit 29899040)
(cherry picked from commit ebdc35c5)
(cherry picked from commit 951ea35c)
(cherry picked from commit 93072dd8)
(cherry picked from commit a42e3b68)
parent 9374b8ad
......@@ -69,6 +69,7 @@
/usr/local/etc/pkg/fingerprints/OPNsense/revoked/pkg.opnsense.org.20160630
/usr/local/etc/pkg/fingerprints/OPNsense/trusted/opnsense-update.deciso.com.20160725
/usr/local/etc/pkg/fingerprints/OPNsense/trusted/pkg.opnsense.org.20161210
/usr/local/etc/pkg/fingerprints/OPNsense/trusted/pkg.opnsense.org.20170625
/usr/local/etc/rc
/usr/local/etc/rc.backup_captiveportal
/usr/local/etc/rc.backup_dhcpleases
......
function: "sha256"
fingerprint: "296005724e9b270b56c442ef753ccc8aa05253d8b45eaaf68b1aa7b5d24ef942"
#!/bin/sh
# Copyright (c) 2015-2016 Franco Fichtner <franco@opnsense.org>
# Copyright (c) 2015-2017 Franco Fichtner <franco@opnsense.org>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
......@@ -30,6 +30,13 @@ set -e
LOCKFILE="/tmp/pkg_upgrade.progress"
PIPEFILE="/tmp/pkg_upgrade.pipe"
TEE="/usr/bin/tee -a"
RELEASE=
if [ "${1}" = "upgrade" -a -n "${2}" ]; then
RELEASE=${2}
elif [ "${1}" = "ALLOW_RISKY_MAJOR_UPGRADE" ]; then
RELEASE=$(cat /usr/local/opnsense/firmware-upgrade 2> /dev/null)
fi
: > ${LOCKFILE}
rm -f ${PIPEFILE}
......@@ -37,7 +44,7 @@ mkfifo ${PIPEFILE}
echo "***GOT REQUEST TO UPGRADE***" >> ${LOCKFILE}
if [ -z "${1}" ]; then
if [ -z "${RELEASE}" ]; then
# upgrade all packages if possible
${TEE} ${LOCKFILE} < ${PIPEFILE} &
opnsense-update -p 2>&1 > ${PIPEFILE}
......@@ -55,10 +62,10 @@ if [ -z "${1}" ]; then
/usr/local/etc/rc.reboot
fi
fi
elif [ "${1}" = "upgrade" -a -n "${2}" ]; then
else
# upgrade to a major release
${TEE} ${LOCKFILE} < ${PIPEFILE} &
if opnsense-update -ur ${2} 2>&1 > ${PIPEFILE}; then
if opnsense-update -ur ${RELEASE} 2>&1 > ${PIPEFILE}; then
echo '***REBOOT***' >> ${LOCKFILE}
sleep 5
/usr/local/etc/rc.reboot
......
......@@ -47,6 +47,7 @@ class FirmwareController extends ApiControllerBase
{
$this->sessionClose(); // long running action, close session
$backend = new Backend();
$backend->configdRun('firmware changelog fetch');
$response = json_decode(trim($backend->configdRun('firmware check')), true);
if ($response != null) {
......@@ -171,13 +172,20 @@ class FirmwareController extends ApiControllerBase
$backend = new Backend();
$response = array();
if ($this->request->isPost()) {
if (!$this->request->isPost()) {
return $response;
}
// sanitize package name
$filter = new \Phalcon\Filter();
$filter->add('version', function ($value) {
return preg_replace('/[^0-9a-zA-Z\.]/', '', $value);
});
$version = $filter->sanitize($version, 'version');
if ($version == 'update') {
$backend->configdRun('firmware changelog fetch');
} else {
$text = trim($backend->configdRun(sprintf('firmware changelog text %s', $version)));
$html = trim($backend->configdRun(sprintf('firmware changelog html %s', $version)));
if (!empty($text)) {
......@@ -266,12 +274,14 @@ class FirmwareController extends ApiControllerBase
{
$backend = new Backend();
$response = array();
if ($this->request->hasPost("upgrade")) {
if ($this->request->hasPost('upgrade')) {
$response['status'] = 'ok';
if ($this->request->getPost("upgrade") == "pkg") {
$action = "firmware upgrade pkg";
if ($this->request->getPost('upgrade') == 'pkg') {
$action = 'firmware upgrade pkg';
} elseif ($this->request->getPost('upgrade') == 'maj') {
$action = 'firmware upgrade maj';
} else {
$action = "firmware upgrade all";
$action = 'firmware upgrade all';
}
$response['msg_uuid'] = trim($backend->configdRun($action, true));
} else {
......
......@@ -113,8 +113,12 @@ POSSIBILITY OF SUCH DAMAGE.
$('#updatetab > a').tab('show');
$('#updatestatus').html("{{ lang._('Upgrading...') }}");
$("#audit").attr("style","display:none");
$("#upgrade").attr("style","");
$("#upgrade_progress").addClass("fa fa-spinner fa-pulse");
maj_suffix = '';
if ($.upgrade_action == 'maj') {
maj_suffix = '_maj';
}
$("#upgrade" + maj_suffix).attr("style","");
$("#upgrade_progress" + maj_suffix).addClass("fa fa-spinner fa-pulse");
ajaxCall('/api/core/firmware/upgrade',{upgrade:$.upgrade_action},function() {
$('#updatelist').empty();
......@@ -207,21 +211,27 @@ POSSIBILITY OF SUCH DAMAGE.
/**
* check if a reboot is required, warn user or just upgrade
*/
function upgrade_ui(){
function upgrade_ui()
{
if ( $.upgrade_needs_reboot == "1" ) {
reboot_mgs = "{{ lang._('The firewall will reboot directly after this firmware update.') }}";
if ($.upgrade_action == 'maj') {
reboot_msg = "{{ lang._('The firewall will download all firmware sets and reboot multiple times for this upgrade. All operating system files and packages will be reinstalled as a consequence. This may take several minutes to complete.') }}";
}
// reboot required, inform the user.
BootstrapDialog.show({
type:BootstrapDialog.TYPE_WARNING,
title: 'Reboot required',
message: 'The firewall will be rebooted directly after this firmware update.',
title: "{{ lang._('Reboot required') }}",
message: reboot_msg,
buttons: [{
label: 'Ok',
label: "{{ lang._('OK') }}",
cssClass: 'btn-warning',
action: function(dialogRef){
dialogRef.close();
upgrade();
}
},{
label: 'Abort',
label: "{{ lang._('Abort') }}",
action: function(dialogRef){
dialogRef.close();
}
......@@ -253,8 +263,10 @@ POSSIBILITY OF SUCH DAMAGE.
$('#update_status').scrollTop($('#update_status')[0].scrollHeight);
}
if (data['status'] == 'done') {
$("#upgrade_progress_maj").removeClass("fa fa-spinner fa-pulse");
$("#upgrade_progress").removeClass("fa fa-spinner fa-pulse");
$("#audit_progress").removeClass("fa fa-spinner fa-pulse");
$("#upgrade_maj").attr("style","display:none");
$("#upgrade").attr("style","display:none");
$("#audit").attr("style","");
if ($.upgrade_action == 'pkg') {
......@@ -471,10 +483,40 @@ POSSIBILITY OF SUCH DAMAGE.
$('#checkupdate').click(updateStatus);
$('#upgrade').click(upgrade_ui);
$('#audit').click(audit);
// show upgrade message if there
if ($('#message').html() != '') {
$('#message').attr('style', '');
$('#upgrade_maj').click(function () {
$.upgrade_needs_reboot = 1;
$.upgrade_action = 'maj';
upgrade_ui();
});
$('#checkupdate_maj').click(function () {
$("#checkupdate_progress_maj").addClass("fa fa-spinner fa-pulse");
// empty call refreshes changelogs in the background
ajaxCall('/api/core/firmware/changelog/update', {}, function () {
$("#checkupdate_progress_maj").removeClass("fa fa-spinner fa-pulse");
BootstrapDialog.show({
type:BootstrapDialog.TYPE_WARNING,
title: "{{ lang._('Upgrade instructions') }}",
message: $('#firmware-message').html(),
buttons: [{
<?php if (file_exists('/usr/local/opnsense/firmware-upgrade')): ?>
label: "{{ lang._('Unlock upgrade') }}",
cssClass: 'btn-warning',
action: function (dialogRef) {
dialogRef.close();
$("#upgrade_maj").attr("style","");
changelog($('#firmware-upgrade').text());
}
},{
<?php endif ?>
label: "{{ lang._('Close') }}",
action: function (dialogRef) {
dialogRef.close();
}
}]
});
packagesInfo(true);
});
});
// populate package information
packagesInfo(true);
......@@ -600,9 +642,17 @@ POSSIBILITY OF SUCH DAMAGE.
<div class="container-fluid">
<div class="row">
<div id="message" style="display:none" class="alert alert-warning" role="alert"><?= @file_get_contents('/usr/local/opnsense/firmware-message') ?></div>
<?php if (file_exists('/usr/local/opnsense/firmware-message')): ?>
<div id="firmware-upgrade" style="display:none;"><?= @file_get_contents('/usr/local/opnsense/firmware-upgrade') ?></div>
<div id="firmware-message" style="display:none;"><?= @file_get_contents('/usr/local/opnsense/firmware-message') ?></div>
<div class="alert alert-warning" role="alert" style="min-height: 65px;">
<button class='btn btn-primary pull-right' id="upgrade_maj" style="display:none;"><i id="upgrade_progress_maj" class=""></i> {{ lang._('Upgrade now') }}</button>
<button class='btn pull-right' id="checkupdate_maj" style="margin-right: 8px;"><i id="checkupdate_progress_maj" class=""></i> {{ lang._('Check for upgrade') }}</button>
<div style="margin-top: 8px;">{{ lang._('This software release has reached its designated end of life.') }}</div>
</div>
<?php endif ?>
<div class="alert alert-info" role="alert" style="min-height: 65px;">
<button class='btn btn-primary pull-right' id="upgrade" style="display:none"><i id="upgrade_progress" class=""></i> {{ lang._('Upgrade now') }}</button>
<button class='btn btn-primary pull-right' id="upgrade" style="display:none"><i id="upgrade_progress" class=""></i> {{ lang._('Update now') }}</button>
<button class='btn btn-primary pull-right' id="audit"><i id="audit_progress" class=""></i> {{ lang._('Audit now') }}</button>
<button class='btn btn-default pull-right' id="checkupdate" style="margin-right: 8px;"><i id="checkupdate_progress" class=""></i> {{ lang._('Check for updates')}}</button>
<div style="margin-top: 8px;" id="updatestatus">{{ lang._('Click to check for updates.')}}</div>
......
......@@ -54,7 +54,7 @@ download_size="none"
itemcount=0
linecount=0
timer=0
timeout=30 # Wait for a maximum number of seconds to determine connection issues
timeout=45 # Wait for a maximum number of seconds to determine connection issues
# File location variables
tmp_pkg_output_file="/tmp/packages.output"
......@@ -63,8 +63,6 @@ tmp_pkg_update_file="/tmp/pkg_updates.output"
# Check if pkg is already runnig
pkg_running=`ps -x | grep "pkg " | grep -v "grep"`
if [ "$pkg_running" == "" ]; then
# load changelogs first
/usr/local/opnsense/scripts/firmware/changelog.sh fetch
# start pkg update
pkg update -f > $tmp_pkg_update_file &
pkg_running="started" # Set running state to arbitrary value
......
#!/bin/sh
# Copyright (C) 2015-2016 Franco Fichtner <franco@opnsense.org>
# Copyright (C) 2015-2017 Franco Fichtner <franco@opnsense.org>
# Copyright (C) 2014 Deciso B.V.
# All rights reserved.
#
......@@ -45,6 +45,20 @@ if [ "$PACKAGE" == "all" ]; then
REBOOT=1
fi
fi
elif [ "$PACKAGE" == "maj" ]; then
# extract info for major upgrade
UPGRADE="/usr/local/opnsense/firmware-upgrade"
NAME=unknown
if [ -f ${UPGRADE} ]; then
NAME=$(cat ${UPGRADE})
fi
# perform first half of major upgrade
# (download all + kernel install)
if opnsense-update -ur "${NAME}" >> ${PKG_PROGRESS_FILE} 2>&1; then
REBOOT=1
fi
# second half reboots multiple times,
# but will snap the GUI back when done
elif [ "$PACKAGE" == "pkg" ]; then
pkg upgrade -y $PACKAGE >> ${PKG_PROGRESS_FILE} 2>&1
echo "*** PLEASE CHECK FOR MORE UPGRADES"
......
......@@ -135,6 +135,6 @@ message:issued firmware power off
[auto-update]
command:/usr/local/etc/rc.firmware
description:Automatic firmware update
parameters:
parameters:%s
type:script
message:attempting automatic firmware update
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment