firmware: merge assorted improvements from master

(cherry picked from commit 95268566)
(cherry picked from commit 5035c508)
(cherry picked from commit 7a068d5b)
(cherry picked from commit c598f2c8)
(cherry picked from commit 4e2b0079)
(cherry picked from commit f34f42d3)
(cherry picked from commit a96b0da4)
(cherry picked from commit 38efa570)
(cherry picked from commit 2c5768dc)

+POST_INSTALL

@@ -30,3 +30,9 @@ fi
 
 echo "Flush Phalcon volt templates"
 rm -f /usr/local/opnsense/mvc/app/cache/*.php
+
+echo "Reloading GUI configuration"
+/usr/local/etc/rc.php_ini_setup
+if pgrep -q php-cgi; then
+	pkill -HUP php-cgi
+fi

src/etc/inc/system.inc

@@ -958,7 +958,7 @@ EOD;
     return $retval;
 }
 
-function system_webgui_start()
+function system_webgui_configure()
 {
     global $config;
 
@@ -1024,10 +1024,13 @@ function system_webgui_start()
       $crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/",
       "cert.pem", "ca.pem");
 
-    /* kill any running lighttpd */
-    killbypid('/var/run/lighty-webConfigurator.pid');
+    killbypid('/var/run/lighty-webConfigurator.pid', 'TERM', true);
 
-    sleep(1);
+    /*
+     * Force reloading all php-cgi children to
+     * avoid hiccups with moved include files.
+     */
+    killbyname('php-cgi', 'HUP');
 
     /* regenerate the php.ini files in case the setup has changed */
     mwexec('/usr/local/etc/rc.php_ini_setup');
@@ -1284,7 +1287,7 @@ EOD;
     if($cert <> "" and $key <> "") {
         $fd = fopen("/var/etc/{$cert_location}", "w");
         if (!$fd) {
-            printf(gettext("Error: cannot open cert.pem in system_webgui_start().%s"), "\n");
+            log_error('Error: cannot open cert.pem in system_webgui_configure()');
             return 1;
         }
         chmod("/var/etc/{$cert_location}", 0600);
@@ -1295,7 +1298,7 @@ EOD;
         if(!(empty($ca) || (strlen(trim($ca)) == 0))) {
             $fd = fopen("/var/etc/{$ca_location}", "w");
             if (!$fd) {
-                printf(gettext("Error: cannot open ca.pem in system_webgui_start().%s"), "\n");
+                log_error('Error: cannot open ca.pem in system_webgui_configure()');
                 return 1;
             }
             chmod("/var/etc/{$ca_location}", 0600);
@@ -1340,7 +1343,7 @@ EOD;
 
     $fd = fopen("{$filename}", "w");
     if (!$fd) {
-        printf(gettext("Error: cannot open %s in system_generate_lighty_config().%s"), $filename, "\n");
+        log_error(sprintf('Error: cannot open %s in system_webgui_configure()', $filename));
         return 1;
     }
     fwrite($fd, $lighty_config);

src/etc/rc.bootup

@@ -265,7 +265,7 @@ local_sync_accounts();
 echo "done.\n";
 
 /* start web server */
-echo 'Starting webConfigurator...'. (system_webgui_start() ? 'done.' : 'failed.') . PHP_EOL;
+echo 'Starting webConfigurator...'. (system_webgui_configure() ? 'done.' : 'failed.') . PHP_EOL;
 
 /* configure cron service */
 echo "Configuring CRON...";

src/etc/rc.halt

 #!/bin/sh
 
-# invoke shared powerdown routines
 . /usr/local/etc/rc.halt.common
 
-# power down the system
 /sbin/shutdown -op now

src/etc/rc.initial.halt

@@ -34,7 +34,7 @@ require_once("system.inc");
 
 $fp = fopen('php://stdin', 'r');
 
-echo "The system will halt and power down.  Do you want to proceed [y|n]? ";
+echo "The system will halt and power off.  Do you want to proceed [y|n]? ";
 
 if (strcasecmp(chop(fgets($fp)), 'y') == 0) {
     system_halt(true);

src/etc/rc.reboot

 #!/bin/sh
 
-# invoke shared powerdown routines
 . /usr/local/etc/rc.halt.common
 
-# reboot the system
 /sbin/shutdown -or now

src/etc/rc.restart_webgui

@@ -16,20 +16,7 @@ system_firmware_configure();
 
 echo 'Restarting webConfigurator...';
 
-killbyname('lighttpd');
-
-/*
- * Force reloading all php-cgi children to
- * avoid hiccups with moved include files.
- */
-killbyname('php-cgi', 'HUP');
-
-while (is_process_running('lighttpd')) {
-        echo '.';
-        sleep(1);
-}
-
-system_webgui_start();
+system_webgui_configure();
 enable_rrd_graphing();
 
 echo 'done.' . PHP_EOL;

src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php

@@ -114,6 +114,44 @@ class FirmwareController extends ApiControllerBase
         return $response;
     }
 
+    /**
+     * perform reboot
+     * @return array status
+     * @throws \Exception
+     */
+    public function rebootAction()
+    {
+        $backend = new Backend();
+        $response = array();
+        if ($this->request->isPost()) {
+            $response['status'] = 'ok';
+            $response['msg_uuid'] = trim($backend->configdRun('firmware reboot', true));
+        } else {
+            $response['status'] = 'failure';
+        }
+
+        return $response;
+    }
+
+    /**
+     * perform poweroff
+     * @return array status
+     * @throws \Exception
+     */
+    public function poweroffAction()
+    {
+        $backend = new Backend();
+        $response = array();
+        if ($this->request->isPost()) {
+            $response['status'] = 'ok';
+            $response['msg_uuid'] = trim($backend->configdRun('firmware poweroff', true));
+        } else {
+            $response['status'] = 'failure';
+        }
+
+        return $response;
+    }
+
     /**
      * perform actual upgrade
      * @return array status

src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt

@@ -91,6 +91,8 @@ POSSIBILITY OF SUCH DAMAGE.
         ajaxCall('/api/core/firmware/upgrade',{upgrade:$.upgrade_action},function() {
             $('#updatelist').empty();
             setTimeout(trackStatus, 500);
+        }).fail(function () {
+            setTimeout(trackStatus, 500);
         });
     }
 
@@ -105,6 +107,8 @@ POSSIBILITY OF SUCH DAMAGE.
         ajaxCall('/api/core/firmware/'+pkg_act+'/'+pkg_name,{},function() {
             $('#updatelist').empty();
             setTimeout(trackStatus, 500);
+        }).fail(function () {
+            setTimeout(trackStatus, 500);
         });
     }
 

src/opnsense/scripts/firmware/install.sh

@@ -37,7 +37,7 @@ fi
 : > ${PKG_PROGRESS_FILE}
 
 echo "***GOT REQUEST TO INSTALL: $PACKAGE***" >> ${PKG_PROGRESS_FILE}
-pkg install -y $PACKAGE >> ${PKG_PROGRESS_FILE}
-pkg autoremove -y >> ${PKG_PROGRESS_FILE}
-pkg clean -ya >> ${PKG_PROGRESS_FILE}
+pkg install -y $PACKAGE 2>&1 >> ${PKG_PROGRESS_FILE}
+pkg autoremove -y 2>&1 >> ${PKG_PROGRESS_FILE}
+pkg clean -ya 2>&1 >> ${PKG_PROGRESS_FILE}
 echo '***DONE***' >> ${PKG_PROGRESS_FILE}

src/opnsense/scripts/firmware/lock.sh

@@ -37,5 +37,5 @@ fi
 : > ${PKG_PROGRESS_FILE}
 
 echo "***GOT REQUEST TO LOCK: $PACKAGE***" >> ${PKG_PROGRESS_FILE}
-pkg lock -y $PACKAGE >> ${PKG_PROGRESS_FILE}
+pkg lock -y $PACKAGE 2>&1 >> ${PKG_PROGRESS_FILE}
 echo '***DONE***' >> ${PKG_PROGRESS_FILE}

src/opnsense/scripts/firmware/reinstall.sh

@@ -37,7 +37,7 @@ fi
 : > ${PKG_PROGRESS_FILE}
 
 echo "***GOT REQUEST TO REINSTALL: $PACKAGE***" >> ${PKG_PROGRESS_FILE}
-pkg install -yf $PACKAGE >> ${PKG_PROGRESS_FILE}
-pkg autoremove -y >> ${PKG_PROGRESS_FILE}
-pkg clean -ya >> ${PKG_PROGRESS_FILE}
+pkg install -yf $PACKAGE 2>&1 >> ${PKG_PROGRESS_FILE}
+pkg autoremove -y 2>&1 >> ${PKG_PROGRESS_FILE}
+pkg clean -ya 2>&1 >> ${PKG_PROGRESS_FILE}
 echo '***DONE***' >> ${PKG_PROGRESS_FILE}

src/opnsense/scripts/firmware/remove.sh

@@ -37,7 +37,7 @@ fi
 : > ${PKG_PROGRESS_FILE}
 
 echo "***GOT REQUEST TO REINSTALL: $PACKAGE***" >> ${PKG_PROGRESS_FILE}
-pkg remove -y $PACKAGE >> ${PKG_PROGRESS_FILE}
-pkg autoremove -y >> ${PKG_PROGRESS_FILE}
-pkg clean -ya >> ${PKG_PROGRESS_FILE}
+pkg remove -y $PACKAGE 2>&1 >> ${PKG_PROGRESS_FILE}
+pkg autoremove -y 2>&1 >> ${PKG_PROGRESS_FILE}
+pkg clean -ya 2>&1 >> ${PKG_PROGRESS_FILE}
 echo '***DONE***' >> ${PKG_PROGRESS_FILE}

src/opnsense/scripts/firmware/unlock.sh

@@ -37,5 +37,5 @@ fi
 : > ${PKG_PROGRESS_FILE}
 
 echo "***GOT REQUEST TO UNLOCK: $PACKAGE***" >> ${PKG_PROGRESS_FILE}
-pkg unlock -y $PACKAGE >> ${PKG_PROGRESS_FILE}
+pkg unlock -y $PACKAGE 2>&1 >> ${PKG_PROGRESS_FILE}
 echo '***DONE***' >> ${PKG_PROGRESS_FILE}

src/opnsense/scripts/firmware/upgrade.sh

@@ -41,17 +41,17 @@ echo "***GOT REQUEST TO UPGRADE: $PACKAGE***" >> ${PKG_PROGRESS_FILE}
 
 if [ "$PACKAGE" == "all" ]; then
 	# update all installed packages
-	opnsense-update -p >> ${PKG_PROGRESS_FILE}
+	opnsense-update -p 2>&1 >> ${PKG_PROGRESS_FILE}
 	# restart the web server
-	/usr/local/etc/rc.restart_webgui >> ${PKG_PROGRESS_FILE}
+	/usr/local/etc/rc.restart_webgui 2>&1 >> ${PKG_PROGRESS_FILE}
 	# if we can update base, we'll do that as well
 	if opnsense-update -c; then
-		if opnsense-update -bk >> ${PKG_PROGRESS_FILE}; then
+		if opnsense-update -bk 2>&1 >> ${PKG_PROGRESS_FILE}; then
 			REBOOT=1
 		fi
 	fi
 elif [ "$PACKAGE" == "pkg" ]; then
-	pkg upgrade -y $PACKAGE >> ${PKG_PROGRESS_FILE}
+	pkg upgrade -y $PACKAGE 2>&1 >> ${PKG_PROGRESS_FILE}
 	echo  "*** PLEASE CHECK FOR MORE UPGRADES"
 else
 	echo "Cannot update $PACKAGE" >> ${PKG_PROGRESS_FILE}

src/opnsense/service/conf/actions.d/actions_firmware.conf

@@ -41,7 +41,7 @@ type:script
 message: remove firmware package %s
 
 [status]
-command:cat /tmp/pkg_upgrade.progress 2>&1 || exit 0
+command: /usr/bin/touch /tmp/pkg_upgrade.progress 2>&1; /bin/cat /tmp/pkg_upgrade.progress 2>&1
 parameters:
 type:script_output
 message:retrieve upgrade progress status
@@ -69,3 +69,22 @@ command:/usr/local/sbin/opnsense-update -sn
 parameters:%s
 type:script
 message:switching firmware flavour to %s
+
+[reboot]
+command:/usr/local/etc/rc.reboot
+parameters:
+type:script
+message:issued firmware reboot
+
+[poweroff]
+command:/usr/local/etc/rc.halt
+parameters:
+type:script
+message:issued firmware power off
+
+[auto-update]
+command:/usr/local/etc/rc.firmware
+description:Automatic firmware update
+parameters:
+type:script
+message:attempting automatic firmware update

src/opnsense/service/conf/actions.d/actions_ids.conf

@@ -62,12 +62,12 @@ message:get suricata daemon status
 command:/usr/local/opnsense/scripts/suricata/rule-updater.py && /usr/local/opnsense/scripts/suricata/installRules.py && /usr/local/bin/geoipupdate.sh && pkill -USR2 suricata
 parameters:
 type:script
-message:update and reload suricata rules
-description: update IDS rules
+message:update and reload intrusion detection rules
+description:Update and reload intrusion detection rules
 
 [reload]
 command:/usr/local/opnsense/scripts/suricata/installRules.py && pkill -USR2 suricata
 parameters:
 type:script
-message:reload suricata rules
-description: update IDS rules
+message:reload intrusion detection rules
+description:Reload intrusion detection rules

src/opnsense/service/conf/actions.d/actions_proxy.conf

@@ -32,12 +32,12 @@ message:request proxy status
 command:/usr/local/opnsense/scripts/proxy/fetchACLs.py&&/usr/local/etc/rc.d/squid reload
 parameters:
 type:script
-message:Fetch ACLs from remote locations
-description:Fetch external Proxy (squid) ACLs
+message:download and reload proxy ACLs from remote locations
+description:Download and reload external proxy ACLs
 
 [downloadacls]
 command:/usr/local/opnsense/scripts/proxy/fetchACLs.py
 parameters:
 type:script
-message:Download ACLs from remote locations
-description:Download external Proxy (squid) ACLs
+message:download proxy ACLs from remote locations
+description:Download external proxy ACLs