firmware: remove gzsig utility usage

We have moved on to other means of firmware upgrades.  Gives us
the opportunity to do a little spring clean here.  (Plus I don't
have to fix the gzsig port anymore.)

src/etc/inc/util.inc

@@ -1287,16 +1287,6 @@ function ip_in_subnet($addr,$subnet) {
 	}
 }
 
-/* verify (and remove) the digital signature on a file - returns 0 if OK */
-function verify_digital_signature($fname) {
-	global $g;
-
-	if(!file_exists("/usr/local/sbin/gzsig"))
-		return 4;
-
-	return mwexec("/usr/local/sbin/gzsig verify /usr/local/pubkey.pem < " . escapeshellarg($fname));
-}
-
 /* obtain MAC address given an IP address by looking at the ARP table */
 function arp_get_mac_by_ip($ip) {
 	mwexec("/sbin/ping -c 1 -t 1 " . escapeshellarg($ip), true);

src/etc/pubkey.pem

-ssh-dss AAAAB3NzaC1kc3MAAACBAN08c22jym3KCRUF8/rKNXgU/J0vv6UC9eCta/ATTNgeW/z2rp/HsjcPkMLx9dLaqufShC0VzsUbGlqCsdQT8jfwBiLG2pjUkX20qTStRG/rs9Tv0rS/8eVNT/DbQ6zL3PTdp+XAIq+KQLucqcBazTqSzyF7ghZ7OVmsX1/ixTP3AAAAFQCYcP378X/dQ08l6u8O5uvEtxbvEwAAAIEAyOOuWttXGrprzBhKrjhop58bZTOZp0J0IMHMwi/J+K3HUuPZnaltGoW21MjqSvVor4m22r/3b8aUIom+jp4I/bmpxTOUgO6owTlCVX614fGPWcCw2M017aghQ/vUa/92DaMLO//FYD8X2b7WgyPNrJh9ckZ14oncBleJUfXmue8AAACBAKw00/IkoMJzTumFfT9+Jb442O1KZvtGyj1YWpyYXf3xbQFGXND7m4rTIS2zPvTcOauCHbZwZ9uBxE4zTdlGJ4XirPEbWwOl1TU71bZ3OqonVesyqSC04LLiuLGlIHyXxyc/UCzg1UL8mCBlLzqmPUkJoL0ZINo8Raqip8WM63KM root@freebsd-nexus-computers.pfsense.org

src/www/system_firmware.php

 <?php
+
 /*
 	Copyright (C) 2014 Deciso B.V.
 	Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com>
-	All rights reserved.
-
-	originally part of m0n0wall (http://m0n0.ch/wall)
 	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
 	All rights reserved.
 
@@ -142,16 +140,6 @@ if ($_POST && !is_subsystem_dirty('firmwarelock')) {
 					/* move the image so PHP won't delete it */
 					rename($_FILES['ulfile']['tmp_name'], "{$g['upload_path']}/firmware.tgz");
 
-					/* check digital signature */
-					$sigchk = verify_digital_signature("{$g['upload_path']}/firmware.tgz");
-
-					if ($sigchk == 1)
-						$sig_warning = gettext("The digital signature on this image is invalid.");
-					else if ($sigchk == 2 && !isset($config['system']['firmware']['allowinvalidsig']))
-						$sig_warning = gettext("This image is not digitally signed.");
-					else if (($sigchk >= 3))
-						$sig_warning = gettext("There has been an error verifying the signature on this image.");
-
 					if (!verify_gzip_file("{$g['upload_path']}/firmware.tgz")) {
 						$input_errors[] = gettext("The image file is corrupt.");
 						unlink("{$g['upload_path']}/firmware.tgz");

src/www/system_firmware_auto.php

@@ -184,32 +184,11 @@ $external_upgrade_helper_text .= "{$g['upload_path']}/latest.tgz";
 $downloaded_latest_tgz_sha256 = str_replace("\n", "", `/sbin/sha256 -q {$g['upload_path']}/latest.tgz`);
 $upgrade_latest_tgz_sha256 = str_replace("\n", "", `/bin/cat {$g['upload_path']}/latest.tgz.sha256 | awk '{ print $4 }'`);
 
-$sigchk = 0;
-
-if(!isset($curcfg['alturl']['enable']))
-	$sigchk = verify_digital_signature("{$g['upload_path']}/latest.tgz");
-
-$exitstatus = 0;
-if ($sigchk == 1) {
-	$sig_warning = gettext("The digital signature on this image is invalid.");
-	$exitstatus = 1;
-} else if ($sigchk == 2) {
-	$sig_warning = gettext("This image is not digitally signed.");
-	if (!isset($config['system']['firmware']['allowinvalidsig']))
-		$exitstatus = 1;
-} else if (($sigchk >= 3)) {
-	$sig_warning = gettext("There has been an error verifying the signature on this image.");
-	$exitstatus = 1;
-}
-
 if ($exitstatus) {
 	update_status($sig_warning);
 	update_output_window(gettext("Update cannot continue.  You can disable this check on the Updater Settings tab."));
 	require("fend.inc");
 	exit;
-} else if ($sigchk == 2) {
-	update_status("Upgrade in progress...");
-	update_output_window("\n" . gettext("Upgrade Image does not contain a signature but the system has been configured to allow unsigned images. One moment please...") . "\n");
 }
 
 if (!verify_gzip_file("{$g['upload_path']}/latest.tgz")) {

src/www/system_firmware_settings.php

 <?php
+
 /*
-        Copyright (C) 2014 Deciso B.V.
-		Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com>
-        Copyright (C) 2005 Colin Smith
-        All rights reserved.
+	Copyright (C) 2014 Deciso B.V.
+	Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com>
+	Copyright (C) 2005 Colin Smith
+	All rights reserved.
 
 	Redistribution and use in source and binary forms, with or without
 	modification, are permitted provided that the following conditions are met:
@@ -27,7 +28,7 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
-require("guiconfig.inc");
+require_once('guiconfig.inc');
 
 if ($_POST) {
 	if (!$input_errors) {
@@ -40,10 +41,6 @@ if ($_POST) {
 			unset($config['system']['firmware']['alturl']);
 			unset($config['system']['firmware']);
 		}
-		if($_POST['allowinvalidsig'] == "yes")
-			$config['system']['firmware']['allowinvalidsig'] = true;
-		else
-			unset($config['system']['firmware']['allowinvalidsig']);
 
 		if($_POST['disablecheck'] == "yes")
 			$config['system']['firmware']['disablecheck'] = true;
@@ -173,15 +170,6 @@ function enable_altfirmwareurl(enable_over) {
                             </thead>
 
                             <tbody>
-				<tr style="display:none"> <!--Unsupported Feuature, hide it-->
-					<td width="22%" valign="top" class="vncell"><?=gettext("Unsigned images"); ?></td>
-					<td width="78%" class="vtable">
-						<input name="allowinvalidsig" type="checkbox" id="allowinvalidsig" value="yes" <?php if (isset($curcfg['allowinvalidsig'])) echo "checked=\"checked\""; ?> />
-						<br />
-						<?=gettext("Allow auto-update firmware images with a missing or invalid digital signature to be used."); ?>
-					</td>
-				</tr>
-
 				<tr>
 					<td width="22%" valign="top" class="vncell"><?=gettext("Dashboard check"); ?></td>
 					<td width="78%" class="vtable">