Commit 75a08cb2 authored by Franco Fichtner's avatar Franco Fichtner

firmware: remove gzsig utility usage

We have moved on to other means of firmware upgrades.  Gives us
the opportunity to do a little spring clean here.  (Plus I don't
have to fix the gzsig port anymore.)
parent 4cf690e0
...@@ -1287,16 +1287,6 @@ function ip_in_subnet($addr,$subnet) { ...@@ -1287,16 +1287,6 @@ function ip_in_subnet($addr,$subnet) {
} }
} }
/* verify (and remove) the digital signature on a file - returns 0 if OK */
function verify_digital_signature($fname) {
global $g;
if(!file_exists("/usr/local/sbin/gzsig"))
return 4;
return mwexec("/usr/local/sbin/gzsig verify /usr/local/pubkey.pem < " . escapeshellarg($fname));
}
/* obtain MAC address given an IP address by looking at the ARP table */ /* obtain MAC address given an IP address by looking at the ARP table */
function arp_get_mac_by_ip($ip) { function arp_get_mac_by_ip($ip) {
mwexec("/sbin/ping -c 1 -t 1 " . escapeshellarg($ip), true); mwexec("/sbin/ping -c 1 -t 1 " . escapeshellarg($ip), true);
......
ssh-dss AAAAB3NzaC1kc3MAAACBAN08c22jym3KCRUF8/rKNXgU/J0vv6UC9eCta/ATTNgeW/z2rp/HsjcPkMLx9dLaqufShC0VzsUbGlqCsdQT8jfwBiLG2pjUkX20qTStRG/rs9Tv0rS/8eVNT/DbQ6zL3PTdp+XAIq+KQLucqcBazTqSzyF7ghZ7OVmsX1/ixTP3AAAAFQCYcP378X/dQ08l6u8O5uvEtxbvEwAAAIEAyOOuWttXGrprzBhKrjhop58bZTOZp0J0IMHMwi/J+K3HUuPZnaltGoW21MjqSvVor4m22r/3b8aUIom+jp4I/bmpxTOUgO6owTlCVX614fGPWcCw2M017aghQ/vUa/92DaMLO//FYD8X2b7WgyPNrJh9ckZ14oncBleJUfXmue8AAACBAKw00/IkoMJzTumFfT9+Jb442O1KZvtGyj1YWpyYXf3xbQFGXND7m4rTIS2zPvTcOauCHbZwZ9uBxE4zTdlGJ4XirPEbWwOl1TU71bZ3OqonVesyqSC04LLiuLGlIHyXxyc/UCzg1UL8mCBlLzqmPUkJoL0ZINo8Raqip8WM63KM root@freebsd-nexus-computers.pfsense.org
<?php <?php
/* /*
Copyright (C) 2014 Deciso B.V. Copyright (C) 2014 Deciso B.V.
Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com> Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com>
All rights reserved.
originally part of m0n0wall (http://m0n0.ch/wall)
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
All rights reserved. All rights reserved.
...@@ -142,16 +140,6 @@ if ($_POST && !is_subsystem_dirty('firmwarelock')) { ...@@ -142,16 +140,6 @@ if ($_POST && !is_subsystem_dirty('firmwarelock')) {
/* move the image so PHP won't delete it */ /* move the image so PHP won't delete it */
rename($_FILES['ulfile']['tmp_name'], "{$g['upload_path']}/firmware.tgz"); rename($_FILES['ulfile']['tmp_name'], "{$g['upload_path']}/firmware.tgz");
/* check digital signature */
$sigchk = verify_digital_signature("{$g['upload_path']}/firmware.tgz");
if ($sigchk == 1)
$sig_warning = gettext("The digital signature on this image is invalid.");
else if ($sigchk == 2 && !isset($config['system']['firmware']['allowinvalidsig']))
$sig_warning = gettext("This image is not digitally signed.");
else if (($sigchk >= 3))
$sig_warning = gettext("There has been an error verifying the signature on this image.");
if (!verify_gzip_file("{$g['upload_path']}/firmware.tgz")) { if (!verify_gzip_file("{$g['upload_path']}/firmware.tgz")) {
$input_errors[] = gettext("The image file is corrupt."); $input_errors[] = gettext("The image file is corrupt.");
unlink("{$g['upload_path']}/firmware.tgz"); unlink("{$g['upload_path']}/firmware.tgz");
......
...@@ -184,32 +184,11 @@ $external_upgrade_helper_text .= "{$g['upload_path']}/latest.tgz"; ...@@ -184,32 +184,11 @@ $external_upgrade_helper_text .= "{$g['upload_path']}/latest.tgz";
$downloaded_latest_tgz_sha256 = str_replace("\n", "", `/sbin/sha256 -q {$g['upload_path']}/latest.tgz`); $downloaded_latest_tgz_sha256 = str_replace("\n", "", `/sbin/sha256 -q {$g['upload_path']}/latest.tgz`);
$upgrade_latest_tgz_sha256 = str_replace("\n", "", `/bin/cat {$g['upload_path']}/latest.tgz.sha256 | awk '{ print $4 }'`); $upgrade_latest_tgz_sha256 = str_replace("\n", "", `/bin/cat {$g['upload_path']}/latest.tgz.sha256 | awk '{ print $4 }'`);
$sigchk = 0;
if(!isset($curcfg['alturl']['enable']))
$sigchk = verify_digital_signature("{$g['upload_path']}/latest.tgz");
$exitstatus = 0;
if ($sigchk == 1) {
$sig_warning = gettext("The digital signature on this image is invalid.");
$exitstatus = 1;
} else if ($sigchk == 2) {
$sig_warning = gettext("This image is not digitally signed.");
if (!isset($config['system']['firmware']['allowinvalidsig']))
$exitstatus = 1;
} else if (($sigchk >= 3)) {
$sig_warning = gettext("There has been an error verifying the signature on this image.");
$exitstatus = 1;
}
if ($exitstatus) { if ($exitstatus) {
update_status($sig_warning); update_status($sig_warning);
update_output_window(gettext("Update cannot continue. You can disable this check on the Updater Settings tab.")); update_output_window(gettext("Update cannot continue. You can disable this check on the Updater Settings tab."));
require("fend.inc"); require("fend.inc");
exit; exit;
} else if ($sigchk == 2) {
update_status("Upgrade in progress...");
update_output_window("\n" . gettext("Upgrade Image does not contain a signature but the system has been configured to allow unsigned images. One moment please...") . "\n");
} }
if (!verify_gzip_file("{$g['upload_path']}/latest.tgz")) { if (!verify_gzip_file("{$g['upload_path']}/latest.tgz")) {
......
<?php <?php
/* /*
Copyright (C) 2014 Deciso B.V. Copyright (C) 2014 Deciso B.V.
Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com> Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com>
...@@ -27,7 +28,7 @@ ...@@ -27,7 +28,7 @@
POSSIBILITY OF SUCH DAMAGE. POSSIBILITY OF SUCH DAMAGE.
*/ */
require("guiconfig.inc"); require_once('guiconfig.inc');
if ($_POST) { if ($_POST) {
if (!$input_errors) { if (!$input_errors) {
...@@ -40,10 +41,6 @@ if ($_POST) { ...@@ -40,10 +41,6 @@ if ($_POST) {
unset($config['system']['firmware']['alturl']); unset($config['system']['firmware']['alturl']);
unset($config['system']['firmware']); unset($config['system']['firmware']);
} }
if($_POST['allowinvalidsig'] == "yes")
$config['system']['firmware']['allowinvalidsig'] = true;
else
unset($config['system']['firmware']['allowinvalidsig']);
if($_POST['disablecheck'] == "yes") if($_POST['disablecheck'] == "yes")
$config['system']['firmware']['disablecheck'] = true; $config['system']['firmware']['disablecheck'] = true;
...@@ -173,15 +170,6 @@ function enable_altfirmwareurl(enable_over) { ...@@ -173,15 +170,6 @@ function enable_altfirmwareurl(enable_over) {
</thead> </thead>
<tbody> <tbody>
<tr style="display:none"> <!--Unsupported Feuature, hide it-->
<td width="22%" valign="top" class="vncell"><?=gettext("Unsigned images"); ?></td>
<td width="78%" class="vtable">
<input name="allowinvalidsig" type="checkbox" id="allowinvalidsig" value="yes" <?php if (isset($curcfg['allowinvalidsig'])) echo "checked=\"checked\""; ?> />
<br />
<?=gettext("Allow auto-update firmware images with a missing or invalid digital signature to be used."); ?>
</td>
</tr>
<tr> <tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Dashboard check"); ?></td> <td width="22%" valign="top" class="vncell"><?=gettext("Dashboard check"); ?></td>
<td width="78%" class="vtable"> <td width="78%" class="vtable">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment