/etc/rc.initial.firmware_update - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/rc.initial.firmware_update @ 1ca17c45

1	f4feb493	Scott Ullrich	#!/usr/local/bin/php -f
2
3			<?php
4
5	5b6eac01	Scott Ullrich	require("globals.inc");
6	45e63af1	Scott Ullrich	require("config.inc");
7			require("functions.inc");
8	5f2d078e	Scott Ullrich
9	5b6eac01	Scott Ullrich	echo "Starting the {$g['product_name']} console firmware update system";
10
11	f4feb493	Scott Ullrich	require("functions.inc");
12			echo ".";
13
14	b043503a	jim-p	if(isset($config['system']['firmware']['alturl']['enable']))
15			$updater_url = "{$config['system']['firmware']['alturl']['firmwareurl']}";
16			else
17			$updater_url = $g['update_url'];
18
19			$nanosize = "";
20			if ($g['platform'] == "nanobsd") {
21			if (file_exists("/etc/nano_use_vga.txt"))
22			$nanosize = "-nanobsd-vga-";
23			else
24			$nanosize = "-nanobsd-";
25
26			$nanosize .= strtolower(trim(file_get_contents("/etc/nanosize.txt")));
27			$update_filename = "latest{$nanosize}.img.gz";
28			} else {
29			$update_filename = "latest.tgz";
30			}
31			$autoupdateurl = "{$updater_url}/{$update_filename}";
32
33	f4feb493	Scott Ullrich	$fp = fopen('php://stdin', 'r');
34
35			echo ".\n\n";
36
37			$shell_active = true;
38
39			echo "1) Update from a URL\n";
40			echo "2) Update from a local file\n";
41			echo "Q) Quit\n";
42
43			echo "\nPlease select an option to continue: ";
44
45	1c52509c	Renato Botelho	$pkg_interface = 'console';
46	f4feb493	Scott Ullrich	$command = strtoupper(chop(fgets($fp)));
47
48			switch ($command) {
49			case "q":
50			case "quit":
51			echo "\n";
52	31210184	Scott Ullrich	fclose($fp);
53	f4feb493	Scott Ullrich	die;
54			break;
55			case "1":
56	b043503a	jim-p	echo "\nEnter the URL to the .tgz or .img.gz update file. \nType 'auto' to use {$autoupdateurl}\n> ";
57	f4feb493	Scott Ullrich	$url = chop(fgets($fp));
58	31210184	Scott Ullrich	if(!$url) {
59			fclose($fp);
60	9b5d2d24	Scott Ullrich	die;
61	31210184	Scott Ullrich	}
62	b043503a	jim-p	if($url == "auto") {
63			$url = $autoupdateurl;
64			}
65	f4feb493	Scott Ullrich	$status = does_url_exist($url);
66			if($status) {
67	8e57ecdf	Scott Ullrich	conf_mount_rw();
68	a368a026	Ermal Lu?i	mark_subsystem_dirty('firmware');
69	1c52509c	Renato Botelho	unlink_if_exists("/root/firmware.tgz");
70			echo "\nFetching file... ";
71			download_file_with_progress_bar($url, '/root/firmware.tgz');
72	1d2cc906	Scott Ullrich	if(!file_exists("/root/firmware.tgz")) {
73	e1f1691f	Scott Ullrich	echo "Something went wrong during file transfer. Exiting.\n\n";
74	31210184	Scott Ullrich	fclose($fp);
75	1c52509c	Renato Botelho	clear_subsystem_dirty('firmware');
76	e1f1691f	Scott Ullrich	die;
77			}
78	2ab2d8fb	PiBa-NL	$status = does_url_exist("$url.sha256");
79	1d2ac3a5	Scott Ullrich	if($status) {
80	1c52509c	Renato Botelho	echo "\nFetching sha256... ";
81			download_file_with_progress_bar($url . ".sha256", '/root/firmware.tgz.sha256');
82			echo "\n";
83	4cc6345e	Scott Ullrich	} else {
84			echo "\n\nWARNING.\n";
85	2ab2d8fb	PiBa-NL	echo "\nCould not locate a sha256 file. We cannot verify the download once completed.\n\n";
86	6d951458	Renato Botelho	echo "Do you still want to proceed with the upgrade [n]? ";
87			$answer = strtoupper(chop(fgets($fp)));
88			if ($answer == "Y" or $answer == "YES") {
89			echo "\nContinuing upgrade...";
90			} else {
91			echo "\nUpgrade cancelled.\n\n";
92			die;
93			}
94	1d2ac3a5	Scott Ullrich	}
95	2ab2d8fb	PiBa-NL	if(file_exists("/root/firmware.tgz.sha256")) {
96			$source_sha256 = trim(`cat /root/firmware.tgz.sha256 \| awk '{ print \$4 }'`,"\r");
97			$file_sha256 = trim(`sha256 /root/firmware.tgz \| awk '{ print \$4 }'`,"\r");
98			echo "URL sha256: $source_sha256\n";
99			echo "Downloaded file sha256: $file_sha256\n";
100			if($source_sha256 <> $file_sha256) {
101			echo "\n\nsha256 checksum does not match. Cancelling upgrade.\n\n";
102	1c52509c	Renato Botelho	unlink_if_exists("/root/firmware.tgz.sha256");
103	31210184	Scott Ullrich	fclose($fp);
104	1c52509c	Renato Botelho	clear_subsystem_dirty('firmware');
105	1d2ac3a5	Scott Ullrich	die -1;
106			}
107	2ab2d8fb	PiBa-NL	echo "\nsha256 checksum matches.\n";
108	1c52509c	Renato Botelho	unlink_if_exists("/root/firmware.tgz.sha256");
109	1d2ac3a5	Scott Ullrich	}
110	285b3e3f	Scott Ullrich	if(strstr($url,"bdiff")) {
111			echo "Binary DIFF upgrade file detected...\n";
112	0a453188	Scott Ullrich	$type = "bdiff";
113	873b2f0c	jim-p	} elseif(strstr($url,"nanobsd")) {
114			echo "NanoBSD upgrade file detected...\n";
115			$type = "nanobsd";
116	d2fdbd6f	Scott Ullrich	} else {
117	873b2f0c	jim-p	$type = "normal";
118	9875b318	Scott Ullrich	}
119	873b2f0c	jim-p	do_upgrade("/root/firmware.tgz", $type);
120	1c52509c	Renato Botelho	clear_subsystem_dirty('firmware');
121	873b2f0c	jim-p	exit;
122	11da95a6	Scott Ullrich	}
123	f4feb493	Scott Ullrich	case "2":
124	873b2f0c	jim-p	echo "\nEnter the complete path to the .tgz or .img.gz update file: ";
125	f4feb493	Scott Ullrich	$path = chop(fgets($fp));
126	31210184	Scott Ullrich	if(!$path) {
127			fclose($fp);
128	9b5d2d24	Scott Ullrich	die;
129	31210184	Scott Ullrich	}
130	3c043ca0	Scott Ullrich	if(stristr($path,"bdiff"))
131	e1aea2cd	Scott Ullrich	$type = "bdiff";
132	3c043ca0	Scott Ullrich	if(stristr($path,"nanobsd"))
133	0a453188	Scott Ullrich	$type = "nanobsd";
134	f4feb493	Scott Ullrich	if(file_exists($path)) {
135	a368a026	Ermal Lu?i	mark_subsystem_dirty('firmware');
136	e1aea2cd	Scott Ullrich	do_upgrade($path, $type);
137	1c52509c	Renato Botelho	clear_subsystem_dirty('firmware');
138	f4feb493	Scott Ullrich	} else {
139			echo "\nCould not find file.\n\n";
140	31210184	Scott Ullrich	fclose($fp);
141	f4feb493	Scott Ullrich	die -1;
142			}
143			}
144
145	e1aea2cd	Scott Ullrich	function do_upgrade($path, $type) {
146	71ed7da5	Scott Ullrich	global $g, $fp;
147
148			$sigchk = verify_digital_signature($path);
149			if ($sigchk == 1)
150			$sig_warning = "The digital signature on this image is invalid.";
151			else if ($sigchk == 2)
152			$sig_warning = "This image is not digitally signed.";
153			else if (($sigchk == 3) \|\| ($sigchk == 4))
154			$sig_warning = "There has been an error verifying the signature on this image.";
155			if($sig_warning) {
156	dbbc0fc8	Scott Ullrich	$sig_warning = "\nWARNING! ACHTUNG! DANGER!\n\n{$sig_warning}\n\n" .
157	71ed7da5	Scott Ullrich	"This means that the image you uploaded is not an official/supported image and\n" .
158			"may lead to unexpected behavior or security compromises.\n\n" .
159			"Only install images that come from sources that you trust, and make sure\n".
160			"that the image has not been tampered with.\n\n".
161			"Do you want to install this image anyway at your own risk [n]?";
162			echo $sig_warning;
163			$command = strtoupper(chop(fgets($fp)));
164			if(strtoupper($command) == "Y" or strtoupper($command) == "Y" or strtoupper($command) == "YES") {
165	7615c951	Scott Ullrich	echo "\nContinuing upgrade...";
166	71ed7da5	Scott Ullrich	} else {
167			echo "\nUpgrade cancelled.\n\n";
168			die;
169			}
170			}
171	a368a026	Ermal Lu?i	mark_subsystem_dirty('firmwarelock');
172	dfd6af96	Scott Ullrich	echo "\nOne moment please...\nInvoking firmware upgrade...";
173	873b2f0c	jim-p	if($type == "bdiff")
174	6e75ac00	Scott Ullrich	mwexec_bg("/etc/rc.firmware delta_update $path");
175	873b2f0c	jim-p	elseif($type == "nanobsd")
176	9fab6391	Scott Ullrich	mwexec_bg("/etc/rc.firmware pfSenseNanoBSDupgrade $path");
177			else
178	6e75ac00	Scott Ullrich	mwexec_bg("/etc/rc.firmware pfSenseupgrade $path");
179	b30f4ba1	Scott Ullrich	sleep(10);
180	a368a026	Ermal Lu?i	while(is_subsystem_dirty('firmwarelock')) {
181	6e75ac00	Scott Ullrich	sleep(1);
182	dfd6af96	Scott Ullrich	echo ".";
183			}
184	1a4075a9	Scott Ullrich	sleep(10);
185	6e75ac00	Scott Ullrich	echo "Done. Rebooting...\n\n";
186	a368a026	Ermal Lu?i	clear_subsystem_dirty('firmwarelock');
187	f4feb493	Scott Ullrich	}
188
189	2ab2d8fb	PiBa-NL	exec("rm -f /root/*.sha256");
190	1939b5ce	Scott Ullrich	fclose($fp);
191
192	ce387866	Ermal	?>

Project

General

Profile

pfSense