pfSense

#!/bin/sh

# $Id$

# /etc/rc - master bootup script, invokes php setup

# part of pfSense by Scott Ullrich

# Copyright (C) 2004-2010 Scott Ullrich, All rights reserved.

# originally based on m0n0wall (http://neon1.net/m0n0wall)

# Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.

# All rights reserved.

#/bin/stty status '^T'

#/bin/stty susp '^-' intr '^-' quit '^-'

#trap : 2

#trap : 3

HOME=/

PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin

export HOME PATH

# Set our operating platform

PLATFORM=`/bin/cat /etc/platform`

# Set our current version

version=`/bin/cat /etc/version`

# Setup dumpdev/ddb/savecore"

echo "Configuring crash dumps..."

if [ "$PLATFORM" = "pfSense" ]; then

	/etc/rc.dumpon

fi

if [ -e /root/force_fsck ]; then

	echo "Forcing filesystem check..."

	/sbin/fsck -y -t ufs /

	if [ "$PLATFORM" = "nanobsd" ]; then

		/sbin/fsck -y -t ufs /cf

	fi

fi

if [ -e /root/TRIM_set -o -e /root/TRIM_unset ]; then

	TUNEFS_STATUS=`/sbin/tunefs -p / 2>&1 | /usr/bin/grep trim: | /usr/bin/awk '{print $4;}'`

	if [ -e /root/TRIM_set ] && [ "${TUNEFS_STATUS}" = "disabled" ]; then

		echo "Enabling TRIM support"

		/sbin/tunefs -t enable /

		if [ "$PLATFORM" = "nanobsd" ]; then

			/sbin/tunefs -t enable /cf

		fi

		echo "Rebooting in 5 seconds after enabling TRIM..."

		sleep 5

		/sbin/reboot

	elif [ -e /root/TRIM_unset ] && [ "${TUNEFS_STATUS}" = "enabled" ]; then

		echo "Disabling TRIM support"

		/sbin/tunefs -t disable /

		if [ "$PLATFORM" = "nanobsd" ]; then

			/sbin/tunefs -t disable /cf

		fi

		echo "Rebooting in 5 seconds after disabling TRIM..."

		sleep 5

		/sbin/reboot

	fi

fi

# Mount memory file system if it exists

echo "Mounting filesystems..."

# Handle ZFS read-only case

if [ "$PLATFORM" = "pfSense" ]; then

	if [ -f /usr/bin/grep ]; then

		ZFSROOT=`/sbin/zfs mount | /usr/bin/grep ' /$' | /usr/bin/cut -d ' ' -f 1`

		if [ "$ZFSROOT" != "" ]; then

			/sbin/zfs set readonly=off $ZFSROOT

		fi

	fi

fi

if [ "${PLATFORM}" = "cdrom" ]; then

	/etc/rc.cdrom

else

	# Mount /. If it fails run a fsck.

	if [ "$PLATFORM" = "nanobsd" ]; then

		export PKG_TMPDIR=/root/

		/sbin/mount -uw / || (/sbin/fsck -y /; /sbin/fsck -y /cf; /sbin/mount -uw /)

	else 

		/sbin/mount -a || (/sbin/fsck -y /; /sbin/mount -a)

	fi

	# If /conf is a directory, convert it to a symlink to /cf/conf

	if [ -d "/conf" ]; then

		# If item is not a symlink then rm and recreate

		CONFPOINTSTO=`readlink /conf` 

		if ! test "x$CONFPOINTSTO" = "x/cf/conf"; then 

			/bin/rm -rf /conf

			/bin/ln -s /cf/conf /conf

		fi

	fi

	if [ ! "$PLATFORM" = "jail" ]; then

		# Check to see if a compact flash mountpoint exists

		# If it fails to mount then run a fsck -y

		if grep -q cf /etc/fstab; then

			/sbin/mount -w /cf 2>/dev/null

			/sbin/mount -uw /cf || \

				(/sbin/umount /cf; /sbin/fsck -y /cf; /sbin/mount -w /cf)

		fi

	fi

	USE_MFS_TMPVAR=`/usr/bin/grep -c use_mfs_tmpvar /cf/conf/config.xml`

	if [ "${PLATFORM}" = "nanobsd" ] || [ "${PLATFORM}" = "embedded" ] || [ ${USE_MFS_TMPVAR} -gt 0 ]; then

		/etc/rc.embedded

	fi

fi

/bin/rm -f /root/force_fsck

/bin/rm -f /root/TRIM_set

/bin/rm -f /root/TRIM_unset

# Disable APM on ATA drives. Leaving this on will kill drives long-term, especially laptop drives, by generating excessive Load Cycles.

if [ -f /etc/rc.disable_hdd_apm ]; then

	/etc/rc.disable_hdd_apm

fi

#Eject CD devices on 3G modems

MANUFACTURER="huawei|zte"

CDDEVICE=`dmesg |egrep -ie "($MANUFACTURER)" | awk -F: '/cd/ {print $1}'`

if [ "$CDDEVICE" != "" ]; then

	cdcontrol -f /dev/"$CDDEVICE" eject

fi

# sync pw database after mount.

rm -f /etc/spwd.db.tmp

/usr/sbin/pwd_mkdb -d /etc/ /etc/master.passwd

product=`/usr/bin/grep product_name /etc/inc/globals.inc | /usr/bin/cut -d'"' -f4`

hideplatform=`/usr/bin/grep hideplatform /etc/inc/globals.inc | /usr/bin/wc -l`

varrunpath=`/usr/bin/grep varrun_path /etc/inc/globals.inc | /usr/bin/cut -d'"' -f4`

if [ "$PLATFORM" = "pfSense" ] && [ ${USE_MFS_TMPVAR} -eq 0 ]; then

	/sbin/mdmfs -S -M -s 4m md $varrunpath

fi

if [ "$hideplatform" -gt "0" ]; then

	platformbanner="" # hide the platform

else

	platformbanner=" on the '${PLATFORM}' platform"

fi

echo

cat /etc/ascii-art/pfsense-logo-small.txt

echo

echo

echo "Welcome to ${product} ${version} ${platformbanner} ..."

echo

if [ ! "$PLATFORM" = "jail" ]; then

	# Enable console output if its muted.

	/sbin/conscontrol mute off >/dev/null

fi

if [ "$PLATFORM" = "cdrom" ] ; then

	# do nothing for cdrom platform

elif [ "$PLATFORM" = "embedded" ] ; then

    # do nothing for embedded platform

elif [ "$PLATFORM" = "nanobsd" ] || [ ${USE_MFS_TMPVAR} -gt 0 ]; then

	# Ensure that old-style PKG packages can be persistent across reboots

	/bin/mkdir -p /root/var/db/pkg

	/bin/rm -rf /var/db/pkg

	/bin/ln -s /root/var/db/pkg/ /var/db/pkg

	# Ensure that PBI packages can be persistent across reboots

	/bin/mkdir -p /root/var/db/pbi

	/bin/rm -rf /var/db/pbi

	/bin/ln -s /root/var/db/pbi/ /var/db/pbi

elif [ "$PLATFORM" = "jail" ]; then

	# do nothing for jail platform

else

	SWAPDEVICE=`/bin/cat /etc/fstab | /usr/bin/grep swap | /usr/bin/cut -f1`

	/sbin/swapon -a 2>/dev/null >/dev/null

	/etc/rc.savecore

	if [ -d /root/var/db/pkg ]; then

		# User must have just disabled RAM disks, move these back into place.

		/bin/mkdir -p /var/db/pkg

		/bin/mv /root/var/db/pkg /var/db/pkg

		/bin/mkdir -p /var/db/pbi

		/bin/mv /root/var/db/pkg /var/db/pbi

	fi

fi

if [ "$PLATFORM" = "cdrom" ] ; then

	echo -n "Mounting unionfs directories..."

	/bin/mkdir /tmp/unionfs

	/bin/mkdir /tmp/unionfs/usr

	/bin/mkdir /tmp/unionfs/root

	/bin/mkdir /tmp/unionfs/sbin

	/bin/mkdir /tmp/unionfs/bin

	/bin/mkdir /tmp/unionfs/boot

	/bin/mkdir /tmp/unionfs/confdefault

	/sbin/mount_unionfs /tmp/unionfs/usr /usr/

	/sbin/mount_unionfs /tmp/unionfs/root /root/

	/sbin/mount_unionfs /tmp/unionfs/bin /bin/		

	/sbin/mount_unionfs /tmp/unionfs/sbin /sbin/	

	/sbin/mount_unionfs /tmp/unionfs/boot /boot/

	/sbin/mount_unionfs /tmp/unionfs/confdefault /conf.default/

	echo "done."

fi

# make some directories in /var

/bin/mkdir -p $varrunpath /var/log /var/etc /var/db/entropy /var/at/jobs/ /var/empty 2>/dev/null

/bin/rm -rf $varrunpath/*

if [ "$PLATFORM" != "pfSense" ]; then

	/bin/rm /var/log/* 2>/dev/null

fi

# Cleanup configuration files from previous instance

/bin/rm -rf /var/etc/*

/bin/rm -rf /var/tmp/*

echo -n "Creating symlinks..."

# Make sure symlink is correct on embedded

if [ "$PLATFORM" = "embedded" ] ; then

	/bin/rm /conf

	/bin/ln -s /cf/conf/ /conf

fi

# Make sure symlink is correct on nanobsd

if [ "$PLATFORM" = "nanobsd" ] ; then

	/bin/rm /conf

	/bin/ln -s /cf/conf/ /conf

fi

# Repair symlinks if they are broken

if [ -f /etc/newsyslog.conf ]; then

	/bin/rm -f /etc/newsyslog.conf

fi

if [ ! -L /etc/syslog.conf ]; then

	/bin/rm -rf /etc/syslog.conf

	if [ ! -f /var/etc/syslog.conf ]; then

		touch /var/etc/syslog.conf

	fi

	/bin/ln -s /var/etc/syslog.conf /etc/syslog.conf

fi

# Repair symlinks if they are broken

if [ ! -L /etc/hosts ]; then

	/bin/rm -rf /etc/hosts

	/bin/ln -s /var/etc/hosts /etc/hosts

fi

if [ ! -L /etc/resolv.conf ]; then

    /bin/rm -rf /etc/resolv.conf

    /bin/ln -s /var/etc/resolv.conf /etc/resolv.conf

fi

# Setup compatibility link for packages that

# have trouble overriding the PREFIX configure

# argument since we build our packages in a

# separated PREFIX area

# Only create if symlink does not exist. 

if [ ! -h /tmp/tmp ]; then

    /bin/ln -hfs / /tmp/tmp

fi

# Make sure our /tmp is 777 + Sticky

if [ ! "$PLATFORM" = "cdrom" ] ; then

	/bin/rm -rf /tmp/*

fi

/bin/chmod 1777 /tmp

if [ ! "$PLATFORM" = "cdrom" ] ; then

	# Malloc debugging check

	if [ -L /etc/malloc.conf ]; then

	    #ln -s aj /etc/malloc.conf

		/bin/rm /etc/malloc.conf

	fi

fi

if [ ! -L /etc/dhclient.conf ]; then

    /bin/rm -rf /etc/dhclient.conf

fi

if [ ! -d /var/tmp ]; then

	/bin/mkdir -p /var/tmp

fi

if [ ! -d /cf/conf/backup/ ]; then

	/bin/mkdir -p /cf/conf/backup/ 

fi

set -T

trap "echo 'Reboot interrupted'; exit 1" 3

# Remove old nameserver resolution files

/bin/rm -f /var/etc/nameserver*

# Create uploadbar tmp directory

/bin/mkdir -p /tmp/uploadbar

/bin/chmod 0777 /tmp/uploadbar

echo -n "."

DISABLESYSLOGCLOG=`/usr/bin/grep -c disablesyslogclog /cf/conf/config.xml`

ENABLEFIFOLOG=`/usr/bin/grep -c usefifolog /cf/conf/config.xml`

LOG_FILES="system filter dhcpd vpn pptps poes l2tps openvpn portalauth ipsec ppp relayd wireless lighttpd ntpd gateways resolver routing"

DEFAULT_LOG_FILE_SIZE=`/usr/local/bin/xmllint --xpath 'string(//pfsense/syslog/logfilesize)' /conf/config.xml`

if [ ! ${DEFAULT_LOG_FILE_SIZE} ]; then

	DEFAULT_LOG_FILE_SIZE=511488

fi

for logfile in $LOG_FILES; do

	if [ "$DISABLESYSLOGCLOG" -gt "0" ]; then 

		/usr/bin/touch /var/log/$logfile.log

	else 

		if [ ! -f /var/log/$logfile.log ]; then

			if [ "$ENABLEFIFOLOG" -gt "0" ]; then

				# generate fifolog files

				/usr/sbin/fifolog_create -s ${DEFAULT_LOG_FILE_SIZE} /var/log/$logfile.log

			else 

				/usr/sbin/clog -i -s ${DEFAULT_LOG_FILE_SIZE} /var/log/$logfile.log

			fi

		fi

	fi 

done

# change permissions on newly created fifolog files.

/bin/chmod 0600 /var/log/*.log

echo -n "."

if [ ! "$PLATFORM" = "jail" ]; then

	DEVFS=`/sbin/mount | /usr/bin/grep devfs | /usr/bin/wc -l | /usr/bin/cut -d" " -f8`

	if [ "$DEVFS" = "0" ]; then

		mount_devfs devfs /dev

	fi

fi

# Create an initial utmp file

cd $varrunpath && /bin/cp /dev/null utmp && /bin/chmod 644 utmp

echo -n "."

/sbin/ldconfig -elf /usr/lib /usr/local/lib /lib

# Make sure /etc/rc.conf doesn't exist.

if [ -f /etc/rc.conf ]; then

    /bin/rm -rf /etc/rc.conf

fi

if [ ! "$PLATFORM" = "jail" ]; then

	# Launching kbdmux(4)

	if [ -f "/dev/kbdmux0" ]; then

		echo -n "."

		/usr/sbin/kbdcontrol -k /dev/kbdmux0 < /dev/console

		[ -c "/dev/atkbd0" ] && kbdcontrol -a atkbd0 < /dev/console

		[ -c "/dev/ukbd0" ] && kbdcontrol -a ukbd0 < /dev/console

	fi

	# Fire up unionfs if mount points exist.

	if [ -f /dist/uniondirs ]; then

		echo -n "."

		/etc/rc.d/unionfs start

	fi

fi

echo "done."

# Ensure gettytab is of a sane size

if [ `/bin/ls -la /etc/gettytab | /usr/bin/awk '{ print $5'}` -lt 512 ]; then

	echo ">>> Restoring /etc/gettytab due to unusal size"

	echo ">>> Restoring /etc/gettytab due to unusal size" | /usr/bin/logger

	/bin/cp /etc/gettytab.bak /etc/gettytab

fi

# Recreate capabilities DB

/usr/bin/cap_mkdb /etc/login.conf

# Run the php.ini setup file and populate

# /usr/local/etc/php.ini and /usr/local/lib/php.ini

/etc/rc.php_ini_setup 2>/tmp/php_errors.txt

/usr/local/sbin/php-fpm -c /usr/local/lib/php.ini -y /usr/local/lib/php-fpm.conf -RD 2>&1 >/dev/null

# Launch external configuration loader for supported platforms

if [ "$PLATFORM" = "embedded" ]; then

	/usr/local/sbin/fcgicli -f /etc/ecl.php

fi

# Launch external configuration loader for supported platforms

if [ "$PLATFORM" = "nanobsd" ]; then

	/usr/local/sbin/fcgicli -f /etc/ecl.php

fi

# Launch external configuration loader for supported platforms

if [ "$PLATFORM" = "pfSense" ]; then

	/usr/local/sbin/fcgicli -f /etc/ecl.php

fi

if [ -f /etc/rc.custom_boot_early ]; then

	/bin/echo -n "Launching /etc/rc.custom_boot_early...";

	/etc/rc.custom_boot_early

	echo "Done"

fi

export fcgipath=/var/run/php-fpm.socket

/usr/bin/nice -n20 /usr/local/sbin/check_reload_status

# let the PHP-based configuration subsystem set up the system now

echo -n "Launching the init system..."

/bin/rm -f /cf/conf/backup/backup.cache

/bin/rm -f /root/lighttpd*

/usr/bin/touch $varrunpath/booting

/etc/rc.bootup

# /etc/rc.bootup unset $g['booting'], remove file right now to be

# consistent

/bin/rm $varrunpath/booting

# If a shell was selected from recovery 

# console then just drop to the shell now.

if [ -f "/tmp/donotbootup" ]; then

	echo "Dropping to recovery shell."

	exit 0

fi

echo -n "Starting CRON... "

cd /tmp && /usr/sbin/cron -s 2>/dev/null

echo "done."

# Start packages

/usr/local/sbin/fcgicli -f /etc/rc.start_packages

/bin/rm -rf /usr/local/pkg/pf/CVS

# Start ping handler every 240 seconds

/usr/local/bin/minicron 240 $varrunpath/ping_hosts.pid /usr/local/bin/ping_hosts.sh

# Start account expire handler every hour

/usr/local/bin/minicron 3600 $varrunpath/expire_accounts.pid '/usr/local/sbin/fcgicli -f /etc/rc.expireaccounts'

# Start alias url updater every 24 hours

/usr/local/bin/minicron 86400 $varrunpath/update_alias_url_data.pid '/usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data'

/bin/chmod a+rw /tmp/.

echo "Bootup complete"

/usr/local/bin/beep.sh start 2>&1 >/dev/null

# Reset the cache.  read-only requires this.

/bin/rm -f /tmp/config.cache

exit 0