1 |
cb7d18d5
|
Renato Botelho
|
#!/usr/local/bin/php-cgi -f
|
2 |
f4feb493
|
Scott Ullrich
|
|
3 |
|
|
<?php
|
4 |
|
|
|
5 |
5b6eac01
|
Scott Ullrich
|
require("globals.inc");
|
6 |
45e63af1
|
Scott Ullrich
|
require("config.inc");
|
7 |
|
|
require("functions.inc");
|
8 |
5f2d078e
|
Scott Ullrich
|
|
9 |
5b6eac01
|
Scott Ullrich
|
echo "Starting the {$g['product_name']} console firmware update system";
|
10 |
|
|
|
11 |
f4feb493
|
Scott Ullrich
|
require("functions.inc");
|
12 |
|
|
echo ".";
|
13 |
|
|
|
14 |
086cf944
|
Phil Davis
|
if (isset($config['system']['firmware']['alturl']['enable'])) {
|
15 |
b043503a
|
jim-p
|
$updater_url = "{$config['system']['firmware']['alturl']['firmwareurl']}";
|
16 |
e173dd74
|
Phil Davis
|
} else {
|
17 |
b043503a
|
jim-p
|
$updater_url = $g['update_url'];
|
18 |
e173dd74
|
Phil Davis
|
}
|
19 |
b043503a
|
jim-p
|
|
20 |
|
|
$nanosize = "";
|
21 |
|
|
if ($g['platform'] == "nanobsd") {
|
22 |
03b56525
|
Renato Botelho
|
if (!isset($g['enableserial_force'])) {
|
23 |
b043503a
|
jim-p
|
$nanosize = "-nanobsd-vga-";
|
24 |
e173dd74
|
Phil Davis
|
} else {
|
25 |
b043503a
|
jim-p
|
$nanosize = "-nanobsd-";
|
26 |
e173dd74
|
Phil Davis
|
}
|
27 |
b043503a
|
jim-p
|
|
28 |
|
|
$nanosize .= strtolower(trim(file_get_contents("/etc/nanosize.txt")));
|
29 |
|
|
$update_filename = "latest{$nanosize}.img.gz";
|
30 |
|
|
} else {
|
31 |
|
|
$update_filename = "latest.tgz";
|
32 |
|
|
}
|
33 |
|
|
$autoupdateurl = "{$updater_url}/{$update_filename}";
|
34 |
|
|
|
35 |
f4feb493
|
Scott Ullrich
|
$fp = fopen('php://stdin', 'r');
|
36 |
|
|
|
37 |
|
|
echo ".\n\n";
|
38 |
|
|
|
39 |
|
|
$shell_active = true;
|
40 |
|
|
|
41 |
|
|
echo "1) Update from a URL\n";
|
42 |
|
|
echo "2) Update from a local file\n";
|
43 |
|
|
echo "Q) Quit\n";
|
44 |
|
|
|
45 |
|
|
echo "\nPlease select an option to continue: ";
|
46 |
|
|
|
47 |
1c52509c
|
Renato Botelho
|
$pkg_interface = 'console';
|
48 |
f4feb493
|
Scott Ullrich
|
$command = strtoupper(chop(fgets($fp)));
|
49 |
|
|
|
50 |
|
|
switch ($command) {
|
51 |
|
|
case "q":
|
52 |
|
|
case "quit":
|
53 |
|
|
echo "\n";
|
54 |
31210184
|
Scott Ullrich
|
fclose($fp);
|
55 |
f4feb493
|
Scott Ullrich
|
die;
|
56 |
|
|
break;
|
57 |
|
|
case "1":
|
58 |
b043503a
|
jim-p
|
echo "\nEnter the URL to the .tgz or .img.gz update file. \nType 'auto' to use {$autoupdateurl}\n> ";
|
59 |
f4feb493
|
Scott Ullrich
|
$url = chop(fgets($fp));
|
60 |
e173dd74
|
Phil Davis
|
if (!$url) {
|
61 |
31210184
|
Scott Ullrich
|
fclose($fp);
|
62 |
9b5d2d24
|
Scott Ullrich
|
die;
|
63 |
31210184
|
Scott Ullrich
|
}
|
64 |
e173dd74
|
Phil Davis
|
if ($url == "auto") {
|
65 |
b043503a
|
jim-p
|
$url = $autoupdateurl;
|
66 |
|
|
}
|
67 |
f4feb493
|
Scott Ullrich
|
$status = does_url_exist($url);
|
68 |
e173dd74
|
Phil Davis
|
if ($status) {
|
69 |
8e57ecdf
|
Scott Ullrich
|
conf_mount_rw();
|
70 |
a368a026
|
Ermal Lu?i
|
mark_subsystem_dirty('firmware');
|
71 |
1c52509c
|
Renato Botelho
|
unlink_if_exists("/root/firmware.tgz");
|
72 |
|
|
echo "\nFetching file... ";
|
73 |
|
|
download_file_with_progress_bar($url, '/root/firmware.tgz');
|
74 |
e173dd74
|
Phil Davis
|
if (!file_exists("/root/firmware.tgz")) {
|
75 |
e1f1691f
|
Scott Ullrich
|
echo "Something went wrong during file transfer. Exiting.\n\n";
|
76 |
31210184
|
Scott Ullrich
|
fclose($fp);
|
77 |
1c52509c
|
Renato Botelho
|
clear_subsystem_dirty('firmware');
|
78 |
e1f1691f
|
Scott Ullrich
|
die;
|
79 |
|
|
}
|
80 |
2ab2d8fb
|
PiBa-NL
|
$status = does_url_exist("$url.sha256");
|
81 |
e173dd74
|
Phil Davis
|
if ($status) {
|
82 |
1c52509c
|
Renato Botelho
|
echo "\nFetching sha256... ";
|
83 |
|
|
download_file_with_progress_bar($url . ".sha256", '/root/firmware.tgz.sha256');
|
84 |
|
|
echo "\n";
|
85 |
4cc6345e
|
Scott Ullrich
|
} else {
|
86 |
|
|
echo "\n\nWARNING.\n";
|
87 |
2ab2d8fb
|
PiBa-NL
|
echo "\nCould not locate a sha256 file. We cannot verify the download once completed.\n\n";
|
88 |
6d951458
|
Renato Botelho
|
echo "Do you still want to proceed with the upgrade [n]? ";
|
89 |
|
|
$answer = strtoupper(chop(fgets($fp)));
|
90 |
|
|
if ($answer == "Y" or $answer == "YES") {
|
91 |
|
|
echo "\nContinuing upgrade...";
|
92 |
|
|
} else {
|
93 |
|
|
echo "\nUpgrade cancelled.\n\n";
|
94 |
|
|
die;
|
95 |
|
|
}
|
96 |
1d2ac3a5
|
Scott Ullrich
|
}
|
97 |
e173dd74
|
Phil Davis
|
if (file_exists("/root/firmware.tgz.sha256")) {
|
98 |
086cf944
|
Phil Davis
|
$source_sha256 = trim(`cat /root/firmware.tgz.sha256 | awk '{ print \$4 }'`, "\r");
|
99 |
|
|
$file_sha256 = trim(`sha256 /root/firmware.tgz | awk '{ print \$4 }'`, "\r");
|
100 |
2ab2d8fb
|
PiBa-NL
|
echo "URL sha256: $source_sha256\n";
|
101 |
|
|
echo "Downloaded file sha256: $file_sha256\n";
|
102 |
e173dd74
|
Phil Davis
|
if ($source_sha256 <> $file_sha256) {
|
103 |
2ab2d8fb
|
PiBa-NL
|
echo "\n\nsha256 checksum does not match. Cancelling upgrade.\n\n";
|
104 |
1c52509c
|
Renato Botelho
|
unlink_if_exists("/root/firmware.tgz.sha256");
|
105 |
31210184
|
Scott Ullrich
|
fclose($fp);
|
106 |
1c52509c
|
Renato Botelho
|
clear_subsystem_dirty('firmware');
|
107 |
1d2ac3a5
|
Scott Ullrich
|
die -1;
|
108 |
|
|
}
|
109 |
2ab2d8fb
|
PiBa-NL
|
echo "\nsha256 checksum matches.\n";
|
110 |
1c52509c
|
Renato Botelho
|
unlink_if_exists("/root/firmware.tgz.sha256");
|
111 |
1d2ac3a5
|
Scott Ullrich
|
}
|
112 |
687631c6
|
Renato Botelho
|
if (strstr($url, "nanobsd")) {
|
113 |
873b2f0c
|
jim-p
|
echo "NanoBSD upgrade file detected...\n";
|
114 |
|
|
$type = "nanobsd";
|
115 |
d2fdbd6f
|
Scott Ullrich
|
} else {
|
116 |
873b2f0c
|
jim-p
|
$type = "normal";
|
117 |
9875b318
|
Scott Ullrich
|
}
|
118 |
873b2f0c
|
jim-p
|
do_upgrade("/root/firmware.tgz", $type);
|
119 |
1c52509c
|
Renato Botelho
|
clear_subsystem_dirty('firmware');
|
120 |
873b2f0c
|
jim-p
|
exit;
|
121 |
11da95a6
|
Scott Ullrich
|
}
|
122 |
f4feb493
|
Scott Ullrich
|
case "2":
|
123 |
873b2f0c
|
jim-p
|
echo "\nEnter the complete path to the .tgz or .img.gz update file: ";
|
124 |
f4feb493
|
Scott Ullrich
|
$path = chop(fgets($fp));
|
125 |
e173dd74
|
Phil Davis
|
if (!$path) {
|
126 |
31210184
|
Scott Ullrich
|
fclose($fp);
|
127 |
9b5d2d24
|
Scott Ullrich
|
die;
|
128 |
31210184
|
Scott Ullrich
|
}
|
129 |
086cf944
|
Phil Davis
|
if (stristr($path, "nanobsd")) {
|
130 |
e173dd74
|
Phil Davis
|
$type = "nanobsd";
|
131 |
|
|
}
|
132 |
|
|
if (file_exists($path)) {
|
133 |
a368a026
|
Ermal Lu?i
|
mark_subsystem_dirty('firmware');
|
134 |
e1aea2cd
|
Scott Ullrich
|
do_upgrade($path, $type);
|
135 |
1c52509c
|
Renato Botelho
|
clear_subsystem_dirty('firmware');
|
136 |
f4feb493
|
Scott Ullrich
|
} else {
|
137 |
|
|
echo "\nCould not find file.\n\n";
|
138 |
31210184
|
Scott Ullrich
|
fclose($fp);
|
139 |
f4feb493
|
Scott Ullrich
|
die -1;
|
140 |
|
|
}
|
141 |
|
|
}
|
142 |
|
|
|
143 |
e1aea2cd
|
Scott Ullrich
|
function do_upgrade($path, $type) {
|
144 |
71ed7da5
|
Scott Ullrich
|
global $g, $fp;
|
145 |
e173dd74
|
Phil Davis
|
|
146 |
71ed7da5
|
Scott Ullrich
|
$sigchk = verify_digital_signature($path);
|
147 |
e173dd74
|
Phil Davis
|
if ($sigchk == 1) {
|
148 |
71ed7da5
|
Scott Ullrich
|
$sig_warning = "The digital signature on this image is invalid.";
|
149 |
e173dd74
|
Phil Davis
|
} elseif ($sigchk == 2) {
|
150 |
71ed7da5
|
Scott Ullrich
|
$sig_warning = "This image is not digitally signed.";
|
151 |
e173dd74
|
Phil Davis
|
} elseif (($sigchk == 3) || ($sigchk == 4)) {
|
152 |
71ed7da5
|
Scott Ullrich
|
$sig_warning = "There has been an error verifying the signature on this image.";
|
153 |
e173dd74
|
Phil Davis
|
}
|
154 |
|
|
if ($sig_warning) {
|
155 |
dbbc0fc8
|
Scott Ullrich
|
$sig_warning = "\nWARNING! ACHTUNG! DANGER!\n\n{$sig_warning}\n\n" .
|
156 |
71ed7da5
|
Scott Ullrich
|
"This means that the image you uploaded is not an official/supported image and\n" .
|
157 |
|
|
"may lead to unexpected behavior or security compromises.\n\n" .
|
158 |
|
|
"Only install images that come from sources that you trust, and make sure\n".
|
159 |
|
|
"that the image has not been tampered with.\n\n".
|
160 |
|
|
"Do you want to install this image anyway at your own risk [n]?";
|
161 |
|
|
echo $sig_warning;
|
162 |
|
|
$command = strtoupper(chop(fgets($fp)));
|
163 |
e173dd74
|
Phil Davis
|
if (strtoupper($command) == "Y" or strtoupper($command) == "Y" or strtoupper($command) == "YES") {
|
164 |
7615c951
|
Scott Ullrich
|
echo "\nContinuing upgrade...";
|
165 |
71ed7da5
|
Scott Ullrich
|
} else {
|
166 |
|
|
echo "\nUpgrade cancelled.\n\n";
|
167 |
|
|
die;
|
168 |
|
|
}
|
169 |
|
|
}
|
170 |
a368a026
|
Ermal Lu?i
|
mark_subsystem_dirty('firmwarelock');
|
171 |
dfd6af96
|
Scott Ullrich
|
echo "\nOne moment please...\nInvoking firmware upgrade...";
|
172 |
687631c6
|
Renato Botelho
|
if ($type == "nanobsd") {
|
173 |
9fab6391
|
Scott Ullrich
|
mwexec_bg("/etc/rc.firmware pfSenseNanoBSDupgrade $path");
|
174 |
e173dd74
|
Phil Davis
|
} else {
|
175 |
6e75ac00
|
Scott Ullrich
|
mwexec_bg("/etc/rc.firmware pfSenseupgrade $path");
|
176 |
e173dd74
|
Phil Davis
|
}
|
177 |
b30f4ba1
|
Scott Ullrich
|
sleep(10);
|
178 |
e173dd74
|
Phil Davis
|
while (is_subsystem_dirty('firmwarelock')) {
|
179 |
6e75ac00
|
Scott Ullrich
|
sleep(1);
|
180 |
dfd6af96
|
Scott Ullrich
|
echo ".";
|
181 |
|
|
}
|
182 |
1a4075a9
|
Scott Ullrich
|
sleep(10);
|
183 |
6e75ac00
|
Scott Ullrich
|
echo "Done. Rebooting...\n\n";
|
184 |
a368a026
|
Ermal Lu?i
|
clear_subsystem_dirty('firmwarelock');
|
185 |
f4feb493
|
Scott Ullrich
|
}
|
186 |
|
|
|
187 |
2ab2d8fb
|
PiBa-NL
|
exec("rm -f /root/*.sha256");
|
188 |
1939b5ce
|
Scott Ullrich
|
fclose($fp);
|
189 |
|
|
|
190 |
ce387866
|
Ermal
|
?>
|