pfSense

#!/bin/sh

# $Id$

# /etc/rc.firmware

# part of m0n0wall (http://neon1.net/m0n0wall)

# Copyright (C) 2005-2009 Scott Ullrich <sullrich@pfsense.org>.

# Copyright (C) 2003 Manuel Kasper <mk@neon1.net>.

# All rights reserved.

#CFDEVICE=`cat /var/etc/cfdevice`

exec 3>&2 2>>/cf/firmware_update.log

export ACTION=$1

export IMG=$2

if [ $# -eq 3 ]; then

	export CUSTOMIMG=$3

fi

if [ $ACTION != "upgrade" ]; then

	/sbin/umount -f /ftmp > /dev/null 2>&1

fi

backup_chflags() {

	TOPROCESS="bin lib libexec sbin usr"

	for files in $TOPROCESS; do

		/usr/sbin/mtree -Pcp /${files} | bzip2 -9 > /tmp/chflags.dist.${files}.bz2 | logger -p daemon.info -i -t UpgradeFlags

	done

}

restore_chflags() {

	TOPROCESS="bin lib libexec sbin usr"

	for files in $TOPROCESS; do

		cd / && /usr/bin/bzcat /tmp/chflags.dist.${files}.bz2 | /usr/sbin/mtree -PU -p /${files} | logger -p daemon.info -i -t UpgradeFlags

	done

}

remove_chflags() {

	TOPROCESS="bin lib libexec sbin usr"

	for files in $TOPROCESS; do

		/bin/chflags -R noschg /${files}

		/bin/chmod -R u+rw /${files}

	done

}

binary_update() {

	TGZ=$1

	ERR_F="/tmp/bdiff.log"

	rm ${ERR_F} 2>/dev/null

	/bin/mkdir /tmp/patched /tmp/patches 2>>${ERR_F}

	backup_chflags

	remove_chflags

	cd /tmp/patches

	for i in `/usr/bin/tar tvzf $TGZ | egrep -v "(^d|_md5)" | nawk '{print $9;}'`;

	 do

	   FILE=`basename ${i}`

	   echo "Working on ${i}"

	   # Untar patch file and md5 files

	   /usr/bin/tar xzf ${TGZ} ${i} ${i}.old_file_md5 ${i}.new_patch_md5 ${i}.new_file_md5 2>>${ERR_F}

	   # Apply patch - oldfile newfile patchfile

	   /usr/local/bin/bspatch /${i} /tmp/patched/${FILE} /tmp/patches/${i} 2>>${ERR_F}

	   OLD_FILE_MD5=`cat /tmp/patches/${i}.old_file_md5 2>/dev/null`

	   NEW_PATCH_MD5=`cat /tmp/patches/${i}.new_patch_md5 2>/dev/null`

	   NEW_FILE_MD5=`cat /tmp/patches/${i}.new_file_md5 2>/dev/null`

	   PATCHED_MD5=`/sbin/md5 -q /tmp/patched/${FILE} 2>/dev/null`

	   if [ "$PATCHED_MD5" = "$NEW_PATCH_MD5" ]; then

		/usr/bin/install -S  /tmp/patched/${FILE} /${i}

	   else

		#echo "${i} file does not match intended final md5."

		echo "${i} file does not match intended final md5." >> ${ERR_F}

	   fi

	   /bin/rm /tmp/patched/${FILE} >> ${ERR_F}

	   /bin/rm /tmp/patches/${i} >> ${ERR_F}

	   /bin/rm /tmp/patches/${i}.* >> ${ERR_F}

	done

	/bin/rm -rf /tmp/patched /tmp/patches >> ${ERR_F}

	restore_chflags

}

case $ACTION in

enable)

	#/sbin/mount_mfs -s 15360 -T qp120at -b 8192 -f 1024 dummy /ftmp \

	#	> /dev/null 2>&1

	;;

auto)

	touch /var/run/firmware.lock

	backup_chflags

	remove_chflags

	/etc/rc.firmware_auto

	restore_chflags

	;;

upgrade)

	touch /var/run/firmware.lock

	# wait 5 seconds before beginning

	sleep 5

	backup_chflags

	remove_chflags

	exec </dev/console >/dev/console 2>/dev/console

	echo

	echo "Firmware upgrade in progress..."  | logger -p daemon.info -i -t Upgrade

	echo "Firmware upgrade in progress..." | wall

	# backup config

	mkdir /tmp/configbak

	cp -p /conf/* /tmp/configbak

	# unmount /cf

	/sbin/umount -f /cf

	# dd image onto card

	if [ -r $IMG ]; then

		/usr/bin/gunzip -S "" -c $IMG | dd of=/dev/r$CFDEVICE bs=16k > /dev/null 2>&1

		echo "Image installed."

	fi

	# mount /cf

	/sbin/mount -w -o noatime /cf

	# restore config

	cp -p /tmp/configbak/* /conf

	restore_chflags

	rm -f /var/run/firmware.lock

        /bin/sync

        sleep 5

	echo "Done."

	# If /tmp/post_upgrade_command exists after update

	# then execute the command.

	if [ -f /tmp/post_upgrade_command ]; then

		sh /tmp/post_upgrade_command

	fi

	# If the archive has unpacked a file called

	# /tmp/no_upgrade_reboot_required then do

	# not reboot after upgrade.

	if [ -f /tmp/no_upgrade_reboot_required ]; then

		rm /tmp/no_upgrade_reboot_required

	else

		rm -f /var/run/config.lock

		sh /etc/rc.reboot

	fi

	;;

pfSenseNanoBSDupgrade)

	# Sanity check - bail early if there's no firmware file!

	if [ ! -r $IMG ]; then

		echo "2nd parameter has not been passed or file does not exist. Exiting." | logger -p daemon.info -i -t Upgrade

		exit 1

	fi

	touch /var/run/firmware.lock

	echo "Firmware upgrade in progress..."  | logger -p daemon.info -i -t Upgrade

	# mount /cf

	/etc/rc.conf_mount_rw

	# backup config

	/bin/mkdir -p /tmp/configbak

	cp -p /conf/* /tmp/configbak 2>/dev/null

	touch /cf/upgrade_log.txt

	echo "" >> /cf/upgrade_log.txt

	echo "Installing $IMG." | logger -p daemon.info -i -t Upgrade

	echo "Installing $IMG." >> /cf/upgrade_log.txt

	# resolve glabel label that we booted from

	BOOT_DEVICE=`/sbin/mount | /usr/bin/grep pfsense | /usr/bin/cut -d'/' -f4 | /usr/bin/cut -d' ' -f1`

	# resolve glabel to the real boot dev entry

	REAL_BOOT_DEVICE=`/sbin/glabel list | /usr/bin/grep -B2 ufs/${BOOT_DEVICE} | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' '`

	# grab the boot device, example ad1, ad0

	BOOT_DRIVE=`/sbin/glabel list | /usr/bin/grep -B2 ufs/pfsense | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' ' | /usr/bin/cut -d's' -f1`

	# test the slice.  if we are on slice 1 we need to flash 2 and vica versa

	if [ `echo $REAL_BOOT_DEVICE | /usr/bin/grep "s1"` ]; then 

		SLICE="2"

		OLDSLICE="1"

		TOFLASH="${BOOT_DRIVE}s${SLICE}"

		COMPLETE_PATH="${BOOT_DRIVE}s${SLICE}a"

		GLABEL_SLICE="pfsense1"

	else

		SLICE="1"

		OLDSLICE="2"		

		TOFLASH="${BOOT_DRIVE}s${SLICE}"

		COMPLETE_PATH="${BOOT_DRIVE}s${SLICE}a"

		GLABEL_SLICE="pfsense0"		

	fi

	echo "SLICE $SLICE" >> /cf/upgrade_log.txt

	echo "OLDSLICE $OLDSLICE" >> /cf/upgrade_log.txt

	echo "TOFLASH $TOFLASH" >> /cf/upgrade_log.txt

	echo "COMPLETE_PATH $COMPLETE_PATH" >> /cf/upgrade_log.txt

	echo "GLABEL_SLICE $GLABEL_SLICE" >> /cf/upgrade_log.txt

	echo "" >> /cf/upgrade_log.txt

	ls -lah $IMG >> /cf/upgrade_log.txt

	echo "" >> /cf/upgrade_log.txt

	mount >> /cf/upgrade_log.txt

	echo "" >> /cf/upgrade_log.txt

	top >> /cf/upgrade_log.txt

	# Foot shooting is fun!

	echo "" >> /cf/upgrade_log.txt

	echo "/sbin/sysctl kern.geom.debugflags=16" >> /cf/upgrade_log.txt

	/sbin/sysctl kern.geom.debugflags=16 >> /cf/upgrade_log.txt 2>&1

	# Remove TOFLASH and get ready for new flash image

	echo "" >> /cf/upgrade_log.txt

	echo "dd if=/dev/zero of=/dev/${TOFLASH} bs=1m count=1" >> /cf/upgrade_log.txt	

	dd if=/dev/zero of=/dev/${TOFLASH} bs=1m count=1 >> /cf/upgrade_log.txt 2>&1

	# Stream gzipped image to dd and explode image to new area

	echo "" >> /cf/upgrade_log.txt

	echo "/usr/bin/gunzip -S "" -c $IMG | /bin/dd of=/dev/${TOFLASH} bs=16k" >> /cf/upgrade_log.txt

	/usr/bin/gunzip -S "" -c $IMG | /bin/dd of=/dev/${TOFLASH} bs=16k >> /cf/upgrade_log.txt 2>&1

	# Ensure that our new system is sound and bail if it is not and file a notice

	echo "" >> /cf/upgrade_log.txt

	echo "/sbin/fsck_ffs -y /dev/$COMPLETE_PATH" >> /cf/upgrade_log.txt

	/sbin/fsck_ffs -y /dev/$COMPLETE_PATH >> /cf/upgrade_log.txt 2>&1

	if [ $? != 0 ]; then

		/usr/local/bin/php -q -d auto_prepend_file=config.inc <<ENDOFF

		<?php

			require_once("globals.inc");		

			require_once("functions.inc");

			file_notice("UpgradeFailure", "{\$g['product_name']} upgrade has failed.   Your system has been left in a usable state.", "UpgradeFailure", "");

		?>

ENDOFF

		rm /var/run/firmware.lock

		exit 1

	fi

	# Add back the corresponding glabel

	echo "" >> /cf/upgrade_log.txt

	echo "/sbin/tunefs -L pfsense${GLABEL_SLICE} /dev/$COMPLETE_PATH" >> /cf/upgrade_log.txt

	/sbin/tunefs -L ${GLABEL_SLICE} /dev/$COMPLETE_PATH >> /cf/upgrade_log.txt 2>&1

	echo "" >> /cf/upgrade_log.txt

	echo "/usr/sbin/boot0cfg -s ${SLICE} -v /dev/${BOOT_DRIVE}" >> /cf/upgrade_log.txt

	/usr/sbin/boot0cfg -s ${SLICE} -v /dev/${BOOT_DRIVE} >> /cf/upgrade_log.txt 2>&1

	# restore config

	cp -p /tmp/configbak/* /conf 2>/dev/null

	# Remove upgrade file

	rm -f $IMG

	mkdir /tmp/$COMPLETE_PATH

	mount /dev/$COMPLETE_PATH /tmp/$COMPLETE_PATH

	# If /tmp/$TOFLASH/tmp/post_upgrade_command exists 

	# after update then execute the command.

	if [ -f /tmp/$TOFLASH/tmp/post_upgrade_command ]; then

		sh /tmp/$TOFLASH/tmp/post_upgrade_command >> /cf/upgrade_log.txt 2>&1

	fi

	# Update fstab

	sed -i "" "s/pfsense${OLDSLICE}/pfsense${SLICE}/g" /tmp/$TOFLASH/etc/fstab

	echo "" >> /cf/upgrade_log.txt

	cat /tmp/$TOFLASH/etc/fstab >> /cf/upgrade_log.txt

	umount /tmp/$TOFLASH

	# remount /cf ro

	rm -rf /etc/rc.conf

	rm -rf /etc/motd

	find / -name CVS -type d -exec rm {} \;

	rm -rf /usr/savecore/*

	/etc/rc.conf_mount_ro

	rm -f /var/run/firmware.lock

	/bin/sync

	echo "Done." | logger -p daemon.info -i -t Upgrade

	sh /etc/rc.reboot

	;;

pfSenseupgrade)

	# Sanity check - bail early if there's no firmware file!

	if [ ! -r $IMG ]; then

		echo "2nd parameter has not been passed or file does not exist. Exiting." | logger -p daemon.info -i -t Upgrade

		exit

	fi

	# wait 1 seconds before beginning

	sleep 1

	touch /var/run/firmware.lock

	backup_chflags

	remove_chflags

	# Do we have a pre-upgrade hook in the update file?

	if [ `tar tvzf $IMG | grep /tmp/pre_upgrade_command | wc -l` -gt 0 ]; then 

		tar xzvf $IMG -C / ./tmp/pre_upgrade_command

		chmod a+rx /tmp/pre_upgrade_command

		sh /tmp/pre_upgrade_command

	fi

	#exec </dev/console >/dev/console 2>/dev/console

	echo "Firmware upgrade in progress..."  | logger -p daemon.info -i -t Upgrade

	# backup config

	/bin/mkdir -p /tmp/configbak

	cp -p /conf/* /tmp/configbak 2>/dev/null

	# mount /cf

	/etc/rc.conf_mount_rw

	/sbin/mount -w -o noatime /cf 2>/dev/null

	/sbin/mount -w -o noatime /   2>/dev/null

	# tar explode image onto hd

	echo "Installing $IMG." | logger -p daemon.info -i -t Upgrade

	cd / && /usr/bin/tar xzUPf $IMG | logger -p daemon.info -i -t Upgrade

	/usr/bin/find / -name CVS -exec rm -fr {} \;

	echo "Image installed $IMG." | logger -p daemon.info -i -t Upgrade

    # process custom image if its passed

    if [ $# -eq 3 ]; then

	    if [ -f $CUSTOMIMG ]; then

	        echo "Custom image $CUSTOMIMG found." | logger -p daemon.info -i -t Upgrade

	        echo "Custom image ($CUSTOMIMG) found."

	        PWD_DIR=`pwd`

	        cd / && /usr/bin/tar xzPUf $CUSTOMIMG | logger -p daemon.info -i -t Upgrade

	        cd $PWD_DIR

	        echo "Custom image $CUSTOMIMG installed." | logger -p daemon.info -i -t Upgrade

	    fi

    fi

	# restore config

	cp -p /tmp/configbak/* /conf 2>/dev/null

	# restore /etc symlinks

	rm /etc/hosts

	ln -s /var/etc/hosts /etc/hosts

	restore_chflags

	# Remove upgrade file

	rm -f $IMG

	if [ -e /etc/init_bootloader.sh ]; then

		sh /etc/init_bootloader.sh

	fi

	# If /tmp/post_upgrade_command exists after update

	# then execute the command.

	if [ -f /tmp/post_upgrade_command ]; then

		sh /tmp/post_upgrade_command

	fi

	# remount /cf ro

	rm -rf /etc/rc.conf

	rm -rf /etc/motd

	find / -name CVS -type d -exec rm {} \;

	rm -rf /usr/savecore/*

	/etc/rc.conf_mount_ro

	/sbin/umount -f /cf 2>/dev/null

	/sbin/mount -r /cf 2>/dev/null

	/sbin/umount -f / 2>/dev/null

	/sbin/mount -r / 2>/dev/null

	sleep 3

	rm -f /var/run/firmware.lock

	/bin/sync

	sleep 2

	echo "Done." | logger -p daemon.info -i -t Upgrade

	# If the archive has unpacked a file called

	# /tmp/no_upgrade_reboot_required then do

	# not reboot after upgrade.

	if [ -f /tmp/no_upgrade_reboot_required ]; then

		rm /tmp/no_upgrade_reboot_required

	else

		rm -f /var/run/config.lock

		sh /etc/rc.reboot

	fi

	;;

delta_update)

	touch /var/run/firmware.lock

	backup_chflags

	remove_chflags

	binary_update $IMG

	restore_chflags

	rm -rf /etc/rc.conf

	rm -rf /etc/motd

	find / -name CVS -type d -exec rm {} \;

	rm -rf /usr/savecore/*

	/etc/rc.conf_mount_ro

	/sbin/umount -f /cf 2>/dev/null

	/sbin/mount -r /cf 2>/dev/null

	/sbin/umount -f / 2>/dev/null

	/sbin/mount -r / 2>/dev/null

	if [ -e /etc/init_bootloader.sh ]; then

		sh /etc/init_bootloader.sh

	fi

	;;

esac