forked from billm/pfsense-tools-centipede-slbd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
update_to_XXX.sh
executable file
·286 lines (259 loc) · 6.76 KB
/
update_to_XXX.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
#!/bin/sh
# pfSense generic upgrade script
# (C)2006 Scott Ullrich
# All rights reserved.
# This script will aide in upgrading
# to a newer pfSense version
# set -e -x
# -- SETABLE VARIABLES
# Previous version
PREVIOUS_VERSION="RC2"
# New version
TARGET_VERSION="RC2i"
# Set to 1 to force a kernel update and reboot
KERNEL_UPDATE_NEEDED=0
# Set to 1 if the ruleset will change after update
RULESET_CHANGES=0
# Where will the updates be stored
PATH_TO_UPDATE="http://www.pfsense.com/~sullrich"
# Strict upgrades needed. RC2a -> RC2b only, etc.
# Set to 1 to enable otherwise loose mode is implied.
STRICT_UPGRADE_NEEDED=0
# -- NO SETABLE VARIABLES BEYOND THIS POINT!
# Read in platform variable
PLATFORM=`cat /etc/platform`
# Read in version variable
VERSION=`cat /etc/version`
# Platform independent updates should be formatted as:
# ${PATH_TO_UPDATE}/$TARGET_VERSION.tgz
# Kernel updates should be formatted as:
# ${PATH_TO_UPDATE}/${TARGET_VERSION}_${PLATFORM}_kernel.tgz
shutdown_webserver() {
killall lighttpd
}
restart_webserver() {
/etc/rc.restart_webgui
}
ensure_exists() {
touch /usr/local/etc/php.ini
touch /usr/local/lib/php/extensions/no-debug-non-zts-20020429/apc.so
}
remove_old() {
rm -f /usr/local/lib/php/extensions/no-debug-non-zts-20020429/upload_progress_tracking.so
rm -f /usr/local/lib/php/extensions/no-debug-non-zts-20020429/bandaid.so
}
handle_arguments() {
# XXX: todo
}
restore_backups() {
echo
echo " *** Something bad happened. Aborting!"
echo
echo "Restoring backup..."
/etc/rc.conf_mount_rw
tar xzvpf /tmp/backup.tgz -C /
if [ $KERNEL_UPDATE_NEEDED -gt 0 ]; then
echo "Restoring kernel backup..."
tar xzvpf /tmp/backup_kernel.tgz -C /
fi
echo "Going read only..."
/etc/rc.conf_mount_ro
echo -n "Reloading filter..."
/etc/rc.filter_configure
pfctl -f /tmp/rules.debug
echo "done."
echo "Script exiting due to errors."
restart_webserver
exit
}
backup() {
echo "Backing up the files before we upgrade..."
(cd / && fetch -q -o - ${PATH_TO_UPDATE}/$TARGET_VERSION.tgz \
| tar tvzpf - | awk '{ print $9 }' | tar czvfp /tmp/backup.tgz -T -)
if [ $? -ne 0 ]; then
echo "ERROR! Could not create backup. Exiting."
restart_webserver
exit
fi
}
backup_kernel() {
if [ $KERNEL_UPDATE_NEEDED -gt 0 ]; then
echo "Kernel update needed for ${PLATFORM} platform, backing up..."
(cd / && fetch -q -o - ${PATH_TO_UPDATE}/${TARGET_VERSION}_${PLATFORM}_kernel.tgz \
| tar tvzpf - | awk '{ print $9 }' | tar czvfp /tmp/backup_kernel.tgz -T -)
if [ $? -ne 0 ]; then
echo "ERROR! Could not create backup. Exiting."
restart_webserver
exit
fi
fi
}
update() {
echo "Now pulling down the update file, please wait..."
fetch -q -o - ${PATH_TO_UPDATE}/$TARGET_VERSION.tgz | tar xzvpf - -U -C /
if [ $? -ne 0 ]; then
restore_backups
fi
}
update_kernel() {
if [ $KERNEL_UPDATE_NEEDED -gt 0 ]; then
echo "Now pulling down the kernel update file, please wait..."
fetch -q -o - ${PATH_TO_UPDATE}/${TARGET_VERSION}_${PLATFORM}_kernel.tgz \
| tar xzvpf - -U -C /
fi
if [ $? -ne 0 ]; then
restore_backups
fi
}
reload_filter() {
echo -n "Reloading filter... "
cp /tmp/rules.debug /tmp/rules.debug.before_update
/etc/rc.filter_configure
TARGET_CHECKSUM=`md5 /tmp/rules.debug`
if [ $RULESET_CHANGES -gt 0 ]; then
if [ "$PREVIOUS_CHECKSUM" != "$TARGET_CHECKSUM" ]; then
echo "*** rule difference detected. ***"
echo "*** Notice *** Filter rules appear to be different now!"
echo " This may be normal if pfSense fixed a filter rule bug."
echo " If you experience problems, run this command to restore"
echo " the previous version: tar xzvpf /tmp/backup.tgz -C /"
else
echo "done"
fi
else
echo "done"
fi
}
test_filter_status() {
echo -n "Ensuring that new filter set is sane..."
pfctl -f /tmp/rules.debug
if [ $? -ne 0 ]; then
restore_backups
else
echo " done."
echo "You are now updated to $TARGET_VERSION"
echo $TARGET_VERSION > /etc/version
fi
}
rw() {
echo -n "Making sure we are rw... "
/etc/rc.conf_mount_rw
PREVIOUS_CHECKSUM=`md5 /tmp/rules.debug`
echo "done"
}
ro() {
echo -n "Making sure we are ro... "
/etc/rc.conf_mount_ro
echo "done"
}
check_upgrade_status() {
if [ $STRICT_UPGRADE_NEEDED -lt 1 ]; then
echo
# If strict upgrades are not turned on
# allow the user to upgrade in the same
# series aka combined upgrade. These
# upgrades are generally much larger.
GREPPED=`echo $VERSION | grep $PREVIOUS_VERSION | wc -l`
if [ $GREPPED -lt 1 ]; then
echo "This upgrades $PREVIOUS_VERSION series only."
exit
else
echo "$PREVIOUS_VERSION detected. Beginning update."
fi
else
# Require strict upgrade. These upgrades
# require a strict previous version to ensure
# that the correct files are put into place.
# These upgrades can save space over a period
# of time.
if [ $VERSION != $PREVIOUS_VERSION ]; then
echo "This upgrades version $PREVIOUS_VERSION strict only."
exit
else
echo "$PREVIOUS_VERSION detected. Beginning update."
fi
fi
}
alert_reboot_needed() {
if [ $KERNEL_UPDATE_NEEDED -gt 0 ]; then
echo
echo "NOTE! This upgrade will reboot pfSense after completion!"
echo
echo -n "CTRL-C now if this is a problem. Upgrade will start in 10 seconds."
sleep 5
echo -n "."
sleep 5
echo "."
echo
if [ -f /usr/bin/clear ]; then
/usr/bin/clear
fi
fi
echo
echo "Beginning upgrade and setting reboot needed flag."
echo
}
show_version_status() {
echo -n "Old version: "
echo $VERSION
echo -n "New version: "
cat /etc/version
}
reboot_if_needed() {
if [ $KERNEL_UPDATE_NEEDED -gt 0 ]; then
echo
echo -n "Rebooting in 4.."
sleep 1
echo -n "3.."
sleep 1
echo -n "2."
sleep 1
echo -n "1."
sync
echo "."
sync
shutdown -r now
fi
}
welcome() {
echo
echo "-----------------------------------------------------------------------"
echo " Welcome to the pfSense generic upgrade script"
echo "-----------------------------------------------------------------------"
echo
echo "In a moment we will begin the upgrade to ${TARGET_VERSION}..."
echo
echo "Please note that this upgrade will not verify a digital signature"
echo "during the upgrade but will verify CRC signatures during compression"
echo "extraction."
echo
echo -n "If you find this to be a problem, please press CTRL-C now"
sleep 2
echo -n "."
sleep 2
echo -n "."
sleep 2
echo -n "."
sleep 2
echo -n "."
sleep 2
echo "."
sleep 1
}
handle_arguments
check_upgrade_status
welcome
alert_reboot_needed
rw
remove_old
ensure_exists
backup
backup_kernel
update
update_kernel
reload_filter
test_filter_status
ro
show_version_status
restart_webserver
reboot_if_needed