freebsd-update.sh revision 161748
1204477Ssimon#!/bin/sh 2204477Ssimon 3204477Ssimon#- 4204477Ssimon# Copyright 2004-2006 Colin Percival 5204477Ssimon# All rights reserved 6204477Ssimon# 7204477Ssimon# Redistribution and use in source and binary forms, with or without 8280297Sjkim# modification, are permitted providing that the following conditions 9204477Ssimon# are met: 10204477Ssimon# 1. Redistributions of source code must retain the above copyright 11204477Ssimon# notice, this list of conditions and the following disclaimer. 12204477Ssimon# 2. Redistributions in binary form must reproduce the above copyright 13204477Ssimon# notice, this list of conditions and the following disclaimer in the 14204477Ssimon# documentation and/or other materials provided with the distribution. 15280297Sjkim# 16204477Ssimon# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17204477Ssimon# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18204477Ssimon# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19204477Ssimon# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20204477Ssimon# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21204477Ssimon# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22280297Sjkim# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23204477Ssimon# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24204477Ssimon# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 25204477Ssimon# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26204477Ssimon# POSSIBILITY OF SUCH DAMAGE. 27204477Ssimon 28204477Ssimon# $FreeBSD: head/usr.sbin/freebsd-update/freebsd-update.sh 161748 2006-08-31 09:51:34Z cperciva $ 29204477Ssimon 30204477Ssimon#### Usage function -- called from command-line handling code. 31204477Ssimon 32204477Ssimon# Usage instructions. Options not listed: 33204477Ssimon# --debug -- don't filter output from utilities 34204477Ssimon# --no-stats -- don't show progress statistics while fetching files 35204477Ssimonusage () { 36204477Ssimon cat <<EOF 37280297Sjkimusage: `basename $0` [options] command ... [path] 38204477Ssimon 39204477SsimonOptions: 40280297Sjkim -b basedir -- Operate on a system mounted at basedir 41204477Ssimon (default: /) 42204477Ssimon -d workdir -- Store working files in workdir 43204477Ssimon (default: /var/db/freebsd-update/) 44204477Ssimon -f conffile -- Read configuration options from conffile 45204477Ssimon (default: /etc/freebsd-update.conf) 46204477Ssimon -k KEY -- Trust an RSA key with SHA256 hash of KEY 47204477Ssimon -s server -- Server from which to fetch updates 48204477Ssimon (default: update.FreeBSD.org) 49204477Ssimon -t address -- Mail output of cron command, if any, to address 50204477Ssimon (default: root) 51204477SsimonCommands: 52280297Sjkim fetch -- Fetch updates from server 53204477Ssimon cron -- Sleep rand(3600) seconds, fetch updates, and send an 54204477Ssimon email if updates were found 55204477Ssimon install -- Install downloaded updates 56204477Ssimon rollback -- Uninstall most recently installed updates 57204477SsimonEOF 58204477Ssimon exit 0 59204477Ssimon} 60204477Ssimon 61204477Ssimon#### Configuration processing functions 62204477Ssimon 63204477Ssimon#- 64204477Ssimon# Configuration options are set in the following order of priority: 65204477Ssimon# 1. Command line options 66280297Sjkim# 2. Configuration file options 67204477Ssimon# 3. Default options 68204477Ssimon# In addition, certain options (e.g., IgnorePaths) can be specified multiple 69204477Ssimon# times and (as long as these are all in the same place, e.g., inside the 70204477Ssimon# configuration file) they will accumulate. Finally, because the path to the 71204477Ssimon# configuration file can be specified at the command line, the entire command 72204477Ssimon# line must be processed before we start reading the configuration file. 73204477Ssimon# 74204477Ssimon# Sound like a mess? It is. Here's how we handle this: 75204477Ssimon# 1. Initialize CONFFILE and all the options to "". 76204477Ssimon# 2. Process the command line. Throw an error if a non-accumulating option 77204477Ssimon# is specified twice. 78204477Ssimon# 3. If CONFFILE is "", set CONFFILE to /etc/freebsd-update.conf . 79204477Ssimon# 4. For all the configuration options X, set X_saved to X. 80204477Ssimon# 5. Initialize all the options to "". 81204477Ssimon# 6. Read CONFFILE line by line, parsing options. 82204477Ssimon# 7. For each configuration option X, set X to X_saved iff X_saved is not "". 83204477Ssimon# 8. Repeat steps 4-7, except setting options to their default values at (6). 84204477Ssimon 85204477SsimonCONFIGOPTIONS="KEYPRINT WORKDIR SERVERNAME MAILTO ALLOWADD ALLOWDELETE 86204477Ssimon KEEPMODIFIEDMETADATA COMPONENTS IGNOREPATHS UPDATEIFUNMODIFIED 87204477Ssimon BASEDIR VERBOSELEVEL" 88204477Ssimon 89204477Ssimon# Set all the configuration options to "". 90204477Ssimonnullconfig () { 91204477Ssimon for X in ${CONFIGOPTIONS}; do 92204477Ssimon eval ${X}="" 93204477Ssimon done 94204477Ssimon} 95204477Ssimon 96204477Ssimon# For each configuration option X, set X_saved to X. 97204477Ssimonsaveconfig () { 98204477Ssimon for X in ${CONFIGOPTIONS}; do 99204477Ssimon eval ${X}_saved=\$${X} 100204477Ssimon done 101204477Ssimon} 102204477Ssimon 103204477Ssimon# For each configuration option X, set X to X_saved if X_saved is not "". 104204477Ssimonmergeconfig () { 105204477Ssimon for X in ${CONFIGOPTIONS}; do 106204477Ssimon eval _=\$${X}_saved 107204477Ssimon if ! [ -z "${_}" ]; then 108204477Ssimon eval ${X}=\$${X}_saved 109204477Ssimon fi 110204477Ssimon done 111204477Ssimon} 112204477Ssimon 113204477Ssimon# Set the trusted keyprint. 114204477Ssimonconfig_KeyPrint () { 115204477Ssimon if [ -z ${KEYPRINT} ]; then 116204477Ssimon KEYPRINT=$1 117280297Sjkim else 118280297Sjkim return 1 119280297Sjkim fi 120280297Sjkim} 121280297Sjkim 122280297Sjkim# Set the working directory. 123204477Ssimonconfig_WorkDir () { 124280297Sjkim if [ -z ${WORKDIR} ]; then 125280297Sjkim WORKDIR=$1 126204477Ssimon else 127280297Sjkim return 1 128204477Ssimon fi 129204477Ssimon} 130204477Ssimon 131280297Sjkim# Set the name of the server (pool) from which to fetch updates 132204477Ssimonconfig_ServerName () { 133280297Sjkim if [ -z ${SERVERNAME} ]; then 134280297Sjkim SERVERNAME=$1 135204477Ssimon else 136280297Sjkim return 1 137204477Ssimon fi 138280297Sjkim} 139280297Sjkim 140204477Ssimon# Set the address to which 'cron' output will be mailed. 141280297Sjkimconfig_MailTo () { 142204477Ssimon if [ -z ${MAILTO} ]; then 143280297Sjkim MAILTO=$1 144280297Sjkim else 145280297Sjkim return 1 146204477Ssimon fi 147280297Sjkim} 148280297Sjkim 149204477Ssimon# Set whether FreeBSD Update is allowed to add files (or directories, or 150204477Ssimon# symlinks) which did not previously exist. 151204477Ssimonconfig_AllowAdd () { 152280297Sjkim if [ -z ${ALLOWADD} ]; then 153280297Sjkim case $1 in 154280297Sjkim [Yy][Ee][Ss]) 155280297Sjkim ALLOWADD=yes 156204477Ssimon ;; 157280297Sjkim [Nn][Oo]) 158204477Ssimon ALLOWADD=no 159204477Ssimon ;; 160204477Ssimon *) 161204477Ssimon return 1 162280297Sjkim ;; 163280297Sjkim esac 164280297Sjkim else 165280297Sjkim return 1 166204477Ssimon fi 167280297Sjkim} 168204477Ssimon 169204477Ssimon# Set whether FreeBSD Update is allowed to remove files/directories/symlinks. 170280297Sjkimconfig_AllowDelete () { 171280297Sjkim if [ -z ${ALLOWDELETE} ]; then 172280297Sjkim case $1 in 173280297Sjkim [Yy][Ee][Ss]) 174204477Ssimon ALLOWDELETE=yes 175280297Sjkim ;; 176280297Sjkim [Nn][Oo]) 177280297Sjkim ALLOWDELETE=no 178280297Sjkim ;; 179280297Sjkim *) 180280297Sjkim return 1 181280297Sjkim ;; 182204477Ssimon esac 183280297Sjkim else 184204477Ssimon return 1 185204477Ssimon fi 186280297Sjkim} 187204477Ssimon 188204477Ssimon# Set whether FreeBSD Update should keep existing inode ownership, 189280297Sjkim# permissions, and flags, in the event that they have been modified locally 190204477Ssimon# after the release. 191204477Ssimonconfig_KeepModifiedMetadata () { 192280297Sjkim if [ -z ${KEEPMODIFIEDMETADATA} ]; then 193204477Ssimon case $1 in 194204477Ssimon [Yy][Ee][Ss]) 195204477Ssimon KEEPMODIFIEDMETADATA=yes 196280297Sjkim ;; 197280297Sjkim [Nn][Oo]) 198280297Sjkim KEEPMODIFIEDMETADATA=no 199280297Sjkim ;; 200280297Sjkim *) 201280297Sjkim return 1 202280297Sjkim ;; 203204477Ssimon esac 204280297Sjkim else 205280297Sjkim return 1 206204477Ssimon fi 207280297Sjkim} 208280297Sjkim 209204477Ssimon# Add to the list of components which should be kept updated. 210204477Ssimonconfig_Components () { 211204477Ssimon for C in $@; do 212280297Sjkim COMPONENTS="${COMPONENTS} ${C}" 213204477Ssimon done 214204477Ssimon} 215204477Ssimon 216280297Sjkim# Add to the list of paths under which updates will be ignored. 217204477Ssimonconfig_IgnorePaths () { 218280297Sjkim for C in $@; do 219280297Sjkim IGNOREPATHS="${IGNOREPATHS} ${C}" 220204477Ssimon done 221204477Ssimon} 222204477Ssimon 223280297Sjkim# Add to the list of paths within which updates will be performed only if the 224280297Sjkim# file on disk has not been modified locally. 225280297Sjkimconfig_UpdateIfUnmodified () { 226280297Sjkim for C in $@; do 227280297Sjkim UPDATEIFUNMODIFIED="${UPDATEIFUNMODIFIED} ${C}" 228280297Sjkim done 229280297Sjkim} 230280297Sjkim 231280297Sjkim# Work on a FreeBSD installation mounted under $1 232204477Ssimonconfig_BaseDir () { 233280297Sjkim if [ -z ${BASEDIR} ]; then 234280297Sjkim BASEDIR=$1 235280297Sjkim else 236280297Sjkim return 1 237204477Ssimon fi 238204477Ssimon} 239204477Ssimon 240204477Ssimon# Define what happens to output of utilities 241204477Ssimonconfig_VerboseLevel () { 242280297Sjkim if [ -z ${VERBOSELEVEL} ]; then 243204477Ssimon case $1 in 244280297Sjkim [Dd][Ee][Bb][Uu][Gg]) 245280297Sjkim VERBOSELEVEL=debug 246280297Sjkim ;; 247280297Sjkim [Nn][Oo][Ss][Tt][Aa][Tt][Ss]) 248204477Ssimon VERBOSELEVEL=nostats 249280297Sjkim ;; 250204477Ssimon [Ss][Tt][Aa][Tt][Ss]) 251204477Ssimon VERBOSELEVEL=stats 252204477Ssimon ;; 253204477Ssimon *) 254280297Sjkim return 1 255280297Sjkim ;; 256280297Sjkim esac 257280297Sjkim else 258204477Ssimon return 1 259280297Sjkim fi 260280297Sjkim} 261204477Ssimon 262280297Sjkim# Handle one line of configuration 263280297Sjkimconfigline () { 264280297Sjkim if [ $# -eq 0 ]; then 265280297Sjkim return 266204477Ssimon fi 267280297Sjkim 268204477Ssimon OPT=$1 269280297Sjkim shift 270280297Sjkim config_${OPT} $@ 271280297Sjkim} 272280297Sjkim 273280297Sjkim#### Parameter handling functions. 274204477Ssimon 275280297Sjkim# Initialize parameters to null, just in case they're 276204477Ssimon# set in the environment. 277204477Ssimoninit_params () { 278280297Sjkim # Configration settings 279280297Sjkim nullconfig 280280297Sjkim 281280297Sjkim # No configuration file set yet 282280297Sjkim CONFFILE="" 283204477Ssimon 284280297Sjkim # No commands specified yet 285204477Ssimon COMMANDS="" 286204477Ssimon} 287280297Sjkim 288204477Ssimon# Parse the command line 289280297Sjkimparse_cmdline () { 290204477Ssimon while [ $# -gt 0 ]; do 291204477Ssimon case "$1" in 292280297Sjkim # Location of configuration file 293 -f) 294 if [ $# -eq 1 ]; then usage; fi 295 if [ ! -z "${CONFFILE}" ]; then usage; fi 296 shift; CONFFILE="$1" 297 ;; 298 299 # Configuration file equivalents 300 -b) 301 if [ $# -eq 1 ]; then usage; fi; shift 302 config_BaseDir $1 || usage 303 ;; 304 -d) 305 if [ $# -eq 1 ]; then usage; fi; shift 306 config_WorkDir $1 || usage 307 ;; 308 -k) 309 if [ $# -eq 1 ]; then usage; fi; shift 310 config_KeyPrint $1 || usage 311 ;; 312 -s) 313 if [ $# -eq 1 ]; then usage; fi; shift 314 config_ServerName $1 || usage 315 ;; 316 -t) 317 if [ $# -eq 1 ]; then usage; fi; shift 318 config_MailTo $1 || usage 319 ;; 320 -v) 321 if [ $# -eq 1 ]; then usage; fi; shift 322 config_VerboseLevel $1 || usage 323 ;; 324 325 # Aliases for "-v debug" and "-v nostats" 326 --debug) 327 config_VerboseLevel debug || usage 328 ;; 329 --no-stats) 330 config_VerboseLevel nostats || usage 331 ;; 332 333 # Commands 334 cron | fetch | install | rollback) 335 COMMANDS="${COMMANDS} $1" 336 ;; 337 338 # Anything else is an error 339 *) 340 usage 341 ;; 342 esac 343 shift 344 done 345 346 # Make sure we have at least one command 347 if [ -z "${COMMANDS}" ]; then 348 usage 349 fi 350} 351 352# Parse the configuration file 353parse_conffile () { 354 # If a configuration file was specified on the command line, check 355 # that it exists and is readable. 356 if [ ! -z "${CONFFILE}" ] && [ ! -r "${CONFFILE}" ]; then 357 echo -n "File does not exist " 358 echo -n "or is not readable: " 359 echo ${CONFFILE} 360 exit 1 361 fi 362 363 # If a configuration file was not specified on the command line, 364 # use the default configuration file path. If that default does 365 # not exist, give up looking for any configuration. 366 if [ -z "${CONFFILE}" ]; then 367 CONFFILE="/etc/freebsd-update.conf" 368 if [ ! -r "${CONFFILE}" ]; then 369 return 370 fi 371 fi 372 373 # Save the configuration options specified on the command line, and 374 # clear all the options in preparation for reading the config file. 375 saveconfig 376 nullconfig 377 378 # Read the configuration file. Anything after the first '#' is 379 # ignored, and any blank lines are ignored. 380 L=0 381 while read LINE; do 382 L=$(($L + 1)) 383 LINEX=`echo "${LINE}" | cut -f 1 -d '#'` 384 if ! configline ${LINEX}; then 385 echo "Error processing configuration file, line $L:" 386 echo "==> ${LINE}" 387 exit 1 388 fi 389 done < ${CONFFILE} 390 391 # Merge the settings read from the configuration file with those 392 # provided at the command line. 393 mergeconfig 394} 395 396# Provide some default parameters 397default_params () { 398 # Save any parameters already configured, and clear the slate 399 saveconfig 400 nullconfig 401 402 # Default configurations 403 config_WorkDir /var/db/freebsd-update 404 config_MailTo root 405 config_AllowAdd yes 406 config_AllowDelete yes 407 config_KeepModifiedMetadata yes 408 config_BaseDir / 409 config_VerboseLevel stats 410 411 # Merge these defaults into the earlier-configured settings 412 mergeconfig 413} 414 415# Set utility output filtering options, based on ${VERBOSELEVEL} 416fetch_setup_verboselevel () { 417 case ${VERBOSELEVEL} in 418 debug) 419 QUIETREDIR="/dev/stderr" 420 QUIETFLAG=" " 421 STATSREDIR="/dev/stderr" 422 DDSTATS=".." 423 XARGST="-t" 424 NDEBUG=" " 425 ;; 426 nostats) 427 QUIETREDIR="" 428 QUIETFLAG="" 429 STATSREDIR="/dev/null" 430 DDSTATS=".." 431 XARGST="" 432 NDEBUG="" 433 ;; 434 stats) 435 QUIETREDIR="/dev/null" 436 QUIETFLAG="-q" 437 STATSREDIR="/dev/stdout" 438 DDSTATS="" 439 XARGST="" 440 NDEBUG="-n" 441 ;; 442 esac 443} 444 445# Perform sanity checks and set some final parameters 446# in preparation for fetching files. Figure out which 447# set of updates should be downloaded: If the user is 448# running *-p[0-9]+, strip off the last part; if the 449# user is running -SECURITY, call it -RELEASE. Chdir 450# into the working directory. 451fetch_check_params () { 452 export HTTP_USER_AGENT="freebsd-update (${COMMAND}, `uname -r`)" 453 454 _SERVERNAME_z=\ 455"SERVERNAME must be given via command line or configuration file." 456 _KEYPRINT_z="Key must be given via -k option or configuration file." 457 _KEYPRINT_bad="Invalid key fingerprint: " 458 _WORKDIR_bad="Directory does not exist or is not writable: " 459 460 if [ -z "${SERVERNAME}" ]; then 461 echo -n "`basename $0`: " 462 echo "${_SERVERNAME_z}" 463 exit 1 464 fi 465 if [ -z "${KEYPRINT}" ]; then 466 echo -n "`basename $0`: " 467 echo "${_KEYPRINT_z}" 468 exit 1 469 fi 470 if ! echo "${KEYPRINT}" | grep -qE "^[0-9a-f]{64}$"; then 471 echo -n "`basename $0`: " 472 echo -n "${_KEYPRINT_bad}" 473 echo ${KEYPRINT} 474 exit 1 475 fi 476 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then 477 echo -n "`basename $0`: " 478 echo -n "${_WORKDIR_bad}" 479 echo ${WORKDIR} 480 exit 1 481 fi 482 cd ${WORKDIR} || exit 1 483 484 # Generate release number. The s/SECURITY/RELEASE/ bit exists 485 # to provide an upgrade path for FreeBSD Update 1.x users, since 486 # the kernels provided by FreeBSD Update 1.x are always labelled 487 # as X.Y-SECURITY. 488 RELNUM=`uname -r | 489 sed -E 's,-p[0-9]+,,' | 490 sed -E 's,-SECURITY,-RELEASE,'` 491 ARCH=`uname -m` 492 FETCHDIR=${RELNUM}/${ARCH} 493 494 # Figure out what directory contains the running kernel 495 BOOTFILE=`sysctl -n kern.bootfile` 496 KERNELDIR=${BOOTFILE%/kernel} 497 if ! [ -d ${KERNELDIR} ]; then 498 echo "Cannot identify running kernel" 499 exit 1 500 fi 501 502 # Define some paths 503 BSPATCH=/usr/bin/bspatch 504 SHA256=/sbin/sha256 505 PHTTPGET=/usr/libexec/phttpget 506 507 # Set up variables relating to VERBOSELEVEL 508 fetch_setup_verboselevel 509 510 # Construct a unique name from ${BASEDIR} 511 BDHASH=`echo ${BASEDIR} | sha256 -q` 512} 513 514# Perform sanity checks and set some final parameters in 515# preparation for installing updates. 516install_check_params () { 517 # Check that we are root. All sorts of things won't work otherwise. 518 if [ `id -u` != 0 ]; then 519 echo "You must be root to run this." 520 exit 1 521 fi 522 523 # Check that we have a working directory 524 _WORKDIR_bad="Directory does not exist or is not writable: " 525 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then 526 echo -n "`basename $0`: " 527 echo -n "${_WORKDIR_bad}" 528 echo ${WORKDIR} 529 exit 1 530 fi 531 cd ${WORKDIR} || exit 1 532 533 # Construct a unique name from ${BASEDIR} 534 BDHASH=`echo ${BASEDIR} | sha256 -q` 535 536 # Check that we have updates ready to install 537 if ! [ -L ${BDHASH}-install ]; then 538 echo "No updates are available to install." 539 echo "Run '$0 fetch' first." 540 exit 1 541 fi 542 if ! [ -f ${BDHASH}-install/INDEX-OLD ] || 543 ! [ -f ${BDHASH}-install/INDEX-NEW ]; then 544 echo "Update manifest is corrupt -- this should never happen." 545 echo "Re-run '$0 fetch'." 546 exit 1 547 fi 548} 549 550# Perform sanity checks and set some final parameters in 551# preparation for UNinstalling updates. 552rollback_check_params () { 553 # Check that we are root. All sorts of things won't work otherwise. 554 if [ `id -u` != 0 ]; then 555 echo "You must be root to run this." 556 exit 1 557 fi 558 559 # Check that we have a working directory 560 _WORKDIR_bad="Directory does not exist or is not writable: " 561 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then 562 echo -n "`basename $0`: " 563 echo -n "${_WORKDIR_bad}" 564 echo ${WORKDIR} 565 exit 1 566 fi 567 cd ${WORKDIR} || exit 1 568 569 # Construct a unique name from ${BASEDIR} 570 BDHASH=`echo ${BASEDIR} | sha256 -q` 571 572 # Check that we have updates ready to rollback 573 if ! [ -L ${BDHASH}-rollback ]; then 574 echo "No rollback directory found." 575 exit 1 576 fi 577 if ! [ -f ${BDHASH}-rollback/INDEX-OLD ] || 578 ! [ -f ${BDHASH}-rollback/INDEX-NEW ]; then 579 echo "Update manifest is corrupt -- this should never happen." 580 exit 1 581 fi 582} 583 584#### Core functionality -- the actual work gets done here 585 586# Use an SRV query to pick a server. If the SRV query doesn't provide 587# a useful answer, use the server name specified by the user. 588# Put another way... look up _http._tcp.${SERVERNAME} and pick a server 589# from that; or if no servers are returned, use ${SERVERNAME}. 590# This allows a user to specify "portsnap.freebsd.org" (in which case 591# portsnap will select one of the mirrors) or "portsnap5.tld.freebsd.org" 592# (in which case portsnap will use that particular server, since there 593# won't be an SRV entry for that name). 594# 595# We ignore the Port field, since we are always going to use port 80. 596 597# Fetch the mirror list, but do not pick a mirror yet. Returns 1 if 598# no mirrors are available for any reason. 599fetch_pick_server_init () { 600 : > serverlist_tried 601 602# Check that host(1) exists (i.e., that the system wasn't built with the 603# WITHOUT_BIND set) and don't try to find a mirror if it doesn't exist. 604 if ! which -s host; then 605 : > serverlist_full 606 return 1 607 fi 608 609 echo -n "Looking up ${SERVERNAME} mirrors... " 610 611# Issue the SRV query and pull out the Priority, Weight, and Target fields. 612# BIND 9 prints "$name has SRV record ..." while BIND 8 prints 613# "$name server selection ..."; we allow either format. 614 MLIST="_http._tcp.${SERVERNAME}" 615 host -t srv "${MLIST}" | 616 sed -nE "s/${MLIST} (has SRV record|server selection) //p" | 617 cut -f 1,2,4 -d ' ' | 618 sed -e 's/\.$//' | 619 sort > serverlist_full 620 621# If no records, give up -- we'll just use the server name we were given. 622 if [ `wc -l < serverlist_full` -eq 0 ]; then 623 echo "none found." 624 return 1 625 fi 626 627# Report how many mirrors we found. 628 echo `wc -l < serverlist_full` "mirrors found." 629 630# Generate a random seed for use in picking mirrors. If HTTP_PROXY 631# is set, this will be used to generate the seed; otherwise, the seed 632# will be random. 633 if [ -n "${HTTP_PROXY}${http_proxy}" ]; then 634 RANDVALUE=`sha256 -qs "${HTTP_PROXY}${http_proxy}" | 635 tr -d 'a-f' | 636 cut -c 1-9` 637 else 638 RANDVALUE=`jot -r 1 0 999999999` 639 fi 640} 641 642# Pick a mirror. Returns 1 if we have run out of mirrors to try. 643fetch_pick_server () { 644# Generate a list of not-yet-tried mirrors 645 sort serverlist_tried | 646 comm -23 serverlist_full - > serverlist 647 648# Have we run out of mirrors? 649 if [ `wc -l < serverlist` -eq 0 ]; then 650 echo "No mirrors remaining, giving up." 651 return 1 652 fi 653 654# Find the highest priority level (lowest numeric value). 655 SRV_PRIORITY=`cut -f 1 -d ' ' serverlist | sort -n | head -1` 656 657# Add up the weights of the response lines at that priority level. 658 SRV_WSUM=0; 659 while read X; do 660 case "$X" in 661 ${SRV_PRIORITY}\ *) 662 SRV_W=`echo $X | cut -f 2 -d ' '` 663 SRV_WSUM=$(($SRV_WSUM + $SRV_W)) 664 ;; 665 esac 666 done < serverlist 667 668# If all the weights are 0, pretend that they are all 1 instead. 669 if [ ${SRV_WSUM} -eq 0 ]; then 670 SRV_WSUM=`grep -E "^${SRV_PRIORITY} " serverlist | wc -l` 671 SRV_W_ADD=1 672 else 673 SRV_W_ADD=0 674 fi 675 676# Pick a value between 0 and the sum of the weights - 1 677 SRV_RND=`expr ${RANDVALUE} % ${SRV_WSUM}` 678 679# Read through the list of mirrors and set SERVERNAME. Write the line 680# corresponding to the mirror we selected into serverlist_tried so that 681# we won't try it again. 682 while read X; do 683 case "$X" in 684 ${SRV_PRIORITY}\ *) 685 SRV_W=`echo $X | cut -f 2 -d ' '` 686 SRV_W=$(($SRV_W + $SRV_W_ADD)) 687 if [ $SRV_RND -lt $SRV_W ]; then 688 SERVERNAME=`echo $X | cut -f 3 -d ' '` 689 echo "$X" >> serverlist_tried 690 break 691 else 692 SRV_RND=$(($SRV_RND - $SRV_W)) 693 fi 694 ;; 695 esac 696 done < serverlist 697} 698 699# Take a list of ${oldhash}|${newhash} and output a list of needed patches, 700# i.e., those for which we have ${oldhash} and don't have ${newhash}. 701fetch_make_patchlist () { 702 grep -vE "^([0-9a-f]{64})\|\1$" | 703 tr '|' ' ' | 704 while read X Y; do 705 if [ -f "files/${Y}.gz" ] || 706 [ ! -f "files/${X}.gz" ]; then 707 continue 708 fi 709 echo "${X}|${Y}" 710 done | uniq 711} 712 713# Print user-friendly progress statistics 714fetch_progress () { 715 LNC=0 716 while read x; do 717 LNC=$(($LNC + 1)) 718 if [ $(($LNC % 10)) = 0 ]; then 719 echo -n $LNC 720 elif [ $(($LNC % 2)) = 0 ]; then 721 echo -n . 722 fi 723 done 724 echo -n " " 725} 726 727# Initialize the working directory 728workdir_init () { 729 mkdir -p files 730 touch tINDEX.present 731} 732 733# Check that we have a public key with an appropriate hash, or 734# fetch the key if it doesn't exist. Returns 1 if the key has 735# not yet been fetched. 736fetch_key () { 737 if [ -r pub.ssl ] && [ `${SHA256} -q pub.ssl` = ${KEYPRINT} ]; then 738 return 0 739 fi 740 741 echo -n "Fetching public key from ${SERVERNAME}... " 742 rm -f pub.ssl 743 fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/pub.ssl \ 744 2>${QUIETREDIR} || true 745 if ! [ -r pub.ssl ]; then 746 echo "failed." 747 return 1 748 fi 749 if ! [ `${SHA256} -q pub.ssl` = ${KEYPRINT} ]; then 750 echo "key has incorrect hash." 751 rm -f pub.ssl 752 return 1 753 fi 754 echo "done." 755} 756 757# Fetch metadata signature, aka "tag". 758fetch_tag () { 759 echo ${NDEBUG} "Fetching metadata signature from ${SERVERNAME}... " 760 rm -f latest.ssl 761 fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/latest.ssl \ 762 2>${QUIETREDIR} || true 763 if ! [ -r latest.ssl ]; then 764 echo "failed." 765 return 1 766 fi 767 768 openssl rsautl -pubin -inkey pub.ssl -verify \ 769 < latest.ssl > tag.new 2>${QUIETREDIR} || true 770 rm latest.ssl 771 772 if ! [ `wc -l < tag.new` = 1 ] || 773 ! grep -qE \ 774 "^freebsd-update\|${ARCH}\|${RELNUM}\|[0-9]+\|[0-9a-f]{64}\|[0-9]{10}" \ 775 tag.new; then 776 echo "invalid signature." 777 return 1 778 fi 779 780 echo "done." 781 782 RELPATCHNUM=`cut -f 4 -d '|' < tag.new` 783 TINDEXHASH=`cut -f 5 -d '|' < tag.new` 784 EOLTIME=`cut -f 6 -d '|' < tag.new` 785} 786 787# Sanity-check the patch number in a tag, to make sure that we're not 788# going to "update" backwards and to prevent replay attacks. 789fetch_tagsanity () { 790 # Check that we're not going to move from -pX to -pY with Y < X. 791 RELPX=`uname -r | sed -E 's,.*-,,'` 792 if echo ${RELPX} | grep -qE '^p[0-9]+$'; then 793 RELPX=`echo ${RELPX} | cut -c 2-` 794 else 795 RELPX=0 796 fi 797 if [ "${RELPATCHNUM}" -lt "${RELPX}" ]; then 798 echo 799 echo -n "Files on mirror (${RELNUM}-p${RELPATCHNUM})" 800 echo " appear older than what" 801 echo "we are currently running (`uname -r`)!" 802 echo "Cowardly refusing to proceed any further." 803 return 1 804 fi 805 806 # If "tag" exists and corresponds to ${RELNUM}, make sure that 807 # it contains a patch number <= RELPATCHNUM, in order to protect 808 # against rollback (replay) attacks. 809 if [ -f tag ] && 810 grep -qE \ 811 "^freebsd-update\|${ARCH}\|${RELNUM}\|[0-9]+\|[0-9a-f]{64}\|[0-9]{10}" \ 812 tag; then 813 LASTRELPATCHNUM=`cut -f 4 -d '|' < tag` 814 815 if [ "${RELPATCHNUM}" -lt "${LASTRELPATCHNUM}" ]; then 816 echo 817 echo -n "Files on mirror (${RELNUM}-p${RELPATCHNUM})" 818 echo " are older than the" 819 echo -n "most recently seen updates" 820 echo " (${RELNUM}-p${LASTRELPATCHNUM})." 821 echo "Cowardly refusing to proceed any further." 822 return 1 823 fi 824 fi 825} 826 827# Fetch metadata index file 828fetch_metadata_index () { 829 echo ${NDEBUG} "Fetching metadata index... " 830 rm -f ${TINDEXHASH} 831 fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/t/${TINDEXHASH} 832 2>${QUIETREDIR} 833 if ! [ -f ${TINDEXHASH} ]; then 834 echo "failed." 835 return 1 836 fi 837 if [ `${SHA256} -q ${TINDEXHASH}` != ${TINDEXHASH} ]; then 838 echo "update metadata index corrupt." 839 return 1 840 fi 841 echo "done." 842} 843 844# Print an error message about signed metadata being bogus. 845fetch_metadata_bogus () { 846 echo 847 echo "The update metadata$1 is correctly signed, but" 848 echo "failed an integrity check." 849 echo "Cowardly refusing to proceed any further." 850 return 1 851} 852 853# Construct tINDEX.new by merging the lines named in $1 from ${TINDEXHASH} 854# with the lines not named in $@ from tINDEX.present (if that file exists). 855fetch_metadata_index_merge () { 856 for METAFILE in $@; do 857 if [ `grep -E "^${METAFILE}\|" ${TINDEXHASH} | wc -l` \ 858 -ne 1 ]; then 859 fetch_metadata_bogus " index" 860 return 1 861 fi 862 863 grep -E "${METAFILE}\|" ${TINDEXHASH} 864 done | 865 sort > tINDEX.wanted 866 867 if [ -f tINDEX.present ]; then 868 join -t '|' -v 2 tINDEX.wanted tINDEX.present | 869 sort -m - tINDEX.wanted > tINDEX.new 870 rm tINDEX.wanted 871 else 872 mv tINDEX.wanted tINDEX.new 873 fi 874} 875 876# Sanity check all the lines of tINDEX.new. Even if more metadata lines 877# are added by future versions of the server, this won't cause problems, 878# since the only lines which appear in tINDEX.new are the ones which we 879# specifically grepped out of ${TINDEXHASH}. 880fetch_metadata_index_sanity () { 881 if grep -qvE '^[0-9A-Z.-]+\|[0-9a-f]{64}$' tINDEX.new; then 882 fetch_metadata_bogus " index" 883 return 1 884 fi 885} 886 887# Sanity check the metadata file $1. 888fetch_metadata_sanity () { 889 # Some aliases to save space later: ${P} is a character which can 890 # appear in a path; ${M} is the four numeric metadata fields; and 891 # ${H} is a sha256 hash. 892 P="[-+./:=_[[:alnum:]]" 893 M="[0-9]+\|[0-9]+\|[0-9]+\|[0-9]+" 894 H="[0-9a-f]{64}" 895 896 # Check that the first four fields make sense. 897 if gunzip -c < files/$1.gz | 898 grep -qvE "^[a-z]+\|[0-9a-z]+\|${P}+\|[fdL-]\|"; then 899 fetch_metadata_bogus "" 900 return 1 901 fi 902 903 # Remove the first three fields. 904 gunzip -c < files/$1.gz | 905 cut -f 4- -d '|' > sanitycheck.tmp 906 907 # Sanity check entries with type 'f' 908 if grep -E '^f' sanitycheck.tmp | 909 grep -qvE "^f\|${M}\|${H}\|${P}*\$"; then 910 fetch_metadata_bogus "" 911 return 1 912 fi 913 914 # Sanity check entries with type 'd' 915 if grep -E '^d' sanitycheck.tmp | 916 grep -qvE "^d\|${M}\|\|\$"; then 917 fetch_metadata_bogus "" 918 return 1 919 fi 920 921 # Sanity check entries with type 'L' 922 if grep -E '^L' sanitycheck.tmp | 923 grep -qvE "^L\|${M}\|${P}*\|\$"; then 924 fetch_metadata_bogus "" 925 return 1 926 fi 927 928 # Sanity check entries with type '-' 929 if grep -E '^-' sanitycheck.tmp | 930 grep -qvE "^-\|\|\|\|\|\|"; then 931 fetch_metadata_bogus "" 932 return 1 933 fi 934 935 # Clean up 936 rm sanitycheck.tmp 937} 938 939# Fetch the metadata index and metadata files listed in $@, 940# taking advantage of metadata patches where possible. 941fetch_metadata () { 942 fetch_metadata_index || return 1 943 fetch_metadata_index_merge $@ || return 1 944 fetch_metadata_index_sanity || return 1 945 946 # Generate a list of wanted metadata patches 947 join -t '|' -o 1.2,2.2 tINDEX.present tINDEX.new | 948 fetch_make_patchlist > patchlist 949 950 if [ -s patchlist ]; then 951 # Attempt to fetch metadata patches 952 echo -n "Fetching `wc -l < patchlist | tr -d ' '` " 953 echo ${NDEBUG} "metadata patches.${DDSTATS}" 954 tr '|' '-' < patchlist | 955 lam -s "${FETCHDIR}/tp/" - -s ".gz" | 956 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \ 957 2>${STATSREDIR} | fetch_progress 958 echo "done." 959 960 # Attempt to apply metadata patches 961 echo -n "Applying metadata patches... " 962 tr '|' ' ' < patchlist | 963 while read X Y; do 964 if [ ! -f "${X}-${Y}.gz" ]; then continue; fi 965 gunzip -c < ${X}-${Y}.gz > diff 966 gunzip -c < files/${X}.gz > diff-OLD 967 968 # Figure out which lines are being added and removed 969 grep -E '^-' diff | 970 cut -c 2- | 971 while read PREFIX; do 972 look "${PREFIX}" diff-OLD 973 done | 974 sort > diff-rm 975 grep -E '^\+' diff | 976 cut -c 2- > diff-add 977 978 # Generate the new file 979 comm -23 diff-OLD diff-rm | 980 sort - diff-add > diff-NEW 981 982 if [ `${SHA256} -q diff-NEW` = ${Y} ]; then 983 mv diff-NEW files/${Y} 984 gzip -n files/${Y} 985 else 986 mv diff-NEW ${Y}.bad 987 fi 988 rm -f ${X}-${Y}.gz diff 989 rm -f diff-OLD diff-NEW diff-add diff-rm 990 done 2>${QUIETREDIR} 991 echo "done." 992 fi 993 994 # Update metadata without patches 995 cut -f 2 -d '|' < tINDEX.new | 996 while read Y; do 997 if [ ! -f "files/${Y}.gz" ]; then 998 echo ${Y}; 999 fi 1000 done > filelist 1001 1002 if [ -s filelist ]; then 1003 echo -n "Fetching `wc -l < filelist | tr -d ' '` " 1004 echo ${NDEBUG} "metadata files... " 1005 lam -s "${FETCHDIR}/m/" - -s ".gz" < filelist | 1006 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \ 1007 2>${QUIETREDIR} 1008 1009 while read Y; do 1010 if ! [ -f ${Y}.gz ]; then 1011 echo "failed." 1012 return 1 1013 fi 1014 if [ `gunzip -c < ${Y}.gz | 1015 ${SHA256} -q` = ${Y} ]; then 1016 mv ${Y}.gz files/${Y}.gz 1017 else 1018 echo "metadata is corrupt." 1019 return 1 1020 fi 1021 done < filelist 1022 echo "done." 1023 fi 1024 1025# Sanity-check the metadata files. 1026 cut -f 2 -d '|' tINDEX.new > filelist 1027 while read X; do 1028 fetch_metadata_sanity ${X} || return 1 1029 done < filelist 1030 1031# Remove files which are no longer needed 1032 cut -f 2 -d '|' tINDEX.present | 1033 sort > oldfiles 1034 cut -f 2 -d '|' tINDEX.new | 1035 sort | 1036 comm -13 - oldfiles | 1037 lam -s "files/" - -s ".gz" | 1038 xargs rm -f 1039 rm patchlist filelist oldfiles 1040 rm ${TINDEXHASH} 1041 1042# We're done! 1043 mv tINDEX.new tINDEX.present 1044 mv tag.new tag 1045 1046 return 0 1047} 1048 1049# Generated a filtered version of the metadata file $1 from the downloaded 1050# file, by fishing out the lines corresponding to components we're trying 1051# to keep updated, and then removing lines corresponding to paths we want 1052# to ignore. 1053fetch_filter_metadata () { 1054 METAHASH=`look "$1|" tINDEX.present | cut -f 2 -d '|'` 1055 gunzip -c < files/${METAHASH}.gz > $1.all 1056 1057 # Fish out the lines belonging to components we care about. 1058 # Canonicalize directory names by removing any trailing / in 1059 # order to avoid listing directories multiple times if they 1060 # belong to multiple components. Turning "/" into "" doesn't 1061 # matter, since we add a leading "/" when we use paths later. 1062 for C in ${COMPONENTS}; do 1063 look "`echo ${C} | tr '/' '|'`|" $1.all 1064 done | 1065 cut -f 3- -d '|' | 1066 sed -e 's,/|d|,|d|,' | 1067 sort -u > $1.tmp 1068 1069 # Figure out which lines to ignore and remove them. 1070 for X in ${IGNOREPATHS}; do 1071 grep -E "^${X}" $1.tmp 1072 done | 1073 sort -u | 1074 comm -13 - $1.tmp > $1 1075 1076 # Remove temporary files. 1077 rm $1.all $1.tmp 1078} 1079 1080# Filter the metadata file $1 by adding lines with 1081# /boot/`uname -i` 1082# replaced by 1083# /boot/kernel 1084# (or more generally, `sysctl -n kern.bootfile` minus the trailing "/kernel"). 1085fetch_filter_kernel_names () { 1086 grep ^/boot/`uname -i` $1 | 1087 sed -e "s,/boot/`uname -i`,${KERNELDIR}," | 1088 sort - $1 > $1.tmp 1089 mv $1.tmp $1 1090} 1091 1092# For all paths appearing in $1 or $3, inspect the system 1093# and generate $2 describing what is currently installed. 1094fetch_inspect_system () { 1095 # No errors yet... 1096 rm -f .err 1097 1098 # Tell the user why his disk is suddenly making lots of noise 1099 echo -n "Inspecting system... " 1100 1101 # Generate list of files to inspect 1102 cat $1 $3 | 1103 cut -f 1 -d '|' | 1104 sort -u > filelist 1105 1106 # Examine each file and output lines of the form 1107 # /path/to/file|type|device-inum|user|group|perm|flags|value 1108 # sorted by device and inode number. 1109 while read F; do 1110 # If the symlink/file/directory does not exist, record this. 1111 if ! [ -e ${BASEDIR}/${F} ]; then 1112 echo "${F}|-||||||" 1113 continue 1114 fi 1115 if ! [ -r ${BASEDIR}/${F} ]; then 1116 echo "Cannot read file: ${BASEDIR}/${F}" \ 1117 >/dev/stderr 1118 touch .err 1119 return 1 1120 fi 1121 1122 # Otherwise, output an index line. 1123 if [ -L ${BASEDIR}/${F} ]; then 1124 echo -n "${F}|L|" 1125 stat -n -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F}; 1126 readlink ${BASEDIR}/${F}; 1127 elif [ -f ${BASEDIR}/${F} ]; then 1128 echo -n "${F}|f|" 1129 stat -n -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F}; 1130 sha256 -q ${BASEDIR}/${F}; 1131 elif [ -d ${BASEDIR}/${F} ]; then 1132 echo -n "${F}|d|" 1133 stat -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F}; 1134 else 1135 echo "Unknown file type: ${BASEDIR}/${F}" \ 1136 >/dev/stderr 1137 touch .err 1138 return 1 1139 fi 1140 done < filelist | 1141 sort -k 3,3 -t '|' > $2.tmp 1142 rm filelist 1143 1144 # Check if an error occured during system inspection 1145 if [ -f .err ]; then 1146 return 1 1147 fi 1148 1149 # Convert to the form 1150 # /path/to/file|type|user|group|perm|flags|value|hlink 1151 # by resolving identical device and inode numbers into hard links. 1152 cut -f 1,3 -d '|' $2.tmp | 1153 sort -k 1,1 -t '|' | 1154 sort -s -u -k 2,2 -t '|' | 1155 join -1 2 -2 3 -t '|' - $2.tmp | 1156 awk -F \| -v OFS=\| \ 1157 '{ 1158 if (($2 == $3) || ($4 == "-")) 1159 print $3,$4,$5,$6,$7,$8,$9,"" 1160 else 1161 print $3,$4,$5,$6,$7,$8,$9,$2 1162 }' | 1163 sort > $2 1164 rm $2.tmp 1165 1166 # We're finished looking around 1167 echo "done." 1168} 1169 1170# For any paths matching ${UPDATEIFUNMODIFIED}, remove lines from $[123] 1171# which correspond to lines in $2 with hashes not matching $1 or $3. For 1172# entries in $2 marked "not present" (aka. type -), remove lines from $[123] 1173# unless there is a corresponding entry in $1. 1174fetch_filter_unmodified_notpresent () { 1175 # Figure out which lines of $1 and $3 correspond to bits which 1176 # should only be updated if they haven't changed, and fish out 1177 # the (path, type, value) tuples. 1178 # NOTE: We don't consider a file to be "modified" if it matches 1179 # the hash from $3. 1180 for X in ${UPDATEIFUNMODIFIED}; do 1181 grep -E "^${X}" $1 1182 grep -E "^${X}" $3 1183 done | 1184 cut -f 1,2,7 -d '|' | 1185 sort > $1-values 1186 1187 # Do the same for $2. 1188 for X in ${UPDATEIFUNMODIFIED}; do 1189 grep -E "^${X}" $2 1190 done | 1191 cut -f 1,2,7 -d '|' | 1192 sort > $2-values 1193 1194 # Any entry in $2-values which is not in $1-values corresponds to 1195 # a path which we need to remove from $1, $2, and $3. 1196 comm -13 $1-values $2-values > mlines 1197 rm $1-values $2-values 1198 1199 # Any lines in $2 which are not in $1 AND are "not present" lines 1200 # also belong in mlines. 1201 comm -13 $1 $2 | 1202 cut -f 1,2,7 -d '|' | 1203 fgrep '|-|' >> mlines 1204 1205 # Remove lines from $1, $2, and $3 1206 for X in $1 $2 $3; do 1207 sort -t '|' -k 1,1 ${X} > ${X}.tmp 1208 cut -f 1 -d '|' < mlines | 1209 sort | 1210 join -v 2 -t '|' - ${X}.tmp | 1211 sort > ${X} 1212 rm ${X}.tmp 1213 done 1214 1215 # Store a list of the modified files, for future reference 1216 fgrep -v '|-|' mlines | 1217 cut -f 1 -d '|' > modifiedfiles 1218 rm mlines 1219} 1220 1221# For each entry in $1 of type -, remove any corresponding 1222# entry from $2 if ${ALLOWADD} != "yes". Remove all entries 1223# of type - from $1. 1224fetch_filter_allowadd () { 1225 cut -f 1,2 -d '|' < $1 | 1226 fgrep '|-' | 1227 cut -f 1 -d '|' > filesnotpresent 1228 1229 if [ ${ALLOWADD} != "yes" ]; then 1230 sort < $2 | 1231 join -v 1 -t '|' - filesnotpresent | 1232 sort > $2.tmp 1233 mv $2.tmp $2 1234 fi 1235 1236 sort < $1 | 1237 join -v 1 -t '|' - filesnotpresent | 1238 sort > $1.tmp 1239 mv $1.tmp $1 1240 rm filesnotpresent 1241} 1242 1243# If ${ALLOWDELETE} != "yes", then remove any entries from $1 1244# which don't correspond to entries in $2. 1245fetch_filter_allowdelete () { 1246 # Produce a lists ${PATH}|${TYPE} 1247 for X in $1 $2; do 1248 cut -f 1-2 -d '|' < ${X} | 1249 sort -u > ${X}.nodes 1250 done 1251 1252 # Figure out which lines need to be removed from $1. 1253 if [ ${ALLOWDELETE} != "yes" ]; then 1254 comm -23 $1.nodes $2.nodes > $1.badnodes 1255 else 1256 : > $1.badnodes 1257 fi 1258 1259 # Remove the relevant lines from $1 1260 while read X; do 1261 look "${X}|" $1 1262 done < $1.badnodes | 1263 comm -13 - $1 > $1.tmp 1264 mv $1.tmp $1 1265 1266 rm $1.badnodes $1.nodes $2.nodes 1267} 1268 1269# If ${KEEPMODIFIEDMETADATA} == "yes", then for each entry in $2 1270# with metadata not matching any entry in $1, replace the corresponding 1271# line of $3 with one having the same metadata as the entry in $2. 1272fetch_filter_modified_metadata () { 1273 # Fish out the metadata from $1 and $2 1274 for X in $1 $2; do 1275 cut -f 1-6 -d '|' < ${X} > ${X}.metadata 1276 done 1277 1278 # Find the metadata we need to keep 1279 if [ ${KEEPMODIFIEDMETADATA} = "yes" ]; then 1280 comm -13 $1.metadata $2.metadata > keepmeta 1281 else 1282 : > keepmeta 1283 fi 1284 1285 # Extract the lines which we need to remove from $3, and 1286 # construct the lines which we need to add to $3. 1287 : > $3.remove 1288 : > $3.add 1289 while read LINE; do 1290 NODE=`echo "${LINE}" | cut -f 1-2 -d '|'` 1291 look "${NODE}|" $3 >> $3.remove 1292 look "${NODE}|" $3 | 1293 cut -f 7- -d '|' | 1294 lam -s "${LINE}|" - >> $3.add 1295 done < keepmeta 1296 1297 # Remove the specified lines and add the new lines. 1298 sort $3.remove | 1299 comm -13 - $3 | 1300 sort -u - $3.add > $3.tmp 1301 mv $3.tmp $3 1302 1303 rm keepmeta $1.metadata $2.metadata $3.add $3.remove 1304} 1305 1306# Remove lines from $1 and $2 which are identical; 1307# no need to update a file if it isn't changing. 1308fetch_filter_uptodate () { 1309 comm -23 $1 $2 > $1.tmp 1310 comm -13 $1 $2 > $2.tmp 1311 1312 mv $1.tmp $1 1313 mv $2.tmp $2 1314} 1315 1316# Prepare to fetch files: Generate a list of the files we need, 1317# copy the unmodified files we have into /files/, and generate 1318# a list of patches to download. 1319fetch_files_prepare () { 1320 # Tell the user why his disk is suddenly making lots of noise 1321 echo -n "Preparing to download files... " 1322 1323 # Reduce indices to ${PATH}|${HASH} pairs 1324 for X in $1 $2 $3; do 1325 cut -f 1,2,7 -d '|' < ${X} | 1326 fgrep '|f|' | 1327 cut -f 1,3 -d '|' | 1328 sort > ${X}.hashes 1329 done 1330 1331 # List of files wanted 1332 cut -f 2 -d '|' < $3.hashes | 1333 sort -u > files.wanted 1334 1335 # Generate a list of unmodified files 1336 comm -12 $1.hashes $2.hashes | 1337 sort -k 1,1 -t '|' > unmodified.files 1338 1339 # Copy all files into /files/. We only need the unmodified files 1340 # for use in patching; but we'll want all of them if the user asks 1341 # to rollback the updates later. 1342 cut -f 1 -d '|' < $2.hashes | 1343 while read F; do 1344 cp "${BASEDIR}/${F}" tmpfile 1345 gzip -c < tmpfile > files/`sha256 -q tmpfile`.gz 1346 rm tmpfile 1347 done 1348 1349 # Produce a list of patches to download 1350 sort -k 1,1 -t '|' $3.hashes | 1351 join -t '|' -o 2.2,1.2 - unmodified.files | 1352 fetch_make_patchlist > patchlist 1353 1354 # Garbage collect 1355 rm unmodified.files $1.hashes $2.hashes $3.hashes 1356 1357 # We don't need the list of possible old files any more. 1358 rm $1 1359 1360 # We're finished making noise 1361 echo "done." 1362} 1363 1364# Fetch files. 1365fetch_files () { 1366 # Attempt to fetch patches 1367 if [ -s patchlist ]; then 1368 echo -n "Fetching `wc -l < patchlist | tr -d ' '` " 1369 echo ${NDEBUG} "patches.${DDSTATS}" 1370 tr '|' '-' < patchlist | 1371 lam -s "${FETCHDIR}/bp/" - | 1372 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \ 1373 2>${STATSREDIR} | fetch_progress 1374 echo "done." 1375 1376 # Attempt to apply patches 1377 echo -n "Applying patches... " 1378 tr '|' ' ' < patchlist | 1379 while read X Y; do 1380 if [ ! -f "${X}-${Y}" ]; then continue; fi 1381 gunzip -c < files/${X}.gz > OLD 1382 1383 bspatch OLD NEW ${X}-${Y} 1384 1385 if [ `${SHA256} -q NEW` = ${Y} ]; then 1386 mv NEW files/${Y} 1387 gzip -n files/${Y} 1388 fi 1389 rm -f diff OLD NEW ${X}-${Y} 1390 done 2>${QUIETREDIR} 1391 echo "done." 1392 fi 1393 1394 # Download files which couldn't be generate via patching 1395 while read Y; do 1396 if [ ! -f "files/${Y}.gz" ]; then 1397 echo ${Y}; 1398 fi 1399 done < files.wanted > filelist 1400 1401 if [ -s filelist ]; then 1402 echo -n "Fetching `wc -l < filelist | tr -d ' '` " 1403 echo ${NDEBUG} "files... " 1404 lam -s "${FETCHDIR}/f/" - -s ".gz" < filelist | 1405 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \ 1406 2>${QUIETREDIR} 1407 1408 while read Y; do 1409 if ! [ -f ${Y}.gz ]; then 1410 echo "failed." 1411 return 1 1412 fi 1413 if [ `gunzip -c < ${Y}.gz | 1414 ${SHA256} -q` = ${Y} ]; then 1415 mv ${Y}.gz files/${Y}.gz 1416 else 1417 echo "${Y} has incorrect hash." 1418 return 1 1419 fi 1420 done < filelist 1421 echo "done." 1422 fi 1423 1424 # Clean up 1425 rm files.wanted filelist patchlist 1426} 1427 1428# Create and populate install manifest directory; and report what updates 1429# are available. 1430fetch_create_manifest () { 1431 # If we have an existing install manifest, nuke it. 1432 if [ -L "${BDHASH}-install" ]; then 1433 rm -r ${BDHASH}-install/ 1434 rm ${BDHASH}-install 1435 fi 1436 1437 # Report to the user if any updates were avoided due to local changes 1438 if [ -s modifiedfiles ]; then 1439 echo 1440 echo -n "The following files are affected by updates, " 1441 echo "but no changes have" 1442 echo -n "been downloaded because the files have been " 1443 echo "modified locally:" 1444 cat modifiedfiles 1445 fi 1446 rm modifiedfiles 1447 1448 # If no files will be updated, tell the user and exit 1449 if ! [ -s INDEX-PRESENT ] && 1450 ! [ -s INDEX-NEW ]; then 1451 rm INDEX-PRESENT INDEX-NEW 1452 echo 1453 echo -n "No updates needed to update system to " 1454 echo "${RELNUM}-p${RELPATCHNUM}." 1455 return 1456 fi 1457 1458 # Divide files into (a) removed files, (b) added files, and 1459 # (c) updated files. 1460 cut -f 1 -d '|' < INDEX-PRESENT | 1461 sort > INDEX-PRESENT.flist 1462 cut -f 1 -d '|' < INDEX-NEW | 1463 sort > INDEX-NEW.flist 1464 comm -23 INDEX-PRESENT.flist INDEX-NEW.flist > files.removed 1465 comm -13 INDEX-PRESENT.flist INDEX-NEW.flist > files.added 1466 comm -12 INDEX-PRESENT.flist INDEX-NEW.flist > files.updated 1467 rm INDEX-PRESENT.flist INDEX-NEW.flist 1468 1469 # Report removed files, if any 1470 if [ -s files.removed ]; then 1471 echo 1472 echo -n "The following files will be removed " 1473 echo "as part of updating to ${RELNUM}-p${RELPATCHNUM}:" 1474 cat files.removed 1475 fi 1476 rm files.removed 1477 1478 # Report added files, if any 1479 if [ -s files.added ]; then 1480 echo 1481 echo -n "The following files will be added " 1482 echo "as part of updating to ${RELNUM}-p${RELPATCHNUM}:" 1483 cat files.added 1484 fi 1485 rm files.added 1486 1487 # Report updated files, if any 1488 if [ -s files.updated ]; then 1489 echo 1490 echo -n "The following files will be updated " 1491 echo "as part of updating to ${RELNUM}-p${RELPATCHNUM}:" 1492 1493 cat files.updated 1494 fi 1495 rm files.updated 1496 1497 # Create a directory for the install manifest. 1498 MDIR=`mktemp -d install.XXXXXX` || return 1 1499 1500 # Populate it 1501 mv INDEX-PRESENT ${MDIR}/INDEX-OLD 1502 mv INDEX-NEW ${MDIR}/INDEX-NEW 1503 1504 # Link it into place 1505 ln -s ${MDIR} ${BDHASH}-install 1506} 1507 1508# Warn about any upcoming EoL 1509fetch_warn_eol () { 1510 # What's the current time? 1511 NOWTIME=`date "+%s"` 1512 1513 # When did we last warn about the EoL date? 1514 if [ -f lasteolwarn ]; then 1515 LASTWARN=`cat lasteolwarn` 1516 else 1517 LASTWARN=`expr ${NOWTIME} - 63072000` 1518 fi 1519 1520 # If the EoL time is past, warn. 1521 if [ ${EOLTIME} -lt ${NOWTIME} ]; then 1522 echo 1523 cat <<-EOF 1524 WARNING: `uname -sr` HAS PAST ITS END-OF-LIFE DATE. 1525 Any security issues discovered after `date -r ${EOLTIME}` 1526 will not have been corrected. 1527 EOF 1528 return 1 1529 fi 1530 1531 # Figure out how long it has been since we last warned about the 1532 # upcoming EoL, and how much longer we have left. 1533 SINCEWARN=`expr ${NOWTIME} - ${LASTWARN}` 1534 TIMELEFT=`expr ${EOLTIME} - ${NOWTIME}` 1535 1536 # Don't warn if the EoL is more than 6 months away 1537 if [ ${TIMELEFT} -gt 15768000 ]; then 1538 return 0 1539 fi 1540 1541 # Don't warn if the time remaining is more than 3 times the time 1542 # since the last warning. 1543 if [ ${TIMELEFT} -gt `expr ${SINCEWARN} \* 3` ]; then 1544 return 0 1545 fi 1546 1547 # Figure out what time units to use. 1548 if [ ${TIMELEFT} -lt 604800 ]; then 1549 UNIT="day" 1550 SIZE=86400 1551 elif [ ${TIMELEFT} -lt 2678400 ]; then 1552 UNIT="week" 1553 SIZE=604800 1554 else 1555 UNIT="month" 1556 SIZE=2678400 1557 fi 1558 1559 # Compute the right number of units 1560 NUM=`expr ${TIMELEFT} / ${SIZE}` 1561 if [ ${NUM} != 1 ]; then 1562 UNIT="${UNIT}s" 1563 fi 1564 1565 # Print the warning 1566 echo 1567 cat <<-EOF 1568 WARNING: `uname -sr` is approaching its End-of-Life date. 1569 It is strongly recommended that you upgrade to a newer 1570 release within the next ${NUM} ${UNIT}. 1571 EOF 1572 1573 # Update the stored time of last warning 1574 echo ${NOWTIME} > lasteolwarn 1575} 1576 1577# Do the actual work involved in "fetch" / "cron". 1578fetch_run () { 1579 workdir_init || return 1 1580 1581 # Prepare the mirror list. 1582 fetch_pick_server_init && fetch_pick_server 1583 1584 # Try to fetch the public key until we run out of servers. 1585 while ! fetch_key; do 1586 fetch_pick_server || return 1 1587 done 1588 1589 # Try to fetch the metadata index signature ("tag") until we run 1590 # out of available servers; and sanity check the downloaded tag. 1591 while ! fetch_tag; do 1592 fetch_pick_server || return 1 1593 done 1594 fetch_tagsanity || return 1 1595 1596 # Fetch the latest INDEX-NEW and INDEX-OLD files. 1597 fetch_metadata INDEX-NEW INDEX-OLD || return 1 1598 1599 # Generate filtered INDEX-NEW and INDEX-OLD files containing only 1600 # the lines which (a) belong to components we care about, and (b) 1601 # don't correspond to paths we're explicitly ignoring. 1602 fetch_filter_metadata INDEX-NEW || return 1 1603 fetch_filter_metadata INDEX-OLD || return 1 1604 1605 # Translate /boot/`uname -i` into ${KERNELDIR} 1606 fetch_filter_kernel_names INDEX-NEW 1607 fetch_filter_kernel_names INDEX-OLD 1608 1609 # For all paths appearing in INDEX-OLD or INDEX-NEW, inspect the 1610 # system and generate an INDEX-PRESENT file. 1611 fetch_inspect_system INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1 1612 1613 # Based on ${UPDATEIFUNMODIFIED}, remove lines from INDEX-* which 1614 # correspond to lines in INDEX-PRESENT with hashes not appearing 1615 # in INDEX-OLD or INDEX-NEW. Also remove lines where the entry in 1616 # INDEX-PRESENT has type - and there isn't a corresponding entry in 1617 # INDEX-OLD with type -. 1618 fetch_filter_unmodified_notpresent INDEX-OLD INDEX-PRESENT INDEX-NEW 1619 1620 # For each entry in INDEX-PRESENT of type -, remove any corresponding 1621 # entry from INDEX-NEW if ${ALLOWADD} != "yes". Remove all entries 1622 # of type - from INDEX-PRESENT. 1623 fetch_filter_allowadd INDEX-PRESENT INDEX-NEW 1624 1625 # If ${ALLOWDELETE} != "yes", then remove any entries from 1626 # INDEX-PRESENT which don't correspond to entries in INDEX-NEW. 1627 fetch_filter_allowdelete INDEX-PRESENT INDEX-NEW 1628 1629 # If ${KEEPMODIFIEDMETADATA} == "yes", then for each entry in 1630 # INDEX-PRESENT with metadata not matching any entry in INDEX-OLD, 1631 # replace the corresponding line of INDEX-NEW with one having the 1632 # same metadata as the entry in INDEX-PRESENT. 1633 fetch_filter_modified_metadata INDEX-OLD INDEX-PRESENT INDEX-NEW 1634 1635 # Remove lines from INDEX-PRESENT and INDEX-NEW which are identical; 1636 # no need to update a file if it isn't changing. 1637 fetch_filter_uptodate INDEX-PRESENT INDEX-NEW 1638 1639 # Prepare to fetch files: Generate a list of the files we need, 1640 # copy the unmodified files we have into /files/, and generate 1641 # a list of patches to download. 1642 fetch_files_prepare INDEX-OLD INDEX-PRESENT INDEX-NEW 1643 1644 # Fetch files. 1645 fetch_files || return 1 1646 1647 # Create and populate install manifest directory; and report what 1648 # updates are available. 1649 fetch_create_manifest || return 1 1650 1651 # Warn about any upcoming EoL 1652 fetch_warn_eol || return 1 1653} 1654 1655# Make sure that all the file hashes mentioned in $@ have corresponding 1656# gzipped files stored in /files/. 1657install_verify () { 1658 # Generate a list of hashes 1659 cat $@ | 1660 cut -f 2,7 -d '|' | 1661 grep -E '^f' | 1662 cut -f 2 -d '|' | 1663 sort -u > filelist 1664 1665 # Make sure all the hashes exist 1666 while read HASH; do 1667 if ! [ -f files/${HASH}.gz ]; then 1668 echo -n "Update files missing -- " 1669 echo "this should never happen." 1670 echo "Re-run '$0 fetch'." 1671 return 1 1672 fi 1673 done < filelist 1674 1675 # Clean up 1676 rm filelist 1677} 1678 1679# Remove the system immutable flag from files 1680install_unschg () { 1681 # Generate file list 1682 cat $@ | 1683 cut -f 1 -d '|' > filelist 1684 1685 # Remove flags 1686 while read F; do 1687 if ! [ -e ${F} ]; then 1688 continue 1689 fi 1690 1691 chflags noschg ${F} || return 1 1692 done < filelist 1693 1694 # Clean up 1695 rm filelist 1696} 1697 1698# Install new files 1699install_from_index () { 1700 # First pass: Do everything apart from setting file flags. We 1701 # can't set flags yet, because schg inhibits hard linking. 1702 sort -k 1,1 -t '|' $1 | 1703 tr '|' ' ' | 1704 while read FPATH TYPE OWNER GROUP PERM FLAGS HASH LINK; do 1705 case ${TYPE} in 1706 d) 1707 # Create a directory 1708 install -d -o ${OWNER} -g ${GROUP} \ 1709 -m ${PERM} ${BASEDIR}/${FPATH} 1710 ;; 1711 f) 1712 if [ -z "${LINK}" ]; then 1713 # Create a file, without setting flags. 1714 gunzip < files/${HASH}.gz > ${HASH} 1715 install -S -o ${OWNER} -g ${GROUP} \ 1716 -m ${PERM} ${HASH} ${BASEDIR}/${FPATH} 1717 rm ${HASH} 1718 else 1719 # Create a hard link. 1720 ln -f ${LINK} ${BASEDIR}/${FPATH} 1721 fi 1722 ;; 1723 L) 1724 # Create a symlink 1725 ln -sfh ${HASH} ${BASEDIR}/${FPATH} 1726 ;; 1727 esac 1728 done 1729 1730 # Perform a second pass, adding file flags. 1731 tr '|' ' ' < $1 | 1732 while read FPATH TYPE OWNER GROUP PERM FLAGS HASH LINK; do 1733 if [ ${TYPE} = "f" ] && 1734 ! [ ${FLAGS} = "0" ]; then 1735 chflags ${FLAGS} ${BASEDIR}/${FPATH} 1736 fi 1737 done 1738} 1739 1740# Remove files which we want to delete 1741install_delete () { 1742 # Generate list of new files 1743 cut -f 1 -d '|' < $2 | 1744 sort > newfiles 1745 1746 # Generate subindex of old files we want to nuke 1747 sort -k 1,1 -t '|' $1 | 1748 join -t '|' -v 1 - newfiles | 1749 cut -f 1,2 -d '|' | 1750 tr '|' ' ' > killfiles 1751 1752 # Remove the offending bits 1753 while read FPATH TYPE; do 1754 case ${TYPE} in 1755 d) 1756 rmdir ${BASEDIR}/${FPATH} 1757 ;; 1758 f) 1759 rm ${BASEDIR}/${FPATH} 1760 ;; 1761 L) 1762 rm ${BASEDIR}/${FPATH} 1763 ;; 1764 esac 1765 done < killfiles 1766 1767 # Clean up 1768 rm newfiles killfiles 1769} 1770 1771# Update linker.hints if anything in /boot/ was touched 1772install_kldxref () { 1773 if cat $@ | 1774 grep -qE '^/boot/'; then 1775 kldxref -R /boot/ 1776 fi 1777} 1778 1779# Rearrange bits to allow the installed updates to be rolled back 1780install_setup_rollback () { 1781 if [ -L ${BDHASH}-rollback ]; then 1782 mv ${BDHASH}-rollback ${BDHASH}-install/rollback 1783 fi 1784 1785 mv ${BDHASH}-install ${BDHASH}-rollback 1786} 1787 1788# Actually install updates 1789install_run () { 1790 echo -n "Installing updates..." 1791 1792 # Make sure we have all the files we should have 1793 install_verify ${BDHASH}-install/INDEX-OLD \ 1794 ${BDHASH}-install/INDEX-NEW || return 1 1795 1796 # Remove system immutable flag from files 1797 install_unschg ${BDHASH}-install/INDEX-OLD \ 1798 ${BDHASH}-install/INDEX-NEW || return 1 1799 1800 # Install new files 1801 install_from_index \ 1802 ${BDHASH}-install/INDEX-NEW || return 1 1803 1804 # Remove files which we want to delete 1805 install_delete ${BDHASH}-install/INDEX-OLD \ 1806 ${BDHASH}-install/INDEX-NEW || return 1 1807 1808 # Update linker.hints if anything in /boot/ was touched 1809 install_kldxref ${BDHASH}-install/INDEX-OLD \ 1810 ${BDHASH}-install/INDEX-NEW 1811 1812 # Rearrange bits to allow the installed updates to be rolled back 1813 install_setup_rollback 1814 1815 echo " done." 1816} 1817 1818# Rearrange bits to allow the previous set of updates to be rolled back next. 1819rollback_setup_rollback () { 1820 if [ -L ${BDHASH}-rollback/rollback ]; then 1821 mv ${BDHASH}-rollback/rollback rollback-tmp 1822 rm -r ${BDHASH}-rollback/ 1823 rm ${BDHASH}-rollback 1824 mv rollback-tmp ${BDHASH}-rollback 1825 else 1826 rm -r ${BDHASH}-rollback/ 1827 rm ${BDHASH}-rollback 1828 fi 1829} 1830 1831# Actually rollback updates 1832rollback_run () { 1833 echo -n "Uninstalling updates..." 1834 1835 # If there are updates waiting to be installed, remove them; we 1836 # want the user to re-run 'fetch' after rolling back updates. 1837 if [ -L ${BDHASH}-install ]; then 1838 rm -r ${BDHASH}-install/ 1839 rm ${BDHASH}-install 1840 fi 1841 1842 # Make sure we have all the files we should have 1843 install_verify ${BDHASH}-rollback/INDEX-NEW \ 1844 ${BDHASH}-rollback/INDEX-OLD || return 1 1845 1846 # Remove system immutable flag from files 1847 install_unschg ${BDHASH}-rollback/INDEX-NEW \ 1848 ${BDHASH}-rollback/INDEX-OLD || return 1 1849 1850 # Install new files 1851 install_from_index \ 1852 ${BDHASH}-rollback/INDEX-OLD || return 1 1853 1854 # Remove files which we want to delete 1855 install_delete ${BDHASH}-rollback/INDEX-NEW \ 1856 ${BDHASH}-rollback/INDEX-OLD || return 1 1857 1858 # Update linker.hints if anything in /boot/ was touched 1859 install_kldxref ${BDHASH}-rollback/INDEX-NEW \ 1860 ${BDHASH}-rollback/INDEX-OLD 1861 1862 # Remove the rollback directory and the symlink pointing to it; and 1863 # rearrange bits to allow the previous set of updates to be rolled 1864 # back next. 1865 rollback_setup_rollback 1866 1867 echo " done." 1868} 1869 1870#### Main functions -- call parameter-handling and core functions 1871 1872# Using the command line, configuration file, and defaults, 1873# set all the parameters which are needed later. 1874get_params () { 1875 init_params 1876 parse_cmdline $@ 1877 parse_conffile 1878 default_params 1879} 1880 1881# Fetch command. Make sure that we're being called 1882# interactively, then run fetch_check_params and fetch_run 1883cmd_fetch () { 1884 if [ ! -t 0 ]; then 1885 echo -n "`basename $0` fetch should not " 1886 echo "be run non-interactively." 1887 echo "Run `basename $0` cron instead." 1888 exit 1 1889 fi 1890 fetch_check_params 1891 fetch_run || exit 1 1892} 1893 1894# Cron command. Make sure the parameters are sensible; wait 1895# rand(3600) seconds; then fetch updates. While fetching updates, 1896# send output to a temporary file; only print that file if the 1897# fetching failed. 1898cmd_cron () { 1899 fetch_check_params 1900 sleep `jot -r 1 0 3600` 1901 1902 TMPFILE=`mktemp /tmp/freebsd-update.XXXXXX` || exit 1 1903 if ! fetch_run >> ${TMPFILE} || 1904 ! grep -q "No updates needed" ${TMPFILE} || 1905 [ ${VERBOSELEVEL} = "debug" ]; then 1906 mail -s "`hostname` security updates" ${MAILTO} < ${TMPFILE} 1907 fi 1908 1909 rm ${TMPFILE} 1910} 1911 1912# Install downloaded updates. 1913cmd_install () { 1914 install_check_params 1915 install_run || exit 1 1916} 1917 1918# Rollback most recently installed updates. 1919cmd_rollback () { 1920 rollback_check_params 1921 rollback_run || exit 1 1922} 1923 1924#### Entry point 1925 1926# Make sure we find utilities from the base system 1927export PATH=/sbin:/bin:/usr/sbin:/usr/bin:${PATH} 1928 1929get_params $@ 1930for COMMAND in ${COMMANDS}; do 1931 cmd_${COMMAND} 1932done 1933