freebsd-update.sh revision 173672
1#!/bin/sh 2 3#- 4# Copyright 2004-2007 Colin Percival 5# All rights reserved 6# 7# Redistribution and use in source and binary forms, with or without 8# modification, are permitted providing that the following conditions 9# are met: 10# 1. Redistributions of source code must retain the above copyright 11# notice, this list of conditions and the following disclaimer. 12# 2. Redistributions in binary form must reproduce the above copyright 13# notice, this list of conditions and the following disclaimer in the 14# documentation and/or other materials provided with the distribution. 15# 16# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 25# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26# POSSIBILITY OF SUCH DAMAGE. 27 28# $FreeBSD: head/usr.sbin/freebsd-update/freebsd-update.sh 173672 2007-11-16 14:00:22Z cperciva $ 29 30#### Usage function -- called from command-line handling code. 31 32# Usage instructions. Options not listed: 33# --debug -- don't filter output from utilities 34# --no-stats -- don't show progress statistics while fetching files 35usage () { 36 cat <<EOF 37usage: `basename $0` [options] command ... [path] 38 39Options: 40 -b basedir -- Operate on a system mounted at basedir 41 (default: /) 42 -d workdir -- Store working files in workdir 43 (default: /var/db/freebsd-update/) 44 -f conffile -- Read configuration options from conffile 45 (default: /etc/freebsd-update.conf) 46 -k KEY -- Trust an RSA key with SHA256 hash of KEY 47 -r release -- Target for upgrade (e.g., 6.2-RELEASE) 48 -s server -- Server from which to fetch updates 49 (default: update.FreeBSD.org) 50 -t address -- Mail output of cron command, if any, to address 51 (default: root) 52Commands: 53 fetch -- Fetch updates from server 54 cron -- Sleep rand(3600) seconds, fetch updates, and send an 55 email if updates were found 56 upgrade -- Fetch upgrades to FreeBSD version specified via -r option 57 install -- Install downloaded updates or upgrades 58 rollback -- Uninstall most recently installed updates 59EOF 60 exit 0 61} 62 63#### Configuration processing functions 64 65#- 66# Configuration options are set in the following order of priority: 67# 1. Command line options 68# 2. Configuration file options 69# 3. Default options 70# In addition, certain options (e.g., IgnorePaths) can be specified multiple 71# times and (as long as these are all in the same place, e.g., inside the 72# configuration file) they will accumulate. Finally, because the path to the 73# configuration file can be specified at the command line, the entire command 74# line must be processed before we start reading the configuration file. 75# 76# Sound like a mess? It is. Here's how we handle this: 77# 1. Initialize CONFFILE and all the options to "". 78# 2. Process the command line. Throw an error if a non-accumulating option 79# is specified twice. 80# 3. If CONFFILE is "", set CONFFILE to /etc/freebsd-update.conf . 81# 4. For all the configuration options X, set X_saved to X. 82# 5. Initialize all the options to "". 83# 6. Read CONFFILE line by line, parsing options. 84# 7. For each configuration option X, set X to X_saved iff X_saved is not "". 85# 8. Repeat steps 4-7, except setting options to their default values at (6). 86 87CONFIGOPTIONS="KEYPRINT WORKDIR SERVERNAME MAILTO ALLOWADD ALLOWDELETE 88 KEEPMODIFIEDMETADATA COMPONENTS IGNOREPATHS UPDATEIFUNMODIFIED 89 BASEDIR VERBOSELEVEL TARGETRELEASE STRICTCOMPONENTS MERGECHANGES" 90 91# Set all the configuration options to "". 92nullconfig () { 93 for X in ${CONFIGOPTIONS}; do 94 eval ${X}="" 95 done 96} 97 98# For each configuration option X, set X_saved to X. 99saveconfig () { 100 for X in ${CONFIGOPTIONS}; do 101 eval ${X}_saved=\$${X} 102 done 103} 104 105# For each configuration option X, set X to X_saved if X_saved is not "". 106mergeconfig () { 107 for X in ${CONFIGOPTIONS}; do 108 eval _=\$${X}_saved 109 if ! [ -z "${_}" ]; then 110 eval ${X}=\$${X}_saved 111 fi 112 done 113} 114 115# Set the trusted keyprint. 116config_KeyPrint () { 117 if [ -z ${KEYPRINT} ]; then 118 KEYPRINT=$1 119 else 120 return 1 121 fi 122} 123 124# Set the working directory. 125config_WorkDir () { 126 if [ -z ${WORKDIR} ]; then 127 WORKDIR=$1 128 else 129 return 1 130 fi 131} 132 133# Set the name of the server (pool) from which to fetch updates 134config_ServerName () { 135 if [ -z ${SERVERNAME} ]; then 136 SERVERNAME=$1 137 else 138 return 1 139 fi 140} 141 142# Set the address to which 'cron' output will be mailed. 143config_MailTo () { 144 if [ -z ${MAILTO} ]; then 145 MAILTO=$1 146 else 147 return 1 148 fi 149} 150 151# Set whether FreeBSD Update is allowed to add files (or directories, or 152# symlinks) which did not previously exist. 153config_AllowAdd () { 154 if [ -z ${ALLOWADD} ]; then 155 case $1 in 156 [Yy][Ee][Ss]) 157 ALLOWADD=yes 158 ;; 159 [Nn][Oo]) 160 ALLOWADD=no 161 ;; 162 *) 163 return 1 164 ;; 165 esac 166 else 167 return 1 168 fi 169} 170 171# Set whether FreeBSD Update is allowed to remove files/directories/symlinks. 172config_AllowDelete () { 173 if [ -z ${ALLOWDELETE} ]; then 174 case $1 in 175 [Yy][Ee][Ss]) 176 ALLOWDELETE=yes 177 ;; 178 [Nn][Oo]) 179 ALLOWDELETE=no 180 ;; 181 *) 182 return 1 183 ;; 184 esac 185 else 186 return 1 187 fi 188} 189 190# Set whether FreeBSD Update should keep existing inode ownership, 191# permissions, and flags, in the event that they have been modified locally 192# after the release. 193config_KeepModifiedMetadata () { 194 if [ -z ${KEEPMODIFIEDMETADATA} ]; then 195 case $1 in 196 [Yy][Ee][Ss]) 197 KEEPMODIFIEDMETADATA=yes 198 ;; 199 [Nn][Oo]) 200 KEEPMODIFIEDMETADATA=no 201 ;; 202 *) 203 return 1 204 ;; 205 esac 206 else 207 return 1 208 fi 209} 210 211# Add to the list of components which should be kept updated. 212config_Components () { 213 for C in $@; do 214 COMPONENTS="${COMPONENTS} ${C}" 215 done 216} 217 218# Add to the list of paths under which updates will be ignored. 219config_IgnorePaths () { 220 for C in $@; do 221 IGNOREPATHS="${IGNOREPATHS} ${C}" 222 done 223} 224 225# Add to the list of paths within which updates will be performed only if the 226# file on disk has not been modified locally. 227config_UpdateIfUnmodified () { 228 for C in $@; do 229 UPDATEIFUNMODIFIED="${UPDATEIFUNMODIFIED} ${C}" 230 done 231} 232 233# Add to the list of paths within which updates to text files will be merged 234# instead of overwritten. 235config_MergeChanges () { 236 for C in $@; do 237 MERGECHANGES="${MERGECHANGES} ${C}" 238 done 239} 240 241# Work on a FreeBSD installation mounted under $1 242config_BaseDir () { 243 if [ -z ${BASEDIR} ]; then 244 BASEDIR=$1 245 else 246 return 1 247 fi 248} 249 250# When fetching upgrades, should we assume the user wants exactly the 251# components listed in COMPONENTS, rather than trying to guess based on 252# what's currently installed? 253config_StrictComponents () { 254 if [ -z ${STRICTCOMPONENTS} ]; then 255 case $1 in 256 [Yy][Ee][Ss]) 257 STRICTCOMPONENTS=yes 258 ;; 259 [Nn][Oo]) 260 STRICTCOMPONENTS=no 261 ;; 262 *) 263 return 1 264 ;; 265 esac 266 else 267 return 1 268 fi 269} 270 271# Upgrade to FreeBSD $1 272config_TargetRelease () { 273 if [ -z ${TARGETRELEASE} ]; then 274 TARGETRELEASE=$1 275 else 276 return 1 277 fi 278} 279 280# Define what happens to output of utilities 281config_VerboseLevel () { 282 if [ -z ${VERBOSELEVEL} ]; then 283 case $1 in 284 [Dd][Ee][Bb][Uu][Gg]) 285 VERBOSELEVEL=debug 286 ;; 287 [Nn][Oo][Ss][Tt][Aa][Tt][Ss]) 288 VERBOSELEVEL=nostats 289 ;; 290 [Ss][Tt][Aa][Tt][Ss]) 291 VERBOSELEVEL=stats 292 ;; 293 *) 294 return 1 295 ;; 296 esac 297 else 298 return 1 299 fi 300} 301 302# Handle one line of configuration 303configline () { 304 if [ $# -eq 0 ]; then 305 return 306 fi 307 308 OPT=$1 309 shift 310 config_${OPT} $@ 311} 312 313#### Parameter handling functions. 314 315# Initialize parameters to null, just in case they're 316# set in the environment. 317init_params () { 318 # Configration settings 319 nullconfig 320 321 # No configuration file set yet 322 CONFFILE="" 323 324 # No commands specified yet 325 COMMANDS="" 326} 327 328# Parse the command line 329parse_cmdline () { 330 while [ $# -gt 0 ]; do 331 case "$1" in 332 # Location of configuration file 333 -f) 334 if [ $# -eq 1 ]; then usage; fi 335 if [ ! -z "${CONFFILE}" ]; then usage; fi 336 shift; CONFFILE="$1" 337 ;; 338 339 # Configuration file equivalents 340 -b) 341 if [ $# -eq 1 ]; then usage; fi; shift 342 config_BaseDir $1 || usage 343 ;; 344 -d) 345 if [ $# -eq 1 ]; then usage; fi; shift 346 config_WorkDir $1 || usage 347 ;; 348 -k) 349 if [ $# -eq 1 ]; then usage; fi; shift 350 config_KeyPrint $1 || usage 351 ;; 352 -s) 353 if [ $# -eq 1 ]; then usage; fi; shift 354 config_ServerName $1 || usage 355 ;; 356 -r) 357 if [ $# -eq 1 ]; then usage; fi; shift 358 config_TargetRelease $1 || usage 359 ;; 360 -t) 361 if [ $# -eq 1 ]; then usage; fi; shift 362 config_MailTo $1 || usage 363 ;; 364 -v) 365 if [ $# -eq 1 ]; then usage; fi; shift 366 config_VerboseLevel $1 || usage 367 ;; 368 369 # Aliases for "-v debug" and "-v nostats" 370 --debug) 371 config_VerboseLevel debug || usage 372 ;; 373 --no-stats) 374 config_VerboseLevel nostats || usage 375 ;; 376 377 # Commands 378 cron | fetch | upgrade | install | rollback) 379 COMMANDS="${COMMANDS} $1" 380 ;; 381 382 # Anything else is an error 383 *) 384 usage 385 ;; 386 esac 387 shift 388 done 389 390 # Make sure we have at least one command 391 if [ -z "${COMMANDS}" ]; then 392 usage 393 fi 394} 395 396# Parse the configuration file 397parse_conffile () { 398 # If a configuration file was specified on the command line, check 399 # that it exists and is readable. 400 if [ ! -z "${CONFFILE}" ] && [ ! -r "${CONFFILE}" ]; then 401 echo -n "File does not exist " 402 echo -n "or is not readable: " 403 echo ${CONFFILE} 404 exit 1 405 fi 406 407 # If a configuration file was not specified on the command line, 408 # use the default configuration file path. If that default does 409 # not exist, give up looking for any configuration. 410 if [ -z "${CONFFILE}" ]; then 411 CONFFILE="/etc/freebsd-update.conf" 412 if [ ! -r "${CONFFILE}" ]; then 413 return 414 fi 415 fi 416 417 # Save the configuration options specified on the command line, and 418 # clear all the options in preparation for reading the config file. 419 saveconfig 420 nullconfig 421 422 # Read the configuration file. Anything after the first '#' is 423 # ignored, and any blank lines are ignored. 424 L=0 425 while read LINE; do 426 L=$(($L + 1)) 427 LINEX=`echo "${LINE}" | cut -f 1 -d '#'` 428 if ! configline ${LINEX}; then 429 echo "Error processing configuration file, line $L:" 430 echo "==> ${LINE}" 431 exit 1 432 fi 433 done < ${CONFFILE} 434 435 # Merge the settings read from the configuration file with those 436 # provided at the command line. 437 mergeconfig 438} 439 440# Provide some default parameters 441default_params () { 442 # Save any parameters already configured, and clear the slate 443 saveconfig 444 nullconfig 445 446 # Default configurations 447 config_WorkDir /var/db/freebsd-update 448 config_MailTo root 449 config_AllowAdd yes 450 config_AllowDelete yes 451 config_KeepModifiedMetadata yes 452 config_BaseDir / 453 config_VerboseLevel stats 454 config_StrictComponents no 455 456 # Merge these defaults into the earlier-configured settings 457 mergeconfig 458} 459 460# Set utility output filtering options, based on ${VERBOSELEVEL} 461fetch_setup_verboselevel () { 462 case ${VERBOSELEVEL} in 463 debug) 464 QUIETREDIR="/dev/stderr" 465 QUIETFLAG=" " 466 STATSREDIR="/dev/stderr" 467 DDSTATS=".." 468 XARGST="-t" 469 NDEBUG=" " 470 ;; 471 nostats) 472 QUIETREDIR="" 473 QUIETFLAG="" 474 STATSREDIR="/dev/null" 475 DDSTATS=".." 476 XARGST="" 477 NDEBUG="" 478 ;; 479 stats) 480 QUIETREDIR="/dev/null" 481 QUIETFLAG="-q" 482 STATSREDIR="/dev/stdout" 483 DDSTATS="" 484 XARGST="" 485 NDEBUG="-n" 486 ;; 487 esac 488} 489 490# Perform sanity checks and set some final parameters 491# in preparation for fetching files. Figure out which 492# set of updates should be downloaded: If the user is 493# running *-p[0-9]+, strip off the last part; if the 494# user is running -SECURITY, call it -RELEASE. Chdir 495# into the working directory. 496fetch_check_params () { 497 export HTTP_USER_AGENT="freebsd-update (${COMMAND}, `uname -r`)" 498 499 _SERVERNAME_z=\ 500"SERVERNAME must be given via command line or configuration file." 501 _KEYPRINT_z="Key must be given via -k option or configuration file." 502 _KEYPRINT_bad="Invalid key fingerprint: " 503 _WORKDIR_bad="Directory does not exist or is not writable: " 504 505 if [ -z "${SERVERNAME}" ]; then 506 echo -n "`basename $0`: " 507 echo "${_SERVERNAME_z}" 508 exit 1 509 fi 510 if [ -z "${KEYPRINT}" ]; then 511 echo -n "`basename $0`: " 512 echo "${_KEYPRINT_z}" 513 exit 1 514 fi 515 if ! echo "${KEYPRINT}" | grep -qE "^[0-9a-f]{64}$"; then 516 echo -n "`basename $0`: " 517 echo -n "${_KEYPRINT_bad}" 518 echo ${KEYPRINT} 519 exit 1 520 fi 521 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then 522 echo -n "`basename $0`: " 523 echo -n "${_WORKDIR_bad}" 524 echo ${WORKDIR} 525 exit 1 526 fi 527 cd ${WORKDIR} || exit 1 528 529 # Generate release number. The s/SECURITY/RELEASE/ bit exists 530 # to provide an upgrade path for FreeBSD Update 1.x users, since 531 # the kernels provided by FreeBSD Update 1.x are always labelled 532 # as X.Y-SECURITY. 533 RELNUM=`uname -r | 534 sed -E 's,-p[0-9]+,,' | 535 sed -E 's,-SECURITY,-RELEASE,'` 536 ARCH=`uname -m` 537 FETCHDIR=${RELNUM}/${ARCH} 538 PATCHDIR=${RELNUM}/${ARCH}/bp 539 540 # Figure out what directory contains the running kernel 541 BOOTFILE=`sysctl -n kern.bootfile` 542 KERNELDIR=${BOOTFILE%/kernel} 543 if ! [ -d ${KERNELDIR} ]; then 544 echo "Cannot identify running kernel" 545 exit 1 546 fi 547 548 # Figure out what kernel configuration is running. We start with 549 # the output of `uname -i`, and then make the following adjustments: 550 # 1. Replace "SMP-GENERIC" with "SMP". Why the SMP kernel config 551 # file says "ident SMP-GENERIC", I don't know... 552 # 2. If the kernel claims to be GENERIC _and_ ${ARCH} is "amd64" 553 # _and_ `sysctl kern.version` contains a line which ends "/SMP", then 554 # we're running an SMP kernel. This mis-identification is a bug 555 # which was fixed in 6.2-STABLE. 556 KERNCONF=`uname -i` 557 if [ ${KERNCONF} = "SMP-GENERIC" ]; then 558 KERNCONF=SMP 559 fi 560 if [ ${KERNCONF} = "GENERIC" ] && [ ${ARCH} = "amd64" ]; then 561 if sysctl kern.version | grep -qE '/SMP$'; then 562 KERNCONF=SMP 563 fi 564 fi 565 566 # Define some paths 567 BSPATCH=/usr/bin/bspatch 568 SHA256=/sbin/sha256 569 PHTTPGET=/usr/libexec/phttpget 570 571 # Set up variables relating to VERBOSELEVEL 572 fetch_setup_verboselevel 573 574 # Construct a unique name from ${BASEDIR} 575 BDHASH=`echo ${BASEDIR} | sha256 -q` 576} 577 578# Perform sanity checks etc. before fetching upgrades. 579upgrade_check_params () { 580 fetch_check_params 581 582 # Unless set otherwise, we're upgrading to the same kernel config. 583 NKERNCONF=${KERNCONF} 584 585 # We need TARGETRELEASE set 586 _TARGETRELEASE_z="Release target must be specified via -r option." 587 if [ -z "${TARGETRELEASE}" ]; then 588 echo -n "`basename $0`: " 589 echo "${_TARGETRELEASE_z}" 590 exit 1 591 fi 592 593 # The target release should be != the current release. 594 if [ "${TARGETRELEASE}" = "${RELNUM}" ]; then 595 echo -n "`basename $0`: " 596 echo "Cannot upgrade from ${RELNUM} to itself" 597 exit 1 598 fi 599 600 # Turning off AllowAdd or AllowDelete is a bad idea for upgrades. 601 if [ "${ALLOWADD}" = "no" ]; then 602 echo -n "`basename $0`: " 603 echo -n "WARNING: \"AllowAdd no\" is a bad idea " 604 echo "when upgrading between releases." 605 echo 606 fi 607 if [ "${ALLOWDELETE}" = "no" ]; then 608 echo -n "`basename $0`: " 609 echo -n "WARNING: \"AllowDelete no\" is a bad idea " 610 echo "when upgrading between releases." 611 echo 612 fi 613 614 # Set EDITOR to /usr/bin/vi if it isn't already set 615 : ${EDITOR:='/usr/bin/vi'} 616} 617 618# Perform sanity checks and set some final parameters in 619# preparation for installing updates. 620install_check_params () { 621 # Check that we are root. All sorts of things won't work otherwise. 622 if [ `id -u` != 0 ]; then 623 echo "You must be root to run this." 624 exit 1 625 fi 626 627 # Check that securelevel <= 0. Otherwise we can't update schg files. 628 if [ `sysctl -n kern.securelevel` -gt 0 ]; then 629 echo "Updates cannot be installed when the system securelevel" 630 echo "is greater than zero." 631 exit 1 632 fi 633 634 # Check that we have a working directory 635 _WORKDIR_bad="Directory does not exist or is not writable: " 636 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then 637 echo -n "`basename $0`: " 638 echo -n "${_WORKDIR_bad}" 639 echo ${WORKDIR} 640 exit 1 641 fi 642 cd ${WORKDIR} || exit 1 643 644 # Construct a unique name from ${BASEDIR} 645 BDHASH=`echo ${BASEDIR} | sha256 -q` 646 647 # Check that we have updates ready to install 648 if ! [ -L ${BDHASH}-install ]; then 649 echo "No updates are available to install." 650 echo "Run '$0 fetch' first." 651 exit 1 652 fi 653 if ! [ -f ${BDHASH}-install/INDEX-OLD ] || 654 ! [ -f ${BDHASH}-install/INDEX-NEW ]; then 655 echo "Update manifest is corrupt -- this should never happen." 656 echo "Re-run '$0 fetch'." 657 exit 1 658 fi 659} 660 661# Perform sanity checks and set some final parameters in 662# preparation for UNinstalling updates. 663rollback_check_params () { 664 # Check that we are root. All sorts of things won't work otherwise. 665 if [ `id -u` != 0 ]; then 666 echo "You must be root to run this." 667 exit 1 668 fi 669 670 # Check that we have a working directory 671 _WORKDIR_bad="Directory does not exist or is not writable: " 672 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then 673 echo -n "`basename $0`: " 674 echo -n "${_WORKDIR_bad}" 675 echo ${WORKDIR} 676 exit 1 677 fi 678 cd ${WORKDIR} || exit 1 679 680 # Construct a unique name from ${BASEDIR} 681 BDHASH=`echo ${BASEDIR} | sha256 -q` 682 683 # Check that we have updates ready to rollback 684 if ! [ -L ${BDHASH}-rollback ]; then 685 echo "No rollback directory found." 686 exit 1 687 fi 688 if ! [ -f ${BDHASH}-rollback/INDEX-OLD ] || 689 ! [ -f ${BDHASH}-rollback/INDEX-NEW ]; then 690 echo "Update manifest is corrupt -- this should never happen." 691 exit 1 692 fi 693} 694 695#### Core functionality -- the actual work gets done here 696 697# Use an SRV query to pick a server. If the SRV query doesn't provide 698# a useful answer, use the server name specified by the user. 699# Put another way... look up _http._tcp.${SERVERNAME} and pick a server 700# from that; or if no servers are returned, use ${SERVERNAME}. 701# This allows a user to specify "portsnap.freebsd.org" (in which case 702# portsnap will select one of the mirrors) or "portsnap5.tld.freebsd.org" 703# (in which case portsnap will use that particular server, since there 704# won't be an SRV entry for that name). 705# 706# We ignore the Port field, since we are always going to use port 80. 707 708# Fetch the mirror list, but do not pick a mirror yet. Returns 1 if 709# no mirrors are available for any reason. 710fetch_pick_server_init () { 711 : > serverlist_tried 712 713# Check that host(1) exists (i.e., that the system wasn't built with the 714# WITHOUT_BIND set) and don't try to find a mirror if it doesn't exist. 715 if ! which -s host; then 716 : > serverlist_full 717 return 1 718 fi 719 720 echo -n "Looking up ${SERVERNAME} mirrors... " 721 722# Issue the SRV query and pull out the Priority, Weight, and Target fields. 723# BIND 9 prints "$name has SRV record ..." while BIND 8 prints 724# "$name server selection ..."; we allow either format. 725 MLIST="_http._tcp.${SERVERNAME}" 726 host -t srv "${MLIST}" | 727 sed -nE "s/${MLIST} (has SRV record|server selection) //p" | 728 cut -f 1,2,4 -d ' ' | 729 sed -e 's/\.$//' | 730 sort > serverlist_full 731 732# If no records, give up -- we'll just use the server name we were given. 733 if [ `wc -l < serverlist_full` -eq 0 ]; then 734 echo "none found." 735 return 1 736 fi 737 738# Report how many mirrors we found. 739 echo `wc -l < serverlist_full` "mirrors found." 740 741# Generate a random seed for use in picking mirrors. If HTTP_PROXY 742# is set, this will be used to generate the seed; otherwise, the seed 743# will be random. 744 if [ -n "${HTTP_PROXY}${http_proxy}" ]; then 745 RANDVALUE=`sha256 -qs "${HTTP_PROXY}${http_proxy}" | 746 tr -d 'a-f' | 747 cut -c 1-9` 748 else 749 RANDVALUE=`jot -r 1 0 999999999` 750 fi 751} 752 753# Pick a mirror. Returns 1 if we have run out of mirrors to try. 754fetch_pick_server () { 755# Generate a list of not-yet-tried mirrors 756 sort serverlist_tried | 757 comm -23 serverlist_full - > serverlist 758 759# Have we run out of mirrors? 760 if [ `wc -l < serverlist` -eq 0 ]; then 761 echo "No mirrors remaining, giving up." 762 return 1 763 fi 764 765# Find the highest priority level (lowest numeric value). 766 SRV_PRIORITY=`cut -f 1 -d ' ' serverlist | sort -n | head -1` 767 768# Add up the weights of the response lines at that priority level. 769 SRV_WSUM=0; 770 while read X; do 771 case "$X" in 772 ${SRV_PRIORITY}\ *) 773 SRV_W=`echo $X | cut -f 2 -d ' '` 774 SRV_WSUM=$(($SRV_WSUM + $SRV_W)) 775 ;; 776 esac 777 done < serverlist 778 779# If all the weights are 0, pretend that they are all 1 instead. 780 if [ ${SRV_WSUM} -eq 0 ]; then 781 SRV_WSUM=`grep -E "^${SRV_PRIORITY} " serverlist | wc -l` 782 SRV_W_ADD=1 783 else 784 SRV_W_ADD=0 785 fi 786 787# Pick a value between 0 and the sum of the weights - 1 788 SRV_RND=`expr ${RANDVALUE} % ${SRV_WSUM}` 789 790# Read through the list of mirrors and set SERVERNAME. Write the line 791# corresponding to the mirror we selected into serverlist_tried so that 792# we won't try it again. 793 while read X; do 794 case "$X" in 795 ${SRV_PRIORITY}\ *) 796 SRV_W=`echo $X | cut -f 2 -d ' '` 797 SRV_W=$(($SRV_W + $SRV_W_ADD)) 798 if [ $SRV_RND -lt $SRV_W ]; then 799 SERVERNAME=`echo $X | cut -f 3 -d ' '` 800 echo "$X" >> serverlist_tried 801 break 802 else 803 SRV_RND=$(($SRV_RND - $SRV_W)) 804 fi 805 ;; 806 esac 807 done < serverlist 808} 809 810# Take a list of ${oldhash}|${newhash} and output a list of needed patches, 811# i.e., those for which we have ${oldhash} and don't have ${newhash}. 812fetch_make_patchlist () { 813 grep -vE "^([0-9a-f]{64})\|\1$" | 814 tr '|' ' ' | 815 while read X Y; do 816 if [ -f "files/${Y}.gz" ] || 817 [ ! -f "files/${X}.gz" ]; then 818 continue 819 fi 820 echo "${X}|${Y}" 821 done | uniq 822} 823 824# Print user-friendly progress statistics 825fetch_progress () { 826 LNC=0 827 while read x; do 828 LNC=$(($LNC + 1)) 829 if [ $(($LNC % 10)) = 0 ]; then 830 echo -n $LNC 831 elif [ $(($LNC % 2)) = 0 ]; then 832 echo -n . 833 fi 834 done 835 echo -n " " 836} 837 838# Function for asking the user if everything is ok 839continuep () { 840 while read -p "Does this look reasonable (y/n)? " CONTINUE; do 841 case "${CONTINUE}" in 842 y*) 843 return 0 844 ;; 845 n*) 846 return 1 847 ;; 848 esac 849 done 850} 851 852# Initialize the working directory 853workdir_init () { 854 mkdir -p files 855 touch tINDEX.present 856} 857 858# Check that we have a public key with an appropriate hash, or 859# fetch the key if it doesn't exist. Returns 1 if the key has 860# not yet been fetched. 861fetch_key () { 862 if [ -r pub.ssl ] && [ `${SHA256} -q pub.ssl` = ${KEYPRINT} ]; then 863 return 0 864 fi 865 866 echo -n "Fetching public key from ${SERVERNAME}... " 867 rm -f pub.ssl 868 fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/pub.ssl \ 869 2>${QUIETREDIR} || true 870 if ! [ -r pub.ssl ]; then 871 echo "failed." 872 return 1 873 fi 874 if ! [ `${SHA256} -q pub.ssl` = ${KEYPRINT} ]; then 875 echo "key has incorrect hash." 876 rm -f pub.ssl 877 return 1 878 fi 879 echo "done." 880} 881 882# Fetch metadata signature, aka "tag". 883fetch_tag () { 884 echo -n "Fetching metadata signature " 885 echo ${NDEBUG} "for ${RELNUM} from ${SERVERNAME}... " 886 rm -f latest.ssl 887 fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/latest.ssl \ 888 2>${QUIETREDIR} || true 889 if ! [ -r latest.ssl ]; then 890 echo "failed." 891 return 1 892 fi 893 894 openssl rsautl -pubin -inkey pub.ssl -verify \ 895 < latest.ssl > tag.new 2>${QUIETREDIR} || true 896 rm latest.ssl 897 898 if ! [ `wc -l < tag.new` = 1 ] || 899 ! grep -qE \ 900 "^freebsd-update\|${ARCH}\|${RELNUM}\|[0-9]+\|[0-9a-f]{64}\|[0-9]{10}" \ 901 tag.new; then 902 echo "invalid signature." 903 return 1 904 fi 905 906 echo "done." 907 908 RELPATCHNUM=`cut -f 4 -d '|' < tag.new` 909 TINDEXHASH=`cut -f 5 -d '|' < tag.new` 910 EOLTIME=`cut -f 6 -d '|' < tag.new` 911} 912 913# Sanity-check the patch number in a tag, to make sure that we're not 914# going to "update" backwards and to prevent replay attacks. 915fetch_tagsanity () { 916 # Check that we're not going to move from -pX to -pY with Y < X. 917 RELPX=`uname -r | sed -E 's,.*-,,'` 918 if echo ${RELPX} | grep -qE '^p[0-9]+$'; then 919 RELPX=`echo ${RELPX} | cut -c 2-` 920 else 921 RELPX=0 922 fi 923 if [ "${RELPATCHNUM}" -lt "${RELPX}" ]; then 924 echo 925 echo -n "Files on mirror (${RELNUM}-p${RELPATCHNUM})" 926 echo " appear older than what" 927 echo "we are currently running (`uname -r`)!" 928 echo "Cowardly refusing to proceed any further." 929 return 1 930 fi 931 932 # If "tag" exists and corresponds to ${RELNUM}, make sure that 933 # it contains a patch number <= RELPATCHNUM, in order to protect 934 # against rollback (replay) attacks. 935 if [ -f tag ] && 936 grep -qE \ 937 "^freebsd-update\|${ARCH}\|${RELNUM}\|[0-9]+\|[0-9a-f]{64}\|[0-9]{10}" \ 938 tag; then 939 LASTRELPATCHNUM=`cut -f 4 -d '|' < tag` 940 941 if [ "${RELPATCHNUM}" -lt "${LASTRELPATCHNUM}" ]; then 942 echo 943 echo -n "Files on mirror (${RELNUM}-p${RELPATCHNUM})" 944 echo " are older than the" 945 echo -n "most recently seen updates" 946 echo " (${RELNUM}-p${LASTRELPATCHNUM})." 947 echo "Cowardly refusing to proceed any further." 948 return 1 949 fi 950 fi 951} 952 953# Fetch metadata index file 954fetch_metadata_index () { 955 echo ${NDEBUG} "Fetching metadata index... " 956 rm -f ${TINDEXHASH} 957 fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/t/${TINDEXHASH} 958 2>${QUIETREDIR} 959 if ! [ -f ${TINDEXHASH} ]; then 960 echo "failed." 961 return 1 962 fi 963 if [ `${SHA256} -q ${TINDEXHASH}` != ${TINDEXHASH} ]; then 964 echo "update metadata index corrupt." 965 return 1 966 fi 967 echo "done." 968} 969 970# Print an error message about signed metadata being bogus. 971fetch_metadata_bogus () { 972 echo 973 echo "The update metadata$1 is correctly signed, but" 974 echo "failed an integrity check." 975 echo "Cowardly refusing to proceed any further." 976 return 1 977} 978 979# Construct tINDEX.new by merging the lines named in $1 from ${TINDEXHASH} 980# with the lines not named in $@ from tINDEX.present (if that file exists). 981fetch_metadata_index_merge () { 982 for METAFILE in $@; do 983 if [ `grep -E "^${METAFILE}\|" ${TINDEXHASH} | wc -l` \ 984 -ne 1 ]; then 985 fetch_metadata_bogus " index" 986 return 1 987 fi 988 989 grep -E "${METAFILE}\|" ${TINDEXHASH} 990 done | 991 sort > tINDEX.wanted 992 993 if [ -f tINDEX.present ]; then 994 join -t '|' -v 2 tINDEX.wanted tINDEX.present | 995 sort -m - tINDEX.wanted > tINDEX.new 996 rm tINDEX.wanted 997 else 998 mv tINDEX.wanted tINDEX.new 999 fi 1000} 1001 1002# Sanity check all the lines of tINDEX.new. Even if more metadata lines 1003# are added by future versions of the server, this won't cause problems, 1004# since the only lines which appear in tINDEX.new are the ones which we 1005# specifically grepped out of ${TINDEXHASH}. 1006fetch_metadata_index_sanity () { 1007 if grep -qvE '^[0-9A-Z.-]+\|[0-9a-f]{64}$' tINDEX.new; then 1008 fetch_metadata_bogus " index" 1009 return 1 1010 fi 1011} 1012 1013# Sanity check the metadata file $1. 1014fetch_metadata_sanity () { 1015 # Some aliases to save space later: ${P} is a character which can 1016 # appear in a path; ${M} is the four numeric metadata fields; and 1017 # ${H} is a sha256 hash. 1018 P="[-+./:=_[[:alnum:]]" 1019 M="[0-9]+\|[0-9]+\|[0-9]+\|[0-9]+" 1020 H="[0-9a-f]{64}" 1021 1022 # Check that the first four fields make sense. 1023 if gunzip -c < files/$1.gz | 1024 grep -qvE "^[a-z]+\|[0-9a-z]+\|${P}+\|[fdL-]\|"; then 1025 fetch_metadata_bogus "" 1026 return 1 1027 fi 1028 1029 # Remove the first three fields. 1030 gunzip -c < files/$1.gz | 1031 cut -f 4- -d '|' > sanitycheck.tmp 1032 1033 # Sanity check entries with type 'f' 1034 if grep -E '^f' sanitycheck.tmp | 1035 grep -qvE "^f\|${M}\|${H}\|${P}*\$"; then 1036 fetch_metadata_bogus "" 1037 return 1 1038 fi 1039 1040 # Sanity check entries with type 'd' 1041 if grep -E '^d' sanitycheck.tmp | 1042 grep -qvE "^d\|${M}\|\|\$"; then 1043 fetch_metadata_bogus "" 1044 return 1 1045 fi 1046 1047 # Sanity check entries with type 'L' 1048 if grep -E '^L' sanitycheck.tmp | 1049 grep -qvE "^L\|${M}\|${P}*\|\$"; then 1050 fetch_metadata_bogus "" 1051 return 1 1052 fi 1053 1054 # Sanity check entries with type '-' 1055 if grep -E '^-' sanitycheck.tmp | 1056 grep -qvE "^-\|\|\|\|\|\|"; then 1057 fetch_metadata_bogus "" 1058 return 1 1059 fi 1060 1061 # Clean up 1062 rm sanitycheck.tmp 1063} 1064 1065# Fetch the metadata index and metadata files listed in $@, 1066# taking advantage of metadata patches where possible. 1067fetch_metadata () { 1068 fetch_metadata_index || return 1 1069 fetch_metadata_index_merge $@ || return 1 1070 fetch_metadata_index_sanity || return 1 1071 1072 # Generate a list of wanted metadata patches 1073 join -t '|' -o 1.2,2.2 tINDEX.present tINDEX.new | 1074 fetch_make_patchlist > patchlist 1075 1076 if [ -s patchlist ]; then 1077 # Attempt to fetch metadata patches 1078 echo -n "Fetching `wc -l < patchlist | tr -d ' '` " 1079 echo ${NDEBUG} "metadata patches.${DDSTATS}" 1080 tr '|' '-' < patchlist | 1081 lam -s "${FETCHDIR}/tp/" - -s ".gz" | 1082 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \ 1083 2>${STATSREDIR} | fetch_progress 1084 echo "done." 1085 1086 # Attempt to apply metadata patches 1087 echo -n "Applying metadata patches... " 1088 tr '|' ' ' < patchlist | 1089 while read X Y; do 1090 if [ ! -f "${X}-${Y}.gz" ]; then continue; fi 1091 gunzip -c < ${X}-${Y}.gz > diff 1092 gunzip -c < files/${X}.gz > diff-OLD 1093 1094 # Figure out which lines are being added and removed 1095 grep -E '^-' diff | 1096 cut -c 2- | 1097 while read PREFIX; do 1098 look "${PREFIX}" diff-OLD 1099 done | 1100 sort > diff-rm 1101 grep -E '^\+' diff | 1102 cut -c 2- > diff-add 1103 1104 # Generate the new file 1105 comm -23 diff-OLD diff-rm | 1106 sort - diff-add > diff-NEW 1107 1108 if [ `${SHA256} -q diff-NEW` = ${Y} ]; then 1109 mv diff-NEW files/${Y} 1110 gzip -n files/${Y} 1111 else 1112 mv diff-NEW ${Y}.bad 1113 fi 1114 rm -f ${X}-${Y}.gz diff 1115 rm -f diff-OLD diff-NEW diff-add diff-rm 1116 done 2>${QUIETREDIR} 1117 echo "done." 1118 fi 1119 1120 # Update metadata without patches 1121 cut -f 2 -d '|' < tINDEX.new | 1122 while read Y; do 1123 if [ ! -f "files/${Y}.gz" ]; then 1124 echo ${Y}; 1125 fi 1126 done | 1127 sort -u > filelist 1128 1129 if [ -s filelist ]; then 1130 echo -n "Fetching `wc -l < filelist | tr -d ' '` " 1131 echo ${NDEBUG} "metadata files... " 1132 lam -s "${FETCHDIR}/m/" - -s ".gz" < filelist | 1133 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \ 1134 2>${QUIETREDIR} 1135 1136 while read Y; do 1137 if ! [ -f ${Y}.gz ]; then 1138 echo "failed." 1139 return 1 1140 fi 1141 if [ `gunzip -c < ${Y}.gz | 1142 ${SHA256} -q` = ${Y} ]; then 1143 mv ${Y}.gz files/${Y}.gz 1144 else 1145 echo "metadata is corrupt." 1146 return 1 1147 fi 1148 done < filelist 1149 echo "done." 1150 fi 1151 1152# Sanity-check the metadata files. 1153 cut -f 2 -d '|' tINDEX.new > filelist 1154 while read X; do 1155 fetch_metadata_sanity ${X} || return 1 1156 done < filelist 1157 1158# Remove files which are no longer needed 1159 cut -f 2 -d '|' tINDEX.present | 1160 sort > oldfiles 1161 cut -f 2 -d '|' tINDEX.new | 1162 sort | 1163 comm -13 - oldfiles | 1164 lam -s "files/" - -s ".gz" | 1165 xargs rm -f 1166 rm patchlist filelist oldfiles 1167 rm ${TINDEXHASH} 1168 1169# We're done! 1170 mv tINDEX.new tINDEX.present 1171 mv tag.new tag 1172 1173 return 0 1174} 1175 1176# Extract a subset of a downloaded metadata file containing only the parts 1177# which are listed in COMPONENTS. 1178fetch_filter_metadata_components () { 1179 METAHASH=`look "$1|" tINDEX.present | cut -f 2 -d '|'` 1180 gunzip -c < files/${METAHASH}.gz > $1.all 1181 1182 # Fish out the lines belonging to components we care about. 1183 for C in ${COMPONENTS}; do 1184 look "`echo ${C} | tr '/' '|'`|" $1.all 1185 done > $1 1186 1187 # Remove temporary file. 1188 rm $1.all 1189} 1190 1191# Generate a filtered version of the metadata file $1 from the downloaded 1192# file, by fishing out the lines corresponding to components we're trying 1193# to keep updated, and then removing lines corresponding to paths we want 1194# to ignore. 1195fetch_filter_metadata () { 1196 # Fish out the lines belonging to components we care about. 1197 fetch_filter_metadata_components $1 1198 1199 # Canonicalize directory names by removing any trailing / in 1200 # order to avoid listing directories multiple times if they 1201 # belong to multiple components. Turning "/" into "" doesn't 1202 # matter, since we add a leading "/" when we use paths later. 1203 cut -f 3- -d '|' $1 | 1204 sed -e 's,/|d|,|d|,' | 1205 sort -u > $1.tmp 1206 1207 # Figure out which lines to ignore and remove them. 1208 for X in ${IGNOREPATHS}; do 1209 grep -E "^${X}" $1.tmp 1210 done | 1211 sort -u | 1212 comm -13 - $1.tmp > $1 1213 1214 # Remove temporary files. 1215 rm $1.tmp 1216} 1217 1218# Filter the metadata file $1 by adding lines with "/boot/$2" 1219# replaced by ${KERNELDIR} (which is `sysctl -n kern.bootfile` minus the 1220# trailing "/kernel"); and if "/boot/$2" does not exist, remove 1221# the original lines which start with that. 1222# Put another way: Deal with the fact that the FOO kernel is sometimes 1223# installed in /boot/FOO/ and is sometimes installed elsewhere. 1224fetch_filter_kernel_names () { 1225 grep ^/boot/$2 $1 | 1226 sed -e "s,/boot/$2,${KERNELDIR},g" | 1227 sort - $1 > $1.tmp 1228 mv $1.tmp $1 1229 1230 if ! [ -d /boot/$2 ]; then 1231 grep -v ^/boot/$2 $1 > $1.tmp 1232 mv $1.tmp $1 1233 fi 1234} 1235 1236# For all paths appearing in $1 or $3, inspect the system 1237# and generate $2 describing what is currently installed. 1238fetch_inspect_system () { 1239 # No errors yet... 1240 rm -f .err 1241 1242 # Tell the user why his disk is suddenly making lots of noise 1243 echo -n "Inspecting system... " 1244 1245 # Generate list of files to inspect 1246 cat $1 $3 | 1247 cut -f 1 -d '|' | 1248 sort -u > filelist 1249 1250 # Examine each file and output lines of the form 1251 # /path/to/file|type|device-inum|user|group|perm|flags|value 1252 # sorted by device and inode number. 1253 while read F; do 1254 # If the symlink/file/directory does not exist, record this. 1255 if ! [ -e ${BASEDIR}/${F} ]; then 1256 echo "${F}|-||||||" 1257 continue 1258 fi 1259 if ! [ -r ${BASEDIR}/${F} ]; then 1260 echo "Cannot read file: ${BASEDIR}/${F}" \ 1261 >/dev/stderr 1262 touch .err 1263 return 1 1264 fi 1265 1266 # Otherwise, output an index line. 1267 if [ -L ${BASEDIR}/${F} ]; then 1268 echo -n "${F}|L|" 1269 stat -n -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F}; 1270 readlink ${BASEDIR}/${F}; 1271 elif [ -f ${BASEDIR}/${F} ]; then 1272 echo -n "${F}|f|" 1273 stat -n -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F}; 1274 sha256 -q ${BASEDIR}/${F}; 1275 elif [ -d ${BASEDIR}/${F} ]; then 1276 echo -n "${F}|d|" 1277 stat -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F}; 1278 else 1279 echo "Unknown file type: ${BASEDIR}/${F}" \ 1280 >/dev/stderr 1281 touch .err 1282 return 1 1283 fi 1284 done < filelist | 1285 sort -k 3,3 -t '|' > $2.tmp 1286 rm filelist 1287 1288 # Check if an error occured during system inspection 1289 if [ -f .err ]; then 1290 return 1 1291 fi 1292 1293 # Convert to the form 1294 # /path/to/file|type|user|group|perm|flags|value|hlink 1295 # by resolving identical device and inode numbers into hard links. 1296 cut -f 1,3 -d '|' $2.tmp | 1297 sort -k 1,1 -t '|' | 1298 sort -s -u -k 2,2 -t '|' | 1299 join -1 2 -2 3 -t '|' - $2.tmp | 1300 awk -F \| -v OFS=\| \ 1301 '{ 1302 if (($2 == $3) || ($4 == "-")) 1303 print $3,$4,$5,$6,$7,$8,$9,"" 1304 else 1305 print $3,$4,$5,$6,$7,$8,$9,$2 1306 }' | 1307 sort > $2 1308 rm $2.tmp 1309 1310 # We're finished looking around 1311 echo "done." 1312} 1313 1314# For any paths matching ${MERGECHANGES}, compare $1 and $2 and find any 1315# files which differ; generate $3 containing these paths and the old hashes. 1316fetch_filter_mergechanges () { 1317 # Pull out the paths and hashes of the files matching ${MERGECHANGES}. 1318 for F in $1 $2; do 1319 for X in ${MERGECHANGES}; do 1320 grep -E "^${X}" ${F} 1321 done | 1322 cut -f 1,2,7 -d '|' | 1323 sort > ${F}-values 1324 done 1325 1326 # Any line in $2-values which doesn't appear in $1-values and is a 1327 # file means that we should list the path in $3. 1328 comm -13 $1-values $2-values | 1329 fgrep '|f|' | 1330 cut -f 1 -d '|' > $2-paths 1331 1332 # For each path, pull out one (and only one!) entry from $1-values. 1333 # Note that we cannot distinguish which "old" version the user made 1334 # changes to; but hopefully any changes which occur due to security 1335 # updates will exist in both the "new" version and the version which 1336 # the user has installed, so the merging will still work. 1337 while read X; do 1338 look "${X}|" $1-values | 1339 head -1 1340 done < $2-paths > $3 1341 1342 # Clean up 1343 rm $1-values $2-values $2-paths 1344} 1345 1346# For any paths matching ${UPDATEIFUNMODIFIED}, remove lines from $[123] 1347# which correspond to lines in $2 with hashes not matching $1 or $3, unless 1348# the paths are listed in $4. For entries in $2 marked "not present" 1349# (aka. type -), remove lines from $[123] unless there is a corresponding 1350# entry in $1. 1351fetch_filter_unmodified_notpresent () { 1352 # Figure out which lines of $1 and $3 correspond to bits which 1353 # should only be updated if they haven't changed, and fish out 1354 # the (path, type, value) tuples. 1355 # NOTE: We don't consider a file to be "modified" if it matches 1356 # the hash from $3. 1357 for X in ${UPDATEIFUNMODIFIED}; do 1358 grep -E "^${X}" $1 1359 grep -E "^${X}" $3 1360 done | 1361 cut -f 1,2,7 -d '|' | 1362 sort > $1-values 1363 1364 # Do the same for $2. 1365 for X in ${UPDATEIFUNMODIFIED}; do 1366 grep -E "^${X}" $2 1367 done | 1368 cut -f 1,2,7 -d '|' | 1369 sort > $2-values 1370 1371 # Any entry in $2-values which is not in $1-values corresponds to 1372 # a path which we need to remove from $1, $2, and $3, unless it 1373 # that path appears in $4. 1374 comm -13 $1-values $2-values | 1375 sort -t '|' -k 1,1 > mlines.tmp 1376 cut -f 1 -d '|' $4 | 1377 sort | 1378 join -v 2 -t '|' - mlines.tmp | 1379 sort > mlines 1380 rm $1-values $2-values mlines.tmp 1381 1382 # Any lines in $2 which are not in $1 AND are "not present" lines 1383 # also belong in mlines. 1384 comm -13 $1 $2 | 1385 cut -f 1,2,7 -d '|' | 1386 fgrep '|-|' >> mlines 1387 1388 # Remove lines from $1, $2, and $3 1389 for X in $1 $2 $3; do 1390 sort -t '|' -k 1,1 ${X} > ${X}.tmp 1391 cut -f 1 -d '|' < mlines | 1392 sort | 1393 join -v 2 -t '|' - ${X}.tmp | 1394 sort > ${X} 1395 rm ${X}.tmp 1396 done 1397 1398 # Store a list of the modified files, for future reference 1399 fgrep -v '|-|' mlines | 1400 cut -f 1 -d '|' > modifiedfiles 1401 rm mlines 1402} 1403 1404# For each entry in $1 of type -, remove any corresponding 1405# entry from $2 if ${ALLOWADD} != "yes". Remove all entries 1406# of type - from $1. 1407fetch_filter_allowadd () { 1408 cut -f 1,2 -d '|' < $1 | 1409 fgrep '|-' | 1410 cut -f 1 -d '|' > filesnotpresent 1411 1412 if [ ${ALLOWADD} != "yes" ]; then 1413 sort < $2 | 1414 join -v 1 -t '|' - filesnotpresent | 1415 sort > $2.tmp 1416 mv $2.tmp $2 1417 fi 1418 1419 sort < $1 | 1420 join -v 1 -t '|' - filesnotpresent | 1421 sort > $1.tmp 1422 mv $1.tmp $1 1423 rm filesnotpresent 1424} 1425 1426# If ${ALLOWDELETE} != "yes", then remove any entries from $1 1427# which don't correspond to entries in $2. 1428fetch_filter_allowdelete () { 1429 # Produce a lists ${PATH}|${TYPE} 1430 for X in $1 $2; do 1431 cut -f 1-2 -d '|' < ${X} | 1432 sort -u > ${X}.nodes 1433 done 1434 1435 # Figure out which lines need to be removed from $1. 1436 if [ ${ALLOWDELETE} != "yes" ]; then 1437 comm -23 $1.nodes $2.nodes > $1.badnodes 1438 else 1439 : > $1.badnodes 1440 fi 1441 1442 # Remove the relevant lines from $1 1443 while read X; do 1444 look "${X}|" $1 1445 done < $1.badnodes | 1446 comm -13 - $1 > $1.tmp 1447 mv $1.tmp $1 1448 1449 rm $1.badnodes $1.nodes $2.nodes 1450} 1451 1452# If ${KEEPMODIFIEDMETADATA} == "yes", then for each entry in $2 1453# with metadata not matching any entry in $1, replace the corresponding 1454# line of $3 with one having the same metadata as the entry in $2. 1455fetch_filter_modified_metadata () { 1456 # Fish out the metadata from $1 and $2 1457 for X in $1 $2; do 1458 cut -f 1-6 -d '|' < ${X} > ${X}.metadata 1459 done 1460 1461 # Find the metadata we need to keep 1462 if [ ${KEEPMODIFIEDMETADATA} = "yes" ]; then 1463 comm -13 $1.metadata $2.metadata > keepmeta 1464 else 1465 : > keepmeta 1466 fi 1467 1468 # Extract the lines which we need to remove from $3, and 1469 # construct the lines which we need to add to $3. 1470 : > $3.remove 1471 : > $3.add 1472 while read LINE; do 1473 NODE=`echo "${LINE}" | cut -f 1-2 -d '|'` 1474 look "${NODE}|" $3 >> $3.remove 1475 look "${NODE}|" $3 | 1476 cut -f 7- -d '|' | 1477 lam -s "${LINE}|" - >> $3.add 1478 done < keepmeta 1479 1480 # Remove the specified lines and add the new lines. 1481 sort $3.remove | 1482 comm -13 - $3 | 1483 sort -u - $3.add > $3.tmp 1484 mv $3.tmp $3 1485 1486 rm keepmeta $1.metadata $2.metadata $3.add $3.remove 1487} 1488 1489# Remove lines from $1 and $2 which are identical; 1490# no need to update a file if it isn't changing. 1491fetch_filter_uptodate () { 1492 comm -23 $1 $2 > $1.tmp 1493 comm -13 $1 $2 > $2.tmp 1494 1495 mv $1.tmp $1 1496 mv $2.tmp $2 1497} 1498 1499# Fetch any "clean" old versions of files we need for merging changes. 1500fetch_files_premerge () { 1501 # We only need to do anything if $1 is non-empty. 1502 if [ -s $1 ]; then 1503 # Tell the user what we're doing 1504 echo -n "Fetching files from ${OLDRELNUM} for merging... " 1505 1506 # List of files wanted 1507 fgrep '|f|' < $1 | 1508 cut -f 3 -d '|' | 1509 sort -u > files.wanted 1510 1511 # Only fetch the files we don't already have 1512 while read Y; do 1513 if [ ! -f "files/${Y}.gz" ]; then 1514 echo ${Y}; 1515 fi 1516 done < files.wanted > filelist 1517 1518 # Actually fetch them 1519 lam -s "${OLDFETCHDIR}/f/" - -s ".gz" < filelist | 1520 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \ 1521 2>${QUIETREDIR} 1522 1523 # Make sure we got them all, and move them into /files/ 1524 while read Y; do 1525 if ! [ -f ${Y}.gz ]; then 1526 echo "failed." 1527 return 1 1528 fi 1529 if [ `gunzip -c < ${Y}.gz | 1530 ${SHA256} -q` = ${Y} ]; then 1531 mv ${Y}.gz files/${Y}.gz 1532 else 1533 echo "${Y} has incorrect hash." 1534 return 1 1535 fi 1536 done < filelist 1537 echo "done." 1538 1539 # Clean up 1540 rm filelist files.wanted 1541 fi 1542} 1543 1544# Prepare to fetch files: Generate a list of the files we need, 1545# copy the unmodified files we have into /files/, and generate 1546# a list of patches to download. 1547fetch_files_prepare () { 1548 # Tell the user why his disk is suddenly making lots of noise 1549 echo -n "Preparing to download files... " 1550 1551 # Reduce indices to ${PATH}|${HASH} pairs 1552 for X in $1 $2 $3; do 1553 cut -f 1,2,7 -d '|' < ${X} | 1554 fgrep '|f|' | 1555 cut -f 1,3 -d '|' | 1556 sort > ${X}.hashes 1557 done 1558 1559 # List of files wanted 1560 cut -f 2 -d '|' < $3.hashes | 1561 sort -u | 1562 while read HASH; do 1563 if ! [ -f files/${HASH}.gz ]; then 1564 echo ${HASH} 1565 fi 1566 done > files.wanted 1567 1568 # Generate a list of unmodified files 1569 comm -12 $1.hashes $2.hashes | 1570 sort -k 1,1 -t '|' > unmodified.files 1571 1572 # Copy all files into /files/. We only need the unmodified files 1573 # for use in patching; but we'll want all of them if the user asks 1574 # to rollback the updates later. 1575 while read LINE; do 1576 F=`echo "${LINE}" | cut -f 1 -d '|'` 1577 HASH=`echo "${LINE}" | cut -f 2 -d '|'` 1578 1579 # Skip files we already have. 1580 if [ -f files/${HASH}.gz ]; then 1581 continue 1582 fi 1583 1584 # Make sure the file hasn't changed. 1585 cp "${BASEDIR}/${F}" tmpfile 1586 if [ `sha256 -q tmpfile` != ${HASH} ]; then 1587 echo 1588 echo "File changed while FreeBSD Update running: ${F}" 1589 return 1 1590 fi 1591 1592 # Place the file into storage. 1593 gzip -c < tmpfile > files/${HASH}.gz 1594 rm tmpfile 1595 done < $2.hashes 1596 1597 # Produce a list of patches to download 1598 sort -k 1,1 -t '|' $3.hashes | 1599 join -t '|' -o 2.2,1.2 - unmodified.files | 1600 fetch_make_patchlist > patchlist 1601 1602 # Garbage collect 1603 rm unmodified.files $1.hashes $2.hashes $3.hashes 1604 1605 # We don't need the list of possible old files any more. 1606 rm $1 1607 1608 # We're finished making noise 1609 echo "done." 1610} 1611 1612# Fetch files. 1613fetch_files () { 1614 # Attempt to fetch patches 1615 if [ -s patchlist ]; then 1616 echo -n "Fetching `wc -l < patchlist | tr -d ' '` " 1617 echo ${NDEBUG} "patches.${DDSTATS}" 1618 tr '|' '-' < patchlist | 1619 lam -s "${PATCHDIR}/" - | 1620 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \ 1621 2>${STATSREDIR} | fetch_progress 1622 echo "done." 1623 1624 # Attempt to apply patches 1625 echo -n "Applying patches... " 1626 tr '|' ' ' < patchlist | 1627 while read X Y; do 1628 if [ ! -f "${X}-${Y}" ]; then continue; fi 1629 gunzip -c < files/${X}.gz > OLD 1630 1631 bspatch OLD NEW ${X}-${Y} 1632 1633 if [ `${SHA256} -q NEW` = ${Y} ]; then 1634 mv NEW files/${Y} 1635 gzip -n files/${Y} 1636 fi 1637 rm -f diff OLD NEW ${X}-${Y} 1638 done 2>${QUIETREDIR} 1639 echo "done." 1640 fi 1641 1642 # Download files which couldn't be generate via patching 1643 while read Y; do 1644 if [ ! -f "files/${Y}.gz" ]; then 1645 echo ${Y}; 1646 fi 1647 done < files.wanted > filelist 1648 1649 if [ -s filelist ]; then 1650 echo -n "Fetching `wc -l < filelist | tr -d ' '` " 1651 echo ${NDEBUG} "files... " 1652 lam -s "${FETCHDIR}/f/" - -s ".gz" < filelist | 1653 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \ 1654 2>${QUIETREDIR} 1655 1656 while read Y; do 1657 if ! [ -f ${Y}.gz ]; then 1658 echo "failed." 1659 return 1 1660 fi 1661 if [ `gunzip -c < ${Y}.gz | 1662 ${SHA256} -q` = ${Y} ]; then 1663 mv ${Y}.gz files/${Y}.gz 1664 else 1665 echo "${Y} has incorrect hash." 1666 return 1 1667 fi 1668 done < filelist 1669 echo "done." 1670 fi 1671 1672 # Clean up 1673 rm files.wanted filelist patchlist 1674} 1675 1676# Create and populate install manifest directory; and report what updates 1677# are available. 1678fetch_create_manifest () { 1679 # If we have an existing install manifest, nuke it. 1680 if [ -L "${BDHASH}-install" ]; then 1681 rm -r ${BDHASH}-install/ 1682 rm ${BDHASH}-install 1683 fi 1684 1685 # Report to the user if any updates were avoided due to local changes 1686 if [ -s modifiedfiles ]; then 1687 echo 1688 echo -n "The following files are affected by updates, " 1689 echo "but no changes have" 1690 echo -n "been downloaded because the files have been " 1691 echo "modified locally:" 1692 cat modifiedfiles 1693 fi | more 1694 rm modifiedfiles 1695 1696 # If no files will be updated, tell the user and exit 1697 if ! [ -s INDEX-PRESENT ] && 1698 ! [ -s INDEX-NEW ]; then 1699 rm INDEX-PRESENT INDEX-NEW 1700 echo 1701 echo -n "No updates needed to update system to " 1702 echo "${RELNUM}-p${RELPATCHNUM}." 1703 return 1704 fi 1705 1706 # Divide files into (a) removed files, (b) added files, and 1707 # (c) updated files. 1708 cut -f 1 -d '|' < INDEX-PRESENT | 1709 sort > INDEX-PRESENT.flist 1710 cut -f 1 -d '|' < INDEX-NEW | 1711 sort > INDEX-NEW.flist 1712 comm -23 INDEX-PRESENT.flist INDEX-NEW.flist > files.removed 1713 comm -13 INDEX-PRESENT.flist INDEX-NEW.flist > files.added 1714 comm -12 INDEX-PRESENT.flist INDEX-NEW.flist > files.updated 1715 rm INDEX-PRESENT.flist INDEX-NEW.flist 1716 1717 # Report removed files, if any 1718 if [ -s files.removed ]; then 1719 echo 1720 echo -n "The following files will be removed " 1721 echo "as part of updating to ${RELNUM}-p${RELPATCHNUM}:" 1722 cat files.removed 1723 fi | more 1724 rm files.removed 1725 1726 # Report added files, if any 1727 if [ -s files.added ]; then 1728 echo 1729 echo -n "The following files will be added " 1730 echo "as part of updating to ${RELNUM}-p${RELPATCHNUM}:" 1731 cat files.added 1732 fi | more 1733 rm files.added 1734 1735 # Report updated files, if any 1736 if [ -s files.updated ]; then 1737 echo 1738 echo -n "The following files will be updated " 1739 echo "as part of updating to ${RELNUM}-p${RELPATCHNUM}:" 1740 1741 cat files.updated 1742 fi | more 1743 rm files.updated 1744 1745 # Create a directory for the install manifest. 1746 MDIR=`mktemp -d install.XXXXXX` || return 1 1747 1748 # Populate it 1749 mv INDEX-PRESENT ${MDIR}/INDEX-OLD 1750 mv INDEX-NEW ${MDIR}/INDEX-NEW 1751 1752 # Link it into place 1753 ln -s ${MDIR} ${BDHASH}-install 1754} 1755 1756# Warn about any upcoming EoL 1757fetch_warn_eol () { 1758 # What's the current time? 1759 NOWTIME=`date "+%s"` 1760 1761 # When did we last warn about the EoL date? 1762 if [ -f lasteolwarn ]; then 1763 LASTWARN=`cat lasteolwarn` 1764 else 1765 LASTWARN=`expr ${NOWTIME} - 63072000` 1766 fi 1767 1768 # If the EoL time is past, warn. 1769 if [ ${EOLTIME} -lt ${NOWTIME} ]; then 1770 echo 1771 cat <<-EOF 1772 WARNING: `uname -sr` HAS PASSED ITS END-OF-LIFE DATE. 1773 Any security issues discovered after `date -r ${EOLTIME}` 1774 will not have been corrected. 1775 EOF 1776 return 1 1777 fi 1778 1779 # Figure out how long it has been since we last warned about the 1780 # upcoming EoL, and how much longer we have left. 1781 SINCEWARN=`expr ${NOWTIME} - ${LASTWARN}` 1782 TIMELEFT=`expr ${EOLTIME} - ${NOWTIME}` 1783 1784 # Don't warn if the EoL is more than 3 months away 1785 if [ ${TIMELEFT} -gt 7884000 ]; then 1786 return 0 1787 fi 1788 1789 # Don't warn if the time remaining is more than 3 times the time 1790 # since the last warning. 1791 if [ ${TIMELEFT} -gt `expr ${SINCEWARN} \* 3` ]; then 1792 return 0 1793 fi 1794 1795 # Figure out what time units to use. 1796 if [ ${TIMELEFT} -lt 604800 ]; then 1797 UNIT="day" 1798 SIZE=86400 1799 elif [ ${TIMELEFT} -lt 2678400 ]; then 1800 UNIT="week" 1801 SIZE=604800 1802 else 1803 UNIT="month" 1804 SIZE=2678400 1805 fi 1806 1807 # Compute the right number of units 1808 NUM=`expr ${TIMELEFT} / ${SIZE}` 1809 if [ ${NUM} != 1 ]; then 1810 UNIT="${UNIT}s" 1811 fi 1812 1813 # Print the warning 1814 echo 1815 cat <<-EOF 1816 WARNING: `uname -sr` is approaching its End-of-Life date. 1817 It is strongly recommended that you upgrade to a newer 1818 release within the next ${NUM} ${UNIT}. 1819 EOF 1820 1821 # Update the stored time of last warning 1822 echo ${NOWTIME} > lasteolwarn 1823} 1824 1825# Do the actual work involved in "fetch" / "cron". 1826fetch_run () { 1827 workdir_init || return 1 1828 1829 # Prepare the mirror list. 1830 fetch_pick_server_init && fetch_pick_server 1831 1832 # Try to fetch the public key until we run out of servers. 1833 while ! fetch_key; do 1834 fetch_pick_server || return 1 1835 done 1836 1837 # Try to fetch the metadata index signature ("tag") until we run 1838 # out of available servers; and sanity check the downloaded tag. 1839 while ! fetch_tag; do 1840 fetch_pick_server || return 1 1841 done 1842 fetch_tagsanity || return 1 1843 1844 # Fetch the latest INDEX-NEW and INDEX-OLD files. 1845 fetch_metadata INDEX-NEW INDEX-OLD || return 1 1846 1847 # Generate filtered INDEX-NEW and INDEX-OLD files containing only 1848 # the lines which (a) belong to components we care about, and (b) 1849 # don't correspond to paths we're explicitly ignoring. 1850 fetch_filter_metadata INDEX-NEW || return 1 1851 fetch_filter_metadata INDEX-OLD || return 1 1852 1853 # Translate /boot/${KERNCONF} into ${KERNELDIR} 1854 fetch_filter_kernel_names INDEX-NEW ${KERNCONF} 1855 fetch_filter_kernel_names INDEX-OLD ${KERNCONF} 1856 1857 # For all paths appearing in INDEX-OLD or INDEX-NEW, inspect the 1858 # system and generate an INDEX-PRESENT file. 1859 fetch_inspect_system INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1 1860 1861 # Based on ${UPDATEIFUNMODIFIED}, remove lines from INDEX-* which 1862 # correspond to lines in INDEX-PRESENT with hashes not appearing 1863 # in INDEX-OLD or INDEX-NEW. Also remove lines where the entry in 1864 # INDEX-PRESENT has type - and there isn't a corresponding entry in 1865 # INDEX-OLD with type -. 1866 fetch_filter_unmodified_notpresent \ 1867 INDEX-OLD INDEX-PRESENT INDEX-NEW /dev/null 1868 1869 # For each entry in INDEX-PRESENT of type -, remove any corresponding 1870 # entry from INDEX-NEW if ${ALLOWADD} != "yes". Remove all entries 1871 # of type - from INDEX-PRESENT. 1872 fetch_filter_allowadd INDEX-PRESENT INDEX-NEW 1873 1874 # If ${ALLOWDELETE} != "yes", then remove any entries from 1875 # INDEX-PRESENT which don't correspond to entries in INDEX-NEW. 1876 fetch_filter_allowdelete INDEX-PRESENT INDEX-NEW 1877 1878 # If ${KEEPMODIFIEDMETADATA} == "yes", then for each entry in 1879 # INDEX-PRESENT with metadata not matching any entry in INDEX-OLD, 1880 # replace the corresponding line of INDEX-NEW with one having the 1881 # same metadata as the entry in INDEX-PRESENT. 1882 fetch_filter_modified_metadata INDEX-OLD INDEX-PRESENT INDEX-NEW 1883 1884 # Remove lines from INDEX-PRESENT and INDEX-NEW which are identical; 1885 # no need to update a file if it isn't changing. 1886 fetch_filter_uptodate INDEX-PRESENT INDEX-NEW 1887 1888 # Prepare to fetch files: Generate a list of the files we need, 1889 # copy the unmodified files we have into /files/, and generate 1890 # a list of patches to download. 1891 fetch_files_prepare INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1 1892 1893 # Fetch files. 1894 fetch_files || return 1 1895 1896 # Create and populate install manifest directory; and report what 1897 # updates are available. 1898 fetch_create_manifest || return 1 1899 1900 # Warn about any upcoming EoL 1901 fetch_warn_eol || return 1 1902} 1903 1904# If StrictComponents is not "yes", generate a new components list 1905# with only the components which appear to be installed. 1906upgrade_guess_components () { 1907 if [ "${STRICTCOMPONENTS}" = "no" ]; then 1908 # Generate filtered INDEX-ALL with only the components listed 1909 # in COMPONENTS. 1910 fetch_filter_metadata_components $1 || return 1 1911 1912 # Tell the user why his disk is suddenly making lots of noise 1913 echo -n "Inspecting system... " 1914 1915 # Look at the files on disk, and assume that a component is 1916 # supposed to be present if it is more than half-present. 1917 cut -f 1-3 -d '|' < INDEX-ALL | 1918 tr '|' ' ' | 1919 while read C S F; do 1920 if [ -e ${BASEDIR}/${F} ]; then 1921 echo "+ ${C}|${S}" 1922 fi 1923 echo "= ${C}|${S}" 1924 done | 1925 sort | 1926 uniq -c | 1927 sed -E 's,^ +,,' > compfreq 1928 grep ' = ' compfreq | 1929 cut -f 1,3 -d ' ' | 1930 sort -k 2,2 -t ' ' > compfreq.total 1931 grep ' + ' compfreq | 1932 cut -f 1,3 -d ' ' | 1933 sort -k 2,2 -t ' ' > compfreq.present 1934 join -t ' ' -1 2 -2 2 compfreq.present compfreq.total | 1935 while read S P T; do 1936 if [ ${P} -gt `expr ${T} / 2` ]; then 1937 echo ${S} 1938 fi 1939 done > comp.present 1940 cut -f 2 -d ' ' < compfreq.total > comp.total 1941 rm INDEX-ALL compfreq compfreq.total compfreq.present 1942 1943 # We're done making noise. 1944 echo "done." 1945 1946 # Sometimes the kernel isn't installed where INDEX-ALL 1947 # thinks that it should be: In particular, it is often in 1948 # /boot/kernel instead of /boot/GENERIC or /boot/SMP. To 1949 # deal with this, if "kernel|X" is listed in comp.total 1950 # (i.e., is a component which would be upgraded if it is 1951 # found to be present) we will add it to comp.present. 1952 # If "kernel|<anything>" is in comp.total but "kernel|X" is 1953 # not, we print a warning -- the user is running a kernel 1954 # which isn't part of the release. 1955 KCOMP=`echo ${KERNCONF} | tr 'A-Z' 'a-z'` 1956 grep -E "^kernel\|${KCOMP}\$" comp.total >> comp.present 1957 1958 if grep -qE "^kernel\|" comp.total && 1959 ! grep -qE "^kernel\|${KCOMP}\$" comp.total; then 1960 cat <<-EOF 1961 1962WARNING: This system is running a "${KCOMP}" kernel, which is not a 1963kernel configuration distributed as part of FreeBSD ${RELNUM}. 1964This kernel will not be updated: you MUST update the kernel manually 1965before running "$0 install". 1966 EOF 1967 fi 1968 1969 # Re-sort the list of installed components and generate 1970 # the list of non-installed components. 1971 sort -u < comp.present > comp.present.tmp 1972 mv comp.present.tmp comp.present 1973 comm -13 comp.present comp.total > comp.absent 1974 1975 # Ask the user to confirm that what we have is correct. To 1976 # reduce user confusion, translate "X|Y" back to "X/Y" (as 1977 # subcomponents must be listed in the configuration file). 1978 echo 1979 echo -n "The following components of FreeBSD " 1980 echo "seem to be installed:" 1981 tr '|' '/' < comp.present | 1982 fmt -72 1983 echo 1984 echo -n "The following components of FreeBSD " 1985 echo "do not seem to be installed:" 1986 tr '|' '/' < comp.absent | 1987 fmt -72 1988 echo 1989 continuep || return 1 1990 echo 1991 1992 # Suck the generated list of components into ${COMPONENTS}. 1993 # Note that comp.present.tmp is used due to issues with 1994 # pipelines and setting variables. 1995 COMPONENTS="" 1996 tr '|' '/' < comp.present > comp.present.tmp 1997 while read C; do 1998 COMPONENTS="${COMPONENTS} ${C}" 1999 done < comp.present.tmp 2000 2001 # Delete temporary files 2002 rm comp.present comp.present.tmp comp.absent comp.total 2003 fi 2004} 2005 2006# If StrictComponents is not "yes", COMPONENTS contains an entry 2007# corresponding to the currently running kernel, and said kernel 2008# does not exist in the new release, add "kernel/generic" to the 2009# list of components. 2010upgrade_guess_new_kernel () { 2011 if [ "${STRICTCOMPONENTS}" = "no" ]; then 2012 # Grab the unfiltered metadata file. 2013 METAHASH=`look "$1|" tINDEX.present | cut -f 2 -d '|'` 2014 gunzip -c < files/${METAHASH}.gz > $1.all 2015 2016 # If "kernel/${KCOMP}" is in ${COMPONENTS} and that component 2017 # isn't in $1.all, we need to add kernel/generic. 2018 for C in ${COMPONENTS}; do 2019 if [ ${C} = "kernel/${KCOMP}" ] && 2020 ! grep -qE "^kernel\|${KCOMP}\|" $1.all; then 2021 COMPONENTS="${COMPONENTS} kernel/generic" 2022 NKERNCONF="GENERIC" 2023 cat <<-EOF 2024 2025WARNING: This system is running a "${KCOMP}" kernel, which is not a 2026kernel configuration distributed as part of FreeBSD ${RELNUM}. 2027As part of upgrading to FreeBSD ${RELNUM}, this kernel will be 2028replaced with a "generic" kernel. 2029 EOF 2030 continuep || return 1 2031 fi 2032 done 2033 2034 # Don't need this any more... 2035 rm $1.all 2036 fi 2037} 2038 2039# Convert INDEX-OLD (last release) and INDEX-ALL (new release) into 2040# INDEX-OLD and INDEX-NEW files (in the sense of normal upgrades). 2041upgrade_oldall_to_oldnew () { 2042 # For each ${F}|... which appears in INDEX-ALL but does not appear 2043 # in INDEX-OLD, add ${F}|-|||||| to INDEX-OLD. 2044 cut -f 1 -d '|' < $1 | 2045 sort -u > $1.paths 2046 cut -f 1 -d '|' < $2 | 2047 sort -u | 2048 comm -13 $1.paths - | 2049 lam - -s "|-||||||" | 2050 sort - $1 > $1.tmp 2051 mv $1.tmp $1 2052 2053 # Remove lines from INDEX-OLD which also appear in INDEX-ALL 2054 comm -23 $1 $2 > $1.tmp 2055 mv $1.tmp $1 2056 2057 # Remove lines from INDEX-ALL which have a file name not appearing 2058 # anywhere in INDEX-OLD (since these must be files which haven't 2059 # changed -- if they were new, there would be an entry of type "-"). 2060 cut -f 1 -d '|' < $1 | 2061 sort -u > $1.paths 2062 sort -k 1,1 -t '|' < $2 | 2063 join -t '|' - $1.paths | 2064 sort > $2.tmp 2065 rm $1.paths 2066 mv $2.tmp $2 2067 2068 # Rename INDEX-ALL to INDEX-NEW. 2069 mv $2 $3 2070} 2071 2072# From the list of "old" files in $1, merge changes in $2 with those in $3, 2073# and update $3 to reflect the hashes of merged files. 2074upgrade_merge () { 2075 # We only need to do anything if $1 is non-empty. 2076 if [ -s $1 ]; then 2077 cut -f 1 -d '|' $1 | 2078 sort > $1-paths 2079 2080 # Create staging area for merging files 2081 rm -rf merge/ 2082 while read F; do 2083 D=`dirname ${F}` 2084 mkdir -p merge/old/${D} 2085 mkdir -p merge/${OLDRELNUM}/${D} 2086 mkdir -p merge/${RELNUM}/${D} 2087 mkdir -p merge/new/${D} 2088 done < $1-paths 2089 2090 # Copy in files 2091 while read F; do 2092 # Currently installed file 2093 V=`look "${F}|" $2 | cut -f 7 -d '|'` 2094 gunzip < files/${V}.gz > merge/old/${F} 2095 2096 # Old release 2097 if look "${F}|" $1 | fgrep -q "|f|"; then 2098 V=`look "${F}|" $1 | cut -f 3 -d '|'` 2099 gunzip < files/${V}.gz \ 2100 > merge/${OLDRELNUM}/${F} 2101 fi 2102 2103 # New release 2104 if look "${F}|" $3 | cut -f 1,2,7 -d '|' | 2105 fgrep -q "|f|"; then 2106 V=`look "${F}|" $3 | cut -f 7 -d '|'` 2107 gunzip < files/${V}.gz \ 2108 > merge/${RELNUM}/${F} 2109 fi 2110 done < $1-paths 2111 2112 # Attempt to automatically merge changes 2113 echo -n "Attempting to automatically merge " 2114 echo -n "changes in files..." 2115 : > failed.merges 2116 while read F; do 2117 # If the file doesn't exist in the new release, 2118 # the result of "merging changes" is having the file 2119 # not exist. 2120 if ! [ -f merge/${RELNUM}/${F} ]; then 2121 continue 2122 fi 2123 2124 # If the file didn't exist in the old release, we're 2125 # going to throw away the existing file and hope that 2126 # the version from the new release is what we want. 2127 if ! [ -f merge/${OLDRELNUM}/${F} ]; then 2128 cp merge/${RELNUM}/${F} merge/new/${F} 2129 continue 2130 fi 2131 2132 # Some files need special treatment. 2133 case ${F} in 2134 /etc/spwd.db | /etc/pwd.db | /etc/login.conf.db) 2135 # Don't merge these -- we're rebuild them 2136 # after updates are installed. 2137 cp merge/old/${F} merge/new/${F} 2138 ;; 2139 *) 2140 if ! merge -p -L "current version" \ 2141 -L "${OLDRELNUM}" -L "${RELNUM}" \ 2142 merge/old/${F} \ 2143 merge/${OLDRELNUM}/${F} \ 2144 merge/${RELNUM}/${F} \ 2145 > merge/new/${F} 2>/dev/null; then 2146 echo ${F} >> failed.merges 2147 fi 2148 ;; 2149 esac 2150 done < $1-paths 2151 echo " done." 2152 2153 # Ask the user to handle any files which didn't merge. 2154 while read F; do 2155 cat <<-EOF 2156 2157The following file could not be merged automatically: ${F} 2158Press Enter to edit this file in ${EDITOR} and resolve the conflicts 2159manually... 2160 EOF 2161 read dummy </dev/tty 2162 ${EDITOR} `pwd`/merge/new/${F} < /dev/tty 2163 done < failed.merges 2164 rm failed.merges 2165 2166 # Ask the user to confirm that he likes how the result 2167 # of merging files. 2168 while read F; do 2169 # Skip files which haven't changed. 2170 if [ -f merge/new/${F} ] && 2171 cmp -s merge/old/${F} merge/new/${F}; then 2172 continue 2173 fi 2174 2175 # Warn about files which are ceasing to exist. 2176 if ! [ -f merge/new/${F} ]; then 2177 cat <<-EOF 2178 2179The following file will be removed, as it no longer exists in 2180FreeBSD ${RELNUM}: ${F} 2181 EOF 2182 continuep < /dev/tty || return 1 2183 continue 2184 fi 2185 2186 # Print changes for the user's approval. 2187 cat <<-EOF 2188 2189The following changes, which occurred between FreeBSD ${OLDRELNUM} and 2190FreeBSD ${RELNUM} have been merged into ${F}: 2191EOF 2192 diff -U 5 -L "current version" -L "new version" \ 2193 merge/old/${F} merge/new/${F} || true 2194 continuep < /dev/tty || return 1 2195 done < $1-paths 2196 2197 # Store merged files. 2198 while read F; do 2199 V=`${SHA256} -q merge/new/${F}` 2200 2201 if [ -f merge/new/${F} ]; then 2202 gzip -c < merge/new/${F} > files/${V}.gz 2203 echo "${F}|${V}" 2204 fi 2205 done < $1-paths > newhashes 2206 2207 # Pull lines out from $3 which need to be updated to 2208 # reflect merged files. 2209 while read F; do 2210 look "${F}|" $3 2211 done < $1-paths > $3-oldlines 2212 2213 # Update lines to reflect merged files 2214 join -t '|' -o 1.1,1.2,1.3,1.4,1.5,1.6,2.2,1.8 \ 2215 $3-oldlines newhashes > $3-newlines 2216 2217 # Remove old lines from $3 and add new lines. 2218 sort $3-oldlines | 2219 comm -13 - $3 | 2220 sort - $3-newlines > $3.tmp 2221 mv $3.tmp $3 2222 2223 # Clean up 2224 rm $1-paths newhashes $3-oldlines $3-newlines 2225 rm -rf merge/ 2226 fi 2227 2228 # We're done with merging files. 2229 rm $1 2230} 2231 2232# Do the work involved in fetching upgrades to a new release 2233upgrade_run () { 2234 workdir_init || return 1 2235 2236 # Prepare the mirror list. 2237 fetch_pick_server_init && fetch_pick_server 2238 2239 # Try to fetch the public key until we run out of servers. 2240 while ! fetch_key; do 2241 fetch_pick_server || return 1 2242 done 2243 2244 # Try to fetch the metadata index signature ("tag") until we run 2245 # out of available servers; and sanity check the downloaded tag. 2246 while ! fetch_tag; do 2247 fetch_pick_server || return 1 2248 done 2249 fetch_tagsanity || return 1 2250 2251 # Fetch the INDEX-OLD and INDEX-ALL. 2252 fetch_metadata INDEX-OLD INDEX-ALL || return 1 2253 2254 # If StrictComponents is not "yes", generate a new components list 2255 # with only the components which appear to be installed. 2256 upgrade_guess_components INDEX-ALL || return 1 2257 2258 # Generate filtered INDEX-OLD and INDEX-ALL files containing only 2259 # the components we want and without anything marked as "Ignore". 2260 fetch_filter_metadata INDEX-OLD || return 1 2261 fetch_filter_metadata INDEX-ALL || return 1 2262 2263 # Merge the INDEX-OLD and INDEX-ALL files into INDEX-OLD. 2264 sort INDEX-OLD INDEX-ALL > INDEX-OLD.tmp 2265 mv INDEX-OLD.tmp INDEX-OLD 2266 rm INDEX-ALL 2267 2268 # Adjust variables for fetching files from the new release. 2269 OLDRELNUM=${RELNUM} 2270 RELNUM=${TARGETRELEASE} 2271 OLDFETCHDIR=${FETCHDIR} 2272 FETCHDIR=${RELNUM}/${ARCH} 2273 2274 # Try to fetch the NEW metadata index signature ("tag") until we run 2275 # out of available servers; and sanity check the downloaded tag. 2276 while ! fetch_tag; do 2277 fetch_pick_server || return 1 2278 done 2279 2280 # Fetch the new INDEX-ALL. 2281 fetch_metadata INDEX-ALL || return 1 2282 2283 # If StrictComponents is not "yes", COMPONENTS contains an entry 2284 # corresponding to the currently running kernel, and said kernel 2285 # does not exist in the new release, add "kernel/generic" to the 2286 # list of components. 2287 upgrade_guess_new_kernel INDEX-ALL || return 1 2288 2289 # Filter INDEX-ALL to contain only the components we want and without 2290 # anything marked as "Ignore". 2291 fetch_filter_metadata INDEX-ALL || return 1 2292 2293 # Convert INDEX-OLD (last release) and INDEX-ALL (new release) into 2294 # INDEX-OLD and INDEX-NEW files (in the sense of normal upgrades). 2295 upgrade_oldall_to_oldnew INDEX-OLD INDEX-ALL INDEX-NEW 2296 2297 # Translate /boot/${KERNCONF} or /boot/${NKERNCONF} into ${KERNELDIR} 2298 fetch_filter_kernel_names INDEX-NEW ${NKERNCONF} 2299 fetch_filter_kernel_names INDEX-OLD ${KERNCONF} 2300 2301 # For all paths appearing in INDEX-OLD or INDEX-NEW, inspect the 2302 # system and generate an INDEX-PRESENT file. 2303 fetch_inspect_system INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1 2304 2305 # Based on ${MERGECHANGES}, generate a file tomerge-old with the 2306 # paths and hashes of old versions of files to merge. 2307 fetch_filter_mergechanges INDEX-OLD INDEX-PRESENT tomerge-old 2308 2309 # Based on ${UPDATEIFUNMODIFIED}, remove lines from INDEX-* which 2310 # correspond to lines in INDEX-PRESENT with hashes not appearing 2311 # in INDEX-OLD or INDEX-NEW. Also remove lines where the entry in 2312 # INDEX-PRESENT has type - and there isn't a corresponding entry in 2313 # INDEX-OLD with type -. 2314 fetch_filter_unmodified_notpresent \ 2315 INDEX-OLD INDEX-PRESENT INDEX-NEW tomerge-old 2316 2317 # For each entry in INDEX-PRESENT of type -, remove any corresponding 2318 # entry from INDEX-NEW if ${ALLOWADD} != "yes". Remove all entries 2319 # of type - from INDEX-PRESENT. 2320 fetch_filter_allowadd INDEX-PRESENT INDEX-NEW 2321 2322 # If ${ALLOWDELETE} != "yes", then remove any entries from 2323 # INDEX-PRESENT which don't correspond to entries in INDEX-NEW. 2324 fetch_filter_allowdelete INDEX-PRESENT INDEX-NEW 2325 2326 # If ${KEEPMODIFIEDMETADATA} == "yes", then for each entry in 2327 # INDEX-PRESENT with metadata not matching any entry in INDEX-OLD, 2328 # replace the corresponding line of INDEX-NEW with one having the 2329 # same metadata as the entry in INDEX-PRESENT. 2330 fetch_filter_modified_metadata INDEX-OLD INDEX-PRESENT INDEX-NEW 2331 2332 # Remove lines from INDEX-PRESENT and INDEX-NEW which are identical; 2333 # no need to update a file if it isn't changing. 2334 fetch_filter_uptodate INDEX-PRESENT INDEX-NEW 2335 2336 # Fetch "clean" files from the old release for merging changes. 2337 fetch_files_premerge tomerge-old 2338 2339 # Prepare to fetch files: Generate a list of the files we need, 2340 # copy the unmodified files we have into /files/, and generate 2341 # a list of patches to download. 2342 fetch_files_prepare INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1 2343 2344 # Fetch patches from to-${RELNUM}/${ARCH}/bp/ 2345 PATCHDIR=to-${RELNUM}/${ARCH}/bp 2346 fetch_files || return 1 2347 2348 # Merge configuration file changes. 2349 upgrade_merge tomerge-old INDEX-PRESENT INDEX-NEW || return 1 2350 2351 # Create and populate install manifest directory; and report what 2352 # updates are available. 2353 fetch_create_manifest || return 1 2354 2355 # Leave a note behind to tell the "install" command that the kernel 2356 # needs to be installed before the world. 2357 touch ${BDHASH}-install/kernelfirst 2358} 2359 2360# Make sure that all the file hashes mentioned in $@ have corresponding 2361# gzipped files stored in /files/. 2362install_verify () { 2363 # Generate a list of hashes 2364 cat $@ | 2365 cut -f 2,7 -d '|' | 2366 grep -E '^f' | 2367 cut -f 2 -d '|' | 2368 sort -u > filelist 2369 2370 # Make sure all the hashes exist 2371 while read HASH; do 2372 if ! [ -f files/${HASH}.gz ]; then 2373 echo -n "Update files missing -- " 2374 echo "this should never happen." 2375 echo "Re-run '$0 fetch'." 2376 return 1 2377 fi 2378 done < filelist 2379 2380 # Clean up 2381 rm filelist 2382} 2383 2384# Remove the system immutable flag from files 2385install_unschg () { 2386 # Generate file list 2387 cat $@ | 2388 cut -f 1 -d '|' > filelist 2389 2390 # Remove flags 2391 while read F; do 2392 if ! [ -e ${BASEDIR}/${F} ]; then 2393 continue 2394 fi 2395 2396 chflags noschg ${BASEDIR}/${F} || return 1 2397 done < filelist 2398 2399 # Clean up 2400 rm filelist 2401} 2402 2403# Install new files 2404install_from_index () { 2405 # First pass: Do everything apart from setting file flags. We 2406 # can't set flags yet, because schg inhibits hard linking. 2407 sort -k 1,1 -t '|' $1 | 2408 tr '|' ' ' | 2409 while read FPATH TYPE OWNER GROUP PERM FLAGS HASH LINK; do 2410 case ${TYPE} in 2411 d) 2412 # Create a directory 2413 install -d -o ${OWNER} -g ${GROUP} \ 2414 -m ${PERM} ${BASEDIR}/${FPATH} 2415 ;; 2416 f) 2417 if [ -z "${LINK}" ]; then 2418 # Create a file, without setting flags. 2419 gunzip < files/${HASH}.gz > ${HASH} 2420 install -S -o ${OWNER} -g ${GROUP} \ 2421 -m ${PERM} ${HASH} ${BASEDIR}/${FPATH} 2422 rm ${HASH} 2423 else 2424 # Create a hard link. 2425 ln -f ${BASEDIR}/${LINK} ${BASEDIR}/${FPATH} 2426 fi 2427 ;; 2428 L) 2429 # Create a symlink 2430 ln -sfh ${HASH} ${BASEDIR}/${FPATH} 2431 ;; 2432 esac 2433 done 2434 2435 # Perform a second pass, adding file flags. 2436 tr '|' ' ' < $1 | 2437 while read FPATH TYPE OWNER GROUP PERM FLAGS HASH LINK; do 2438 if [ ${TYPE} = "f" ] && 2439 ! [ ${FLAGS} = "0" ]; then 2440 chflags ${FLAGS} ${BASEDIR}/${FPATH} 2441 fi 2442 done 2443} 2444 2445# Remove files which we want to delete 2446install_delete () { 2447 # Generate list of new files 2448 cut -f 1 -d '|' < $2 | 2449 sort > newfiles 2450 2451 # Generate subindex of old files we want to nuke 2452 sort -k 1,1 -t '|' $1 | 2453 join -t '|' -v 1 - newfiles | 2454 sort -r -k 1,1 -t '|' | 2455 cut -f 1,2 -d '|' | 2456 tr '|' ' ' > killfiles 2457 2458 # Remove the offending bits 2459 while read FPATH TYPE; do 2460 case ${TYPE} in 2461 d) 2462 rmdir ${BASEDIR}/${FPATH} 2463 ;; 2464 f) 2465 rm ${BASEDIR}/${FPATH} 2466 ;; 2467 L) 2468 rm ${BASEDIR}/${FPATH} 2469 ;; 2470 esac 2471 done < killfiles 2472 2473 # Clean up 2474 rm newfiles killfiles 2475} 2476 2477# Install new files, delete old files, and update linker.hints 2478install_files () { 2479 # If we haven't already dealt with the kernel, deal with it. 2480 if ! [ -f $1/kerneldone ]; then 2481 grep -E '^/boot/' $1/INDEX-OLD > INDEX-OLD 2482 grep -E '^/boot/' $1/INDEX-NEW > INDEX-NEW 2483 2484 # Install new files 2485 install_from_index INDEX-NEW || return 1 2486 2487 # Remove files which need to be deleted 2488 install_delete INDEX-OLD INDEX-NEW || return 1 2489 2490 # Update linker.hints if necessary 2491 if [ -s INDEX-OLD -o -s INDEX-NEW ]; then 2492 kldxref -R /boot/ 2>/dev/null 2493 fi 2494 2495 # We've finished updating the kernel. 2496 touch $1/kerneldone 2497 2498 # Do we need to ask for a reboot now? 2499 if [ -f $1/kernelfirst ] && 2500 [ -s INDEX-OLD -o -s INDEX-NEW ]; then 2501 cat <<-EOF 2502 2503Kernel updates have been installed. Please reboot and run 2504"$0 install" again to finish installing updates. 2505 EOF 2506 exit 0 2507 fi 2508 fi 2509 2510 # If we haven't already dealt with the world, deal with it. 2511 if ! [ -f $1/worlddone ]; then 2512 # Install new shared libraries next 2513 grep -vE '^/boot/' $1/INDEX-NEW | 2514 grep -E '/lib/.*\.so\.[0-9]+' > INDEX-NEW 2515 install_from_index INDEX-NEW || return 1 2516 2517 # Deal with everything else 2518 grep -vE '^/boot/' $1/INDEX-OLD | 2519 grep -vE '/lib/.*\.so\.[0-9]+' > INDEX-OLD 2520 grep -vE '^/boot/' $1/INDEX-NEW | 2521 grep -vE '/lib/.*\.so\.[0-9]+' > INDEX-NEW 2522 install_from_index INDEX-NEW || return 1 2523 install_delete INDEX-OLD INDEX-NEW || return 1 2524 2525 # Rebuild /etc/spwd.db and /etc/pwd.db if necessary. 2526 if [ /etc/master.passwd -nt /etc/spwd.db ] || 2527 [ /etc/master.passwd -nt /etc/pwd.db ]; then 2528 pwd_mkdb /etc/master.passwd 2529 fi 2530 2531 # Rebuild /etc/login.conf.db if necessary. 2532 if [ /etc/login.conf -nt /etc/login.conf.db ]; then 2533 cap_mkdb /etc/login.conf 2534 fi 2535 2536 # We've finished installing the world and deleting old files 2537 # which are not shared libraries. 2538 touch $1/worlddone 2539 2540 # Do we need to ask the user to portupgrade now? 2541 grep -vE '^/boot/' $1/INDEX-NEW | 2542 grep -E '/lib/.*\.so\.[0-9]+' | 2543 cut -f 1 -d '|' | 2544 sort > newfiles 2545 if grep -vE '^/boot/' $1/INDEX-OLD | 2546 grep -E '/lib/.*\.so\.[0-9]+' | 2547 cut -f 1 -d '|' | 2548 sort | 2549 join -v 1 - newfiles | 2550 grep -q .; then 2551 cat <<-EOF 2552 2553Completing this upgrade requires removing old shared object files. 2554Please rebuild all installed 3rd party software (e.g., programs 2555installed from the ports tree) and then run "$0 install" 2556again to finish installing updates. 2557 EOF 2558 rm newfiles 2559 exit 0 2560 fi 2561 rm newfiles 2562 fi 2563 2564 # Remove old shared libraries 2565 grep -vE '^/boot/' $1/INDEX-NEW | 2566 grep -E '/lib/.*\.so\.[0-9]+' > INDEX-NEW 2567 grep -vE '^/boot/' $1/INDEX-OLD | 2568 grep -E '/lib/.*\.so\.[0-9]+' > INDEX-OLD 2569 install_delete INDEX-OLD INDEX-NEW || return 1 2570 2571 # Remove temporary files 2572 rm INDEX-OLD INDEX-NEW 2573} 2574 2575# Rearrange bits to allow the installed updates to be rolled back 2576install_setup_rollback () { 2577 # Remove the "reboot after installing kernel", "kernel updated", and 2578 # "finished installing the world" flags if present -- they are 2579 # irrelevant when rolling back updates. 2580 if [ -f ${BDHASH}-install/kernelfirst ]; then 2581 rm ${BDHASH}-install/kernelfirst 2582 rm ${BDHASH}-install/kerneldone 2583 fi 2584 if [ -f ${BDHASH}-install/worlddone ]; then 2585 rm ${BDHASH}-install/worlddone 2586 fi 2587 2588 if [ -L ${BDHASH}-rollback ]; then 2589 mv ${BDHASH}-rollback ${BDHASH}-install/rollback 2590 fi 2591 2592 mv ${BDHASH}-install ${BDHASH}-rollback 2593} 2594 2595# Actually install updates 2596install_run () { 2597 echo -n "Installing updates..." 2598 2599 # Make sure we have all the files we should have 2600 install_verify ${BDHASH}-install/INDEX-OLD \ 2601 ${BDHASH}-install/INDEX-NEW || return 1 2602 2603 # Remove system immutable flag from files 2604 install_unschg ${BDHASH}-install/INDEX-OLD \ 2605 ${BDHASH}-install/INDEX-NEW || return 1 2606 2607 # Install new files, delete old files, and update linker.hints 2608 install_files ${BDHASH}-install || return 1 2609 2610 # Rearrange bits to allow the installed updates to be rolled back 2611 install_setup_rollback 2612 2613 echo " done." 2614} 2615 2616# Rearrange bits to allow the previous set of updates to be rolled back next. 2617rollback_setup_rollback () { 2618 if [ -L ${BDHASH}-rollback/rollback ]; then 2619 mv ${BDHASH}-rollback/rollback rollback-tmp 2620 rm -r ${BDHASH}-rollback/ 2621 rm ${BDHASH}-rollback 2622 mv rollback-tmp ${BDHASH}-rollback 2623 else 2624 rm -r ${BDHASH}-rollback/ 2625 rm ${BDHASH}-rollback 2626 fi 2627} 2628 2629# Install old files, delete new files, and update linker.hints 2630rollback_files () { 2631 # Install old shared library files which don't have the same path as 2632 # a new shared library file. 2633 grep -vE '^/boot/' $1/INDEX-NEW | 2634 grep -E '/lib/.*\.so\.[0-9]+' | 2635 cut -f 1 -d '|' | 2636 sort > INDEX-NEW.libs.flist 2637 grep -vE '^/boot/' $1/INDEX-OLD | 2638 grep -E '/lib/.*\.so\.[0-9]+' | 2639 sort -k 1,1 -t '|' - | 2640 join -t '|' -v 1 - INDEX-NEW.libs.flist > INDEX-OLD 2641 install_from_index INDEX-OLD || return 1 2642 2643 # Deal with files which are neither kernel nor shared library 2644 grep -vE '^/boot/' $1/INDEX-OLD | 2645 grep -vE '/lib/.*\.so\.[0-9]+' > INDEX-OLD 2646 grep -vE '^/boot/' $1/INDEX-NEW | 2647 grep -vE '/lib/.*\.so\.[0-9]+' > INDEX-NEW 2648 install_from_index INDEX-OLD || return 1 2649 install_delete INDEX-NEW INDEX-OLD || return 1 2650 2651 # Install any old shared library files which we didn't install above. 2652 grep -vE '^/boot/' $1/INDEX-OLD | 2653 grep -E '/lib/.*\.so\.[0-9]+' | 2654 sort -k 1,1 -t '|' - | 2655 join -t '|' - INDEX-NEW.libs.flist > INDEX-OLD 2656 install_from_index INDEX-OLD || return 1 2657 2658 # Delete unneeded shared library files 2659 grep -vE '^/boot/' $1/INDEX-OLD | 2660 grep -E '/lib/.*\.so\.[0-9]+' > INDEX-OLD 2661 grep -vE '^/boot/' $1/INDEX-NEW | 2662 grep -E '/lib/.*\.so\.[0-9]+' > INDEX-NEW 2663 install_delete INDEX-NEW INDEX-OLD || return 1 2664 2665 # Deal with kernel files 2666 grep -E '^/boot/' $1/INDEX-OLD > INDEX-OLD 2667 grep -E '^/boot/' $1/INDEX-NEW > INDEX-NEW 2668 install_from_index INDEX-OLD || return 1 2669 install_delete INDEX-NEW INDEX-OLD || return 1 2670 if [ -s INDEX-OLD -o -s INDEX-NEW ]; then 2671 kldxref -R /boot/ 2>/dev/null 2672 fi 2673 2674 # Remove temporary files 2675 rm INDEX-OLD INDEX-NEW INDEX-NEW.libs.flist 2676} 2677 2678# Actually rollback updates 2679rollback_run () { 2680 echo -n "Uninstalling updates..." 2681 2682 # If there are updates waiting to be installed, remove them; we 2683 # want the user to re-run 'fetch' after rolling back updates. 2684 if [ -L ${BDHASH}-install ]; then 2685 rm -r ${BDHASH}-install/ 2686 rm ${BDHASH}-install 2687 fi 2688 2689 # Make sure we have all the files we should have 2690 install_verify ${BDHASH}-rollback/INDEX-NEW \ 2691 ${BDHASH}-rollback/INDEX-OLD || return 1 2692 2693 # Remove system immutable flag from files 2694 install_unschg ${BDHASH}-rollback/INDEX-NEW \ 2695 ${BDHASH}-rollback/INDEX-OLD || return 1 2696 2697 # Install old files, delete new files, and update linker.hints 2698 rollback_files ${BDHASH}-rollback || return 1 2699 2700 # Remove the rollback directory and the symlink pointing to it; and 2701 # rearrange bits to allow the previous set of updates to be rolled 2702 # back next. 2703 rollback_setup_rollback 2704 2705 echo " done." 2706} 2707 2708#### Main functions -- call parameter-handling and core functions 2709 2710# Using the command line, configuration file, and defaults, 2711# set all the parameters which are needed later. 2712get_params () { 2713 init_params 2714 parse_cmdline $@ 2715 parse_conffile 2716 default_params 2717} 2718 2719# Fetch command. Make sure that we're being called 2720# interactively, then run fetch_check_params and fetch_run 2721cmd_fetch () { 2722 if [ ! -t 0 ]; then 2723 echo -n "`basename $0` fetch should not " 2724 echo "be run non-interactively." 2725 echo "Run `basename $0` cron instead." 2726 exit 1 2727 fi 2728 fetch_check_params 2729 fetch_run || exit 1 2730} 2731 2732# Cron command. Make sure the parameters are sensible; wait 2733# rand(3600) seconds; then fetch updates. While fetching updates, 2734# send output to a temporary file; only print that file if the 2735# fetching failed. 2736cmd_cron () { 2737 fetch_check_params 2738 sleep `jot -r 1 0 3600` 2739 2740 TMPFILE=`mktemp /tmp/freebsd-update.XXXXXX` || exit 1 2741 if ! fetch_run >> ${TMPFILE} || 2742 ! grep -q "No updates needed" ${TMPFILE} || 2743 [ ${VERBOSELEVEL} = "debug" ]; then 2744 mail -s "`hostname` security updates" ${MAILTO} < ${TMPFILE} 2745 fi 2746 2747 rm ${TMPFILE} 2748} 2749 2750# Fetch files for upgrading to a new release. 2751cmd_upgrade () { 2752 upgrade_check_params 2753 upgrade_run || exit 1 2754} 2755 2756# Install downloaded updates. 2757cmd_install () { 2758 install_check_params 2759 install_run || exit 1 2760} 2761 2762# Rollback most recently installed updates. 2763cmd_rollback () { 2764 rollback_check_params 2765 rollback_run || exit 1 2766} 2767 2768#### Entry point 2769 2770# Make sure we find utilities from the base system 2771export PATH=/sbin:/bin:/usr/sbin:/usr/bin:${PATH} 2772 2773# Set LC_ALL in order to avoid problems with character ranges like [A-Z]. 2774export LC_ALL=C 2775 2776get_params $@ 2777for COMMAND in ${COMMANDS}; do 2778 cmd_${COMMAND} 2779done 2780