From 155bc1fbd34ed53b0063c06285b891c59ec99f63 Mon Sep 17 00:00:00 2001 From: jim-p Date: Fri, 29 Mar 2013 11:46:21 -0400 Subject: Add "auto apply" bit to system patches which will attempt to apply a patch during earlyshellcmd at boot time, to help patches survive across reboots and upgrades. --- config/systempatches/apply_patches.php | 11 ++++++ config/systempatches/patches.inc | 59 ++++++++++++++++++++++++++++ config/systempatches/system_patches.php | 6 ++- config/systempatches/system_patches_edit.php | 4 +- config/systempatches/systempatches.xml | 14 ++++++- 5 files changed, 90 insertions(+), 4 deletions(-) create mode 100644 config/systempatches/apply_patches.php (limited to 'config/systempatches') diff --git a/config/systempatches/apply_patches.php b/config/systempatches/apply_patches.php new file mode 100644 index 00000000..3ac0d671 --- /dev/null +++ b/config/systempatches/apply_patches.php @@ -0,0 +1,11 @@ +#!/usr/local/bin/php + \ No newline at end of file diff --git a/config/systempatches/patches.inc b/config/systempatches/patches.inc index e9bd2814..9b347620 100644 --- a/config/systempatches/patches.inc +++ b/config/systempatches/patches.inc @@ -34,6 +34,14 @@ $patch_suffix = ".patch"; $patch_dir = "/var/patches"; $patch_cmd = "/usr/bin/patch"; +function patch_package_install() { + patch_add_shellcmd(); +} + +function patch_package_deinstall() { + patch_remove_shellcmd(); +} + function patch_commit($patch, $action, $test=false, $fulldetail=false) { global $patch_dir, $patch_cmd, $patch_suffix; $directory = empty($patch['basedir']) ? "/" : $patch['basedir']; @@ -139,4 +147,55 @@ function is_github_url($url) { $urlbits = explode("/", $url); return (substr($urlbits[2], -10) == "github.com"); } + +function bootup_apply_patches() { + global $config; + + $a_patches = &$config['installedpackages']['patches']['item']; + + foreach ($a_patches as $patch) { + /* Skip the patch if it should not be automatically applied. */ + if (!isset($patch['autoapply'])) + continue; + /* If the patch can be reverted it is already applied, so skip it. */ + if (!patch_test_revert($patch)) { + /* Only attempt to apply if it can be applied. */ + if (patch_test_apply($patch)) { + patch_apply($patch); + } + } + } +} + +function patch_add_shellcmd() { + global $config; + $a_earlyshellcmd = &$config['system']['earlyshellcmd']; + if (!is_array($a_earlyshellcmd)) + $a_earlyshellcmd = array(); + $found = false; + foreach ($a_earlyshellcmd as $idx => $cmd) + if (stristr($cmd, "apply_patches.php")) + $found = true; + if (!$found) { + $a_earlyshellcmd[] = "/usr/local/bin/php -f /usr/local/bin/apply_patches.php"; + write_config("System Patches package added a shellcmd"); + } +} + +function patch_remove_shellcmd() { + global $config; + $a_earlyshellcmd = &$config['system']['earlyshellcmd']; + if (!is_array($a_earlyshellcmd)) + $a_earlyshellcmd = array(); + $removed = false; + foreach ($a_earlyshellcmd as $idx => $cmd) { + if (stristr($cmd, "apply_patches.php")) { + unset($a_earlyshellcmd[$idx]); + $removed = true; + } + } + if ($removed) + write_config("System Patches package removed a shellcmd"); +} + ?> diff --git a/config/systempatches/system_patches.php b/config/systempatches/system_patches.php index 1dd6470b..70260e4b 100644 --- a/config/systempatches/system_patches.php +++ b/config/systempatches/system_patches.php @@ -179,11 +179,12 @@ include("head.inc");   - + + +
@@ -242,6 +243,9 @@ foreach ($a_patches as $thispatch): + + diff --git a/config/systempatches/system_patches_edit.php b/config/systempatches/system_patches_edit.php index 3dd5e349..5b30c9c5 100644 --- a/config/systempatches/system_patches_edit.php +++ b/config/systempatches/system_patches_edit.php @@ -127,6 +127,8 @@ if ($_POST) { } write_config(); + if ($thispatch['autoapply']) + patch_add_shellcmd(); header("Location: system_patches.php"); return; } @@ -192,7 +194,6 @@ include("head.inc"); - diff --git a/config/systempatches/systempatches.xml b/config/systempatches/systempatches.xml index 3802ba58..ea0eee78 100644 --- a/config/systempatches/systempatches.xml +++ b/config/systempatches/systempatches.xml @@ -40,8 +40,9 @@ NoneApplies patches supplied by the user to the firewall.System Patches - 0.5.1 + 0.8System: Patches + /usr/local/pkg/patches.inc Patches @@ -58,9 +59,20 @@ 644 http://www.pfsense.com/packages/config/systempatches/system_patches_edit.php + + /usr/local/bin/ + 755 + http://www.pfsense.com/packages/config/systempatches/apply_patches.php + /usr/local/pkg/ 644 http://www.pfsense.com/packages/config/systempatches/patches.inc + + patch_package_install(); + + + patch_package_deinstall(); + \ No newline at end of file -- cgit v1.2.3
  Patch id: