4 # SPDX-License-Identifier: BSD-2-Clause-FreeBSD
6 # Copyright 2004-2007 Colin Percival
9 # Redistribution and use in source and binary forms, with or without
10 # modification, are permitted providing that the following conditions
12 # 1. Redistributions of source code must retain the above copyright
13 # notice, this list of conditions and the following disclaimer.
14 # 2. Redistributions in binary form must reproduce the above copyright
15 # notice, this list of conditions and the following disclaimer in the
16 # documentation and/or other materials provided with the distribution.
18 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
22 # DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
26 # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
27 # IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 # POSSIBILITY OF SUCH DAMAGE.
32 #### Usage function -- called from command-line handling code.
34 # Usage instructions. Options not listed:
35 # --debug -- don't filter output from utilities
36 # --no-stats -- don't show progress statistics while fetching files
39 usage: `basename $0` [options] command ... [path]
42 -b basedir -- Operate on a system mounted at basedir
44 -d workdir -- Store working files in workdir
45 (default: /var/db/freebsd-update/)
46 -f conffile -- Read configuration options from conffile
47 (default: /etc/freebsd-update.conf)
48 -F -- Force a fetch operation to proceed
49 -k KEY -- Trust an RSA key with SHA256 hash of KEY
50 -r release -- Target for upgrade (e.g., 11.1-RELEASE)
51 -s server -- Server from which to fetch updates
52 (default: update.FreeBSD.org)
53 -t address -- Mail output of cron command, if any, to address
55 --not-running-from-cron
56 -- Run without a tty, for use by automated tools
57 --currently-running release
58 -- Update as if currently running this release
60 fetch -- Fetch updates from server
61 cron -- Sleep rand(3600) seconds, fetch updates, and send an
62 email if updates were found
63 upgrade -- Fetch upgrades to FreeBSD version specified via -r option
64 install -- Install downloaded updates or upgrades
65 rollback -- Uninstall most recently installed updates
66 IDS -- Compare the system against an index of "known good" files.
71 #### Configuration processing functions
74 # Configuration options are set in the following order of priority:
75 # 1. Command line options
76 # 2. Configuration file options
78 # In addition, certain options (e.g., IgnorePaths) can be specified multiple
79 # times and (as long as these are all in the same place, e.g., inside the
80 # configuration file) they will accumulate. Finally, because the path to the
81 # configuration file can be specified at the command line, the entire command
82 # line must be processed before we start reading the configuration file.
84 # Sound like a mess? It is. Here's how we handle this:
85 # 1. Initialize CONFFILE and all the options to "".
86 # 2. Process the command line. Throw an error if a non-accumulating option
88 # 3. If CONFFILE is "", set CONFFILE to /etc/freebsd-update.conf .
89 # 4. For all the configuration options X, set X_saved to X.
90 # 5. Initialize all the options to "".
91 # 6. Read CONFFILE line by line, parsing options.
92 # 7. For each configuration option X, set X to X_saved iff X_saved is not "".
93 # 8. Repeat steps 4-7, except setting options to their default values at (6).
95 CONFIGOPTIONS="KEYPRINT WORKDIR SERVERNAME MAILTO ALLOWADD ALLOWDELETE
96 KEEPMODIFIEDMETADATA COMPONENTS IGNOREPATHS UPDATEIFUNMODIFIED
97 BASEDIR VERBOSELEVEL TARGETRELEASE STRICTCOMPONENTS MERGECHANGES
98 IDSIGNOREPATHS BACKUPKERNEL BACKUPKERNELDIR BACKUPKERNELSYMBOLFILES"
100 # Set all the configuration options to "".
102 for X in ${CONFIGOPTIONS}; do
107 # For each configuration option X, set X_saved to X.
109 for X in ${CONFIGOPTIONS}; do
110 eval ${X}_saved=\$${X}
114 # For each configuration option X, set X to X_saved if X_saved is not "".
116 for X in ${CONFIGOPTIONS}; do
118 if ! [ -z "${_}" ]; then
119 eval ${X}=\$${X}_saved
124 # Set the trusted keyprint.
126 if [ -z ${KEYPRINT} ]; then
133 # Set the working directory.
135 if [ -z ${WORKDIR} ]; then
142 # Set the name of the server (pool) from which to fetch updates
143 config_ServerName () {
144 if [ -z ${SERVERNAME} ]; then
151 # Set the address to which 'cron' output will be mailed.
153 if [ -z ${MAILTO} ]; then
160 # Set whether FreeBSD Update is allowed to add files (or directories, or
161 # symlinks) which did not previously exist.
163 if [ -z ${ALLOWADD} ]; then
180 # Set whether FreeBSD Update is allowed to remove files/directories/symlinks.
181 config_AllowDelete () {
182 if [ -z ${ALLOWDELETE} ]; then
199 # Set whether FreeBSD Update should keep existing inode ownership,
200 # permissions, and flags, in the event that they have been modified locally
202 config_KeepModifiedMetadata () {
203 if [ -z ${KEEPMODIFIEDMETADATA} ]; then
206 KEEPMODIFIEDMETADATA=yes
209 KEEPMODIFIEDMETADATA=no
220 # Add to the list of components which should be kept updated.
221 config_Components () {
223 if [ "$C" = "src" ]; then
224 if [ -e "${BASEDIR}/usr/src/COPYRIGHT" ]; then
225 COMPONENTS="${COMPONENTS} ${C}"
227 echo "src component not installed, skipped"
230 COMPONENTS="${COMPONENTS} ${C}"
235 # Add to the list of paths under which updates will be ignored.
236 config_IgnorePaths () {
238 IGNOREPATHS="${IGNOREPATHS} ${C}"
242 # Add to the list of paths which IDS should ignore.
243 config_IDSIgnorePaths () {
245 IDSIGNOREPATHS="${IDSIGNOREPATHS} ${C}"
249 # Add to the list of paths within which updates will be performed only if the
250 # file on disk has not been modified locally.
251 config_UpdateIfUnmodified () {
253 UPDATEIFUNMODIFIED="${UPDATEIFUNMODIFIED} ${C}"
257 # Add to the list of paths within which updates to text files will be merged
258 # instead of overwritten.
259 config_MergeChanges () {
261 MERGECHANGES="${MERGECHANGES} ${C}"
265 # Work on a FreeBSD installation mounted under $1
267 if [ -z ${BASEDIR} ]; then
274 # When fetching upgrades, should we assume the user wants exactly the
275 # components listed in COMPONENTS, rather than trying to guess based on
276 # what's currently installed?
277 config_StrictComponents () {
278 if [ -z ${STRICTCOMPONENTS} ]; then
295 # Upgrade to FreeBSD $1
296 config_TargetRelease () {
297 if [ -z ${TARGETRELEASE} ]; then
302 if echo ${TARGETRELEASE} | grep -qE '^[0-9.]+$'; then
303 TARGETRELEASE="${TARGETRELEASE}-RELEASE"
307 # Pretend current release is FreeBSD $1
308 config_SourceRelease () {
310 if echo ${UNAME_r} | grep -qE '^[0-9.]+$'; then
311 UNAME_r="${UNAME_r}-RELEASE"
316 # Define what happens to output of utilities
317 config_VerboseLevel () {
318 if [ -z ${VERBOSELEVEL} ]; then
320 [Dd][Ee][Bb][Uu][Gg])
323 [Nn][Oo][Ss][Tt][Aa][Tt][Ss])
326 [Ss][Tt][Aa][Tt][Ss])
338 config_BackupKernel () {
339 if [ -z ${BACKUPKERNEL} ]; then
356 config_BackupKernelDir () {
357 if [ -z ${BACKUPKERNELDIR} ]; then
359 echo "BackupKernelDir set to empty dir"
363 # We check for some paths which would be extremely odd
364 # to use, but which could cause a lot of problems if
367 /|/bin|/boot|/etc|/lib|/libexec|/sbin|/usr|/var)
368 echo "BackupKernelDir set to invalid path $1"
375 echo "BackupKernelDir ($1) is not an absolute path"
384 config_BackupKernelSymbolFiles () {
385 if [ -z ${BACKUPKERNELSYMBOLFILES} ]; then
388 BACKUPKERNELSYMBOLFILES=yes
391 BACKUPKERNELSYMBOLFILES=no
402 # Handle one line of configuration
404 if [ $# -eq 0 ]; then
413 #### Parameter handling functions.
415 # Initialize parameters to null, just in case they're
416 # set in the environment.
418 # Configration settings
421 # No configuration file set yet
424 # No commands specified yet
427 # Force fetch to proceed
433 # Fetched first in a chain of commands
437 # Parse the command line
439 while [ $# -gt 0 ]; do
441 # Location of configuration file
443 if [ $# -eq 1 ]; then usage; fi
444 if [ ! -z "${CONFFILE}" ]; then usage; fi
450 --not-running-from-cron)
455 config_SourceRelease $1 || usage
458 # Configuration file equivalents
460 if [ $# -eq 1 ]; then usage; fi; shift
461 config_BaseDir $1 || usage
464 if [ $# -eq 1 ]; then usage; fi; shift
465 config_WorkDir $1 || usage
468 if [ $# -eq 1 ]; then usage; fi; shift
469 config_KeyPrint $1 || usage
472 if [ $# -eq 1 ]; then usage; fi; shift
473 config_ServerName $1 || usage
476 if [ $# -eq 1 ]; then usage; fi; shift
477 config_TargetRelease $1 || usage
480 if [ $# -eq 1 ]; then usage; fi; shift
481 config_MailTo $1 || usage
484 if [ $# -eq 1 ]; then usage; fi; shift
485 config_VerboseLevel $1 || usage
488 # Aliases for "-v debug" and "-v nostats"
490 config_VerboseLevel debug || usage
493 config_VerboseLevel nostats || usage
497 cron | fetch | upgrade | install | rollback | IDS)
498 COMMANDS="${COMMANDS} $1"
501 # Anything else is an error
509 # Make sure we have at least one command
510 if [ -z "${COMMANDS}" ]; then
515 # Parse the configuration file
517 # If a configuration file was specified on the command line, check
518 # that it exists and is readable.
519 if [ ! -z "${CONFFILE}" ] && [ ! -r "${CONFFILE}" ]; then
520 echo -n "File does not exist "
521 echo -n "or is not readable: "
526 # If a configuration file was not specified on the command line,
527 # use the default configuration file path. If that default does
528 # not exist, give up looking for any configuration.
529 if [ -z "${CONFFILE}" ]; then
530 CONFFILE="/etc/freebsd-update.conf"
531 if [ ! -r "${CONFFILE}" ]; then
536 # Save the configuration options specified on the command line, and
537 # clear all the options in preparation for reading the config file.
541 # Read the configuration file. Anything after the first '#' is
542 # ignored, and any blank lines are ignored.
546 LINEX=`echo "${LINE}" | cut -f 1 -d '#'`
547 if ! configline ${LINEX}; then
548 echo "Error processing configuration file, line $L:"
554 # Merge the settings read from the configuration file with those
555 # provided at the command line.
559 # Provide some default parameters
561 # Save any parameters already configured, and clear the slate
565 # Default configurations
566 config_WorkDir /var/db/freebsd-update
569 config_AllowDelete yes
570 config_KeepModifiedMetadata yes
572 config_VerboseLevel stats
573 config_StrictComponents no
574 config_BackupKernel yes
575 config_BackupKernelDir /boot/kernel.old
576 config_BackupKernelSymbolFiles no
578 # Merge these defaults into the earlier-configured settings
582 # Set utility output filtering options, based on ${VERBOSELEVEL}
583 fetch_setup_verboselevel () {
584 case ${VERBOSELEVEL} in
586 QUIETREDIR="/dev/stderr"
588 STATSREDIR="/dev/stderr"
596 STATSREDIR="/dev/null"
602 QUIETREDIR="/dev/null"
604 STATSREDIR="/dev/stdout"
612 # Perform sanity checks and set some final parameters
613 # in preparation for fetching files. Figure out which
614 # set of updates should be downloaded: If the user is
615 # running *-p[0-9]+, strip off the last part; if the
616 # user is running -SECURITY, call it -RELEASE. Chdir
617 # into the working directory.
618 fetchupgrade_check_params () {
619 export HTTP_USER_AGENT="freebsd-update (${COMMAND}, `uname -r`)"
622 "SERVERNAME must be given via command line or configuration file."
623 _KEYPRINT_z="Key must be given via -k option or configuration file."
624 _KEYPRINT_bad="Invalid key fingerprint: "
625 _WORKDIR_bad="Directory does not exist or is not writable: "
626 _WORKDIR_bad2="Directory is not on a persistent filesystem: "
628 if [ -z "${SERVERNAME}" ]; then
629 echo -n "`basename $0`: "
630 echo "${_SERVERNAME_z}"
633 if [ -z "${KEYPRINT}" ]; then
634 echo -n "`basename $0`: "
635 echo "${_KEYPRINT_z}"
638 if ! echo "${KEYPRINT}" | grep -qE "^[0-9a-f]{64}$"; then
639 echo -n "`basename $0`: "
640 echo -n "${_KEYPRINT_bad}"
644 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then
645 echo -n "`basename $0`: "
646 echo -n "${_WORKDIR_bad}"
650 case `df -T ${WORKDIR}` in */dev/md[0-9]* | *tmpfs*)
651 echo -n "`basename $0`: "
652 echo -n "${_WORKDIR_bad2}"
658 cd ${WORKDIR} || exit 1
660 # Generate release number. The s/SECURITY/RELEASE/ bit exists
661 # to provide an upgrade path for FreeBSD Update 1.x users, since
662 # the kernels provided by FreeBSD Update 1.x are always labelled
665 sed -E 's,-p[0-9]+,,' |
666 sed -E 's,-SECURITY,-RELEASE,'`
668 FETCHDIR=${RELNUM}/${ARCH}
669 PATCHDIR=${RELNUM}/${ARCH}/bp
671 # Disallow upgrade from a version that is not a release
673 *-RELEASE | *-ALPHA* | *-BETA* | *-RC*)
676 echo -n "`basename $0`: "
678 Cannot upgrade from a version that is not a release
679 (including alpha, beta and release candidates)
680 using `basename $0`. Instead, FreeBSD can be directly
681 upgraded by source or upgraded to a RELEASE/RELENG version
682 prior to running `basename $0`.
683 Currently running: ${RELNUM}
689 # Figure out what directory contains the running kernel
690 BOOTFILE=`sysctl -n kern.bootfile`
691 KERNELDIR=${BOOTFILE%/kernel}
692 if ! [ -d ${KERNELDIR} ]; then
693 echo "Cannot identify running kernel"
697 # Figure out what kernel configuration is running. We start with
698 # the output of `uname -i`, and then make the following adjustments:
699 # 1. Replace "SMP-GENERIC" with "SMP". Why the SMP kernel config
700 # file says "ident SMP-GENERIC", I don't know...
701 # 2. If the kernel claims to be GENERIC _and_ ${ARCH} is "amd64"
702 # _and_ `sysctl kern.version` contains a line which ends "/SMP", then
703 # we're running an SMP kernel. This mis-identification is a bug
704 # which was fixed in 6.2-STABLE.
706 if [ ${KERNCONF} = "SMP-GENERIC" ]; then
709 if [ ${KERNCONF} = "GENERIC" ] && [ ${ARCH} = "amd64" ]; then
710 if sysctl kern.version | grep -qE '/SMP$'; then
716 BSPATCH=/usr/bin/bspatch
718 PHTTPGET=/usr/libexec/phttpget
720 # Set up variables relating to VERBOSELEVEL
721 fetch_setup_verboselevel
723 # Construct a unique name from ${BASEDIR}
724 BDHASH=`echo ${BASEDIR} | sha256 -q`
727 # Perform sanity checks etc. before fetching updates.
728 fetch_check_params () {
729 fetchupgrade_check_params
731 if ! [ -z "${TARGETRELEASE}" ]; then
732 echo -n "`basename $0`: "
733 echo -n "-r option is meaningless with 'fetch' command. "
734 echo "(Did you mean 'upgrade' instead?)"
738 # Check that we have updates ready to install
739 if [ -f ${BDHASH}-install/kerneldone -a $FORCEFETCH -eq 0 ]; then
740 echo "You have a partially completed upgrade pending"
741 echo "Run '$0 install' first."
742 echo "Run '$0 fetch -F' to proceed anyway."
747 # Perform sanity checks etc. before fetching upgrades.
748 upgrade_check_params () {
749 fetchupgrade_check_params
751 # Unless set otherwise, we're upgrading to the same kernel config.
752 NKERNCONF=${KERNCONF}
754 # We need TARGETRELEASE set
755 _TARGETRELEASE_z="Release target must be specified via -r option."
756 if [ -z "${TARGETRELEASE}" ]; then
757 echo -n "`basename $0`: "
758 echo "${_TARGETRELEASE_z}"
762 # The target release should be != the current release.
763 if [ "${TARGETRELEASE}" = "${RELNUM}" ]; then
764 echo -n "`basename $0`: "
765 echo "Cannot upgrade from ${RELNUM} to itself"
769 # Turning off AllowAdd or AllowDelete is a bad idea for upgrades.
770 if [ "${ALLOWADD}" = "no" ]; then
771 echo -n "`basename $0`: "
772 echo -n "WARNING: \"AllowAdd no\" is a bad idea "
773 echo "when upgrading between releases."
776 if [ "${ALLOWDELETE}" = "no" ]; then
777 echo -n "`basename $0`: "
778 echo -n "WARNING: \"AllowDelete no\" is a bad idea "
779 echo "when upgrading between releases."
783 # Set EDITOR to /usr/bin/vi if it isn't already set
784 : ${EDITOR:='/usr/bin/vi'}
787 # Perform sanity checks and set some final parameters in
788 # preparation for installing updates.
789 install_check_params () {
790 # Check that we are root. All sorts of things won't work otherwise.
791 if [ `id -u` != 0 ]; then
792 echo "You must be root to run this."
796 # Check that securelevel <= 0. Otherwise we can't update schg files.
797 if [ `sysctl -n kern.securelevel` -gt 0 ]; then
798 echo "Updates cannot be installed when the system securelevel"
799 echo "is greater than zero."
803 # Check that we have a working directory
804 _WORKDIR_bad="Directory does not exist or is not writable: "
805 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then
806 echo -n "`basename $0`: "
807 echo -n "${_WORKDIR_bad}"
811 cd ${WORKDIR} || exit 1
813 # Construct a unique name from ${BASEDIR}
814 BDHASH=`echo ${BASEDIR} | sha256 -q`
816 # Check that we have updates ready to install
817 if ! [ -L ${BDHASH}-install ]; then
818 echo "No updates are available to install."
819 if [ $ISFETCHED -eq 0 ]; then
820 echo "Run '$0 fetch' first."
824 if ! [ -f ${BDHASH}-install/INDEX-OLD ] ||
825 ! [ -f ${BDHASH}-install/INDEX-NEW ]; then
826 echo "Update manifest is corrupt -- this should never happen."
827 echo "Re-run '$0 fetch'."
831 # Figure out what directory contains the running kernel
832 BOOTFILE=`sysctl -n kern.bootfile`
833 KERNELDIR=${BOOTFILE%/kernel}
834 if ! [ -d ${KERNELDIR} ]; then
835 echo "Cannot identify running kernel"
840 # Perform sanity checks and set some final parameters in
841 # preparation for UNinstalling updates.
842 rollback_check_params () {
843 # Check that we are root. All sorts of things won't work otherwise.
844 if [ `id -u` != 0 ]; then
845 echo "You must be root to run this."
849 # Check that we have a working directory
850 _WORKDIR_bad="Directory does not exist or is not writable: "
851 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then
852 echo -n "`basename $0`: "
853 echo -n "${_WORKDIR_bad}"
857 cd ${WORKDIR} || exit 1
859 # Construct a unique name from ${BASEDIR}
860 BDHASH=`echo ${BASEDIR} | sha256 -q`
862 # Check that we have updates ready to rollback
863 if ! [ -L ${BDHASH}-rollback ]; then
864 echo "No rollback directory found."
867 if ! [ -f ${BDHASH}-rollback/INDEX-OLD ] ||
868 ! [ -f ${BDHASH}-rollback/INDEX-NEW ]; then
869 echo "Update manifest is corrupt -- this should never happen."
874 # Perform sanity checks and set some final parameters
875 # in preparation for comparing the system against the
876 # published index. Figure out which index we should
877 # compare against: If the user is running *-p[0-9]+,
878 # strip off the last part; if the user is running
879 # -SECURITY, call it -RELEASE. Chdir into the working
881 IDS_check_params () {
882 export HTTP_USER_AGENT="freebsd-update (${COMMAND}, `uname -r`)"
885 "SERVERNAME must be given via command line or configuration file."
886 _KEYPRINT_z="Key must be given via -k option or configuration file."
887 _KEYPRINT_bad="Invalid key fingerprint: "
888 _WORKDIR_bad="Directory does not exist or is not writable: "
890 if [ -z "${SERVERNAME}" ]; then
891 echo -n "`basename $0`: "
892 echo "${_SERVERNAME_z}"
895 if [ -z "${KEYPRINT}" ]; then
896 echo -n "`basename $0`: "
897 echo "${_KEYPRINT_z}"
900 if ! echo "${KEYPRINT}" | grep -qE "^[0-9a-f]{64}$"; then
901 echo -n "`basename $0`: "
902 echo -n "${_KEYPRINT_bad}"
906 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then
907 echo -n "`basename $0`: "
908 echo -n "${_WORKDIR_bad}"
912 cd ${WORKDIR} || exit 1
914 # Generate release number. The s/SECURITY/RELEASE/ bit exists
915 # to provide an upgrade path for FreeBSD Update 1.x users, since
916 # the kernels provided by FreeBSD Update 1.x are always labelled
919 sed -E 's,-p[0-9]+,,' |
920 sed -E 's,-SECURITY,-RELEASE,'`
922 FETCHDIR=${RELNUM}/${ARCH}
923 PATCHDIR=${RELNUM}/${ARCH}/bp
925 # Figure out what directory contains the running kernel
926 BOOTFILE=`sysctl -n kern.bootfile`
927 KERNELDIR=${BOOTFILE%/kernel}
928 if ! [ -d ${KERNELDIR} ]; then
929 echo "Cannot identify running kernel"
933 # Figure out what kernel configuration is running. We start with
934 # the output of `uname -i`, and then make the following adjustments:
935 # 1. Replace "SMP-GENERIC" with "SMP". Why the SMP kernel config
936 # file says "ident SMP-GENERIC", I don't know...
937 # 2. If the kernel claims to be GENERIC _and_ ${ARCH} is "amd64"
938 # _and_ `sysctl kern.version` contains a line which ends "/SMP", then
939 # we're running an SMP kernel. This mis-identification is a bug
940 # which was fixed in 6.2-STABLE.
942 if [ ${KERNCONF} = "SMP-GENERIC" ]; then
945 if [ ${KERNCONF} = "GENERIC" ] && [ ${ARCH} = "amd64" ]; then
946 if sysctl kern.version | grep -qE '/SMP$'; then
953 PHTTPGET=/usr/libexec/phttpget
955 # Set up variables relating to VERBOSELEVEL
956 fetch_setup_verboselevel
959 #### Core functionality -- the actual work gets done here
961 # Use an SRV query to pick a server. If the SRV query doesn't provide
962 # a useful answer, use the server name specified by the user.
963 # Put another way... look up _http._tcp.${SERVERNAME} and pick a server
964 # from that; or if no servers are returned, use ${SERVERNAME}.
965 # This allows a user to specify "portsnap.freebsd.org" (in which case
966 # portsnap will select one of the mirrors) or "portsnap5.tld.freebsd.org"
967 # (in which case portsnap will use that particular server, since there
968 # won't be an SRV entry for that name).
970 # We ignore the Port field, since we are always going to use port 80.
972 # Fetch the mirror list, but do not pick a mirror yet. Returns 1 if
973 # no mirrors are available for any reason.
974 fetch_pick_server_init () {
977 # Check that host(1) exists (i.e., that the system wasn't built with the
978 # WITHOUT_BIND set) and don't try to find a mirror if it doesn't exist.
979 if ! which -s host; then
984 echo -n "Looking up ${SERVERNAME} mirrors... "
986 # Issue the SRV query and pull out the Priority, Weight, and Target fields.
987 # BIND 9 prints "$name has SRV record ..." while BIND 8 prints
988 # "$name server selection ..."; we allow either format.
989 MLIST="_http._tcp.${SERVERNAME}"
990 host -t srv "${MLIST}" |
991 sed -nE "s/${MLIST} (has SRV record|server selection) //Ip" |
992 cut -f 1,2,4 -d ' ' |
994 sort > serverlist_full
996 # If no records, give up -- we'll just use the server name we were given.
997 if [ `wc -l < serverlist_full` -eq 0 ]; then
1002 # Report how many mirrors we found.
1003 echo `wc -l < serverlist_full` "mirrors found."
1005 # Generate a random seed for use in picking mirrors. If HTTP_PROXY
1006 # is set, this will be used to generate the seed; otherwise, the seed
1008 if [ -n "${HTTP_PROXY}${http_proxy}" ]; then
1009 RANDVALUE=`sha256 -qs "${HTTP_PROXY}${http_proxy}" |
1013 RANDVALUE=`jot -r 1 0 999999999`
1017 # Pick a mirror. Returns 1 if we have run out of mirrors to try.
1018 fetch_pick_server () {
1019 # Generate a list of not-yet-tried mirrors
1020 sort serverlist_tried |
1021 comm -23 serverlist_full - > serverlist
1023 # Have we run out of mirrors?
1024 if [ `wc -l < serverlist` -eq 0 ]; then
1026 No mirrors remaining, giving up.
1028 This may be because upgrading from this platform (${ARCH})
1029 or release (${RELNUM}) is unsupported by `basename $0`. Only
1030 platforms with Tier 1 support can be upgraded by `basename $0`.
1031 See https://www.freebsd.org/platforms/index.html for more info.
1033 If unsupported, FreeBSD must be upgraded by source.
1038 # Find the highest priority level (lowest numeric value).
1039 SRV_PRIORITY=`cut -f 1 -d ' ' serverlist | sort -n | head -1`
1041 # Add up the weights of the response lines at that priority level.
1046 SRV_W=`echo $X | cut -f 2 -d ' '`
1047 SRV_WSUM=$(($SRV_WSUM + $SRV_W))
1052 # If all the weights are 0, pretend that they are all 1 instead.
1053 if [ ${SRV_WSUM} -eq 0 ]; then
1054 SRV_WSUM=`grep -E "^${SRV_PRIORITY} " serverlist | wc -l`
1060 # Pick a value between 0 and the sum of the weights - 1
1061 SRV_RND=`expr ${RANDVALUE} % ${SRV_WSUM}`
1063 # Read through the list of mirrors and set SERVERNAME. Write the line
1064 # corresponding to the mirror we selected into serverlist_tried so that
1065 # we won't try it again.
1069 SRV_W=`echo $X | cut -f 2 -d ' '`
1070 SRV_W=$(($SRV_W + $SRV_W_ADD))
1071 if [ $SRV_RND -lt $SRV_W ]; then
1072 SERVERNAME=`echo $X | cut -f 3 -d ' '`
1073 echo "$X" >> serverlist_tried
1076 SRV_RND=$(($SRV_RND - $SRV_W))
1083 # Take a list of ${oldhash}|${newhash} and output a list of needed patches,
1084 # i.e., those for which we have ${oldhash} and don't have ${newhash}.
1085 fetch_make_patchlist () {
1086 grep -vE "^([0-9a-f]{64})\|\1$" |
1089 if [ -f "files/${Y}.gz" ] ||
1090 [ ! -f "files/${X}.gz" ]; then
1097 # Print user-friendly progress statistics
1102 if [ $(($LNC % 10)) = 0 ]; then
1104 elif [ $(($LNC % 2)) = 0 ]; then
1111 # Function for asking the user if everything is ok
1113 while read -p "Does this look reasonable (y/n)? " CONTINUE; do
1114 case "${CONTINUE}" in
1125 # Initialize the working directory
1128 touch tINDEX.present
1131 # Check that we have a public key with an appropriate hash, or
1132 # fetch the key if it doesn't exist. Returns 1 if the key has
1133 # not yet been fetched.
1135 if [ -r pub.ssl ] && [ `${SHA256} -q pub.ssl` = ${KEYPRINT} ]; then
1139 echo -n "Fetching public key from ${SERVERNAME}... "
1141 fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/pub.ssl \
1142 2>${QUIETREDIR} || true
1143 if ! [ -r pub.ssl ]; then
1147 if ! [ `${SHA256} -q pub.ssl` = ${KEYPRINT} ]; then
1148 echo "key has incorrect hash."
1155 # Fetch metadata signature, aka "tag".
1157 echo -n "Fetching metadata signature "
1158 echo ${NDEBUG} "for ${RELNUM} from ${SERVERNAME}... "
1160 fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/latest.ssl \
1161 2>${QUIETREDIR} || true
1162 if ! [ -r latest.ssl ]; then
1167 openssl rsautl -pubin -inkey pub.ssl -verify \
1168 < latest.ssl > tag.new 2>${QUIETREDIR} || true
1171 if ! [ `wc -l < tag.new` = 1 ] ||
1173 "^freebsd-update\|${ARCH}\|${RELNUM}\|[0-9]+\|[0-9a-f]{64}\|[0-9]{10}" \
1175 echo "invalid signature."
1181 RELPATCHNUM=`cut -f 4 -d '|' < tag.new`
1182 TINDEXHASH=`cut -f 5 -d '|' < tag.new`
1183 EOLTIME=`cut -f 6 -d '|' < tag.new`
1186 # Sanity-check the patch number in a tag, to make sure that we're not
1187 # going to "update" backwards and to prevent replay attacks.
1188 fetch_tagsanity () {
1189 # Check that we're not going to move from -pX to -pY with Y < X.
1190 RELPX=`uname -r | sed -E 's,.*-,,'`
1191 if echo ${RELPX} | grep -qE '^p[0-9]+$'; then
1192 RELPX=`echo ${RELPX} | cut -c 2-`
1196 if [ "${RELPATCHNUM}" -lt "${RELPX}" ]; then
1198 echo -n "Files on mirror (${RELNUM}-p${RELPATCHNUM})"
1199 echo " appear older than what"
1200 echo "we are currently running (`uname -r`)!"
1201 echo "Cowardly refusing to proceed any further."
1205 # If "tag" exists and corresponds to ${RELNUM}, make sure that
1206 # it contains a patch number <= RELPATCHNUM, in order to protect
1207 # against rollback (replay) attacks.
1210 "^freebsd-update\|${ARCH}\|${RELNUM}\|[0-9]+\|[0-9a-f]{64}\|[0-9]{10}" \
1212 LASTRELPATCHNUM=`cut -f 4 -d '|' < tag`
1214 if [ "${RELPATCHNUM}" -lt "${LASTRELPATCHNUM}" ]; then
1216 echo -n "Files on mirror (${RELNUM}-p${RELPATCHNUM})"
1217 echo " are older than the"
1218 echo -n "most recently seen updates"
1219 echo " (${RELNUM}-p${LASTRELPATCHNUM})."
1220 echo "Cowardly refusing to proceed any further."
1226 # Fetch metadata index file
1227 fetch_metadata_index () {
1228 echo ${NDEBUG} "Fetching metadata index... "
1230 fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/t/${TINDEXHASH}
1232 if ! [ -f ${TINDEXHASH} ]; then
1236 if [ `${SHA256} -q ${TINDEXHASH}` != ${TINDEXHASH} ]; then
1237 echo "update metadata index corrupt."
1243 # Print an error message about signed metadata being bogus.
1244 fetch_metadata_bogus () {
1246 echo "The update metadata$1 is correctly signed, but"
1247 echo "failed an integrity check."
1248 echo "Cowardly refusing to proceed any further."
1252 # Construct tINDEX.new by merging the lines named in $1 from ${TINDEXHASH}
1253 # with the lines not named in $@ from tINDEX.present (if that file exists).
1254 fetch_metadata_index_merge () {
1255 for METAFILE in $@; do
1256 if [ `grep -E "^${METAFILE}\|" ${TINDEXHASH} | wc -l` \
1258 fetch_metadata_bogus " index"
1262 grep -E "${METAFILE}\|" ${TINDEXHASH}
1264 sort > tINDEX.wanted
1266 if [ -f tINDEX.present ]; then
1267 join -t '|' -v 2 tINDEX.wanted tINDEX.present |
1268 sort -m - tINDEX.wanted > tINDEX.new
1271 mv tINDEX.wanted tINDEX.new
1275 # Sanity check all the lines of tINDEX.new. Even if more metadata lines
1276 # are added by future versions of the server, this won't cause problems,
1277 # since the only lines which appear in tINDEX.new are the ones which we
1278 # specifically grepped out of ${TINDEXHASH}.
1279 fetch_metadata_index_sanity () {
1280 if grep -qvE '^[0-9A-Z.-]+\|[0-9a-f]{64}$' tINDEX.new; then
1281 fetch_metadata_bogus " index"
1286 # Sanity check the metadata file $1.
1287 fetch_metadata_sanity () {
1288 # Some aliases to save space later: ${P} is a character which can
1289 # appear in a path; ${M} is the four numeric metadata fields; and
1290 # ${H} is a sha256 hash.
1291 P="[-+./:=,%@_[~[:alnum:]]"
1292 M="[0-9]+\|[0-9]+\|[0-9]+\|[0-9]+"
1295 # Check that the first four fields make sense.
1296 if gunzip -c < files/$1.gz |
1297 grep -qvE "^[a-z]+\|[0-9a-z-]+\|${P}+\|[fdL-]\|"; then
1298 fetch_metadata_bogus ""
1302 # Remove the first three fields.
1303 gunzip -c < files/$1.gz |
1304 cut -f 4- -d '|' > sanitycheck.tmp
1306 # Sanity check entries with type 'f'
1307 if grep -E '^f' sanitycheck.tmp |
1308 grep -qvE "^f\|${M}\|${H}\|${P}*\$"; then
1309 fetch_metadata_bogus ""
1313 # Sanity check entries with type 'd'
1314 if grep -E '^d' sanitycheck.tmp |
1315 grep -qvE "^d\|${M}\|\|\$"; then
1316 fetch_metadata_bogus ""
1320 # Sanity check entries with type 'L'
1321 if grep -E '^L' sanitycheck.tmp |
1322 grep -qvE "^L\|${M}\|${P}*\|\$"; then
1323 fetch_metadata_bogus ""
1327 # Sanity check entries with type '-'
1328 if grep -E '^-' sanitycheck.tmp |
1329 grep -qvE "^-\|\|\|\|\|\|"; then
1330 fetch_metadata_bogus ""
1338 # Fetch the metadata index and metadata files listed in $@,
1339 # taking advantage of metadata patches where possible.
1341 fetch_metadata_index || return 1
1342 fetch_metadata_index_merge $@ || return 1
1343 fetch_metadata_index_sanity || return 1
1345 # Generate a list of wanted metadata patches
1346 join -t '|' -o 1.2,2.2 tINDEX.present tINDEX.new |
1347 fetch_make_patchlist > patchlist
1349 if [ -s patchlist ]; then
1350 # Attempt to fetch metadata patches
1351 echo -n "Fetching `wc -l < patchlist | tr -d ' '` "
1352 echo ${NDEBUG} "metadata patches.${DDSTATS}"
1353 tr '|' '-' < patchlist |
1354 lam -s "${FETCHDIR}/tp/" - -s ".gz" |
1355 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \
1356 2>${STATSREDIR} | fetch_progress
1359 # Attempt to apply metadata patches
1360 echo -n "Applying metadata patches... "
1361 tr '|' ' ' < patchlist |
1363 if [ ! -f "${X}-${Y}.gz" ]; then continue; fi
1364 gunzip -c < ${X}-${Y}.gz > diff
1365 gunzip -c < files/${X}.gz > diff-OLD
1367 # Figure out which lines are being added and removed
1370 while read PREFIX; do
1371 look "${PREFIX}" diff-OLD
1374 grep -E '^\+' diff |
1375 cut -c 2- > diff-add
1377 # Generate the new file
1378 comm -23 diff-OLD diff-rm |
1379 sort - diff-add > diff-NEW
1381 if [ `${SHA256} -q diff-NEW` = ${Y} ]; then
1382 mv diff-NEW files/${Y}
1385 mv diff-NEW ${Y}.bad
1387 rm -f ${X}-${Y}.gz diff
1388 rm -f diff-OLD diff-NEW diff-add diff-rm
1389 done 2>${QUIETREDIR}
1393 # Update metadata without patches
1394 cut -f 2 -d '|' < tINDEX.new |
1396 if [ ! -f "files/${Y}.gz" ]; then
1402 if [ -s filelist ]; then
1403 echo -n "Fetching `wc -l < filelist | tr -d ' '` "
1404 echo ${NDEBUG} "metadata files... "
1405 lam -s "${FETCHDIR}/m/" - -s ".gz" < filelist |
1406 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \
1410 if ! [ -f ${Y}.gz ]; then
1414 if [ `gunzip -c < ${Y}.gz |
1415 ${SHA256} -q` = ${Y} ]; then
1416 mv ${Y}.gz files/${Y}.gz
1418 echo "metadata is corrupt."
1425 # Sanity-check the metadata files.
1426 cut -f 2 -d '|' tINDEX.new > filelist
1428 fetch_metadata_sanity ${X} || return 1
1431 # Remove files which are no longer needed
1432 cut -f 2 -d '|' tINDEX.present |
1434 cut -f 2 -d '|' tINDEX.new |
1436 comm -13 - oldfiles |
1437 lam -s "files/" - -s ".gz" |
1439 rm patchlist filelist oldfiles
1443 mv tINDEX.new tINDEX.present
1449 # Extract a subset of a downloaded metadata file containing only the parts
1450 # which are listed in COMPONENTS.
1451 fetch_filter_metadata_components () {
1452 METAHASH=`look "$1|" tINDEX.present | cut -f 2 -d '|'`
1453 gunzip -c < files/${METAHASH}.gz > $1.all
1455 # Fish out the lines belonging to components we care about.
1456 for C in ${COMPONENTS}; do
1457 look "`echo ${C} | tr '/' '|'`|" $1.all
1460 # Remove temporary file.
1464 # Generate a filtered version of the metadata file $1 from the downloaded
1465 # file, by fishing out the lines corresponding to components we're trying
1466 # to keep updated, and then removing lines corresponding to paths we want
1468 fetch_filter_metadata () {
1469 # Fish out the lines belonging to components we care about.
1470 fetch_filter_metadata_components $1
1472 # Canonicalize directory names by removing any trailing / in
1473 # order to avoid listing directories multiple times if they
1474 # belong to multiple components. Turning "/" into "" doesn't
1475 # matter, since we add a leading "/" when we use paths later.
1476 cut -f 3- -d '|' $1 |
1477 sed -e 's,/|d|,|d|,' |
1478 sed -e 's,/|-|,|-|,' |
1481 # Figure out which lines to ignore and remove them.
1482 for X in ${IGNOREPATHS}; do
1483 grep -E "^${X}" $1.tmp
1486 comm -13 - $1.tmp > $1
1488 # Remove temporary files.
1492 # Filter the metadata file $1 by adding lines with "/boot/$2"
1493 # replaced by ${KERNELDIR} (which is `sysctl -n kern.bootfile` minus the
1494 # trailing "/kernel"); and if "/boot/$2" does not exist, remove
1495 # the original lines which start with that.
1496 # Put another way: Deal with the fact that the FOO kernel is sometimes
1497 # installed in /boot/FOO/ and is sometimes installed elsewhere.
1498 fetch_filter_kernel_names () {
1500 sed -e "s,/boot/$2,${KERNELDIR},g" |
1504 if ! [ -d /boot/$2 ]; then
1505 grep -v ^/boot/$2 $1 > $1.tmp
1510 # For all paths appearing in $1 or $3, inspect the system
1511 # and generate $2 describing what is currently installed.
1512 fetch_inspect_system () {
1516 # Tell the user why his disk is suddenly making lots of noise
1517 echo -n "Inspecting system... "
1519 # Generate list of files to inspect
1524 # Examine each file and output lines of the form
1525 # /path/to/file|type|device-inum|user|group|perm|flags|value
1526 # sorted by device and inode number.
1528 # If the symlink/file/directory does not exist, record this.
1529 if ! [ -e ${BASEDIR}/${F} ]; then
1533 if ! [ -r ${BASEDIR}/${F} ]; then
1534 echo "Cannot read file: ${BASEDIR}/${F}" \
1540 # Otherwise, output an index line.
1541 if [ -L ${BASEDIR}/${F} ]; then
1543 stat -n -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F};
1544 readlink ${BASEDIR}/${F};
1545 elif [ -f ${BASEDIR}/${F} ]; then
1547 stat -n -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F};
1548 sha256 -q ${BASEDIR}/${F};
1549 elif [ -d ${BASEDIR}/${F} ]; then
1551 stat -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F};
1553 echo "Unknown file type: ${BASEDIR}/${F}" \
1559 sort -k 3,3 -t '|' > $2.tmp
1562 # Check if an error occurred during system inspection
1563 if [ -f .err ]; then
1567 # Convert to the form
1568 # /path/to/file|type|user|group|perm|flags|value|hlink
1569 # by resolving identical device and inode numbers into hard links.
1570 cut -f 1,3 -d '|' $2.tmp |
1571 sort -k 1,1 -t '|' |
1572 sort -s -u -k 2,2 -t '|' |
1573 join -1 2 -2 3 -t '|' - $2.tmp |
1574 awk -F \| -v OFS=\| \
1576 if (($2 == $3) || ($4 == "-"))
1577 print $3,$4,$5,$6,$7,$8,$9,""
1579 print $3,$4,$5,$6,$7,$8,$9,$2
1584 # We're finished looking around
1588 # For any paths matching ${MERGECHANGES}, compare $1 and $2 and find any
1589 # files which differ; generate $3 containing these paths and the old hashes.
1590 fetch_filter_mergechanges () {
1591 # Pull out the paths and hashes of the files matching ${MERGECHANGES}.
1593 for X in ${MERGECHANGES}; do
1594 grep -E "^${X}" ${F}
1596 cut -f 1,2,7 -d '|' |
1600 # Any line in $2-values which doesn't appear in $1-values and is a
1601 # file means that we should list the path in $3.
1602 comm -13 $1-values $2-values |
1604 cut -f 1 -d '|' > $2-paths
1606 # For each path, pull out one (and only one!) entry from $1-values.
1607 # Note that we cannot distinguish which "old" version the user made
1608 # changes to; but hopefully any changes which occur due to security
1609 # updates will exist in both the "new" version and the version which
1610 # the user has installed, so the merging will still work.
1612 look "${X}|" $1-values |
1614 done < $2-paths > $3
1617 rm $1-values $2-values $2-paths
1620 # For any paths matching ${UPDATEIFUNMODIFIED}, remove lines from $[123]
1621 # which correspond to lines in $2 with hashes not matching $1 or $3, unless
1622 # the paths are listed in $4. For entries in $2 marked "not present"
1623 # (aka. type -), remove lines from $[123] unless there is a corresponding
1625 fetch_filter_unmodified_notpresent () {
1626 # Figure out which lines of $1 and $3 correspond to bits which
1627 # should only be updated if they haven't changed, and fish out
1628 # the (path, type, value) tuples.
1629 # NOTE: We don't consider a file to be "modified" if it matches
1631 for X in ${UPDATEIFUNMODIFIED}; do
1635 cut -f 1,2,7 -d '|' |
1638 # Do the same for $2.
1639 for X in ${UPDATEIFUNMODIFIED}; do
1642 cut -f 1,2,7 -d '|' |
1645 # Any entry in $2-values which is not in $1-values corresponds to
1646 # a path which we need to remove from $1, $2, and $3, unless it
1647 # that path appears in $4.
1648 comm -13 $1-values $2-values |
1649 sort -t '|' -k 1,1 > mlines.tmp
1650 cut -f 1 -d '|' $4 |
1652 join -v 2 -t '|' - mlines.tmp |
1654 rm $1-values $2-values mlines.tmp
1656 # Any lines in $2 which are not in $1 AND are "not present" lines
1657 # also belong in mlines.
1659 cut -f 1,2,7 -d '|' |
1660 fgrep '|-|' >> mlines
1662 # Remove lines from $1, $2, and $3
1663 for X in $1 $2 $3; do
1664 sort -t '|' -k 1,1 ${X} > ${X}.tmp
1665 cut -f 1 -d '|' < mlines |
1667 join -v 2 -t '|' - ${X}.tmp |
1672 # Store a list of the modified files, for future reference
1673 fgrep -v '|-|' mlines |
1674 cut -f 1 -d '|' > modifiedfiles
1678 # For each entry in $1 of type -, remove any corresponding
1679 # entry from $2 if ${ALLOWADD} != "yes". Remove all entries
1680 # of type - from $1.
1681 fetch_filter_allowadd () {
1682 cut -f 1,2 -d '|' < $1 |
1684 cut -f 1 -d '|' > filesnotpresent
1686 if [ ${ALLOWADD} != "yes" ]; then
1688 join -v 1 -t '|' - filesnotpresent |
1694 join -v 1 -t '|' - filesnotpresent |
1700 # If ${ALLOWDELETE} != "yes", then remove any entries from $1
1701 # which don't correspond to entries in $2.
1702 fetch_filter_allowdelete () {
1703 # Produce a lists ${PATH}|${TYPE}
1705 cut -f 1-2 -d '|' < ${X} |
1706 sort -u > ${X}.nodes
1709 # Figure out which lines need to be removed from $1.
1710 if [ ${ALLOWDELETE} != "yes" ]; then
1711 comm -23 $1.nodes $2.nodes > $1.badnodes
1716 # Remove the relevant lines from $1
1719 done < $1.badnodes |
1720 comm -13 - $1 > $1.tmp
1723 rm $1.badnodes $1.nodes $2.nodes
1726 # If ${KEEPMODIFIEDMETADATA} == "yes", then for each entry in $2
1727 # with metadata not matching any entry in $1, replace the corresponding
1728 # line of $3 with one having the same metadata as the entry in $2.
1729 fetch_filter_modified_metadata () {
1730 # Fish out the metadata from $1 and $2
1732 cut -f 1-6 -d '|' < ${X} > ${X}.metadata
1735 # Find the metadata we need to keep
1736 if [ ${KEEPMODIFIEDMETADATA} = "yes" ]; then
1737 comm -13 $1.metadata $2.metadata > keepmeta
1742 # Extract the lines which we need to remove from $3, and
1743 # construct the lines which we need to add to $3.
1747 NODE=`echo "${LINE}" | cut -f 1-2 -d '|'`
1748 look "${NODE}|" $3 >> $3.remove
1749 look "${NODE}|" $3 |
1751 lam -s "${LINE}|" - >> $3.add
1754 # Remove the specified lines and add the new lines.
1757 sort -u - $3.add > $3.tmp
1760 rm keepmeta $1.metadata $2.metadata $3.add $3.remove
1763 # Remove lines from $1 and $2 which are identical;
1764 # no need to update a file if it isn't changing.
1765 fetch_filter_uptodate () {
1766 comm -23 $1 $2 > $1.tmp
1767 comm -13 $1 $2 > $2.tmp
1773 # Fetch any "clean" old versions of files we need for merging changes.
1774 fetch_files_premerge () {
1775 # We only need to do anything if $1 is non-empty.
1777 # Tell the user what we're doing
1778 echo -n "Fetching files from ${OLDRELNUM} for merging... "
1780 # List of files wanted
1783 sort -u > files.wanted
1785 # Only fetch the files we don't already have
1787 if [ ! -f "files/${Y}.gz" ]; then
1790 done < files.wanted > filelist
1792 # Actually fetch them
1793 lam -s "${OLDFETCHDIR}/f/" - -s ".gz" < filelist |
1794 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \
1797 # Make sure we got them all, and move them into /files/
1799 if ! [ -f ${Y}.gz ]; then
1803 if [ `gunzip -c < ${Y}.gz |
1804 ${SHA256} -q` = ${Y} ]; then
1805 mv ${Y}.gz files/${Y}.gz
1807 echo "${Y} has incorrect hash."
1814 rm filelist files.wanted
1818 # Prepare to fetch files: Generate a list of the files we need,
1819 # copy the unmodified files we have into /files/, and generate
1820 # a list of patches to download.
1821 fetch_files_prepare () {
1822 # Tell the user why his disk is suddenly making lots of noise
1823 echo -n "Preparing to download files... "
1825 # Reduce indices to ${PATH}|${HASH} pairs
1826 for X in $1 $2 $3; do
1827 cut -f 1,2,7 -d '|' < ${X} |
1833 # List of files wanted
1834 cut -f 2 -d '|' < $3.hashes |
1837 if ! [ -f files/${HASH}.gz ]; then
1842 # Generate a list of unmodified files
1843 comm -12 $1.hashes $2.hashes |
1844 sort -k 1,1 -t '|' > unmodified.files
1846 # Copy all files into /files/. We only need the unmodified files
1847 # for use in patching; but we'll want all of them if the user asks
1848 # to rollback the updates later.
1850 F=`echo "${LINE}" | cut -f 1 -d '|'`
1851 HASH=`echo "${LINE}" | cut -f 2 -d '|'`
1853 # Skip files we already have.
1854 if [ -f files/${HASH}.gz ]; then
1858 # Make sure the file hasn't changed.
1859 cp "${BASEDIR}/${F}" tmpfile
1860 if [ `sha256 -q tmpfile` != ${HASH} ]; then
1862 echo "File changed while FreeBSD Update running: ${F}"
1866 # Place the file into storage.
1867 gzip -c < tmpfile > files/${HASH}.gz
1871 # Produce a list of patches to download
1872 sort -k 1,1 -t '|' $3.hashes |
1873 join -t '|' -o 2.2,1.2 - unmodified.files |
1874 fetch_make_patchlist > patchlist
1877 rm unmodified.files $1.hashes $2.hashes $3.hashes
1879 # We don't need the list of possible old files any more.
1882 # We're finished making noise
1888 # Attempt to fetch patches
1889 if [ -s patchlist ]; then
1890 echo -n "Fetching `wc -l < patchlist | tr -d ' '` "
1891 echo ${NDEBUG} "patches.${DDSTATS}"
1892 tr '|' '-' < patchlist |
1893 lam -s "${PATCHDIR}/" - |
1894 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \
1895 2>${STATSREDIR} | fetch_progress
1898 # Attempt to apply patches
1899 echo -n "Applying patches... "
1900 tr '|' ' ' < patchlist |
1902 if [ ! -f "${X}-${Y}" ]; then continue; fi
1903 gunzip -c < files/${X}.gz > OLD
1905 bspatch OLD NEW ${X}-${Y}
1907 if [ `${SHA256} -q NEW` = ${Y} ]; then
1911 rm -f diff OLD NEW ${X}-${Y}
1912 done 2>${QUIETREDIR}
1916 # Download files which couldn't be generate via patching
1918 if [ ! -f "files/${Y}.gz" ]; then
1921 done < files.wanted > filelist
1923 if [ -s filelist ]; then
1924 echo -n "Fetching `wc -l < filelist | tr -d ' '` "
1925 echo ${NDEBUG} "files... "
1926 lam -s "${FETCHDIR}/f/" - -s ".gz" < filelist |
1927 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \
1928 2>${STATSREDIR} | fetch_progress
1931 if ! [ -f ${Y}.gz ]; then
1935 if [ `gunzip -c < ${Y}.gz |
1936 ${SHA256} -q` = ${Y} ]; then
1937 mv ${Y}.gz files/${Y}.gz
1939 echo "${Y} has incorrect hash."
1947 rm files.wanted filelist patchlist
1950 # Create and populate install manifest directory; and report what updates
1952 fetch_create_manifest () {
1953 # If we have an existing install manifest, nuke it.
1954 if [ -L "${BDHASH}-install" ]; then
1955 rm -r ${BDHASH}-install/
1956 rm ${BDHASH}-install
1959 # Report to the user if any updates were avoided due to local changes
1960 if [ -s modifiedfiles ]; then
1961 cat - modifiedfiles <<- EOF | ${PAGER}
1962 The following files are affected by updates. No changes have
1963 been downloaded, however, because the files have been modified
1969 # If no files will be updated, tell the user and exit
1970 if ! [ -s INDEX-PRESENT ] &&
1971 ! [ -s INDEX-NEW ]; then
1972 rm INDEX-PRESENT INDEX-NEW
1974 echo -n "No updates needed to update system to "
1975 echo "${RELNUM}-p${RELPATCHNUM}."
1979 # Divide files into (a) removed files, (b) added files, and
1980 # (c) updated files.
1981 cut -f 1 -d '|' < INDEX-PRESENT |
1982 sort > INDEX-PRESENT.flist
1983 cut -f 1 -d '|' < INDEX-NEW |
1984 sort > INDEX-NEW.flist
1985 comm -23 INDEX-PRESENT.flist INDEX-NEW.flist > files.removed
1986 comm -13 INDEX-PRESENT.flist INDEX-NEW.flist > files.added
1987 comm -12 INDEX-PRESENT.flist INDEX-NEW.flist > files.updated
1988 rm INDEX-PRESENT.flist INDEX-NEW.flist
1990 # Report removed files, if any
1991 if [ -s files.removed ]; then
1992 cat - files.removed <<- EOF | ${PAGER}
1993 The following files will be removed as part of updating to
1994 ${RELNUM}-p${RELPATCHNUM}:
1999 # Report added files, if any
2000 if [ -s files.added ]; then
2001 cat - files.added <<- EOF | ${PAGER}
2002 The following files will be added as part of updating to
2003 ${RELNUM}-p${RELPATCHNUM}:
2008 # Report updated files, if any
2009 if [ -s files.updated ]; then
2010 cat - files.updated <<- EOF | ${PAGER}
2011 The following files will be updated as part of updating to
2012 ${RELNUM}-p${RELPATCHNUM}:
2017 # Create a directory for the install manifest.
2018 MDIR=`mktemp -d install.XXXXXX` || return 1
2021 mv INDEX-PRESENT ${MDIR}/INDEX-OLD
2022 mv INDEX-NEW ${MDIR}/INDEX-NEW
2024 # Link it into place
2025 ln -s ${MDIR} ${BDHASH}-install
2028 # Warn about any upcoming EoL
2030 # What's the current time?
2031 NOWTIME=`date "+%s"`
2033 # When did we last warn about the EoL date?
2034 if [ -f lasteolwarn ]; then
2035 LASTWARN=`cat lasteolwarn`
2037 LASTWARN=`expr ${NOWTIME} - 63072000`
2040 # If the EoL time is past, warn.
2041 if [ ${EOLTIME} -lt ${NOWTIME} ]; then
2044 WARNING: `uname -sr` HAS PASSED ITS END-OF-LIFE DATE.
2045 Any security issues discovered after `date -r ${EOLTIME}`
2046 will not have been corrected.
2051 # Figure out how long it has been since we last warned about the
2052 # upcoming EoL, and how much longer we have left.
2053 SINCEWARN=`expr ${NOWTIME} - ${LASTWARN}`
2054 TIMELEFT=`expr ${EOLTIME} - ${NOWTIME}`
2056 # Don't warn if the EoL is more than 3 months away
2057 if [ ${TIMELEFT} -gt 7884000 ]; then
2061 # Don't warn if the time remaining is more than 3 times the time
2062 # since the last warning.
2063 if [ ${TIMELEFT} -gt `expr ${SINCEWARN} \* 3` ]; then
2067 # Figure out what time units to use.
2068 if [ ${TIMELEFT} -lt 604800 ]; then
2071 elif [ ${TIMELEFT} -lt 2678400 ]; then
2079 # Compute the right number of units
2080 NUM=`expr ${TIMELEFT} / ${SIZE}`
2081 if [ ${NUM} != 1 ]; then
2088 WARNING: `uname -sr` is approaching its End-of-Life date.
2089 It is strongly recommended that you upgrade to a newer
2090 release within the next ${NUM} ${UNIT}.
2093 # Update the stored time of last warning
2094 echo ${NOWTIME} > lasteolwarn
2097 # Do the actual work involved in "fetch" / "cron".
2099 workdir_init || return 1
2101 # Prepare the mirror list.
2102 fetch_pick_server_init && fetch_pick_server
2104 # Try to fetch the public key until we run out of servers.
2105 while ! fetch_key; do
2106 fetch_pick_server || return 1
2109 # Try to fetch the metadata index signature ("tag") until we run
2110 # out of available servers; and sanity check the downloaded tag.
2111 while ! fetch_tag; do
2112 fetch_pick_server || return 1
2114 fetch_tagsanity || return 1
2116 # Fetch the latest INDEX-NEW and INDEX-OLD files.
2117 fetch_metadata INDEX-NEW INDEX-OLD || return 1
2119 # Generate filtered INDEX-NEW and INDEX-OLD files containing only
2120 # the lines which (a) belong to components we care about, and (b)
2121 # don't correspond to paths we're explicitly ignoring.
2122 fetch_filter_metadata INDEX-NEW || return 1
2123 fetch_filter_metadata INDEX-OLD || return 1
2125 # Translate /boot/${KERNCONF} into ${KERNELDIR}
2126 fetch_filter_kernel_names INDEX-NEW ${KERNCONF}
2127 fetch_filter_kernel_names INDEX-OLD ${KERNCONF}
2129 # For all paths appearing in INDEX-OLD or INDEX-NEW, inspect the
2130 # system and generate an INDEX-PRESENT file.
2131 fetch_inspect_system INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1
2133 # Based on ${UPDATEIFUNMODIFIED}, remove lines from INDEX-* which
2134 # correspond to lines in INDEX-PRESENT with hashes not appearing
2135 # in INDEX-OLD or INDEX-NEW. Also remove lines where the entry in
2136 # INDEX-PRESENT has type - and there isn't a corresponding entry in
2137 # INDEX-OLD with type -.
2138 fetch_filter_unmodified_notpresent \
2139 INDEX-OLD INDEX-PRESENT INDEX-NEW /dev/null
2141 # For each entry in INDEX-PRESENT of type -, remove any corresponding
2142 # entry from INDEX-NEW if ${ALLOWADD} != "yes". Remove all entries
2143 # of type - from INDEX-PRESENT.
2144 fetch_filter_allowadd INDEX-PRESENT INDEX-NEW
2146 # If ${ALLOWDELETE} != "yes", then remove any entries from
2147 # INDEX-PRESENT which don't correspond to entries in INDEX-NEW.
2148 fetch_filter_allowdelete INDEX-PRESENT INDEX-NEW
2150 # If ${KEEPMODIFIEDMETADATA} == "yes", then for each entry in
2151 # INDEX-PRESENT with metadata not matching any entry in INDEX-OLD,
2152 # replace the corresponding line of INDEX-NEW with one having the
2153 # same metadata as the entry in INDEX-PRESENT.
2154 fetch_filter_modified_metadata INDEX-OLD INDEX-PRESENT INDEX-NEW
2156 # Remove lines from INDEX-PRESENT and INDEX-NEW which are identical;
2157 # no need to update a file if it isn't changing.
2158 fetch_filter_uptodate INDEX-PRESENT INDEX-NEW
2160 # Prepare to fetch files: Generate a list of the files we need,
2161 # copy the unmodified files we have into /files/, and generate
2162 # a list of patches to download.
2163 fetch_files_prepare INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1
2166 fetch_files || return 1
2168 # Create and populate install manifest directory; and report what
2169 # updates are available.
2170 fetch_create_manifest || return 1
2172 # Warn about any upcoming EoL
2173 fetch_warn_eol || return 1
2176 # If StrictComponents is not "yes", generate a new components list
2177 # with only the components which appear to be installed.
2178 upgrade_guess_components () {
2179 if [ "${STRICTCOMPONENTS}" = "no" ]; then
2180 # Generate filtered INDEX-ALL with only the components listed
2182 fetch_filter_metadata_components $1 || return 1
2184 # Tell the user why his disk is suddenly making lots of noise
2185 echo -n "Inspecting system... "
2187 # Look at the files on disk, and assume that a component is
2188 # supposed to be present if it is more than half-present.
2189 cut -f 1-3 -d '|' < INDEX-ALL |
2191 while read C S F; do
2192 if [ -e ${BASEDIR}/${F} ]; then
2199 sed -E 's,^ +,,' > compfreq
2200 grep ' = ' compfreq |
2202 sort -k 2,2 -t ' ' > compfreq.total
2203 grep ' + ' compfreq |
2205 sort -k 2,2 -t ' ' > compfreq.present
2206 join -t ' ' -1 2 -2 2 compfreq.present compfreq.total |
2207 while read S P T; do
2208 if [ ${T} -ne 0 -a ${P} -gt `expr ${T} / 2` ]; then
2212 cut -f 2 -d ' ' < compfreq.total > comp.total
2213 rm INDEX-ALL compfreq compfreq.total compfreq.present
2215 # We're done making noise.
2218 # Sometimes the kernel isn't installed where INDEX-ALL
2219 # thinks that it should be: In particular, it is often in
2220 # /boot/kernel instead of /boot/GENERIC or /boot/SMP. To
2221 # deal with this, if "kernel|X" is listed in comp.total
2222 # (i.e., is a component which would be upgraded if it is
2223 # found to be present) we will add it to comp.present.
2224 # If "kernel|<anything>" is in comp.total but "kernel|X" is
2225 # not, we print a warning -- the user is running a kernel
2226 # which isn't part of the release.
2227 KCOMP=`echo ${KERNCONF} | tr 'A-Z' 'a-z'`
2228 grep -E "^kernel\|${KCOMP}\$" comp.total >> comp.present
2230 if grep -qE "^kernel\|" comp.total &&
2231 ! grep -qE "^kernel\|${KCOMP}\$" comp.total; then
2234 WARNING: This system is running a "${KCOMP}" kernel, which is not a
2235 kernel configuration distributed as part of FreeBSD ${RELNUM}.
2236 This kernel will not be updated: you MUST update the kernel manually
2237 before running "$0 install".
2241 # Re-sort the list of installed components and generate
2242 # the list of non-installed components.
2243 sort -u < comp.present > comp.present.tmp
2244 mv comp.present.tmp comp.present
2245 comm -13 comp.present comp.total > comp.absent
2247 # Ask the user to confirm that what we have is correct. To
2248 # reduce user confusion, translate "X|Y" back to "X/Y" (as
2249 # subcomponents must be listed in the configuration file).
2251 echo -n "The following components of FreeBSD "
2252 echo "seem to be installed:"
2253 tr '|' '/' < comp.present |
2256 echo -n "The following components of FreeBSD "
2257 echo "do not seem to be installed:"
2258 tr '|' '/' < comp.absent |
2261 continuep || return 1
2264 # Suck the generated list of components into ${COMPONENTS}.
2265 # Note that comp.present.tmp is used due to issues with
2266 # pipelines and setting variables.
2268 tr '|' '/' < comp.present > comp.present.tmp
2270 COMPONENTS="${COMPONENTS} ${C}"
2271 done < comp.present.tmp
2273 # Delete temporary files
2274 rm comp.present comp.present.tmp comp.absent comp.total
2278 # If StrictComponents is not "yes", COMPONENTS contains an entry
2279 # corresponding to the currently running kernel, and said kernel
2280 # does not exist in the new release, add "kernel/generic" to the
2281 # list of components.
2282 upgrade_guess_new_kernel () {
2283 if [ "${STRICTCOMPONENTS}" = "no" ]; then
2284 # Grab the unfiltered metadata file.
2285 METAHASH=`look "$1|" tINDEX.present | cut -f 2 -d '|'`
2286 gunzip -c < files/${METAHASH}.gz > $1.all
2288 # If "kernel/${KCOMP}" is in ${COMPONENTS} and that component
2289 # isn't in $1.all, we need to add kernel/generic.
2290 for C in ${COMPONENTS}; do
2291 if [ ${C} = "kernel/${KCOMP}" ] &&
2292 ! grep -qE "^kernel\|${KCOMP}\|" $1.all; then
2293 COMPONENTS="${COMPONENTS} kernel/generic"
2297 WARNING: This system is running a "${KCOMP}" kernel, which is not a
2298 kernel configuration distributed as part of FreeBSD ${RELNUM}.
2299 As part of upgrading to FreeBSD ${RELNUM}, this kernel will be
2300 replaced with a "generic" kernel.
2302 continuep || return 1
2306 # Don't need this any more...
2311 # Convert INDEX-OLD (last release) and INDEX-ALL (new release) into
2312 # INDEX-OLD and INDEX-NEW files (in the sense of normal upgrades).
2313 upgrade_oldall_to_oldnew () {
2314 # For each ${F}|... which appears in INDEX-ALL but does not appear
2315 # in INDEX-OLD, add ${F}|-|||||| to INDEX-OLD.
2316 cut -f 1 -d '|' < $1 |
2318 cut -f 1 -d '|' < $2 |
2320 comm -13 $1.paths - |
2321 lam - -s "|-||||||" |
2325 # Remove lines from INDEX-OLD which also appear in INDEX-ALL
2326 comm -23 $1 $2 > $1.tmp
2329 # Remove lines from INDEX-ALL which have a file name not appearing
2330 # anywhere in INDEX-OLD (since these must be files which haven't
2331 # changed -- if they were new, there would be an entry of type "-").
2332 cut -f 1 -d '|' < $1 |
2334 sort -k 1,1 -t '|' < $2 |
2335 join -t '|' - $1.paths |
2340 # Rename INDEX-ALL to INDEX-NEW.
2344 # Helper for upgrade_merge: Return zero true iff the two files differ only
2345 # in the contents of their RCS tags.
2347 X=`sed -E 's/\\$FreeBSD.*\\$/\$FreeBSD\$/' < $1 | ${SHA256}`
2348 Y=`sed -E 's/\\$FreeBSD.*\\$/\$FreeBSD\$/' < $2 | ${SHA256}`
2350 if [ $X = $Y ]; then
2357 # From the list of "old" files in $1, merge changes in $2 with those in $3,
2358 # and update $3 to reflect the hashes of merged files.
2360 # We only need to do anything if $1 is non-empty.
2362 cut -f 1 -d '|' $1 |
2365 # Create staging area for merging files
2369 mkdir -p merge/old/${D}
2370 mkdir -p merge/${OLDRELNUM}/${D}
2371 mkdir -p merge/${RELNUM}/${D}
2372 mkdir -p merge/new/${D}
2377 # Currently installed file
2378 V=`look "${F}|" $2 | cut -f 7 -d '|'`
2379 gunzip < files/${V}.gz > merge/old/${F}
2382 if look "${F}|" $1 | fgrep -q "|f|"; then
2383 V=`look "${F}|" $1 | cut -f 3 -d '|'`
2384 gunzip < files/${V}.gz \
2385 > merge/${OLDRELNUM}/${F}
2389 if look "${F}|" $3 | cut -f 1,2,7 -d '|' |
2390 fgrep -q "|f|"; then
2391 V=`look "${F}|" $3 | cut -f 7 -d '|'`
2392 gunzip < files/${V}.gz \
2393 > merge/${RELNUM}/${F}
2397 # Attempt to automatically merge changes
2398 echo -n "Attempting to automatically merge "
2399 echo -n "changes in files..."
2402 # If the file doesn't exist in the new release,
2403 # the result of "merging changes" is having the file
2405 if ! [ -f merge/${RELNUM}/${F} ]; then
2409 # If the file didn't exist in the old release, we're
2410 # going to throw away the existing file and hope that
2411 # the version from the new release is what we want.
2412 if ! [ -f merge/${OLDRELNUM}/${F} ]; then
2413 cp merge/${RELNUM}/${F} merge/new/${F}
2417 # Some files need special treatment.
2419 /etc/spwd.db | /etc/pwd.db | /etc/login.conf.db)
2420 # Don't merge these -- we're rebuild them
2421 # after updates are installed.
2422 cp merge/old/${F} merge/new/${F}
2425 if ! diff3 -E -m -L "current version" \
2426 -L "${OLDRELNUM}" -L "${RELNUM}" \
2428 merge/${OLDRELNUM}/${F} \
2429 merge/${RELNUM}/${F} \
2430 > merge/new/${F} 2>/dev/null; then
2431 echo ${F} >> failed.merges
2438 # Ask the user to handle any files which didn't merge.
2440 # If the installed file differs from the version in
2441 # the old release only due to RCS tag expansion
2442 # then just use the version in the new release.
2443 if samef merge/old/${F} merge/${OLDRELNUM}/${F}; then
2444 cp merge/${RELNUM}/${F} merge/new/${F}
2450 The following file could not be merged automatically: ${F}
2451 Press Enter to edit this file in ${EDITOR} and resolve the conflicts
2454 read dummy </dev/tty
2455 ${EDITOR} `pwd`/merge/new/${F} < /dev/tty
2456 done < failed.merges
2459 # Ask the user to confirm that he likes how the result
2462 # Skip files which haven't changed except possibly
2463 # in their RCS tags.
2464 if [ -f merge/old/${F} ] && [ -f merge/new/${F} ] &&
2465 samef merge/old/${F} merge/new/${F}; then
2469 # Skip files where the installed file differs from
2470 # the old file only due to RCS tags.
2471 if [ -f merge/old/${F} ] &&
2472 [ -f merge/${OLDRELNUM}/${F} ] &&
2473 samef merge/old/${F} merge/${OLDRELNUM}/${F}; then
2477 # Warn about files which are ceasing to exist.
2478 if ! [ -f merge/new/${F} ]; then
2481 The following file will be removed, as it no longer exists in
2482 FreeBSD ${RELNUM}: ${F}
2484 continuep < /dev/tty || return 1
2488 # Print changes for the user's approval.
2491 The following changes, which occurred between FreeBSD ${OLDRELNUM} and
2492 FreeBSD ${RELNUM} have been merged into ${F}:
2494 diff -U 5 -L "current version" -L "new version" \
2495 merge/old/${F} merge/new/${F} || true
2496 continuep < /dev/tty || return 1
2499 # Store merged files.
2501 if [ -f merge/new/${F} ]; then
2502 V=`${SHA256} -q merge/new/${F}`
2504 gzip -c < merge/new/${F} > files/${V}.gz
2507 done < $1-paths > newhashes
2509 # Pull lines out from $3 which need to be updated to
2510 # reflect merged files.
2513 done < $1-paths > $3-oldlines
2515 # Update lines to reflect merged files
2516 join -t '|' -o 1.1,1.2,1.3,1.4,1.5,1.6,2.2,1.8 \
2517 $3-oldlines newhashes > $3-newlines
2519 # Remove old lines from $3 and add new lines.
2522 sort - $3-newlines > $3.tmp
2526 rm $1-paths newhashes $3-oldlines $3-newlines
2530 # We're done with merging files.
2534 # Do the work involved in fetching upgrades to a new release
2536 workdir_init || return 1
2538 # Prepare the mirror list.
2539 fetch_pick_server_init && fetch_pick_server
2541 # Try to fetch the public key until we run out of servers.
2542 while ! fetch_key; do
2543 fetch_pick_server || return 1
2546 # Try to fetch the metadata index signature ("tag") until we run
2547 # out of available servers; and sanity check the downloaded tag.
2548 while ! fetch_tag; do
2549 fetch_pick_server || return 1
2551 fetch_tagsanity || return 1
2553 # Fetch the INDEX-OLD and INDEX-ALL.
2554 fetch_metadata INDEX-OLD INDEX-ALL || return 1
2556 # If StrictComponents is not "yes", generate a new components list
2557 # with only the components which appear to be installed.
2558 upgrade_guess_components INDEX-ALL || return 1
2560 # Generate filtered INDEX-OLD and INDEX-ALL files containing only
2561 # the components we want and without anything marked as "Ignore".
2562 fetch_filter_metadata INDEX-OLD || return 1
2563 fetch_filter_metadata INDEX-ALL || return 1
2565 # Merge the INDEX-OLD and INDEX-ALL files into INDEX-OLD.
2566 sort INDEX-OLD INDEX-ALL > INDEX-OLD.tmp
2567 mv INDEX-OLD.tmp INDEX-OLD
2570 # Adjust variables for fetching files from the new release.
2572 RELNUM=${TARGETRELEASE}
2573 OLDFETCHDIR=${FETCHDIR}
2574 FETCHDIR=${RELNUM}/${ARCH}
2576 # Try to fetch the NEW metadata index signature ("tag") until we run
2577 # out of available servers; and sanity check the downloaded tag.
2578 while ! fetch_tag; do
2579 fetch_pick_server || return 1
2582 # Fetch the new INDEX-ALL.
2583 fetch_metadata INDEX-ALL || return 1
2585 # If StrictComponents is not "yes", COMPONENTS contains an entry
2586 # corresponding to the currently running kernel, and said kernel
2587 # does not exist in the new release, add "kernel/generic" to the
2588 # list of components.
2589 upgrade_guess_new_kernel INDEX-ALL || return 1
2591 # Filter INDEX-ALL to contain only the components we want and without
2592 # anything marked as "Ignore".
2593 fetch_filter_metadata INDEX-ALL || return 1
2595 # Convert INDEX-OLD (last release) and INDEX-ALL (new release) into
2596 # INDEX-OLD and INDEX-NEW files (in the sense of normal upgrades).
2597 upgrade_oldall_to_oldnew INDEX-OLD INDEX-ALL INDEX-NEW
2599 # Translate /boot/${KERNCONF} or /boot/${NKERNCONF} into ${KERNELDIR}
2600 fetch_filter_kernel_names INDEX-NEW ${NKERNCONF}
2601 fetch_filter_kernel_names INDEX-OLD ${KERNCONF}
2603 # For all paths appearing in INDEX-OLD or INDEX-NEW, inspect the
2604 # system and generate an INDEX-PRESENT file.
2605 fetch_inspect_system INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1
2607 # Based on ${MERGECHANGES}, generate a file tomerge-old with the
2608 # paths and hashes of old versions of files to merge.
2609 fetch_filter_mergechanges INDEX-OLD INDEX-PRESENT tomerge-old
2611 # Based on ${UPDATEIFUNMODIFIED}, remove lines from INDEX-* which
2612 # correspond to lines in INDEX-PRESENT with hashes not appearing
2613 # in INDEX-OLD or INDEX-NEW. Also remove lines where the entry in
2614 # INDEX-PRESENT has type - and there isn't a corresponding entry in
2615 # INDEX-OLD with type -.
2616 fetch_filter_unmodified_notpresent \
2617 INDEX-OLD INDEX-PRESENT INDEX-NEW tomerge-old
2619 # For each entry in INDEX-PRESENT of type -, remove any corresponding
2620 # entry from INDEX-NEW if ${ALLOWADD} != "yes". Remove all entries
2621 # of type - from INDEX-PRESENT.
2622 fetch_filter_allowadd INDEX-PRESENT INDEX-NEW
2624 # If ${ALLOWDELETE} != "yes", then remove any entries from
2625 # INDEX-PRESENT which don't correspond to entries in INDEX-NEW.
2626 fetch_filter_allowdelete INDEX-PRESENT INDEX-NEW
2628 # If ${KEEPMODIFIEDMETADATA} == "yes", then for each entry in
2629 # INDEX-PRESENT with metadata not matching any entry in INDEX-OLD,
2630 # replace the corresponding line of INDEX-NEW with one having the
2631 # same metadata as the entry in INDEX-PRESENT.
2632 fetch_filter_modified_metadata INDEX-OLD INDEX-PRESENT INDEX-NEW
2634 # Remove lines from INDEX-PRESENT and INDEX-NEW which are identical;
2635 # no need to update a file if it isn't changing.
2636 fetch_filter_uptodate INDEX-PRESENT INDEX-NEW
2638 # Fetch "clean" files from the old release for merging changes.
2639 fetch_files_premerge tomerge-old
2641 # Prepare to fetch files: Generate a list of the files we need,
2642 # copy the unmodified files we have into /files/, and generate
2643 # a list of patches to download.
2644 fetch_files_prepare INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1
2646 # Fetch patches from to-${RELNUM}/${ARCH}/bp/
2647 PATCHDIR=to-${RELNUM}/${ARCH}/bp
2648 fetch_files || return 1
2650 # Merge configuration file changes.
2651 upgrade_merge tomerge-old INDEX-PRESENT INDEX-NEW || return 1
2653 # Create and populate install manifest directory; and report what
2654 # updates are available.
2655 fetch_create_manifest || return 1
2657 # Leave a note behind to tell the "install" command that the kernel
2658 # needs to be installed before the world.
2659 touch ${BDHASH}-install/kernelfirst
2661 # Remind the user that they need to run "freebsd-update install"
2662 # to install the downloaded bits, in case they didn't RTFM.
2663 echo "To install the downloaded upgrades, run \"$0 install\"."
2666 # Make sure that all the file hashes mentioned in $@ have corresponding
2667 # gzipped files stored in /files/.
2669 # Generate a list of hashes
2676 # Make sure all the hashes exist
2678 if ! [ -f files/${HASH}.gz ]; then
2679 echo -n "Update files missing -- "
2680 echo "this should never happen."
2681 echo "Re-run '$0 fetch'."
2690 # Remove the system immutable flag from files
2692 # Generate file list
2694 cut -f 1 -d '|' > filelist
2698 if ! [ -e ${BASEDIR}/${F} ]; then
2701 echo ${BASEDIR}/${F}
2703 done < filelist | xargs chflags noschg || return 1
2709 # Decide which directory name to use for kernel backups.
2710 backup_kernel_finddir () {
2713 # Pathname does not exist, so it is OK use that name
2714 # for backup directory.
2715 if [ ! -e $BASEDIR/$BACKUPKERNELDIR ]; then
2719 # If directory do exist, we only use if it has our
2721 if [ -d $BASEDIR/$BACKUPKERNELDIR -a \
2722 -e $BASEDIR/$BACKUPKERNELDIR/.freebsd-update ]; then
2726 # We could not use current directory name, so add counter to
2727 # the end and try again.
2729 if [ $CNT -gt 9 ]; then
2730 echo "Could not find valid backup dir ($BASEDIR/$BACKUPKERNELDIR)"
2733 BACKUPKERNELDIR="`echo $BACKUPKERNELDIR | sed -Ee 's/[0-9]\$//'`"
2734 BACKUPKERNELDIR="${BACKUPKERNELDIR}${CNT}"
2738 # Backup the current kernel using hardlinks, if not disabled by user.
2739 # Since we delete all files in the directory used for previous backups
2740 # we create a marker file called ".freebsd-update" in the directory so
2741 # we can determine on the next run that the directory was created by
2742 # freebsd-update and we then do not accidentally remove user files in
2743 # the unlikely case that the user has created a directory with a
2746 # Only make kernel backup is so configured.
2747 if [ $BACKUPKERNEL != yes ]; then
2751 # Decide which directory name to use for kernel backups.
2752 backup_kernel_finddir
2754 # Remove old kernel backup files. If $BACKUPKERNELDIR was
2755 # "not ours", backup_kernel_finddir would have exited, so
2756 # deleting the directory content is as safe as we can make it.
2757 if [ -d $BASEDIR/$BACKUPKERNELDIR ]; then
2758 rm -fr $BASEDIR/$BACKUPKERNELDIR
2761 # Create directories for backup.
2762 mkdir -p $BASEDIR/$BACKUPKERNELDIR
2763 mtree -cdn -p "${BASEDIR}/${KERNELDIR}" | \
2764 mtree -Ue -p "${BASEDIR}/${BACKUPKERNELDIR}" > /dev/null
2766 # Mark the directory as having been created by freebsd-update.
2767 touch $BASEDIR/$BACKUPKERNELDIR/.freebsd-update
2768 if [ $? -ne 0 ]; then
2769 echo "Could not create kernel backup directory"
2773 # Disable pathname expansion to be sure *.symbols is not
2777 # Use find to ignore symbol files, unless disabled by user.
2778 if [ $BACKUPKERNELSYMBOLFILES = yes ]; then
2781 FINDFILTER="-a ! -name *.debug -a ! -name *.symbols"
2784 # Backup all the kernel files using hardlinks.
2785 (cd ${BASEDIR}/${KERNELDIR} && find . -type f $FINDFILTER -exec \
2786 cp -pl '{}' ${BASEDIR}/${BACKUPKERNELDIR}/'{}' \;)
2788 # Re-enable patchname expansion.
2793 install_from_index () {
2794 # First pass: Do everything apart from setting file flags. We
2795 # can't set flags yet, because schg inhibits hard linking.
2796 sort -k 1,1 -t '|' $1 |
2798 while read FPATH TYPE OWNER GROUP PERM FLAGS HASH LINK; do
2801 # Create a directory
2802 install -d -o ${OWNER} -g ${GROUP} \
2803 -m ${PERM} ${BASEDIR}/${FPATH}
2806 if [ -z "${LINK}" ]; then
2807 # Create a file, without setting flags.
2808 gunzip < files/${HASH}.gz > ${HASH}
2809 install -S -o ${OWNER} -g ${GROUP} \
2810 -m ${PERM} ${HASH} ${BASEDIR}/${FPATH}
2813 # Create a hard link.
2814 ln -f ${BASEDIR}/${LINK} ${BASEDIR}/${FPATH}
2819 ln -sfh ${HASH} ${BASEDIR}/${FPATH}
2824 # Perform a second pass, adding file flags.
2826 while read FPATH TYPE OWNER GROUP PERM FLAGS HASH LINK; do
2827 if [ ${TYPE} = "f" ] &&
2828 ! [ ${FLAGS} = "0" ]; then
2829 chflags ${FLAGS} ${BASEDIR}/${FPATH}
2834 # Remove files which we want to delete
2836 # Generate list of new files
2837 cut -f 1 -d '|' < $2 |
2840 # Generate subindex of old files we want to nuke
2841 sort -k 1,1 -t '|' $1 |
2842 join -t '|' -v 1 - newfiles |
2843 sort -r -k 1,1 -t '|' |
2845 tr '|' ' ' > killfiles
2847 # Remove the offending bits
2848 while read FPATH TYPE; do
2851 rmdir ${BASEDIR}/${FPATH}
2854 rm ${BASEDIR}/${FPATH}
2857 rm ${BASEDIR}/${FPATH}
2863 rm newfiles killfiles
2866 # Install new files, delete old files, and update linker.hints
2868 # If we haven't already dealt with the kernel, deal with it.
2869 if ! [ -f $1/kerneldone ]; then
2870 grep -E '^/boot/' $1/INDEX-OLD > INDEX-OLD
2871 grep -E '^/boot/' $1/INDEX-NEW > INDEX-NEW
2873 # Backup current kernel before installing a new one
2874 backup_kernel || return 1
2877 install_from_index INDEX-NEW || return 1
2879 # Remove files which need to be deleted
2880 install_delete INDEX-OLD INDEX-NEW || return 1
2882 # Update linker.hints if necessary
2883 if [ -s INDEX-OLD -o -s INDEX-NEW ]; then
2884 kldxref -R ${BASEDIR}/boot/ 2>/dev/null
2887 # We've finished updating the kernel.
2890 # Do we need to ask for a reboot now?
2891 if [ -f $1/kernelfirst ] &&
2892 [ -s INDEX-OLD -o -s INDEX-NEW ]; then
2895 Kernel updates have been installed. Please reboot and run
2896 "$0 install" again to finish installing updates.
2902 # If we haven't already dealt with the world, deal with it.
2903 if ! [ -f $1/worlddone ]; then
2904 # Create any necessary directories first
2905 grep -vE '^/boot/' $1/INDEX-NEW |
2906 grep -E '^[^|]+\|d\|' > INDEX-NEW
2907 install_from_index INDEX-NEW || return 1
2909 # Install new runtime linker
2910 grep -vE '^/boot/' $1/INDEX-NEW |
2911 grep -vE '^[^|]+\|d\|' |
2912 grep -E '^/libexec/ld-elf[^|]*\.so\.[0-9]+\|' > INDEX-NEW
2913 install_from_index INDEX-NEW || return 1
2915 # Install new shared libraries next
2916 grep -vE '^/boot/' $1/INDEX-NEW |
2917 grep -vE '^[^|]+\|d\|' |
2918 grep -vE '^/libexec/ld-elf[^|]*\.so\.[0-9]+\|' |
2919 grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW
2920 install_from_index INDEX-NEW || return 1
2922 # Deal with everything else
2923 grep -vE '^/boot/' $1/INDEX-OLD |
2924 grep -vE '^[^|]+\|d\|' |
2925 grep -vE '^/libexec/ld-elf[^|]*\.so\.[0-9]+\|' |
2926 grep -vE '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-OLD
2927 grep -vE '^/boot/' $1/INDEX-NEW |
2928 grep -vE '^[^|]+\|d\|' |
2929 grep -vE '^/libexec/ld-elf[^|]*\.so\.[0-9]+\|' |
2930 grep -vE '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW
2931 install_from_index INDEX-NEW || return 1
2932 install_delete INDEX-OLD INDEX-NEW || return 1
2934 # Rebuild generated pwd files.
2935 if [ ${BASEDIR}/etc/master.passwd -nt ${BASEDIR}/etc/spwd.db ] ||
2936 [ ${BASEDIR}/etc/master.passwd -nt ${BASEDIR}/etc/pwd.db ] ||
2937 [ ${BASEDIR}/etc/master.passwd -nt ${BASEDIR}/etc/passwd ]; then
2938 pwd_mkdb -d ${BASEDIR}/etc -p ${BASEDIR}/etc/master.passwd
2941 # Rebuild /etc/login.conf.db if necessary.
2942 if [ ${BASEDIR}/etc/login.conf -nt ${BASEDIR}/etc/login.conf.db ]; then
2943 cap_mkdb ${BASEDIR}/etc/login.conf
2946 # Rebuild man page databases, if necessary.
2947 for D in /usr/share/man /usr/share/openssl/man; do
2948 if [ ! -d ${BASEDIR}/$D ]; then
2951 if [ -z "$(find ${BASEDIR}/$D -type f -newer ${BASEDIR}/$D/mandoc.db)" ]; then
2954 makewhatis ${BASEDIR}/$D
2957 # We've finished installing the world and deleting old files
2958 # which are not shared libraries.
2961 # Do we need to ask the user to portupgrade now?
2962 grep -vE '^/boot/' $1/INDEX-NEW |
2963 grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' |
2966 if grep -vE '^/boot/' $1/INDEX-OLD |
2967 grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' |
2970 join -v 1 - newfiles |
2974 Completing this upgrade requires removing old shared object files.
2975 Please rebuild all installed 3rd party software (e.g., programs
2976 installed from the ports tree) and then run "$0 install"
2977 again to finish installing updates.
2985 # Remove old shared libraries
2986 grep -vE '^/boot/' $1/INDEX-NEW |
2987 grep -vE '^[^|]+\|d\|' |
2988 grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW
2989 grep -vE '^/boot/' $1/INDEX-OLD |
2990 grep -vE '^[^|]+\|d\|' |
2991 grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-OLD
2992 install_delete INDEX-OLD INDEX-NEW || return 1
2994 # Remove old directories
2995 grep -vE '^/boot/' $1/INDEX-NEW |
2996 grep -E '^[^|]+\|d\|' > INDEX-NEW
2997 grep -vE '^/boot/' $1/INDEX-OLD |
2998 grep -E '^[^|]+\|d\|' > INDEX-OLD
2999 install_delete INDEX-OLD INDEX-NEW || return 1
3001 # Remove temporary files
3002 rm INDEX-OLD INDEX-NEW
3005 # Rearrange bits to allow the installed updates to be rolled back
3006 install_setup_rollback () {
3007 # Remove the "reboot after installing kernel", "kernel updated", and
3008 # "finished installing the world" flags if present -- they are
3009 # irrelevant when rolling back updates.
3010 if [ -f ${BDHASH}-install/kernelfirst ]; then
3011 rm ${BDHASH}-install/kernelfirst
3012 rm ${BDHASH}-install/kerneldone
3014 if [ -f ${BDHASH}-install/worlddone ]; then
3015 rm ${BDHASH}-install/worlddone
3018 if [ -L ${BDHASH}-rollback ]; then
3019 mv ${BDHASH}-rollback ${BDHASH}-install/rollback
3022 mv ${BDHASH}-install ${BDHASH}-rollback
3025 # Actually install updates
3027 echo -n "Installing updates..."
3029 # Make sure we have all the files we should have
3030 install_verify ${BDHASH}-install/INDEX-OLD \
3031 ${BDHASH}-install/INDEX-NEW || return 1
3033 # Remove system immutable flag from files
3034 install_unschg ${BDHASH}-install/INDEX-OLD \
3035 ${BDHASH}-install/INDEX-NEW || return 1
3037 # Install new files, delete old files, and update linker.hints
3038 install_files ${BDHASH}-install || return 1
3040 # Rearrange bits to allow the installed updates to be rolled back
3041 install_setup_rollback
3046 # Rearrange bits to allow the previous set of updates to be rolled back next.
3047 rollback_setup_rollback () {
3048 if [ -L ${BDHASH}-rollback/rollback ]; then
3049 mv ${BDHASH}-rollback/rollback rollback-tmp
3050 rm -r ${BDHASH}-rollback/
3051 rm ${BDHASH}-rollback
3052 mv rollback-tmp ${BDHASH}-rollback
3054 rm -r ${BDHASH}-rollback/
3055 rm ${BDHASH}-rollback
3059 # Install old files, delete new files, and update linker.hints
3061 # Install old shared library files which don't have the same path as
3062 # a new shared library file.
3063 grep -vE '^/boot/' $1/INDEX-NEW |
3064 grep -E '/lib/.*\.so\.[0-9]+\|' |
3066 sort > INDEX-NEW.libs.flist
3067 grep -vE '^/boot/' $1/INDEX-OLD |
3068 grep -E '/lib/.*\.so\.[0-9]+\|' |
3069 sort -k 1,1 -t '|' - |
3070 join -t '|' -v 1 - INDEX-NEW.libs.flist > INDEX-OLD
3071 install_from_index INDEX-OLD || return 1
3073 # Deal with files which are neither kernel nor shared library
3074 grep -vE '^/boot/' $1/INDEX-OLD |
3075 grep -vE '/lib/.*\.so\.[0-9]+\|' > INDEX-OLD
3076 grep -vE '^/boot/' $1/INDEX-NEW |
3077 grep -vE '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW
3078 install_from_index INDEX-OLD || return 1
3079 install_delete INDEX-NEW INDEX-OLD || return 1
3081 # Install any old shared library files which we didn't install above.
3082 grep -vE '^/boot/' $1/INDEX-OLD |
3083 grep -E '/lib/.*\.so\.[0-9]+\|' |
3084 sort -k 1,1 -t '|' - |
3085 join -t '|' - INDEX-NEW.libs.flist > INDEX-OLD
3086 install_from_index INDEX-OLD || return 1
3088 # Delete unneeded shared library files
3089 grep -vE '^/boot/' $1/INDEX-OLD |
3090 grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-OLD
3091 grep -vE '^/boot/' $1/INDEX-NEW |
3092 grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW
3093 install_delete INDEX-NEW INDEX-OLD || return 1
3095 # Deal with kernel files
3096 grep -E '^/boot/' $1/INDEX-OLD > INDEX-OLD
3097 grep -E '^/boot/' $1/INDEX-NEW > INDEX-NEW
3098 install_from_index INDEX-OLD || return 1
3099 install_delete INDEX-NEW INDEX-OLD || return 1
3100 if [ -s INDEX-OLD -o -s INDEX-NEW ]; then
3101 kldxref -R /boot/ 2>/dev/null
3104 # Remove temporary files
3105 rm INDEX-OLD INDEX-NEW INDEX-NEW.libs.flist
3108 # Actually rollback updates
3110 echo -n "Uninstalling updates..."
3112 # If there are updates waiting to be installed, remove them; we
3113 # want the user to re-run 'fetch' after rolling back updates.
3114 if [ -L ${BDHASH}-install ]; then
3115 rm -r ${BDHASH}-install/
3116 rm ${BDHASH}-install
3119 # Make sure we have all the files we should have
3120 install_verify ${BDHASH}-rollback/INDEX-NEW \
3121 ${BDHASH}-rollback/INDEX-OLD || return 1
3123 # Remove system immutable flag from files
3124 install_unschg ${BDHASH}-rollback/INDEX-NEW \
3125 ${BDHASH}-rollback/INDEX-OLD || return 1
3127 # Install old files, delete new files, and update linker.hints
3128 rollback_files ${BDHASH}-rollback || return 1
3130 # Remove the rollback directory and the symlink pointing to it; and
3131 # rearrange bits to allow the previous set of updates to be rolled
3133 rollback_setup_rollback
3138 # Compare INDEX-ALL and INDEX-PRESENT and print warnings about differences.
3140 # Get all the lines which mismatch in something other than file
3141 # flags. We ignore file flags because sysinstall doesn't seem to
3142 # set them when it installs FreeBSD; warning about these adds a
3143 # very large amount of noise.
3144 cut -f 1-5,7-8 -d '|' $1 > $1.noflags
3145 sort -k 1,1 -t '|' $1.noflags > $1.sorted
3146 cut -f 1-5,7-8 -d '|' $2 |
3147 comm -13 $1.noflags - |
3148 fgrep -v '|-|||||' |
3149 sort -k 1,1 -t '|' |
3150 join -t '|' $1.sorted - > INDEX-NOTMATCHING
3152 # Ignore files which match IDSIGNOREPATHS.
3153 for X in ${IDSIGNOREPATHS}; do
3154 grep -E "^${X}" INDEX-NOTMATCHING
3157 comm -13 - INDEX-NOTMATCHING > INDEX-NOTMATCHING.tmp
3158 mv INDEX-NOTMATCHING.tmp INDEX-NOTMATCHING
3160 # Go through the lines and print warnings.
3162 while read FPATH TYPE OWNER GROUP PERM HASH LINK P_TYPE P_OWNER P_GROUP P_PERM P_HASH P_LINK; do
3163 # Warn about different object types.
3164 if ! [ "${TYPE}" = "${P_TYPE}" ]; then
3165 echo -n "${FPATH} is a "
3167 f) echo -n "regular file, "
3169 d) echo -n "directory, "
3171 L) echo -n "symlink, "
3174 echo -n "but should be a "
3176 f) echo -n "regular file."
3178 d) echo -n "directory."
3180 L) echo -n "symlink."
3185 # Skip other tests, since they don't make sense if
3186 # we're comparing different object types.
3190 # Warn about different owners.
3191 if ! [ "${OWNER}" = "${P_OWNER}" ]; then
3192 echo -n "${FPATH} is owned by user id ${P_OWNER}, "
3193 echo "but should be owned by user id ${OWNER}."
3196 # Warn about different groups.
3197 if ! [ "${GROUP}" = "${P_GROUP}" ]; then
3198 echo -n "${FPATH} is owned by group id ${P_GROUP}, "
3199 echo "but should be owned by group id ${GROUP}."
3202 # Warn about different permissions. We do not warn about
3203 # different permissions on symlinks, since some archivers
3204 # don't extract symlink permissions correctly and they are
3206 if ! [ "${PERM}" = "${P_PERM}" ] &&
3207 ! [ "${TYPE}" = "L" ]; then
3208 echo -n "${FPATH} has ${P_PERM} permissions, "
3209 echo "but should have ${PERM} permissions."
3212 # Warn about different file hashes / symlink destinations.
3213 if ! [ "${HASH}" = "${P_HASH}" ]; then
3214 if [ "${TYPE}" = "L" ]; then
3215 echo -n "${FPATH} is a symlink to ${P_HASH}, "
3216 echo "but should be a symlink to ${HASH}."
3218 if [ "${TYPE}" = "f" ]; then
3219 echo -n "${FPATH} has SHA256 hash ${P_HASH}, "
3220 echo "but should have SHA256 hash ${HASH}."
3224 # We don't warn about different hard links, since some
3225 # some archivers break hard links, and as long as the
3226 # underlying data is correct they really don't matter.
3227 done < INDEX-NOTMATCHING
3230 rm $1 $1.noflags $1.sorted $2 INDEX-NOTMATCHING
3233 # Do the work involved in comparing the system to a "known good" index
3235 workdir_init || return 1
3237 # Prepare the mirror list.
3238 fetch_pick_server_init && fetch_pick_server
3240 # Try to fetch the public key until we run out of servers.
3241 while ! fetch_key; do
3242 fetch_pick_server || return 1
3245 # Try to fetch the metadata index signature ("tag") until we run
3246 # out of available servers; and sanity check the downloaded tag.
3247 while ! fetch_tag; do
3248 fetch_pick_server || return 1
3250 fetch_tagsanity || return 1
3252 # Fetch INDEX-OLD and INDEX-ALL.
3253 fetch_metadata INDEX-OLD INDEX-ALL || return 1
3255 # Generate filtered INDEX-OLD and INDEX-ALL files containing only
3256 # the components we want and without anything marked as "Ignore".
3257 fetch_filter_metadata INDEX-OLD || return 1
3258 fetch_filter_metadata INDEX-ALL || return 1
3260 # Merge the INDEX-OLD and INDEX-ALL files into INDEX-ALL.
3261 sort INDEX-OLD INDEX-ALL > INDEX-ALL.tmp
3262 mv INDEX-ALL.tmp INDEX-ALL
3265 # Translate /boot/${KERNCONF} to ${KERNELDIR}
3266 fetch_filter_kernel_names INDEX-ALL ${KERNCONF}
3268 # Inspect the system and generate an INDEX-PRESENT file.
3269 fetch_inspect_system INDEX-ALL INDEX-PRESENT /dev/null || return 1
3271 # Compare INDEX-ALL and INDEX-PRESENT and print warnings about any
3273 IDS_compare INDEX-ALL INDEX-PRESENT
3276 #### Main functions -- call parameter-handling and core functions
3278 # Using the command line, configuration file, and defaults,
3279 # set all the parameters which are needed later.
3287 # Fetch command. Make sure that we're being called
3288 # interactively, then run fetch_check_params and fetch_run
3290 if [ ! -t 0 -a $NOTTYOK -eq 0 ]; then
3291 echo -n "`basename $0` fetch should not "
3292 echo "be run non-interactively."
3293 echo "Run `basename $0` cron instead."
3301 # Cron command. Make sure the parameters are sensible; wait
3302 # rand(3600) seconds; then fetch updates. While fetching updates,
3303 # send output to a temporary file; only print that file if the
3307 sleep `jot -r 1 0 3600`
3309 TMPFILE=`mktemp /tmp/freebsd-update.XXXXXX` || exit 1
3310 if ! fetch_run >> ${TMPFILE} ||
3311 ! grep -q "No updates needed" ${TMPFILE} ||
3312 [ ${VERBOSELEVEL} = "debug" ]; then
3313 mail -s "`hostname` security updates" ${MAILTO} < ${TMPFILE}
3319 # Fetch files for upgrading to a new release.
3321 upgrade_check_params
3322 upgrade_run || exit 1
3325 # Install downloaded updates.
3327 install_check_params
3328 install_run || exit 1
3331 # Rollback most recently installed updates.
3333 rollback_check_params
3334 rollback_run || exit 1
3337 # Compare system against a "known good" index.
3345 # Make sure we find utilities from the base system
3346 export PATH=/sbin:/bin:/usr/sbin:/usr/bin:${PATH}
3348 # Set a pager if the user doesn't
3349 if [ -z "$PAGER" ]; then
3353 # Set LC_ALL in order to avoid problems with character ranges like [A-Z].
3357 for COMMAND in ${COMMANDS}; do