4 # Copyright 2004-2007 Colin Percival
7 # Redistribution and use in source and binary forms, with or without
8 # modification, are permitted providing that the following conditions
10 # 1. Redistributions of source code must retain the above copyright
11 # notice, this list of conditions and the following disclaimer.
12 # 2. Redistributions in binary form must reproduce the above copyright
13 # notice, this list of conditions and the following disclaimer in the
14 # documentation and/or other materials provided with the distribution.
16 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
20 # DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
24 # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
25 # IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26 # POSSIBILITY OF SUCH DAMAGE.
30 #### Usage function -- called from command-line handling code.
32 # Usage instructions. Options not listed:
33 # --debug -- don't filter output from utilities
34 # --no-stats -- don't show progress statistics while fetching files
37 usage: `basename $0` [options] command ... [path]
40 -b basedir -- Operate on a system mounted at basedir
42 -d workdir -- Store working files in workdir
43 (default: /var/db/freebsd-update/)
44 -f conffile -- Read configuration options from conffile
45 (default: /etc/freebsd-update.conf)
46 -F -- Force a fetch operation to proceed
47 -k KEY -- Trust an RSA key with SHA256 hash of KEY
48 -r release -- Target for upgrade (e.g., 6.2-RELEASE)
49 -s server -- Server from which to fetch updates
50 (default: update.FreeBSD.org)
51 -t address -- Mail output of cron command, if any, to address
53 --not-running-from-cron
54 -- Run without a tty, for use by automated tools
56 fetch -- Fetch updates from server
57 cron -- Sleep rand(3600) seconds, fetch updates, and send an
58 email if updates were found
59 upgrade -- Fetch upgrades to FreeBSD version specified via -r option
60 install -- Install downloaded updates or upgrades
61 rollback -- Uninstall most recently installed updates
62 IDS -- Compare the system against an index of "known good" files.
67 #### Configuration processing functions
70 # Configuration options are set in the following order of priority:
71 # 1. Command line options
72 # 2. Configuration file options
74 # In addition, certain options (e.g., IgnorePaths) can be specified multiple
75 # times and (as long as these are all in the same place, e.g., inside the
76 # configuration file) they will accumulate. Finally, because the path to the
77 # configuration file can be specified at the command line, the entire command
78 # line must be processed before we start reading the configuration file.
80 # Sound like a mess? It is. Here's how we handle this:
81 # 1. Initialize CONFFILE and all the options to "".
82 # 2. Process the command line. Throw an error if a non-accumulating option
84 # 3. If CONFFILE is "", set CONFFILE to /etc/freebsd-update.conf .
85 # 4. For all the configuration options X, set X_saved to X.
86 # 5. Initialize all the options to "".
87 # 6. Read CONFFILE line by line, parsing options.
88 # 7. For each configuration option X, set X to X_saved iff X_saved is not "".
89 # 8. Repeat steps 4-7, except setting options to their default values at (6).
91 CONFIGOPTIONS="KEYPRINT WORKDIR SERVERNAME MAILTO ALLOWADD ALLOWDELETE
92 KEEPMODIFIEDMETADATA COMPONENTS IGNOREPATHS UPDATEIFUNMODIFIED
93 BASEDIR VERBOSELEVEL TARGETRELEASE STRICTCOMPONENTS MERGECHANGES
94 IDSIGNOREPATHS BACKUPKERNEL BACKUPKERNELDIR BACKUPKERNELSYMBOLFILES"
96 # Set all the configuration options to "".
98 for X in ${CONFIGOPTIONS}; do
103 # For each configuration option X, set X_saved to X.
105 for X in ${CONFIGOPTIONS}; do
106 eval ${X}_saved=\$${X}
110 # For each configuration option X, set X to X_saved if X_saved is not "".
112 for X in ${CONFIGOPTIONS}; do
114 if ! [ -z "${_}" ]; then
115 eval ${X}=\$${X}_saved
120 # Set the trusted keyprint.
122 if [ -z ${KEYPRINT} ]; then
129 # Set the working directory.
131 if [ -z ${WORKDIR} ]; then
138 # Set the name of the server (pool) from which to fetch updates
139 config_ServerName () {
140 if [ -z ${SERVERNAME} ]; then
147 # Set the address to which 'cron' output will be mailed.
149 if [ -z ${MAILTO} ]; then
156 # Set whether FreeBSD Update is allowed to add files (or directories, or
157 # symlinks) which did not previously exist.
159 if [ -z ${ALLOWADD} ]; then
176 # Set whether FreeBSD Update is allowed to remove files/directories/symlinks.
177 config_AllowDelete () {
178 if [ -z ${ALLOWDELETE} ]; then
195 # Set whether FreeBSD Update should keep existing inode ownership,
196 # permissions, and flags, in the event that they have been modified locally
198 config_KeepModifiedMetadata () {
199 if [ -z ${KEEPMODIFIEDMETADATA} ]; then
202 KEEPMODIFIEDMETADATA=yes
205 KEEPMODIFIEDMETADATA=no
216 # Add to the list of components which should be kept updated.
217 config_Components () {
219 COMPONENTS="${COMPONENTS} ${C}"
223 # Add to the list of paths under which updates will be ignored.
224 config_IgnorePaths () {
226 IGNOREPATHS="${IGNOREPATHS} ${C}"
230 # Add to the list of paths which IDS should ignore.
231 config_IDSIgnorePaths () {
233 IDSIGNOREPATHS="${IDSIGNOREPATHS} ${C}"
237 # Add to the list of paths within which updates will be performed only if the
238 # file on disk has not been modified locally.
239 config_UpdateIfUnmodified () {
241 UPDATEIFUNMODIFIED="${UPDATEIFUNMODIFIED} ${C}"
245 # Add to the list of paths within which updates to text files will be merged
246 # instead of overwritten.
247 config_MergeChanges () {
249 MERGECHANGES="${MERGECHANGES} ${C}"
253 # Work on a FreeBSD installation mounted under $1
255 if [ -z ${BASEDIR} ]; then
262 # When fetching upgrades, should we assume the user wants exactly the
263 # components listed in COMPONENTS, rather than trying to guess based on
264 # what's currently installed?
265 config_StrictComponents () {
266 if [ -z ${STRICTCOMPONENTS} ]; then
283 # Upgrade to FreeBSD $1
284 config_TargetRelease () {
285 if [ -z ${TARGETRELEASE} ]; then
290 if echo ${TARGETRELEASE} | grep -qE '^[0-9.]+$'; then
291 TARGETRELEASE="${TARGETRELEASE}-RELEASE"
295 # Define what happens to output of utilities
296 config_VerboseLevel () {
297 if [ -z ${VERBOSELEVEL} ]; then
299 [Dd][Ee][Bb][Uu][Gg])
302 [Nn][Oo][Ss][Tt][Aa][Tt][Ss])
305 [Ss][Tt][Aa][Tt][Ss])
317 config_BackupKernel () {
318 if [ -z ${BACKUPKERNEL} ]; then
335 config_BackupKernelDir () {
336 if [ -z ${BACKUPKERNELDIR} ]; then
338 echo "BackupKernelDir set to empty dir"
342 # We check for some paths which would be extremely odd
343 # to use, but which could cause a lot of problems if
346 /|/bin|/boot|/etc|/lib|/libexec|/sbin|/usr|/var)
347 echo "BackupKernelDir set to invalid path $1"
354 echo "BackupKernelDir ($1) is not an absolute path"
363 config_BackupKernelSymbolFiles () {
364 if [ -z ${BACKUPKERNELSYMBOLFILES} ]; then
367 BACKUPKERNELSYMBOLFILES=yes
370 BACKUPKERNELSYMBOLFILES=no
381 # Handle one line of configuration
383 if [ $# -eq 0 ]; then
392 #### Parameter handling functions.
394 # Initialize parameters to null, just in case they're
395 # set in the environment.
397 # Configration settings
400 # No configuration file set yet
403 # No commands specified yet
406 # Force fetch to proceed
413 # Parse the command line
415 while [ $# -gt 0 ]; do
417 # Location of configuration file
419 if [ $# -eq 1 ]; then usage; fi
420 if [ ! -z "${CONFFILE}" ]; then usage; fi
426 --not-running-from-cron)
430 # Configuration file equivalents
432 if [ $# -eq 1 ]; then usage; fi; shift
433 config_BaseDir $1 || usage
436 if [ $# -eq 1 ]; then usage; fi; shift
437 config_WorkDir $1 || usage
440 if [ $# -eq 1 ]; then usage; fi; shift
441 config_KeyPrint $1 || usage
444 if [ $# -eq 1 ]; then usage; fi; shift
445 config_ServerName $1 || usage
448 if [ $# -eq 1 ]; then usage; fi; shift
449 config_TargetRelease $1 || usage
452 if [ $# -eq 1 ]; then usage; fi; shift
453 config_MailTo $1 || usage
456 if [ $# -eq 1 ]; then usage; fi; shift
457 config_VerboseLevel $1 || usage
460 # Aliases for "-v debug" and "-v nostats"
462 config_VerboseLevel debug || usage
465 config_VerboseLevel nostats || usage
469 cron | fetch | upgrade | install | rollback | IDS)
470 COMMANDS="${COMMANDS} $1"
473 # Anything else is an error
481 # Make sure we have at least one command
482 if [ -z "${COMMANDS}" ]; then
487 # Parse the configuration file
489 # If a configuration file was specified on the command line, check
490 # that it exists and is readable.
491 if [ ! -z "${CONFFILE}" ] && [ ! -r "${CONFFILE}" ]; then
492 echo -n "File does not exist "
493 echo -n "or is not readable: "
498 # If a configuration file was not specified on the command line,
499 # use the default configuration file path. If that default does
500 # not exist, give up looking for any configuration.
501 if [ -z "${CONFFILE}" ]; then
502 CONFFILE="/etc/freebsd-update.conf"
503 if [ ! -r "${CONFFILE}" ]; then
508 # Save the configuration options specified on the command line, and
509 # clear all the options in preparation for reading the config file.
513 # Read the configuration file. Anything after the first '#' is
514 # ignored, and any blank lines are ignored.
518 LINEX=`echo "${LINE}" | cut -f 1 -d '#'`
519 if ! configline ${LINEX}; then
520 echo "Error processing configuration file, line $L:"
526 # Merge the settings read from the configuration file with those
527 # provided at the command line.
531 # Provide some default parameters
533 # Save any parameters already configured, and clear the slate
537 # Default configurations
538 config_WorkDir /var/db/freebsd-update
541 config_AllowDelete yes
542 config_KeepModifiedMetadata yes
544 config_VerboseLevel stats
545 config_StrictComponents no
546 config_BackupKernel yes
547 config_BackupKernelDir /boot/kernel.old
548 config_BackupKernelSymbolFiles no
550 # Merge these defaults into the earlier-configured settings
554 # Set utility output filtering options, based on ${VERBOSELEVEL}
555 fetch_setup_verboselevel () {
556 case ${VERBOSELEVEL} in
558 QUIETREDIR="/dev/stderr"
560 STATSREDIR="/dev/stderr"
568 STATSREDIR="/dev/null"
574 QUIETREDIR="/dev/null"
576 STATSREDIR="/dev/stdout"
584 # Perform sanity checks and set some final parameters
585 # in preparation for fetching files. Figure out which
586 # set of updates should be downloaded: If the user is
587 # running *-p[0-9]+, strip off the last part; if the
588 # user is running -SECURITY, call it -RELEASE. Chdir
589 # into the working directory.
590 fetchupgrade_check_params () {
591 export HTTP_USER_AGENT="freebsd-update (${COMMAND}, `uname -r`)"
594 "SERVERNAME must be given via command line or configuration file."
595 _KEYPRINT_z="Key must be given via -k option or configuration file."
596 _KEYPRINT_bad="Invalid key fingerprint: "
597 _WORKDIR_bad="Directory does not exist or is not writable: "
599 if [ -z "${SERVERNAME}" ]; then
600 echo -n "`basename $0`: "
601 echo "${_SERVERNAME_z}"
604 if [ -z "${KEYPRINT}" ]; then
605 echo -n "`basename $0`: "
606 echo "${_KEYPRINT_z}"
609 if ! echo "${KEYPRINT}" | grep -qE "^[0-9a-f]{64}$"; then
610 echo -n "`basename $0`: "
611 echo -n "${_KEYPRINT_bad}"
615 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then
616 echo -n "`basename $0`: "
617 echo -n "${_WORKDIR_bad}"
622 cd ${WORKDIR} || exit 1
624 # Generate release number. The s/SECURITY/RELEASE/ bit exists
625 # to provide an upgrade path for FreeBSD Update 1.x users, since
626 # the kernels provided by FreeBSD Update 1.x are always labelled
629 sed -E 's,-p[0-9]+,,' |
630 sed -E 's,-SECURITY,-RELEASE,'`
632 FETCHDIR=${RELNUM}/${ARCH}
633 PATCHDIR=${RELNUM}/${ARCH}/bp
635 # Figure out what directory contains the running kernel
636 BOOTFILE=`sysctl -n kern.bootfile`
637 KERNELDIR=${BOOTFILE%/kernel}
638 if ! [ -d ${KERNELDIR} ]; then
639 echo "Cannot identify running kernel"
643 # Figure out what kernel configuration is running. We start with
644 # the output of `uname -i`, and then make the following adjustments:
645 # 1. Replace "SMP-GENERIC" with "SMP". Why the SMP kernel config
646 # file says "ident SMP-GENERIC", I don't know...
647 # 2. If the kernel claims to be GENERIC _and_ ${ARCH} is "amd64"
648 # _and_ `sysctl kern.version` contains a line which ends "/SMP", then
649 # we're running an SMP kernel. This mis-identification is a bug
650 # which was fixed in 6.2-STABLE.
652 if [ ${KERNCONF} = "SMP-GENERIC" ]; then
655 if [ ${KERNCONF} = "GENERIC" ] && [ ${ARCH} = "amd64" ]; then
656 if sysctl kern.version | grep -qE '/SMP$'; then
662 BSPATCH=/usr/bin/bspatch
664 PHTTPGET=/usr/libexec/phttpget
666 # Set up variables relating to VERBOSELEVEL
667 fetch_setup_verboselevel
669 # Construct a unique name from ${BASEDIR}
670 BDHASH=`echo ${BASEDIR} | sha256 -q`
673 # Perform sanity checks etc. before fetching updates.
674 fetch_check_params () {
675 fetchupgrade_check_params
677 if ! [ -z "${TARGETRELEASE}" ]; then
678 echo -n "`basename $0`: "
679 echo -n "-r option is meaningless with 'fetch' command. "
680 echo "(Did you mean 'upgrade' instead?)"
684 # Check that we have updates ready to install
685 if [ -f ${BDHASH}-install/kerneldone -a $FORCEFETCH -eq 0 ]; then
686 echo "You have a partially completed upgrade pending"
687 echo "Run '$0 install' first."
688 echo "Run '$0 fetch -F' to proceed anyway."
693 # Perform sanity checks etc. before fetching upgrades.
694 upgrade_check_params () {
695 fetchupgrade_check_params
697 # Unless set otherwise, we're upgrading to the same kernel config.
698 NKERNCONF=${KERNCONF}
700 # We need TARGETRELEASE set
701 _TARGETRELEASE_z="Release target must be specified via -r option."
702 if [ -z "${TARGETRELEASE}" ]; then
703 echo -n "`basename $0`: "
704 echo "${_TARGETRELEASE_z}"
708 # The target release should be != the current release.
709 if [ "${TARGETRELEASE}" = "${RELNUM}" ]; then
710 echo -n "`basename $0`: "
711 echo "Cannot upgrade from ${RELNUM} to itself"
715 # Turning off AllowAdd or AllowDelete is a bad idea for upgrades.
716 if [ "${ALLOWADD}" = "no" ]; then
717 echo -n "`basename $0`: "
718 echo -n "WARNING: \"AllowAdd no\" is a bad idea "
719 echo "when upgrading between releases."
722 if [ "${ALLOWDELETE}" = "no" ]; then
723 echo -n "`basename $0`: "
724 echo -n "WARNING: \"AllowDelete no\" is a bad idea "
725 echo "when upgrading between releases."
729 # Set EDITOR to /usr/bin/vi if it isn't already set
730 : ${EDITOR:='/usr/bin/vi'}
733 # Perform sanity checks and set some final parameters in
734 # preparation for installing updates.
735 install_check_params () {
736 # Check that we are root. All sorts of things won't work otherwise.
737 if [ `id -u` != 0 ]; then
738 echo "You must be root to run this."
742 # Check that securelevel <= 0. Otherwise we can't update schg files.
743 if [ `sysctl -n kern.securelevel` -gt 0 ]; then
744 echo "Updates cannot be installed when the system securelevel"
745 echo "is greater than zero."
749 # Check that we have a working directory
750 _WORKDIR_bad="Directory does not exist or is not writable: "
751 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then
752 echo -n "`basename $0`: "
753 echo -n "${_WORKDIR_bad}"
757 cd ${WORKDIR} || exit 1
759 # Construct a unique name from ${BASEDIR}
760 BDHASH=`echo ${BASEDIR} | sha256 -q`
762 # Check that we have updates ready to install
763 if ! [ -L ${BDHASH}-install ]; then
764 echo "No updates are available to install."
765 echo "Run '$0 fetch' first."
768 if ! [ -f ${BDHASH}-install/INDEX-OLD ] ||
769 ! [ -f ${BDHASH}-install/INDEX-NEW ]; then
770 echo "Update manifest is corrupt -- this should never happen."
771 echo "Re-run '$0 fetch'."
775 # Figure out what directory contains the running kernel
776 BOOTFILE=`sysctl -n kern.bootfile`
777 KERNELDIR=${BOOTFILE%/kernel}
778 if ! [ -d ${KERNELDIR} ]; then
779 echo "Cannot identify running kernel"
784 # Perform sanity checks and set some final parameters in
785 # preparation for UNinstalling updates.
786 rollback_check_params () {
787 # Check that we are root. All sorts of things won't work otherwise.
788 if [ `id -u` != 0 ]; then
789 echo "You must be root to run this."
793 # Check that we have a working directory
794 _WORKDIR_bad="Directory does not exist or is not writable: "
795 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then
796 echo -n "`basename $0`: "
797 echo -n "${_WORKDIR_bad}"
801 cd ${WORKDIR} || exit 1
803 # Construct a unique name from ${BASEDIR}
804 BDHASH=`echo ${BASEDIR} | sha256 -q`
806 # Check that we have updates ready to rollback
807 if ! [ -L ${BDHASH}-rollback ]; then
808 echo "No rollback directory found."
811 if ! [ -f ${BDHASH}-rollback/INDEX-OLD ] ||
812 ! [ -f ${BDHASH}-rollback/INDEX-NEW ]; then
813 echo "Update manifest is corrupt -- this should never happen."
818 # Perform sanity checks and set some final parameters
819 # in preparation for comparing the system against the
820 # published index. Figure out which index we should
821 # compare against: If the user is running *-p[0-9]+,
822 # strip off the last part; if the user is running
823 # -SECURITY, call it -RELEASE. Chdir into the working
825 IDS_check_params () {
826 export HTTP_USER_AGENT="freebsd-update (${COMMAND}, `uname -r`)"
829 "SERVERNAME must be given via command line or configuration file."
830 _KEYPRINT_z="Key must be given via -k option or configuration file."
831 _KEYPRINT_bad="Invalid key fingerprint: "
832 _WORKDIR_bad="Directory does not exist or is not writable: "
834 if [ -z "${SERVERNAME}" ]; then
835 echo -n "`basename $0`: "
836 echo "${_SERVERNAME_z}"
839 if [ -z "${KEYPRINT}" ]; then
840 echo -n "`basename $0`: "
841 echo "${_KEYPRINT_z}"
844 if ! echo "${KEYPRINT}" | grep -qE "^[0-9a-f]{64}$"; then
845 echo -n "`basename $0`: "
846 echo -n "${_KEYPRINT_bad}"
850 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then
851 echo -n "`basename $0`: "
852 echo -n "${_WORKDIR_bad}"
856 cd ${WORKDIR} || exit 1
858 # Generate release number. The s/SECURITY/RELEASE/ bit exists
859 # to provide an upgrade path for FreeBSD Update 1.x users, since
860 # the kernels provided by FreeBSD Update 1.x are always labelled
863 sed -E 's,-p[0-9]+,,' |
864 sed -E 's,-SECURITY,-RELEASE,'`
866 FETCHDIR=${RELNUM}/${ARCH}
867 PATCHDIR=${RELNUM}/${ARCH}/bp
869 # Figure out what directory contains the running kernel
870 BOOTFILE=`sysctl -n kern.bootfile`
871 KERNELDIR=${BOOTFILE%/kernel}
872 if ! [ -d ${KERNELDIR} ]; then
873 echo "Cannot identify running kernel"
877 # Figure out what kernel configuration is running. We start with
878 # the output of `uname -i`, and then make the following adjustments:
879 # 1. Replace "SMP-GENERIC" with "SMP". Why the SMP kernel config
880 # file says "ident SMP-GENERIC", I don't know...
881 # 2. If the kernel claims to be GENERIC _and_ ${ARCH} is "amd64"
882 # _and_ `sysctl kern.version` contains a line which ends "/SMP", then
883 # we're running an SMP kernel. This mis-identification is a bug
884 # which was fixed in 6.2-STABLE.
886 if [ ${KERNCONF} = "SMP-GENERIC" ]; then
889 if [ ${KERNCONF} = "GENERIC" ] && [ ${ARCH} = "amd64" ]; then
890 if sysctl kern.version | grep -qE '/SMP$'; then
897 PHTTPGET=/usr/libexec/phttpget
899 # Set up variables relating to VERBOSELEVEL
900 fetch_setup_verboselevel
903 #### Core functionality -- the actual work gets done here
905 # Use an SRV query to pick a server. If the SRV query doesn't provide
906 # a useful answer, use the server name specified by the user.
907 # Put another way... look up _http._tcp.${SERVERNAME} and pick a server
908 # from that; or if no servers are returned, use ${SERVERNAME}.
909 # This allows a user to specify "portsnap.freebsd.org" (in which case
910 # portsnap will select one of the mirrors) or "portsnap5.tld.freebsd.org"
911 # (in which case portsnap will use that particular server, since there
912 # won't be an SRV entry for that name).
914 # We ignore the Port field, since we are always going to use port 80.
916 # Fetch the mirror list, but do not pick a mirror yet. Returns 1 if
917 # no mirrors are available for any reason.
918 fetch_pick_server_init () {
921 # Check that host(1) exists (i.e., that the system wasn't built with the
922 # WITHOUT_BIND set) and don't try to find a mirror if it doesn't exist.
923 if ! which -s host; then
928 echo -n "Looking up ${SERVERNAME} mirrors... "
930 # Issue the SRV query and pull out the Priority, Weight, and Target fields.
931 # BIND 9 prints "$name has SRV record ..." while BIND 8 prints
932 # "$name server selection ..."; we allow either format.
933 MLIST="_http._tcp.${SERVERNAME}"
934 host -t srv "${MLIST}" |
935 sed -nE "s/${MLIST} (has SRV record|server selection) //p" |
936 cut -f 1,2,4 -d ' ' |
938 sort > serverlist_full
940 # If no records, give up -- we'll just use the server name we were given.
941 if [ `wc -l < serverlist_full` -eq 0 ]; then
946 # Report how many mirrors we found.
947 echo `wc -l < serverlist_full` "mirrors found."
949 # Generate a random seed for use in picking mirrors. If HTTP_PROXY
950 # is set, this will be used to generate the seed; otherwise, the seed
952 if [ -n "${HTTP_PROXY}${http_proxy}" ]; then
953 RANDVALUE=`sha256 -qs "${HTTP_PROXY}${http_proxy}" |
957 RANDVALUE=`jot -r 1 0 999999999`
961 # Pick a mirror. Returns 1 if we have run out of mirrors to try.
962 fetch_pick_server () {
963 # Generate a list of not-yet-tried mirrors
964 sort serverlist_tried |
965 comm -23 serverlist_full - > serverlist
967 # Have we run out of mirrors?
968 if [ `wc -l < serverlist` -eq 0 ]; then
969 echo "No mirrors remaining, giving up."
973 # Find the highest priority level (lowest numeric value).
974 SRV_PRIORITY=`cut -f 1 -d ' ' serverlist | sort -n | head -1`
976 # Add up the weights of the response lines at that priority level.
981 SRV_W=`echo $X | cut -f 2 -d ' '`
982 SRV_WSUM=$(($SRV_WSUM + $SRV_W))
987 # If all the weights are 0, pretend that they are all 1 instead.
988 if [ ${SRV_WSUM} -eq 0 ]; then
989 SRV_WSUM=`grep -E "^${SRV_PRIORITY} " serverlist | wc -l`
995 # Pick a value between 0 and the sum of the weights - 1
996 SRV_RND=`expr ${RANDVALUE} % ${SRV_WSUM}`
998 # Read through the list of mirrors and set SERVERNAME. Write the line
999 # corresponding to the mirror we selected into serverlist_tried so that
1000 # we won't try it again.
1004 SRV_W=`echo $X | cut -f 2 -d ' '`
1005 SRV_W=$(($SRV_W + $SRV_W_ADD))
1006 if [ $SRV_RND -lt $SRV_W ]; then
1007 SERVERNAME=`echo $X | cut -f 3 -d ' '`
1008 echo "$X" >> serverlist_tried
1011 SRV_RND=$(($SRV_RND - $SRV_W))
1018 # Take a list of ${oldhash}|${newhash} and output a list of needed patches,
1019 # i.e., those for which we have ${oldhash} and don't have ${newhash}.
1020 fetch_make_patchlist () {
1021 grep -vE "^([0-9a-f]{64})\|\1$" |
1024 if [ -f "files/${Y}.gz" ] ||
1025 [ ! -f "files/${X}.gz" ]; then
1032 # Print user-friendly progress statistics
1037 if [ $(($LNC % 10)) = 0 ]; then
1039 elif [ $(($LNC % 2)) = 0 ]; then
1046 # Function for asking the user if everything is ok
1048 while read -p "Does this look reasonable (y/n)? " CONTINUE; do
1049 case "${CONTINUE}" in
1060 # Initialize the working directory
1063 touch tINDEX.present
1066 # Check that we have a public key with an appropriate hash, or
1067 # fetch the key if it doesn't exist. Returns 1 if the key has
1068 # not yet been fetched.
1070 if [ -r pub.ssl ] && [ `${SHA256} -q pub.ssl` = ${KEYPRINT} ]; then
1074 echo -n "Fetching public key from ${SERVERNAME}... "
1076 fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/pub.ssl \
1077 2>${QUIETREDIR} || true
1078 if ! [ -r pub.ssl ]; then
1082 if ! [ `${SHA256} -q pub.ssl` = ${KEYPRINT} ]; then
1083 echo "key has incorrect hash."
1090 # Fetch metadata signature, aka "tag".
1092 echo -n "Fetching metadata signature "
1093 echo ${NDEBUG} "for ${RELNUM} from ${SERVERNAME}... "
1095 fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/latest.ssl \
1096 2>${QUIETREDIR} || true
1097 if ! [ -r latest.ssl ]; then
1102 openssl rsautl -pubin -inkey pub.ssl -verify \
1103 < latest.ssl > tag.new 2>${QUIETREDIR} || true
1106 if ! [ `wc -l < tag.new` = 1 ] ||
1108 "^freebsd-update\|${ARCH}\|${RELNUM}\|[0-9]+\|[0-9a-f]{64}\|[0-9]{10}" \
1110 echo "invalid signature."
1116 RELPATCHNUM=`cut -f 4 -d '|' < tag.new`
1117 TINDEXHASH=`cut -f 5 -d '|' < tag.new`
1118 EOLTIME=`cut -f 6 -d '|' < tag.new`
1121 # Sanity-check the patch number in a tag, to make sure that we're not
1122 # going to "update" backwards and to prevent replay attacks.
1123 fetch_tagsanity () {
1124 # Check that we're not going to move from -pX to -pY with Y < X.
1125 RELPX=`uname -r | sed -E 's,.*-,,'`
1126 if echo ${RELPX} | grep -qE '^p[0-9]+$'; then
1127 RELPX=`echo ${RELPX} | cut -c 2-`
1131 if [ "${RELPATCHNUM}" -lt "${RELPX}" ]; then
1133 echo -n "Files on mirror (${RELNUM}-p${RELPATCHNUM})"
1134 echo " appear older than what"
1135 echo "we are currently running (`uname -r`)!"
1136 echo "Cowardly refusing to proceed any further."
1140 # If "tag" exists and corresponds to ${RELNUM}, make sure that
1141 # it contains a patch number <= RELPATCHNUM, in order to protect
1142 # against rollback (replay) attacks.
1145 "^freebsd-update\|${ARCH}\|${RELNUM}\|[0-9]+\|[0-9a-f]{64}\|[0-9]{10}" \
1147 LASTRELPATCHNUM=`cut -f 4 -d '|' < tag`
1149 if [ "${RELPATCHNUM}" -lt "${LASTRELPATCHNUM}" ]; then
1151 echo -n "Files on mirror (${RELNUM}-p${RELPATCHNUM})"
1152 echo " are older than the"
1153 echo -n "most recently seen updates"
1154 echo " (${RELNUM}-p${LASTRELPATCHNUM})."
1155 echo "Cowardly refusing to proceed any further."
1161 # Fetch metadata index file
1162 fetch_metadata_index () {
1163 echo ${NDEBUG} "Fetching metadata index... "
1165 fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/t/${TINDEXHASH}
1167 if ! [ -f ${TINDEXHASH} ]; then
1171 if [ `${SHA256} -q ${TINDEXHASH}` != ${TINDEXHASH} ]; then
1172 echo "update metadata index corrupt."
1178 # Print an error message about signed metadata being bogus.
1179 fetch_metadata_bogus () {
1181 echo "The update metadata$1 is correctly signed, but"
1182 echo "failed an integrity check."
1183 echo "Cowardly refusing to proceed any further."
1187 # Construct tINDEX.new by merging the lines named in $1 from ${TINDEXHASH}
1188 # with the lines not named in $@ from tINDEX.present (if that file exists).
1189 fetch_metadata_index_merge () {
1190 for METAFILE in $@; do
1191 if [ `grep -E "^${METAFILE}\|" ${TINDEXHASH} | wc -l` \
1193 fetch_metadata_bogus " index"
1197 grep -E "${METAFILE}\|" ${TINDEXHASH}
1199 sort > tINDEX.wanted
1201 if [ -f tINDEX.present ]; then
1202 join -t '|' -v 2 tINDEX.wanted tINDEX.present |
1203 sort -m - tINDEX.wanted > tINDEX.new
1206 mv tINDEX.wanted tINDEX.new
1210 # Sanity check all the lines of tINDEX.new. Even if more metadata lines
1211 # are added by future versions of the server, this won't cause problems,
1212 # since the only lines which appear in tINDEX.new are the ones which we
1213 # specifically grepped out of ${TINDEXHASH}.
1214 fetch_metadata_index_sanity () {
1215 if grep -qvE '^[0-9A-Z.-]+\|[0-9a-f]{64}$' tINDEX.new; then
1216 fetch_metadata_bogus " index"
1221 # Sanity check the metadata file $1.
1222 fetch_metadata_sanity () {
1223 # Some aliases to save space later: ${P} is a character which can
1224 # appear in a path; ${M} is the four numeric metadata fields; and
1225 # ${H} is a sha256 hash.
1226 P="[-+./:=%@_[~[:alnum:]]"
1227 M="[0-9]+\|[0-9]+\|[0-9]+\|[0-9]+"
1230 # Check that the first four fields make sense.
1231 if gunzip -c < files/$1.gz |
1232 grep -qvE "^[a-z]+\|[0-9a-z]+\|${P}+\|[fdL-]\|"; then
1233 fetch_metadata_bogus ""
1237 # Remove the first three fields.
1238 gunzip -c < files/$1.gz |
1239 cut -f 4- -d '|' > sanitycheck.tmp
1241 # Sanity check entries with type 'f'
1242 if grep -E '^f' sanitycheck.tmp |
1243 grep -qvE "^f\|${M}\|${H}\|${P}*\$"; then
1244 fetch_metadata_bogus ""
1248 # Sanity check entries with type 'd'
1249 if grep -E '^d' sanitycheck.tmp |
1250 grep -qvE "^d\|${M}\|\|\$"; then
1251 fetch_metadata_bogus ""
1255 # Sanity check entries with type 'L'
1256 if grep -E '^L' sanitycheck.tmp |
1257 grep -qvE "^L\|${M}\|${P}*\|\$"; then
1258 fetch_metadata_bogus ""
1262 # Sanity check entries with type '-'
1263 if grep -E '^-' sanitycheck.tmp |
1264 grep -qvE "^-\|\|\|\|\|\|"; then
1265 fetch_metadata_bogus ""
1273 # Fetch the metadata index and metadata files listed in $@,
1274 # taking advantage of metadata patches where possible.
1276 fetch_metadata_index || return 1
1277 fetch_metadata_index_merge $@ || return 1
1278 fetch_metadata_index_sanity || return 1
1280 # Generate a list of wanted metadata patches
1281 join -t '|' -o 1.2,2.2 tINDEX.present tINDEX.new |
1282 fetch_make_patchlist > patchlist
1284 if [ -s patchlist ]; then
1285 # Attempt to fetch metadata patches
1286 echo -n "Fetching `wc -l < patchlist | tr -d ' '` "
1287 echo ${NDEBUG} "metadata patches.${DDSTATS}"
1288 tr '|' '-' < patchlist |
1289 lam -s "${FETCHDIR}/tp/" - -s ".gz" |
1290 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \
1291 2>${STATSREDIR} | fetch_progress
1294 # Attempt to apply metadata patches
1295 echo -n "Applying metadata patches... "
1296 tr '|' ' ' < patchlist |
1298 if [ ! -f "${X}-${Y}.gz" ]; then continue; fi
1299 gunzip -c < ${X}-${Y}.gz > diff
1300 gunzip -c < files/${X}.gz > diff-OLD
1302 # Figure out which lines are being added and removed
1305 while read PREFIX; do
1306 look "${PREFIX}" diff-OLD
1309 grep -E '^\+' diff |
1310 cut -c 2- > diff-add
1312 # Generate the new file
1313 comm -23 diff-OLD diff-rm |
1314 sort - diff-add > diff-NEW
1316 if [ `${SHA256} -q diff-NEW` = ${Y} ]; then
1317 mv diff-NEW files/${Y}
1320 mv diff-NEW ${Y}.bad
1322 rm -f ${X}-${Y}.gz diff
1323 rm -f diff-OLD diff-NEW diff-add diff-rm
1324 done 2>${QUIETREDIR}
1328 # Update metadata without patches
1329 cut -f 2 -d '|' < tINDEX.new |
1331 if [ ! -f "files/${Y}.gz" ]; then
1337 if [ -s filelist ]; then
1338 echo -n "Fetching `wc -l < filelist | tr -d ' '` "
1339 echo ${NDEBUG} "metadata files... "
1340 lam -s "${FETCHDIR}/m/" - -s ".gz" < filelist |
1341 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \
1345 if ! [ -f ${Y}.gz ]; then
1349 if [ `gunzip -c < ${Y}.gz |
1350 ${SHA256} -q` = ${Y} ]; then
1351 mv ${Y}.gz files/${Y}.gz
1353 echo "metadata is corrupt."
1360 # Sanity-check the metadata files.
1361 cut -f 2 -d '|' tINDEX.new > filelist
1363 fetch_metadata_sanity ${X} || return 1
1366 # Remove files which are no longer needed
1367 cut -f 2 -d '|' tINDEX.present |
1369 cut -f 2 -d '|' tINDEX.new |
1371 comm -13 - oldfiles |
1372 lam -s "files/" - -s ".gz" |
1374 rm patchlist filelist oldfiles
1378 mv tINDEX.new tINDEX.present
1384 # Extract a subset of a downloaded metadata file containing only the parts
1385 # which are listed in COMPONENTS.
1386 fetch_filter_metadata_components () {
1387 METAHASH=`look "$1|" tINDEX.present | cut -f 2 -d '|'`
1388 gunzip -c < files/${METAHASH}.gz > $1.all
1390 # Fish out the lines belonging to components we care about.
1391 for C in ${COMPONENTS}; do
1392 look "`echo ${C} | tr '/' '|'`|" $1.all
1395 # Remove temporary file.
1399 # Generate a filtered version of the metadata file $1 from the downloaded
1400 # file, by fishing out the lines corresponding to components we're trying
1401 # to keep updated, and then removing lines corresponding to paths we want
1403 fetch_filter_metadata () {
1404 # Fish out the lines belonging to components we care about.
1405 fetch_filter_metadata_components $1
1407 # Canonicalize directory names by removing any trailing / in
1408 # order to avoid listing directories multiple times if they
1409 # belong to multiple components. Turning "/" into "" doesn't
1410 # matter, since we add a leading "/" when we use paths later.
1411 cut -f 3- -d '|' $1 |
1412 sed -e 's,/|d|,|d|,' |
1413 sed -e 's,/|-|,|-|,' |
1416 # Figure out which lines to ignore and remove them.
1417 for X in ${IGNOREPATHS}; do
1418 grep -E "^${X}" $1.tmp
1421 comm -13 - $1.tmp > $1
1423 # Remove temporary files.
1427 # Filter the metadata file $1 by adding lines with "/boot/$2"
1428 # replaced by ${KERNELDIR} (which is `sysctl -n kern.bootfile` minus the
1429 # trailing "/kernel"); and if "/boot/$2" does not exist, remove
1430 # the original lines which start with that.
1431 # Put another way: Deal with the fact that the FOO kernel is sometimes
1432 # installed in /boot/FOO/ and is sometimes installed elsewhere.
1433 fetch_filter_kernel_names () {
1435 sed -e "s,/boot/$2,${KERNELDIR},g" |
1439 if ! [ -d /boot/$2 ]; then
1440 grep -v ^/boot/$2 $1 > $1.tmp
1445 # For all paths appearing in $1 or $3, inspect the system
1446 # and generate $2 describing what is currently installed.
1447 fetch_inspect_system () {
1451 # Tell the user why his disk is suddenly making lots of noise
1452 echo -n "Inspecting system... "
1454 # Generate list of files to inspect
1459 # Examine each file and output lines of the form
1460 # /path/to/file|type|device-inum|user|group|perm|flags|value
1461 # sorted by device and inode number.
1463 # If the symlink/file/directory does not exist, record this.
1464 if ! [ -e ${BASEDIR}/${F} ]; then
1468 if ! [ -r ${BASEDIR}/${F} ]; then
1469 echo "Cannot read file: ${BASEDIR}/${F}" \
1475 # Otherwise, output an index line.
1476 if [ -L ${BASEDIR}/${F} ]; then
1478 stat -n -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F};
1479 readlink ${BASEDIR}/${F};
1480 elif [ -f ${BASEDIR}/${F} ]; then
1482 stat -n -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F};
1483 sha256 -q ${BASEDIR}/${F};
1484 elif [ -d ${BASEDIR}/${F} ]; then
1486 stat -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F};
1488 echo "Unknown file type: ${BASEDIR}/${F}" \
1494 sort -k 3,3 -t '|' > $2.tmp
1497 # Check if an error occurred during system inspection
1498 if [ -f .err ]; then
1502 # Convert to the form
1503 # /path/to/file|type|user|group|perm|flags|value|hlink
1504 # by resolving identical device and inode numbers into hard links.
1505 cut -f 1,3 -d '|' $2.tmp |
1506 sort -k 1,1 -t '|' |
1507 sort -s -u -k 2,2 -t '|' |
1508 join -1 2 -2 3 -t '|' - $2.tmp |
1509 awk -F \| -v OFS=\| \
1511 if (($2 == $3) || ($4 == "-"))
1512 print $3,$4,$5,$6,$7,$8,$9,""
1514 print $3,$4,$5,$6,$7,$8,$9,$2
1519 # We're finished looking around
1523 # For any paths matching ${MERGECHANGES}, compare $1 and $2 and find any
1524 # files which differ; generate $3 containing these paths and the old hashes.
1525 fetch_filter_mergechanges () {
1526 # Pull out the paths and hashes of the files matching ${MERGECHANGES}.
1528 for X in ${MERGECHANGES}; do
1529 grep -E "^${X}" ${F}
1531 cut -f 1,2,7 -d '|' |
1535 # Any line in $2-values which doesn't appear in $1-values and is a
1536 # file means that we should list the path in $3.
1537 comm -13 $1-values $2-values |
1539 cut -f 1 -d '|' > $2-paths
1541 # For each path, pull out one (and only one!) entry from $1-values.
1542 # Note that we cannot distinguish which "old" version the user made
1543 # changes to; but hopefully any changes which occur due to security
1544 # updates will exist in both the "new" version and the version which
1545 # the user has installed, so the merging will still work.
1547 look "${X}|" $1-values |
1549 done < $2-paths > $3
1552 rm $1-values $2-values $2-paths
1555 # For any paths matching ${UPDATEIFUNMODIFIED}, remove lines from $[123]
1556 # which correspond to lines in $2 with hashes not matching $1 or $3, unless
1557 # the paths are listed in $4. For entries in $2 marked "not present"
1558 # (aka. type -), remove lines from $[123] unless there is a corresponding
1560 fetch_filter_unmodified_notpresent () {
1561 # Figure out which lines of $1 and $3 correspond to bits which
1562 # should only be updated if they haven't changed, and fish out
1563 # the (path, type, value) tuples.
1564 # NOTE: We don't consider a file to be "modified" if it matches
1566 for X in ${UPDATEIFUNMODIFIED}; do
1570 cut -f 1,2,7 -d '|' |
1573 # Do the same for $2.
1574 for X in ${UPDATEIFUNMODIFIED}; do
1577 cut -f 1,2,7 -d '|' |
1580 # Any entry in $2-values which is not in $1-values corresponds to
1581 # a path which we need to remove from $1, $2, and $3, unless it
1582 # that path appears in $4.
1583 comm -13 $1-values $2-values |
1584 sort -t '|' -k 1,1 > mlines.tmp
1585 cut -f 1 -d '|' $4 |
1587 join -v 2 -t '|' - mlines.tmp |
1589 rm $1-values $2-values mlines.tmp
1591 # Any lines in $2 which are not in $1 AND are "not present" lines
1592 # also belong in mlines.
1594 cut -f 1,2,7 -d '|' |
1595 fgrep '|-|' >> mlines
1597 # Remove lines from $1, $2, and $3
1598 for X in $1 $2 $3; do
1599 sort -t '|' -k 1,1 ${X} > ${X}.tmp
1600 cut -f 1 -d '|' < mlines |
1602 join -v 2 -t '|' - ${X}.tmp |
1607 # Store a list of the modified files, for future reference
1608 fgrep -v '|-|' mlines |
1609 cut -f 1 -d '|' > modifiedfiles
1613 # For each entry in $1 of type -, remove any corresponding
1614 # entry from $2 if ${ALLOWADD} != "yes". Remove all entries
1615 # of type - from $1.
1616 fetch_filter_allowadd () {
1617 cut -f 1,2 -d '|' < $1 |
1619 cut -f 1 -d '|' > filesnotpresent
1621 if [ ${ALLOWADD} != "yes" ]; then
1623 join -v 1 -t '|' - filesnotpresent |
1629 join -v 1 -t '|' - filesnotpresent |
1635 # If ${ALLOWDELETE} != "yes", then remove any entries from $1
1636 # which don't correspond to entries in $2.
1637 fetch_filter_allowdelete () {
1638 # Produce a lists ${PATH}|${TYPE}
1640 cut -f 1-2 -d '|' < ${X} |
1641 sort -u > ${X}.nodes
1644 # Figure out which lines need to be removed from $1.
1645 if [ ${ALLOWDELETE} != "yes" ]; then
1646 comm -23 $1.nodes $2.nodes > $1.badnodes
1651 # Remove the relevant lines from $1
1654 done < $1.badnodes |
1655 comm -13 - $1 > $1.tmp
1658 rm $1.badnodes $1.nodes $2.nodes
1661 # If ${KEEPMODIFIEDMETADATA} == "yes", then for each entry in $2
1662 # with metadata not matching any entry in $1, replace the corresponding
1663 # line of $3 with one having the same metadata as the entry in $2.
1664 fetch_filter_modified_metadata () {
1665 # Fish out the metadata from $1 and $2
1667 cut -f 1-6 -d '|' < ${X} > ${X}.metadata
1670 # Find the metadata we need to keep
1671 if [ ${KEEPMODIFIEDMETADATA} = "yes" ]; then
1672 comm -13 $1.metadata $2.metadata > keepmeta
1677 # Extract the lines which we need to remove from $3, and
1678 # construct the lines which we need to add to $3.
1682 NODE=`echo "${LINE}" | cut -f 1-2 -d '|'`
1683 look "${NODE}|" $3 >> $3.remove
1684 look "${NODE}|" $3 |
1686 lam -s "${LINE}|" - >> $3.add
1689 # Remove the specified lines and add the new lines.
1692 sort -u - $3.add > $3.tmp
1695 rm keepmeta $1.metadata $2.metadata $3.add $3.remove
1698 # Remove lines from $1 and $2 which are identical;
1699 # no need to update a file if it isn't changing.
1700 fetch_filter_uptodate () {
1701 comm -23 $1 $2 > $1.tmp
1702 comm -13 $1 $2 > $2.tmp
1708 # Fetch any "clean" old versions of files we need for merging changes.
1709 fetch_files_premerge () {
1710 # We only need to do anything if $1 is non-empty.
1712 # Tell the user what we're doing
1713 echo -n "Fetching files from ${OLDRELNUM} for merging... "
1715 # List of files wanted
1718 sort -u > files.wanted
1720 # Only fetch the files we don't already have
1722 if [ ! -f "files/${Y}.gz" ]; then
1725 done < files.wanted > filelist
1727 # Actually fetch them
1728 lam -s "${OLDFETCHDIR}/f/" - -s ".gz" < filelist |
1729 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \
1732 # Make sure we got them all, and move them into /files/
1734 if ! [ -f ${Y}.gz ]; then
1738 if [ `gunzip -c < ${Y}.gz |
1739 ${SHA256} -q` = ${Y} ]; then
1740 mv ${Y}.gz files/${Y}.gz
1742 echo "${Y} has incorrect hash."
1749 rm filelist files.wanted
1753 # Prepare to fetch files: Generate a list of the files we need,
1754 # copy the unmodified files we have into /files/, and generate
1755 # a list of patches to download.
1756 fetch_files_prepare () {
1757 # Tell the user why his disk is suddenly making lots of noise
1758 echo -n "Preparing to download files... "
1760 # Reduce indices to ${PATH}|${HASH} pairs
1761 for X in $1 $2 $3; do
1762 cut -f 1,2,7 -d '|' < ${X} |
1768 # List of files wanted
1769 cut -f 2 -d '|' < $3.hashes |
1772 if ! [ -f files/${HASH}.gz ]; then
1777 # Generate a list of unmodified files
1778 comm -12 $1.hashes $2.hashes |
1779 sort -k 1,1 -t '|' > unmodified.files
1781 # Copy all files into /files/. We only need the unmodified files
1782 # for use in patching; but we'll want all of them if the user asks
1783 # to rollback the updates later.
1785 F=`echo "${LINE}" | cut -f 1 -d '|'`
1786 HASH=`echo "${LINE}" | cut -f 2 -d '|'`
1788 # Skip files we already have.
1789 if [ -f files/${HASH}.gz ]; then
1793 # Make sure the file hasn't changed.
1794 cp "${BASEDIR}/${F}" tmpfile
1795 if [ `sha256 -q tmpfile` != ${HASH} ]; then
1797 echo "File changed while FreeBSD Update running: ${F}"
1801 # Place the file into storage.
1802 gzip -c < tmpfile > files/${HASH}.gz
1806 # Produce a list of patches to download
1807 sort -k 1,1 -t '|' $3.hashes |
1808 join -t '|' -o 2.2,1.2 - unmodified.files |
1809 fetch_make_patchlist > patchlist
1812 rm unmodified.files $1.hashes $2.hashes $3.hashes
1814 # We don't need the list of possible old files any more.
1817 # We're finished making noise
1823 # Attempt to fetch patches
1824 if [ -s patchlist ]; then
1825 echo -n "Fetching `wc -l < patchlist | tr -d ' '` "
1826 echo ${NDEBUG} "patches.${DDSTATS}"
1827 tr '|' '-' < patchlist |
1828 lam -s "${PATCHDIR}/" - |
1829 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \
1830 2>${STATSREDIR} | fetch_progress
1833 # Attempt to apply patches
1834 echo -n "Applying patches... "
1835 tr '|' ' ' < patchlist |
1837 if [ ! -f "${X}-${Y}" ]; then continue; fi
1838 gunzip -c < files/${X}.gz > OLD
1840 bspatch OLD NEW ${X}-${Y}
1842 if [ `${SHA256} -q NEW` = ${Y} ]; then
1846 rm -f diff OLD NEW ${X}-${Y}
1847 done 2>${QUIETREDIR}
1851 # Download files which couldn't be generate via patching
1853 if [ ! -f "files/${Y}.gz" ]; then
1856 done < files.wanted > filelist
1858 if [ -s filelist ]; then
1859 echo -n "Fetching `wc -l < filelist | tr -d ' '` "
1860 echo ${NDEBUG} "files... "
1861 lam -s "${FETCHDIR}/f/" - -s ".gz" < filelist |
1862 xargs ${XARGST} ${PHTTPGET} ${SERVERNAME} \
1866 if ! [ -f ${Y}.gz ]; then
1870 if [ `gunzip -c < ${Y}.gz |
1871 ${SHA256} -q` = ${Y} ]; then
1872 mv ${Y}.gz files/${Y}.gz
1874 echo "${Y} has incorrect hash."
1882 rm files.wanted filelist patchlist
1885 # Create and populate install manifest directory; and report what updates
1887 fetch_create_manifest () {
1888 # If we have an existing install manifest, nuke it.
1889 if [ -L "${BDHASH}-install" ]; then
1890 rm -r ${BDHASH}-install/
1891 rm ${BDHASH}-install
1894 # Report to the user if any updates were avoided due to local changes
1895 if [ -s modifiedfiles ]; then
1897 echo -n "The following files are affected by updates, "
1898 echo "but no changes have"
1899 echo -n "been downloaded because the files have been "
1900 echo "modified locally:"
1905 # If no files will be updated, tell the user and exit
1906 if ! [ -s INDEX-PRESENT ] &&
1907 ! [ -s INDEX-NEW ]; then
1908 rm INDEX-PRESENT INDEX-NEW
1910 echo -n "No updates needed to update system to "
1911 echo "${RELNUM}-p${RELPATCHNUM}."
1915 # Divide files into (a) removed files, (b) added files, and
1916 # (c) updated files.
1917 cut -f 1 -d '|' < INDEX-PRESENT |
1918 sort > INDEX-PRESENT.flist
1919 cut -f 1 -d '|' < INDEX-NEW |
1920 sort > INDEX-NEW.flist
1921 comm -23 INDEX-PRESENT.flist INDEX-NEW.flist > files.removed
1922 comm -13 INDEX-PRESENT.flist INDEX-NEW.flist > files.added
1923 comm -12 INDEX-PRESENT.flist INDEX-NEW.flist > files.updated
1924 rm INDEX-PRESENT.flist INDEX-NEW.flist
1926 # Report removed files, if any
1927 if [ -s files.removed ]; then
1929 echo -n "The following files will be removed "
1930 echo "as part of updating to ${RELNUM}-p${RELPATCHNUM}:"
1935 # Report added files, if any
1936 if [ -s files.added ]; then
1938 echo -n "The following files will be added "
1939 echo "as part of updating to ${RELNUM}-p${RELPATCHNUM}:"
1944 # Report updated files, if any
1945 if [ -s files.updated ]; then
1947 echo -n "The following files will be updated "
1948 echo "as part of updating to ${RELNUM}-p${RELPATCHNUM}:"
1954 # Create a directory for the install manifest.
1955 MDIR=`mktemp -d install.XXXXXX` || return 1
1958 mv INDEX-PRESENT ${MDIR}/INDEX-OLD
1959 mv INDEX-NEW ${MDIR}/INDEX-NEW
1961 # Link it into place
1962 ln -s ${MDIR} ${BDHASH}-install
1965 # Warn about any upcoming EoL
1967 # What's the current time?
1968 NOWTIME=`date "+%s"`
1970 # When did we last warn about the EoL date?
1971 if [ -f lasteolwarn ]; then
1972 LASTWARN=`cat lasteolwarn`
1974 LASTWARN=`expr ${NOWTIME} - 63072000`
1977 # If the EoL time is past, warn.
1978 if [ ${EOLTIME} -lt ${NOWTIME} ]; then
1981 WARNING: `uname -sr` HAS PASSED ITS END-OF-LIFE DATE.
1982 Any security issues discovered after `date -r ${EOLTIME}`
1983 will not have been corrected.
1988 # Figure out how long it has been since we last warned about the
1989 # upcoming EoL, and how much longer we have left.
1990 SINCEWARN=`expr ${NOWTIME} - ${LASTWARN}`
1991 TIMELEFT=`expr ${EOLTIME} - ${NOWTIME}`
1993 # Don't warn if the EoL is more than 3 months away
1994 if [ ${TIMELEFT} -gt 7884000 ]; then
1998 # Don't warn if the time remaining is more than 3 times the time
1999 # since the last warning.
2000 if [ ${TIMELEFT} -gt `expr ${SINCEWARN} \* 3` ]; then
2004 # Figure out what time units to use.
2005 if [ ${TIMELEFT} -lt 604800 ]; then
2008 elif [ ${TIMELEFT} -lt 2678400 ]; then
2016 # Compute the right number of units
2017 NUM=`expr ${TIMELEFT} / ${SIZE}`
2018 if [ ${NUM} != 1 ]; then
2025 WARNING: `uname -sr` is approaching its End-of-Life date.
2026 It is strongly recommended that you upgrade to a newer
2027 release within the next ${NUM} ${UNIT}.
2030 # Update the stored time of last warning
2031 echo ${NOWTIME} > lasteolwarn
2034 # Do the actual work involved in "fetch" / "cron".
2036 workdir_init || return 1
2038 # Prepare the mirror list.
2039 fetch_pick_server_init && fetch_pick_server
2041 # Try to fetch the public key until we run out of servers.
2042 while ! fetch_key; do
2043 fetch_pick_server || return 1
2046 # Try to fetch the metadata index signature ("tag") until we run
2047 # out of available servers; and sanity check the downloaded tag.
2048 while ! fetch_tag; do
2049 fetch_pick_server || return 1
2051 fetch_tagsanity || return 1
2053 # Fetch the latest INDEX-NEW and INDEX-OLD files.
2054 fetch_metadata INDEX-NEW INDEX-OLD || return 1
2056 # Generate filtered INDEX-NEW and INDEX-OLD files containing only
2057 # the lines which (a) belong to components we care about, and (b)
2058 # don't correspond to paths we're explicitly ignoring.
2059 fetch_filter_metadata INDEX-NEW || return 1
2060 fetch_filter_metadata INDEX-OLD || return 1
2062 # Translate /boot/${KERNCONF} into ${KERNELDIR}
2063 fetch_filter_kernel_names INDEX-NEW ${KERNCONF}
2064 fetch_filter_kernel_names INDEX-OLD ${KERNCONF}
2066 # For all paths appearing in INDEX-OLD or INDEX-NEW, inspect the
2067 # system and generate an INDEX-PRESENT file.
2068 fetch_inspect_system INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1
2070 # Based on ${UPDATEIFUNMODIFIED}, remove lines from INDEX-* which
2071 # correspond to lines in INDEX-PRESENT with hashes not appearing
2072 # in INDEX-OLD or INDEX-NEW. Also remove lines where the entry in
2073 # INDEX-PRESENT has type - and there isn't a corresponding entry in
2074 # INDEX-OLD with type -.
2075 fetch_filter_unmodified_notpresent \
2076 INDEX-OLD INDEX-PRESENT INDEX-NEW /dev/null
2078 # For each entry in INDEX-PRESENT of type -, remove any corresponding
2079 # entry from INDEX-NEW if ${ALLOWADD} != "yes". Remove all entries
2080 # of type - from INDEX-PRESENT.
2081 fetch_filter_allowadd INDEX-PRESENT INDEX-NEW
2083 # If ${ALLOWDELETE} != "yes", then remove any entries from
2084 # INDEX-PRESENT which don't correspond to entries in INDEX-NEW.
2085 fetch_filter_allowdelete INDEX-PRESENT INDEX-NEW
2087 # If ${KEEPMODIFIEDMETADATA} == "yes", then for each entry in
2088 # INDEX-PRESENT with metadata not matching any entry in INDEX-OLD,
2089 # replace the corresponding line of INDEX-NEW with one having the
2090 # same metadata as the entry in INDEX-PRESENT.
2091 fetch_filter_modified_metadata INDEX-OLD INDEX-PRESENT INDEX-NEW
2093 # Remove lines from INDEX-PRESENT and INDEX-NEW which are identical;
2094 # no need to update a file if it isn't changing.
2095 fetch_filter_uptodate INDEX-PRESENT INDEX-NEW
2097 # Prepare to fetch files: Generate a list of the files we need,
2098 # copy the unmodified files we have into /files/, and generate
2099 # a list of patches to download.
2100 fetch_files_prepare INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1
2103 fetch_files || return 1
2105 # Create and populate install manifest directory; and report what
2106 # updates are available.
2107 fetch_create_manifest || return 1
2109 # Warn about any upcoming EoL
2110 fetch_warn_eol || return 1
2113 # If StrictComponents is not "yes", generate a new components list
2114 # with only the components which appear to be installed.
2115 upgrade_guess_components () {
2116 if [ "${STRICTCOMPONENTS}" = "no" ]; then
2117 # Generate filtered INDEX-ALL with only the components listed
2119 fetch_filter_metadata_components $1 || return 1
2121 # Tell the user why his disk is suddenly making lots of noise
2122 echo -n "Inspecting system... "
2124 # Look at the files on disk, and assume that a component is
2125 # supposed to be present if it is more than half-present.
2126 cut -f 1-3 -d '|' < INDEX-ALL |
2128 while read C S F; do
2129 if [ -e ${BASEDIR}/${F} ]; then
2136 sed -E 's,^ +,,' > compfreq
2137 grep ' = ' compfreq |
2139 sort -k 2,2 -t ' ' > compfreq.total
2140 grep ' + ' compfreq |
2142 sort -k 2,2 -t ' ' > compfreq.present
2143 join -t ' ' -1 2 -2 2 compfreq.present compfreq.total |
2144 while read S P T; do
2145 if [ ${P} -gt `expr ${T} / 2` ]; then
2149 cut -f 2 -d ' ' < compfreq.total > comp.total
2150 rm INDEX-ALL compfreq compfreq.total compfreq.present
2152 # We're done making noise.
2155 # Sometimes the kernel isn't installed where INDEX-ALL
2156 # thinks that it should be: In particular, it is often in
2157 # /boot/kernel instead of /boot/GENERIC or /boot/SMP. To
2158 # deal with this, if "kernel|X" is listed in comp.total
2159 # (i.e., is a component which would be upgraded if it is
2160 # found to be present) we will add it to comp.present.
2161 # If "kernel|<anything>" is in comp.total but "kernel|X" is
2162 # not, we print a warning -- the user is running a kernel
2163 # which isn't part of the release.
2164 KCOMP=`echo ${KERNCONF} | tr 'A-Z' 'a-z'`
2165 grep -E "^kernel\|${KCOMP}\$" comp.total >> comp.present
2167 if grep -qE "^kernel\|" comp.total &&
2168 ! grep -qE "^kernel\|${KCOMP}\$" comp.total; then
2171 WARNING: This system is running a "${KCOMP}" kernel, which is not a
2172 kernel configuration distributed as part of FreeBSD ${RELNUM}.
2173 This kernel will not be updated: you MUST update the kernel manually
2174 before running "$0 install".
2178 # Re-sort the list of installed components and generate
2179 # the list of non-installed components.
2180 sort -u < comp.present > comp.present.tmp
2181 mv comp.present.tmp comp.present
2182 comm -13 comp.present comp.total > comp.absent
2184 # Ask the user to confirm that what we have is correct. To
2185 # reduce user confusion, translate "X|Y" back to "X/Y" (as
2186 # subcomponents must be listed in the configuration file).
2188 echo -n "The following components of FreeBSD "
2189 echo "seem to be installed:"
2190 tr '|' '/' < comp.present |
2193 echo -n "The following components of FreeBSD "
2194 echo "do not seem to be installed:"
2195 tr '|' '/' < comp.absent |
2198 continuep || return 1
2201 # Suck the generated list of components into ${COMPONENTS}.
2202 # Note that comp.present.tmp is used due to issues with
2203 # pipelines and setting variables.
2205 tr '|' '/' < comp.present > comp.present.tmp
2207 COMPONENTS="${COMPONENTS} ${C}"
2208 done < comp.present.tmp
2210 # Delete temporary files
2211 rm comp.present comp.present.tmp comp.absent comp.total
2215 # If StrictComponents is not "yes", COMPONENTS contains an entry
2216 # corresponding to the currently running kernel, and said kernel
2217 # does not exist in the new release, add "kernel/generic" to the
2218 # list of components.
2219 upgrade_guess_new_kernel () {
2220 if [ "${STRICTCOMPONENTS}" = "no" ]; then
2221 # Grab the unfiltered metadata file.
2222 METAHASH=`look "$1|" tINDEX.present | cut -f 2 -d '|'`
2223 gunzip -c < files/${METAHASH}.gz > $1.all
2225 # If "kernel/${KCOMP}" is in ${COMPONENTS} and that component
2226 # isn't in $1.all, we need to add kernel/generic.
2227 for C in ${COMPONENTS}; do
2228 if [ ${C} = "kernel/${KCOMP}" ] &&
2229 ! grep -qE "^kernel\|${KCOMP}\|" $1.all; then
2230 COMPONENTS="${COMPONENTS} kernel/generic"
2234 WARNING: This system is running a "${KCOMP}" kernel, which is not a
2235 kernel configuration distributed as part of FreeBSD ${RELNUM}.
2236 As part of upgrading to FreeBSD ${RELNUM}, this kernel will be
2237 replaced with a "generic" kernel.
2239 continuep || return 1
2243 # Don't need this any more...
2248 # Convert INDEX-OLD (last release) and INDEX-ALL (new release) into
2249 # INDEX-OLD and INDEX-NEW files (in the sense of normal upgrades).
2250 upgrade_oldall_to_oldnew () {
2251 # For each ${F}|... which appears in INDEX-ALL but does not appear
2252 # in INDEX-OLD, add ${F}|-|||||| to INDEX-OLD.
2253 cut -f 1 -d '|' < $1 |
2255 cut -f 1 -d '|' < $2 |
2257 comm -13 $1.paths - |
2258 lam - -s "|-||||||" |
2262 # Remove lines from INDEX-OLD which also appear in INDEX-ALL
2263 comm -23 $1 $2 > $1.tmp
2266 # Remove lines from INDEX-ALL which have a file name not appearing
2267 # anywhere in INDEX-OLD (since these must be files which haven't
2268 # changed -- if they were new, there would be an entry of type "-").
2269 cut -f 1 -d '|' < $1 |
2271 sort -k 1,1 -t '|' < $2 |
2272 join -t '|' - $1.paths |
2277 # Rename INDEX-ALL to INDEX-NEW.
2281 # Helper for upgrade_merge: Return zero true iff the two files differ only
2282 # in the contents of their $FreeBSD$ tags.
2284 X=`sed -E 's/\\$FreeBSD.*\\$/\$FreeBSD\$/' < $1 | ${SHA256}`
2285 Y=`sed -E 's/\\$FreeBSD.*\\$/\$FreeBSD\$/' < $2 | ${SHA256}`
2287 if [ $X = $Y ]; then
2294 # From the list of "old" files in $1, merge changes in $2 with those in $3,
2295 # and update $3 to reflect the hashes of merged files.
2297 # We only need to do anything if $1 is non-empty.
2299 cut -f 1 -d '|' $1 |
2302 # Create staging area for merging files
2306 mkdir -p merge/old/${D}
2307 mkdir -p merge/${OLDRELNUM}/${D}
2308 mkdir -p merge/${RELNUM}/${D}
2309 mkdir -p merge/new/${D}
2314 # Currently installed file
2315 V=`look "${F}|" $2 | cut -f 7 -d '|'`
2316 gunzip < files/${V}.gz > merge/old/${F}
2319 if look "${F}|" $1 | fgrep -q "|f|"; then
2320 V=`look "${F}|" $1 | cut -f 3 -d '|'`
2321 gunzip < files/${V}.gz \
2322 > merge/${OLDRELNUM}/${F}
2326 if look "${F}|" $3 | cut -f 1,2,7 -d '|' |
2327 fgrep -q "|f|"; then
2328 V=`look "${F}|" $3 | cut -f 7 -d '|'`
2329 gunzip < files/${V}.gz \
2330 > merge/${RELNUM}/${F}
2334 # Attempt to automatically merge changes
2335 echo -n "Attempting to automatically merge "
2336 echo -n "changes in files..."
2339 # If the file doesn't exist in the new release,
2340 # the result of "merging changes" is having the file
2342 if ! [ -f merge/${RELNUM}/${F} ]; then
2346 # If the file didn't exist in the old release, we're
2347 # going to throw away the existing file and hope that
2348 # the version from the new release is what we want.
2349 if ! [ -f merge/${OLDRELNUM}/${F} ]; then
2350 cp merge/${RELNUM}/${F} merge/new/${F}
2354 # Some files need special treatment.
2356 /etc/spwd.db | /etc/pwd.db | /etc/login.conf.db)
2357 # Don't merge these -- we're rebuild them
2358 # after updates are installed.
2359 cp merge/old/${F} merge/new/${F}
2362 if ! merge -p -L "current version" \
2363 -L "${OLDRELNUM}" -L "${RELNUM}" \
2365 merge/${OLDRELNUM}/${F} \
2366 merge/${RELNUM}/${F} \
2367 > merge/new/${F} 2>/dev/null; then
2368 echo ${F} >> failed.merges
2375 # Ask the user to handle any files which didn't merge.
2377 # If the installed file differs from the version in
2378 # the old release only due to $FreeBSD$ tag expansion
2379 # then just use the version in the new release.
2380 if samef merge/old/${F} merge/${OLDRELNUM}/${F}; then
2381 cp merge/${RELNUM}/${F} merge/new/${F}
2387 The following file could not be merged automatically: ${F}
2388 Press Enter to edit this file in ${EDITOR} and resolve the conflicts
2391 read dummy </dev/tty
2392 ${EDITOR} `pwd`/merge/new/${F} < /dev/tty
2393 done < failed.merges
2396 # Ask the user to confirm that he likes how the result
2399 # Skip files which haven't changed except possibly
2400 # in their $FreeBSD$ tags.
2401 if [ -f merge/old/${F} ] && [ -f merge/new/${F} ] &&
2402 samef merge/old/${F} merge/new/${F}; then
2406 # Skip files where the installed file differs from
2407 # the old file only due to $FreeBSD$ tags.
2408 if [ -f merge/old/${F} ] &&
2409 [ -f merge/${OLDRELNUM}/${F} ] &&
2410 samef merge/old/${F} merge/${OLDRELNUM}/${F}; then
2414 # Warn about files which are ceasing to exist.
2415 if ! [ -f merge/new/${F} ]; then
2418 The following file will be removed, as it no longer exists in
2419 FreeBSD ${RELNUM}: ${F}
2421 continuep < /dev/tty || return 1
2425 # Print changes for the user's approval.
2428 The following changes, which occurred between FreeBSD ${OLDRELNUM} and
2429 FreeBSD ${RELNUM} have been merged into ${F}:
2431 diff -U 5 -L "current version" -L "new version" \
2432 merge/old/${F} merge/new/${F} || true
2433 continuep < /dev/tty || return 1
2436 # Store merged files.
2438 if [ -f merge/new/${F} ]; then
2439 V=`${SHA256} -q merge/new/${F}`
2441 gzip -c < merge/new/${F} > files/${V}.gz
2444 done < $1-paths > newhashes
2446 # Pull lines out from $3 which need to be updated to
2447 # reflect merged files.
2450 done < $1-paths > $3-oldlines
2452 # Update lines to reflect merged files
2453 join -t '|' -o 1.1,1.2,1.3,1.4,1.5,1.6,2.2,1.8 \
2454 $3-oldlines newhashes > $3-newlines
2456 # Remove old lines from $3 and add new lines.
2459 sort - $3-newlines > $3.tmp
2463 rm $1-paths newhashes $3-oldlines $3-newlines
2467 # We're done with merging files.
2471 # Do the work involved in fetching upgrades to a new release
2473 workdir_init || return 1
2475 # Prepare the mirror list.
2476 fetch_pick_server_init && fetch_pick_server
2478 # Try to fetch the public key until we run out of servers.
2479 while ! fetch_key; do
2480 fetch_pick_server || return 1
2483 # Try to fetch the metadata index signature ("tag") until we run
2484 # out of available servers; and sanity check the downloaded tag.
2485 while ! fetch_tag; do
2486 fetch_pick_server || return 1
2488 fetch_tagsanity || return 1
2490 # Fetch the INDEX-OLD and INDEX-ALL.
2491 fetch_metadata INDEX-OLD INDEX-ALL || return 1
2493 # If StrictComponents is not "yes", generate a new components list
2494 # with only the components which appear to be installed.
2495 upgrade_guess_components INDEX-ALL || return 1
2497 # Generate filtered INDEX-OLD and INDEX-ALL files containing only
2498 # the components we want and without anything marked as "Ignore".
2499 fetch_filter_metadata INDEX-OLD || return 1
2500 fetch_filter_metadata INDEX-ALL || return 1
2502 # Merge the INDEX-OLD and INDEX-ALL files into INDEX-OLD.
2503 sort INDEX-OLD INDEX-ALL > INDEX-OLD.tmp
2504 mv INDEX-OLD.tmp INDEX-OLD
2507 # Adjust variables for fetching files from the new release.
2509 RELNUM=${TARGETRELEASE}
2510 OLDFETCHDIR=${FETCHDIR}
2511 FETCHDIR=${RELNUM}/${ARCH}
2513 # Try to fetch the NEW metadata index signature ("tag") until we run
2514 # out of available servers; and sanity check the downloaded tag.
2515 while ! fetch_tag; do
2516 fetch_pick_server || return 1
2519 # Fetch the new INDEX-ALL.
2520 fetch_metadata INDEX-ALL || return 1
2522 # If StrictComponents is not "yes", COMPONENTS contains an entry
2523 # corresponding to the currently running kernel, and said kernel
2524 # does not exist in the new release, add "kernel/generic" to the
2525 # list of components.
2526 upgrade_guess_new_kernel INDEX-ALL || return 1
2528 # Filter INDEX-ALL to contain only the components we want and without
2529 # anything marked as "Ignore".
2530 fetch_filter_metadata INDEX-ALL || return 1
2532 # Convert INDEX-OLD (last release) and INDEX-ALL (new release) into
2533 # INDEX-OLD and INDEX-NEW files (in the sense of normal upgrades).
2534 upgrade_oldall_to_oldnew INDEX-OLD INDEX-ALL INDEX-NEW
2536 # Translate /boot/${KERNCONF} or /boot/${NKERNCONF} into ${KERNELDIR}
2537 fetch_filter_kernel_names INDEX-NEW ${NKERNCONF}
2538 fetch_filter_kernel_names INDEX-OLD ${KERNCONF}
2540 # For all paths appearing in INDEX-OLD or INDEX-NEW, inspect the
2541 # system and generate an INDEX-PRESENT file.
2542 fetch_inspect_system INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1
2544 # Based on ${MERGECHANGES}, generate a file tomerge-old with the
2545 # paths and hashes of old versions of files to merge.
2546 fetch_filter_mergechanges INDEX-OLD INDEX-PRESENT tomerge-old
2548 # Based on ${UPDATEIFUNMODIFIED}, remove lines from INDEX-* which
2549 # correspond to lines in INDEX-PRESENT with hashes not appearing
2550 # in INDEX-OLD or INDEX-NEW. Also remove lines where the entry in
2551 # INDEX-PRESENT has type - and there isn't a corresponding entry in
2552 # INDEX-OLD with type -.
2553 fetch_filter_unmodified_notpresent \
2554 INDEX-OLD INDEX-PRESENT INDEX-NEW tomerge-old
2556 # For each entry in INDEX-PRESENT of type -, remove any corresponding
2557 # entry from INDEX-NEW if ${ALLOWADD} != "yes". Remove all entries
2558 # of type - from INDEX-PRESENT.
2559 fetch_filter_allowadd INDEX-PRESENT INDEX-NEW
2561 # If ${ALLOWDELETE} != "yes", then remove any entries from
2562 # INDEX-PRESENT which don't correspond to entries in INDEX-NEW.
2563 fetch_filter_allowdelete INDEX-PRESENT INDEX-NEW
2565 # If ${KEEPMODIFIEDMETADATA} == "yes", then for each entry in
2566 # INDEX-PRESENT with metadata not matching any entry in INDEX-OLD,
2567 # replace the corresponding line of INDEX-NEW with one having the
2568 # same metadata as the entry in INDEX-PRESENT.
2569 fetch_filter_modified_metadata INDEX-OLD INDEX-PRESENT INDEX-NEW
2571 # Remove lines from INDEX-PRESENT and INDEX-NEW which are identical;
2572 # no need to update a file if it isn't changing.
2573 fetch_filter_uptodate INDEX-PRESENT INDEX-NEW
2575 # Fetch "clean" files from the old release for merging changes.
2576 fetch_files_premerge tomerge-old
2578 # Prepare to fetch files: Generate a list of the files we need,
2579 # copy the unmodified files we have into /files/, and generate
2580 # a list of patches to download.
2581 fetch_files_prepare INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1
2583 # Fetch patches from to-${RELNUM}/${ARCH}/bp/
2584 PATCHDIR=to-${RELNUM}/${ARCH}/bp
2585 fetch_files || return 1
2587 # Merge configuration file changes.
2588 upgrade_merge tomerge-old INDEX-PRESENT INDEX-NEW || return 1
2590 # Create and populate install manifest directory; and report what
2591 # updates are available.
2592 fetch_create_manifest || return 1
2594 # Leave a note behind to tell the "install" command that the kernel
2595 # needs to be installed before the world.
2596 touch ${BDHASH}-install/kernelfirst
2598 # Remind the user that they need to run "freebsd-update install"
2599 # to install the downloaded bits, in case they didn't RTFM.
2600 echo "To install the downloaded upgrades, run \"$0 install\"."
2603 # Make sure that all the file hashes mentioned in $@ have corresponding
2604 # gzipped files stored in /files/.
2606 # Generate a list of hashes
2613 # Make sure all the hashes exist
2615 if ! [ -f files/${HASH}.gz ]; then
2616 echo -n "Update files missing -- "
2617 echo "this should never happen."
2618 echo "Re-run '$0 fetch'."
2627 # Remove the system immutable flag from files
2629 # Generate file list
2631 cut -f 1 -d '|' > filelist
2635 if ! [ -e ${BASEDIR}/${F} ]; then
2639 chflags noschg ${BASEDIR}/${F} || return 1
2646 # Decide which directory name to use for kernel backups.
2647 backup_kernel_finddir () {
2650 # Pathname does not exist, so it is OK use that name
2651 # for backup directory.
2652 if [ ! -e $BACKUPKERNELDIR ]; then
2656 # If directory do exist, we only use if it has our
2658 if [ -d $BACKUPKERNELDIR -a \
2659 -e $BACKUPKERNELDIR/.freebsd-update ]; then
2663 # We could not use current directory name, so add counter to
2664 # the end and try again.
2666 if [ $CNT -gt 9 ]; then
2667 echo "Could not find valid backup dir ($BACKUPKERNELDIR)"
2670 BACKUPKERNELDIR="`echo $BACKUPKERNELDIR | sed -Ee 's/[0-9]\$//'`"
2671 BACKUPKERNELDIR="${BACKUPKERNELDIR}${CNT}"
2675 # Backup the current kernel using hardlinks, if not disabled by user.
2676 # Since we delete all files in the directory used for previous backups
2677 # we create a marker file called ".freebsd-update" in the directory so
2678 # we can determine on the next run that the directory was created by
2679 # freebsd-update and we then do not accidentally remove user files in
2680 # the unlikely case that the user has created a directory with a
2683 # Only make kernel backup is so configured.
2684 if [ $BACKUPKERNEL != yes ]; then
2688 # Decide which directory name to use for kernel backups.
2689 backup_kernel_finddir
2691 # Remove old kernel backup files. If $BACKUPKERNELDIR was
2692 # "not ours", backup_kernel_finddir would have exited, so
2693 # deleting the directory content is as safe as we can make it.
2694 if [ -d $BACKUPKERNELDIR ]; then
2695 rm -fr $BACKUPKERNELDIR
2698 # Create directories for backup.
2699 mkdir -p $BACKUPKERNELDIR
2700 mtree -cdn -p "${KERNELDIR}" | \
2701 mtree -Ue -p "${BACKUPKERNELDIR}" > /dev/null
2703 # Mark the directory as having been created by freebsd-update.
2704 touch $BACKUPKERNELDIR/.freebsd-update
2705 if [ $? -ne 0 ]; then
2706 echo "Could not create kernel backup directory"
2710 # Disable pathname expansion to be sure *.symbols is not
2714 # Use find to ignore symbol files, unless disabled by user.
2715 if [ $BACKUPKERNELSYMBOLFILES = yes ]; then
2718 FINDFILTER=-"a ! -name *.symbols"
2721 # Backup all the kernel files using hardlinks.
2722 (cd $KERNELDIR && find . -type f $FINDFILTER -exec \
2723 cp -pl '{}' ${BACKUPKERNELDIR}/'{}' \;)
2725 # Re-enable patchname expansion.
2730 install_from_index () {
2731 # First pass: Do everything apart from setting file flags. We
2732 # can't set flags yet, because schg inhibits hard linking.
2733 sort -k 1,1 -t '|' $1 |
2735 while read FPATH TYPE OWNER GROUP PERM FLAGS HASH LINK; do
2738 # Create a directory
2739 install -d -o ${OWNER} -g ${GROUP} \
2740 -m ${PERM} ${BASEDIR}/${FPATH}
2743 if [ -z "${LINK}" ]; then
2744 # Create a file, without setting flags.
2745 gunzip < files/${HASH}.gz > ${HASH}
2746 install -S -o ${OWNER} -g ${GROUP} \
2747 -m ${PERM} ${HASH} ${BASEDIR}/${FPATH}
2750 # Create a hard link.
2751 ln -f ${BASEDIR}/${LINK} ${BASEDIR}/${FPATH}
2756 ln -sfh ${HASH} ${BASEDIR}/${FPATH}
2761 # Perform a second pass, adding file flags.
2763 while read FPATH TYPE OWNER GROUP PERM FLAGS HASH LINK; do
2764 if [ ${TYPE} = "f" ] &&
2765 ! [ ${FLAGS} = "0" ]; then
2766 chflags ${FLAGS} ${BASEDIR}/${FPATH}
2771 # Remove files which we want to delete
2773 # Generate list of new files
2774 cut -f 1 -d '|' < $2 |
2777 # Generate subindex of old files we want to nuke
2778 sort -k 1,1 -t '|' $1 |
2779 join -t '|' -v 1 - newfiles |
2780 sort -r -k 1,1 -t '|' |
2782 tr '|' ' ' > killfiles
2784 # Remove the offending bits
2785 while read FPATH TYPE; do
2788 rmdir ${BASEDIR}/${FPATH}
2791 rm ${BASEDIR}/${FPATH}
2794 rm ${BASEDIR}/${FPATH}
2800 rm newfiles killfiles
2803 # Install new files, delete old files, and update linker.hints
2805 # If we haven't already dealt with the kernel, deal with it.
2806 if ! [ -f $1/kerneldone ]; then
2807 grep -E '^/boot/' $1/INDEX-OLD > INDEX-OLD
2808 grep -E '^/boot/' $1/INDEX-NEW > INDEX-NEW
2810 # Backup current kernel before installing a new one
2811 backup_kernel || return 1
2814 install_from_index INDEX-NEW || return 1
2816 # Remove files which need to be deleted
2817 install_delete INDEX-OLD INDEX-NEW || return 1
2819 # Update linker.hints if necessary
2820 if [ -s INDEX-OLD -o -s INDEX-NEW ]; then
2821 kldxref -R /boot/ 2>/dev/null
2824 # We've finished updating the kernel.
2827 # Do we need to ask for a reboot now?
2828 if [ -f $1/kernelfirst ] &&
2829 [ -s INDEX-OLD -o -s INDEX-NEW ]; then
2832 Kernel updates have been installed. Please reboot and run
2833 "$0 install" again to finish installing updates.
2839 # If we haven't already dealt with the world, deal with it.
2840 if ! [ -f $1/worlddone ]; then
2841 # Create any necessary directories first
2842 grep -vE '^/boot/' $1/INDEX-NEW |
2843 grep -E '^[^|]+\|d\|' > INDEX-NEW
2844 install_from_index INDEX-NEW || return 1
2846 # Install new runtime linker
2847 grep -vE '^/boot/' $1/INDEX-NEW |
2848 grep -vE '^[^|]+\|d\|' |
2849 grep -E '^/libexec/ld-elf[^|]*\.so\.[0-9]+\|' > INDEX-NEW
2850 install_from_index INDEX-NEW || return 1
2852 # Install new shared libraries next
2853 grep -vE '^/boot/' $1/INDEX-NEW |
2854 grep -vE '^[^|]+\|d\|' |
2855 grep -vE '^/libexec/ld-elf[^|]*\.so\.[0-9]+\|' |
2856 grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW
2857 install_from_index INDEX-NEW || return 1
2859 # Deal with everything else
2860 grep -vE '^/boot/' $1/INDEX-OLD |
2861 grep -vE '^[^|]+\|d\|' |
2862 grep -vE '^/libexec/ld-elf[^|]*\.so\.[0-9]+\|' |
2863 grep -vE '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-OLD
2864 grep -vE '^/boot/' $1/INDEX-NEW |
2865 grep -vE '^[^|]+\|d\|' |
2866 grep -vE '^/libexec/ld-elf[^|]*\.so\.[0-9]+\|' |
2867 grep -vE '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW
2868 install_from_index INDEX-NEW || return 1
2869 install_delete INDEX-OLD INDEX-NEW || return 1
2871 # Rebuild /etc/spwd.db and /etc/pwd.db if necessary.
2872 if [ /etc/master.passwd -nt /etc/spwd.db ] ||
2873 [ /etc/master.passwd -nt /etc/pwd.db ]; then
2874 pwd_mkdb /etc/master.passwd
2877 # Rebuild /etc/login.conf.db if necessary.
2878 if [ /etc/login.conf -nt /etc/login.conf.db ]; then
2879 cap_mkdb /etc/login.conf
2882 # We've finished installing the world and deleting old files
2883 # which are not shared libraries.
2886 # Do we need to ask the user to portupgrade now?
2887 grep -vE '^/boot/' $1/INDEX-NEW |
2888 grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' |
2891 if grep -vE '^/boot/' $1/INDEX-OLD |
2892 grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' |
2895 join -v 1 - newfiles |
2899 Completing this upgrade requires removing old shared object files.
2900 Please rebuild all installed 3rd party software (e.g., programs
2901 installed from the ports tree) and then run "$0 install"
2902 again to finish installing updates.
2910 # Remove old shared libraries
2911 grep -vE '^/boot/' $1/INDEX-NEW |
2912 grep -vE '^[^|]+\|d\|' |
2913 grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW
2914 grep -vE '^/boot/' $1/INDEX-OLD |
2915 grep -vE '^[^|]+\|d\|' |
2916 grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-OLD
2917 install_delete INDEX-OLD INDEX-NEW || return 1
2919 # Remove old directories
2920 grep -vE '^/boot/' $1/INDEX-NEW |
2921 grep -E '^[^|]+\|d\|' > INDEX-NEW
2922 grep -vE '^/boot/' $1/INDEX-OLD |
2923 grep -E '^[^|]+\|d\|' > INDEX-OLD
2924 install_delete INDEX-OLD INDEX-NEW || return 1
2926 # Remove temporary files
2927 rm INDEX-OLD INDEX-NEW
2930 # Rearrange bits to allow the installed updates to be rolled back
2931 install_setup_rollback () {
2932 # Remove the "reboot after installing kernel", "kernel updated", and
2933 # "finished installing the world" flags if present -- they are
2934 # irrelevant when rolling back updates.
2935 if [ -f ${BDHASH}-install/kernelfirst ]; then
2936 rm ${BDHASH}-install/kernelfirst
2937 rm ${BDHASH}-install/kerneldone
2939 if [ -f ${BDHASH}-install/worlddone ]; then
2940 rm ${BDHASH}-install/worlddone
2943 if [ -L ${BDHASH}-rollback ]; then
2944 mv ${BDHASH}-rollback ${BDHASH}-install/rollback
2947 mv ${BDHASH}-install ${BDHASH}-rollback
2950 # Actually install updates
2952 echo -n "Installing updates..."
2954 # Make sure we have all the files we should have
2955 install_verify ${BDHASH}-install/INDEX-OLD \
2956 ${BDHASH}-install/INDEX-NEW || return 1
2958 # Remove system immutable flag from files
2959 install_unschg ${BDHASH}-install/INDEX-OLD \
2960 ${BDHASH}-install/INDEX-NEW || return 1
2962 # Install new files, delete old files, and update linker.hints
2963 install_files ${BDHASH}-install || return 1
2965 # Rearrange bits to allow the installed updates to be rolled back
2966 install_setup_rollback
2971 # Rearrange bits to allow the previous set of updates to be rolled back next.
2972 rollback_setup_rollback () {
2973 if [ -L ${BDHASH}-rollback/rollback ]; then
2974 mv ${BDHASH}-rollback/rollback rollback-tmp
2975 rm -r ${BDHASH}-rollback/
2976 rm ${BDHASH}-rollback
2977 mv rollback-tmp ${BDHASH}-rollback
2979 rm -r ${BDHASH}-rollback/
2980 rm ${BDHASH}-rollback
2984 # Install old files, delete new files, and update linker.hints
2986 # Install old shared library files which don't have the same path as
2987 # a new shared library file.
2988 grep -vE '^/boot/' $1/INDEX-NEW |
2989 grep -E '/lib/.*\.so\.[0-9]+\|' |
2991 sort > INDEX-NEW.libs.flist
2992 grep -vE '^/boot/' $1/INDEX-OLD |
2993 grep -E '/lib/.*\.so\.[0-9]+\|' |
2994 sort -k 1,1 -t '|' - |
2995 join -t '|' -v 1 - INDEX-NEW.libs.flist > INDEX-OLD
2996 install_from_index INDEX-OLD || return 1
2998 # Deal with files which are neither kernel nor shared library
2999 grep -vE '^/boot/' $1/INDEX-OLD |
3000 grep -vE '/lib/.*\.so\.[0-9]+\|' > INDEX-OLD
3001 grep -vE '^/boot/' $1/INDEX-NEW |
3002 grep -vE '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW
3003 install_from_index INDEX-OLD || return 1
3004 install_delete INDEX-NEW INDEX-OLD || return 1
3006 # Install any old shared library files which we didn't install above.
3007 grep -vE '^/boot/' $1/INDEX-OLD |
3008 grep -E '/lib/.*\.so\.[0-9]+\|' |
3009 sort -k 1,1 -t '|' - |
3010 join -t '|' - INDEX-NEW.libs.flist > INDEX-OLD
3011 install_from_index INDEX-OLD || return 1
3013 # Delete unneeded shared library files
3014 grep -vE '^/boot/' $1/INDEX-OLD |
3015 grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-OLD
3016 grep -vE '^/boot/' $1/INDEX-NEW |
3017 grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW
3018 install_delete INDEX-NEW INDEX-OLD || return 1
3020 # Deal with kernel files
3021 grep -E '^/boot/' $1/INDEX-OLD > INDEX-OLD
3022 grep -E '^/boot/' $1/INDEX-NEW > INDEX-NEW
3023 install_from_index INDEX-OLD || return 1
3024 install_delete INDEX-NEW INDEX-OLD || return 1
3025 if [ -s INDEX-OLD -o -s INDEX-NEW ]; then
3026 kldxref -R /boot/ 2>/dev/null
3029 # Remove temporary files
3030 rm INDEX-OLD INDEX-NEW INDEX-NEW.libs.flist
3033 # Actually rollback updates
3035 echo -n "Uninstalling updates..."
3037 # If there are updates waiting to be installed, remove them; we
3038 # want the user to re-run 'fetch' after rolling back updates.
3039 if [ -L ${BDHASH}-install ]; then
3040 rm -r ${BDHASH}-install/
3041 rm ${BDHASH}-install
3044 # Make sure we have all the files we should have
3045 install_verify ${BDHASH}-rollback/INDEX-NEW \
3046 ${BDHASH}-rollback/INDEX-OLD || return 1
3048 # Remove system immutable flag from files
3049 install_unschg ${BDHASH}-rollback/INDEX-NEW \
3050 ${BDHASH}-rollback/INDEX-OLD || return 1
3052 # Install old files, delete new files, and update linker.hints
3053 rollback_files ${BDHASH}-rollback || return 1
3055 # Remove the rollback directory and the symlink pointing to it; and
3056 # rearrange bits to allow the previous set of updates to be rolled
3058 rollback_setup_rollback
3063 # Compare INDEX-ALL and INDEX-PRESENT and print warnings about differences.
3065 # Get all the lines which mismatch in something other than file
3066 # flags. We ignore file flags because sysinstall doesn't seem to
3067 # set them when it installs FreeBSD; warning about these adds a
3068 # very large amount of noise.
3069 cut -f 1-5,7-8 -d '|' $1 > $1.noflags
3070 sort -k 1,1 -t '|' $1.noflags > $1.sorted
3071 cut -f 1-5,7-8 -d '|' $2 |
3072 comm -13 $1.noflags - |
3073 fgrep -v '|-|||||' |
3074 sort -k 1,1 -t '|' |
3075 join -t '|' $1.sorted - > INDEX-NOTMATCHING
3077 # Ignore files which match IDSIGNOREPATHS.
3078 for X in ${IDSIGNOREPATHS}; do
3079 grep -E "^${X}" INDEX-NOTMATCHING
3082 comm -13 - INDEX-NOTMATCHING > INDEX-NOTMATCHING.tmp
3083 mv INDEX-NOTMATCHING.tmp INDEX-NOTMATCHING
3085 # Go through the lines and print warnings.
3087 FPATH=`echo "${LINE}" | cut -f 1 -d '|'`
3088 TYPE=`echo "${LINE}" | cut -f 2 -d '|'`
3089 OWNER=`echo "${LINE}" | cut -f 3 -d '|'`
3090 GROUP=`echo "${LINE}" | cut -f 4 -d '|'`
3091 PERM=`echo "${LINE}" | cut -f 5 -d '|'`
3092 HASH=`echo "${LINE}" | cut -f 6 -d '|'`
3093 LINK=`echo "${LINE}" | cut -f 7 -d '|'`
3094 P_TYPE=`echo "${LINE}" | cut -f 8 -d '|'`
3095 P_OWNER=`echo "${LINE}" | cut -f 9 -d '|'`
3096 P_GROUP=`echo "${LINE}" | cut -f 10 -d '|'`
3097 P_PERM=`echo "${LINE}" | cut -f 11 -d '|'`
3098 P_HASH=`echo "${LINE}" | cut -f 12 -d '|'`
3099 P_LINK=`echo "${LINE}" | cut -f 13 -d '|'`
3101 # Warn about different object types.
3102 if ! [ "${TYPE}" = "${P_TYPE}" ]; then
3103 echo -n "${FPATH} is a "
3105 f) echo -n "regular file, "
3107 d) echo -n "directory, "
3109 L) echo -n "symlink, "
3112 echo -n "but should be a "
3114 f) echo -n "regular file."
3116 d) echo -n "directory."
3118 L) echo -n "symlink."
3123 # Skip other tests, since they don't make sense if
3124 # we're comparing different object types.
3128 # Warn about different owners.
3129 if ! [ "${OWNER}" = "${P_OWNER}" ]; then
3130 echo -n "${FPATH} is owned by user id ${P_OWNER}, "
3131 echo "but should be owned by user id ${OWNER}."
3134 # Warn about different groups.
3135 if ! [ "${GROUP}" = "${P_GROUP}" ]; then
3136 echo -n "${FPATH} is owned by group id ${P_GROUP}, "
3137 echo "but should be owned by group id ${GROUP}."
3140 # Warn about different permissions. We do not warn about
3141 # different permissions on symlinks, since some archivers
3142 # don't extract symlink permissions correctly and they are
3144 if ! [ "${PERM}" = "${P_PERM}" ] &&
3145 ! [ "${TYPE}" = "L" ]; then
3146 echo -n "${FPATH} has ${P_PERM} permissions, "
3147 echo "but should have ${PERM} permissions."
3150 # Warn about different file hashes / symlink destinations.
3151 if ! [ "${HASH}" = "${P_HASH}" ]; then
3152 if [ "${TYPE}" = "L" ]; then
3153 echo -n "${FPATH} is a symlink to ${P_HASH}, "
3154 echo "but should be a symlink to ${HASH}."
3156 if [ "${TYPE}" = "f" ]; then
3157 echo -n "${FPATH} has SHA256 hash ${P_HASH}, "
3158 echo "but should have SHA256 hash ${HASH}."
3162 # We don't warn about different hard links, since some
3163 # some archivers break hard links, and as long as the
3164 # underlying data is correct they really don't matter.
3165 done < INDEX-NOTMATCHING
3168 rm $1 $1.noflags $1.sorted $2 INDEX-NOTMATCHING
3171 # Do the work involved in comparing the system to a "known good" index
3173 workdir_init || return 1
3175 # Prepare the mirror list.
3176 fetch_pick_server_init && fetch_pick_server
3178 # Try to fetch the public key until we run out of servers.
3179 while ! fetch_key; do
3180 fetch_pick_server || return 1
3183 # Try to fetch the metadata index signature ("tag") until we run
3184 # out of available servers; and sanity check the downloaded tag.
3185 while ! fetch_tag; do
3186 fetch_pick_server || return 1
3188 fetch_tagsanity || return 1
3190 # Fetch INDEX-OLD and INDEX-ALL.
3191 fetch_metadata INDEX-OLD INDEX-ALL || return 1
3193 # Generate filtered INDEX-OLD and INDEX-ALL files containing only
3194 # the components we want and without anything marked as "Ignore".
3195 fetch_filter_metadata INDEX-OLD || return 1
3196 fetch_filter_metadata INDEX-ALL || return 1
3198 # Merge the INDEX-OLD and INDEX-ALL files into INDEX-ALL.
3199 sort INDEX-OLD INDEX-ALL > INDEX-ALL.tmp
3200 mv INDEX-ALL.tmp INDEX-ALL
3203 # Translate /boot/${KERNCONF} to ${KERNELDIR}
3204 fetch_filter_kernel_names INDEX-ALL ${KERNCONF}
3206 # Inspect the system and generate an INDEX-PRESENT file.
3207 fetch_inspect_system INDEX-ALL INDEX-PRESENT /dev/null || return 1
3209 # Compare INDEX-ALL and INDEX-PRESENT and print warnings about any
3211 IDS_compare INDEX-ALL INDEX-PRESENT
3214 #### Main functions -- call parameter-handling and core functions
3216 # Using the command line, configuration file, and defaults,
3217 # set all the parameters which are needed later.
3225 # Fetch command. Make sure that we're being called
3226 # interactively, then run fetch_check_params and fetch_run
3228 if [ ! -t 0 -a $NOTTYOK -eq 0 ]; then
3229 echo -n "`basename $0` fetch should not "
3230 echo "be run non-interactively."
3231 echo "Run `basename $0` cron instead."
3238 # Cron command. Make sure the parameters are sensible; wait
3239 # rand(3600) seconds; then fetch updates. While fetching updates,
3240 # send output to a temporary file; only print that file if the
3244 sleep `jot -r 1 0 3600`
3246 TMPFILE=`mktemp /tmp/freebsd-update.XXXXXX` || exit 1
3247 if ! fetch_run >> ${TMPFILE} ||
3248 ! grep -q "No updates needed" ${TMPFILE} ||
3249 [ ${VERBOSELEVEL} = "debug" ]; then
3250 mail -s "`hostname` security updates" ${MAILTO} < ${TMPFILE}
3256 # Fetch files for upgrading to a new release.
3258 upgrade_check_params
3259 upgrade_run || exit 1
3262 # Install downloaded updates.
3264 install_check_params
3265 install_run || exit 1
3268 # Rollback most recently installed updates.
3270 rollback_check_params
3271 rollback_run || exit 1
3274 # Compare system against a "known good" index.
3282 # Make sure we find utilities from the base system
3283 export PATH=/sbin:/bin:/usr/sbin:/usr/bin:${PATH}
3285 # Set a pager if the user doesn't
3286 if [ -z "$PAGER" ]; then
3290 # Set LC_ALL in order to avoid problems with character ranges like [A-Z].
3294 for COMMAND in ${COMMANDS}; do
projects / FreeBSD / releng / 10.1.git / blob