opensourcemirror
/
opnsense-update
mirror of https://github.com/opnsense/update.git
1
0
Fork 0
Code Issues Releases Wiki Activity
opnsense-update/bootstrap/opnsense-bootstrap.sh

202 lines
4.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
# Copyright (c) 2015-2020 Franco Fichtner <franco@opnsense.org>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
set -e
URL="https://github.com/opnsense/core/archive/stable"
WORKDIR="/tmp/opnsense-bootstrap"
FLAVOUR="OpenSSL"
TYPE="opnsense"
RELEASE="20.1"
DO_BARE=
DO_INSECURE=
DO_FACTORY=
DO_YES=
while getopts bfin:r:t:vy OPT; do
case ${OPT} in
b)
DO_BARE="-b"
;;
f)
DO_FACTORY="-f"
;;
i)
DO_INSECURE="-i"
;;
n)
FLAVOUR=${OPTARG}
;;
r)
RELEASE=${OPTARG}
;;
t)
TYPE=${OPTARG}
;;
v)
echo ${RELEASE}
exit 0
;;
y)
DO_YES="-y"
;;
*)
echo "Usage: man ${0##*/}" >&2
exit 1
;;
esac
done
shift $((${OPTIND} - 1))
if [ "$(id -u)" != "0" ]; then
echo "Must be root." >&2
exit 1
fi
FBSDNAME=$(uname -s)
if [ "${FBSDNAME}" != "FreeBSD" ]; then
echo "Must be FreeBSD." >&2
exit 1
fi
FBSDARCH=$(uname -p)
if [ "${FBSDARCH}" != "i386" -a \
"${FBSDARCH}" != "amd64" ]; then
echo "Must be i386 or amd64" >&2
exit 1
fi
FBSDVER=$(uname -r | colrm 4)
if [ "${FBSDVER}" != "11." ]; then
echo "Must be a FreeBSD 11 release." >&2
exit 1
fi
echo "This utility will attempt to turn this installation into the latest"
echo "OPNsense ${RELEASE} release. All packages will be deleted, the base"
echo "system and kernel will be replaced, and if all went well the system"
echo "will automatically reboot."
if [ -z "${DO_YES}" ]; then
echo
echo -n "Proceed with this action? [y/N]: "
read YN
case ${YN} in
[yY])
;;
*)
exit 0
;;
esac
fi
if [ -n "${DO_FACTORY}" ]; then
if [ -z "${DO_YES}" ]; then
echo
echo -n "Factory reset mode selected, are you sure? [y/N]: "
read YN
case ${YN} in
[yY])
;;
*)
exit 0
;;
esac
fi
fi
if [ -n "${DO_INSECURE}" ]; then
if [ -z "${DO_YES}" ]; then
echo
echo -n "Insecure mode selected, are you sure? [y/N]: "
read YN
case ${YN} in
[yY])
;;
*)
exit 0
;;
esac
fi
fi
echo
rm -rf /usr/local/etc/pkg
rm -rf ${WORKDIR}/*
mkdir -p ${WORKDIR}
export ASSUME_ALWAYS_YES=yes
if [ -n "${DO_INSECURE}" ]; then
# no CA file around to verify against, user choice
export SSL_NO_VERIFY_PEER=yes
else
pkg bootstrap -f
pkg install ca_root_nss
# save a copy of the CA file to use for the bootstrap
cp /etc/ssl/cert.pem ${WORKDIR}/cert.pem
export SSL_CA_CERT_FILE=${WORKDIR}/cert.pem
fi
fetch -o ${WORKDIR}/core.tar.gz "${URL}/${RELEASE}.tar.gz"
tar -C ${WORKDIR} -xf ${WORKDIR}/core.tar.gz
if [ -z "${DO_BARE}" ]; then
if pkg -N; then
pkg unlock -a
pkg delete -fa
fi
rm -f /var/db/pkg/*
fi
make -C ${WORKDIR}/core-stable-${RELEASE} \
bootstrap DESTDIR= FLAVOUR=${FLAVOUR}
if [ -z "${DO_BARE}" ]; then
if [ -n "${DO_FACTORY}" ]; then
rm -rf /conf/*
fi
pkg bootstrap
pkg install ${TYPE}
# beyond this point verify everything
unset SSL_NO_VERIFY_PEER
unset SSL_CA_CERT_FILE
opnsense-update -bkf
reboot
fi
Reference in New Issue View Git Blame Copy Permalink