%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /backups/router/usr/local/sbin/
Upload File :
Create Path :
Current File : //backups/router/usr/local/sbin/opnsense-patch

#!/bin/sh

# Copyright (c) 2016-2024 Franco Fichtner <franco@opnsense.org>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.

set -e

# internal vars
ARGS=
CACHEDIR="/var/cache/opnsense-patch"
PATCHES=
REFRESH="/usr/local/opnsense/www/index.php"

# fetch defaults
ACCOUNT="opnsense"
CONFIG="core"
PATCHLEVEL="2"
PREFIX="/usr/local"
REPOSITORY="core"
SITE="https://github.com"

# user options
DO_DOWNLOAD=
DO_FORCE=
DO_FORWARD="-t"
DO_INSECURE=
DO_LIST=
DO_VERBOSE=

if [ "$(id -u)" != "0" ]; then
	echo "Must be root." >&2
	exit 1
fi

patch_repository()
{
	REPOSITORY=${1}

	case ${REPOSITORY} in
	*core*)
		PREFIX="/usr/local"
		PATCHLEVEL="2"
		CONFIG="core"
		;;
	*installer*)
		PREFIX="/usr/libexec/bsdinstall"
		PATCHLEVEL="2"
		CONFIG="installer"
		;;
	*plugins*)
		PREFIX="/usr/local"
		PATCHLEVEL="4"
		CONFIG="plugins"
		;;
	*update*)
		PREFIX="/usr/local/sbin"
		PATCHLEVEL="3"
		CONFIG="update"
		;;
	*)
		echo "Unknown repository default: ${REPOSITORY}" >&2
		exit 1
		;;
	esac
}

while getopts a:c:defilNP:p:r:s:V OPT; do
	case ${OPT} in
	a)
		ACCOUNT=${OPTARG}
		;;
	c)
		patch_repository ${OPTARG}
		;;
	d)
		DO_DOWNLOAD="-d"
		;;
	e)
		rm -rf ${CACHEDIR}/*
		;;
	f)
		DO_FORCE="-f"
		;;
	i)
		DO_INSECURE="--no-verify-peer"
		;;
	l)
		DO_LIST="-l"
		;;
	N)
		DO_FORWARD="-f"
		;;
	P)
		PREFIX=${OPTARG}
		;;
	p)
		PATCHLEVEL=${OPTARG}
		;;
	r)
		REPOSITORY=${OPTARG}
		;;
	s)
		SITE=${OPTARG}
		;;
	V)
		DO_VERBOSE="-V"
		;;
	*)
		echo "Usage: man ${0##*/}" >&2
		exit 1
		;;
	esac
done

shift $((OPTIND - 1))

if [ -n "${DO_VERBOSE}" ]; then
	set -x
fi

if [ ${PATCHLEVEL} -lt 2 ]; then
	echo "Patch level must be >= 2." >&2
	exit 1
fi

mkdir -p ${CACHEDIR}

patch_load()
{
	for PATCH in $(find -s ${CACHEDIR} -type f); do
		if [ ! -s "${PATCH}" ]; then
			rm -f "${PATCH}"
			continue
		fi

		HASH=$(grep '^From [0-9a-f]' ${PATCH} | cut -d ' ' -f 2)
		SUBJECT=$(grep '^Subject: \[PATCH\]' ${PATCH} | cut -d ' ' -f 3-)
		FILE=$(basename ${PATCH})

		if [ -z "${HASH}" -o -z "${SUBJECT}" ]; then
			rm -f "${PATCH}"
			continue
		fi

		echo ${FILE} ${HASH} ${SUBJECT}
	done
}

PATCHES=$(patch_load)

patch_found()
{
	ARG=${1}
	ARGLEN=$(echo -n ${ARG} | wc -c | awk '{ print $1 }')

	echo "${PATCHES}" | while read FILE HASH SUBJECT; do
		if [ "${FILE%-*}" != ${CONFIG} ]; then
			continue
		fi

		if [ "$(echo ${HASH##*-} | cut -c -${ARGLEN})" != ${ARG} ]; then
			continue
		fi

		echo ${FILE}
		return
	done
}

patch_print()
{
	echo "${PATCHES}" | while read FILE HASH SUBJECT; do
		if [ -z "${FILE}" ]; then
			continue
		fi

		if [ "${FILE%-*}" != ${CONFIG} ]; then
			continue
		fi

		LINE="$(echo ${HASH} | cut -c -11)"
		LINE="${LINE} $(echo ${SUBJECT} | cut -c -50)"
		echo ${LINE}
	done
}

patch_setup()
{
	# only allow patching with the right -a option set
	URL="${ARG#"${SITE}/${ACCOUNT}/"}"
	if [ "${URL}" != ${ARG} ]; then
		ARG=${URL#*/commit/}
		patch_repository ${URL%/commit/*}
		return
	fi

	# error to the user if -a did not match
	URL="${ARG#"${SITE}/"}"
	if [ "${URL}" != ${ARG} ]; then
		echo "Account '${ACCOUNT}' does not match given URL." >&2
		exit 1
	fi

	# continue here with a hash-only argument
}

if [ -n "${DO_LIST}" ]; then
	patch_print
	exit 0
fi

for ARG in ${@}; do
	patch_setup # modify environment as required for patch

	FOUND="$(patch_found ${ARG})"

	if [ -n "${FOUND}" ]; then
		if [ -n "${DO_FORCE}" ]; then
			rm ${CACHEDIR}/${FOUND}
		else
			echo "Found local copy of ${ARG}, skipping fetch."
			ARGS="${ARGS} ${SITE}/${ACCOUNT}/${REPOSITORY}/commit/${FOUND#*-}"
			continue
		fi
	fi

	WANT="${CONFIG}-${ARG}"

	fetch ${DO_INSECURE} -q -o "${CACHEDIR}/~${WANT}" \
	    "${SITE}/${ACCOUNT}/${REPOSITORY}/commit/${ARG}.patch"

	if [ ! -s "${CACHEDIR}/~${WANT}" ]; then
		rm -f "${CACHEDIR}/~${WANT}"
		echo "Failed to fetch: ${ARG}" >&2
		exit 1
	fi

	DISCARD=
	PATCHDIFF=

	while IFS= read -r PATCHLINE; do
		case "${PATCHLINE}" in
		"diff --git a/"*" b/"*)
			PATCHFILE="$(echo "${PATCHLINE}" | awk '{print $4 }')"
			PATCHDIFF=2
			for INDEX in $(seq 2 ${PATCHLEVEL}); do
				if [ -z "${PATCHFILE##src/*}" ]; then
					break
				fi
				PATCHFILE=${PATCHFILE#*/}
				PATCHDIFF=${INDEX}
			done
			if [ -n "${PATCHFILE##src/*}" -o -z "${PATCHFILE##*.8}" ]; then
				# discard whole chunk until we get a valid file
				DISCARD=1
			else
				DISCARD=
			fi
			;;
		"--- a/src/"*|"+++ b/src/"*)
			PATCHFILE="$(echo "${PATCHLINE}" | cut -c 11-)"
			FAKELEVEL=
			for INDEX in $(seq 2 ${PATCHLEVEL}); do
				if [ ${INDEX} -gt ${PATCHDIFF} ]; then
					PATCHFILE=${PATCHFILE#*/}
					FAKELEVEL="fake/${FAKELEVEL}"
				fi
			done
			FILEIN="${PATCHFILE%%.in}"
			if [ ! -f "${PREFIX}/${PATCHFILE}" ]; then
				PATCHFILE=${FILEIN}
			fi
			FILESH="${PATCHFILE%%.sh}"
			if [ ! -f "${PREFIX}/${PATCHFILE}" ]; then
				PATCHFILE=${FILESH}
			fi
			PATCHPREFIX="$(echo "${PATCHLINE}" | cut -c -10)"
			PATCHLINE="${PATCHPREFIX}${FAKELEVEL}${PATCHFILE}"
			;;
		esac

		if [ -n "${DISCARD}" ]; then
			continue
		fi

		echo "${PATCHLINE}" >> "${CACHEDIR}/${WANT}"
	done < "${CACHEDIR}/~${WANT}"

	echo "Fetched ${ARG} via ${SITE}/${ACCOUNT}/${REPOSITORY}"

	ARGS="${ARGS} ${SITE}/${ACCOUNT}/${REPOSITORY}/commit/${WANT#*-}"
done

rm -f ${CACHEDIR}/~*

if [ -n "${DO_DOWNLOAD}" ]; then
	ARGS=
fi

for ARG in ${ARGS}; do
	patch_setup # modify environment as required for patch
	ARG=${CONFIG}-${ARG} # reconstruct file name on disk

	if ! patch ${DO_FORWARD} -sCE -p ${PATCHLEVEL} -d "${PREFIX}" -i "${CACHEDIR}/${ARG}"; then
		exit 1
	fi

	patch ${DO_FORWARD} -E -p ${PATCHLEVEL} -d "${PREFIX}" -i "${CACHEDIR}/${ARG}"

	while IFS= read -r PATCHLINE; do
		case "${PATCHLINE}" in
		"diff --git a/"*" b/"*)
			PATCHFILE="$(echo "${PATCHLINE}" | awk '{print $4 }')"
			for INDEX in $(seq 1 ${PATCHLEVEL}); do
				PATCHFILE=${PATCHFILE#*/}
			done
			FILEIN="${PATCHFILE%%.in}"
			if [ ! -f "${PREFIX}/${PATCHFILE}" ]; then
				PATCHFILE=${FILEIN}
			fi
			if [ "${CONFIG}" = "installer" -o "${CONFIG}" == "update" ]; then
				FILESH="${PATCHFILE%%.sh}"
				if [ ! -f "${PREFIX}/${PATCHFILE}" ]; then
					PATCHFILE=${FILESH}
				fi
			fi
			PATCHFILE="${PREFIX}/${PATCHFILE}"
			;;
		"new file mode "*)
			PATCHMODE=$(echo "${PATCHLINE}" | awk '{print $4 }' | cut -c 4-6)
			if [ "${PATCHMODE}" = "644" -o "${PATCHMODE}" = "755" ]; then
				if [ -f "${PATCHFILE}" ]; then
					chmod ${PATCHMODE} "${PATCHFILE}"
				fi
			fi
			;;
		"index "*|"new mode "*)
			# we can't figure out if we are new or old, thus no "old mode " handling
			PATCHMODE=$(echo "${PATCHLINE}" | awk '{print $3 }' | cut -c 4-6)
			if [ "${PATCHMODE}" = "644" -o "${PATCHMODE}" = "755" ]; then
				if [ -f "${PATCHFILE}" ]; then
					chmod ${PATCHMODE} "${PATCHFILE}"
				fi
			fi
			;;
		esac
	done < "${CACHEDIR}/${ARG}"
done

if [ -n "${ARGS}" ]; then
	echo "All patches have been applied successfully.  Have a nice day."
fi

if [ -f ${REFRESH} ]; then
	# always force browser to reload JS/CSS
	touch ${REFRESH}
fi

rm -f /tmp/opnsense_acl_cache.json /tmp/opnsense_menu_cache.xml

Zerion Mini Shell 1.0