Lines Matching +full:group +full:- +full:index +full:- +full:shift
3 #-
4 # SPDX-License-Identifier: BSD-2-Clause
6 # Copyright 2004-2007 Colin Percival
30 #### Usage function -- called from command-line handling code.
33 # --debug -- don't filter output from utilities
34 # --no-stats -- don't show progress statistics while fetching files
40 -b basedir -- Operate on a system mounted at basedir
42 -d workdir -- Store working files in workdir
43 (default: /var/db/freebsd-update/)
44 -f conffile -- Read configuration options from conffile
45 (default: /etc/freebsd-update.conf)
46 -F -- Force a fetch operation to proceed in the
48 -j jail -- Operate on the given jail specified by jid or name
49 -k KEY -- Trust an RSA key with SHA256 hash of KEY
50 -r release -- Target for upgrade (e.g., 13.2-RELEASE)
51 -s server -- Server from which to fetch updates
53 -t address -- Mail output of cron command, if any, to address
55 --not-running-from-cron
56 -- Run without a tty, for use by automated tools
57 --currently-running release
58 -- Update as if currently running this release
60 fetch -- Fetch updates from server
61 cron -- Sleep rand(3600) seconds, fetch updates, and send an
63 upgrade -- Fetch upgrades to FreeBSD version specified via -r option
64 updatesready -- Check if there are fetched updates ready to install
65 install -- Install downloaded updates or upgrades
66 rollback -- Uninstall most recently installed updates
67 IDS -- Compare the system against an index of "known good" files
68 showconfig -- Show configuration
75 #-
88 # 2. Process the command line. Throw an error if a non-accumulating option
90 # 3. If CONFFILE is "", set CONFFILE to /etc/freebsd-update.conf .
95 # 8. Repeat steps 4-7, except setting options to their default values at (6).
120 if ! [ -z "${_}" ]; then
128 if [ -z ${KEYPRINT} ]; then
137 if [ -z ${WORKDIR} ]; then
146 if [ -z ${SERVERNAME} ]; then
155 if [ -z ${MAILTO} ]; then
165 if [ -z ${ALLOWADD} ]; then
184 if [ -z ${ALLOWDELETE} ]; then
205 if [ -z ${KEEPMODIFIEDMETADATA} ]; then
234 if [ -e "${BASEDIR}/usr/src/COPYRIGHT" ]; then
277 if [ -z ${BASEDIR} ]; then
288 if [ -z ${STRICTCOMPONENTS} ]; then
307 if [ -z ${TARGETRELEASE} ]; then
312 if echo ${TARGETRELEASE} | grep -qE '^[0-9.]+$'; then
313 TARGETRELEASE="${TARGETRELEASE}-RELEASE"
320 if echo ${UNAME_r} | grep -qE '^[0-9.]+$'; then
321 UNAME_r="${UNAME_r}-RELEASE"
329 UNAME_r=$(freebsd-version -j ${JAIL})
330 BASEDIR=$(jls -j ${JAIL} -h path | awk 'NR == 2 {print}')
331 if [ -z ${BASEDIR} ] || [ -z ${UNAME_r} ]; then
333 "does not have freebsd-version."
341 if [ -z ${VERBOSELEVEL} ]; then
362 if [ -z ${BACKUPKERNEL} ]; then
380 if [ -z ${BACKUPKERNELDIR} ]; then
381 if [ -z "$1" ]; then
408 if [ -z ${BACKUPKERNELSYMBOLFILES} ]; then
426 if [ -z ${BOOTENV} ]; then
444 if [ $# -eq 0 ]; then
449 shift
479 while [ $# -gt 0 ]; do
482 -f)
483 if [ $# -eq 1 ]; then usage; fi
484 if [ ! -z "${CONFFILE}" ]; then usage; fi
485 shift; CONFFILE="$1"
487 -F)
490 --not-running-from-cron)
493 --currently-running)
494 shift
499 -b)
500 if [ $# -eq 1 ]; then usage; fi; shift
503 -d)
504 if [ $# -eq 1 ]; then usage; fi; shift
507 -j)
508 if [ $# -eq 1 ]; then usage; fi; shift
511 -k)
512 if [ $# -eq 1 ]; then usage; fi; shift
515 -s)
516 if [ $# -eq 1 ]; then usage; fi; shift
519 -r)
520 if [ $# -eq 1 ]; then usage; fi; shift
523 -t)
524 if [ $# -eq 1 ]; then usage; fi; shift
527 -v)
528 if [ $# -eq 1 ]; then usage; fi; shift
532 # Aliases for "-v debug" and "-v nostats"
533 --debug)
536 --no-stats)
551 shift
555 if [ -z "${COMMANDS}" ]; then
564 if [ ! -z "${CONFFILE}" ] && [ ! -r "${CONFFILE}" ]; then
565 echo -n "File does not exist "
566 echo -n "or is not readable: "
574 if [ -z "${CONFFILE}" ]; then
575 CONFFILE="/etc/freebsd-update.conf"
576 if [ ! -r "${CONFFILE}" ]; then
591 LINEX=`echo "${LINE}" | cut -f 1 -d '#'`
611 config_WorkDir /var/db/freebsd-update
624 # Merge these defaults into the earlier-configured settings
636 XARGST="-t"
649 QUIETFLAG="-q"
653 NDEBUG="-n"
670 if ! pkg -N 2>/dev/null; then
677 pattern=$(sysctl -n kern.module_path | tr ";" "|")
679 if [ -z "${pattern}" ]; then
686 modules=$(pkg query '%Fp' | grep -E "${pattern}")
688 if [ -z "${modules}" ]; then
692 echo -e "\n"
695 echo -e "It is advised to rebuild these ports:\n"
698 report="Module Package Port\n------ ------- ----\n"
703 port_name=$(pkg info -o "${pkg_name}" | awk '{print $2;}')
707 echo -e "${report}" | column -t
708 echo -e "\n"
714 # running *-p[0-9]+, strip off the last part; if the
715 # user is running -SECURITY, call it -RELEASE. Chdir
718 export HTTP_USER_AGENT="freebsd-update (${COMMAND}, `uname -r`)"
722 _KEYPRINT_z="Key must be given via -k option or configuration file."
727 if [ -z "${SERVERNAME}" ]; then
728 echo -n "`basename $0`: "
732 if [ -z "${KEYPRINT}" ]; then
733 echo -n "`basename $0`: "
737 if ! echo "${KEYPRINT}" | grep -qE "^[0-9a-f]{64}$"; then
738 echo -n "`basename $0`: "
739 echo -n "${_KEYPRINT_bad}"
743 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then
744 echo -n "`basename $0`: "
745 echo -n "${_WORKDIR_bad}"
749 case `df -T ${WORKDIR}` in */dev/md[0-9]* | *tmpfs*)
750 echo -n "`basename $0`: "
751 echo -n "${_WORKDIR_bad2}"
762 # as X.Y-SECURITY.
763 RELNUM=`uname -r |
764 sed -E 's,-p[0-9]+,,' |
765 sed -E 's,-SECURITY,-RELEASE,'`
766 ARCH=`uname -m`
772 *-RELEASE | *-ALPHA* | *-BETA* | *-RC*)
775 echo -n "`basename $0`: "
776 cat <<- EOF
789 BOOTFILE=`sysctl -n kern.bootfile`
791 if ! [ -d ${KERNELDIR} ]; then
797 # the output of `uname -i`, and then make the following adjustments:
798 # 1. Replace "SMP-GENERIC" with "SMP". Why the SMP kernel config
799 # file says "ident SMP-GENERIC", I don't know...
802 # we're running an SMP kernel. This mis-identification is a bug
803 # which was fixed in 6.2-STABLE.
804 KERNCONF=`uname -i`
805 if [ ${KERNCONF} = "SMP-GENERIC" ]; then
809 if sysctl kern.version | grep -qE '/SMP$'; then
823 BDHASH=`echo ${BASEDIR} | sha256 -q`
830 if ! [ -z "${TARGETRELEASE}" ]; then
831 echo -n "`basename $0`: "
832 echo -n "'-r' option is meaningless with 'fetch' command. "
838 if [ -f ${BDHASH}-install/kerneldone -a $FORCEFETCH -eq 0 ]; then
841 echo "Run '`basename $0` [options] fetch -F' to proceed anyway."
854 _TARGETRELEASE_z="Release target must be specified via '-r' option."
855 if [ -z "${TARGETRELEASE}" ]; then
856 echo -n "`basename $0`: "
863 echo -n "`basename $0`: "
870 echo -n "`basename $0`: "
871 echo -n "WARNING: \"AllowAdd no\" is a bad idea "
876 echo -n "`basename $0`: "
877 echo -n "WARNING: \"AllowDelete no\" is a bad idea "
890 if [ `id -u` != 0 ]; then
896 if [ `sysctl -n kern.securelevel` -gt 0 ]; then
904 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then
905 echo -n "`basename $0`: "
906 echo -n "${_WORKDIR_bad}"
913 BDHASH=`echo ${BASEDIR} | sha256 -q`
916 if ! [ -L ${BDHASH}-install ]; then
918 if [ $ISFETCHED -eq 0 ]; then
924 if ! [ -f ${BDHASH}-install/INDEX-OLD ] ||
925 ! [ -f ${BDHASH}-install/INDEX-NEW ]; then
926 echo "Update manifest is corrupt -- this should never happen."
927 echo "Re-run '`basename $0` [options] fetch'."
932 BOOTFILE=`sysctl -n kern.bootfile`
934 if ! [ -d ${KERNELDIR} ]; then
943 if [ `sysctl -n security.jail.jailed` = 1 ]; then
969 echo -n "Creating snapshot of existing boot environment... "
970 VERSION=`freebsd-version -ku | sort -V | tail -n 1`
971 TIMESTAMP=`date +"%Y-%m-%d_%H%M%S"`
972 bectl create -r ${VERSION}_${TIMESTAMP}
973 if [ $? -eq 0 ]; then
987 if [ `id -u` != 0 ]; then
994 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then
995 echo -n "`basename $0`: "
996 echo -n "${_WORKDIR_bad}"
1003 BDHASH=`echo ${BASEDIR} | sha256 -q`
1006 if ! [ -L ${BDHASH}-rollback ]; then
1010 if ! [ -f ${BDHASH}-rollback/INDEX-OLD ] ||
1011 ! [ -f ${BDHASH}-rollback/INDEX-NEW ]; then
1012 echo "Update manifest is corrupt -- this should never happen."
1019 # published index. Figure out which index we should
1020 # compare against: If the user is running *-p[0-9]+,
1022 # -SECURITY, call it -RELEASE. Chdir into the working
1025 export HTTP_USER_AGENT="freebsd-update (${COMMAND}, `uname -r`)"
1029 _KEYPRINT_z="Key must be given via '-k' option or configuration file."
1033 if [ -z "${SERVERNAME}" ]; then
1034 echo -n "`basename $0`: "
1038 if [ -z "${KEYPRINT}" ]; then
1039 echo -n "`basename $0`: "
1043 if ! echo "${KEYPRINT}" | grep -qE "^[0-9a-f]{64}$"; then
1044 echo -n "`basename $0`: "
1045 echo -n "${_KEYPRINT_bad}"
1049 if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then
1050 echo -n "`basename $0`: "
1051 echo -n "${_WORKDIR_bad}"
1060 # as X.Y-SECURITY.
1061 RELNUM=`uname -r |
1062 sed -E 's,-p[0-9]+,,' |
1063 sed -E 's,-SECURITY,-RELEASE,'`
1064 ARCH=`uname -m`
1069 BOOTFILE=`sysctl -n kern.bootfile`
1071 if ! [ -d ${KERNELDIR} ]; then
1077 # the output of `uname -i`, and then make the following adjustments:
1078 # 1. Replace "SMP-GENERIC" with "SMP". Why the SMP kernel config
1079 # file says "ident SMP-GENERIC", I don't know...
1082 # we're running an SMP kernel. This mis-identification is a bug
1083 # which was fixed in 6.2-STABLE.
1084 KERNCONF=`uname -i`
1085 if [ ${KERNCONF} = "SMP-GENERIC" ]; then
1089 if sysctl kern.version | grep -qE '/SMP$'; then
1102 # Packaged base and freebsd-update are incompatible. Exit with an error if
1107 if ! pkg -c ${BASEDIR} -N >/dev/null 2>/dev/null; then
1112 if ! pkg -c ${BASEDIR} which /usr/bin/uname >/dev/null; then
1116 freebsd-update is incompatible with the use of packaged base. Please see
1122 #### Core functionality -- the actual work gets done here
1129 # freebsd-update will select one of the mirrors) or "update1.freebsd.org"
1130 # (in which case freebsd-update will use that particular server, since
1142 if ! which -s host; then
1147 echo -n "Looking up ${SERVERNAME} mirrors... "
1153 host -t srv "${MLIST}" |
1154 sed -nE "s/${MLIST} (has SRV record|server selection) //Ip" |
1155 cut -f 1,2,4 -d ' ' |
1156 sed -e 's/\.$//' |
1159 # If no records, give up -- we'll just use the server name we were given.
1160 if [ `wc -l < serverlist_full` -eq 0 ]; then
1166 echo `wc -l < serverlist_full` "mirrors found."
1171 if [ -n "${HTTP_PROXY}${http_proxy}" ]; then
1172 RANDVALUE=`sha256 -qs "${HTTP_PROXY}${http_proxy}" |
1173 tr -d 'a-f' |
1174 cut -c 1-9`
1176 RANDVALUE=`jot -r 1 0 999999999`
1182 # Generate a list of not-yet-tried mirrors
1184 comm -23 serverlist_full - > serverlist
1187 if [ `wc -l < serverlist` -eq 0 ]; then
1188 cat <<- EOF
1202 SRV_PRIORITY=`cut -f 1 -d ' ' serverlist | sort -n | head -1`
1209 SRV_W=`echo $X | cut -f 2 -d ' '`
1216 if [ ${SRV_WSUM} -eq 0 ]; then
1217 SRV_WSUM=`grep -E "^${SRV_PRIORITY} " serverlist | wc -l`
1223 # Pick a value between 0 and the sum of the weights - 1
1232 SRV_W=`echo $X | cut -f 2 -d ' '`
1234 if [ $SRV_RND -lt $SRV_W ]; then
1235 SERVERNAME=`echo $X | cut -f 3 -d ' '`
1239 SRV_RND=$(($SRV_RND - $SRV_W))
1249 grep -vE "^([0-9a-f]{64})\|\1$" |
1252 if [ -f "files/${Y}.gz" ] ||
1253 [ ! -f "files/${X}.gz" ]; then
1257 done | sort -u
1260 # Print user-friendly progress statistics
1266 echo -n $LNC
1268 echo -n .
1271 echo -n " "
1276 while read -p "Does this look reasonable (y/n)? " CONTINUE; do
1290 mkdir -p files
1298 if [ -r pub.ssl ] && [ `${SHA256} -q pub.ssl` = ${KEYPRINT} ]; then
1302 echo -n "Fetching public key from ${SERVERNAME}... "
1303 rm -f pub.ssl
1306 if ! [ -r pub.ssl ]; then
1310 if ! [ `${SHA256} -q pub.ssl` = ${KEYPRINT} ]; then
1312 rm -f pub.ssl
1320 echo -n "Fetching metadata signature "
1322 rm -f latest.ssl
1325 if ! [ -r latest.ssl ]; then
1330 openssl pkeyutl -pubin -inkey pub.ssl -verifyrecover \
1334 if ! [ `wc -l < tag.new` = 1 ] ||
1335 ! grep -qE \
1336 "^freebsd-update\|${ARCH}\|${RELNUM}\|[0-9]+\|[0-9a-f]{64}\|[0-9]{10}" \
1344 RELPATCHNUM=`cut -f 4 -d '|' < tag.new`
1345 TINDEXHASH=`cut -f 5 -d '|' < tag.new`
1346 EOLTIME=`cut -f 6 -d '|' < tag.new`
1349 # Sanity-check the patch number in a tag, to make sure that we're not
1352 # Check that we're not going to move from -pX to -pY with Y < X.
1353 RELPX=`uname -r | sed -E 's,.*-,,'`
1354 if echo ${RELPX} | grep -qE '^p[0-9]+$'; then
1355 RELPX=`echo ${RELPX} | cut -c 2-`
1359 if [ "${RELPATCHNUM}" -lt "${RELPX}" ]; then
1361 echo -n "Files on mirror (${RELNUM}-p${RELPATCHNUM})"
1363 echo "we are currently running (`uname -r`)!"
1371 if [ -f tag ] &&
1372 grep -qE \
1373 "^freebsd-update\|${ARCH}\|${RELNUM}\|[0-9]+\|[0-9a-f]{64}\|[0-9]{10}" \
1375 LASTRELPATCHNUM=`cut -f 4 -d '|' < tag`
1377 if [ "${RELPATCHNUM}" -lt "${LASTRELPATCHNUM}" ]; then
1379 echo -n "Files on mirror (${RELNUM}-p${RELPATCHNUM})"
1381 echo -n "most recently seen updates"
1382 echo " (${RELNUM}-p${LASTRELPATCHNUM})."
1389 # Fetch metadata index file
1391 echo ${NDEBUG} "Fetching metadata index... "
1392 rm -f ${TINDEXHASH}
1395 if ! [ -f ${TINDEXHASH} ]; then
1399 if [ `${SHA256} -q ${TINDEXHASH}` != ${TINDEXHASH} ]; then
1400 echo "update metadata index corrupt."
1419 if [ `grep -E "^${METAFILE}\|" ${TINDEXHASH} | wc -l` \
1420 -ne 1 ]; then
1421 fetch_metadata_bogus " index"
1425 grep -E "${METAFILE}\|" ${TINDEXHASH}
1429 if [ -f tINDEX.present ]; then
1430 join -t '|' -v 2 tINDEX.wanted tINDEX.present |
1431 sort -m - tINDEX.wanted > tINDEX.new
1443 if grep -qvE '^[0-9A-Z.-]+\|[0-9a-f]{64}$' tINDEX.new; then
1444 fetch_metadata_bogus " index"
1454 P="[-+./:=,%@_[~[:alnum:]]"
1455 M="[0-9]+\|[0-9]+\|[0-9]+\|[0-9]+"
1456 H="[0-9a-f]{64}"
1459 if gunzip -c < files/$1.gz |
1460 grep -qvE "^[a-z]+\|[0-9a-z-]+\|${P}+\|[fdL-]\|"; then
1466 gunzip -c < files/$1.gz |
1467 cut -f 4- -d '|' > sanitycheck.tmp
1470 if grep -E '^f' sanitycheck.tmp |
1471 grep -qvE "^f\|${M}\|${H}\|${P}*\$"; then
1477 if grep -E '^d' sanitycheck.tmp |
1478 grep -qvE "^d\|${M}\|\|\$"; then
1484 if grep -E '^L' sanitycheck.tmp |
1485 grep -qvE "^L\|${M}\|${P}*\|\$"; then
1490 # Sanity check entries with type '-'
1491 if grep -E '^-' sanitycheck.tmp |
1492 grep -qvE "^-\|\|\|\|\|\|"; then
1501 # Fetch the metadata index and metadata files listed in $@,
1509 join -t '|' -o 1.2,2.2 tINDEX.present tINDEX.new |
1512 if [ -s patchlist ]; then
1514 echo -n "Fetching `wc -l < patchlist | tr -d ' '` "
1516 tr '|' '-' < patchlist |
1517 lam -s "${FETCHDIR}/tp/" - -s ".gz" |
1523 echo -n "Applying metadata patches... "
1526 if [ ! -f "${X}-${Y}.gz" ]; then continue; fi
1527 gunzip -c < ${X}-${Y}.gz > diff
1528 gunzip -c < files/${X}.gz > diff-OLD
1531 grep -E '^-' diff |
1532 cut -c 2- |
1534 look "${PREFIX}" diff-OLD
1536 sort > diff-rm
1537 grep -E '^\+' diff |
1538 cut -c 2- > diff-add
1541 comm -23 diff-OLD diff-rm |
1542 sort - diff-add > diff-NEW
1544 if [ `${SHA256} -q diff-NEW` = ${Y} ]; then
1545 mv diff-NEW files/${Y}
1546 gzip -n files/${Y}
1548 mv diff-NEW ${Y}.bad
1550 rm -f ${X}-${Y}.gz diff
1551 rm -f diff-OLD diff-NEW diff-add diff-rm
1557 cut -f 2 -d '|' < tINDEX.new |
1559 if [ ! -f "files/${Y}.gz" ]; then
1563 sort -u > filelist
1565 if [ -s filelist ]; then
1566 echo -n "Fetching `wc -l < filelist | tr -d ' '` "
1568 lam -s "${FETCHDIR}/m/" - -s ".gz" < filelist |
1573 if ! [ -f ${Y}.gz ]; then
1577 if [ `gunzip -c < ${Y}.gz |
1578 ${SHA256} -q` = ${Y} ]; then
1588 # Sanity-check the metadata files.
1589 cut -f 2 -d '|' tINDEX.new > filelist
1595 cut -f 2 -d '|' tINDEX.present |
1597 cut -f 2 -d '|' tINDEX.new |
1599 comm -13 - oldfiles |
1600 lam -s "files/" - -s ".gz" |
1601 xargs rm -f
1615 METAHASH=`look "$1|" tINDEX.present | cut -f 2 -d '|'`
1616 gunzip -c < files/${METAHASH}.gz > $1.all
1639 cut -f 3- -d '|' $1 |
1640 sed -e 's,/|d|,|d|,' |
1641 sed -e 's,/|-|,|-|,' |
1642 sort -u > $1.tmp
1646 grep -E "^${X}" $1.tmp
1648 sort -u |
1649 comm -13 - $1.tmp > $1
1656 # replaced by ${KERNELDIR} (which is `sysctl -n kern.bootfile` minus the
1663 sed -e "s,/boot/$2,${KERNELDIR},g" |
1664 sort - $1 > $1.tmp
1667 if ! [ -d /boot/$2 ]; then
1668 grep -v ^/boot/$2 $1 > $1.tmp
1677 rm -f .err
1680 echo -n "Inspecting system... "
1684 cut -f 1 -d '|' |
1685 sort -u > filelist
1688 # /path/to/file|type|device-inum|user|group|perm|flags|value
1692 if ! [ -e ${BASEDIR}/${F} ]; then
1693 echo "${F}|-||||||"
1696 if ! [ -r ${BASEDIR}/${F} ]; then
1703 # Otherwise, output an index line.
1704 if [ -L ${BASEDIR}/${F} ]; then
1705 echo -n "${F}|L|"
1706 stat -n -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F};
1708 elif [ -f ${BASEDIR}/${F} ]; then
1709 echo -n "${F}|f|"
1710 stat -n -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F};
1711 sha256 -q ${BASEDIR}/${F};
1712 elif [ -d ${BASEDIR}/${F} ]; then
1713 echo -n "${F}|d|"
1714 stat -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F};
1722 sort -k 3,3 -t '|' > $2.tmp
1726 if [ -f .err ]; then
1731 # /path/to/file|type|user|group|perm|flags|value|hlink
1733 cut -f 1,3 -d '|' $2.tmp |
1734 sort -k 1,1 -t '|' |
1735 sort -s -u -k 2,2 -t '|' |
1736 join -1 2 -2 3 -t '|' - $2.tmp |
1737 awk -F \| -v OFS=\| \
1739 if (($2 == $3) || ($4 == "-"))
1758 grep -E "^${X}" ${F}
1760 cut -f 1,2,7 -d '|' |
1761 sort > ${F}-values
1764 # Any line in $2-values which doesn't appear in $1-values or $3-values
1766 sort $1-values $3-values |
1767 comm -13 - $2-values |
1769 cut -f 1 -d '|' > $2-paths
1771 # For each path, pull out one (and only one!) entry from $1-values.
1777 look "${X}|" $1-values |
1778 head -1
1779 done < $2-paths > $4
1782 rm $1-values $2-values $3-values $2-paths
1788 # (aka. type -), remove lines from $[123] unless there is a corresponding
1797 grep -E "^${X}" $1
1798 grep -E "^${X}" $3
1800 cut -f 1,2,7 -d '|' |
1801 sort > $1-values
1805 grep -E "^${X}" $2
1807 cut -f 1,2,7 -d '|' |
1808 sort > $2-values
1810 # Any entry in $2-values which is not in $1-values corresponds to
1813 comm -13 $1-values $2-values |
1814 sort -t '|' -k 1,1 > mlines.tmp
1815 cut -f 1 -d '|' $4 |
1817 join -v 2 -t '|' - mlines.tmp |
1819 rm $1-values $2-values mlines.tmp
1823 comm -13 $1 $2 |
1824 cut -f 1,2,7 -d '|' |
1825 fgrep '|-|' >> mlines
1829 sort -t '|' -k 1,1 ${X} > ${X}.tmp
1830 cut -f 1 -d '|' < mlines |
1832 join -v 2 -t '|' - ${X}.tmp |
1838 fgrep -v '|-|' mlines |
1839 cut -f 1 -d '|' > modifiedfiles
1843 # For each entry in $1 of type -, remove any corresponding
1845 # of type - from $1.
1847 cut -f 1,2 -d '|' < $1 |
1848 fgrep '|-' |
1849 cut -f 1 -d '|' > filesnotpresent
1853 join -v 1 -t '|' - filesnotpresent |
1859 join -v 1 -t '|' - filesnotpresent |
1870 cut -f 1-2 -d '|' < ${X} |
1871 sort -u > ${X}.nodes
1876 comm -23 $1.nodes $2.nodes > $1.badnodes
1885 comm -13 - $1 > $1.tmp
1897 cut -f 1-6 -d '|' < ${X} > ${X}.metadata
1902 comm -13 $1.metadata $2.metadata > keepmeta
1912 NODE=`echo "${LINE}" | cut -f 1-2 -d '|'`
1915 cut -f 7- -d '|' |
1916 lam -s "${LINE}|" - >> $3.add
1921 comm -13 - $3 |
1922 sort -u - $3.add > $3.tmp
1931 comm -23 $1 $2 > $1.tmp
1932 comm -13 $1 $2 > $2.tmp
1940 # We only need to do anything if $1 is non-empty.
1941 if [ -s $1 ]; then
1943 echo -n "Fetching files from ${OLDRELNUM} for merging... "
1947 cut -f 3 -d '|' |
1948 sort -u > files.wanted
1952 if [ ! -f "files/${Y}.gz" ]; then
1958 lam -s "${OLDFETCHDIR}/f/" - -s ".gz" < filelist |
1964 if ! [ -f ${Y}.gz ]; then
1968 if [ `gunzip -c < ${Y}.gz |
1969 ${SHA256} -q` = ${Y} ]; then
1988 echo -n "Preparing to download files... "
1992 cut -f 1,2,7 -d '|' < ${X} |
1994 cut -f 1,3 -d '|' |
1999 cut -f 2 -d '|' < $3.hashes |
2000 sort -u |
2002 if ! [ -f files/${HASH}.gz ]; then
2008 comm -12 $1.hashes $2.hashes |
2009 sort -k 1,1 -t '|' > unmodified.files
2015 F=`echo "${LINE}" | cut -f 1 -d '|'`
2016 HASH=`echo "${LINE}" | cut -f 2 -d '|'`
2019 if [ -f files/${HASH}.gz ]; then
2025 if [ `sha256 -q tmpfile` != ${HASH} ]; then
2032 gzip -c < tmpfile > files/${HASH}.gz
2037 sort -k 1,1 -t '|' $3.hashes |
2038 join -t '|' -o 2.2,1.2 - unmodified.files |
2054 if [ -s patchlist ]; then
2055 echo -n "Fetching `wc -l < patchlist | tr -d ' '` "
2057 tr '|' '-' < patchlist |
2058 lam -s "${PATCHDIR}/" - |
2064 echo -n "Applying patches... "
2067 if [ ! -f "${X}-${Y}" ]; then continue; fi
2068 gunzip -c < files/${X}.gz > OLD
2070 bspatch OLD NEW ${X}-${Y}
2072 if [ `${SHA256} -q NEW` = ${Y} ]; then
2074 gzip -n files/${Y}
2076 rm -f diff OLD NEW ${X}-${Y}
2083 if [ ! -f "files/${Y}.gz" ]; then
2088 if [ -s filelist ]; then
2089 echo -n "Fetching `wc -l < filelist | tr -d ' '` "
2091 lam -s "${FETCHDIR}/f/" - -s ".gz" < filelist |
2096 if ! [ -f ${Y}.gz ]; then
2100 if [ `gunzip -c < ${Y}.gz |
2101 ${SHA256} -q` = ${Y} ]; then
2119 if [ -L "${BDHASH}-install" ]; then
2120 rm -r ${BDHASH}-install/
2121 rm ${BDHASH}-install
2125 if [ -s modifiedfiles ]; then
2126 cat - modifiedfiles <<- EOF | ${PAGER}
2135 if ! [ -s INDEX-PRESENT ] &&
2136 ! [ -s INDEX-NEW ]; then
2137 rm INDEX-PRESENT INDEX-NEW
2139 echo -n "No updates needed to update system to "
2140 echo "${RELNUM}-p${RELPATCHNUM}."
2146 cut -f 1 -d '|' < INDEX-PRESENT |
2147 sort > INDEX-PRESENT.flist
2148 cut -f 1 -d '|' < INDEX-NEW |
2149 sort > INDEX-NEW.flist
2150 comm -23 INDEX-PRESENT.flist INDEX-NEW.flist > files.removed
2151 comm -13 INDEX-PRESENT.flist INDEX-NEW.flist > files.added
2152 comm -12 INDEX-PRESENT.flist INDEX-NEW.flist > files.updated
2153 rm INDEX-PRESENT.flist INDEX-NEW.flist
2156 if [ -s files.removed ]; then
2157 cat - files.removed <<- EOF | ${PAGER}
2159 ${RELNUM}-p${RELPATCHNUM}:
2165 if [ -s files.added ]; then
2166 cat - files.added <<- EOF | ${PAGER}
2168 ${RELNUM}-p${RELPATCHNUM}:
2174 if [ -s files.updated ]; then
2175 cat - files.updated <<- EOF | ${PAGER}
2177 ${RELNUM}-p${RELPATCHNUM}:
2183 MDIR=`mktemp -d install.XXXXXX` || return 1
2186 mv INDEX-PRESENT ${MDIR}/INDEX-OLD
2187 mv INDEX-NEW ${MDIR}/INDEX-NEW
2190 ln -s ${MDIR} ${BDHASH}-install
2199 if [ -f lasteolwarn ]; then
2202 LASTWARN=`expr ${NOWTIME} - 63072000`
2206 if [ ${EOLTIME} -lt ${NOWTIME} ]; then
2208 cat <<-EOF
2209 WARNING: `uname -sr` HAS PASSED ITS END-OF-LIFE DATE.
2210 Any security issues discovered after `date -r ${EOLTIME}`
2218 SINCEWARN=`expr ${NOWTIME} - ${LASTWARN}`
2219 TIMELEFT=`expr ${EOLTIME} - ${NOWTIME}`
2222 if [ ${TIMELEFT} -gt 7884000 ]; then
2228 if [ ${TIMELEFT} -gt `expr ${SINCEWARN} \* 3` ]; then
2233 if [ ${TIMELEFT} -lt 604800 ]; then
2236 elif [ ${TIMELEFT} -lt 2678400 ]; then
2252 cat <<-EOF
2253 WARNING: `uname -sr` is approaching its End-of-Life date.
2274 # Try to fetch the metadata index signature ("tag") until we run
2281 # Fetch the latest INDEX-NEW and INDEX-OLD files.
2282 fetch_metadata INDEX-NEW INDEX-OLD || return 1
2284 # Generate filtered INDEX-NEW and INDEX-OLD files containing only
2287 fetch_filter_metadata INDEX-NEW || return 1
2288 fetch_filter_metadata INDEX-OLD || return 1
2291 fetch_filter_kernel_names INDEX-NEW ${KERNCONF}
2292 fetch_filter_kernel_names INDEX-OLD ${KERNCONF}
2294 # For all paths appearing in INDEX-OLD or INDEX-NEW, inspect the
2295 # system and generate an INDEX-PRESENT file.
2296 fetch_inspect_system INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1
2298 # Based on ${UPDATEIFUNMODIFIED}, remove lines from INDEX-* which
2299 # correspond to lines in INDEX-PRESENT with hashes not appearing
2300 # in INDEX-OLD or INDEX-NEW. Also remove lines where the entry in
2301 # INDEX-PRESENT has type - and there isn't a corresponding entry in
2302 # INDEX-OLD with type -.
2304 INDEX-OLD INDEX-PRESENT INDEX-NEW /dev/null
2306 # For each entry in INDEX-PRESENT of type -, remove any corresponding
2307 # entry from INDEX-NEW if ${ALLOWADD} != "yes". Remove all entries
2308 # of type - from INDEX-PRESENT.
2309 fetch_filter_allowadd INDEX-PRESENT INDEX-NEW
2312 # INDEX-PRESENT which don't correspond to entries in INDEX-NEW.
2313 fetch_filter_allowdelete INDEX-PRESENT INDEX-NEW
2316 # INDEX-PRESENT with metadata not matching any entry in INDEX-OLD,
2317 # replace the corresponding line of INDEX-NEW with one having the
2318 # same metadata as the entry in INDEX-PRESENT.
2319 fetch_filter_modified_metadata INDEX-OLD INDEX-PRESENT INDEX-NEW
2321 # Remove lines from INDEX-PRESENT and INDEX-NEW which are identical;
2323 fetch_filter_uptodate INDEX-PRESENT INDEX-NEW
2328 fetch_files_prepare INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1
2345 # Generate filtered INDEX-ALL with only the components listed
2350 echo -n "Inspecting system... "
2353 # supposed to be present if it is more than half-present.
2354 cut -f 1-3 -d '|' < INDEX-ALL |
2357 if [ -e ${BASEDIR}/${F} ]; then
2363 uniq -c |
2364 sed -E 's,^ +,,' > compfreq
2366 cut -f 1,3 -d ' ' |
2367 sort -k 2,2 -t ' ' > compfreq.total
2369 cut -f 1,3 -d ' ' |
2370 sort -k 2,2 -t ' ' > compfreq.present
2371 join -t ' ' -1 2 -2 2 compfreq.present compfreq.total |
2373 if [ ${T} -ne 0 -a ${P} -gt `expr ${T} / 2` ]; then
2377 cut -f 2 -d ' ' < compfreq.total > comp.total
2378 rm INDEX-ALL compfreq compfreq.total compfreq.present
2383 # Sometimes the kernel isn't installed where INDEX-ALL
2390 # not, we print a warning -- the user is running a kernel
2392 KCOMP=`echo ${KERNCONF} | tr 'A-Z' 'a-z'`
2393 grep -E "^kernel\|${KCOMP}\$" comp.total >> comp.present
2395 if grep -qE "^kernel\|" comp.total &&
2396 ! grep -qE "^kernel\|${KCOMP}\$" comp.total; then
2397 cat <<-EOF
2406 # Re-sort the list of installed components and generate
2407 # the list of non-installed components.
2408 sort -u < comp.present > comp.present.tmp
2410 comm -13 comp.present comp.total > comp.absent
2416 echo -n "The following components of FreeBSD "
2419 fmt -72
2421 echo -n "The following components of FreeBSD "
2424 fmt -72
2450 METAHASH=`look "$1|" tINDEX.present | cut -f 2 -d '|'`
2451 gunzip -c < files/${METAHASH}.gz > $1.all
2457 ! grep -qE "^kernel\|${KCOMP}\|" $1.all; then
2460 cat <<-EOF
2476 # Convert INDEX-OLD (last release) and INDEX-ALL (new release) into
2477 # INDEX-OLD and INDEX-NEW files (in the sense of normal upgrades).
2479 # For each ${F}|... which appears in INDEX-ALL but does not appear
2480 # in INDEX-OLD, add ${F}|-|||||| to INDEX-OLD.
2481 cut -f 1 -d '|' < $1 |
2482 sort -u > $1.paths
2483 cut -f 1 -d '|' < $2 |
2484 sort -u |
2485 comm -13 $1.paths - |
2486 lam - -s "|-||||||" |
2487 sort - $1 > $1.tmp
2490 # Remove lines from INDEX-OLD which also appear in INDEX-ALL
2491 comm -23 $1 $2 > $1.tmp
2494 # Remove lines from INDEX-ALL which have a file name not appearing
2495 # anywhere in INDEX-OLD (since these must be files which haven't
2496 # changed -- if they were new, there would be an entry of type "-").
2497 cut -f 1 -d '|' < $1 |
2498 sort -u > $1.paths
2499 sort -k 1,1 -t '|' < $2 |
2500 join -t '|' - $1.paths |
2505 # Rename INDEX-ALL to INDEX-NEW.
2512 X=`sed -E 's/\\$FreeBSD.*\\$/\$FreeBSD\$/' < $1 | ${SHA256}`
2513 Y=`sed -E 's/\\$FreeBSD.*\\$/\$FreeBSD\$/' < $2 | ${SHA256}`
2525 # We only need to do anything if $1 is non-empty.
2526 if [ -s $1 ]; then
2527 cut -f 1 -d '|' $1 |
2528 sort > $1-paths
2531 rm -rf merge/
2534 mkdir -p merge/old/${D}
2535 mkdir -p merge/${OLDRELNUM}/${D}
2536 mkdir -p merge/${RELNUM}/${D}
2537 mkdir -p merge/new/${D}
2538 done < $1-paths
2543 V=`look "${F}|" $2 | cut -f 7 -d '|'`
2547 if look "${F}|" $1 | fgrep -q "|f|"; then
2548 V=`look "${F}|" $1 | cut -f 3 -d '|'`
2554 if look "${F}|" $3 | cut -f 1,2,7 -d '|' |
2555 fgrep -q "|f|"; then
2556 V=`look "${F}|" $3 | cut -f 7 -d '|'`
2560 done < $1-paths
2563 echo -n "Attempting to automatically merge "
2564 echo -n "changes in files..."
2570 if ! [ -f merge/${RELNUM}/${F} ]; then
2577 if ! [ -f merge/${OLDRELNUM}/${F} ]; then
2585 # Don't merge these -- we're rebuild them
2590 if ! diff3 -E -m -L "current version" \
2591 -L "${OLDRELNUM}" -L "${RELNUM}" \
2600 done < $1-paths
2613 cat <<-EOF
2627 if ! grep -qE '^(<<<<<<<|=======|>>>>>>>)([[:space:]].*)?$' $(pwd)/merge/new/${F} ; then
2630 cat <<-EOF
2647 if [ -f merge/old/${F} ] && [ -f merge/new/${F} ] &&
2654 if [ -f merge/old/${F} ] &&
2655 [ -f merge/${OLDRELNUM}/${F} ] &&
2661 if ! [ -f merge/new/${F} ]; then
2662 cat <<-EOF
2672 cat <<-EOF
2677 diff -U 5 -L "current version" -L "new version" \
2680 done < $1-paths
2684 if [ -f merge/new/${F} ]; then
2685 V=`${SHA256} -q merge/new/${F}`
2687 gzip -c < merge/new/${F} > files/${V}.gz
2690 done < $1-paths > newhashes
2696 done < $1-paths > $3-oldlines
2699 join -t '|' -o 1.1,1.2,1.3,1.4,1.5,1.6,2.2,1.8 \
2700 $3-oldlines newhashes > $3-newlines
2703 sort $3-oldlines |
2704 comm -13 - $3 |
2705 sort - $3-newlines > $3.tmp
2709 rm $1-paths newhashes $3-oldlines $3-newlines
2710 rm -rf merge/
2729 # Try to fetch the metadata index signature ("tag") until we run
2736 # Fetch the INDEX-OLD and INDEX-ALL.
2737 fetch_metadata INDEX-OLD INDEX-ALL || return 1
2741 upgrade_guess_components INDEX-ALL || return 1
2743 # Generate filtered INDEX-OLD and INDEX-ALL files containing only
2745 fetch_filter_metadata INDEX-OLD || return 1
2746 fetch_filter_metadata INDEX-ALL || return 1
2748 # Merge the INDEX-OLD and INDEX-ALL files into INDEX-OLD.
2749 sort INDEX-OLD INDEX-ALL > INDEX-OLD.tmp
2750 mv INDEX-OLD.tmp INDEX-OLD
2751 rm INDEX-ALL
2759 # Try to fetch the NEW metadata index signature ("tag") until we run
2765 # Fetch the new INDEX-ALL.
2766 fetch_metadata INDEX-ALL || return 1
2772 upgrade_guess_new_kernel INDEX-ALL || return 1
2774 # Filter INDEX-ALL to contain only the components we want and without
2776 fetch_filter_metadata INDEX-ALL || return 1
2778 # Convert INDEX-OLD (last release) and INDEX-ALL (new release) into
2779 # INDEX-OLD and INDEX-NEW files (in the sense of normal upgrades).
2780 upgrade_oldall_to_oldnew INDEX-OLD INDEX-ALL INDEX-NEW
2783 fetch_filter_kernel_names INDEX-NEW ${NKERNCONF}
2784 fetch_filter_kernel_names INDEX-OLD ${KERNCONF}
2786 # For all paths appearing in INDEX-OLD or INDEX-NEW, inspect the
2787 # system and generate an INDEX-PRESENT file.
2788 fetch_inspect_system INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1
2790 # Based on ${MERGECHANGES}, generate a file tomerge-old with the
2792 fetch_filter_mergechanges INDEX-OLD INDEX-PRESENT INDEX-NEW tomerge-old
2794 # Based on ${UPDATEIFUNMODIFIED}, remove lines from INDEX-* which
2795 # correspond to lines in INDEX-PRESENT with hashes not appearing
2796 # in INDEX-OLD or INDEX-NEW. Also remove lines where the entry in
2797 # INDEX-PRESENT has type - and there isn't a corresponding entry in
2798 # INDEX-OLD with type -.
2800 INDEX-OLD INDEX-PRESENT INDEX-NEW tomerge-old
2802 # For each entry in INDEX-PRESENT of type -, remove any corresponding
2803 # entry from INDEX-NEW if ${ALLOWADD} != "yes". Remove all entries
2804 # of type - from INDEX-PRESENT.
2805 fetch_filter_allowadd INDEX-PRESENT INDEX-NEW
2808 # INDEX-PRESENT which don't correspond to entries in INDEX-NEW.
2809 fetch_filter_allowdelete INDEX-PRESENT INDEX-NEW
2812 # INDEX-PRESENT with metadata not matching any entry in INDEX-OLD,
2813 # replace the corresponding line of INDEX-NEW with one having the
2814 # same metadata as the entry in INDEX-PRESENT.
2815 fetch_filter_modified_metadata INDEX-OLD INDEX-PRESENT INDEX-NEW
2817 # Remove lines from INDEX-PRESENT and INDEX-NEW which are identical;
2819 fetch_filter_uptodate INDEX-PRESENT INDEX-NEW
2822 fetch_files_premerge tomerge-old
2827 fetch_files_prepare INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1
2829 # Fetch patches from to-${RELNUM}/${ARCH}/bp/
2830 PATCHDIR=to-${RELNUM}/${ARCH}/bp
2834 upgrade_merge tomerge-old INDEX-PRESENT INDEX-NEW || return 1
2842 touch ${BDHASH}-install/kernelfirst
2844 # Remind the user that they need to run "freebsd-update install"
2854 cut -f 2,7 -d '|' |
2855 grep -E '^f' |
2856 cut -f 2 -d '|' |
2857 sort -u > filelist
2861 if ! [ -f files/${HASH}.gz ]; then
2862 echo -n "Update files missing -- "
2864 echo "Re-run '`basename $0` [options] fetch'."
2877 cut -f 1 -d '|' > filelist
2881 if ! [ -e ${BASEDIR}/${F} ]; then
2898 if [ ! -e $BASEDIR/$BACKUPKERNELDIR ]; then
2904 if [ -d $BASEDIR/$BACKUPKERNELDIR -a \
2905 -e $BASEDIR/$BACKUPKERNELDIR/.freebsd-update ]; then
2912 if [ $CNT -gt 9 ]; then
2916 BACKUPKERNELDIR="`echo $BACKUPKERNELDIR | sed -Ee 's/[0-9]\$//'`"
2923 # we create a marker file called ".freebsd-update" in the directory so
2925 # freebsd-update and we then do not accidentally remove user files in
2940 if [ -d $BASEDIR/$BACKUPKERNELDIR ]; then
2941 rm -fr $BASEDIR/$BACKUPKERNELDIR
2945 mkdir -p $BASEDIR/$BACKUPKERNELDIR
2946 mtree -cdn -p "${BASEDIR}/${KERNELDIR}" | \
2947 mtree -Ue -p "${BASEDIR}/${BACKUPKERNELDIR}" > /dev/null
2949 # Mark the directory as having been created by freebsd-update.
2950 touch $BASEDIR/$BACKUPKERNELDIR/.freebsd-update
2951 if [ $? -ne 0 ]; then
2958 set -f
2964 FINDFILTER="-a ! -name *.debug -a ! -name *.symbols"
2968 (cd ${BASEDIR}/${KERNELDIR} && find . -type f $FINDFILTER -exec \
2969 cp -pl '{}' ${BASEDIR}/${BACKUPKERNELDIR}/'{}' \;)
2971 # Re-enable pathname expansion.
2978 if [ -d "$1" ]; then
2980 rm -rf -- "$1"
2988 sort -k 1,1 -t '|' $1 |
2990 while read FPATH TYPE OWNER GROUP PERM FLAGS HASH LINK; do
2996 if [ -e "${BASEDIR}/${FPATH}" ] && \
2997 ! [ -d "${BASEDIR}/${FPATH}" ]; then
2998 rm -f -- "${BASEDIR}/${FPATH}"
3000 install -d -o ${OWNER} -g ${GROUP} \
3001 -m ${PERM} ${BASEDIR}/${FPATH}
3005 if [ -z "${LINK}" ]; then
3008 install -S -o ${OWNER} -g ${GROUP} \
3009 -m ${PERM} ${HASH} ${BASEDIR}/${FPATH}
3013 ln -f ${BASEDIR}/${LINK} ${BASEDIR}/${FPATH}
3019 ln -sfh ${HASH} ${BASEDIR}/${FPATH}
3026 while read FPATH TYPE OWNER GROUP PERM FLAGS HASH LINK; do
3037 cut -f 1 -d '|' < $2 |
3041 sort -k 1,1 -t '|' $1 |
3042 join -t '|' -v 1 - newfiles |
3043 sort -r -k 1,1 -t '|' |
3044 cut -f 1,2 -d '|' |
3054 if [ -f "${BASEDIR}/${FPATH}" ]; then
3059 if [ -L "${BASEDIR}/${FPATH}" ]; then
3073 if ! [ -f $1/kerneldone ]; then
3074 grep -E '^/boot/' $1/INDEX-OLD > INDEX-OLD
3075 grep -E '^/boot/' $1/INDEX-NEW > INDEX-NEW
3081 install_from_index INDEX-NEW || return 1
3084 install_delete INDEX-OLD INDEX-NEW || return 1
3087 if [ -s INDEX-OLD -o -s INDEX-NEW ]; then
3088 kldxref -R ${BASEDIR}/boot/ 2>/dev/null
3095 if [ -f $1/kernelfirst ] &&
3096 [ -s INDEX-OLD -o -s INDEX-NEW ]; then
3097 cat <<-EOF
3107 if ! [ -f $1/worlddone ]; then
3109 grep -vE '^/boot/' $1/INDEX-NEW |
3110 grep -E '^[^|]+\|d\|' > INDEX-NEW
3111 install_from_index INDEX-NEW || return 1
3114 grep -vE '^/boot/' $1/INDEX-NEW |
3115 grep -vE '^[^|]+\|d\|' |
3116 grep -E '^/libexec/ld-elf[^|]*\.so\.[0-9]+\|' > INDEX-NEW
3117 install_from_index INDEX-NEW || return 1
3120 grep -vE '^/boot/' $1/INDEX-NEW |
3121 grep -vE '^[^|]+\|d\|' |
3122 grep -vE '^/libexec/ld-elf[^|]*\.so\.[0-9]+\|' |
3123 grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW
3124 install_from_index INDEX-NEW || return 1
3127 grep -vE '^/boot/' $1/INDEX-OLD |
3128 grep -vE '^[^|]+\|d\|' |
3129 grep -vE '^/libexec/ld-elf[^|]*\.so\.[0-9]+\|' |
3130 grep -vE '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-OLD
3131 grep -vE '^/boot/' $1/INDEX-NEW |
3132 grep -vE '^[^|]+\|d\|' |
3133 grep -vE '^/libexec/ld-elf[^|]*\.so\.[0-9]+\|' |
3134 grep -vE '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW
3135 install_from_index INDEX-NEW || return 1
3136 install_delete INDEX-OLD INDEX-NEW || return 1
3153 pwd_mkdb -d ${BASEDIR}/etc -p ${BASEDIR}/etc/master.passwd
3158 if [ ! -d ${BASEDIR}/$D ]; then
3161 if [ -f ${BASEDIR}/$D/mandoc.db ] && \
3162 [ -z "$(find ${BASEDIR}/$D -type f -newer ${BASEDIR}/$D/mandoc.db)" ]; then
3173 grep -vE '^/boot/' $1/INDEX-NEW |
3174 grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' |
3175 cut -f 1 -d '|' |
3177 if grep -vE '^/boot/' $1/INDEX-OLD |
3178 grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' |
3179 cut -f 1 -d '|' |
3181 join -v 1 - newfiles |
3182 grep -q .; then
3183 cat <<-EOF
3197 grep -vE '^/boot/' $1/INDEX-NEW |
3198 grep -vE '^[^|]+\|d\|' |
3199 grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW
3200 grep -vE '^/boot/' $1/INDEX-OLD |
3201 grep -vE '^[^|]+\|d\|' |
3202 grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-OLD
3203 install_delete INDEX-OLD INDEX-NEW || return 1
3206 grep -vE '^/boot/' $1/INDEX-NEW |
3207 grep -E '^[^|]+\|d\|' > INDEX-NEW
3208 grep -vE '^/boot/' $1/INDEX-OLD |
3209 grep -E '^[^|]+\|d\|' > INDEX-OLD
3210 install_delete INDEX-OLD INDEX-NEW || return 1
3213 rm INDEX-OLD INDEX-NEW
3219 # "finished installing the world" flags if present -- they are
3221 if [ -f ${BDHASH}-install/kernelfirst ]; then
3222 rm ${BDHASH}-install/kernelfirst
3223 rm ${BDHASH}-install/kerneldone
3225 if [ -f ${BDHASH}-install/worlddone ]; then
3226 rm ${BDHASH}-install/worlddone
3229 if [ -L ${BDHASH}-rollback ]; then
3230 mv ${BDHASH}-rollback ${BDHASH}-install/rollback
3233 mv ${BDHASH}-install ${BDHASH}-rollback
3238 echo -n "Installing updates..."
3241 install_verify ${BDHASH}-install/INDEX-OLD \
3242 ${BDHASH}-install/INDEX-NEW || return 1
3245 install_unschg ${BDHASH}-install/INDEX-OLD \
3246 ${BDHASH}-install/INDEX-NEW || return 1
3249 install_files ${BDHASH}-install || return 1
3259 if [ -L ${BDHASH}-rollback/rollback ]; then
3260 mv ${BDHASH}-rollback/rollback rollback-tmp
3261 rm -r ${BDHASH}-rollback/
3262 rm ${BDHASH}-rollback
3263 mv rollback-tmp ${BDHASH}-rollback
3265 rm -r ${BDHASH}-rollback/
3266 rm ${BDHASH}-rollback
3274 awk -F \| '{if ($2 == "d") print }' $1/INDEX-OLD > INDEX-OLD
3275 install_from_index INDEX-OLD || return 1
3279 grep -vE '^/boot/' $1/INDEX-NEW |
3280 grep -E '/lib/.*\.so\.[0-9]+\|' |
3281 cut -f 1 -d '|' |
3282 sort > INDEX-NEW.libs.flist
3283 grep -vE '^/boot/' $1/INDEX-OLD |
3284 grep -E '/lib/.*\.so\.[0-9]+\|' |
3285 sort -k 1,1 -t '|' - |
3286 join -t '|' -v 1 - INDEX-NEW.libs.flist > INDEX-OLD
3287 install_from_index INDEX-OLD || return 1
3290 grep -vE '^/boot/' $1/INDEX-OLD |
3291 grep -vE '/lib/.*\.so\.[0-9]+\|' > INDEX-OLD
3292 grep -vE '^/boot/' $1/INDEX-NEW |
3293 grep -vE '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW
3294 install_from_index INDEX-OLD || return 1
3295 install_delete INDEX-NEW INDEX-OLD || return 1
3298 grep -vE '^/boot/' $1/INDEX-OLD |
3299 grep -E '/lib/.*\.so\.[0-9]+\|' |
3300 sort -k 1,1 -t '|' - |
3301 join -t '|' - INDEX-NEW.libs.flist > INDEX-OLD
3302 install_from_index INDEX-OLD || return 1
3305 grep -vE '^/boot/' $1/INDEX-OLD |
3306 grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-OLD
3307 grep -vE '^/boot/' $1/INDEX-NEW |
3308 grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW
3309 install_delete INDEX-NEW INDEX-OLD || return 1
3312 grep -E '^/boot/' $1/INDEX-OLD > INDEX-OLD
3313 grep -E '^/boot/' $1/INDEX-NEW > INDEX-NEW
3314 install_from_index INDEX-OLD || return 1
3315 install_delete INDEX-NEW INDEX-OLD || return 1
3316 if [ -s INDEX-OLD -o -s INDEX-NEW ]; then
3317 kldxref -R /boot/ 2>/dev/null
3321 rm INDEX-OLD INDEX-NEW INDEX-NEW.libs.flist
3326 echo -n "Uninstalling updates..."
3329 # want the user to re-run 'fetch' after rolling back updates.
3330 if [ -L ${BDHASH}-install ]; then
3331 rm -r ${BDHASH}-install/
3332 rm ${BDHASH}-install
3336 install_verify ${BDHASH}-rollback/INDEX-NEW \
3337 ${BDHASH}-rollback/INDEX-OLD || return 1
3340 install_unschg ${BDHASH}-rollback/INDEX-NEW \
3341 ${BDHASH}-rollback/INDEX-OLD || return 1
3344 rollback_files ${BDHASH}-rollback || return 1
3354 # Compare INDEX-ALL and INDEX-PRESENT and print warnings about differences.
3360 cut -f 1-5,7-8 -d '|' $1 > $1.noflags
3361 sort -k 1,1 -t '|' $1.noflags > $1.sorted
3362 cut -f 1-5,7-8 -d '|' $2 |
3363 comm -13 $1.noflags - |
3364 fgrep -v '|-|||||' |
3365 sort -k 1,1 -t '|' |
3366 join -t '|' $1.sorted - > INDEX-NOTMATCHING
3370 grep -E "^${X}" INDEX-NOTMATCHING
3372 sort -u |
3373 comm -13 - INDEX-NOTMATCHING > INDEX-NOTMATCHING.tmp
3374 mv INDEX-NOTMATCHING.tmp INDEX-NOTMATCHING
3378 while read FPATH TYPE OWNER GROUP PERM HASH LINK P_TYPE P_OWNER P_GROUP P_PERM P_HASH P_LINK; do
3381 echo -n "${FPATH} is a "
3383 f) echo -n "regular file, "
3385 d) echo -n "directory, "
3387 L) echo -n "symlink, "
3390 echo -n "but should be a "
3392 f) echo -n "regular file."
3394 d) echo -n "directory."
3396 L) echo -n "symlink."
3408 echo -n "${FPATH} is owned by user id ${P_OWNER}, "
3413 if ! [ "${GROUP}" = "${P_GROUP}" ]; then
3414 echo -n "${FPATH} is owned by group id ${P_GROUP}, "
3415 echo "but should be owned by group id ${GROUP}."
3424 echo -n "${FPATH} has ${P_PERM} permissions, "
3431 echo -n "${FPATH} is a symlink to ${P_HASH}, "
3435 echo -n "${FPATH} has SHA256 hash ${P_HASH}, "
3443 done < INDEX-NOTMATCHING
3446 rm $1 $1.noflags $1.sorted $2 INDEX-NOTMATCHING
3449 # Do the work involved in comparing the system to a "known good" index
3461 # Try to fetch the metadata index signature ("tag") until we run
3468 # Fetch INDEX-OLD and INDEX-ALL.
3469 fetch_metadata INDEX-OLD INDEX-ALL || return 1
3471 # Generate filtered INDEX-OLD and INDEX-ALL files containing only
3473 fetch_filter_metadata INDEX-OLD || return 1
3474 fetch_filter_metadata INDEX-ALL || return 1
3476 # Merge the INDEX-OLD and INDEX-ALL files into INDEX-ALL.
3477 sort INDEX-OLD INDEX-ALL > INDEX-ALL.tmp
3478 mv INDEX-ALL.tmp INDEX-ALL
3479 rm INDEX-OLD
3482 fetch_filter_kernel_names INDEX-ALL ${KERNCONF}
3484 # Inspect the system and generate an INDEX-PRESENT file.
3485 fetch_inspect_system INDEX-ALL INDEX-PRESENT /dev/null || return 1
3487 # Compare INDEX-ALL and INDEX-PRESENT and print warnings about any
3489 IDS_compare INDEX-ALL INDEX-PRESENT
3492 #### Main functions -- call parameter-handling and core functions
3507 if [ ! -t 0 -a $NOTTYOK -eq 0 ]; then
3508 echo -n "`basename $0` fetch should not "
3509 echo "be run non-interactively."
3524 sleep `jot -r 1 0 3600`
3526 TMPFILE=`mktemp /tmp/freebsd-update.XXXXXX` || exit 1
3529 ! grep -q "No updates needed" ${TMPFILE} ||
3531 mail -s "`hostname` security updates" ${MAILTO} < ${TMPFILE}
3551 if ! [ -e "${WORKDIR}" ]; then
3560 BDHASH=`echo ${BASEDIR} | sha256 -q`
3563 if ! [ -L ${BDHASH}-install ]; then
3587 # Compare system against a "known good" index.
3608 if [ -z "$PAGER" ]; then
3612 # Set LC_ALL in order to avoid problems with character ranges like [A-Z].