xref: /freebsd/usr.sbin/freebsd-update/freebsd-update.sh (revision e6bfd18d21b225af6a0ed67ceeaf1293b7b9eba5)
1#!/bin/sh
2
3#-
4# SPDX-License-Identifier: BSD-2-Clause
5#
6# Copyright 2004-2007 Colin Percival
7# All rights reserved
8#
9# Redistribution and use in source and binary forms, with or without
10# modification, are permitted providing that the following conditions
11# are met:
12# 1. Redistributions of source code must retain the above copyright
13#    notice, this list of conditions and the following disclaimer.
14# 2. Redistributions in binary form must reproduce the above copyright
15#    notice, this list of conditions and the following disclaimer in the
16#    documentation and/or other materials provided with the distribution.
17#
18# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
22# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
26# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
27# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28# POSSIBILITY OF SUCH DAMAGE.
29
30# $FreeBSD$
31
32#### Usage function -- called from command-line handling code.
33
34# Usage instructions.  Options not listed:
35# --debug	-- don't filter output from utilities
36# --no-stats	-- don't show progress statistics while fetching files
37usage () {
38	cat <<EOF
39usage: `basename $0` [options] command ...
40
41Options:
42  -b basedir   -- Operate on a system mounted at basedir
43                  (default: /)
44  -d workdir   -- Store working files in workdir
45                  (default: /var/db/freebsd-update/)
46  -f conffile  -- Read configuration options from conffile
47                  (default: /etc/freebsd-update.conf)
48  -F           -- Force a fetch operation to proceed in the
49                  case of an unfinished upgrade
50  -j jail      -- Operate on the given jail specified by jid or name
51  -k KEY       -- Trust an RSA key with SHA256 hash of KEY
52  -r release   -- Target for upgrade (e.g., 13.2-RELEASE)
53  -s server    -- Server from which to fetch updates
54                  (default: update.FreeBSD.org)
55  -t address   -- Mail output of cron command, if any, to address
56                  (default: root)
57  --not-running-from-cron
58               -- Run without a tty, for use by automated tools
59  --currently-running release
60               -- Update as if currently running this release
61Commands:
62  fetch        -- Fetch updates from server
63  cron         -- Sleep rand(3600) seconds, fetch updates, and send an
64                  email if updates were found
65  upgrade      -- Fetch upgrades to FreeBSD version specified via -r option
66  updatesready -- Check if there are fetched updates ready to install
67  install      -- Install downloaded updates or upgrades
68  rollback     -- Uninstall most recently installed updates
69  IDS          -- Compare the system against an index of "known good" files
70  showconfig   -- Show configuration
71EOF
72	exit 0
73}
74
75#### Configuration processing functions
76
77#-
78# Configuration options are set in the following order of priority:
79# 1. Command line options
80# 2. Configuration file options
81# 3. Default options
82# In addition, certain options (e.g., IgnorePaths) can be specified multiple
83# times and (as long as these are all in the same place, e.g., inside the
84# configuration file) they will accumulate.  Finally, because the path to the
85# configuration file can be specified at the command line, the entire command
86# line must be processed before we start reading the configuration file.
87#
88# Sound like a mess?  It is.  Here's how we handle this:
89# 1. Initialize CONFFILE and all the options to "".
90# 2. Process the command line.  Throw an error if a non-accumulating option
91#    is specified twice.
92# 3. If CONFFILE is "", set CONFFILE to /etc/freebsd-update.conf .
93# 4. For all the configuration options X, set X_saved to X.
94# 5. Initialize all the options to "".
95# 6. Read CONFFILE line by line, parsing options.
96# 7. For each configuration option X, set X to X_saved iff X_saved is not "".
97# 8. Repeat steps 4-7, except setting options to their default values at (6).
98
99CONFIGOPTIONS="KEYPRINT WORKDIR SERVERNAME MAILTO ALLOWADD ALLOWDELETE
100    KEEPMODIFIEDMETADATA COMPONENTS IGNOREPATHS UPDATEIFUNMODIFIED
101    BASEDIR VERBOSELEVEL TARGETRELEASE STRICTCOMPONENTS MERGECHANGES
102    IDSIGNOREPATHS BACKUPKERNEL BACKUPKERNELDIR BACKUPKERNELSYMBOLFILES"
103
104# Set all the configuration options to "".
105nullconfig () {
106	for X in ${CONFIGOPTIONS}; do
107		eval ${X}=""
108	done
109}
110
111# For each configuration option X, set X_saved to X.
112saveconfig () {
113	for X in ${CONFIGOPTIONS}; do
114		eval ${X}_saved=\$${X}
115	done
116}
117
118# For each configuration option X, set X to X_saved if X_saved is not "".
119mergeconfig () {
120	for X in ${CONFIGOPTIONS}; do
121		eval _=\$${X}_saved
122		if ! [ -z "${_}" ]; then
123			eval ${X}=\$${X}_saved
124		fi
125	done
126}
127
128# Set the trusted keyprint.
129config_KeyPrint () {
130	if [ -z ${KEYPRINT} ]; then
131		KEYPRINT=$1
132	else
133		return 1
134	fi
135}
136
137# Set the working directory.
138config_WorkDir () {
139	if [ -z ${WORKDIR} ]; then
140		WORKDIR=$1
141	else
142		return 1
143	fi
144}
145
146# Set the name of the server (pool) from which to fetch updates
147config_ServerName () {
148	if [ -z ${SERVERNAME} ]; then
149		SERVERNAME=$1
150	else
151		return 1
152	fi
153}
154
155# Set the address to which 'cron' output will be mailed.
156config_MailTo () {
157	if [ -z ${MAILTO} ]; then
158		MAILTO=$1
159	else
160		return 1
161	fi
162}
163
164# Set whether FreeBSD Update is allowed to add files (or directories, or
165# symlinks) which did not previously exist.
166config_AllowAdd () {
167	if [ -z ${ALLOWADD} ]; then
168		case $1 in
169		[Yy][Ee][Ss])
170			ALLOWADD=yes
171			;;
172		[Nn][Oo])
173			ALLOWADD=no
174			;;
175		*)
176			return 1
177			;;
178		esac
179	else
180		return 1
181	fi
182}
183
184# Set whether FreeBSD Update is allowed to remove files/directories/symlinks.
185config_AllowDelete () {
186	if [ -z ${ALLOWDELETE} ]; then
187		case $1 in
188		[Yy][Ee][Ss])
189			ALLOWDELETE=yes
190			;;
191		[Nn][Oo])
192			ALLOWDELETE=no
193			;;
194		*)
195			return 1
196			;;
197		esac
198	else
199		return 1
200	fi
201}
202
203# Set whether FreeBSD Update should keep existing inode ownership,
204# permissions, and flags, in the event that they have been modified locally
205# after the release.
206config_KeepModifiedMetadata () {
207	if [ -z ${KEEPMODIFIEDMETADATA} ]; then
208		case $1 in
209		[Yy][Ee][Ss])
210			KEEPMODIFIEDMETADATA=yes
211			;;
212		[Nn][Oo])
213			KEEPMODIFIEDMETADATA=no
214			;;
215		*)
216			return 1
217			;;
218		esac
219	else
220		return 1
221	fi
222}
223
224# Add to the list of components which should be kept updated.
225config_Components () {
226	for C in $@; do
227		COMPONENTS="${COMPONENTS} ${C}"
228	done
229}
230
231# Remove src component from list if it isn't installed
232finalize_components_config () {
233	COMPONENTS=""
234	for C in $@; do
235		if [ "$C" = "src" ]; then
236			if [ -e "${BASEDIR}/usr/src/COPYRIGHT" ]; then
237				COMPONENTS="${COMPONENTS} ${C}"
238			else
239				echo "src component not installed, skipped"
240			fi
241		else
242			COMPONENTS="${COMPONENTS} ${C}"
243		fi
244	done
245}
246
247# Add to the list of paths under which updates will be ignored.
248config_IgnorePaths () {
249	for C in $@; do
250		IGNOREPATHS="${IGNOREPATHS} ${C}"
251	done
252}
253
254# Add to the list of paths which IDS should ignore.
255config_IDSIgnorePaths () {
256	for C in $@; do
257		IDSIGNOREPATHS="${IDSIGNOREPATHS} ${C}"
258	done
259}
260
261# Add to the list of paths within which updates will be performed only if the
262# file on disk has not been modified locally.
263config_UpdateIfUnmodified () {
264	for C in $@; do
265		UPDATEIFUNMODIFIED="${UPDATEIFUNMODIFIED} ${C}"
266	done
267}
268
269# Add to the list of paths within which updates to text files will be merged
270# instead of overwritten.
271config_MergeChanges () {
272	for C in $@; do
273		MERGECHANGES="${MERGECHANGES} ${C}"
274	done
275}
276
277# Work on a FreeBSD installation mounted under $1
278config_BaseDir () {
279	if [ -z ${BASEDIR} ]; then
280		BASEDIR=$1
281	else
282		return 1
283	fi
284}
285
286# When fetching upgrades, should we assume the user wants exactly the
287# components listed in COMPONENTS, rather than trying to guess based on
288# what's currently installed?
289config_StrictComponents () {
290	if [ -z ${STRICTCOMPONENTS} ]; then
291		case $1 in
292		[Yy][Ee][Ss])
293			STRICTCOMPONENTS=yes
294			;;
295		[Nn][Oo])
296			STRICTCOMPONENTS=no
297			;;
298		*)
299			return 1
300			;;
301		esac
302	else
303		return 1
304	fi
305}
306
307# Upgrade to FreeBSD $1
308config_TargetRelease () {
309	if [ -z ${TARGETRELEASE} ]; then
310		TARGETRELEASE=$1
311	else
312		return 1
313	fi
314	if echo ${TARGETRELEASE} | grep -qE '^[0-9.]+$'; then
315		TARGETRELEASE="${TARGETRELEASE}-RELEASE"
316	fi
317}
318
319# Pretend current release is FreeBSD $1
320config_SourceRelease () {
321	UNAME_r=$1
322	if echo ${UNAME_r} | grep -qE '^[0-9.]+$'; then
323		UNAME_r="${UNAME_r}-RELEASE"
324	fi
325	export UNAME_r
326}
327
328# Get the Jail's path and the version of its installed userland
329config_TargetJail () {
330	JAIL=$1
331	UNAME_r=$(freebsd-version -j ${JAIL})
332	BASEDIR=$(jls -j ${JAIL} -h path | awk 'NR == 2 {print}')
333	if [ -z ${BASEDIR} ] || [ -z ${UNAME_r} ]; then
334		echo "The specified jail either doesn't exist or" \
335		      "does not have freebsd-version."
336		exit 1
337	fi
338	export UNAME_r
339}
340
341# Define what happens to output of utilities
342config_VerboseLevel () {
343	if [ -z ${VERBOSELEVEL} ]; then
344		case $1 in
345		[Dd][Ee][Bb][Uu][Gg])
346			VERBOSELEVEL=debug
347			;;
348		[Nn][Oo][Ss][Tt][Aa][Tt][Ss])
349			VERBOSELEVEL=nostats
350			;;
351		[Ss][Tt][Aa][Tt][Ss])
352			VERBOSELEVEL=stats
353			;;
354		*)
355			return 1
356			;;
357		esac
358	else
359		return 1
360	fi
361}
362
363config_BackupKernel () {
364	if [ -z ${BACKUPKERNEL} ]; then
365		case $1 in
366		[Yy][Ee][Ss])
367			BACKUPKERNEL=yes
368			;;
369		[Nn][Oo])
370			BACKUPKERNEL=no
371			;;
372		*)
373			return 1
374			;;
375		esac
376	else
377		return 1
378	fi
379}
380
381config_BackupKernelDir () {
382	if [ -z ${BACKUPKERNELDIR} ]; then
383		if [ -z "$1" ]; then
384			echo "BackupKernelDir set to empty dir"
385			return 1
386		fi
387
388		# We check for some paths which would be extremely odd
389		# to use, but which could cause a lot of problems if
390		# used.
391		case $1 in
392		/|/bin|/boot|/etc|/lib|/libexec|/sbin|/usr|/var)
393			echo "BackupKernelDir set to invalid path $1"
394			return 1
395			;;
396		/*)
397			BACKUPKERNELDIR=$1
398			;;
399		*)
400			echo "BackupKernelDir ($1) is not an absolute path"
401			return 1
402			;;
403		esac
404	else
405		return 1
406	fi
407}
408
409config_BackupKernelSymbolFiles () {
410	if [ -z ${BACKUPKERNELSYMBOLFILES} ]; then
411		case $1 in
412		[Yy][Ee][Ss])
413			BACKUPKERNELSYMBOLFILES=yes
414			;;
415		[Nn][Oo])
416			BACKUPKERNELSYMBOLFILES=no
417			;;
418		*)
419			return 1
420			;;
421		esac
422	else
423		return 1
424	fi
425}
426
427config_CreateBootEnv () {
428	if [ -z ${BOOTENV} ]; then
429		case $1 in
430		[Yy][Ee][Ss])
431			BOOTENV=yes
432			;;
433		[Nn][Oo])
434			BOOTENV=no
435			;;
436		*)
437			return 1
438			;;
439		esac
440	else
441		return 1
442	fi
443}
444# Handle one line of configuration
445configline () {
446	if [ $# -eq 0 ]; then
447		return
448	fi
449
450	OPT=$1
451	shift
452	config_${OPT} $@
453}
454
455#### Parameter handling functions.
456
457# Initialize parameters to null, just in case they're
458# set in the environment.
459init_params () {
460	# Configration settings
461	nullconfig
462
463	# No configuration file set yet
464	CONFFILE=""
465
466	# No commands specified yet
467	COMMANDS=""
468
469	# Force fetch to proceed
470	FORCEFETCH=0
471
472	# Run without a TTY
473	NOTTYOK=0
474
475	# Fetched first in a chain of commands
476	ISFETCHED=0
477}
478
479# Parse the command line
480parse_cmdline () {
481	while [ $# -gt 0 ]; do
482		case "$1" in
483		# Location of configuration file
484		-f)
485			if [ $# -eq 1 ]; then usage; fi
486			if [ ! -z "${CONFFILE}" ]; then usage; fi
487			shift; CONFFILE="$1"
488			;;
489		-F)
490			FORCEFETCH=1
491			;;
492		--not-running-from-cron)
493			NOTTYOK=1
494			;;
495		--currently-running)
496			shift
497			config_SourceRelease $1 || usage
498			;;
499
500		# Configuration file equivalents
501		-b)
502			if [ $# -eq 1 ]; then usage; fi; shift
503			config_BaseDir $1 || usage
504			;;
505		-d)
506			if [ $# -eq 1 ]; then usage; fi; shift
507			config_WorkDir $1 || usage
508			;;
509		-j)
510			if [ $# -eq 1 ]; then usage; fi; shift
511			config_TargetJail $1 || usage
512			;;
513		-k)
514			if [ $# -eq 1 ]; then usage; fi; shift
515			config_KeyPrint $1 || usage
516			;;
517		-s)
518			if [ $# -eq 1 ]; then usage; fi; shift
519			config_ServerName $1 || usage
520			;;
521		-r)
522			if [ $# -eq 1 ]; then usage; fi; shift
523			config_TargetRelease $1 || usage
524			;;
525		-t)
526			if [ $# -eq 1 ]; then usage; fi; shift
527			config_MailTo $1 || usage
528			;;
529		-v)
530			if [ $# -eq 1 ]; then usage; fi; shift
531			config_VerboseLevel $1 || usage
532			;;
533
534		# Aliases for "-v debug" and "-v nostats"
535		--debug)
536			config_VerboseLevel debug || usage
537			;;
538		--no-stats)
539			config_VerboseLevel nostats || usage
540			;;
541
542		# Commands
543		cron | fetch | upgrade | updatesready | install | rollback |\
544		IDS | showconfig)
545			COMMANDS="${COMMANDS} $1"
546			;;
547
548		# Anything else is an error
549		*)
550			usage
551			;;
552		esac
553		shift
554	done
555
556	# Make sure we have at least one command
557	if [ -z "${COMMANDS}" ]; then
558		usage
559	fi
560}
561
562# Parse the configuration file
563parse_conffile () {
564	# If a configuration file was specified on the command line, check
565	# that it exists and is readable.
566	if [ ! -z "${CONFFILE}" ] && [ ! -r "${CONFFILE}" ]; then
567		echo -n "File does not exist "
568		echo -n "or is not readable: "
569		echo ${CONFFILE}
570		exit 1
571	fi
572
573	# If a configuration file was not specified on the command line,
574	# use the default configuration file path.  If that default does
575	# not exist, give up looking for any configuration.
576	if [ -z "${CONFFILE}" ]; then
577		CONFFILE="/etc/freebsd-update.conf"
578		if [ ! -r "${CONFFILE}" ]; then
579			return
580		fi
581	fi
582
583	# Save the configuration options specified on the command line, and
584	# clear all the options in preparation for reading the config file.
585	saveconfig
586	nullconfig
587
588	# Read the configuration file.  Anything after the first '#' is
589	# ignored, and any blank lines are ignored.
590	L=0
591	while read LINE; do
592		L=$(($L + 1))
593		LINEX=`echo "${LINE}" | cut -f 1 -d '#'`
594		if ! configline ${LINEX}; then
595			echo "Error processing configuration file, line $L:"
596			echo "==> ${LINE}"
597			exit 1
598		fi
599	done < ${CONFFILE}
600
601	# Merge the settings read from the configuration file with those
602	# provided at the command line.
603	mergeconfig
604}
605
606# Provide some default parameters
607default_params () {
608	# Save any parameters already configured, and clear the slate
609	saveconfig
610	nullconfig
611
612	# Default configurations
613	config_WorkDir /var/db/freebsd-update
614	config_MailTo root
615	config_AllowAdd yes
616	config_AllowDelete yes
617	config_KeepModifiedMetadata yes
618	config_BaseDir /
619	config_VerboseLevel stats
620	config_StrictComponents no
621	config_BackupKernel yes
622	config_BackupKernelDir /boot/kernel.old
623	config_BackupKernelSymbolFiles no
624	config_CreateBootEnv yes
625
626	# Merge these defaults into the earlier-configured settings
627	mergeconfig
628}
629
630# Set utility output filtering options, based on ${VERBOSELEVEL}
631fetch_setup_verboselevel () {
632	case ${VERBOSELEVEL} in
633	debug)
634		QUIETREDIR="/dev/stderr"
635		QUIETFLAG=" "
636		STATSREDIR="/dev/stderr"
637		DDSTATS=".."
638		XARGST="-t"
639		NDEBUG=" "
640		;;
641	nostats)
642		QUIETREDIR=""
643		QUIETFLAG=""
644		STATSREDIR="/dev/null"
645		DDSTATS=".."
646		XARGST=""
647		NDEBUG=""
648		;;
649	stats)
650		QUIETREDIR="/dev/null"
651		QUIETFLAG="-q"
652		STATSREDIR="/dev/stdout"
653		DDSTATS=""
654		XARGST=""
655		NDEBUG="-n"
656		;;
657	esac
658}
659
660# Perform sanity checks and set some final parameters
661# in preparation for fetching files.  Figure out which
662# set of updates should be downloaded: If the user is
663# running *-p[0-9]+, strip off the last part; if the
664# user is running -SECURITY, call it -RELEASE.  Chdir
665# into the working directory.
666fetchupgrade_check_params () {
667	export HTTP_USER_AGENT="freebsd-update (${COMMAND}, `uname -r`)"
668
669	_SERVERNAME_z=\
670"SERVERNAME must be given via command line or configuration file."
671	_KEYPRINT_z="Key must be given via -k option or configuration file."
672	_KEYPRINT_bad="Invalid key fingerprint: "
673	_WORKDIR_bad="Directory does not exist or is not writable: "
674	_WORKDIR_bad2="Directory is not on a persistent filesystem: "
675
676	if [ -z "${SERVERNAME}" ]; then
677		echo -n "`basename $0`: "
678		echo "${_SERVERNAME_z}"
679		exit 1
680	fi
681	if [ -z "${KEYPRINT}" ]; then
682		echo -n "`basename $0`: "
683		echo "${_KEYPRINT_z}"
684		exit 1
685	fi
686	if ! echo "${KEYPRINT}" | grep -qE "^[0-9a-f]{64}$"; then
687		echo -n "`basename $0`: "
688		echo -n "${_KEYPRINT_bad}"
689		echo ${KEYPRINT}
690		exit 1
691	fi
692	if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then
693		echo -n "`basename $0`: "
694		echo -n "${_WORKDIR_bad}"
695		echo ${WORKDIR}
696		exit 1
697	fi
698	case `df -T ${WORKDIR}` in */dev/md[0-9]* | *tmpfs*)
699		echo -n "`basename $0`: "
700		echo -n "${_WORKDIR_bad2}"
701		echo ${WORKDIR}
702		exit 1
703		;;
704	esac
705	chmod 700 ${WORKDIR}
706	cd ${WORKDIR} || exit 1
707
708	# Generate release number.  The s/SECURITY/RELEASE/ bit exists
709	# to provide an upgrade path for FreeBSD Update 1.x users, since
710	# the kernels provided by FreeBSD Update 1.x are always labelled
711	# as X.Y-SECURITY.
712	RELNUM=`uname -r |
713	    sed -E 's,-p[0-9]+,,' |
714	    sed -E 's,-SECURITY,-RELEASE,'`
715	ARCH=`uname -m`
716	FETCHDIR=${RELNUM}/${ARCH}
717	PATCHDIR=${RELNUM}/${ARCH}/bp
718
719	# Disallow upgrade from a version that is not a release
720	case ${RELNUM} in
721	*-RELEASE | *-ALPHA*  | *-BETA* | *-RC*)
722		;;
723	*)
724		echo -n "`basename $0`: "
725		cat <<- EOF
726			Cannot upgrade from a version that is not a release
727			(including alpha, beta and release candidates)
728			using `basename $0`. Instead, FreeBSD can be directly
729			upgraded by source or upgraded to a RELEASE/RELENG version
730			prior to running `basename $0`.
731			Currently running: ${RELNUM}
732		EOF
733		exit 1
734		;;
735	esac
736
737	# Figure out what directory contains the running kernel
738	BOOTFILE=`sysctl -n kern.bootfile`
739	KERNELDIR=${BOOTFILE%/kernel}
740	if ! [ -d ${KERNELDIR} ]; then
741		echo "Cannot identify running kernel"
742		exit 1
743	fi
744
745	# Figure out what kernel configuration is running.  We start with
746	# the output of `uname -i`, and then make the following adjustments:
747	# 1. Replace "SMP-GENERIC" with "SMP".  Why the SMP kernel config
748	# file says "ident SMP-GENERIC", I don't know...
749	# 2. If the kernel claims to be GENERIC _and_ ${ARCH} is "amd64"
750	# _and_ `sysctl kern.version` contains a line which ends "/SMP", then
751	# we're running an SMP kernel.  This mis-identification is a bug
752	# which was fixed in 6.2-STABLE.
753	KERNCONF=`uname -i`
754	if [ ${KERNCONF} = "SMP-GENERIC" ]; then
755		KERNCONF=SMP
756	fi
757	if [ ${KERNCONF} = "GENERIC" ] && [ ${ARCH} = "amd64" ]; then
758		if sysctl kern.version | grep -qE '/SMP$'; then
759			KERNCONF=SMP
760		fi
761	fi
762
763	# Define some paths
764	BSPATCH=/usr/bin/bspatch
765	SHA256=/sbin/sha256
766	PHTTPGET=/usr/libexec/phttpget
767
768	# Set up variables relating to VERBOSELEVEL
769	fetch_setup_verboselevel
770
771	# Construct a unique name from ${BASEDIR}
772	BDHASH=`echo ${BASEDIR} | sha256 -q`
773}
774
775# Perform sanity checks etc. before fetching updates.
776fetch_check_params () {
777	fetchupgrade_check_params
778
779	if ! [ -z "${TARGETRELEASE}" ]; then
780		echo -n "`basename $0`: "
781		echo -n "-r option is meaningless with 'fetch' command.  "
782		echo "(Did you mean 'upgrade' instead?)"
783		exit 1
784	fi
785
786	# Check that we have updates ready to install
787	if [ -f ${BDHASH}-install/kerneldone -a $FORCEFETCH -eq 0 ]; then
788		echo "You have a partially completed upgrade pending"
789		echo "Run '$0 install' first."
790		echo "Run '$0 fetch -F' to proceed anyway."
791		exit 1
792	fi
793}
794
795# Perform sanity checks etc. before fetching upgrades.
796upgrade_check_params () {
797	fetchupgrade_check_params
798
799	# Unless set otherwise, we're upgrading to the same kernel config.
800	NKERNCONF=${KERNCONF}
801
802	# We need TARGETRELEASE set
803	_TARGETRELEASE_z="Release target must be specified via -r option."
804	if [ -z "${TARGETRELEASE}" ]; then
805		echo -n "`basename $0`: "
806		echo "${_TARGETRELEASE_z}"
807		exit 1
808	fi
809
810	# The target release should be != the current release.
811	if [ "${TARGETRELEASE}" = "${RELNUM}" ]; then
812		echo -n "`basename $0`: "
813		echo "Cannot upgrade from ${RELNUM} to itself"
814		exit 1
815	fi
816
817	# Turning off AllowAdd or AllowDelete is a bad idea for upgrades.
818	if [ "${ALLOWADD}" = "no" ]; then
819		echo -n "`basename $0`: "
820		echo -n "WARNING: \"AllowAdd no\" is a bad idea "
821		echo "when upgrading between releases."
822		echo
823	fi
824	if [ "${ALLOWDELETE}" = "no" ]; then
825		echo -n "`basename $0`: "
826		echo -n "WARNING: \"AllowDelete no\" is a bad idea "
827		echo "when upgrading between releases."
828		echo
829	fi
830
831	# Set EDITOR to /usr/bin/vi if it isn't already set
832	: ${EDITOR:='/usr/bin/vi'}
833}
834
835# Perform sanity checks and set some final parameters in
836# preparation for installing updates.
837install_check_params () {
838	# Check that we are root.  All sorts of things won't work otherwise.
839	if [ `id -u` != 0 ]; then
840		echo "You must be root to run this."
841		exit 1
842	fi
843
844	# Check that securelevel <= 0.  Otherwise we can't update schg files.
845	if [ `sysctl -n kern.securelevel` -gt 0 ]; then
846		echo "Updates cannot be installed when the system securelevel"
847		echo "is greater than zero."
848		exit 1
849	fi
850
851	# Check that we have a working directory
852	_WORKDIR_bad="Directory does not exist or is not writable: "
853	if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then
854		echo -n "`basename $0`: "
855		echo -n "${_WORKDIR_bad}"
856		echo ${WORKDIR}
857		exit 1
858	fi
859	cd ${WORKDIR} || exit 1
860
861	# Construct a unique name from ${BASEDIR}
862	BDHASH=`echo ${BASEDIR} | sha256 -q`
863
864	# Check that we have updates ready to install
865	if ! [ -L ${BDHASH}-install ]; then
866		echo "No updates are available to install."
867		if [ $ISFETCHED -eq 0 ]; then
868			echo "Run '$0 fetch' first."
869			exit 2
870		fi
871		exit 0
872	fi
873	if ! [ -f ${BDHASH}-install/INDEX-OLD ] ||
874	    ! [ -f ${BDHASH}-install/INDEX-NEW ]; then
875		echo "Update manifest is corrupt -- this should never happen."
876		echo "Re-run '$0 fetch'."
877		exit 1
878	fi
879
880	# Figure out what directory contains the running kernel
881	BOOTFILE=`sysctl -n kern.bootfile`
882	KERNELDIR=${BOOTFILE%/kernel}
883	if ! [ -d ${KERNELDIR} ]; then
884		echo "Cannot identify running kernel"
885		exit 1
886	fi
887}
888
889# Creates a new boot environment
890install_create_be () {
891	# Figure out if we're running in a jail and return if we are
892	if [ `sysctl -n security.jail.jailed` = 1 ]; then
893		return 1
894	fi
895	# Operating on roots that aren't located at / will, more often than not,
896	# not touch the boot environment.
897	if [ "$BASEDIR" != "/" ]; then
898		return 1
899	fi
900	# Create a boot environment if enabled
901	if [ ${BOOTENV} = yes ]; then
902		bectl check 2>/dev/null
903		case $? in
904			0)
905				# Boot environment are supported
906				CREATEBE=yes
907				;;
908			255)
909				# Boot environments are not supported
910				CREATEBE=no
911				;;
912			*)
913				# If bectl returns an unexpected exit code, don't create a BE
914				CREATEBE=no
915				;;
916		esac
917		if [ ${CREATEBE} = yes ]; then
918			echo -n "Creating snapshot of existing boot environment... "
919			VERSION=`freebsd-version -ku | sort -V | tail -n 1`
920			TIMESTAMP=`date +"%Y-%m-%d_%H%M%S"`
921			bectl create ${VERSION}_${TIMESTAMP}
922			if [ $? -eq 0 ]; then
923				echo "done.";
924			else
925				echo "failed."
926				exit 1
927			fi
928		fi
929	fi
930}
931
932# Perform sanity checks and set some final parameters in
933# preparation for UNinstalling updates.
934rollback_check_params () {
935	# Check that we are root.  All sorts of things won't work otherwise.
936	if [ `id -u` != 0 ]; then
937		echo "You must be root to run this."
938		exit 1
939	fi
940
941	# Check that we have a working directory
942	_WORKDIR_bad="Directory does not exist or is not writable: "
943	if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then
944		echo -n "`basename $0`: "
945		echo -n "${_WORKDIR_bad}"
946		echo ${WORKDIR}
947		exit 1
948	fi
949	cd ${WORKDIR} || exit 1
950
951	# Construct a unique name from ${BASEDIR}
952	BDHASH=`echo ${BASEDIR} | sha256 -q`
953
954	# Check that we have updates ready to rollback
955	if ! [ -L ${BDHASH}-rollback ]; then
956		echo "No rollback directory found."
957		exit 1
958	fi
959	if ! [ -f ${BDHASH}-rollback/INDEX-OLD ] ||
960	    ! [ -f ${BDHASH}-rollback/INDEX-NEW ]; then
961		echo "Update manifest is corrupt -- this should never happen."
962		exit 1
963	fi
964}
965
966# Perform sanity checks and set some final parameters
967# in preparation for comparing the system against the
968# published index.  Figure out which index we should
969# compare against: If the user is running *-p[0-9]+,
970# strip off the last part; if the user is running
971# -SECURITY, call it -RELEASE.  Chdir into the working
972# directory.
973IDS_check_params () {
974	export HTTP_USER_AGENT="freebsd-update (${COMMAND}, `uname -r`)"
975
976	_SERVERNAME_z=\
977"SERVERNAME must be given via command line or configuration file."
978	_KEYPRINT_z="Key must be given via -k option or configuration file."
979	_KEYPRINT_bad="Invalid key fingerprint: "
980	_WORKDIR_bad="Directory does not exist or is not writable: "
981
982	if [ -z "${SERVERNAME}" ]; then
983		echo -n "`basename $0`: "
984		echo "${_SERVERNAME_z}"
985		exit 1
986	fi
987	if [ -z "${KEYPRINT}" ]; then
988		echo -n "`basename $0`: "
989		echo "${_KEYPRINT_z}"
990		exit 1
991	fi
992	if ! echo "${KEYPRINT}" | grep -qE "^[0-9a-f]{64}$"; then
993		echo -n "`basename $0`: "
994		echo -n "${_KEYPRINT_bad}"
995		echo ${KEYPRINT}
996		exit 1
997	fi
998	if ! [ -d "${WORKDIR}" -a -w "${WORKDIR}" ]; then
999		echo -n "`basename $0`: "
1000		echo -n "${_WORKDIR_bad}"
1001		echo ${WORKDIR}
1002		exit 1
1003	fi
1004	cd ${WORKDIR} || exit 1
1005
1006	# Generate release number.  The s/SECURITY/RELEASE/ bit exists
1007	# to provide an upgrade path for FreeBSD Update 1.x users, since
1008	# the kernels provided by FreeBSD Update 1.x are always labelled
1009	# as X.Y-SECURITY.
1010	RELNUM=`uname -r |
1011	    sed -E 's,-p[0-9]+,,' |
1012	    sed -E 's,-SECURITY,-RELEASE,'`
1013	ARCH=`uname -m`
1014	FETCHDIR=${RELNUM}/${ARCH}
1015	PATCHDIR=${RELNUM}/${ARCH}/bp
1016
1017	# Figure out what directory contains the running kernel
1018	BOOTFILE=`sysctl -n kern.bootfile`
1019	KERNELDIR=${BOOTFILE%/kernel}
1020	if ! [ -d ${KERNELDIR} ]; then
1021		echo "Cannot identify running kernel"
1022		exit 1
1023	fi
1024
1025	# Figure out what kernel configuration is running.  We start with
1026	# the output of `uname -i`, and then make the following adjustments:
1027	# 1. Replace "SMP-GENERIC" with "SMP".  Why the SMP kernel config
1028	# file says "ident SMP-GENERIC", I don't know...
1029	# 2. If the kernel claims to be GENERIC _and_ ${ARCH} is "amd64"
1030	# _and_ `sysctl kern.version` contains a line which ends "/SMP", then
1031	# we're running an SMP kernel.  This mis-identification is a bug
1032	# which was fixed in 6.2-STABLE.
1033	KERNCONF=`uname -i`
1034	if [ ${KERNCONF} = "SMP-GENERIC" ]; then
1035		KERNCONF=SMP
1036	fi
1037	if [ ${KERNCONF} = "GENERIC" ] && [ ${ARCH} = "amd64" ]; then
1038		if sysctl kern.version | grep -qE '/SMP$'; then
1039			KERNCONF=SMP
1040		fi
1041	fi
1042
1043	# Define some paths
1044	SHA256=/sbin/sha256
1045	PHTTPGET=/usr/libexec/phttpget
1046
1047	# Set up variables relating to VERBOSELEVEL
1048	fetch_setup_verboselevel
1049}
1050
1051#### Core functionality -- the actual work gets done here
1052
1053# Use an SRV query to pick a server.  If the SRV query doesn't provide
1054# a useful answer, use the server name specified by the user.
1055# Put another way... look up _http._tcp.${SERVERNAME} and pick a server
1056# from that; or if no servers are returned, use ${SERVERNAME}.
1057# This allows a user to specify "portsnap.freebsd.org" (in which case
1058# portsnap will select one of the mirrors) or "portsnap5.tld.freebsd.org"
1059# (in which case portsnap will use that particular server, since there
1060# won't be an SRV entry for that name).
1061#
1062# We ignore the Port field, since we are always going to use port 80.
1063
1064# Fetch the mirror list, but do not pick a mirror yet.  Returns 1 if
1065# no mirrors are available for any reason.
1066fetch_pick_server_init () {
1067	: > serverlist_tried
1068
1069# Check that host(1) exists (i.e., that the system wasn't built with the
1070# WITHOUT_BIND set) and don't try to find a mirror if it doesn't exist.
1071	if ! which -s host; then
1072		: > serverlist_full
1073		return 1
1074	fi
1075
1076	echo -n "Looking up ${SERVERNAME} mirrors... "
1077
1078# Issue the SRV query and pull out the Priority, Weight, and Target fields.
1079# BIND 9 prints "$name has SRV record ..." while BIND 8 prints
1080# "$name server selection ..."; we allow either format.
1081	MLIST="_http._tcp.${SERVERNAME}"
1082	host -t srv "${MLIST}" |
1083	    sed -nE "s/${MLIST} (has SRV record|server selection) //Ip" |
1084	    cut -f 1,2,4 -d ' ' |
1085	    sed -e 's/\.$//' |
1086	    sort > serverlist_full
1087
1088# If no records, give up -- we'll just use the server name we were given.
1089	if [ `wc -l < serverlist_full` -eq 0 ]; then
1090		echo "none found."
1091		return 1
1092	fi
1093
1094# Report how many mirrors we found.
1095	echo `wc -l < serverlist_full` "mirrors found."
1096
1097# Generate a random seed for use in picking mirrors.  If HTTP_PROXY
1098# is set, this will be used to generate the seed; otherwise, the seed
1099# will be random.
1100	if [ -n "${HTTP_PROXY}${http_proxy}" ]; then
1101		RANDVALUE=`sha256 -qs "${HTTP_PROXY}${http_proxy}" |
1102		    tr -d 'a-f' |
1103		    cut -c 1-9`
1104	else
1105		RANDVALUE=`jot -r 1 0 999999999`
1106	fi
1107}
1108
1109# Pick a mirror.  Returns 1 if we have run out of mirrors to try.
1110fetch_pick_server () {
1111# Generate a list of not-yet-tried mirrors
1112	sort serverlist_tried |
1113	    comm -23 serverlist_full - > serverlist
1114
1115# Have we run out of mirrors?
1116	if [ `wc -l < serverlist` -eq 0 ]; then
1117		cat <<- EOF
1118			No mirrors remaining, giving up.
1119
1120			This may be because upgrading from this platform (${ARCH})
1121			or release (${RELNUM}) is unsupported by `basename $0`. Only
1122			platforms with Tier 1 support can be upgraded by `basename $0`.
1123			See https://www.freebsd.org/platforms/ for more info.
1124
1125			If unsupported, FreeBSD must be upgraded by source.
1126		EOF
1127		return 1
1128	fi
1129
1130# Find the highest priority level (lowest numeric value).
1131	SRV_PRIORITY=`cut -f 1 -d ' ' serverlist | sort -n | head -1`
1132
1133# Add up the weights of the response lines at that priority level.
1134	SRV_WSUM=0;
1135	while read X; do
1136		case "$X" in
1137		${SRV_PRIORITY}\ *)
1138			SRV_W=`echo $X | cut -f 2 -d ' '`
1139			SRV_WSUM=$(($SRV_WSUM + $SRV_W))
1140			;;
1141		esac
1142	done < serverlist
1143
1144# If all the weights are 0, pretend that they are all 1 instead.
1145	if [ ${SRV_WSUM} -eq 0 ]; then
1146		SRV_WSUM=`grep -E "^${SRV_PRIORITY} " serverlist | wc -l`
1147		SRV_W_ADD=1
1148	else
1149		SRV_W_ADD=0
1150	fi
1151
1152# Pick a value between 0 and the sum of the weights - 1
1153	SRV_RND=`expr ${RANDVALUE} % ${SRV_WSUM}`
1154
1155# Read through the list of mirrors and set SERVERNAME.  Write the line
1156# corresponding to the mirror we selected into serverlist_tried so that
1157# we won't try it again.
1158	while read X; do
1159		case "$X" in
1160		${SRV_PRIORITY}\ *)
1161			SRV_W=`echo $X | cut -f 2 -d ' '`
1162			SRV_W=$(($SRV_W + $SRV_W_ADD))
1163			if [ $SRV_RND -lt $SRV_W ]; then
1164				SERVERNAME=`echo $X | cut -f 3 -d ' '`
1165				echo "$X" >> serverlist_tried
1166				break
1167			else
1168				SRV_RND=$(($SRV_RND - $SRV_W))
1169			fi
1170			;;
1171		esac
1172	done < serverlist
1173}
1174
1175# Take a list of ${oldhash}|${newhash} and output a list of needed patches,
1176# i.e., those for which we have ${oldhash} and don't have ${newhash}.
1177fetch_make_patchlist () {
1178	grep -vE "^([0-9a-f]{64})\|\1$" |
1179	    tr '|' ' ' |
1180		while read X Y; do
1181			if [ -f "files/${Y}.gz" ] ||
1182			    [ ! -f "files/${X}.gz" ]; then
1183				continue
1184			fi
1185			echo "${X}|${Y}"
1186		done | sort -u
1187}
1188
1189# Print user-friendly progress statistics
1190fetch_progress () {
1191	LNC=0
1192	while read x; do
1193		LNC=$(($LNC + 1))
1194		if [ $(($LNC % 10)) = 0 ]; then
1195			echo -n $LNC
1196		elif [ $(($LNC % 2)) = 0 ]; then
1197			echo -n .
1198		fi
1199	done
1200	echo -n " "
1201}
1202
1203# Function for asking the user if everything is ok
1204continuep () {
1205	while read -p "Does this look reasonable (y/n)? " CONTINUE; do
1206		case "${CONTINUE}" in
1207		y*)
1208			return 0
1209			;;
1210		n*)
1211			return 1
1212			;;
1213		esac
1214	done
1215}
1216
1217# Initialize the working directory
1218workdir_init () {
1219	mkdir -p files
1220	touch tINDEX.present
1221}
1222
1223# Check that we have a public key with an appropriate hash, or
1224# fetch the key if it doesn't exist.  Returns 1 if the key has
1225# not yet been fetched.
1226fetch_key () {
1227	if [ -r pub.ssl ] && [ `${SHA256} -q pub.ssl` = ${KEYPRINT} ]; then
1228		return 0
1229	fi
1230
1231	echo -n "Fetching public key from ${SERVERNAME}... "
1232	rm -f pub.ssl
1233	fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/pub.ssl \
1234	    2>${QUIETREDIR} || true
1235	if ! [ -r pub.ssl ]; then
1236		echo "failed."
1237		return 1
1238	fi
1239	if ! [ `${SHA256} -q pub.ssl` = ${KEYPRINT} ]; then
1240		echo "key has incorrect hash."
1241		rm -f pub.ssl
1242		return 1
1243	fi
1244	echo "done."
1245}
1246
1247# Fetch metadata signature, aka "tag".
1248fetch_tag () {
1249	echo -n "Fetching metadata signature "
1250	echo ${NDEBUG} "for ${RELNUM} from ${SERVERNAME}... "
1251	rm -f latest.ssl
1252	fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/latest.ssl	\
1253	    2>${QUIETREDIR} || true
1254	if ! [ -r latest.ssl ]; then
1255		echo "failed."
1256		return 1
1257	fi
1258
1259	openssl rsautl -pubin -inkey pub.ssl -verify		\
1260	    < latest.ssl > tag.new 2>${QUIETREDIR} || true
1261	rm latest.ssl
1262
1263	if ! [ `wc -l < tag.new` = 1 ] ||
1264	    ! grep -qE	\
1265    "^freebsd-update\|${ARCH}\|${RELNUM}\|[0-9]+\|[0-9a-f]{64}\|[0-9]{10}" \
1266		tag.new; then
1267		echo "invalid signature."
1268		return 1
1269	fi
1270
1271	echo "done."
1272
1273	RELPATCHNUM=`cut -f 4 -d '|' < tag.new`
1274	TINDEXHASH=`cut -f 5 -d '|' < tag.new`
1275	EOLTIME=`cut -f 6 -d '|' < tag.new`
1276}
1277
1278# Sanity-check the patch number in a tag, to make sure that we're not
1279# going to "update" backwards and to prevent replay attacks.
1280fetch_tagsanity () {
1281	# Check that we're not going to move from -pX to -pY with Y < X.
1282	RELPX=`uname -r | sed -E 's,.*-,,'`
1283	if echo ${RELPX} | grep -qE '^p[0-9]+$'; then
1284		RELPX=`echo ${RELPX} | cut -c 2-`
1285	else
1286		RELPX=0
1287	fi
1288	if [ "${RELPATCHNUM}" -lt "${RELPX}" ]; then
1289		echo
1290		echo -n "Files on mirror (${RELNUM}-p${RELPATCHNUM})"
1291		echo " appear older than what"
1292		echo "we are currently running (`uname -r`)!"
1293		echo "Cowardly refusing to proceed any further."
1294		return 1
1295	fi
1296
1297	# If "tag" exists and corresponds to ${RELNUM}, make sure that
1298	# it contains a patch number <= RELPATCHNUM, in order to protect
1299	# against rollback (replay) attacks.
1300	if [ -f tag ] &&
1301	    grep -qE	\
1302    "^freebsd-update\|${ARCH}\|${RELNUM}\|[0-9]+\|[0-9a-f]{64}\|[0-9]{10}" \
1303		tag; then
1304		LASTRELPATCHNUM=`cut -f 4 -d '|' < tag`
1305
1306		if [ "${RELPATCHNUM}" -lt "${LASTRELPATCHNUM}" ]; then
1307			echo
1308			echo -n "Files on mirror (${RELNUM}-p${RELPATCHNUM})"
1309			echo " are older than the"
1310			echo -n "most recently seen updates"
1311			echo " (${RELNUM}-p${LASTRELPATCHNUM})."
1312			echo "Cowardly refusing to proceed any further."
1313			return 1
1314		fi
1315	fi
1316}
1317
1318# Fetch metadata index file
1319fetch_metadata_index () {
1320	echo ${NDEBUG} "Fetching metadata index... "
1321	rm -f ${TINDEXHASH}
1322	fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/t/${TINDEXHASH}
1323	    2>${QUIETREDIR}
1324	if ! [ -f ${TINDEXHASH} ]; then
1325		echo "failed."
1326		return 1
1327	fi
1328	if [ `${SHA256} -q ${TINDEXHASH}` != ${TINDEXHASH} ]; then
1329		echo "update metadata index corrupt."
1330		return 1
1331	fi
1332	echo "done."
1333}
1334
1335# Print an error message about signed metadata being bogus.
1336fetch_metadata_bogus () {
1337	echo
1338	echo "The update metadata$1 is correctly signed, but"
1339	echo "failed an integrity check."
1340	echo "Cowardly refusing to proceed any further."
1341	return 1
1342}
1343
1344# Construct tINDEX.new by merging the lines named in $1 from ${TINDEXHASH}
1345# with the lines not named in $@ from tINDEX.present (if that file exists).
1346fetch_metadata_index_merge () {
1347	for METAFILE in $@; do
1348		if [ `grep -E "^${METAFILE}\|" ${TINDEXHASH} | wc -l`	\
1349		    -ne 1 ]; then
1350			fetch_metadata_bogus " index"
1351			return 1
1352		fi
1353
1354		grep -E "${METAFILE}\|" ${TINDEXHASH}
1355	done |
1356	    sort > tINDEX.wanted
1357
1358	if [ -f tINDEX.present ]; then
1359		join -t '|' -v 2 tINDEX.wanted tINDEX.present |
1360		    sort -m - tINDEX.wanted > tINDEX.new
1361		rm tINDEX.wanted
1362	else
1363		mv tINDEX.wanted tINDEX.new
1364	fi
1365}
1366
1367# Sanity check all the lines of tINDEX.new.  Even if more metadata lines
1368# are added by future versions of the server, this won't cause problems,
1369# since the only lines which appear in tINDEX.new are the ones which we
1370# specifically grepped out of ${TINDEXHASH}.
1371fetch_metadata_index_sanity () {
1372	if grep -qvE '^[0-9A-Z.-]+\|[0-9a-f]{64}$' tINDEX.new; then
1373		fetch_metadata_bogus " index"
1374		return 1
1375	fi
1376}
1377
1378# Sanity check the metadata file $1.
1379fetch_metadata_sanity () {
1380	# Some aliases to save space later: ${P} is a character which can
1381	# appear in a path; ${M} is the four numeric metadata fields; and
1382	# ${H} is a sha256 hash.
1383	P="[-+./:=,%@_[~[:alnum:]]"
1384	M="[0-9]+\|[0-9]+\|[0-9]+\|[0-9]+"
1385	H="[0-9a-f]{64}"
1386
1387	# Check that the first four fields make sense.
1388	if gunzip -c < files/$1.gz |
1389	    grep -qvE "^[a-z]+\|[0-9a-z-]+\|${P}+\|[fdL-]\|"; then
1390		fetch_metadata_bogus ""
1391		return 1
1392	fi
1393
1394	# Remove the first three fields.
1395	gunzip -c < files/$1.gz |
1396	    cut -f 4- -d '|' > sanitycheck.tmp
1397
1398	# Sanity check entries with type 'f'
1399	if grep -E '^f' sanitycheck.tmp |
1400	    grep -qvE "^f\|${M}\|${H}\|${P}*\$"; then
1401		fetch_metadata_bogus ""
1402		return 1
1403	fi
1404
1405	# Sanity check entries with type 'd'
1406	if grep -E '^d' sanitycheck.tmp |
1407	    grep -qvE "^d\|${M}\|\|\$"; then
1408		fetch_metadata_bogus ""
1409		return 1
1410	fi
1411
1412	# Sanity check entries with type 'L'
1413	if grep -E '^L' sanitycheck.tmp |
1414	    grep -qvE "^L\|${M}\|${P}*\|\$"; then
1415		fetch_metadata_bogus ""
1416		return 1
1417	fi
1418
1419	# Sanity check entries with type '-'
1420	if grep -E '^-' sanitycheck.tmp |
1421	    grep -qvE "^-\|\|\|\|\|\|"; then
1422		fetch_metadata_bogus ""
1423		return 1
1424	fi
1425
1426	# Clean up
1427	rm sanitycheck.tmp
1428}
1429
1430# Fetch the metadata index and metadata files listed in $@,
1431# taking advantage of metadata patches where possible.
1432fetch_metadata () {
1433	fetch_metadata_index || return 1
1434	fetch_metadata_index_merge $@ || return 1
1435	fetch_metadata_index_sanity || return 1
1436
1437	# Generate a list of wanted metadata patches
1438	join -t '|' -o 1.2,2.2 tINDEX.present tINDEX.new |
1439	    fetch_make_patchlist > patchlist
1440
1441	if [ -s patchlist ]; then
1442		# Attempt to fetch metadata patches
1443		echo -n "Fetching `wc -l < patchlist | tr -d ' '` "
1444		echo ${NDEBUG} "metadata patches.${DDSTATS}"
1445		tr '|' '-' < patchlist |
1446		    lam -s "${FETCHDIR}/tp/" - -s ".gz" |
1447		    xargs ${XARGST} ${PHTTPGET} ${SERVERNAME}	\
1448			2>${STATSREDIR} | fetch_progress
1449		echo "done."
1450
1451		# Attempt to apply metadata patches
1452		echo -n "Applying metadata patches... "
1453		tr '|' ' ' < patchlist |
1454		    while read X Y; do
1455			if [ ! -f "${X}-${Y}.gz" ]; then continue; fi
1456			gunzip -c < ${X}-${Y}.gz > diff
1457			gunzip -c < files/${X}.gz > diff-OLD
1458
1459			# Figure out which lines are being added and removed
1460			grep -E '^-' diff |
1461			    cut -c 2- |
1462			    while read PREFIX; do
1463				look "${PREFIX}" diff-OLD
1464			    done |
1465			    sort > diff-rm
1466			grep -E '^\+' diff |
1467			    cut -c 2- > diff-add
1468
1469			# Generate the new file
1470			comm -23 diff-OLD diff-rm |
1471			    sort - diff-add > diff-NEW
1472
1473			if [ `${SHA256} -q diff-NEW` = ${Y} ]; then
1474				mv diff-NEW files/${Y}
1475				gzip -n files/${Y}
1476			else
1477				mv diff-NEW ${Y}.bad
1478			fi
1479			rm -f ${X}-${Y}.gz diff
1480			rm -f diff-OLD diff-NEW diff-add diff-rm
1481		done 2>${QUIETREDIR}
1482		echo "done."
1483	fi
1484
1485	# Update metadata without patches
1486	cut -f 2 -d '|' < tINDEX.new |
1487	    while read Y; do
1488		if [ ! -f "files/${Y}.gz" ]; then
1489			echo ${Y};
1490		fi
1491	    done |
1492	    sort -u > filelist
1493
1494	if [ -s filelist ]; then
1495		echo -n "Fetching `wc -l < filelist | tr -d ' '` "
1496		echo ${NDEBUG} "metadata files... "
1497		lam -s "${FETCHDIR}/m/" - -s ".gz" < filelist |
1498		    xargs ${XARGST} ${PHTTPGET} ${SERVERNAME}	\
1499		    2>${QUIETREDIR}
1500
1501		while read Y; do
1502			if ! [ -f ${Y}.gz ]; then
1503				echo "failed."
1504				return 1
1505			fi
1506			if [ `gunzip -c < ${Y}.gz |
1507			    ${SHA256} -q` = ${Y} ]; then
1508				mv ${Y}.gz files/${Y}.gz
1509			else
1510				echo "metadata is corrupt."
1511				return 1
1512			fi
1513		done < filelist
1514		echo "done."
1515	fi
1516
1517# Sanity-check the metadata files.
1518	cut -f 2 -d '|' tINDEX.new > filelist
1519	while read X; do
1520		fetch_metadata_sanity ${X} || return 1
1521	done < filelist
1522
1523# Remove files which are no longer needed
1524	cut -f 2 -d '|' tINDEX.present |
1525	    sort > oldfiles
1526	cut -f 2 -d '|' tINDEX.new |
1527	    sort |
1528	    comm -13 - oldfiles |
1529	    lam -s "files/" - -s ".gz" |
1530	    xargs rm -f
1531	rm patchlist filelist oldfiles
1532	rm ${TINDEXHASH}
1533
1534# We're done!
1535	mv tINDEX.new tINDEX.present
1536	mv tag.new tag
1537
1538	return 0
1539}
1540
1541# Extract a subset of a downloaded metadata file containing only the parts
1542# which are listed in COMPONENTS.
1543fetch_filter_metadata_components () {
1544	METAHASH=`look "$1|" tINDEX.present | cut -f 2 -d '|'`
1545	gunzip -c < files/${METAHASH}.gz > $1.all
1546
1547	# Fish out the lines belonging to components we care about.
1548	for C in ${COMPONENTS}; do
1549		look "`echo ${C} | tr '/' '|'`|" $1.all
1550	done > $1
1551
1552	# Remove temporary file.
1553	rm $1.all
1554}
1555
1556# Generate a filtered version of the metadata file $1 from the downloaded
1557# file, by fishing out the lines corresponding to components we're trying
1558# to keep updated, and then removing lines corresponding to paths we want
1559# to ignore.
1560fetch_filter_metadata () {
1561	# Fish out the lines belonging to components we care about.
1562	fetch_filter_metadata_components $1
1563
1564	# Canonicalize directory names by removing any trailing / in
1565	# order to avoid listing directories multiple times if they
1566	# belong to multiple components.  Turning "/" into "" doesn't
1567	# matter, since we add a leading "/" when we use paths later.
1568	cut -f 3- -d '|' $1 |
1569	    sed -e 's,/|d|,|d|,' |
1570	    sed -e 's,/|-|,|-|,' |
1571	    sort -u > $1.tmp
1572
1573	# Figure out which lines to ignore and remove them.
1574	for X in ${IGNOREPATHS}; do
1575		grep -E "^${X}" $1.tmp
1576	done |
1577	    sort -u |
1578	    comm -13 - $1.tmp > $1
1579
1580	# Remove temporary files.
1581	rm $1.tmp
1582}
1583
1584# Filter the metadata file $1 by adding lines with "/boot/$2"
1585# replaced by ${KERNELDIR} (which is `sysctl -n kern.bootfile` minus the
1586# trailing "/kernel"); and if "/boot/$2" does not exist, remove
1587# the original lines which start with that.
1588# Put another way: Deal with the fact that the FOO kernel is sometimes
1589# installed in /boot/FOO/ and is sometimes installed elsewhere.
1590fetch_filter_kernel_names () {
1591	grep ^/boot/$2 $1 |
1592	    sed -e "s,/boot/$2,${KERNELDIR},g" |
1593	    sort - $1 > $1.tmp
1594	mv $1.tmp $1
1595
1596	if ! [ -d /boot/$2 ]; then
1597		grep -v ^/boot/$2 $1 > $1.tmp
1598		mv $1.tmp $1
1599	fi
1600}
1601
1602# For all paths appearing in $1 or $3, inspect the system
1603# and generate $2 describing what is currently installed.
1604fetch_inspect_system () {
1605	# No errors yet...
1606	rm -f .err
1607
1608	# Tell the user why his disk is suddenly making lots of noise
1609	echo -n "Inspecting system... "
1610
1611	# Generate list of files to inspect
1612	cat $1 $3 |
1613	    cut -f 1 -d '|' |
1614	    sort -u > filelist
1615
1616	# Examine each file and output lines of the form
1617	# /path/to/file|type|device-inum|user|group|perm|flags|value
1618	# sorted by device and inode number.
1619	while read F; do
1620		# If the symlink/file/directory does not exist, record this.
1621		if ! [ -e ${BASEDIR}/${F} ]; then
1622			echo "${F}|-||||||"
1623			continue
1624		fi
1625		if ! [ -r ${BASEDIR}/${F} ]; then
1626			echo "Cannot read file: ${BASEDIR}/${F}"	\
1627			    >/dev/stderr
1628			touch .err
1629			return 1
1630		fi
1631
1632		# Otherwise, output an index line.
1633		if [ -L ${BASEDIR}/${F} ]; then
1634			echo -n "${F}|L|"
1635			stat -n -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F};
1636			readlink ${BASEDIR}/${F};
1637		elif [ -f ${BASEDIR}/${F} ]; then
1638			echo -n "${F}|f|"
1639			stat -n -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F};
1640			sha256 -q ${BASEDIR}/${F};
1641		elif [ -d ${BASEDIR}/${F} ]; then
1642			echo -n "${F}|d|"
1643			stat -f '%d-%i|%u|%g|%Mp%Lp|%Of|' ${BASEDIR}/${F};
1644		else
1645			echo "Unknown file type: ${BASEDIR}/${F}"	\
1646			    >/dev/stderr
1647			touch .err
1648			return 1
1649		fi
1650	done < filelist |
1651	    sort -k 3,3 -t '|' > $2.tmp
1652	rm filelist
1653
1654	# Check if an error occurred during system inspection
1655	if [ -f .err ]; then
1656		return 1
1657	fi
1658
1659	# Convert to the form
1660	# /path/to/file|type|user|group|perm|flags|value|hlink
1661	# by resolving identical device and inode numbers into hard links.
1662	cut -f 1,3 -d '|' $2.tmp |
1663	    sort -k 1,1 -t '|' |
1664	    sort -s -u -k 2,2 -t '|' |
1665	    join -1 2 -2 3 -t '|' - $2.tmp |
1666	    awk -F \| -v OFS=\|		\
1667		'{
1668		    if (($2 == $3) || ($4 == "-"))
1669			print $3,$4,$5,$6,$7,$8,$9,""
1670		    else
1671			print $3,$4,$5,$6,$7,$8,$9,$2
1672		}' |
1673	    sort > $2
1674	rm $2.tmp
1675
1676	# We're finished looking around
1677	echo "done."
1678}
1679
1680# For any paths matching ${MERGECHANGES}, compare $2 against $1 and $3 and
1681# find any files with values unique to $2; generate $4 containing these paths
1682# and their corresponding hashes from $1.
1683fetch_filter_mergechanges () {
1684	# Pull out the paths and hashes of the files matching ${MERGECHANGES}.
1685	for F in $1 $2 $3; do
1686		for X in ${MERGECHANGES}; do
1687			grep -E "^${X}" ${F}
1688		done |
1689		    cut -f 1,2,7 -d '|' |
1690		    sort > ${F}-values
1691	done
1692
1693	# Any line in $2-values which doesn't appear in $1-values or $3-values
1694	# and is a file means that we should list the path in $3.
1695	sort $1-values $3-values |
1696	    comm -13 - $2-values |
1697	    fgrep '|f|' |
1698	    cut -f 1 -d '|' > $2-paths
1699
1700	# For each path, pull out one (and only one!) entry from $1-values.
1701	# Note that we cannot distinguish which "old" version the user made
1702	# changes to; but hopefully any changes which occur due to security
1703	# updates will exist in both the "new" version and the version which
1704	# the user has installed, so the merging will still work.
1705	while read X; do
1706		look "${X}|" $1-values |
1707		    head -1
1708	done < $2-paths > $4
1709
1710	# Clean up
1711	rm $1-values $2-values $3-values $2-paths
1712}
1713
1714# For any paths matching ${UPDATEIFUNMODIFIED}, remove lines from $[123]
1715# which correspond to lines in $2 with hashes not matching $1 or $3, unless
1716# the paths are listed in $4.  For entries in $2 marked "not present"
1717# (aka. type -), remove lines from $[123] unless there is a corresponding
1718# entry in $1.
1719fetch_filter_unmodified_notpresent () {
1720	# Figure out which lines of $1 and $3 correspond to bits which
1721	# should only be updated if they haven't changed, and fish out
1722	# the (path, type, value) tuples.
1723	# NOTE: We don't consider a file to be "modified" if it matches
1724	# the hash from $3.
1725	for X in ${UPDATEIFUNMODIFIED}; do
1726		grep -E "^${X}" $1
1727		grep -E "^${X}" $3
1728	done |
1729	    cut -f 1,2,7 -d '|' |
1730	    sort > $1-values
1731
1732	# Do the same for $2.
1733	for X in ${UPDATEIFUNMODIFIED}; do
1734		grep -E "^${X}" $2
1735	done |
1736	    cut -f 1,2,7 -d '|' |
1737	    sort > $2-values
1738
1739	# Any entry in $2-values which is not in $1-values corresponds to
1740	# a path which we need to remove from $1, $2, and $3, unless it
1741	# that path appears in $4.
1742	comm -13 $1-values $2-values |
1743	    sort -t '|' -k 1,1 > mlines.tmp
1744	cut -f 1 -d '|' $4 |
1745	    sort |
1746	    join -v 2 -t '|' - mlines.tmp |
1747	    sort > mlines
1748	rm $1-values $2-values mlines.tmp
1749
1750	# Any lines in $2 which are not in $1 AND are "not present" lines
1751	# also belong in mlines.
1752	comm -13 $1 $2 |
1753	    cut -f 1,2,7 -d '|' |
1754	    fgrep '|-|' >> mlines
1755
1756	# Remove lines from $1, $2, and $3
1757	for X in $1 $2 $3; do
1758		sort -t '|' -k 1,1 ${X} > ${X}.tmp
1759		cut -f 1 -d '|' < mlines |
1760		    sort |
1761		    join -v 2 -t '|' - ${X}.tmp |
1762		    sort > ${X}
1763		rm ${X}.tmp
1764	done
1765
1766	# Store a list of the modified files, for future reference
1767	fgrep -v '|-|' mlines |
1768	    cut -f 1 -d '|' > modifiedfiles
1769	rm mlines
1770}
1771
1772# For each entry in $1 of type -, remove any corresponding
1773# entry from $2 if ${ALLOWADD} != "yes".  Remove all entries
1774# of type - from $1.
1775fetch_filter_allowadd () {
1776	cut -f 1,2 -d '|' < $1 |
1777	    fgrep '|-' |
1778	    cut -f 1 -d '|' > filesnotpresent
1779
1780	if [ ${ALLOWADD} != "yes" ]; then
1781		sort < $2 |
1782		    join -v 1 -t '|' - filesnotpresent |
1783		    sort > $2.tmp
1784		mv $2.tmp $2
1785	fi
1786
1787	sort < $1 |
1788	    join -v 1 -t '|' - filesnotpresent |
1789	    sort > $1.tmp
1790	mv $1.tmp $1
1791	rm filesnotpresent
1792}
1793
1794# If ${ALLOWDELETE} != "yes", then remove any entries from $1
1795# which don't correspond to entries in $2.
1796fetch_filter_allowdelete () {
1797	# Produce a lists ${PATH}|${TYPE}
1798	for X in $1 $2; do
1799		cut -f 1-2 -d '|' < ${X} |
1800		    sort -u > ${X}.nodes
1801	done
1802
1803	# Figure out which lines need to be removed from $1.
1804	if [ ${ALLOWDELETE} != "yes" ]; then
1805		comm -23 $1.nodes $2.nodes > $1.badnodes
1806	else
1807		: > $1.badnodes
1808	fi
1809
1810	# Remove the relevant lines from $1
1811	while read X; do
1812		look "${X}|" $1
1813	done < $1.badnodes |
1814	    comm -13 - $1 > $1.tmp
1815	mv $1.tmp $1
1816
1817	rm $1.badnodes $1.nodes $2.nodes
1818}
1819
1820# If ${KEEPMODIFIEDMETADATA} == "yes", then for each entry in $2
1821# with metadata not matching any entry in $1, replace the corresponding
1822# line of $3 with one having the same metadata as the entry in $2.
1823fetch_filter_modified_metadata () {
1824	# Fish out the metadata from $1 and $2
1825	for X in $1 $2; do
1826		cut -f 1-6 -d '|' < ${X} > ${X}.metadata
1827	done
1828
1829	# Find the metadata we need to keep
1830	if [ ${KEEPMODIFIEDMETADATA} = "yes" ]; then
1831		comm -13 $1.metadata $2.metadata > keepmeta
1832	else
1833		: > keepmeta
1834	fi
1835
1836	# Extract the lines which we need to remove from $3, and
1837	# construct the lines which we need to add to $3.
1838	: > $3.remove
1839	: > $3.add
1840	while read LINE; do
1841		NODE=`echo "${LINE}" | cut -f 1-2 -d '|'`
1842		look "${NODE}|" $3 >> $3.remove
1843		look "${NODE}|" $3 |
1844		    cut -f 7- -d '|' |
1845		    lam -s "${LINE}|" - >> $3.add
1846	done < keepmeta
1847
1848	# Remove the specified lines and add the new lines.
1849	sort $3.remove |
1850	    comm -13 - $3 |
1851	    sort -u - $3.add > $3.tmp
1852	mv $3.tmp $3
1853
1854	rm keepmeta $1.metadata $2.metadata $3.add $3.remove
1855}
1856
1857# Remove lines from $1 and $2 which are identical;
1858# no need to update a file if it isn't changing.
1859fetch_filter_uptodate () {
1860	comm -23 $1 $2 > $1.tmp
1861	comm -13 $1 $2 > $2.tmp
1862
1863	mv $1.tmp $1
1864	mv $2.tmp $2
1865}
1866
1867# Fetch any "clean" old versions of files we need for merging changes.
1868fetch_files_premerge () {
1869	# We only need to do anything if $1 is non-empty.
1870	if [ -s $1 ]; then
1871		# Tell the user what we're doing
1872		echo -n "Fetching files from ${OLDRELNUM} for merging... "
1873
1874		# List of files wanted
1875		fgrep '|f|' < $1 |
1876		    cut -f 3 -d '|' |
1877		    sort -u > files.wanted
1878
1879		# Only fetch the files we don't already have
1880		while read Y; do
1881			if [ ! -f "files/${Y}.gz" ]; then
1882				echo ${Y};
1883			fi
1884		done < files.wanted > filelist
1885
1886		# Actually fetch them
1887		lam -s "${OLDFETCHDIR}/f/" - -s ".gz" < filelist |
1888		    xargs ${XARGST} ${PHTTPGET} ${SERVERNAME}	\
1889		    2>${QUIETREDIR}
1890
1891		# Make sure we got them all, and move them into /files/
1892		while read Y; do
1893			if ! [ -f ${Y}.gz ]; then
1894				echo "failed."
1895				return 1
1896			fi
1897			if [ `gunzip -c < ${Y}.gz |
1898			    ${SHA256} -q` = ${Y} ]; then
1899				mv ${Y}.gz files/${Y}.gz
1900			else
1901				echo "${Y} has incorrect hash."
1902				return 1
1903			fi
1904		done < filelist
1905		echo "done."
1906
1907		# Clean up
1908		rm filelist files.wanted
1909	fi
1910}
1911
1912# Prepare to fetch files: Generate a list of the files we need,
1913# copy the unmodified files we have into /files/, and generate
1914# a list of patches to download.
1915fetch_files_prepare () {
1916	# Tell the user why his disk is suddenly making lots of noise
1917	echo -n "Preparing to download files... "
1918
1919	# Reduce indices to ${PATH}|${HASH} pairs
1920	for X in $1 $2 $3; do
1921		cut -f 1,2,7 -d '|' < ${X} |
1922		    fgrep '|f|' |
1923		    cut -f 1,3 -d '|' |
1924		    sort > ${X}.hashes
1925	done
1926
1927	# List of files wanted
1928	cut -f 2 -d '|' < $3.hashes |
1929	    sort -u |
1930	    while read HASH; do
1931		if ! [ -f files/${HASH}.gz ]; then
1932			echo ${HASH}
1933		fi
1934	done > files.wanted
1935
1936	# Generate a list of unmodified files
1937	comm -12 $1.hashes $2.hashes |
1938	    sort -k 1,1 -t '|' > unmodified.files
1939
1940	# Copy all files into /files/.  We only need the unmodified files
1941	# for use in patching; but we'll want all of them if the user asks
1942	# to rollback the updates later.
1943	while read LINE; do
1944		F=`echo "${LINE}" | cut -f 1 -d '|'`
1945		HASH=`echo "${LINE}" | cut -f 2 -d '|'`
1946
1947		# Skip files we already have.
1948		if [ -f files/${HASH}.gz ]; then
1949			continue
1950		fi
1951
1952		# Make sure the file hasn't changed.
1953		cp "${BASEDIR}/${F}" tmpfile
1954		if [ `sha256 -q tmpfile` != ${HASH} ]; then
1955			echo
1956			echo "File changed while FreeBSD Update running: ${F}"
1957			return 1
1958		fi
1959
1960		# Place the file into storage.
1961		gzip -c < tmpfile > files/${HASH}.gz
1962		rm tmpfile
1963	done < $2.hashes
1964
1965	# Produce a list of patches to download
1966	sort -k 1,1 -t '|' $3.hashes |
1967	    join -t '|' -o 2.2,1.2 - unmodified.files |
1968	    fetch_make_patchlist > patchlist
1969
1970	# Garbage collect
1971	rm unmodified.files $1.hashes $2.hashes $3.hashes
1972
1973	# We don't need the list of possible old files any more.
1974	rm $1
1975
1976	# We're finished making noise
1977	echo "done."
1978}
1979
1980# Fetch files.
1981fetch_files () {
1982	# Attempt to fetch patches
1983	if [ -s patchlist ]; then
1984		echo -n "Fetching `wc -l < patchlist | tr -d ' '` "
1985		echo ${NDEBUG} "patches.${DDSTATS}"
1986		tr '|' '-' < patchlist |
1987		    lam -s "${PATCHDIR}/" - |
1988		    xargs ${XARGST} ${PHTTPGET} ${SERVERNAME}	\
1989			2>${STATSREDIR} | fetch_progress
1990		echo "done."
1991
1992		# Attempt to apply patches
1993		echo -n "Applying patches... "
1994		tr '|' ' ' < patchlist |
1995		    while read X Y; do
1996			if [ ! -f "${X}-${Y}" ]; then continue; fi
1997			gunzip -c < files/${X}.gz > OLD
1998
1999			bspatch OLD NEW ${X}-${Y}
2000
2001			if [ `${SHA256} -q NEW` = ${Y} ]; then
2002				mv NEW files/${Y}
2003				gzip -n files/${Y}
2004			fi
2005			rm -f diff OLD NEW ${X}-${Y}
2006		done 2>${QUIETREDIR}
2007		echo "done."
2008	fi
2009
2010	# Download files which couldn't be generate via patching
2011	while read Y; do
2012		if [ ! -f "files/${Y}.gz" ]; then
2013			echo ${Y};
2014		fi
2015	done < files.wanted > filelist
2016
2017	if [ -s filelist ]; then
2018		echo -n "Fetching `wc -l < filelist | tr -d ' '` "
2019		echo ${NDEBUG} "files... "
2020		lam -s "${FETCHDIR}/f/" - -s ".gz" < filelist |
2021		    xargs ${XARGST} ${PHTTPGET} ${SERVERNAME}	\
2022			2>${STATSREDIR} | fetch_progress
2023
2024		while read Y; do
2025			if ! [ -f ${Y}.gz ]; then
2026				echo "failed."
2027				return 1
2028			fi
2029			if [ `gunzip -c < ${Y}.gz |
2030			    ${SHA256} -q` = ${Y} ]; then
2031				mv ${Y}.gz files/${Y}.gz
2032			else
2033				echo "${Y} has incorrect hash."
2034				return 1
2035			fi
2036		done < filelist
2037		echo "done."
2038	fi
2039
2040	# Clean up
2041	rm files.wanted filelist patchlist
2042}
2043
2044# Create and populate install manifest directory; and report what updates
2045# are available.
2046fetch_create_manifest () {
2047	# If we have an existing install manifest, nuke it.
2048	if [ -L "${BDHASH}-install" ]; then
2049		rm -r ${BDHASH}-install/
2050		rm ${BDHASH}-install
2051	fi
2052
2053	# Report to the user if any updates were avoided due to local changes
2054	if [ -s modifiedfiles ]; then
2055		cat - modifiedfiles <<- EOF | ${PAGER}
2056			The following files are affected by updates. No changes have
2057			been downloaded, however, because the files have been modified
2058			locally:
2059		EOF
2060	fi
2061	rm modifiedfiles
2062
2063	# If no files will be updated, tell the user and exit
2064	if ! [ -s INDEX-PRESENT ] &&
2065	    ! [ -s INDEX-NEW ]; then
2066		rm INDEX-PRESENT INDEX-NEW
2067		echo
2068		echo -n "No updates needed to update system to "
2069		echo "${RELNUM}-p${RELPATCHNUM}."
2070		return
2071	fi
2072
2073	# Divide files into (a) removed files, (b) added files, and
2074	# (c) updated files.
2075	cut -f 1 -d '|' < INDEX-PRESENT |
2076	    sort > INDEX-PRESENT.flist
2077	cut -f 1 -d '|' < INDEX-NEW |
2078	    sort > INDEX-NEW.flist
2079	comm -23 INDEX-PRESENT.flist INDEX-NEW.flist > files.removed
2080	comm -13 INDEX-PRESENT.flist INDEX-NEW.flist > files.added
2081	comm -12 INDEX-PRESENT.flist INDEX-NEW.flist > files.updated
2082	rm INDEX-PRESENT.flist INDEX-NEW.flist
2083
2084	# Report removed files, if any
2085	if [ -s files.removed ]; then
2086		cat - files.removed <<- EOF | ${PAGER}
2087			The following files will be removed as part of updating to
2088			${RELNUM}-p${RELPATCHNUM}:
2089		EOF
2090	fi
2091	rm files.removed
2092
2093	# Report added files, if any
2094	if [ -s files.added ]; then
2095		cat - files.added <<- EOF | ${PAGER}
2096			The following files will be added as part of updating to
2097			${RELNUM}-p${RELPATCHNUM}:
2098		EOF
2099	fi
2100	rm files.added
2101
2102	# Report updated files, if any
2103	if [ -s files.updated ]; then
2104		cat - files.updated <<- EOF | ${PAGER}
2105			The following files will be updated as part of updating to
2106			${RELNUM}-p${RELPATCHNUM}:
2107		EOF
2108	fi
2109	rm files.updated
2110
2111	# Create a directory for the install manifest.
2112	MDIR=`mktemp -d install.XXXXXX` || return 1
2113
2114	# Populate it
2115	mv INDEX-PRESENT ${MDIR}/INDEX-OLD
2116	mv INDEX-NEW ${MDIR}/INDEX-NEW
2117
2118	# Link it into place
2119	ln -s ${MDIR} ${BDHASH}-install
2120}
2121
2122# Warn about any upcoming EoL
2123fetch_warn_eol () {
2124	# What's the current time?
2125	NOWTIME=`date "+%s"`
2126
2127	# When did we last warn about the EoL date?
2128	if [ -f lasteolwarn ]; then
2129		LASTWARN=`cat lasteolwarn`
2130	else
2131		LASTWARN=`expr ${NOWTIME} - 63072000`
2132	fi
2133
2134	# If the EoL time is past, warn.
2135	if [ ${EOLTIME} -lt ${NOWTIME} ]; then
2136		echo
2137		cat <<-EOF
2138		WARNING: `uname -sr` HAS PASSED ITS END-OF-LIFE DATE.
2139		Any security issues discovered after `date -r ${EOLTIME}`
2140		will not have been corrected.
2141		EOF
2142		return 1
2143	fi
2144
2145	# Figure out how long it has been since we last warned about the
2146	# upcoming EoL, and how much longer we have left.
2147	SINCEWARN=`expr ${NOWTIME} - ${LASTWARN}`
2148	TIMELEFT=`expr ${EOLTIME} - ${NOWTIME}`
2149
2150	# Don't warn if the EoL is more than 3 months away
2151	if [ ${TIMELEFT} -gt 7884000 ]; then
2152		return 0
2153	fi
2154
2155	# Don't warn if the time remaining is more than 3 times the time
2156	# since the last warning.
2157	if [ ${TIMELEFT} -gt `expr ${SINCEWARN} \* 3` ]; then
2158		return 0
2159	fi
2160
2161	# Figure out what time units to use.
2162	if [ ${TIMELEFT} -lt 604800 ]; then
2163		UNIT="day"
2164		SIZE=86400
2165	elif [ ${TIMELEFT} -lt 2678400 ]; then
2166		UNIT="week"
2167		SIZE=604800
2168	else
2169		UNIT="month"
2170		SIZE=2678400
2171	fi
2172
2173	# Compute the right number of units
2174	NUM=`expr ${TIMELEFT} / ${SIZE}`
2175	if [ ${NUM} != 1 ]; then
2176		UNIT="${UNIT}s"
2177	fi
2178
2179	# Print the warning
2180	echo
2181	cat <<-EOF
2182		WARNING: `uname -sr` is approaching its End-of-Life date.
2183		It is strongly recommended that you upgrade to a newer
2184		release within the next ${NUM} ${UNIT}.
2185	EOF
2186
2187	# Update the stored time of last warning
2188	echo ${NOWTIME} > lasteolwarn
2189}
2190
2191# Do the actual work involved in "fetch" / "cron".
2192fetch_run () {
2193	workdir_init || return 1
2194
2195	# Prepare the mirror list.
2196	fetch_pick_server_init && fetch_pick_server
2197
2198	# Try to fetch the public key until we run out of servers.
2199	while ! fetch_key; do
2200		fetch_pick_server || return 1
2201	done
2202
2203	# Try to fetch the metadata index signature ("tag") until we run
2204	# out of available servers; and sanity check the downloaded tag.
2205	while ! fetch_tag; do
2206		fetch_pick_server || return 1
2207	done
2208	fetch_tagsanity || return 1
2209
2210	# Fetch the latest INDEX-NEW and INDEX-OLD files.
2211	fetch_metadata INDEX-NEW INDEX-OLD || return 1
2212
2213	# Generate filtered INDEX-NEW and INDEX-OLD files containing only
2214	# the lines which (a) belong to components we care about, and (b)
2215	# don't correspond to paths we're explicitly ignoring.
2216	fetch_filter_metadata INDEX-NEW || return 1
2217	fetch_filter_metadata INDEX-OLD || return 1
2218
2219	# Translate /boot/${KERNCONF} into ${KERNELDIR}
2220	fetch_filter_kernel_names INDEX-NEW ${KERNCONF}
2221	fetch_filter_kernel_names INDEX-OLD ${KERNCONF}
2222
2223	# For all paths appearing in INDEX-OLD or INDEX-NEW, inspect the
2224	# system and generate an INDEX-PRESENT file.
2225	fetch_inspect_system INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1
2226
2227	# Based on ${UPDATEIFUNMODIFIED}, remove lines from INDEX-* which
2228	# correspond to lines in INDEX-PRESENT with hashes not appearing
2229	# in INDEX-OLD or INDEX-NEW.  Also remove lines where the entry in
2230	# INDEX-PRESENT has type - and there isn't a corresponding entry in
2231	# INDEX-OLD with type -.
2232	fetch_filter_unmodified_notpresent	\
2233	    INDEX-OLD INDEX-PRESENT INDEX-NEW /dev/null
2234
2235	# For each entry in INDEX-PRESENT of type -, remove any corresponding
2236	# entry from INDEX-NEW if ${ALLOWADD} != "yes".  Remove all entries
2237	# of type - from INDEX-PRESENT.
2238	fetch_filter_allowadd INDEX-PRESENT INDEX-NEW
2239
2240	# If ${ALLOWDELETE} != "yes", then remove any entries from
2241	# INDEX-PRESENT which don't correspond to entries in INDEX-NEW.
2242	fetch_filter_allowdelete INDEX-PRESENT INDEX-NEW
2243
2244	# If ${KEEPMODIFIEDMETADATA} == "yes", then for each entry in
2245	# INDEX-PRESENT with metadata not matching any entry in INDEX-OLD,
2246	# replace the corresponding line of INDEX-NEW with one having the
2247	# same metadata as the entry in INDEX-PRESENT.
2248	fetch_filter_modified_metadata INDEX-OLD INDEX-PRESENT INDEX-NEW
2249
2250	# Remove lines from INDEX-PRESENT and INDEX-NEW which are identical;
2251	# no need to update a file if it isn't changing.
2252	fetch_filter_uptodate INDEX-PRESENT INDEX-NEW
2253
2254	# Prepare to fetch files: Generate a list of the files we need,
2255	# copy the unmodified files we have into /files/, and generate
2256	# a list of patches to download.
2257	fetch_files_prepare INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1
2258
2259	# Fetch files.
2260	fetch_files || return 1
2261
2262	# Create and populate install manifest directory; and report what
2263	# updates are available.
2264	fetch_create_manifest || return 1
2265
2266	# Warn about any upcoming EoL
2267	fetch_warn_eol || return 1
2268}
2269
2270# If StrictComponents is not "yes", generate a new components list
2271# with only the components which appear to be installed.
2272upgrade_guess_components () {
2273	if [ "${STRICTCOMPONENTS}" = "no" ]; then
2274		# Generate filtered INDEX-ALL with only the components listed
2275		# in COMPONENTS.
2276		fetch_filter_metadata_components $1 || return 1
2277
2278		# Tell the user why his disk is suddenly making lots of noise
2279		echo -n "Inspecting system... "
2280
2281		# Look at the files on disk, and assume that a component is
2282		# supposed to be present if it is more than half-present.
2283		cut -f 1-3 -d '|' < INDEX-ALL |
2284		    tr '|' ' ' |
2285		    while read C S F; do
2286			if [ -e ${BASEDIR}/${F} ]; then
2287				echo "+ ${C}|${S}"
2288			fi
2289			echo "= ${C}|${S}"
2290		    done |
2291		    sort |
2292		    uniq -c |
2293		    sed -E 's,^ +,,' > compfreq
2294		grep ' = ' compfreq |
2295		    cut -f 1,3 -d ' ' |
2296		    sort -k 2,2 -t ' ' > compfreq.total
2297		grep ' + ' compfreq |
2298		    cut -f 1,3 -d ' ' |
2299		    sort -k 2,2 -t ' ' > compfreq.present
2300		join -t ' ' -1 2 -2 2 compfreq.present compfreq.total |
2301		    while read S P T; do
2302			if [ ${T} -ne 0 -a ${P} -gt `expr ${T} / 2` ]; then
2303				echo ${S}
2304			fi
2305		    done > comp.present
2306		cut -f 2 -d ' ' < compfreq.total > comp.total
2307		rm INDEX-ALL compfreq compfreq.total compfreq.present
2308
2309		# We're done making noise.
2310		echo "done."
2311
2312		# Sometimes the kernel isn't installed where INDEX-ALL
2313		# thinks that it should be: In particular, it is often in
2314		# /boot/kernel instead of /boot/GENERIC or /boot/SMP.  To
2315		# deal with this, if "kernel|X" is listed in comp.total
2316		# (i.e., is a component which would be upgraded if it is
2317		# found to be present) we will add it to comp.present.
2318		# If "kernel|<anything>" is in comp.total but "kernel|X" is
2319		# not, we print a warning -- the user is running a kernel
2320		# which isn't part of the release.
2321		KCOMP=`echo ${KERNCONF} | tr 'A-Z' 'a-z'`
2322		grep -E "^kernel\|${KCOMP}\$" comp.total >> comp.present
2323
2324		if grep -qE "^kernel\|" comp.total &&
2325		    ! grep -qE "^kernel\|${KCOMP}\$" comp.total; then
2326			cat <<-EOF
2327
2328WARNING: This system is running a "${KCOMP}" kernel, which is not a
2329kernel configuration distributed as part of FreeBSD ${RELNUM}.
2330This kernel will not be updated: you MUST update the kernel manually
2331before running "$0 install".
2332			EOF
2333		fi
2334
2335		# Re-sort the list of installed components and generate
2336		# the list of non-installed components.
2337		sort -u < comp.present > comp.present.tmp
2338		mv comp.present.tmp comp.present
2339		comm -13 comp.present comp.total > comp.absent
2340
2341		# Ask the user to confirm that what we have is correct.  To
2342		# reduce user confusion, translate "X|Y" back to "X/Y" (as
2343		# subcomponents must be listed in the configuration file).
2344		echo
2345		echo -n "The following components of FreeBSD "
2346		echo "seem to be installed:"
2347		tr '|' '/' < comp.present |
2348		    fmt -72
2349		echo
2350		echo -n "The following components of FreeBSD "
2351		echo "do not seem to be installed:"
2352		tr '|' '/' < comp.absent |
2353		    fmt -72
2354		echo
2355		continuep || return 1
2356		echo
2357
2358		# Suck the generated list of components into ${COMPONENTS}.
2359		# Note that comp.present.tmp is used due to issues with
2360		# pipelines and setting variables.
2361		COMPONENTS=""
2362		tr '|' '/' < comp.present > comp.present.tmp
2363		while read C; do
2364			COMPONENTS="${COMPONENTS} ${C}"
2365		done < comp.present.tmp
2366
2367		# Delete temporary files
2368		rm comp.present comp.present.tmp comp.absent comp.total
2369	fi
2370}
2371
2372# If StrictComponents is not "yes", COMPONENTS contains an entry
2373# corresponding to the currently running kernel, and said kernel
2374# does not exist in the new release, add "kernel/generic" to the
2375# list of components.
2376upgrade_guess_new_kernel () {
2377	if [ "${STRICTCOMPONENTS}" = "no" ]; then
2378		# Grab the unfiltered metadata file.
2379		METAHASH=`look "$1|" tINDEX.present | cut -f 2 -d '|'`
2380		gunzip -c < files/${METAHASH}.gz > $1.all
2381
2382		# If "kernel/${KCOMP}" is in ${COMPONENTS} and that component
2383		# isn't in $1.all, we need to add kernel/generic.
2384		for C in ${COMPONENTS}; do
2385			if [ ${C} = "kernel/${KCOMP}" ] &&
2386			    ! grep -qE "^kernel\|${KCOMP}\|" $1.all; then
2387				COMPONENTS="${COMPONENTS} kernel/generic"
2388				NKERNCONF="GENERIC"
2389				cat <<-EOF
2390
2391WARNING: This system is running a "${KCOMP}" kernel, which is not a
2392kernel configuration distributed as part of FreeBSD ${RELNUM}.
2393As part of upgrading to FreeBSD ${RELNUM}, this kernel will be
2394replaced with a "generic" kernel.
2395				EOF
2396				continuep || return 1
2397			fi
2398		done
2399
2400		# Don't need this any more...
2401		rm $1.all
2402	fi
2403}
2404
2405# Convert INDEX-OLD (last release) and INDEX-ALL (new release) into
2406# INDEX-OLD and INDEX-NEW files (in the sense of normal upgrades).
2407upgrade_oldall_to_oldnew () {
2408	# For each ${F}|... which appears in INDEX-ALL but does not appear
2409	# in INDEX-OLD, add ${F}|-|||||| to INDEX-OLD.
2410	cut -f 1 -d '|' < $1 |
2411	    sort -u > $1.paths
2412	cut -f 1 -d '|' < $2 |
2413	    sort -u |
2414	    comm -13 $1.paths - |
2415	    lam - -s "|-||||||" |
2416	    sort - $1 > $1.tmp
2417	mv $1.tmp $1
2418
2419	# Remove lines from INDEX-OLD which also appear in INDEX-ALL
2420	comm -23 $1 $2 > $1.tmp
2421	mv $1.tmp $1
2422
2423	# Remove lines from INDEX-ALL which have a file name not appearing
2424	# anywhere in INDEX-OLD (since these must be files which haven't
2425	# changed -- if they were new, there would be an entry of type "-").
2426	cut -f 1 -d '|' < $1 |
2427	    sort -u > $1.paths
2428	sort -k 1,1 -t '|' < $2 |
2429	    join -t '|' - $1.paths |
2430	    sort > $2.tmp
2431	rm $1.paths
2432	mv $2.tmp $2
2433
2434	# Rename INDEX-ALL to INDEX-NEW.
2435	mv $2 $3
2436}
2437
2438# Helper for upgrade_merge: Return zero true iff the two files differ only
2439# in the contents of their RCS tags.
2440samef () {
2441	X=`sed -E 's/\\$FreeBSD.*\\$/\$FreeBSD\$/' < $1 | ${SHA256}`
2442	Y=`sed -E 's/\\$FreeBSD.*\\$/\$FreeBSD\$/' < $2 | ${SHA256}`
2443
2444	if [ $X = $Y ]; then
2445		return 0;
2446	else
2447		return 1;
2448	fi
2449}
2450
2451# From the list of "old" files in $1, merge changes in $2 with those in $3,
2452# and update $3 to reflect the hashes of merged files.
2453upgrade_merge () {
2454	# We only need to do anything if $1 is non-empty.
2455	if [ -s $1 ]; then
2456		cut -f 1 -d '|' $1 |
2457		    sort > $1-paths
2458
2459		# Create staging area for merging files
2460		rm -rf merge/
2461		while read F; do
2462			D=`dirname ${F}`
2463			mkdir -p merge/old/${D}
2464			mkdir -p merge/${OLDRELNUM}/${D}
2465			mkdir -p merge/${RELNUM}/${D}
2466			mkdir -p merge/new/${D}
2467		done < $1-paths
2468
2469		# Copy in files
2470		while read F; do
2471			# Currently installed file
2472			V=`look "${F}|" $2 | cut -f 7 -d '|'`
2473			gunzip < files/${V}.gz > merge/old/${F}
2474
2475			# Old release
2476			if look "${F}|" $1 | fgrep -q "|f|"; then
2477				V=`look "${F}|" $1 | cut -f 3 -d '|'`
2478				gunzip < files/${V}.gz		\
2479				    > merge/${OLDRELNUM}/${F}
2480			fi
2481
2482			# New release
2483			if look "${F}|" $3 | cut -f 1,2,7 -d '|' |
2484			    fgrep -q "|f|"; then
2485				V=`look "${F}|" $3 | cut -f 7 -d '|'`
2486				gunzip < files/${V}.gz		\
2487				    > merge/${RELNUM}/${F}
2488			fi
2489		done < $1-paths
2490
2491		# Attempt to automatically merge changes
2492		echo -n "Attempting to automatically merge "
2493		echo -n "changes in files..."
2494		: > failed.merges
2495		while read F; do
2496			# If the file doesn't exist in the new release,
2497			# the result of "merging changes" is having the file
2498			# not exist.
2499			if ! [ -f merge/${RELNUM}/${F} ]; then
2500				continue
2501			fi
2502
2503			# If the file didn't exist in the old release, we're
2504			# going to throw away the existing file and hope that
2505			# the version from the new release is what we want.
2506			if ! [ -f merge/${OLDRELNUM}/${F} ]; then
2507				cp merge/${RELNUM}/${F} merge/new/${F}
2508				continue
2509			fi
2510
2511			# Some files need special treatment.
2512			case ${F} in
2513			/etc/spwd.db | /etc/pwd.db | /etc/login.conf.db)
2514				# Don't merge these -- we're rebuild them
2515				# after updates are installed.
2516				cp merge/old/${F} merge/new/${F}
2517				;;
2518			*)
2519				if ! diff3 -E -m -L "current version"	\
2520				    -L "${OLDRELNUM}" -L "${RELNUM}"	\
2521				    merge/old/${F}			\
2522				    merge/${OLDRELNUM}/${F}		\
2523				    merge/${RELNUM}/${F}		\
2524				    > merge/new/${F} 2>/dev/null; then
2525					echo ${F} >> failed.merges
2526				fi
2527				;;
2528			esac
2529		done < $1-paths
2530		echo " done."
2531
2532		# Ask the user to handle any files which didn't merge.
2533		while read F; do
2534			# If the installed file differs from the version in
2535			# the old release only due to RCS tag expansion
2536			# then just use the version in the new release.
2537			if samef merge/old/${F} merge/${OLDRELNUM}/${F}; then
2538				cp merge/${RELNUM}/${F} merge/new/${F}
2539				continue
2540			fi
2541
2542			cat <<-EOF
2543
2544The following file could not be merged automatically: ${F}
2545Press Enter to edit this file in ${EDITOR} and resolve the conflicts
2546manually...
2547			EOF
2548			while true; do
2549				read dummy </dev/tty
2550				${EDITOR} `pwd`/merge/new/${F} < /dev/tty
2551
2552				if ! grep -qE '^(<<<<<<<|=======|>>>>>>>)([[:space:]].*)?$' $(pwd)/merge/new/${F} ; then
2553					break
2554				fi
2555				cat <<-EOF
2556
2557Merge conflict markers remain in: ${F}
2558These must be resolved for the system to be functional.
2559
2560Press Enter to return to editing this file.
2561				EOF
2562			done
2563		done < failed.merges
2564		rm failed.merges
2565
2566		# Ask the user to confirm that he likes how the result
2567		# of merging files.
2568		while read F; do
2569			# Skip files which haven't changed except possibly
2570			# in their RCS tags.
2571			if [ -f merge/old/${F} ] && [ -f merge/new/${F} ] &&
2572			    samef merge/old/${F} merge/new/${F}; then
2573				continue
2574			fi
2575
2576			# Skip files where the installed file differs from
2577			# the old file only due to RCS tags.
2578			if [ -f merge/old/${F} ] &&
2579			    [ -f merge/${OLDRELNUM}/${F} ] &&
2580			    samef merge/old/${F} merge/${OLDRELNUM}/${F}; then
2581				continue
2582			fi
2583
2584			# Warn about files which are ceasing to exist.
2585			if ! [ -f merge/new/${F} ]; then
2586				cat <<-EOF
2587
2588The following file will be removed, as it no longer exists in
2589FreeBSD ${RELNUM}: ${F}
2590				EOF
2591				continuep < /dev/tty || return 1
2592				continue
2593			fi
2594
2595			# Print changes for the user's approval.
2596			cat <<-EOF
2597
2598The following changes, which occurred between FreeBSD ${OLDRELNUM} and
2599FreeBSD ${RELNUM} have been merged into ${F}:
2600EOF
2601			diff -U 5 -L "current version" -L "new version"	\
2602			    merge/old/${F} merge/new/${F} || true
2603			continuep < /dev/tty || return 1
2604		done < $1-paths
2605
2606		# Store merged files.
2607		while read F; do
2608			if [ -f merge/new/${F} ]; then
2609				V=`${SHA256} -q merge/new/${F}`
2610
2611				gzip -c < merge/new/${F} > files/${V}.gz
2612				echo "${F}|${V}"
2613			fi
2614		done < $1-paths > newhashes
2615
2616		# Pull lines out from $3 which need to be updated to
2617		# reflect merged files.
2618		while read F; do
2619			look "${F}|" $3
2620		done < $1-paths > $3-oldlines
2621
2622		# Update lines to reflect merged files
2623		join -t '|' -o 1.1,1.2,1.3,1.4,1.5,1.6,2.2,1.8		\
2624		    $3-oldlines newhashes > $3-newlines
2625
2626		# Remove old lines from $3 and add new lines.
2627		sort $3-oldlines |
2628		    comm -13 - $3 |
2629		    sort - $3-newlines > $3.tmp
2630		mv $3.tmp $3
2631
2632		# Clean up
2633		rm $1-paths newhashes $3-oldlines $3-newlines
2634		rm -rf merge/
2635	fi
2636
2637	# We're done with merging files.
2638	rm $1
2639}
2640
2641# Do the work involved in fetching upgrades to a new release
2642upgrade_run () {
2643	workdir_init || return 1
2644
2645	# Prepare the mirror list.
2646	fetch_pick_server_init && fetch_pick_server
2647
2648	# Try to fetch the public key until we run out of servers.
2649	while ! fetch_key; do
2650		fetch_pick_server || return 1
2651	done
2652
2653	# Try to fetch the metadata index signature ("tag") until we run
2654	# out of available servers; and sanity check the downloaded tag.
2655	while ! fetch_tag; do
2656		fetch_pick_server || return 1
2657	done
2658	fetch_tagsanity || return 1
2659
2660	# Fetch the INDEX-OLD and INDEX-ALL.
2661	fetch_metadata INDEX-OLD INDEX-ALL || return 1
2662
2663	# If StrictComponents is not "yes", generate a new components list
2664	# with only the components which appear to be installed.
2665	upgrade_guess_components INDEX-ALL || return 1
2666
2667	# Generate filtered INDEX-OLD and INDEX-ALL files containing only
2668	# the components we want and without anything marked as "Ignore".
2669	fetch_filter_metadata INDEX-OLD || return 1
2670	fetch_filter_metadata INDEX-ALL || return 1
2671
2672	# Merge the INDEX-OLD and INDEX-ALL files into INDEX-OLD.
2673	sort INDEX-OLD INDEX-ALL > INDEX-OLD.tmp
2674	mv INDEX-OLD.tmp INDEX-OLD
2675	rm INDEX-ALL
2676
2677	# Adjust variables for fetching files from the new release.
2678	OLDRELNUM=${RELNUM}
2679	RELNUM=${TARGETRELEASE}
2680	OLDFETCHDIR=${FETCHDIR}
2681	FETCHDIR=${RELNUM}/${ARCH}
2682
2683	# Try to fetch the NEW metadata index signature ("tag") until we run
2684	# out of available servers; and sanity check the downloaded tag.
2685	while ! fetch_tag; do
2686		fetch_pick_server || return 1
2687	done
2688
2689	# Fetch the new INDEX-ALL.
2690	fetch_metadata INDEX-ALL || return 1
2691
2692	# If StrictComponents is not "yes", COMPONENTS contains an entry
2693	# corresponding to the currently running kernel, and said kernel
2694	# does not exist in the new release, add "kernel/generic" to the
2695	# list of components.
2696	upgrade_guess_new_kernel INDEX-ALL || return 1
2697
2698	# Filter INDEX-ALL to contain only the components we want and without
2699	# anything marked as "Ignore".
2700	fetch_filter_metadata INDEX-ALL || return 1
2701
2702	# Convert INDEX-OLD (last release) and INDEX-ALL (new release) into
2703	# INDEX-OLD and INDEX-NEW files (in the sense of normal upgrades).
2704	upgrade_oldall_to_oldnew INDEX-OLD INDEX-ALL INDEX-NEW
2705
2706	# Translate /boot/${KERNCONF} or /boot/${NKERNCONF} into ${KERNELDIR}
2707	fetch_filter_kernel_names INDEX-NEW ${NKERNCONF}
2708	fetch_filter_kernel_names INDEX-OLD ${KERNCONF}
2709
2710	# For all paths appearing in INDEX-OLD or INDEX-NEW, inspect the
2711	# system and generate an INDEX-PRESENT file.
2712	fetch_inspect_system INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1
2713
2714	# Based on ${MERGECHANGES}, generate a file tomerge-old with the
2715	# paths and hashes of old versions of files to merge.
2716	fetch_filter_mergechanges INDEX-OLD INDEX-PRESENT INDEX-NEW tomerge-old
2717
2718	# Based on ${UPDATEIFUNMODIFIED}, remove lines from INDEX-* which
2719	# correspond to lines in INDEX-PRESENT with hashes not appearing
2720	# in INDEX-OLD or INDEX-NEW.  Also remove lines where the entry in
2721	# INDEX-PRESENT has type - and there isn't a corresponding entry in
2722	# INDEX-OLD with type -.
2723	fetch_filter_unmodified_notpresent	\
2724	    INDEX-OLD INDEX-PRESENT INDEX-NEW tomerge-old
2725
2726	# For each entry in INDEX-PRESENT of type -, remove any corresponding
2727	# entry from INDEX-NEW if ${ALLOWADD} != "yes".  Remove all entries
2728	# of type - from INDEX-PRESENT.
2729	fetch_filter_allowadd INDEX-PRESENT INDEX-NEW
2730
2731	# If ${ALLOWDELETE} != "yes", then remove any entries from
2732	# INDEX-PRESENT which don't correspond to entries in INDEX-NEW.
2733	fetch_filter_allowdelete INDEX-PRESENT INDEX-NEW
2734
2735	# If ${KEEPMODIFIEDMETADATA} == "yes", then for each entry in
2736	# INDEX-PRESENT with metadata not matching any entry in INDEX-OLD,
2737	# replace the corresponding line of INDEX-NEW with one having the
2738	# same metadata as the entry in INDEX-PRESENT.
2739	fetch_filter_modified_metadata INDEX-OLD INDEX-PRESENT INDEX-NEW
2740
2741	# Remove lines from INDEX-PRESENT and INDEX-NEW which are identical;
2742	# no need to update a file if it isn't changing.
2743	fetch_filter_uptodate INDEX-PRESENT INDEX-NEW
2744
2745	# Fetch "clean" files from the old release for merging changes.
2746	fetch_files_premerge tomerge-old
2747
2748	# Prepare to fetch files: Generate a list of the files we need,
2749	# copy the unmodified files we have into /files/, and generate
2750	# a list of patches to download.
2751	fetch_files_prepare INDEX-OLD INDEX-PRESENT INDEX-NEW || return 1
2752
2753	# Fetch patches from to-${RELNUM}/${ARCH}/bp/
2754	PATCHDIR=to-${RELNUM}/${ARCH}/bp
2755	fetch_files || return 1
2756
2757	# Merge configuration file changes.
2758	upgrade_merge tomerge-old INDEX-PRESENT INDEX-NEW || return 1
2759
2760	# Create and populate install manifest directory; and report what
2761	# updates are available.
2762	fetch_create_manifest || return 1
2763
2764	# Leave a note behind to tell the "install" command that the kernel
2765	# needs to be installed before the world.
2766	touch ${BDHASH}-install/kernelfirst
2767
2768	# Remind the user that they need to run "freebsd-update install"
2769	# to install the downloaded bits, in case they didn't RTFM.
2770	echo "To install the downloaded upgrades, run \"$0 install\"."
2771}
2772
2773# Make sure that all the file hashes mentioned in $@ have corresponding
2774# gzipped files stored in /files/.
2775install_verify () {
2776	# Generate a list of hashes
2777	cat $@ |
2778	    cut -f 2,7 -d '|' |
2779	    grep -E '^f' |
2780	    cut -f 2 -d '|' |
2781	    sort -u > filelist
2782
2783	# Make sure all the hashes exist
2784	while read HASH; do
2785		if ! [ -f files/${HASH}.gz ]; then
2786			echo -n "Update files missing -- "
2787			echo "this should never happen."
2788			echo "Re-run '$0 fetch'."
2789			return 1
2790		fi
2791	done < filelist
2792
2793	# Clean up
2794	rm filelist
2795}
2796
2797# Remove the system immutable flag from files
2798install_unschg () {
2799	# Generate file list
2800	cat $@ |
2801	    cut -f 1 -d '|' > filelist
2802
2803	# Remove flags
2804	while read F; do
2805		if ! [ -e ${BASEDIR}/${F} ]; then
2806			continue
2807		else
2808			echo ${BASEDIR}/${F}
2809		fi
2810	done < filelist | xargs chflags noschg || return 1
2811
2812	# Clean up
2813	rm filelist
2814}
2815
2816# Decide which directory name to use for kernel backups.
2817backup_kernel_finddir () {
2818	CNT=0
2819	while true ; do
2820		# Pathname does not exist, so it is OK use that name
2821		# for backup directory.
2822		if [ ! -e $BASEDIR/$BACKUPKERNELDIR ]; then
2823			return 0
2824		fi
2825
2826		# If directory do exist, we only use if it has our
2827		# marker file.
2828		if [ -d $BASEDIR/$BACKUPKERNELDIR -a \
2829			-e $BASEDIR/$BACKUPKERNELDIR/.freebsd-update ]; then
2830			return 0
2831		fi
2832
2833		# We could not use current directory name, so add counter to
2834		# the end and try again.
2835		CNT=$((CNT + 1))
2836		if [ $CNT -gt 9 ]; then
2837			echo "Could not find valid backup dir ($BASEDIR/$BACKUPKERNELDIR)"
2838			exit 1
2839		fi
2840		BACKUPKERNELDIR="`echo $BACKUPKERNELDIR | sed -Ee 's/[0-9]\$//'`"
2841		BACKUPKERNELDIR="${BACKUPKERNELDIR}${CNT}"
2842	done
2843}
2844
2845# Backup the current kernel using hardlinks, if not disabled by user.
2846# Since we delete all files in the directory used for previous backups
2847# we create a marker file called ".freebsd-update" in the directory so
2848# we can determine on the next run that the directory was created by
2849# freebsd-update and we then do not accidentally remove user files in
2850# the unlikely case that the user has created a directory with a
2851# conflicting name.
2852backup_kernel () {
2853	# Only make kernel backup is so configured.
2854	if [ $BACKUPKERNEL != yes ]; then
2855		return 0
2856	fi
2857
2858	# Decide which directory name to use for kernel backups.
2859	backup_kernel_finddir
2860
2861	# Remove old kernel backup files.  If $BACKUPKERNELDIR was
2862	# "not ours", backup_kernel_finddir would have exited, so
2863	# deleting the directory content is as safe as we can make it.
2864	if [ -d $BASEDIR/$BACKUPKERNELDIR ]; then
2865		rm -fr $BASEDIR/$BACKUPKERNELDIR
2866	fi
2867
2868	# Create directories for backup.
2869	mkdir -p $BASEDIR/$BACKUPKERNELDIR
2870	mtree -cdn -p "${BASEDIR}/${KERNELDIR}" | \
2871	    mtree -Ue -p "${BASEDIR}/${BACKUPKERNELDIR}" > /dev/null
2872
2873	# Mark the directory as having been created by freebsd-update.
2874	touch $BASEDIR/$BACKUPKERNELDIR/.freebsd-update
2875	if [ $? -ne 0 ]; then
2876		echo "Could not create kernel backup directory"
2877		exit 1
2878	fi
2879
2880	# Disable pathname expansion to be sure *.symbols is not
2881	# expanded.
2882	set -f
2883
2884	# Use find to ignore symbol files, unless disabled by user.
2885	if [ $BACKUPKERNELSYMBOLFILES = yes ]; then
2886		FINDFILTER=""
2887	else
2888		FINDFILTER="-a ! -name *.debug -a ! -name *.symbols"
2889	fi
2890
2891	# Backup all the kernel files using hardlinks.
2892	(cd ${BASEDIR}/${KERNELDIR} && find . -type f $FINDFILTER -exec \
2893	    cp -pl '{}' ${BASEDIR}/${BACKUPKERNELDIR}/'{}' \;)
2894
2895	# Re-enable patchname expansion.
2896	set +f
2897}
2898
2899# Install new files
2900install_from_index () {
2901	# First pass: Do everything apart from setting file flags.  We
2902	# can't set flags yet, because schg inhibits hard linking.
2903	sort -k 1,1 -t '|' $1 |
2904	    tr '|' ' ' |
2905	    while read FPATH TYPE OWNER GROUP PERM FLAGS HASH LINK; do
2906		case ${TYPE} in
2907		d)
2908			# Create a directory
2909			install -d -o ${OWNER} -g ${GROUP}		\
2910			    -m ${PERM} ${BASEDIR}/${FPATH}
2911			;;
2912		f)
2913			if [ -z "${LINK}" ]; then
2914				# Create a file, without setting flags.
2915				gunzip < files/${HASH}.gz > ${HASH}
2916				install -S -o ${OWNER} -g ${GROUP}	\
2917				    -m ${PERM} ${HASH} ${BASEDIR}/${FPATH}
2918				rm ${HASH}
2919			else
2920				# Create a hard link.
2921				ln -f ${BASEDIR}/${LINK} ${BASEDIR}/${FPATH}
2922			fi
2923			;;
2924		L)
2925			# Create a symlink
2926			ln -sfh ${HASH} ${BASEDIR}/${FPATH}
2927			;;
2928		esac
2929	    done
2930
2931	# Perform a second pass, adding file flags.
2932	tr '|' ' ' < $1 |
2933	    while read FPATH TYPE OWNER GROUP PERM FLAGS HASH LINK; do
2934		if [ ${TYPE} = "f" ] &&
2935		    ! [ ${FLAGS} = "0" ]; then
2936			chflags ${FLAGS} ${BASEDIR}/${FPATH}
2937		fi
2938	    done
2939}
2940
2941# Remove files which we want to delete
2942install_delete () {
2943	# Generate list of new files
2944	cut -f 1 -d '|' < $2 |
2945	    sort > newfiles
2946
2947	# Generate subindex of old files we want to nuke
2948	sort -k 1,1 -t '|' $1 |
2949	    join -t '|' -v 1 - newfiles |
2950	    sort -r -k 1,1 -t '|' |
2951	    cut -f 1,2 -d '|' |
2952	    tr '|' ' ' > killfiles
2953
2954	# Remove the offending bits
2955	while read FPATH TYPE; do
2956		case ${TYPE} in
2957		d)
2958			rmdir ${BASEDIR}/${FPATH}
2959			;;
2960		f)
2961			rm ${BASEDIR}/${FPATH}
2962			;;
2963		L)
2964			rm ${BASEDIR}/${FPATH}
2965			;;
2966		esac
2967	done < killfiles
2968
2969	# Clean up
2970	rm newfiles killfiles
2971}
2972
2973# Install new files, delete old files, and update generated files
2974install_files () {
2975	# If we haven't already dealt with the kernel, deal with it.
2976	if ! [ -f $1/kerneldone ]; then
2977		grep -E '^/boot/' $1/INDEX-OLD > INDEX-OLD
2978		grep -E '^/boot/' $1/INDEX-NEW > INDEX-NEW
2979
2980		# Backup current kernel before installing a new one
2981		backup_kernel || return 1
2982
2983		# Install new files
2984		install_from_index INDEX-NEW || return 1
2985
2986		# Remove files which need to be deleted
2987		install_delete INDEX-OLD INDEX-NEW || return 1
2988
2989		# Update linker.hints if necessary
2990		if [ -s INDEX-OLD -o -s INDEX-NEW ]; then
2991			kldxref -R ${BASEDIR}/boot/ 2>/dev/null
2992		fi
2993
2994		# We've finished updating the kernel.
2995		touch $1/kerneldone
2996
2997		# Do we need to ask for a reboot now?
2998		if [ -f $1/kernelfirst ] &&
2999		    [ -s INDEX-OLD -o -s INDEX-NEW ]; then
3000			cat <<-EOF
3001
3002Kernel updates have been installed.  Please reboot and run
3003"$0 install" again to finish installing updates.
3004			EOF
3005			exit 0
3006		fi
3007	fi
3008
3009	# If we haven't already dealt with the world, deal with it.
3010	if ! [ -f $1/worlddone ]; then
3011		# Create any necessary directories first
3012		grep -vE '^/boot/' $1/INDEX-NEW |
3013		    grep -E '^[^|]+\|d\|' > INDEX-NEW
3014		install_from_index INDEX-NEW || return 1
3015
3016		# Install new runtime linker
3017		grep -vE '^/boot/' $1/INDEX-NEW |
3018		    grep -vE '^[^|]+\|d\|' |
3019		    grep -E '^/libexec/ld-elf[^|]*\.so\.[0-9]+\|' > INDEX-NEW
3020		install_from_index INDEX-NEW || return 1
3021
3022		# Install new shared libraries next
3023		grep -vE '^/boot/' $1/INDEX-NEW |
3024		    grep -vE '^[^|]+\|d\|' |
3025		    grep -vE '^/libexec/ld-elf[^|]*\.so\.[0-9]+\|' |
3026		    grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW
3027		install_from_index INDEX-NEW || return 1
3028
3029		# Deal with everything else
3030		grep -vE '^/boot/' $1/INDEX-OLD |
3031		    grep -vE '^[^|]+\|d\|' |
3032		    grep -vE '^/libexec/ld-elf[^|]*\.so\.[0-9]+\|' |
3033		    grep -vE '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-OLD
3034		grep -vE '^/boot/' $1/INDEX-NEW |
3035		    grep -vE '^[^|]+\|d\|' |
3036		    grep -vE '^/libexec/ld-elf[^|]*\.so\.[0-9]+\|' |
3037		    grep -vE '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW
3038		install_from_index INDEX-NEW || return 1
3039		install_delete INDEX-OLD INDEX-NEW || return 1
3040
3041		# Restart sshd if running (PR263489).  Note that this does not
3042		# affect child sshd processes handling existing sessions.
3043		if service sshd status >/dev/null 2>/dev/null; then
3044			echo
3045			echo "Restarting sshd after upgrade"
3046			service sshd restart
3047		fi
3048
3049		# Rehash certs if we actually have certctl installed.
3050		if which certctl>/dev/null; then
3051			env DESTDIR=${BASEDIR} certctl rehash
3052		fi
3053
3054		# Rebuild generated pwd files and /etc/login.conf.db.
3055		pwd_mkdb -d ${BASEDIR}/etc -p ${BASEDIR}/etc/master.passwd
3056		cap_mkdb ${BASEDIR}/etc/login.conf
3057
3058		# Rebuild man page databases, if necessary.
3059		for D in /usr/share/man /usr/share/openssl/man; do
3060			if [ ! -d ${BASEDIR}/$D ]; then
3061				continue
3062			fi
3063			if [ -f ${BASEDIR}/$D/mandoc.db ] && \
3064			    [ -z "$(find ${BASEDIR}/$D -type f -newer ${BASEDIR}/$D/mandoc.db)" ]; then
3065				continue;
3066			fi
3067			makewhatis ${BASEDIR}/$D
3068		done
3069
3070		# We've finished installing the world and deleting old files
3071		# which are not shared libraries.
3072		touch $1/worlddone
3073
3074		# Do we need to ask the user to portupgrade now?
3075		grep -vE '^/boot/' $1/INDEX-NEW |
3076		    grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' |
3077		    cut -f 1 -d '|' |
3078		    sort > newfiles
3079		if grep -vE '^/boot/' $1/INDEX-OLD |
3080		    grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' |
3081		    cut -f 1 -d '|' |
3082		    sort |
3083		    join -v 1 - newfiles |
3084		    grep -q .; then
3085			cat <<-EOF
3086
3087Completing this upgrade requires removing old shared object files.
3088Please rebuild all installed 3rd party software (e.g., programs
3089installed from the ports tree) and then run "$0 install"
3090again to finish installing updates.
3091			EOF
3092			rm newfiles
3093			exit 0
3094		fi
3095		rm newfiles
3096	fi
3097
3098	# Remove old shared libraries
3099	grep -vE '^/boot/' $1/INDEX-NEW |
3100	    grep -vE '^[^|]+\|d\|' |
3101	    grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-NEW
3102	grep -vE '^/boot/' $1/INDEX-OLD |
3103	    grep -vE '^[^|]+\|d\|' |
3104	    grep -E '^[^|]*/lib/[^|]*\.so\.[0-9]+\|' > INDEX-OLD
3105	install_delete INDEX-OLD INDEX-NEW || return 1
3106
3107	# Remove old directories
3108	grep -vE '^/boot/' $1/INDEX-NEW |
3109	    grep -E '^[^|]+\|d\|' > INDEX-NEW
3110	grep -vE '^/boot/' $1/INDEX-OLD |
3111	    grep -E '^[^|]+\|d\|' > INDEX-OLD
3112	install_delete INDEX-OLD INDEX-NEW || return 1
3113
3114	# Remove temporary files
3115	rm INDEX-OLD INDEX-NEW
3116}
3117
3118# Rearrange bits to allow the installed updates to be rolled back
3119install_setup_rollback () {
3120	# Remove the "reboot after installing kernel", "kernel updated", and
3121	# "finished installing the world" flags if present -- they are
3122	# irrelevant when rolling back updates.
3123	if [ -f ${BDHASH}-install/kernelfirst ]; then
3124		rm ${BDHASH}-install/kernelfirst
3125		rm ${BDHASH}-install/kerneldone
3126	fi
3127	if [ -f ${BDHASH}-install/worlddone ]; then
3128		rm ${BDHASH}-install/worlddone
3129	fi
3130
3131	if [ -L ${BDHASH}-rollback ]; then
3132		mv ${BDHASH}-rollback ${BDHASH}-install/rollback
3133	fi
3134
3135	mv ${BDHASH}-install ${BDHASH}-rollback
3136}
3137
3138# Actually install updates
3139install_run () {
3140	echo -n "Installing updates..."
3141
3142	# Make sure we have all the files we should have
3143	install_verify ${BDHASH}-install/INDEX-OLD	\
3144	    ${BDHASH}-install/INDEX-NEW || return 1
3145
3146	# Remove system immutable flag from files
3147	install_unschg ${BDHASH}-install/INDEX-OLD	\
3148	    ${BDHASH}-install/INDEX-NEW || return 1
3149
3150	# Install new files, delete old files, and update linker.hints
3151	install_files ${BDHASH}-install || return 1
3152
3153	# Rearrange bits to allow the installed updates to be rolled back
3154	install_setup_rollback
3155
3156	echo " done."
3157}
3158
3159# Rearrange bits to allow the previous set of updates to be rolled back next.
3160rollback_setup_rollback () {
3161	if [ -L ${BDHASH}-rollback/rollback ]; then
3162		mv ${BDHASH}-rollback/rollback rollback-tmp
3163		rm -r ${BDHASH}-rollback/
3164		rm ${BDHASH}-rollback
3165		mv rollback-tmp ${BDHASH}-rollback
3166	else
3167		rm -r ${BDHASH}-rollback/
3168		rm ${BDHASH}-rollback
3169	fi
3170}
3171
3172# Install old files, delete new files, and update linker.hints
3173rollback_files () {
3174	# Install old shared library files which don't have the same path as
3175	# a new shared library file.
3176	grep -vE '^/boot/' $1/INDEX-NEW |
3177	    grep -E '/lib/.*\.so\.[0-9]+\|' |
3178	    cut -f 1 -d '|' |
3179	    sort > INDEX-NEW.libs.flist
3180	grep -vE '^/boot/' $1/INDEX-OLD |
3181	    grep -E '/lib/.*\.so\.[0-9]+\|' |
3182	    sort -k 1,1 -t '|' - |
3183	    join -t '|' -v 1 - INDEX-NEW.libs.flist > INDEX-OLD
3184	install_from_index INDEX-OLD || return 1
3185
3186	# Deal with files which are neither kernel nor shared library
3187	grep -vE '^/boot/' $1/INDEX-OLD |
3188	    grep -vE '/lib/.*\.so\.[0-9]+\|' > INDEX-OLD
3189	grep -vE '^/boot/' $1/INDEX-NEW |
3190	    grep -vE '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW
3191	install_from_index INDEX-OLD || return 1
3192	install_delete INDEX-NEW INDEX-OLD || return 1
3193
3194	# Install any old shared library files which we didn't install above.
3195	grep -vE '^/boot/' $1/INDEX-OLD |
3196	    grep -E '/lib/.*\.so\.[0-9]+\|' |
3197	    sort -k 1,1 -t '|' - |
3198	    join -t '|' - INDEX-NEW.libs.flist > INDEX-OLD
3199	install_from_index INDEX-OLD || return 1
3200
3201	# Delete unneeded shared library files
3202	grep -vE '^/boot/' $1/INDEX-OLD |
3203	    grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-OLD
3204	grep -vE '^/boot/' $1/INDEX-NEW |
3205	    grep -E '/lib/.*\.so\.[0-9]+\|' > INDEX-NEW
3206	install_delete INDEX-NEW INDEX-OLD || return 1
3207
3208	# Deal with kernel files
3209	grep -E '^/boot/' $1/INDEX-OLD > INDEX-OLD
3210	grep -E '^/boot/' $1/INDEX-NEW > INDEX-NEW
3211	install_from_index INDEX-OLD || return 1
3212	install_delete INDEX-NEW INDEX-OLD || return 1
3213	if [ -s INDEX-OLD -o -s INDEX-NEW ]; then
3214		kldxref -R /boot/ 2>/dev/null
3215	fi
3216
3217	# Remove temporary files
3218	rm INDEX-OLD INDEX-NEW INDEX-NEW.libs.flist
3219}
3220
3221# Actually rollback updates
3222rollback_run () {
3223	echo -n "Uninstalling updates..."
3224
3225	# If there are updates waiting to be installed, remove them; we
3226	# want the user to re-run 'fetch' after rolling back updates.
3227	if [ -L ${BDHASH}-install ]; then
3228		rm -r ${BDHASH}-install/
3229		rm ${BDHASH}-install
3230	fi
3231
3232	# Make sure we have all the files we should have
3233	install_verify ${BDHASH}-rollback/INDEX-NEW	\
3234	    ${BDHASH}-rollback/INDEX-OLD || return 1
3235
3236	# Remove system immutable flag from files
3237	install_unschg ${BDHASH}-rollback/INDEX-NEW	\
3238	    ${BDHASH}-rollback/INDEX-OLD || return 1
3239
3240	# Install old files, delete new files, and update linker.hints
3241	rollback_files ${BDHASH}-rollback || return 1
3242
3243	# Remove the rollback directory and the symlink pointing to it; and
3244	# rearrange bits to allow the previous set of updates to be rolled
3245	# back next.
3246	rollback_setup_rollback
3247
3248	echo " done."
3249}
3250
3251# Compare INDEX-ALL and INDEX-PRESENT and print warnings about differences.
3252IDS_compare () {
3253	# Get all the lines which mismatch in something other than file
3254	# flags.  We ignore file flags because sysinstall doesn't seem to
3255	# set them when it installs FreeBSD; warning about these adds a
3256	# very large amount of noise.
3257	cut -f 1-5,7-8 -d '|' $1 > $1.noflags
3258	sort -k 1,1 -t '|' $1.noflags > $1.sorted
3259	cut -f 1-5,7-8 -d '|' $2 |
3260	    comm -13 $1.noflags - |
3261	    fgrep -v '|-|||||' |
3262	    sort -k 1,1 -t '|' |
3263	    join -t '|' $1.sorted - > INDEX-NOTMATCHING
3264
3265	# Ignore files which match IDSIGNOREPATHS.
3266	for X in ${IDSIGNOREPATHS}; do
3267		grep -E "^${X}" INDEX-NOTMATCHING
3268	done |
3269	    sort -u |
3270	    comm -13 - INDEX-NOTMATCHING > INDEX-NOTMATCHING.tmp
3271	mv INDEX-NOTMATCHING.tmp INDEX-NOTMATCHING
3272
3273	# Go through the lines and print warnings.
3274	local IFS='|'
3275	while read FPATH TYPE OWNER GROUP PERM HASH LINK P_TYPE P_OWNER P_GROUP P_PERM P_HASH P_LINK; do
3276		# Warn about different object types.
3277		if ! [ "${TYPE}" = "${P_TYPE}" ]; then
3278			echo -n "${FPATH} is a "
3279			case "${P_TYPE}" in
3280			f)	echo -n "regular file, "
3281				;;
3282			d)	echo -n "directory, "
3283				;;
3284			L)	echo -n "symlink, "
3285				;;
3286			esac
3287			echo -n "but should be a "
3288			case "${TYPE}" in
3289			f)	echo -n "regular file."
3290				;;
3291			d)	echo -n "directory."
3292				;;
3293			L)	echo -n "symlink."
3294				;;
3295			esac
3296			echo
3297
3298			# Skip other tests, since they don't make sense if
3299			# we're comparing different object types.
3300			continue
3301		fi
3302
3303		# Warn about different owners.
3304		if ! [ "${OWNER}" = "${P_OWNER}" ]; then
3305			echo -n "${FPATH} is owned by user id ${P_OWNER}, "
3306			echo "but should be owned by user id ${OWNER}."
3307		fi
3308
3309		# Warn about different groups.
3310		if ! [ "${GROUP}" = "${P_GROUP}" ]; then
3311			echo -n "${FPATH} is owned by group id ${P_GROUP}, "
3312			echo "but should be owned by group id ${GROUP}."
3313		fi
3314
3315		# Warn about different permissions.  We do not warn about
3316		# different permissions on symlinks, since some archivers
3317		# don't extract symlink permissions correctly and they are
3318		# ignored anyway.
3319		if ! [ "${PERM}" = "${P_PERM}" ] &&
3320		    ! [ "${TYPE}" = "L" ]; then
3321			echo -n "${FPATH} has ${P_PERM} permissions, "
3322			echo "but should have ${PERM} permissions."
3323		fi
3324
3325		# Warn about different file hashes / symlink destinations.
3326		if ! [ "${HASH}" = "${P_HASH}" ]; then
3327			if [ "${TYPE}" = "L" ]; then
3328				echo -n "${FPATH} is a symlink to ${P_HASH}, "
3329				echo "but should be a symlink to ${HASH}."
3330			fi
3331			if [ "${TYPE}" = "f" ]; then
3332				echo -n "${FPATH} has SHA256 hash ${P_HASH}, "
3333				echo "but should have SHA256 hash ${HASH}."
3334			fi
3335		fi
3336
3337		# We don't warn about different hard links, since some
3338		# some archivers break hard links, and as long as the
3339		# underlying data is correct they really don't matter.
3340	done < INDEX-NOTMATCHING
3341
3342	# Clean up
3343	rm $1 $1.noflags $1.sorted $2 INDEX-NOTMATCHING
3344}
3345
3346# Do the work involved in comparing the system to a "known good" index
3347IDS_run () {
3348	workdir_init || return 1
3349
3350	# Prepare the mirror list.
3351	fetch_pick_server_init && fetch_pick_server
3352
3353	# Try to fetch the public key until we run out of servers.
3354	while ! fetch_key; do
3355		fetch_pick_server || return 1
3356	done
3357
3358	# Try to fetch the metadata index signature ("tag") until we run
3359	# out of available servers; and sanity check the downloaded tag.
3360	while ! fetch_tag; do
3361		fetch_pick_server || return 1
3362	done
3363	fetch_tagsanity || return 1
3364
3365	# Fetch INDEX-OLD and INDEX-ALL.
3366	fetch_metadata INDEX-OLD INDEX-ALL || return 1
3367
3368	# Generate filtered INDEX-OLD and INDEX-ALL files containing only
3369	# the components we want and without anything marked as "Ignore".
3370	fetch_filter_metadata INDEX-OLD || return 1
3371	fetch_filter_metadata INDEX-ALL || return 1
3372
3373	# Merge the INDEX-OLD and INDEX-ALL files into INDEX-ALL.
3374	sort INDEX-OLD INDEX-ALL > INDEX-ALL.tmp
3375	mv INDEX-ALL.tmp INDEX-ALL
3376	rm INDEX-OLD
3377
3378	# Translate /boot/${KERNCONF} to ${KERNELDIR}
3379	fetch_filter_kernel_names INDEX-ALL ${KERNCONF}
3380
3381	# Inspect the system and generate an INDEX-PRESENT file.
3382	fetch_inspect_system INDEX-ALL INDEX-PRESENT /dev/null || return 1
3383
3384	# Compare INDEX-ALL and INDEX-PRESENT and print warnings about any
3385	# differences.
3386	IDS_compare INDEX-ALL INDEX-PRESENT
3387}
3388
3389#### Main functions -- call parameter-handling and core functions
3390
3391# Using the command line, configuration file, and defaults,
3392# set all the parameters which are needed later.
3393get_params () {
3394	init_params
3395	parse_cmdline $@
3396	parse_conffile
3397	default_params
3398}
3399
3400# Fetch command.  Make sure that we're being called
3401# interactively, then run fetch_check_params and fetch_run
3402cmd_fetch () {
3403	finalize_components_config ${COMPONENTS}
3404	if [ ! -t 0 -a $NOTTYOK -eq 0 ]; then
3405		echo -n "`basename $0` fetch should not "
3406		echo "be run non-interactively."
3407		echo "Run `basename $0` cron instead."
3408		exit 1
3409	fi
3410	fetch_check_params
3411	fetch_run || exit 1
3412	ISFETCHED=1
3413}
3414
3415# Cron command.  Make sure the parameters are sensible; wait
3416# rand(3600) seconds; then fetch updates.  While fetching updates,
3417# send output to a temporary file; only print that file if the
3418# fetching failed.
3419cmd_cron () {
3420	fetch_check_params
3421	sleep `jot -r 1 0 3600`
3422
3423	TMPFILE=`mktemp /tmp/freebsd-update.XXXXXX` || exit 1
3424	finalize_components_config ${COMPONENTS} >> ${TMPFILE}
3425	if ! fetch_run >> ${TMPFILE} ||
3426	    ! grep -q "No updates needed" ${TMPFILE} ||
3427	    [ ${VERBOSELEVEL} = "debug" ]; then
3428		mail -s "`hostname` security updates" ${MAILTO} < ${TMPFILE}
3429	fi
3430
3431	rm ${TMPFILE}
3432}
3433
3434# Fetch files for upgrading to a new release.
3435cmd_upgrade () {
3436	finalize_components_config ${COMPONENTS}
3437	upgrade_check_params
3438	upgrade_run || exit 1
3439}
3440
3441# Check if there are fetched updates ready to install.
3442# Chdir into the working directory.
3443cmd_updatesready () {
3444	finalize_components_config ${COMPONENTS}
3445	# Check if working directory exists (if not, no updates pending)
3446	if ! [ -e "${WORKDIR}" ]; then
3447		echo "No updates are available to install."
3448		exit 2
3449	fi
3450
3451	# Change into working directory (fail if no permission/directory etc.)
3452	cd ${WORKDIR} || exit 1
3453
3454	# Construct a unique name from ${BASEDIR}
3455	BDHASH=`echo ${BASEDIR} | sha256 -q`
3456
3457	# Check that we have updates ready to install
3458	if ! [ -L ${BDHASH}-install ]; then
3459		echo "No updates are available to install."
3460		exit 2
3461	fi
3462
3463	echo "There are updates available to install."
3464	echo "Run '$0 install' to proceed."
3465}
3466
3467# Install downloaded updates.
3468cmd_install () {
3469	finalize_components_config ${COMPONENTS}
3470	install_check_params
3471	install_create_be
3472	install_run || exit 1
3473}
3474
3475# Rollback most recently installed updates.
3476cmd_rollback () {
3477	finalize_components_config ${COMPONENTS}
3478	rollback_check_params
3479	rollback_run || exit 1
3480}
3481
3482# Compare system against a "known good" index.
3483cmd_IDS () {
3484	finalize_components_config ${COMPONENTS}
3485	IDS_check_params
3486	IDS_run || exit 1
3487}
3488
3489# Output configuration.
3490cmd_showconfig () {
3491	finalize_components_config ${COMPONENTS}
3492	for X in ${CONFIGOPTIONS}; do
3493		echo $X=$(eval echo \$${X})
3494	done
3495}
3496
3497#### Entry point
3498
3499# Make sure we find utilities from the base system
3500export PATH=/sbin:/bin:/usr/sbin:/usr/bin:${PATH}
3501
3502# Set a pager if the user doesn't
3503if [ -z "$PAGER" ]; then
3504	PAGER=/usr/bin/less
3505fi
3506
3507# Set LC_ALL in order to avoid problems with character ranges like [A-Z].
3508export LC_ALL=C
3509
3510# Clear environment variables that may affect operation of tools that we use.
3511unset GREP_OPTIONS
3512
3513get_params $@
3514for COMMAND in ${COMMANDS}; do
3515	cmd_${COMMAND}
3516done
3517