System Patches package version 2.2.5

SteveITS

@jimp "Fix per-log settings for file size and retenation count not being respected"

*retention

Love the patches package.

JonathanLee

I was able to do a pkg update and install a new patch update for certificates issues. I was wondering if anyone else has this yet as it did not show up as a full update form package manage as of 8/7/23

Bob.Dig

@JonathanLee Here it was.

Gertjan

@JonathanLee said in System Patches package version 2.2.5:

I was wondering if anyone else has this yet

Can't miss it.

If a package gets available, I'll get a Phone popup right away :

Notifications in this message: 1
================================
07:01:06 The following updates are available and can be installed using System > Package Manager:

System_Patches: 2.2.5 ==> 2.2.6

Some packages are part of the base system and will not show up in Package Manager. If any such updates are listed below, run `pkg upgrade` from the shell to install them:

pfSense-pkg-System_Patches: 2.2.5 -> 2.2.6 [pfSense]

edit : Even non-pfSense-GUI packages, the classic FreeBSD packages for pfSense get notified this way.

Bob.Dig

@Gertjan said in System Patches package version 2.2.5:

If a package gets available, I'll get a Phone popup right away :

Interesting, this is not in the pfSense-GUI.

Gertjan

@Bob-Dig said in System Patches package version 2.2.5:

this is not in the pfSense-GUI.

Well ... it is.

This list :

is updates ones in while - several times a day.
But you have to visit the GUI to be aware of it.

There is a small shell (PHP) script somewhere in this part of the forum that executes 'when ever you want' (cron task) that mails you if there are candidates...

Bob.Dig

@Gertjan said in System Patches package version 2.2.5:

There is a small shell (PHP) script somewhere in this part of the forum that executes 'when ever you want' (cron task) that mails you if there are candidates...

That is the part I meant.

Gertjan

@Bob-Dig

Here :

<?php

  require_once("pkg-utils.inc");
  require_once("notices.inc");
  require_once("util.inc");

  $msg = null;
  $pmsg = null;
  $p = 0;

  // log_error("Starting update check");
  //echo "test";
  // pfSense base system check
  $system_version = get_system_pkg_version(false, true);
  if ($system_version === false) {
    printf("%s\n", 'Unable to check for updates');
    log_error("Unable to check for updates, exiting");
    exit;
  }

  if (!is_array($system_version) ||
    !isset($system_version['version']) ||
    !isset($system_version['installed_version'])) {
    printf("%s\n", 'Error in version information');
    log_error("Error in version information, exiting");
    exit;
  }

  switch ($system_version['pkg_version_compare']) {
    case '<':
      printf("%s%s%s\n", "pfSense version ", $system_version['version'], " is available");
      $msg = "An update to pfSense version " . $system_version['version'] . " is available\n\n";
      break;
    case '=':
      printf("%s%s%s\n", "pfSense version ", $system_version['version'], " (installed) is current");
      break;
    case '>':
      printf("%s%s%s\n", "pfSense version ", $system_version['installed_version'], " is NEWER than the latest available version ", $system_version['version']);
      $msg = "pfSense version " . $system_version['version'] . " is available (downgrade)\n\n";
      break;
    default:
      printf("%s\n", 'Error comparing installed with latest version available');
      log_error("Error comparing installed with latest version available");
      break;
  }

  // package check
  $package_list = get_pkg_info('all', true, true);
  $installed_packages = array_filter($package_list, function($v) {
    return (isset($v['installed']) && isset($v['name']));
  });

  if (empty($installed_packages)) {
    printf("%s\n", 'No packages installed');
    log_error("No packages installed, exiting");
    exit;
  }

  foreach ($installed_packages as $pkg) {
    if (isset($pkg['installed_version']) && isset($pkg['version'])) {
      //printf("%s%s%s\n", $pkg['shortname'], ': ', $pkg['installed_version']);
      $version_compare = pkg_version_compare($pkg['installed_version'], $pkg['version']);
      if ($version_compare != '=') {
        $p++;
        $pmsg .= "\n".$pkg['shortname'].': '.$pkg['installed_version'].' ==> '.$pkg['version'];
        if ($version_compare == '>') {
          $pmsg .= ' (downgrade)';
        }
        printf("%s%s%s%s%s\n", $pkg['shortname'], ': ', $pkg['installed_version'], ' ==> ', $pkg['version']);
      }
    }
  }

  if ($p > 0) {
    $msg = $msg . "The following updates are available and can be installed using System > Package Manager:\n" . $pmsg;
  }

  // check for updates to builtin packages
  exec("/usr/sbin/pkg upgrade -n | /usr/bin/sed -ne '/UPGRADED/,/^$/p'", $output, $retval);
  if (($retval == 0) && (count($output))) {
    $msg .= "\n\n" . "Some packages are part of the base system and will not show up in Package Manager. If any such updates are listed below, run `pkg upgrade` from the shell to install them:\n\n";
    array_shift($output);
    $msg .= implode("\n", array_map('ltrim', $output));
  }

  if (!empty($msg)) {
    log_error("Updates were found - sending email");
    echo $msg;
    notify_via_smtp($msg);
  }

//  log_error("Update check complete");

call it / chmod it :

-rwxr-xr-x  1 root  wheel  3325 Jan 20  2023 /root/pkg_check.php

Cron it :

About the last line in the scrip :

notify_via_smtp($msg);

That's because my notify system has been set up using smtp. Nothing else.

Type :

cat /etc/inc/notices.inc

and look at the end.
Pick whatever you prefer, or go "all out" with

notify_all_remote($msg)

DBMandrake

@jimp Does the patch for (Redmine #14545) also include the fix in the patch for (Redmine #14517) given that the two patches conflict and can't be applied at the same time ? Or do we have to choose one or the other ?

jimp

@JonathanLee said in System Patches package version 2.2.5:

I was able to do a pkg update and install a new patch update for certificates issues. I was wondering if anyone else has this yet as it did not show up as a full update form package manage as of 8/7/23

It shows up as a package update for me here. I checked Plus amd64 and arm instances of 23.05.1, and CE instance of 2.7.0, and they all show it:

EDIT: It's also worth noting that if you are running dev snapshots (Plus 23.09, CE 2.8.0) then the patches are unnecessary as they are a part of the dev builds, so they will come in when they get built overnight. No recommended patches entries will show for those versions either since they already have all the latest code.

jimp

@DBMandrake said in System Patches package version 2.2.5:

@jimp Does the patch for (Redmine #14545) also include the fix in the patch for (Redmine #14517) given that the two patches conflict and can't be applied at the same time ? Or do we have to choose one or the other ?

They do not conflict, one depends on the other.

Since they depend on each other, you have to apply them in the correct order (top down) or revert them in the correct order (bottom up) which is why they are placed how they are in the list.

jimp

Any further questions about the change in 2.2.6 should go over in the new thread:

https://forum.netgate.com/topic/182725/system-patches-package-version-2-2-6