Custom Update server
-
see on this youtube video at 02:21 how to setup the update server. to http://updates.pfsense.org/_updaters/amd64 or i386
http://www.youtube.com/v/reMh_iUSs2s
-
that only shows how to point to pfsense update server. I want to setup one of my own as I have a custom firmware to upload. If you try to open the link you posted it says error 404. no such file. Is pfsense getting the file via http or is it another method. Like ssh or telnet?
-
Did you tried to point it to your server and/or list oficial update url to see how it looks for updates?
But, isn't easier to just upload the custom firmware and manual update it?
If you have skills to build a custom firmware, it will be not That hard to monitor check update to see how it works. :)
-
I did point it to my server and it says it could not open it. I over 100 unites to update so it is easer to point to a server and have other techs run updates when they login.
-
It is looking for a vile named "version" in http://updates.pfsense.org/_updaters/. This file simply contains "2.0.1-RELEASE". If this is newer than the version installed it downloads http://updates.pfsense.org/_updaters/latest.tgz and http://updates.pfsense.org/_updaters/latest.tgz.sha256. I am guessing that it compares the sha256 checksum later. I am guessing that if you have these 3 files in a designated web location, you can auto apply your own custom images.
-
When you say "2.0.1-RELEASE do you mean the acutal firmware or a file with that name or what? Also I am asuming that latest.tgz is the latest release of the firmware.
-
Not sure but it maybe checks if version file mismatch installed version file, then repo has a newer version.
-
Interesting! Just yesterday I searched for a way to do this. I ended up reading through the /usr/local/www/system_firmware_check.php file to figure out what was going on. Basically I came up with the same answers as "podilarius" posted!
I ended up creating a short, mostly high level document of my findings. Here it is should it prove helpful to someone! I didn't get too fancy on the web server side of things, but I think the official update server has file listings disabled for this directories, or something like that. One could do the same to mimic that!
pfSense Updates Server Requirements 1\. Web Server 2\. Latest update image files & checksum hash files. Rename to latest.tgz & latest.tgz. <hash>3\. Text file named “version” containing version name “version” file example contents (between “---” sections): --- 2.0.1-RELEASE --- Directory & file structure: .../_updaters | |- version |- latest.tgz |- latest.tgz.sha256 .../_updaters/amd64 | |- version |- latest.tgz |- latest.tgz.sha256 Change update URL (System > Firmware > Updater Settings) on the target system to: http://<ip_address |="" dns_name="">/.../_updaters or http://<ip_address |="" dns_name="">/.../_updaters/amd64 Where “...” is the public path to the “_updaters” directory</ip_address></ip_address></hash> -
You can post your doc as a creating a local update server at doc.pfsense.org.
It will be helpfull :)
-
thanks for the replay. Ill have to give that a try.
-
There is a smidge more to it than that…
/usr/local/www/updates/_updaters$ find . | sort . ./amd64 ./amd64/latest-nanobsd-1g.img.gz ./amd64/latest-nanobsd-1g.img.gz.md5 ./amd64/latest-nanobsd-1g.img.gz.sha256 ./amd64/latest-nanobsd-2g.img.gz ./amd64/latest-nanobsd-2g.img.gz.md5 ./amd64/latest-nanobsd-2g.img.gz.sha256 ./amd64/latest-nanobsd-4g.img.gz ./amd64/latest-nanobsd-4g.img.gz.md5 ./amd64/latest-nanobsd-4g.img.gz.sha256 ./amd64/latest-nanobsd-512mb.img.gz ./amd64/latest-nanobsd-512mb.img.gz.md5 ./amd64/latest-nanobsd-512mb.img.gz.sha256 ./amd64/latest-nanobsd-vga-1g.img.gz ./amd64/latest-nanobsd-vga-1g.img.gz.md5 ./amd64/latest-nanobsd-vga-1g.img.gz.sha256 ./amd64/latest-nanobsd-vga-2g.img.gz ./amd64/latest-nanobsd-vga-2g.img.gz.md5 ./amd64/latest-nanobsd-vga-2g.img.gz.sha256 ./amd64/latest-nanobsd-vga-4g.img.gz ./amd64/latest-nanobsd-vga-4g.img.gz.md5 ./amd64/latest-nanobsd-vga-4g.img.gz.sha256 ./amd64/latest-nanobsd-vga-512mb.img.gz ./amd64/latest-nanobsd-vga-512mb.img.gz.md5 ./amd64/latest-nanobsd-vga-512mb.img.gz.sha256 ./amd64/latest.tgz ./amd64/latest.tgz.md5 ./amd64/latest.tgz.sha256 ./amd64/version ./amd64/version-nanobsd-1g ./amd64/version-nanobsd-2g ./amd64/version-nanobsd-4g ./amd64/version-nanobsd-512mb ./amd64/version-nanobsd-vga-1g ./amd64/version-nanobsd-vga-2g ./amd64/version-nanobsd-vga-4g ./amd64/version-nanobsd-vga-512mb ./latest-nanobsd-1g.img.gz ./latest-nanobsd-1g.img.gz.md5 ./latest-nanobsd-1g.img.gz.sha256 ./latest-nanobsd-2g.img.gz ./latest-nanobsd-2g.img.gz.md5 ./latest-nanobsd-2g.img.gz.sha256 ./latest-nanobsd-4g.img.gz ./latest-nanobsd-4g.img.gz.md5 ./latest-nanobsd-4g.img.gz.sha256 ./latest-nanobsd-512mb.img.gz ./latest-nanobsd-512mb.img.gz.md5 ./latest-nanobsd-512mb.img.gz.sha256 ./latest-nanobsd-vga-1g.img.gz ./latest-nanobsd-vga-1g.img.gz.md5 ./latest-nanobsd-vga-1g.img.gz.sha256 ./latest-nanobsd-vga-2g.img.gz ./latest-nanobsd-vga-2g.img.gz.md5 ./latest-nanobsd-vga-2g.img.gz.sha256 ./latest-nanobsd-vga-4g.img.gz ./latest-nanobsd-vga-4g.img.gz.md5 ./latest-nanobsd-vga-4g.img.gz.sha256 ./latest-nanobsd-vga-512mb.img.gz ./latest-nanobsd-vga-512mb.img.gz.md5 ./latest-nanobsd-vga-512mb.img.gz.sha256 ./latest.tgz ./latest.tgz.md5 ./latest.tgz.sha256 ./version ./version-nanobsd-1g ./version-nanobsd-2g ./version-nanobsd-4g ./version-nanobsd-512mb ./version-nanobsd-vga-1g ./version-nanobsd-vga-2g ./version-nanobsd-vga-4g ./version-nanobsd-vga-512mb(Though I don't think the md5's are used in the code anymore)
-
There is a smidge more to it than that…
/usr/local/www/updates/_updaters$ find . | sort . ./amd64 ./amd64/latest-nanobsd-1g.img.gz ./amd64/latest-nanobsd-1g.img.gz.md5 ./amd64/latest-nanobsd-1g.img.gz.sha256 ./amd64/latest-nanobsd-2g.img.gz ./amd64/latest-nanobsd-2g.img.gz.md5 ./amd64/latest-nanobsd-2g.img.gz.sha256 ./amd64/latest-nanobsd-4g.img.gz ./amd64/latest-nanobsd-4g.img.gz.md5 ./amd64/latest-nanobsd-4g.img.gz.sha256 ./amd64/latest-nanobsd-512mb.img.gz ./amd64/latest-nanobsd-512mb.img.gz.md5 ./amd64/latest-nanobsd-512mb.img.gz.sha256 ./amd64/latest-nanobsd-vga-1g.img.gz ./amd64/latest-nanobsd-vga-1g.img.gz.md5 ./amd64/latest-nanobsd-vga-1g.img.gz.sha256 ./amd64/latest-nanobsd-vga-2g.img.gz ./amd64/latest-nanobsd-vga-2g.img.gz.md5 ./amd64/latest-nanobsd-vga-2g.img.gz.sha256 ./amd64/latest-nanobsd-vga-4g.img.gz ./amd64/latest-nanobsd-vga-4g.img.gz.md5 ./amd64/latest-nanobsd-vga-4g.img.gz.sha256 ./amd64/latest-nanobsd-vga-512mb.img.gz ./amd64/latest-nanobsd-vga-512mb.img.gz.md5 ./amd64/latest-nanobsd-vga-512mb.img.gz.sha256 ./amd64/latest.tgz ./amd64/latest.tgz.md5 ./amd64/latest.tgz.sha256 ./amd64/version ./amd64/version-nanobsd-1g ./amd64/version-nanobsd-2g ./amd64/version-nanobsd-4g ./amd64/version-nanobsd-512mb ./amd64/version-nanobsd-vga-1g ./amd64/version-nanobsd-vga-2g ./amd64/version-nanobsd-vga-4g ./amd64/version-nanobsd-vga-512mb ./latest-nanobsd-1g.img.gz ./latest-nanobsd-1g.img.gz.md5 ./latest-nanobsd-1g.img.gz.sha256 ./latest-nanobsd-2g.img.gz ./latest-nanobsd-2g.img.gz.md5 ./latest-nanobsd-2g.img.gz.sha256 ./latest-nanobsd-4g.img.gz ./latest-nanobsd-4g.img.gz.md5 ./latest-nanobsd-4g.img.gz.sha256 ./latest-nanobsd-512mb.img.gz ./latest-nanobsd-512mb.img.gz.md5 ./latest-nanobsd-512mb.img.gz.sha256 ./latest-nanobsd-vga-1g.img.gz ./latest-nanobsd-vga-1g.img.gz.md5 ./latest-nanobsd-vga-1g.img.gz.sha256 ./latest-nanobsd-vga-2g.img.gz ./latest-nanobsd-vga-2g.img.gz.md5 ./latest-nanobsd-vga-2g.img.gz.sha256 ./latest-nanobsd-vga-4g.img.gz ./latest-nanobsd-vga-4g.img.gz.md5 ./latest-nanobsd-vga-4g.img.gz.sha256 ./latest-nanobsd-vga-512mb.img.gz ./latest-nanobsd-vga-512mb.img.gz.md5 ./latest-nanobsd-vga-512mb.img.gz.sha256 ./latest.tgz ./latest.tgz.md5 ./latest.tgz.sha256 ./version ./version-nanobsd-1g ./version-nanobsd-2g ./version-nanobsd-4g ./version-nanobsd-512mb ./version-nanobsd-vga-1g ./version-nanobsd-vga-2g ./version-nanobsd-vga-4g ./version-nanobsd-vga-512mb(Though I don't think the md5's are used in the code anymore)
Ah, yes, I was a little selfish in just listing the files I actually needed! Excellent to have the insider insight! Thanks a million!
I agree, in looking at that one php file anyway, it seems to only use the sha256 hashes now, however I did leave the md5's on my system too!
I would be cool if we could setup 1 machine as an update server that would make periodic checks on the official update server and download a repository (hopefully with rsync) when there are updates. Then all the rest of our internal machines could sync with that machine, saving bandwidth and traffic to the official machine and from our networks! 8)
Thanks for the insight and input!
Jason
;D
-
Thanks to all for the input. It was a big help.
