Auto update check, checks for updates to base system + packages and sends email alerts
-
@Gertjan in my mind , an official way of getting notifications of updates is/should be the required way.
-
This awesome script is only in the forums and not documented in any official capacity.
-
We shouldn’t expect admins to muck around in the filesystem
I’m glad there is a redmine. Maybe one day…..
-
-
@michmoor said in Auto update check, checks for updates to base system + packages and sends email alerts:
This awesome script is only in the forums and not documented in any official capacity.
True.
I'm feeling 'protected' as I'm pretty sure people like jimp would have posted : "don't do this" if these '80 lines' had the slightest effect on security or whatever -
@Gertjan said in Auto update check, checks for updates to base system + packages and sends email alerts:
I'm feeling 'protected' as I'm pretty sure people like jimp would have posted : "don't do this" if these '80 lines' had the slightest effect on security or whatever
I get the concern but then they should ack the redmine. Been noticing a troubling trend around unassigned/unack tickets....
-
-
-
Fantastic script, and I had no idea about Filer, so easy to setup, just copied the raw code from the gist and used 0755 permissions.
This should definitely be part of the base pfsense configuration.
-
This :
will run the script .... when ... ones ?
You still have to :
Make sure your have the pfSense Cron Package.
Add a cron task that execute the script ones every - when ever you want - per day (week ? month ? hours ?).
And of course, test it and check up with it ones in a while. -
Yes that will run it once but you shouldn't need that. The field allows Filer to run a command after it has added back a file which may be required. This script doesn't need it though. It's run by cron anyway.
-
@Gertjan Yup I setup CRON to run every night.
-
-
-
I seem to be having problems with this update checker. I first noticed today that it wasn't working at all although there were updates available for pfsense+ as well as system patches. While checking I realized that I wasn't using the latest php from github so I updated it to-
?php require_once("pkg-utils.inc"); require_once("notices.inc"); require_once("util.inc"); $msg = null; $pmsg = null; $p = 0; log_error("Starting update check"); // pfSense base system check $system_version = get_system_pkg_version(false, false); if ($system_version === false) { printf("%s\n", 'Unable to check for updates'); log_error("Unable to check for updates, exiting"); exit; } if (!is_array($system_version) || !isset($system_version['version']) || !isset($system_version['installed_version'])) { printf("%s\n", 'Error in version information'); log_error("Error in version information, exiting"); exit; } switch ($system_version['pkg_version_compare']) { case '<': //printf("%s%s%s\n", "pfSense version ", $system_version['version'], " is available"); $msg = "An update to pfSense version " . $system_version['version'] . " is available\n\n"; break; case '=': //printf("%s%s%s\n", "pfSense version ", $system_version['version'], " (installed) is current"); break; case '>': printf("%s%s%s\n", "pfSense version ", $system_version['installed_version'], " is NEWER than the latest available version ", $system_version['version']); $msg = "pfSense version " . $system_version['version'] . " is available (downgrade)\n\n"; break; default: printf("%s\n", 'Error comparing installed with latest version available'); log_error("Error comparing installed with latest version available"); break; } // package check $package_list = get_pkg_info('all', true, true); $installed_packages = array_filter($package_list, function($v) { return (isset($v['installed']) && isset($v['name'])); }); if (empty($installed_packages)) { printf("%s\n", 'No packages installed'); log_error("No packages installed, exiting"); exit; } foreach ($installed_packages as $pkg) { if (isset($pkg['installed_version']) && isset($pkg['version'])) { //printf("%s%s%s\n", $pkg['shortname'], ': ', $pkg['installed_version']); $version_compare = pkg_version_compare($pkg['installed_version'], $pkg['version']); if ($version_compare != '=') { $p++; $pmsg .= "\n".$pkg['shortname'].': '.$pkg['installed_version'].' ==> '.$pkg['version']; if ($version_compare == '>') { $pmsg .= ' (downgrade)'; } printf("%s%s%s%s%s\n", $pkg['shortname'], ': ', $pkg['installed_version'], ' ==> ', $pkg['version']); } } } if ($p > 0) { $msg = $msg . "The following updates are available and can be installed using System > Package Manager:\n" . $pmsg; } // check for updates to builtin packages exec("/usr/sbin/pkg upgrade -n | /usr/bin/sed -ne '/UPGRADED/,/^$/p'", $output, $retval); if (($retval == 0) && (count($output))) { $msg .= "\n\n" . "Some packages are part of the base system and will not show up in Package Manager. If any such updates are listed below, run `pkg upgrade` from the shell to install them:\n\n"; array_shift($output); $msg .= implode("\n", array_map('ltrim', $output)); } if (!empty($msg)) { log_error("Updates were found - sending email"); notify_via_smtp($msg); // to send alerts to ALL configured targets (email, Pushover, Slack etc) use the line below instead: // notify_all_remote($msg); } log_error("Update check complete"); ?>
This yielded a notification for updates available-
Notifications in this message: 1 ================================ 12:00:13 The following updates are available and can be installed using System > Package Manager: System_Patches: 2.2.11_15 ==> 2.2.11_16 Some packages are part of the base system and will not show up in Package Manager. If any such updates are listed below, run `pkg upgrade` from the shell to install them: pfSense-pkg-System_Patches: 2.2.11_15 -> 2.2.11_16 [pfSense]
This contains a notification for updated system patches but still nothing for the pfsense+ update.
Using this command in cron-
/usr/local/bin/php -q /root/pkg_check.php
Not sure why pfsense+ update notifications are missing???
-
@wgstarks said in Auto update check, checks for updates to base system + packages and sends email alerts:
?php
This is missing the angle bracket. It should be:
<?php
-
@wgstarks If I use your code and run the php command it just echoes the contents of the script to the shell.
The original script gets executed instead but has an escape_filter error.
Ok < was missing at the start but still get the same error.
<pre style="white-space: pre-wrap;">PHP ERROR: Type: 64, File: /home/syslog.inc, Line: 875, Message: Cannot redeclare escape_filter_regex() (previously declared in /home/util.inc:4327)</pre>
Interesting looks like it is sensitive to its run path, moving from /home to /root fixes it.
-
@chrcoluk said in Auto update check, checks for updates to base system + packages and sends email alerts:
@wgstarks
Ok < was missing at the start but still get the same error.<pre style="white-space: pre-wrap;">PHP ERROR: Type: 64, File: /home/syslog.inc, Line: 875, Message: Cannot redeclare escape_filter_regex() (previously declared in /home/util.inc:4327)</pre>
Interesting looks like it is sensitive to its run path, moving from /home to /root fixes it.
I suspect what it is sensitive to is that you have other files in /home (that should not be there). The include is searching the local directory before /etc/inc.
-
@dennypage
The actual file has the proper <?php. I likely missed it when I copy/pasted for the forum post. -
I installed the system patches updates and now if I run the command I don't get any notifications regarding any updates even though there is a pfsense+ update available.
Also don't get any errors.
-
@dennypage yeah makes sense, I use home as a work path for when I modify pfsense files before adding them as patches in the system patches area. Root path doesnt have any hence that path been ok.
-
@luckman212 said in Auto update check, checks for updates to base system + packages and sends email alerts:
I'm in the process of upgrading my systems to 23.09.1 and will update this script shortly (if it's possible) to handle the new update mechanism.
Looks like the script was never updated.️
GitHub shows the latest update was Mar 2nd, 2022 on gist. -
Yes, sorry to everyone who was waiting on that. Timing of other things just got in the way. I'm going to make another attempt at this. Hopefully it will bear fruit.