Best way to keep my SG-1100 up to date?

yannb

I've looked around I swear!

Is there a thread I should subscribe to in order to get notified of new releases? Some RSS feed? A newsletter?

Now that I got everything working, I'm not going to be logging in all that often, but I want to make sure I don't miss security updates etc.

What the best way to stay updated? Thanks!!!

akuma1x

I’m pretty sure the Netgate newsletter announces when there are OS updates. Otherwise, you can come check the forum a couple times a month. To be honest, there aren’t that many system updates per year.

Gertjan

@yannb said in Best way to keep my SG-1100 up to date?:

Some RSS feed?

Login to your pfSense dashboard. Activate the RSS widget.

Or visit the Netgate blog ones in a while.

Or visit this forum ones in a while. The number of "announcements" is just daunting.
The forum is a great place to learn what to d with your SG, and what not to do with it.

Or install the cron package and add this :

The script is :

<?php

  require_once("pkg-utils.inc");
  require_once("notices.inc");
  require_once("util.inc");

  $msg = null;
  $pmsg = null;
  $p = 0;

  log_error("Starting update check");

  // pfSense base system check
  $system_version = get_system_pkg_version(false, false);
  if ($system_version === false) {
    printf("%s\n", 'Unable to check for updates');
    log_error("Unable to check for updates, exiting");
    exit;
  }

  if (!is_array($system_version) ||
    !isset($system_version['version']) ||
    !isset($system_version['installed_version'])) {
    printf("%s\n", 'Error in version information');
    log_error("Error in version information, exiting");
    exit;
  }

  switch ($system_version['pkg_version_compare']) {
    case '<':
      //printf("%s%s%s\n", "pfSense version ", $system_version['version'], " is available");
      $msg = "An update to pfSense version " . $system_version['version'] . " is available\n\n";
      break;
    case '=':
      //printf("%s%s%s\n", "pfSense version ", $system_version['version'], " (installed) is current");
      break;
    case '>':
      printf("%s%s%s\n", "pfSense version ", $system_version['installed_version'], " is NEWER than the latest available version ", $system_version['version']);
      $msg = "pfSense version " . $system_version['version'] . " is available (downgrade)\n\n";
      break;
    default:
      printf("%s\n", 'Error comparing installed with latest version available');
      log_error("Error comparing installed with latest version available");
      break;
  }

  // package check
  $package_list = get_pkg_info('all', true, true);
  $installed_packages = array_filter($package_list, function($v) {
    return (isset($v['installed']) && isset($v['name']));
  });

  if (empty($installed_packages)) {
    printf("%s\n", 'No packages installed');
    log_error("No packages installed, exiting");
    exit;
  }

  foreach ($installed_packages as $pkg) {
    if (isset($pkg['installed_version']) && isset($pkg['version'])) {
      //printf("%s%s%s\n", $pkg['shortname'], ': ', $pkg['installed_version']);
      $version_compare = pkg_version_compare($pkg['installed_version'], $pkg['version']);
      if ($version_compare != '=') {
        $p++;
        $pmsg .= "\n".$pkg['shortname'].': '.$pkg['installed_version'].' ==> '.$pkg['version'];
        if ($version_compare == '>') {
          $pmsg .= ' (downgrade)';
        }
        printf("%s%s%s%s%s\n", $pkg['shortname'], ': ', $pkg['installed_version'], ' ==> ', $pkg['version']);
      }
    }
  }

  if ($p > 0) {
    $msg = $msg . "The following updates are available and can be installed using System > Package Manager:\n" . $pmsg;
  }

  // check for updates to builtin packages
  exec("/usr/sbin/pkg upgrade -n | /usr/bin/sed -ne '/UPGRADED/,/^$/p'", $output, $retval);
  if (($retval == 0) && (count($output))) {
    $msg .= "\n\n" . "Some packages are part of the base system and will not show up in Package Manager. If any such updates are listed below, run `pkg upgrade` from the shell to install them:\n\n";
    array_shift($output);
    $msg .= implode("\n", array_map('ltrim', $output));
  }

  if (!empty($msg)) {
    log_error("Updates were found - sending email");
    echo $msg;
    notify_via_smtp($msg);
  }

  log_error("Update check complete");

?>

The script will also warn you when pfSense packages and other used FreeBSD packages are available.

SteveITS

I don't have one to look at, but don't the LEDs indicate an update is available like on the 3100? I want to say slow blue blink is normal and an orange blink means an update is available.

yannb

@Gertjan Perfect! Thank you! :)

akuma1x

@teamits You're right, details are here:

https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/io-ports.html#top-side

Jeff

yannb

@akuma1x oh… Cool! I read that at the very beginning but totally forgot about it. My router is hidden in a closet, so RSS is probably still the best for me, but that's definitely good to know!!

Thanks!

johnpoz

@Gertjan that cron would be a nice package so people could install if they want.. Or really would be nice addition to just built in features..

I'm on my pfsense pretty much every day ;) Screenshots for helping users, etc. So not something I need to setup ;) But yeah I could see that being very handy for many users... Maybe then we wouldn't get so many users coming here with running some version that has been EOL for like 2 years ;)

SteveITS

@Gertjan If it's going to email about package updates you might add text to remind people to update pfSense before updating any packages. (I know you know this but those new to pfSense might not). Otherwise the implication is "these packages are updateable, go update them."

Gertjan

The script shown above, I found it some time ago on this forum. I just pasted it here back in again.
And yes, if the mail sub system has been set up, you'll receive a mail with the results.

@teamits : true.
The script, as it auto explains, also lists FreeBSD 11. (current) packages which can be installed right away (manually !)
pfSense packages should be upgraded using the "pfSense manual" specifications.
What should be mentioned is that, if one chooses to not upgrade pfSense, one should say good bye to the usage of packages all together - and support, for that matter.
These people would be experts, anyway, to make such a decision. So, they are 'aware'.

Btw : the cron entry isn't really needed. The php script can be run by hand whenever you want.

@johnpoz : A package ? It's just one file ;)

johnpoz

@Gertjan said in Best way to keep my SG-1100 up to date?:

t's just one file ;)

But you would also have to setup the cron job, etc. Just saying it would make it easier for the users if they just clicked install ;)

Gertjan

I received this mail this morning :

Notifications in this message: 1
================================

23:01:07 The following updates are available and can be installed using System >
Package Manager:

acme: 0.6.8_1 ==> 0.6.8_2
pfBlockerNG-devel: 2.2.5_33 ==> 2.2.5_34

Some packages are part of the base system and will not show up in Package Manager.
If any such updates are listed below, run `pkg upgrade` from the shell to install
them:

pfSense-pkg-acme: 0.6.8_1 -> 0.6.8_2 [pfSense]
pfSense-pkg-pfBlockerNG-devel: 2.2.5_33 -> 2.2.5_34 [pfSense]

Not entirely correct because the "base package" pfSense-pkg-acme: 0.6.8_2 is part of the pfSense package "acme 0.6.8_2". When pfSense package "acme 0.6.8_2", the underlying "pfSense-pkg-acme: 0.6.8_2" will get installed.
Idem for pfSense-pkg-pfBlockerNG-devel: 2.2.5_34

provels

@yannb
This works.
https://forum.netgate.com/topic/137707/auto-update-check-checks-for-updates-to-base-system-packages-and-sends-email-alerts

Gertjan

That's where I copied pasted it from ;)