Installed Packages Notification
-
Seeing I don't live inside my firewall and only login maybe once a week, I noticed that pfSense has a Notifications section in System > Advanced > Notifications. Is it possible to setup Notifications when an installed package needs to be updated? Maybe receive an email that states what package needs to be updated? Just an idea. Thank you.
-
Yep.
Example :
Install the pfSense cron package.
Place this file (pkg_check.php) in the /root/ folder :
<?php require_once("pkg-utils.inc"); require_once("notices.inc"); require_once("util.inc"); $msg = null; $pmsg = null; $p = 0; // log_error("Starting update check"); // pfSense base system check $system_version = get_system_pkg_version(false, false); if ($system_version === false) { printf("%s\n", 'Unable to check for updates'); log_error("Unable to check for updates, exiting"); exit; } if (!is_array($system_version) || !isset($system_version['version']) || !isset($system_version['installed_version'])) { printf("%s\n", 'Error in version information'); log_error("Error in version information, exiting"); exit; } switch ($system_version['pkg_version_compare']) { case '<': printf("%s%s%s\n", "pfSense version ", $system_version['version'], " is available"); $msg = "An update to pfSense version " . $system_version['version'] . " is available\n\n"; break; case '=': printf("%s%s%s\n", "pfSense version ", $system_version['version'], " (installed) is current"); break; case '>': printf("%s%s%s\n", "pfSense version ", $system_version['installed_version'], " is NEWER than the latest available version ", $system_version['version']); $msg = "pfSense version " . $system_version['version'] . " is available (downgrade)\n\n"; break; default: printf("%s\n", 'Error comparing installed with latest version available'); log_error("Error comparing installed with latest version available"); break; } // package check $package_list = get_pkg_info('all', true, true); $installed_packages = array_filter($package_list, function($v) { return (isset($v['installed']) && isset($v['name'])); }); if (empty($installed_packages)) { printf("%s\n", 'No packages installed'); log_error("No packages installed, exiting"); exit; } foreach ($installed_packages as $pkg) { if (isset($pkg['installed_version']) && isset($pkg['version'])) { //printf("%s%s%s\n", $pkg['shortname'], ': ', $pkg['installed_version']); $version_compare = pkg_version_compare($pkg['installed_version'], $pkg['version']); if ($version_compare != '=') { $p++; $pmsg .= "\n".$pkg['shortname'].': '.$pkg['installed_version'].' ==> '.$pkg['version']; if ($version_compare == '>') { $pmsg .= ' (downgrade)'; } printf("%s%s%s%s%s\n", $pkg['shortname'], ': ', $pkg['installed_version'], ' ==> ', $pkg['version']); } } } if ($p > 0) { $msg = $msg . "The following updates are available and can be installed using System > Package Manager:\n" . $pmsg; } // check for updates to builtin packages exec("/usr/sbin/pkg upgrade -n | /usr/bin/sed -ne '/UPGRADED/,/^$/p'", $output, $retval); if (($retval == 0) && (count($output))) { $msg .= "\n\n" . "Some packages are part of the base system and will not show up in Package Manager. If any such updates are listed below, run `pkg upgrade` from the shell to install them:\n\n"; array_shift($output); $msg .= implode("\n", array_map('ltrim', $output)); } if (!empty($msg)) { // log_error("Updates were found - sending email"); // echo $msg; notify_via_smtp($msg); } // log_error("Update check complete"); ?>Create a cron entry like :
From now on you will receive mails like :
Notifications in this message: 1 ================================ 5:01:09 The following updates are available and can be installed using System > Package Manager: pfBlockerNG-devel: 3.0.0_1 ==> 3.0.0_2 Some packages are part of the base system and will not show up in Package Manager. If any such updates are listed below, run `pkg upgrade` from the shell to install them: pfSense-pkg-pfBlockerNG-devel: 3.0.0_1 -> 3.0.0_2 [pfSense]The frequency of the mails is determined by your cron settings.
Adapt the php script if needed.
Add salt and pepper.
Done. -
@Gertjan said in Installed Packages Notification:
pkg_check.php
Thank you from me too - very useful!
Best regards,
fireodo -
That is a very useful script that @Gertjan provided, but ALWAYS remember the cardinal rule with pfSense packages! DO NOT upgrade a package unless you are on the latest release of pfSense for the branch you are using.
For example, if you are using the production release 2.4.5 branch, then make sure your box is at the most current version of that branch (currently 2.4.5_p1) before you upgrade any packages. Failure to follow this warning can result in a broken system due to shared library interdependencies.
-
@bmeeks : very true.
Happily enough, the script, which I copied from this forum myself a few month (?) ago also notifies you when pfSense is updated itself. I'm not the author. I just made it less verbose.And, Microsoft learned us the hard way that, when a new version of something comes out, you never ever install first and think afterwards.
Right after the release date of a new pfSense version, only a test system should be updated, and checked for expected behaviour. Do not update production systems.
For a week or so, while reading all the forum posts and the blog post that comes with the update, one should wait until the dust settles.During this period : no packages does be updated, as they might use new libs and functionalities only available in the new pfSense version, not present yet.
Exceptions are possible. As long as you keep a saved config, and a spare copy of the soon to be 'old version' of pfSense nearby.
If all goes well, I just spend 200+ words to say something everybody already knows - are totally logic ;)
-
@bmeeks said in Installed Packages Notification:
That is a very useful script that @Gertjan provided, but ALWAYS remember the cardinal rule with pfSense packages! DO NOT upgrade a package unless you are on the latest release of pfSense for the branch you are using.
Oooh update to packages available, click...
I have been burned by this mistake. Had to fresh install and then restore.
Learned to always make sure my pfsense is up to date before updating packages. I think there should be a big red warning on the Installed packages tab when pfsense itself has an update available. Or better yet grey out the update buttons when pfsense has an update available. This doesn't prevent people from doing it via CLI but I personally always update via the GUI buttons. I'm guessing most users do as well. -
@Raffi_ said in Installed Packages Notification:
I think there should be a big red warning on the Installed packages tab when pfsense itself has an update available. Or better yet grey out the update buttons when pfsense has an update available. This doesn't prevent people from doing it via CLI but I personally always update via the GUI buttons. I'm guessing most users do as well.
That would make an excellent Feature Request for the pfSense Redmine Site. Here is the URL: https://redmine.pfsense.org/projects/pfsense.
-
@bmeeks said in Installed Packages Notification:
@Raffi_ said in Installed Packages Notification:
I think there should be a big red warning on the Installed packages tab when pfsense itself has an update available. Or better yet grey out the update buttons when pfsense has an update available. This doesn't prevent people from doing it via CLI but I personally always update via the GUI buttons. I'm guessing most users do as well.
That would make an excellent Feature Request for the pfSense Redmine Site. Here is the URL: https://redmine.pfsense.org/projects/pfsense.
This I subscribe too - I had that bad experience too in my "beginner" time (click before thinking
) and had to rebuild my firewall from scratch ... 
fireodo
-
@bmeeks said in Installed Packages Notification:
@Raffi_ said in Installed Packages Notification:
I think there should be a big red warning on the Installed packages tab when pfsense itself has an update available. Or better yet grey out the update buttons when pfsense has an update available. This doesn't prevent people from doing it via CLI but I personally always update via the GUI buttons. I'm guessing most users do as well.
That would make an excellent Feature Request for the pfSense Redmine Site. Here is the URL: https://redmine.pfsense.org/projects/pfsense.
Someone beat me to it. I went in and +1ed the request. Hopefully others will too.
https://redmine.pfsense.org/issues/10464 -
Gertjan...thank you for the reply. I don't think the cron image is being displayed from the first snippet of code. Did you mean to show the cron entry for this code in an image? Thanks.
Create a cron entry like :  -
@newUser2pfSense : Corrected !
-
Gertjan...Thank you! I appreciate your time.
-
Gertjan...Just a followup to say it works. Thank you.
-
G Gertjan referenced this topic on
-
And how to modify this script so that notifications come to telegram?
And it would be nice if it reported about the appearance of an update for pfSense itself
-
@Viper_Rus said in Installed Packages Notification:
And how to modify this script so that notifications come to telegram?
And it would be nice if it reported about the appearance of an update for pfSense itself
No idea about telegram, but I can confirm this script does send a notification about updates to pfsense itself.
-
If it's sent via the included notify functions then it should appear on all configured notification methods.
-
@Viper_Rus said in Installed Packages Notification:
And how to modify this script so that notifications come to telegram?
Locate the last line in the script :
notify_via_smtp($msg);replace it with
notify_all_remote($msg)@Raffi_ said in Installed Packages Notification:
And it would be nice if it reported about the appearance of an update for pfSense itself
It does.
An update can be a core FreeBSD package, a pfSense package and also an 'OS' (= pfSense update). -
Thanks!!!!!
At the moment I have everything updated. But to check the script, I run: "/usr/local/bin/php -q /root/pkg_check.php" manually. The answer is:
"pfSense version 23.05.1 (installed) is current"This is fine? Now wait for some kind of update? :)
-
G Gertjan referenced this topic on
