Custom Update server

73agordon

I did point it to my server and it says it could not open it. I over 100 unites to update so it is easer to point to a server and have other techs run updates when they login.

podilarius

It is looking for a vile named "version" in http://updates.pfsense.org/_updaters/. This file simply contains "2.0.1-RELEASE". If this is newer than the version installed it downloads http://updates.pfsense.org/_updaters/latest.tgz and http://updates.pfsense.org/_updaters/latest.tgz.sha256. I am guessing that it compares the sha256 checksum later. I am guessing that if you have these 3 files in a designated web location, you can auto apply your own custom images.

73agordon

When you say "2.0.1-RELEASE do you mean the acutal firmware or a file with that name or what? Also I am asuming that latest.tgz is the latest release of the firmware.

marcelloc

Not sure but it maybe checks if version file mismatch installed version file, then repo has a newer version.

Superman

Interesting! Just yesterday I searched for a way to do this. I ended up reading through the /usr/local/www/system_firmware_check.php file to figure out what was going on. Basically I came up with the same answers as "podilarius" posted!

I ended up creating a short, mostly high level document of my findings. Here it is should it prove helpful to someone! I didn't get too fancy on the web server side of things, but I think the official update server has file listings disabled for this directories, or something like that. One could do the same to mimic that!

pfSense Updates Server

Requirements
1\. Web Server
2\. Latest update image files & checksum hash files. Rename to latest.tgz & latest.tgz. <hash>3\. Text file named “version” containing version name

“version” file example contents (between “---” sections):
---
2.0.1-RELEASE

---

Directory & file structure:

.../_updaters
|
|- version
|- latest.tgz
|- latest.tgz.sha256

.../_updaters/amd64
|
|- version
|- latest.tgz
|- latest.tgz.sha256

Change update URL (System > Firmware > Updater Settings) on the target system to:

http://<ip_address |="" dns_name="">/.../_updaters
	or
http://<ip_address |="" dns_name="">/.../_updaters/amd64

Where “...” is the public path to the “_updaters” directory</ip_address></ip_address></hash> 

CreatepfSenseUpdatesServer.txt

marcelloc

You can post your doc as a creating a local update server at doc.pfsense.org.

It will be helpfull  :)

73agordon

thanks for the replay. Ill have to give that a try.

jimp

There is a smidge more to it than that…

/usr/local/www/updates/_updaters$ find . | sort
.
./amd64
./amd64/latest-nanobsd-1g.img.gz
./amd64/latest-nanobsd-1g.img.gz.md5
./amd64/latest-nanobsd-1g.img.gz.sha256
./amd64/latest-nanobsd-2g.img.gz
./amd64/latest-nanobsd-2g.img.gz.md5
./amd64/latest-nanobsd-2g.img.gz.sha256
./amd64/latest-nanobsd-4g.img.gz
./amd64/latest-nanobsd-4g.img.gz.md5
./amd64/latest-nanobsd-4g.img.gz.sha256
./amd64/latest-nanobsd-512mb.img.gz
./amd64/latest-nanobsd-512mb.img.gz.md5
./amd64/latest-nanobsd-512mb.img.gz.sha256
./amd64/latest-nanobsd-vga-1g.img.gz
./amd64/latest-nanobsd-vga-1g.img.gz.md5
./amd64/latest-nanobsd-vga-1g.img.gz.sha256
./amd64/latest-nanobsd-vga-2g.img.gz
./amd64/latest-nanobsd-vga-2g.img.gz.md5
./amd64/latest-nanobsd-vga-2g.img.gz.sha256
./amd64/latest-nanobsd-vga-4g.img.gz
./amd64/latest-nanobsd-vga-4g.img.gz.md5
./amd64/latest-nanobsd-vga-4g.img.gz.sha256
./amd64/latest-nanobsd-vga-512mb.img.gz
./amd64/latest-nanobsd-vga-512mb.img.gz.md5
./amd64/latest-nanobsd-vga-512mb.img.gz.sha256
./amd64/latest.tgz
./amd64/latest.tgz.md5
./amd64/latest.tgz.sha256
./amd64/version
./amd64/version-nanobsd-1g
./amd64/version-nanobsd-2g
./amd64/version-nanobsd-4g
./amd64/version-nanobsd-512mb
./amd64/version-nanobsd-vga-1g
./amd64/version-nanobsd-vga-2g
./amd64/version-nanobsd-vga-4g
./amd64/version-nanobsd-vga-512mb
./latest-nanobsd-1g.img.gz
./latest-nanobsd-1g.img.gz.md5
./latest-nanobsd-1g.img.gz.sha256
./latest-nanobsd-2g.img.gz
./latest-nanobsd-2g.img.gz.md5
./latest-nanobsd-2g.img.gz.sha256
./latest-nanobsd-4g.img.gz
./latest-nanobsd-4g.img.gz.md5
./latest-nanobsd-4g.img.gz.sha256
./latest-nanobsd-512mb.img.gz
./latest-nanobsd-512mb.img.gz.md5
./latest-nanobsd-512mb.img.gz.sha256
./latest-nanobsd-vga-1g.img.gz
./latest-nanobsd-vga-1g.img.gz.md5
./latest-nanobsd-vga-1g.img.gz.sha256
./latest-nanobsd-vga-2g.img.gz
./latest-nanobsd-vga-2g.img.gz.md5
./latest-nanobsd-vga-2g.img.gz.sha256
./latest-nanobsd-vga-4g.img.gz
./latest-nanobsd-vga-4g.img.gz.md5
./latest-nanobsd-vga-4g.img.gz.sha256
./latest-nanobsd-vga-512mb.img.gz
./latest-nanobsd-vga-512mb.img.gz.md5
./latest-nanobsd-vga-512mb.img.gz.sha256
./latest.tgz
./latest.tgz.md5
./latest.tgz.sha256
./version
./version-nanobsd-1g
./version-nanobsd-2g
./version-nanobsd-4g
./version-nanobsd-512mb
./version-nanobsd-vga-1g
./version-nanobsd-vga-2g
./version-nanobsd-vga-4g
./version-nanobsd-vga-512mb

(Though I don't think the md5's are used in the code anymore)

Superman

@jimp:

There is a smidge more to it than that…

/usr/local/www/updates/_updaters$ find . | sort
.
./amd64
./amd64/latest-nanobsd-1g.img.gz
./amd64/latest-nanobsd-1g.img.gz.md5
./amd64/latest-nanobsd-1g.img.gz.sha256
./amd64/latest-nanobsd-2g.img.gz
./amd64/latest-nanobsd-2g.img.gz.md5
./amd64/latest-nanobsd-2g.img.gz.sha256
./amd64/latest-nanobsd-4g.img.gz
./amd64/latest-nanobsd-4g.img.gz.md5
./amd64/latest-nanobsd-4g.img.gz.sha256
./amd64/latest-nanobsd-512mb.img.gz
./amd64/latest-nanobsd-512mb.img.gz.md5
./amd64/latest-nanobsd-512mb.img.gz.sha256
./amd64/latest-nanobsd-vga-1g.img.gz
./amd64/latest-nanobsd-vga-1g.img.gz.md5
./amd64/latest-nanobsd-vga-1g.img.gz.sha256
./amd64/latest-nanobsd-vga-2g.img.gz
./amd64/latest-nanobsd-vga-2g.img.gz.md5
./amd64/latest-nanobsd-vga-2g.img.gz.sha256
./amd64/latest-nanobsd-vga-4g.img.gz
./amd64/latest-nanobsd-vga-4g.img.gz.md5
./amd64/latest-nanobsd-vga-4g.img.gz.sha256
./amd64/latest-nanobsd-vga-512mb.img.gz
./amd64/latest-nanobsd-vga-512mb.img.gz.md5
./amd64/latest-nanobsd-vga-512mb.img.gz.sha256
./amd64/latest.tgz
./amd64/latest.tgz.md5
./amd64/latest.tgz.sha256
./amd64/version
./amd64/version-nanobsd-1g
./amd64/version-nanobsd-2g
./amd64/version-nanobsd-4g
./amd64/version-nanobsd-512mb
./amd64/version-nanobsd-vga-1g
./amd64/version-nanobsd-vga-2g
./amd64/version-nanobsd-vga-4g
./amd64/version-nanobsd-vga-512mb
./latest-nanobsd-1g.img.gz
./latest-nanobsd-1g.img.gz.md5
./latest-nanobsd-1g.img.gz.sha256
./latest-nanobsd-2g.img.gz
./latest-nanobsd-2g.img.gz.md5
./latest-nanobsd-2g.img.gz.sha256
./latest-nanobsd-4g.img.gz
./latest-nanobsd-4g.img.gz.md5
./latest-nanobsd-4g.img.gz.sha256
./latest-nanobsd-512mb.img.gz
./latest-nanobsd-512mb.img.gz.md5
./latest-nanobsd-512mb.img.gz.sha256
./latest-nanobsd-vga-1g.img.gz
./latest-nanobsd-vga-1g.img.gz.md5
./latest-nanobsd-vga-1g.img.gz.sha256
./latest-nanobsd-vga-2g.img.gz
./latest-nanobsd-vga-2g.img.gz.md5
./latest-nanobsd-vga-2g.img.gz.sha256
./latest-nanobsd-vga-4g.img.gz
./latest-nanobsd-vga-4g.img.gz.md5
./latest-nanobsd-vga-4g.img.gz.sha256
./latest-nanobsd-vga-512mb.img.gz
./latest-nanobsd-vga-512mb.img.gz.md5
./latest-nanobsd-vga-512mb.img.gz.sha256
./latest.tgz
./latest.tgz.md5
./latest.tgz.sha256
./version
./version-nanobsd-1g
./version-nanobsd-2g
./version-nanobsd-4g
./version-nanobsd-512mb
./version-nanobsd-vga-1g
./version-nanobsd-vga-2g
./version-nanobsd-vga-4g
./version-nanobsd-vga-512mb

(Though I don't think the md5's are used in the code anymore)

Ah, yes, I was a little selfish in just listing the files I actually needed! Excellent to have the insider insight! Thanks a million!

I agree, in looking at that one php file anyway, it seems to only use the sha256 hashes now, however I did leave the md5's on my system too!

I would be cool if we could setup 1 machine as an update server that would make periodic checks on the official update server and download a repository (hopefully with rsync) when there are updates. Then all the rest of our internal machines could sync with that machine, saving bandwidth and traffic to the official machine and from our networks!  8)

Thanks for the insight and input!

Jason

;D

73agordon

Thanks to all for the input. It was a big help.