diff --git a/.github/workflows/phplint.yml b/.github/workflows/phplint.yml index 0ab591c..83ab940 100644 --- a/.github/workflows/phplint.yml +++ b/.github/workflows/phplint.yml @@ -6,13 +6,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: Lint on PHP 7.2 + - name: Lint on PHP 8.2 uses: firehed/lint-php-action@v1 with: file-extensions: 'php, inc' - php-version: "7.2" - - name: Lint on PHP 8.1 - uses: firehed/lint-php-action@v1 - with: - file-extensions: 'php, inc' - php-version: "8.1" \ No newline at end of file + php-version: "8.2" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..88ec9bc --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,43 @@ +name: Release + +on: + push: + tags: + - "v*.*.*" + +concurrency: build + +jobs: + build: + runs-on: self-hosted + + strategy: + matrix: + include: + - freebsd_version: FreeBSD-14.0-CURRENT + pfsense_version: 2.7 + + steps: + - uses: actions/checkout@v3 + - name: Setup FreeBSD build VM + run: | + /usr/local/bin/VBoxManage controlvm ${{ matrix.freebsd_version }} poweroff || true + /usr/local/bin/VBoxManage snapshot ${{ matrix.freebsd_version }} restore initial + /usr/local/bin/VBoxManage startvm ${{ matrix.freebsd_version }} --type headless + sleep 5 + + - name: Build pfSense-pkg-saml2-auth on FreeBSD + run: | + /usr/bin/ssh -o StrictHostKeyChecking=no ${{ matrix.freebsd_version }}.jaredhendrickson.com 'sudo pkill ntpd || true && sudo ntpdate pool.ntp.org || true' + /usr/local/bin/python3 tools/make_package.py --host ${{ matrix.freebsd_version }}.jaredhendrickson.com --branch ${{ github.sha }} --tag ${{ github.ref_name }} --filename pfSense-${{ matrix.pfsense_version }}-pkg-saml2-auth.pkg + + - name: Teardown FreeBSD build VM + if: "${{ always() }}" + run: | + /usr/local/bin/VBoxManage controlvm ${{ matrix.freebsd_version }} poweroff || true + /usr/local/bin/VBoxManage snapshot ${{matrix.freebsd_version}} restore initial + + - name: Release + uses: softprops/action-gh-release@v1 + with: + files: pfSense-${{ matrix.pfsense_version }}-pkg-saml2-auth.pkg diff --git a/pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/SAML2Auth.inc b/pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/SAML2Auth.inc index 5e267d1..34ee40f 100644 --- a/pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/SAML2Auth.inc +++ b/pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/SAML2Auth.inc @@ -177,7 +177,7 @@ class SAML2Auth { public static function get_pkg_version() { # Pull the raw pkg info for the SAML2 auth package into an array for each line - $pkg_info = explode(PHP_EOL, shell_exec("pkg info pfSense-pkg-saml2-auth")); + $pkg_info = explode(PHP_EOL, shell_exec("pkg-static info pfSense-pkg-saml2-auth")); # Loop through each line and check the version foreach ($pkg_info as $pkg_line) { @@ -211,9 +211,7 @@ class SAML2Auth { public static function is_update_available() { # Check if the current version is less than the latest version - $curr_ver_num = intval(str_replace(".", "", self::get_pkg_version())); - $latest_ver_num = intval(str_replace(".", "", self::get_latest_pkg_version())); - return $curr_ver_num < $latest_ver_num; + return version_compare(self::get_pkg_version(), self::get_latest_pkg_version(), operator: "<"); } public static function is_pkg_supported() { @@ -327,8 +325,8 @@ class SAML2Auth { $this->backup_config(); # Remove the existing package and add the new one, then og the results - exec("pkg delete -y pfSense-pkg-saml2-auth", $del_cmd_out, $del_cmd_rc); - exec("pkg add ".$url, $add_cmd_out, $add_cmd_rc); + exec("pkg-static delete -y pfSense-pkg-saml2-auth", $del_cmd_out, $del_cmd_rc); + exec("pkg-static add ".escapeshellarg($url), $add_cmd_out, $add_cmd_rc); $this->__log(implode("\n", $del_cmd_out), $console); $this->__log(implode("\n", $add_cmd_out), $console); @@ -339,6 +337,4 @@ class SAML2Auth { return false; } } - - } diff --git a/pfSense-pkg-saml2-auth/files/usr/local/share/pfSense-pkg-saml2-auth/manage.php b/pfSense-pkg-saml2-auth/files/usr/local/share/pfSense-pkg-saml2-auth/manage.php index 492a960..61c8e25 100644 --- a/pfSense-pkg-saml2-auth/files/usr/local/share/pfSense-pkg-saml2-auth/manage.php +++ b/pfSense-pkg-saml2-auth/files/usr/local/share/pfSense-pkg-saml2-auth/manage.php @@ -5,7 +5,7 @@ # Display the current version of pfSense and pfSense-pkg-saml2-auth function version() { # Local variables - $pkg_info = shell_exec("pkg info pfSense-pkg-saml2-auth").PHP_EOL; + $pkg_info = shell_exec("pkg-static info pfSense-pkg-saml2-auth").PHP_EOL; $pkg_info = explode(PHP_EOL, $pkg_info); $pf_ver_line = [str_replace(PHP_EOL, "", "pfSense Version: ".SAML2Auth::get_pfsense_version(true))]; array_splice($pkg_info, 3, 0, $pf_ver_line); diff --git a/pfSense-pkg-saml2-auth/files/usr/local/www/saml2_auth/update/index.php b/pfSense-pkg-saml2-auth/files/usr/local/www/saml2_auth/update/index.php index ef4a5dc..1617bcc 100644 --- a/pfSense-pkg-saml2-auth/files/usr/local/www/saml2_auth/update/index.php +++ b/pfSense-pkg-saml2-auth/files/usr/local/www/saml2_auth/update/index.php @@ -38,7 +38,7 @@ # On POST, start the update process if ($_POST["confirm"] and !empty($_POST["version"])) { # Start the update process in the background and print notice - shell_exec("nohup pfsense-saml2 update ".$_POST["version"]." > /dev/null &"); + shell_exec("nohup pfsense-saml2 update ".escapeshellarg($_POST["version"])." > /dev/null &"); print_apply_result_box(0, "\nSAML2 package update process has started and is running in the background. Check back in a few minutes."); } diff --git a/tools/make_package.py b/tools/make_package.py index fe4b32a..bc4d70c 100644 --- a/tools/make_package.py +++ b/tools/make_package.py @@ -23,9 +23,9 @@ import sys import jinja2 +REPO_OWNER = "jaredhendrickson13" +REPO_NAME = "pfsense-saml2-auth" -# Constants -PKG_NAME = "pfSense-pkg-saml2-auth" class MakePackage: """Class that groups together variables and methods required to build the pfSense-pkg-saml2-auth FreeBSD package.""" @@ -51,7 +51,7 @@ def generate_makefile(self): # Set filepath and file variables root_dir = pathlib.Path(__file__).absolute().parent.parent - pkg_dir = root_dir.joinpath(f"{PKG_NAME}") + pkg_dir = root_dir.joinpath("pfSense-pkg-saml2-auth") template_dir = root_dir.joinpath("tools").joinpath("templates") files_dir = pkg_dir.joinpath("files") file_paths = {"dir": [], "file": [], "port_version": self.port_version, "port_revision": self.port_revision} @@ -105,13 +105,13 @@ def build_on_remote_host(self): # Automate the process to pull, install dependencies, build and retrieve the package on a remote host build_cmds = [ "mkdir -p ~/build/", - "rm -rf ~/build/pfsense-saml2-auth", - "git clone https://github.com/jaredhendrickson13/pfsense-saml2-auth.git ~/build/pfsense-saml2-auth/", - "git -C ~/build/pfsense-saml2-auth checkout " + self.args.branch, - "composer install --working-dir ~/build/pfsense-saml2-auth", - "rm -rf ~/build/pfsense-saml2-auth/vendor/composer && rm ~/build/pfsense-saml2-auth/vendor/autoload.php", - f"cp -r ~/build/pfsense-saml2-auth/vendor/* ~/build/pfsense-saml2-auth/{PKG_NAME}/files/etc/inc/", - f"python3 ~/build/pfsense-saml2-auth/tools/make_package.py --tag {self.args.tag}" + f"rm -rf ~/build/{REPO_NAME}", + f"git clone https://github.com/{REPO_OWNER}/{REPO_NAME}.git ~/build/{REPO_NAME}/", + f"git -C ~/build/{REPO_NAME} checkout " + self.args.branch, + f"composer install --working-dir ~/build/{REPO_NAME}", + f"rm -rf ~/build/{REPO_NAME}/vendor/composer && rm ~/build/{REPO_NAME}/vendor/autoload.php", + f"cp -r ~/build/{REPO_NAME}/vendor/* ~/build/{REPO_NAME}/pfSense-pkg-saml2-auth/files/etc/inc/", + f"python3 ~/build/{REPO_NAME}/tools/make_package.py --tag {self.args.tag}" ] # Run each command and exit on bad status if failure @@ -121,26 +121,34 @@ def build_on_remote_host(self): sys.exit(1) # Retrieve the built package - src = "{u}@{h}:~/build/pfsense-saml2-auth/{n}/work/pkg/{n}-{v}{r}.pkg" + src = "{u}@{h}:~/build/{rn}/pfSense-pkg-saml2-auth/work/pkg/pfSense-pkg-saml2-auth-{v}{r}.pkg" src = src.format( u=self.args.username, + rn=REPO_NAME, h=self.args.host, v=self.port_version, - n=PKG_NAME, r="_" + self.port_revision if self.port_revision != "0" else "" ) - self.run_scp_cmd(src, ".") + self.run_scp_cmd(src, f"{self.args.filename}") def __start_argparse__(self): # Custom tag type for argparse def tag(value_string): - if "." in value_string and "_" in value_string: - return value_string + if "." not in value_string: + raise ValueError(f"{value_string} is not a semantic version tag") - raise argparse.ArgumentTypeError(f"{value_string} is not a semantic version tag") + # Remove the leading 'v' if present + if value_string.startswith("v"): + value_string = value_string[1:] + + # Convert the patch section to be prefixed with _ if it is prefixed with . + if len(value_string.split(".")) == 3: + value_string = value_string[::-1].replace(".", "_", 1)[::-1] + + return value_string parser = argparse.ArgumentParser( - description="Build the pfSense SAML2 auth on FreeBSD" + description="Build the pfSense SAML2 Auth package on FreeBSD" ) parser.add_argument( '--host', '-i', @@ -170,6 +178,14 @@ def tag(value_string): required=True, help="The version tag to use when building." ) + parser.add_argument( + '--filename', '-f', + dest="filename", + type=str, + default=".", + required=False, + help="The filename to use for the package file." + ) self.args = parser.parse_args() try: diff --git a/tools/templates/Makefile.j2 b/tools/templates/Makefile.j2 index a8d8eda..12fdb18 100644 --- a/tools/templates/Makefile.j2 +++ b/tools/templates/Makefile.j2 @@ -12,6 +12,7 @@ COMMENT=pfSense SAML2 Authentication package LICENSE=APACHE20 NO_BUILD=yes NO_MTREE=yes +NO_ARCH=yes SUB_FILES=pkg-install pkg-deinstall SUB_LIST=PORTNAME=${PORTNAME}