From ca5663324d5a95390ad17c7a9eec384c2130b73e Mon Sep 17 00:00:00 2001 From: Jared Hendrickson Date: Fri, 13 Oct 2023 18:38:52 -0600 Subject: [PATCH 1/7] fix: use pkg-static for internal pkg commands --- .../files/etc/inc/saml2_auth/SAML2Auth.inc | 6 +++--- .../files/usr/local/share/pfSense-pkg-saml2-auth/manage.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/SAML2Auth.inc b/pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/SAML2Auth.inc index 5e267d1..e555696 100644 --- a/pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/SAML2Auth.inc +++ b/pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/SAML2Auth.inc @@ -177,7 +177,7 @@ class SAML2Auth { public static function get_pkg_version() { # Pull the raw pkg info for the SAML2 auth package into an array for each line - $pkg_info = explode(PHP_EOL, shell_exec("pkg info pfSense-pkg-saml2-auth")); + $pkg_info = explode(PHP_EOL, shell_exec("pkg-static info pfSense-pkg-saml2-auth")); # Loop through each line and check the version foreach ($pkg_info as $pkg_line) { @@ -327,8 +327,8 @@ class SAML2Auth { $this->backup_config(); # Remove the existing package and add the new one, then og the results - exec("pkg delete -y pfSense-pkg-saml2-auth", $del_cmd_out, $del_cmd_rc); - exec("pkg add ".$url, $add_cmd_out, $add_cmd_rc); + exec("pkg-static delete -y pfSense-pkg-saml2-auth", $del_cmd_out, $del_cmd_rc); + exec("pkg-static add ".$url, $add_cmd_out, $add_cmd_rc); $this->__log(implode("\n", $del_cmd_out), $console); $this->__log(implode("\n", $add_cmd_out), $console); diff --git a/pfSense-pkg-saml2-auth/files/usr/local/share/pfSense-pkg-saml2-auth/manage.php b/pfSense-pkg-saml2-auth/files/usr/local/share/pfSense-pkg-saml2-auth/manage.php index 492a960..61c8e25 100644 --- a/pfSense-pkg-saml2-auth/files/usr/local/share/pfSense-pkg-saml2-auth/manage.php +++ b/pfSense-pkg-saml2-auth/files/usr/local/share/pfSense-pkg-saml2-auth/manage.php @@ -5,7 +5,7 @@ # Display the current version of pfSense and pfSense-pkg-saml2-auth function version() { # Local variables - $pkg_info = shell_exec("pkg info pfSense-pkg-saml2-auth").PHP_EOL; + $pkg_info = shell_exec("pkg-static info pfSense-pkg-saml2-auth").PHP_EOL; $pkg_info = explode(PHP_EOL, $pkg_info); $pf_ver_line = [str_replace(PHP_EOL, "", "pfSense Version: ".SAML2Auth::get_pfsense_version(true))]; array_splice($pkg_info, 3, 0, $pf_ver_line); From 030c6f1f1cb8efab53973a44b2b95e44fef4c135 Mon Sep 17 00:00:00 2001 From: Jared Hendrickson Date: Fri, 13 Oct 2023 18:42:08 -0600 Subject: [PATCH 2/7] fix: do not make build architecture specific This prevents the pkg add command from failing when installing on a different FreeBSD version than the package was built on. It does not mean all pfSense versions are supported --- tools/templates/Makefile.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/templates/Makefile.j2 b/tools/templates/Makefile.j2 index a8d8eda..12fdb18 100644 --- a/tools/templates/Makefile.j2 +++ b/tools/templates/Makefile.j2 @@ -12,6 +12,7 @@ COMMENT=pfSense SAML2 Authentication package LICENSE=APACHE20 NO_BUILD=yes NO_MTREE=yes +NO_ARCH=yes SUB_FILES=pkg-install pkg-deinstall SUB_LIST=PORTNAME=${PORTNAME} From eefb963d599b9a8bdde809fc5a8638dadc9f71d7 Mon Sep 17 00:00:00 2001 From: Jared Hendrickson Date: Fri, 13 Oct 2023 19:06:21 -0600 Subject: [PATCH 3/7] build: updated make_package.py and integrated release workflow --- .github/workflows/release.yml | 43 +++++++++++++++++++++++++++++++++++ tools/make_package.py | 36 +++++++++++++++++++---------- 2 files changed, 67 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..88ec9bc --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,43 @@ +name: Release + +on: + push: + tags: + - "v*.*.*" + +concurrency: build + +jobs: + build: + runs-on: self-hosted + + strategy: + matrix: + include: + - freebsd_version: FreeBSD-14.0-CURRENT + pfsense_version: 2.7 + + steps: + - uses: actions/checkout@v3 + - name: Setup FreeBSD build VM + run: | + /usr/local/bin/VBoxManage controlvm ${{ matrix.freebsd_version }} poweroff || true + /usr/local/bin/VBoxManage snapshot ${{ matrix.freebsd_version }} restore initial + /usr/local/bin/VBoxManage startvm ${{ matrix.freebsd_version }} --type headless + sleep 5 + + - name: Build pfSense-pkg-saml2-auth on FreeBSD + run: | + /usr/bin/ssh -o StrictHostKeyChecking=no ${{ matrix.freebsd_version }}.jaredhendrickson.com 'sudo pkill ntpd || true && sudo ntpdate pool.ntp.org || true' + /usr/local/bin/python3 tools/make_package.py --host ${{ matrix.freebsd_version }}.jaredhendrickson.com --branch ${{ github.sha }} --tag ${{ github.ref_name }} --filename pfSense-${{ matrix.pfsense_version }}-pkg-saml2-auth.pkg + + - name: Teardown FreeBSD build VM + if: "${{ always() }}" + run: | + /usr/local/bin/VBoxManage controlvm ${{ matrix.freebsd_version }} poweroff || true + /usr/local/bin/VBoxManage snapshot ${{matrix.freebsd_version}} restore initial + + - name: Release + uses: softprops/action-gh-release@v1 + with: + files: pfSense-${{ matrix.pfsense_version }}-pkg-saml2-auth.pkg diff --git a/tools/make_package.py b/tools/make_package.py index fe4b32a..046bfe8 100644 --- a/tools/make_package.py +++ b/tools/make_package.py @@ -24,9 +24,6 @@ import jinja2 -# Constants -PKG_NAME = "pfSense-pkg-saml2-auth" - class MakePackage: """Class that groups together variables and methods required to build the pfSense-pkg-saml2-auth FreeBSD package.""" def __init__(self): @@ -51,7 +48,7 @@ def generate_makefile(self): # Set filepath and file variables root_dir = pathlib.Path(__file__).absolute().parent.parent - pkg_dir = root_dir.joinpath(f"{PKG_NAME}") + pkg_dir = root_dir.joinpath("pfSense-pkg-saml2-auth") template_dir = root_dir.joinpath("tools").joinpath("templates") files_dir = pkg_dir.joinpath("files") file_paths = {"dir": [], "file": [], "port_version": self.port_version, "port_revision": self.port_revision} @@ -110,7 +107,7 @@ def build_on_remote_host(self): "git -C ~/build/pfsense-saml2-auth checkout " + self.args.branch, "composer install --working-dir ~/build/pfsense-saml2-auth", "rm -rf ~/build/pfsense-saml2-auth/vendor/composer && rm ~/build/pfsense-saml2-auth/vendor/autoload.php", - f"cp -r ~/build/pfsense-saml2-auth/vendor/* ~/build/pfsense-saml2-auth/{PKG_NAME}/files/etc/inc/", + "cp -r ~/build/pfsense-saml2-auth/vendor/* ~/build/pfsense-saml2-auth/pfSense-pkg-saml2-auth/files/etc/inc/", f"python3 ~/build/pfsense-saml2-auth/tools/make_package.py --tag {self.args.tag}" ] @@ -121,26 +118,33 @@ def build_on_remote_host(self): sys.exit(1) # Retrieve the built package - src = "{u}@{h}:~/build/pfsense-saml2-auth/{n}/work/pkg/{n}-{v}{r}.pkg" + src = "{u}@{h}:~/build/pfsense-saml2-auth/pfSense-pkg-saml2-auth/work/pkg/pfSense-pkg-saml2-auth-{v}{r}.pkg" src = src.format( u=self.args.username, h=self.args.host, v=self.port_version, - n=PKG_NAME, r="_" + self.port_revision if self.port_revision != "0" else "" ) - self.run_scp_cmd(src, ".") + self.run_scp_cmd(src, f"{self.args.filename}") def __start_argparse__(self): # Custom tag type for argparse def tag(value_string): - if "." in value_string and "_" in value_string: - return value_string + if "." not in value_string: + raise ValueError(f"{value_string} is not a semantic version tag") + + # Remove the leading 'v' if present + if value_string.startswith("v"): + value_string = value_string[1:] + + # Convert the patch section to be prefixed with _ if it is prefixed with . + if len(value_string.split(".")) == 3: + value_string = value_string[::-1].replace(".", "_", 1)[::-1] - raise argparse.ArgumentTypeError(f"{value_string} is not a semantic version tag") + return value_string parser = argparse.ArgumentParser( - description="Build the pfSense SAML2 auth on FreeBSD" + description="Build the pfSense SAML2 Auth package on FreeBSD" ) parser.add_argument( '--host', '-i', @@ -170,6 +174,14 @@ def tag(value_string): required=True, help="The version tag to use when building." ) + parser.add_argument( + '--filename', '-f', + dest="filename", + type=str, + default=".", + required=False, + help="The filename to use for the package file." + ) self.args = parser.parse_args() try: From 32f80a3b95f31871e3b21f80ab33a3be8173c9d2 Mon Sep 17 00:00:00 2001 From: Jared Hendrickson Date: Fri, 13 Oct 2023 19:09:50 -0600 Subject: [PATCH 4/7] fix: escape variable values passed into exec and shell_exec --- pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/SAML2Auth.inc | 2 +- .../files/usr/local/www/saml2_auth/update/index.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/SAML2Auth.inc b/pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/SAML2Auth.inc index e555696..5f9895a 100644 --- a/pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/SAML2Auth.inc +++ b/pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/SAML2Auth.inc @@ -328,7 +328,7 @@ class SAML2Auth { # Remove the existing package and add the new one, then og the results exec("pkg-static delete -y pfSense-pkg-saml2-auth", $del_cmd_out, $del_cmd_rc); - exec("pkg-static add ".$url, $add_cmd_out, $add_cmd_rc); + exec("pkg-static add ".escapeshellarg($url), $add_cmd_out, $add_cmd_rc); $this->__log(implode("\n", $del_cmd_out), $console); $this->__log(implode("\n", $add_cmd_out), $console); diff --git a/pfSense-pkg-saml2-auth/files/usr/local/www/saml2_auth/update/index.php b/pfSense-pkg-saml2-auth/files/usr/local/www/saml2_auth/update/index.php index ef4a5dc..1617bcc 100644 --- a/pfSense-pkg-saml2-auth/files/usr/local/www/saml2_auth/update/index.php +++ b/pfSense-pkg-saml2-auth/files/usr/local/www/saml2_auth/update/index.php @@ -38,7 +38,7 @@ # On POST, start the update process if ($_POST["confirm"] and !empty($_POST["version"])) { # Start the update process in the background and print notice - shell_exec("nohup pfsense-saml2 update ".$_POST["version"]." > /dev/null &"); + shell_exec("nohup pfsense-saml2 update ".escapeshellarg($_POST["version"])." > /dev/null &"); print_apply_result_box(0, "\nSAML2 package update process has started and is running in the background. Check back in a few minutes."); } From 78db62468c596189f78c347cf46928917997b7fa Mon Sep 17 00:00:00 2001 From: Jared Hendrickson Date: Fri, 13 Oct 2023 19:13:09 -0600 Subject: [PATCH 5/7] fix: fixed version comparisons when checking for available updates --- .../files/etc/inc/saml2_auth/SAML2Auth.inc | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/SAML2Auth.inc b/pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/SAML2Auth.inc index 5f9895a..34ee40f 100644 --- a/pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/SAML2Auth.inc +++ b/pfSense-pkg-saml2-auth/files/etc/inc/saml2_auth/SAML2Auth.inc @@ -211,9 +211,7 @@ class SAML2Auth { public static function is_update_available() { # Check if the current version is less than the latest version - $curr_ver_num = intval(str_replace(".", "", self::get_pkg_version())); - $latest_ver_num = intval(str_replace(".", "", self::get_latest_pkg_version())); - return $curr_ver_num < $latest_ver_num; + return version_compare(self::get_pkg_version(), self::get_latest_pkg_version(), operator: "<"); } public static function is_pkg_supported() { @@ -339,6 +337,4 @@ class SAML2Auth { return false; } } - - } From 2eebfff54245590ba9e05f1311fbd4dd56e28dda Mon Sep 17 00:00:00 2001 From: Jared Hendrickson Date: Fri, 13 Oct 2023 19:15:14 -0600 Subject: [PATCH 6/7] ci: only lint on php 8.2 --- .github/workflows/phplint.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/phplint.yml b/.github/workflows/phplint.yml index 0ab591c..83ab940 100644 --- a/.github/workflows/phplint.yml +++ b/.github/workflows/phplint.yml @@ -6,13 +6,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: Lint on PHP 7.2 + - name: Lint on PHP 8.2 uses: firehed/lint-php-action@v1 with: file-extensions: 'php, inc' - php-version: "7.2" - - name: Lint on PHP 8.1 - uses: firehed/lint-php-action@v1 - with: - file-extensions: 'php, inc' - php-version: "8.1" \ No newline at end of file + php-version: "8.2" From 5b87a78f6dfadc55514705291b07d57d13c71844 Mon Sep 17 00:00:00 2001 From: Jared Hendrickson Date: Fri, 13 Oct 2023 19:21:23 -0600 Subject: [PATCH 7/7] style: fixed line too longer lint error in make_package.py --- tools/make_package.py | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/tools/make_package.py b/tools/make_package.py index 046bfe8..bc4d70c 100644 --- a/tools/make_package.py +++ b/tools/make_package.py @@ -23,6 +23,9 @@ import sys import jinja2 +REPO_OWNER = "jaredhendrickson13" +REPO_NAME = "pfsense-saml2-auth" + class MakePackage: """Class that groups together variables and methods required to build the pfSense-pkg-saml2-auth FreeBSD package.""" @@ -102,13 +105,13 @@ def build_on_remote_host(self): # Automate the process to pull, install dependencies, build and retrieve the package on a remote host build_cmds = [ "mkdir -p ~/build/", - "rm -rf ~/build/pfsense-saml2-auth", - "git clone https://github.com/jaredhendrickson13/pfsense-saml2-auth.git ~/build/pfsense-saml2-auth/", - "git -C ~/build/pfsense-saml2-auth checkout " + self.args.branch, - "composer install --working-dir ~/build/pfsense-saml2-auth", - "rm -rf ~/build/pfsense-saml2-auth/vendor/composer && rm ~/build/pfsense-saml2-auth/vendor/autoload.php", - "cp -r ~/build/pfsense-saml2-auth/vendor/* ~/build/pfsense-saml2-auth/pfSense-pkg-saml2-auth/files/etc/inc/", - f"python3 ~/build/pfsense-saml2-auth/tools/make_package.py --tag {self.args.tag}" + f"rm -rf ~/build/{REPO_NAME}", + f"git clone https://github.com/{REPO_OWNER}/{REPO_NAME}.git ~/build/{REPO_NAME}/", + f"git -C ~/build/{REPO_NAME} checkout " + self.args.branch, + f"composer install --working-dir ~/build/{REPO_NAME}", + f"rm -rf ~/build/{REPO_NAME}/vendor/composer && rm ~/build/{REPO_NAME}/vendor/autoload.php", + f"cp -r ~/build/{REPO_NAME}/vendor/* ~/build/{REPO_NAME}/pfSense-pkg-saml2-auth/files/etc/inc/", + f"python3 ~/build/{REPO_NAME}/tools/make_package.py --tag {self.args.tag}" ] # Run each command and exit on bad status if failure @@ -118,9 +121,10 @@ def build_on_remote_host(self): sys.exit(1) # Retrieve the built package - src = "{u}@{h}:~/build/pfsense-saml2-auth/pfSense-pkg-saml2-auth/work/pkg/pfSense-pkg-saml2-auth-{v}{r}.pkg" + src = "{u}@{h}:~/build/{rn}/pfSense-pkg-saml2-auth/work/pkg/pfSense-pkg-saml2-auth-{v}{r}.pkg" src = src.format( u=self.args.username, + rn=REPO_NAME, h=self.args.host, v=self.port_version, r="_" + self.port_revision if self.port_revision != "0" else ""