Permalink
Browse files

Introduce the /libexec/freebsd-version script, which is intended to be

used by auditing tools to determine the userland patch level when it
differs from what `uname -r` reports.  This can happen when the system
is kept up-to-date using freebsd-update and the last SA did not touch
the kernel, or when a new kernel has been installed but the system has
not yet rebooted.

Approved by:	re (glebius)
  • Loading branch information...
1 parent ce42421 commit 8984ced46c19636db8da912360c2bde89cb685be @dag-erling dag-erling committed Oct 7, 2013
View
1 libexec/Makefile
@@ -8,6 +8,7 @@ SUBDIR= ${_atf} \
bootpd \
${_comsat} \
fingerd \
+ freebsd-version \
ftpd \
getty \
${_mail.local} \
View
21 libexec/freebsd-version/Makefile
@@ -0,0 +1,21 @@
+# $FreeBSD$
+
+SCRIPTS = freebsd-version
+MAN = freebsd-version.1
+BINDIR = /libexec
+CLEANFILES = freebsd-version.sh
+NEWVERS = ${.CURDIR}/../../sys/conf/newvers.sh
+
+freebsd-version.sh.in: ${NEWVERS}
+freebsd-version.sh: freebsd-version.sh.in
+ eval $$(egrep '^(TYPE|REVISION|BRANCH)=' ${NEWVERS}) ; \
+ if ! sed -e "\
+ s/@@TYPE@@/$${TYPE}/g; \
+ s/@@REVISION@@/$${REVISION}/g; \
+ s/@@BRANCH@@/$${BRANCH}/g; \
+ " ${.ALLSRC} >${.TARGET} ; then \
+ rm -f ${.TARGET} ; \
+ exit 1 ; \
+ fi
+
+.include <bsd.prog.mk>
View
124 libexec/freebsd-version/freebsd-version.1
@@ -0,0 +1,124 @@
+.\"-
+.\" Copyright (c) 2013 Dag-Erling Smørgrav
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd October 5, 2013
+.Dt FREEBSD-VERSION 1
+.Os
+.Sh NAME
+.Nm freebsd-version
+.Nd print the version and patch level of the installed system
+.Sh SYNOPSIS
+.Nm
+.Op Fl ku
+.Sh DESCRIPTION
+The
+.Nm
+utility makes a best effort to determine the version and patch level
+of the installed kernel and / or userland.
+.Pp
+The following options are available:
+.Bl -tag -width Fl
+.It Fl k
+Print the version and patch level of the installed kernel.
+Unlike
+.Xr uname 1 ,
+if a new kernel has been installed but the system has not yet
+rebooted,
+.Nm
+will print the version and patch level of the new kernel.
+.It Fl u
+Print the version and patch level of the installed userland.
+These are hardcoded into
+.Nm
+during the build.
+.El
+.Pp
+If both
+.Fl k
+and
+.Fl u
+are specified,
+.Nm
+will print the kernel version first, then the userland version, on
+separate lines.
+If neither is specified, it will print the userland version only.
+.Sh IMPLEMENTATION NOTES
+The
+.Nm
+utility should provide the correct answer in the vast majority of
+cases, including on systems kept up-to-date using
+.Xr freebsd-update 8 ,
+which does not update the kernel version unless the kernel itself was
+affected by the latest patch.
+.Pp
+To determine the name (and hence the location) of a custom kernel, the
+.Nm
+utility will attempt to parse
+.Pa /boot/defaults/loader.conf
+and
+.Pa /boot/loader.conf ,
+looking for definitions of the
+.Va kernel
+and
+.Va bootfile
+variables, both with a default value of
+.Dq kernel .
+It may however fail to locate the correct kernel if either or both of
+these variables are defined in a non-standard location, such as in
+.Pa /boot/loader.rc .
+.Sh ENVIRONMENT
+.Bl -tag -width ROOT
+.It Ev ROOT
+Path to the root of the filesystem in which to look for
+.Pa loader.conf
+and the kernel.
+.El
+.Sh EXAMPLES
+To determine the version of the currently running userland:
+.Bd -literal -offset indent
+/libexec/freebsd-version -u
+.Ed
+.Pp
+To inspect a system being repaired using a live CD:
+.Bd -literal -offset indent
+mount -rt ufs /dev/ada0p2 /mnt
+env ROOT=/mnt /mnt/libexec/freebsd-version -ku
+.Ed
+.Sh SEE ALSO
+.Xr uname 1 ,
+.Xr loader.conf 5 ,
+.Xr freebsd-version 8
+.Sh HISTORY
+The
+.Nm
+command appeared in
+.Fx 10.0 .
+.Sh AUTHORS
+The
+.Nm
+utility and this manual page were written by
+.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org .
View
126 libexec/freebsd-version/freebsd-version.sh.in
@@ -0,0 +1,126 @@
+#!/bin/sh
+#-
+# Copyright (c) 2013 Dag-Erling Smørgrav
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+set -e
+
+USERLAND_VERSION="@@REVISION@@-@@BRANCH@@"
+
+: ${ROOT:=}
+: ${LOADER_DIR:=$ROOT/boot}
+: ${LOADER_CONF_FILES:=$LOADER_DIR/defaults/loader.conf $LOADER_DIR/loader.conf $LOADER_DIR/loader.conf.local}
+LOADER_RE1='^\([A-Z_a-z][0-9A-Z_a-z]*=[-./0-9A-Z_a-z]\{1,\}\).*$'
+LOADER_RE2='^\([A-Z_a-z][0-9A-Z_a-z]*="[-./0-9A-Z_a-z]\{1,\}"\).*$'
+KERNEL_RE='^@(#)@@TYPE@@ \([-.0-9A-Za-z]\{1,\}\) .*$'
+
+progname=$(basename $0)
+
+#
+# Print an error message and exit.
+#
+error() {
+ echo "$progname: $*" >&2
+ exit 1
+}
+
+#
+# Try to get the name of the installed kernel from loader.conf and
+# return the full path. If loader.conf does not exist or we could not
+# read it, return the path to the default kernel.
+#
+kernel_file() {
+ eval $(sed -n "s/$LOADER_RE1/\\1;/p; s/$LOADER_RE2/\\1;/p" \
+ $LOADER_CONF_FILES 2>/dev/null)
+ echo "$LOADER_DIR/${kernel:-kernel}/${bootfile:-kernel}"
+}
+
+#
+# Extract the kernel version from the installed kernel.
+#
+kernel_version() {
+ kernfile=$(kernel_file)
+ if [ ! -f "$kernfile" -o ! -r "$kernfile" ] ; then
+ error "unable to locate kernel"
+ fi
+ strings "$kernfile" | sed -n "s/$KERNEL_RE/\\1/p"
+}
+
+#
+# Print the hardcoded userland version.
+#
+userland_version() {
+ echo $USERLAND_VERSION
+}
+
+#
+# Print a usage string and exit.
+#
+usage() {
+ echo "usage: $progname [-ku]\n" >&2
+ exit 1
+}
+
+#
+# Main program.
+#
+main() {
+ # parse command-line arguments
+ while getopts "ku" option ; do
+ case $option in
+ k)
+ opt_k=1
+ ;;
+ u)
+ opt_u=1
+ ;;
+ *)
+ usage
+ ;;
+ esac
+ done
+ if [ $OPTIND -le $# ] ; then
+ usage
+ fi
+
+ # default is -u
+ if [ $((opt_k + opt_u)) -eq 0 ] ; then
+ opt_u=1
+ fi
+
+ # print kernel version
+ if [ $opt_k ] ; then
+ kernel_version
+ fi
+
+ # print userland version
+ if [ $opt_u ] ; then
+ userland_version
+ fi
+}
+
+main "$@"

0 comments on commit 8984ced

Please sign in to comment.