pfSense auto-update check

pkg_check.php

<?php

  require_once("pkg-utils.inc");
  require_once("notices.inc");
  require_once("util.inc");

  $msg = null;
  $pmsg = null;
  $p = 0;

  log_error("Starting update check");

  // pfSense base system check
  $system_version = get_system_pkg_version(false, false);
  if ($system_version === false) {
    printf("%s\n", 'Unable to check for updates');
    log_error("Unable to check for updates, exiting");
    exit;
  }

  if (!is_array($system_version) ||
    !isset($system_version['version']) ||
    !isset($system_version['installed_version'])) {
    printf("%s\n", 'Error in version information');
    log_error("Error in version information, exiting");
    exit;
  }

  switch ($system_version['pkg_version_compare']) {
    case '<':
      //printf("%s%s%s\n", "pfSense version ", $system_version['version'], " is available");
      $msg = "An update to pfSense version " . $system_version['version'] . " is available\n\n";
      break;
    case '=':
      //printf("%s%s%s\n", "pfSense version ", $system_version['version'], " (installed) is current");
      break;
    case '>':
      printf("%s%s%s\n", "pfSense version ", $system_version['installed_version'], " is NEWER than the latest available version ", $system_version['version']);
      $msg = "pfSense version " . $system_version['version'] . " is available (downgrade)\n\n";
      break;
    default:
      printf("%s\n", 'Error comparing installed with latest version available');
      log_error("Error comparing installed with latest version available");
      break;
  }

  // package check
  $package_list = get_pkg_info('all', true, true);
  $installed_packages = array_filter($package_list, function($v) {
    return (isset($v['installed']) && isset($v['name']));
  });

  if (empty($installed_packages)) {
    printf("%s\n", 'No packages installed');
    log_error("No packages installed, exiting");
    exit;
  }

  foreach ($installed_packages as $pkg) {
    if (isset($pkg['installed_version']) && isset($pkg['version'])) {
      //printf("%s%s%s\n", $pkg['shortname'], ': ', $pkg['installed_version']);
      $version_compare = pkg_version_compare($pkg['installed_version'], $pkg['version']);
      if ($version_compare != '=') {
        $p++;
        $pmsg .= "\n".$pkg['shortname'].': '.$pkg['installed_version'].' ==> '.$pkg['version'];
        if ($version_compare == '>') {
          $pmsg .= ' (downgrade)';
        }
        printf("%s%s%s%s%s\n", $pkg['shortname'], ': ', $pkg['installed_version'], ' ==> ', $pkg['version']);
      }
    }
  }

  if ($p > 0) {
    $msg = $msg . "The following updates are available and can be installed using System > Package Manager:\n" . $pmsg;
  }

  // check for updates to builtin packages
  exec("/usr/sbin/pkg upgrade -n | /usr/bin/sed -ne '/UPGRADED/,/^$/p'", $output, $retval);
  if (($retval == 0) && (count($output))) {
    $msg .= "\n\n" . "Some packages are part of the base system and will not show up in Package Manager. If any such updates are listed below, run `pkg upgrade` from the shell to install them:\n\n";
    array_shift($output);
    $msg .= implode("\n", array_map('ltrim', $output));
  }

  if (!empty($msg)) {
    log_error("Updates were found - sending email");
    notify_via_smtp($msg);
    // to send alerts to ALL configured targets (email, Pushover, Slack etc) use the line below instead:
    // notify_all_remote($msg);
  }

  log_error("Update check complete");

?>

forum post:
https://forum.netgate.com/topic/137707/auto-update-check-checks-for-updates-to-base-system-packages-and-sends-email-alerts

To send to all configured alert targets, change line 88 above to notify_all_remote($msg); as noted. Thanks @pyrodex

@luckman212 Do I need only that gist (apart a cron job)? No dependencies? Are all functions, like notify_via_smtp and notify_via_pushover built-in?

@luckman212 Do I need only that gist (apart a cron job)? No dependencies? Are all functions, like notify_via_smtp and notify_via_pushover built-in?

If you use the new line i mentioned any configured pfSense notification method will work together. For example I have SMTP and Slack, with that notify_all_remote I get email and slacks at the same time.

@juliomaranhao Correct, there are no other dependencies. Just copy the script to your /root folder and add the cronjob.

Does the script still work even with the PHP changes in 23.01?

Yes it does.

I have been having trouble with package installation in 23.01
It looks like Bad Request errors are being returned from the netgate URLs

Would you be able to describe the steps to copy this script in pfSense under the /root folder? Can it be done via GUI or only in shell via SSH? Thanks much!

@MarinSNB Yes you can use the GUI if you aren't comfortable with SSH.

Go to Diagnostics -> Edit File. Then type /root/pkg_check.php in the "Path to file" field and click "Save" to create it.

Then you can copy the raw script and paste the contents into the editor and Save again. After that, set up your cronjob and you should be up and running.

Thank you for this! How do I make this file executable? Do I have to chmod in it somewhere on that screen or is done automatically when you save?

Also, how do you check for status of this in the shell or
Command section? I read somewhere in the Netgate forums to run this command:

php -q /root/pkg_check.php

but that didn’t yield any output.

I am running 23.01 version in my Netgate 6100 max.

Thanks again!!

You don't need to make the script executable since you're running it with php -q

Try using the full path to php:

/usr/local/bin/php ...

Check your system logs for any messages from the script, e.g. you should see Starting update check etc. Make sure you've configured SMTP notifications as well...

Perfect! Yes, the emails are coming now from the cron jobs! Thanks so much!