Introduce the /libexec/freebsd-version script, which is intended to be

used by auditing tools to determine the userland patch level when it
differs from what `uname -r` reports.  This can happen when the system
is kept up-to-date using freebsd-update and the last SA did not touch
the kernel, or when a new kernel has been installed but the system has
not yet rebooted.

Approved by:	re (glebius)

libexec/Makefile

@@ -8,6 +8,7 @@ SUBDIR=	${_atf} \
 	bootpd \
 	${_comsat} \
 	fingerd \
+	freebsd-version \
 	ftpd \
 	getty \
 	${_mail.local} \

libexec/freebsd-version/Makefile

@@ -0,0 +1,21 @@
+# $FreeBSD$
+
+SCRIPTS = freebsd-version
+MAN = freebsd-version.1
+BINDIR = /libexec
+CLEANFILES = freebsd-version.sh
+NEWVERS = ${.CURDIR}/../../sys/conf/newvers.sh
+
+freebsd-version.sh.in: ${NEWVERS}
+freebsd-version.sh: freebsd-version.sh.in
+	eval $$(egrep '^(TYPE|REVISION|BRANCH)=' ${NEWVERS}) ; \
+	if ! sed -e "\
+			s/@@TYPE@@/$${TYPE}/g; \
+			s/@@REVISION@@/$${REVISION}/g; \
+			s/@@BRANCH@@/$${BRANCH}/g; \
+		" ${.ALLSRC} >${.TARGET} ; then \
+		rm -f ${.TARGET} ; \
+		exit 1 ; \
+	fi
+
+.include <bsd.prog.mk>

libexec/freebsd-version/freebsd-version.1

@@ -0,0 +1,124 @@
+.\"-
+.\" Copyright (c) 2013 Dag-Erling Smørgrav
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd October 5, 2013
+.Dt FREEBSD-VERSION 1
+.Os
+.Sh NAME
+.Nm freebsd-version
+.Nd print the version and patch level of the installed system
+.Sh SYNOPSIS
+.Nm
+.Op Fl ku
+.Sh DESCRIPTION
+The
+.Nm
+utility makes a best effort to determine the version and patch level
+of the installed kernel and / or userland.
+.Pp
+The following options are available:
+.Bl -tag -width Fl
+.It Fl k
+Print the version and patch level of the installed kernel.
+Unlike
+.Xr uname 1 ,
+if a new kernel has been installed but the system has not yet
+rebooted,
+.Nm
+will print the version and patch level of the new kernel.
+.It Fl u
+Print the version and patch level of the installed userland.
+These are hardcoded into
+.Nm
+during the build.
+.El
+.Pp
+If both
+.Fl k
+and
+.Fl u
+are specified,
+.Nm
+will print the kernel version first, then the userland version, on
+separate lines.
+If neither is specified, it will print the userland version only.
+.Sh IMPLEMENTATION NOTES
+The
+.Nm
+utility should provide the correct answer in the vast majority of
+cases, including on systems kept up-to-date using
+.Xr freebsd-update 8 ,
+which does not update the kernel version unless the kernel itself was
+affected by the latest patch.
+.Pp
+To determine the name (and hence the location) of a custom kernel, the
+.Nm
+utility will attempt to parse
+.Pa /boot/defaults/loader.conf
+and
+.Pa /boot/loader.conf ,
+looking for definitions of the
+.Va kernel
+and
+.Va bootfile
+variables, both with a default value of
+.Dq kernel .
+It may however fail to locate the correct kernel if either or both of
+these variables are defined in a non-standard location, such as in
+.Pa /boot/loader.rc .
+.Sh ENVIRONMENT
+.Bl -tag -width ROOT
+.It Ev ROOT
+Path to the root of the filesystem in which to look for
+.Pa loader.conf
+and the kernel.
+.El
+.Sh EXAMPLES
+To determine the version of the currently running userland:
+.Bd -literal -offset indent
+/libexec/freebsd-version -u
+.Ed
+.Pp
+To inspect a system being repaired using a live CD:
+.Bd -literal -offset indent
+mount -rt ufs /dev/ada0p2 /mnt
+env ROOT=/mnt /mnt/libexec/freebsd-version -ku
+.Ed
+.Sh SEE ALSO
+.Xr uname 1 ,
+.Xr loader.conf 5 ,
+.Xr freebsd-version 8
+.Sh HISTORY
+The
+.Nm
+command appeared in
+.Fx 10.0 .
+.Sh AUTHORS
+The
+.Nm
+utility and this manual page were written by
+.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org .

libexec/freebsd-version/freebsd-version.sh.in

@@ -0,0 +1,126 @@
+#!/bin/sh
+#-
+# Copyright (c) 2013 Dag-Erling Smørgrav
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+set -e
+
+USERLAND_VERSION="@@REVISION@@-@@BRANCH@@"
+
+: ${ROOT:=}
+: ${LOADER_DIR:=$ROOT/boot}
+: ${LOADER_CONF_FILES:=$LOADER_DIR/defaults/loader.conf $LOADER_DIR/loader.conf $LOADER_DIR/loader.conf.local}
+LOADER_RE1='^\([A-Z_a-z][0-9A-Z_a-z]*=[-./0-9A-Z_a-z]\{1,\}\).*$'
+LOADER_RE2='^\([A-Z_a-z][0-9A-Z_a-z]*="[-./0-9A-Z_a-z]\{1,\}"\).*$'
+KERNEL_RE='^@(#)@@TYPE@@ \([-.0-9A-Za-z]\{1,\}\) .*$'
+
+progname=$(basename $0)
+
+#
+# Print an error message and exit.
+#
+error() {
+	echo "$progname: $*" >&2
+	exit 1
+}
+
+#
+# Try to get the name of the installed kernel from loader.conf and
+# return the full path.  If loader.conf does not exist or we could not
+# read it, return the path to the default kernel.
+#
+kernel_file() {
+	eval $(sed -n "s/$LOADER_RE1/\\1;/p; s/$LOADER_RE2/\\1;/p" \
+	    $LOADER_CONF_FILES 2>/dev/null)
+	echo "$LOADER_DIR/${kernel:-kernel}/${bootfile:-kernel}"
+}
+
+#
+# Extract the kernel version from the installed kernel.
+#
+kernel_version() {
+	kernfile=$(kernel_file)
+	if [ ! -f "$kernfile" -o ! -r "$kernfile" ] ; then
+		error "unable to locate kernel"
+	fi
+	strings "$kernfile" | sed -n "s/$KERNEL_RE/\\1/p"
+}
+
+#
+# Print the hardcoded userland version.
+#
+userland_version() {
+	echo $USERLAND_VERSION
+}
+
+#
+# Print a usage string and exit.
+#
+usage() {
+	echo "usage: $progname [-ku]\n" >&2
+	exit 1
+}
+
+#
+# Main program.
+#
+main() {
+	# parse command-line arguments
+	while getopts "ku" option ; do
+		case $option in
+		k)
+			opt_k=1
+			;;
+		u)
+			opt_u=1
+			;;
+		*)
+			usage
+			;;
+		esac
+	done
+	if [ $OPTIND -le $# ] ; then
+		usage
+	fi
+
+	# default is -u
+	if [ $((opt_k + opt_u)) -eq 0 ] ; then
+		opt_u=1
+	fi
+
+	# print kernel version
+	if [ $opt_k ] ; then
+		kernel_version
+	fi
+
+	# print userland version
+	if [ $opt_u ] ; then
+		userland_version
+	fi
+}
+
+main "$@"