FIX: %s belongs in parameters: only, never in command:

johnwbyrd · johnwbyrd · commit 54e93d2287ac · 2026-05-17T20:47:41.000-07:00
Root cause of "Bootstrap netboot.xyz does nothing" (and the silent
fetch_url failures): configd's base.py::_cmd_builder substitutes %s in
the action's parameters: template, then returns command + " " +
parameters. If command: ALSO has %s, that %s is concatenated literally
and shows up as an extra argv element to the script. Our bootstrap
action had:

  command:/usr/local/opnsense/scripts/netboot/bootstrap.sh %s
  parameters:%s

so configctl netboot bootstrap netboot_xyz ran:

  bootstrap.sh %s 'netboot_xyz'

$1 was the literal string '%s', which doesn't match the case statement
(netboot_xyz | ipxe), so the script fell through to the unknown-preset
arm, echoed an error to stderr, and exited 64. configd's script_output
captures only stdout and returns empty on non-zero exit. Hence the
GUI's "produced no output" path firing every time.

How we caught it: the new diag endpoint showed direct-exec of
bootstrap.sh from PHP produced 375 bytes of correct stdout AND
downloaded both binaries, while the configd probe of the same script
returned 0 bytes in 84ms. The 84ms was the giveaway -- a 1.5 MB
download can't finish that fast; the script was completing instantly
because it was bailing out on argv mismatch.

Fix: drop %s from the command: line in both [bootstrap] and [fetch_url].
Add a sharp comment at the top of the actions block explaining the
rule so it doesn't recur.

The [bootstrap_netboot_xyz] alias was already correct (no %s anywhere)
and worked fine via direct exec, but went through the same broken
flow because it called the same script through configd. With this fix
it works too.
diff --git a/src/opnsense/service/conf/actions.d/actions_netboot.conf b/src/opnsense/service/conf/actions.d/actions_netboot.conf
@@ -82,8 +82,18 @@ parameters:
 type:script_output
 message:ensuring netboot runtime user and directories
 
+# IMPORTANT: %s belongs ONLY in `parameters:`, NEVER in `command:`. configd's
+# base.py::_cmd_builder substitutes the user-supplied arguments into the
+# `parameters:` template and then returns `command + " " + parameters`. If
+# command also has %s, that %s is passed verbatim as an extra argv element
+# to the script -- which then mis-parses its real positional args. Symptom:
+# script falls through to the unknown-preset branch, prints an error to
+# stderr, exits non-zero, configd's script_output captures empty stdout
+# and returns 0 bytes. Hours of "Bootstrap does nothing" went into finding
+# this. See base.py:_cmd_builder upstream.
+
 [fetch_url]
-command:/usr/local/opnsense/scripts/netboot/fetch_url.sh %s %s
+command:/usr/local/opnsense/scripts/netboot/fetch_url.sh
 parameters:%s %s
 type:script_output
 message:fetching url to netboot content root
@@ -94,7 +104,7 @@ message:fetching url to netboot content root
 # / etc. The script validates the preset name and refuses unknown values,
 # so this is safe to expose.
 [bootstrap]
-command:/usr/local/opnsense/scripts/netboot/bootstrap.sh %s
+command:/usr/local/opnsense/scripts/netboot/bootstrap.sh
 parameters:%s
 type:script_output
 message:fetching iPXE bootstrap binaries (BIOS + UEFI) for the selected preset
