[ipfire-2.x.git] / config / rootfiles / core / 175 / update.sh

#!/bin/bash
############################################################################
#                                                                          #
# This file is part of the IPFire Firewall.                                #
#                                                                          #
# IPFire is free software; you can redistribute it and/or modify           #
# it under the terms of the GNU General Public License as published by     #
# the Free Software Foundation; either version 3 of the License, or        #
# (at your option) any later version.                                      #
#                                                                          #
# IPFire is distributed in the hope that it will be useful,                #
# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
# GNU General Public License for more details.                             #
#                                                                          #
# You should have received a copy of the GNU General Public License        #
# along with IPFire; if not, write to the Free Software                    #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
#                                                                          #
# Copyright (C) 2023 IPFire-Team <info@ipfire.org>.                        #
#                                                                          #
############################################################################
#
. /opt/pakfire/lib/functions.sh
/usr/local/bin/backupctrl exclude >/dev/null 2>&1

core=175

exit_with_error() {
    # Set last succesfull installed core.
    echo $(($core-1)) > /opt/pakfire/db/core/mine
    # force fsck at next boot, this may fix free space on xfs
    touch /forcefsck
    # don't start pakfire again at error
    killall -KILL pak_update
    /usr/bin/logger -p syslog.emerg -t ipfire \
	"core-update-${core}: $1"
    exit $2
}

# Remove old core updates from pakfire cache to save space...
for (( i=1; i<=$core; i++ )); do
	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
done

# Stop services
/etc/rc.d/init.d/apache stop
/etc/rc.d/init.d/ntp stop
/etc/rc.d/init.d/sshd stop
/etc/rc.d/init.d/squid stop
/etc/rc.d/init.d/unbound stop
/etc/rc.d/init.d/suricata stop

KVER="xxxKVERxxx"

# Backup uEnv.txt if exist
if [ -e /boot/uEnv.txt ]; then
    cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
fi

# Do some sanity checks prior to the kernel update
case $(uname -r) in
    *-ipfire*)
	# Ok.
	;;
    *)
	exit_with_error "ERROR cannot update. No IPFire Kernel." 1
	;;
esac

# Check diskspace on root
ROOTSPACE=$( df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1 )

if [ $ROOTSPACE -lt 100000 ]; then
    exit_with_error "ERROR cannot update because not enough free space on root." 2
    exit 2
fi

# Remove the old kernel
rm -rvf \
	/boot/System.map-* \
	/boot/config-* \
	/boot/ipfirerd-* \
	/boot/initramfs-* \
	/boot/vmlinuz-* \
	/boot/uImage-* \
	/boot/zImage-* \
	/boot/uInit-* \
	/boot/dtb-* \
	/lib/modules

# Remove any dropped add-ons, if installed
for package in powertop python3-attr python3-pkgconfig; do
        if [ -e "/opt/pakfire/db/installed/meta-${package}" ]; then
		stop_service "${package}"
		for i in $(</opt/pakfire/db/rootfiles/${package}); do
			rm -rfv "/${i}"
		done
        fi
        rm -f "/opt/pakfire/db/installed/meta-${package}"
        rm -f "/opt/pakfire/db/meta/meta-${package}"
        rm -f "/opt/pakfire/db/rootfiles/${package}"
done

# Extract files
extract_files

# Remove files
rm -rvf \
	/etc/rc.d/init.d/lvmetad \
	/etc/rc.d/rcsysinit.d/S09lvmetad \
	/lib/firmware/liquidio/lio_23xx_vsw.bin \
	/usr/lib/libbind9-9.16.38.so \
	/usr/lib/libdns-9.16.38.so \
	/usr/lib/libirs-9.16.38.so \
	/usr/lib/libisc-9.16.38.so \
	/usr/lib/libisccc-9.16.38.so \
	/usr/lib/libisccfg-9.16.38.so \
	/usr/lib/libns-9.16.38.so \
	/usr/lib/libqpdf.so.28* \
	/var/ipfire/menu.d/EX-addonsvc.menu \
	/var/ipfire/menu.d/EX-asterisk.menu \
	/var/ipfire/menu.d/EX-bluetooth.menu

# update linker config
ldconfig

# Update Language cache
/usr/local/bin/update-lang-cache

# Filesytem cleanup
/usr/local/bin/filesystem-cleanup

# Fix permissions of /var/log/pakfire.log
chmod -v 644 /var/log/pakfire.log

# Apply local configuration to sshd_config
/usr/local/bin/sshctrl

# Reload firewall to fix #13088 as fast as possible
/etc/rc.d/init.d/firewall reload

# Start services
if grep -q "ENABLE_IDS=on" /var/ipfire/suricata/settings; then
	/etc/rc.d/init.d/suricata start
fi
/etc/rc.d/init.d/unbound start
/etc/rc.d/init.d/apache start
/etc/rc.d/init.d/ntp start
if grep -q "ENABLE_SSH=on" /var/ipfire/remote/settings; then
	/etc/init.d/sshd start
fi
if [ -f /var/ipfire/proxy/enable ]; then
	/etc/init.d/squid start
fi

# Regenerate all initrds
dracut --regenerate-all --force
case "$(uname -m)" in
	aarch64)
		mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
		# dont remove initramfs because grub need this to boot.
		;;
esac

# remove lm_sensor config after collectd was started
# to re-search sensors at next boot with updated kernel
rm -f  /etc/sysconfig/lm_sensors

# Upadate Kernel version in uEnv.txt
if [ -e /boot/uEnv.txt ]; then
    sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt
fi

# Call user update script (needed for some ARM boards)
if [ -e /boot/pakfire-kernel-update ]; then
    /boot/pakfire-kernel-update ${KVER}
fi

## Add providers legacy default line to n2n client config files
# Check if ovpnconfig exists and is not empty
if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
       # Identify all n2n connections
       for y in $(awk -F',' '/net/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
           # Add the legacy option to all N2N client conf files
		if [ $(grep -c "Open VPN Client Config" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 1 ] ; then
			if [ $(grep -c "providers legacy default" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 0 ] ; then
				echo "providers legacy default" >> /var/ipfire/ovpn/n2nconf/${y}/${y}.conf
			fi
		fi
       done
fi

## Add unique_subject = yes to vpn index.txt.attr file
echo "unique_subject = yes" > /var/ipfire/certs/index.txt.attr

# This update needs a reboot...
touch /var/run/need_reboot

# Finish
/etc/init.d/fireinfo start
sendprofile

# Update grub config to display new core version
if [ -e /boot/grub/grub.cfg ]; then
	grub-mkconfig -o /boot/grub/grub.cfg
fi

sync

# Don't report the exitcode last command
exit 0
Commit	Line	Data
89e25656 PM	1	#!/bin/bash
	2	############################################################################
	3	# #
	4	# This file is part of the IPFire Firewall. #
	5	# #
	6	# IPFire is free software; you can redistribute it and/or modify #
	7	# it under the terms of the GNU General Public License as published by #
	8	# the Free Software Foundation; either version 3 of the License, or #
	9	# (at your option) any later version. #
	10	# #
	11	# IPFire is distributed in the hope that it will be useful, #
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	14	# GNU General Public License for more details. #
	15	# #
	16	# You should have received a copy of the GNU General Public License #
	17	# along with IPFire; if not, write to the Free Software #
	18	# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
	19	# #
	20	# Copyright (C) 2023 IPFire-Team <info@ipfire.org>. #
	21	# #
	22	############################################################################
	23	#
	24	. /opt/pakfire/lib/functions.sh
	25	/usr/local/bin/backupctrl exclude >/dev/null 2>&1
	26
	27	core=175
	28
0179bff8 PM	29	exit_with_error() {
	30	# Set last succesfull installed core.
	31	echo $(($core-1)) > /opt/pakfire/db/core/mine
	32	# force fsck at next boot, this may fix free space on xfs
	33	touch /forcefsck
	34	# don't start pakfire again at error
	35	killall -KILL pak_update
	36	/usr/bin/logger -p syslog.emerg -t ipfire \
	37	"core-update-${core}: $1"
	38	exit $2
	39	}
	40
89e25656 PM	41	# Remove old core updates from pakfire cache to save space...
	42	for (( i=1; i<=$core; i++ )); do
	43	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
	44	done
	45
	46	# Stop services
ed0d38cf	47	/etc/rc.d/init.d/apache stop
1b85b019	48	/etc/rc.d/init.d/ntp stop
dc93dd9d	49	/etc/rc.d/init.d/sshd stop
9a671e7a	50	/etc/rc.d/init.d/squid stop
1b85b019	51	/etc/rc.d/init.d/unbound stop
a475adc1	52	/etc/rc.d/init.d/suricata stop
89e25656	53
0179bff8 PM	54	KVER="xxxKVERxxx"
	55
	56	# Backup uEnv.txt if exist
	57	if [ -e /boot/uEnv.txt ]; then
	58	cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
	59	fi
	60
	61	# Do some sanity checks prior to the kernel update
	62	case $(uname -r) in
	63	-ipfire)
	64	# Ok.
	65	;;
	66	*)
	67	exit_with_error "ERROR cannot update. No IPFire Kernel." 1
	68	;;
	69	esac
	70
	71	# Check diskspace on root
	72	ROOTSPACE=$( df / -Pk \| sed "s\| * \| \|g" \| cut -d" " -f4 \| tail -n 1 )
	73
	74	if [ $ROOTSPACE -lt 100000 ]; then
	75	exit_with_error "ERROR cannot update because not enough free space on root." 2
	76	exit 2
	77	fi
	78
	79	# Remove the old kernel
	80	rm -rvf \
	81	/boot/System.map-* \
	82	/boot/config-* \
	83	/boot/ipfirerd-* \
	84	/boot/initramfs-* \
	85	/boot/vmlinuz-* \
	86	/boot/uImage-* \
	87	/boot/zImage-* \
	88	/boot/uInit-* \
	89	/boot/dtb-* \
	90	/lib/modules
	91
94d883ab PM	92	# Remove any dropped add-ons, if installed
	93	for package in powertop python3-attr python3-pkgconfig; do
	94	if [ -e "/opt/pakfire/db/installed/meta-${package}" ]; then
	95	stop_service "${package}"
	96	for i in $(</opt/pakfire/db/rootfiles/${package}); do
	97	rm -rfv "/${i}"
	98	done
	99	fi
	100	rm -f "/opt/pakfire/db/installed/meta-${package}"
	101	rm -f "/opt/pakfire/db/meta/meta-${package}"
	102	rm -f "/opt/pakfire/db/rootfiles/${package}"
	103	done
20d7057f	104
89e25656 PM	105	# Extract files
	106	extract_files
	107
	108	# Remove files
ab634494	109	rm -rvf \
cef4dadd PM	110	/etc/rc.d/init.d/lvmetad \
cef4dadd PM	111	/etc/rc.d/rcsysinit.d/S09lvmetad \
3274424a	112	/lib/firmware/liquidio/lio_23xx_vsw.bin \
ab634494 PM	113	/usr/lib/libbind9-9.16.38.so \
	114	/usr/lib/libdns-9.16.38.so \
	115	/usr/lib/libirs-9.16.38.so \
	116	/usr/lib/libisc-9.16.38.so \
	117	/usr/lib/libisccc-9.16.38.so \
	118	/usr/lib/libisccfg-9.16.38.so \
8cffa300	119	/usr/lib/libns-9.16.38.so \
30b904fb	120	/usr/lib/libqpdf.so.28* \
8cffa300 PM	121	/var/ipfire/menu.d/EX-addonsvc.menu \
	122	/var/ipfire/menu.d/EX-asterisk.menu \
	123	/var/ipfire/menu.d/EX-bluetooth.menu
89e25656 PM	124
	125	# update linker config
	126	ldconfig
	127
	128	# Update Language cache
	129	/usr/local/bin/update-lang-cache
	130
	131	# Filesytem cleanup
	132	/usr/local/bin/filesystem-cleanup
	133
905a7727 PM	134	# Fix permissions of /var/log/pakfire.log
	135	chmod -v 644 /var/log/pakfire.log
	136
dc93dd9d PM	137	# Apply local configuration to sshd_config
	138	/usr/local/bin/sshctrl
	139
de5d9c9b PM	140	# Reload firewall to fix #13088 as fast as possible
de5d9c9b PM	141	/etc/rc.d/init.d/firewall reload
2739210a	142
89e25656	143	# Start services
a475adc1 PM	144	if grep -q "ENABLE_IDS=on" /var/ipfire/suricata/settings; then
	145	/etc/rc.d/init.d/suricata start
	146	fi
1b85b019	147	/etc/rc.d/init.d/unbound start
ed0d38cf	148	/etc/rc.d/init.d/apache start
1b85b019	149	/etc/rc.d/init.d/ntp start
dc93dd9d PM	150	if grep -q "ENABLE_SSH=on" /var/ipfire/remote/settings; then
	151	/etc/init.d/sshd start
	152	fi
9a671e7a PM	153	if [ -f /var/ipfire/proxy/enable ]; then
	154	/etc/init.d/squid start
	155	fi
89e25656	156
0179bff8 PM	157	# Regenerate all initrds
	158	dracut --regenerate-all --force
	159	case "$(uname -m)" in
	160	aarch64)
	161	mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
	162	# dont remove initramfs because grub need this to boot.
	163	;;
	164	esac
	165
	166	# remove lm_sensor config after collectd was started
	167	# to re-search sensors at next boot with updated kernel
	168	rm -f /etc/sysconfig/lm_sensors
	169
	170	# Upadate Kernel version in uEnv.txt
	171	if [ -e /boot/uEnv.txt ]; then
	172	sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt
	173	fi
	174
	175	# Call user update script (needed for some ARM boards)
	176	if [ -e /boot/pakfire-kernel-update ]; then
	177	/boot/pakfire-kernel-update ${KVER}
	178	fi
	179
2054306c AB	180	## Add providers legacy default line to n2n client config files
	181	# Check if ovpnconfig exists and is not empty
	182	if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
	183	# Identify all n2n connections
	184	for y in $(awk -F',' '/net/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
	185	# Add the legacy option to all N2N client conf files
	186	if [ $(grep -c "Open VPN Client Config" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 1 ] ; then
	187	if [ $(grep -c "providers legacy default" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 0 ] ; then
	188	echo "providers legacy default" >> /var/ipfire/ovpn/n2nconf/${y}/${y}.conf
	189	fi
	190	fi
	191	done
	192	fi
	193
d57f305a AB	194	## Add unique_subject = yes to vpn index.txt.attr file
	195	echo "unique_subject = yes" > /var/ipfire/certs/index.txt.attr
	196
89e25656	197	# This update needs a reboot...
0179bff8	198	touch /var/run/need_reboot
89e25656 PM	199
	200	# Finish
	201	/etc/init.d/fireinfo start
	202	sendprofile
	203
	204	# Update grub config to display new core version
	205	if [ -e /boot/grub/grub.cfg ]; then
	206	grub-mkconfig -o /boot/grub/grub.cfg
	207	fi
	208
	209	sync
	210
	211	# Don't report the exitcode last command
	212	exit 0