]>
Commit | Line | Data |
---|---|---|
89e25656 PM |
1 | #!/bin/bash |
2 | ############################################################################ | |
3 | # # | |
4 | # This file is part of the IPFire Firewall. # | |
5 | # # | |
6 | # IPFire is free software; you can redistribute it and/or modify # | |
7 | # it under the terms of the GNU General Public License as published by # | |
8 | # the Free Software Foundation; either version 3 of the License, or # | |
9 | # (at your option) any later version. # | |
10 | # # | |
11 | # IPFire is distributed in the hope that it will be useful, # | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
14 | # GNU General Public License for more details. # | |
15 | # # | |
16 | # You should have received a copy of the GNU General Public License # | |
17 | # along with IPFire; if not, write to the Free Software # | |
18 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # | |
19 | # # | |
20 | # Copyright (C) 2023 IPFire-Team <info@ipfire.org>. # | |
21 | # # | |
22 | ############################################################################ | |
23 | # | |
24 | . /opt/pakfire/lib/functions.sh | |
25 | /usr/local/bin/backupctrl exclude >/dev/null 2>&1 | |
26 | ||
27 | core=175 | |
28 | ||
0179bff8 PM |
29 | exit_with_error() { |
30 | # Set last succesfull installed core. | |
31 | echo $(($core-1)) > /opt/pakfire/db/core/mine | |
32 | # force fsck at next boot, this may fix free space on xfs | |
33 | touch /forcefsck | |
34 | # don't start pakfire again at error | |
35 | killall -KILL pak_update | |
36 | /usr/bin/logger -p syslog.emerg -t ipfire \ | |
37 | "core-update-${core}: $1" | |
38 | exit $2 | |
39 | } | |
40 | ||
89e25656 PM |
41 | # Remove old core updates from pakfire cache to save space... |
42 | for (( i=1; i<=$core; i++ )); do | |
43 | rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire | |
44 | done | |
45 | ||
46 | # Stop services | |
ed0d38cf | 47 | /etc/rc.d/init.d/apache stop |
1b85b019 | 48 | /etc/rc.d/init.d/ntp stop |
dc93dd9d | 49 | /etc/rc.d/init.d/sshd stop |
9a671e7a | 50 | /etc/rc.d/init.d/squid stop |
1b85b019 | 51 | /etc/rc.d/init.d/unbound stop |
a475adc1 | 52 | /etc/rc.d/init.d/suricata stop |
89e25656 | 53 | |
0179bff8 PM |
54 | KVER="xxxKVERxxx" |
55 | ||
56 | # Backup uEnv.txt if exist | |
57 | if [ -e /boot/uEnv.txt ]; then | |
58 | cp -vf /boot/uEnv.txt /boot/uEnv.txt.org | |
59 | fi | |
60 | ||
61 | # Do some sanity checks prior to the kernel update | |
62 | case $(uname -r) in | |
63 | *-ipfire*) | |
64 | # Ok. | |
65 | ;; | |
66 | *) | |
67 | exit_with_error "ERROR cannot update. No IPFire Kernel." 1 | |
68 | ;; | |
69 | esac | |
70 | ||
71 | # Check diskspace on root | |
72 | ROOTSPACE=$( df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1 ) | |
73 | ||
74 | if [ $ROOTSPACE -lt 100000 ]; then | |
75 | exit_with_error "ERROR cannot update because not enough free space on root." 2 | |
76 | exit 2 | |
77 | fi | |
78 | ||
79 | # Remove the old kernel | |
80 | rm -rvf \ | |
81 | /boot/System.map-* \ | |
82 | /boot/config-* \ | |
83 | /boot/ipfirerd-* \ | |
84 | /boot/initramfs-* \ | |
85 | /boot/vmlinuz-* \ | |
86 | /boot/uImage-* \ | |
87 | /boot/zImage-* \ | |
88 | /boot/uInit-* \ | |
89 | /boot/dtb-* \ | |
90 | /lib/modules | |
91 | ||
94d883ab PM |
92 | # Remove any dropped add-ons, if installed |
93 | for package in powertop python3-attr python3-pkgconfig; do | |
94 | if [ -e "/opt/pakfire/db/installed/meta-${package}" ]; then | |
95 | stop_service "${package}" | |
96 | for i in $(</opt/pakfire/db/rootfiles/${package}); do | |
97 | rm -rfv "/${i}" | |
98 | done | |
99 | fi | |
100 | rm -f "/opt/pakfire/db/installed/meta-${package}" | |
101 | rm -f "/opt/pakfire/db/meta/meta-${package}" | |
102 | rm -f "/opt/pakfire/db/rootfiles/${package}" | |
103 | done | |
20d7057f | 104 | |
89e25656 PM |
105 | # Extract files |
106 | extract_files | |
107 | ||
108 | # Remove files | |
ab634494 | 109 | rm -rvf \ |
cef4dadd PM |
110 | /etc/rc.d/init.d/lvmetad \ |
111 | /etc/rc.d/rcsysinit.d/S09lvmetad \ | |
3274424a | 112 | /lib/firmware/liquidio/lio_23xx_vsw.bin \ |
ab634494 PM |
113 | /usr/lib/libbind9-9.16.38.so \ |
114 | /usr/lib/libdns-9.16.38.so \ | |
115 | /usr/lib/libirs-9.16.38.so \ | |
116 | /usr/lib/libisc-9.16.38.so \ | |
117 | /usr/lib/libisccc-9.16.38.so \ | |
118 | /usr/lib/libisccfg-9.16.38.so \ | |
8cffa300 | 119 | /usr/lib/libns-9.16.38.so \ |
30b904fb | 120 | /usr/lib/libqpdf.so.28* \ |
8cffa300 PM |
121 | /var/ipfire/menu.d/EX-addonsvc.menu \ |
122 | /var/ipfire/menu.d/EX-asterisk.menu \ | |
123 | /var/ipfire/menu.d/EX-bluetooth.menu | |
89e25656 PM |
124 | |
125 | # update linker config | |
126 | ldconfig | |
127 | ||
128 | # Update Language cache | |
129 | /usr/local/bin/update-lang-cache | |
130 | ||
131 | # Filesytem cleanup | |
132 | /usr/local/bin/filesystem-cleanup | |
133 | ||
905a7727 PM |
134 | # Fix permissions of /var/log/pakfire.log |
135 | chmod -v 644 /var/log/pakfire.log | |
136 | ||
dc93dd9d PM |
137 | # Apply local configuration to sshd_config |
138 | /usr/local/bin/sshctrl | |
139 | ||
de5d9c9b PM |
140 | # Reload firewall to fix #13088 as fast as possible |
141 | /etc/rc.d/init.d/firewall reload | |
2739210a | 142 | |
89e25656 | 143 | # Start services |
a475adc1 PM |
144 | if grep -q "ENABLE_IDS=on" /var/ipfire/suricata/settings; then |
145 | /etc/rc.d/init.d/suricata start | |
146 | fi | |
1b85b019 | 147 | /etc/rc.d/init.d/unbound start |
ed0d38cf | 148 | /etc/rc.d/init.d/apache start |
1b85b019 | 149 | /etc/rc.d/init.d/ntp start |
dc93dd9d PM |
150 | if grep -q "ENABLE_SSH=on" /var/ipfire/remote/settings; then |
151 | /etc/init.d/sshd start | |
152 | fi | |
9a671e7a PM |
153 | if [ -f /var/ipfire/proxy/enable ]; then |
154 | /etc/init.d/squid start | |
155 | fi | |
89e25656 | 156 | |
0179bff8 PM |
157 | # Regenerate all initrds |
158 | dracut --regenerate-all --force | |
159 | case "$(uname -m)" in | |
160 | aarch64) | |
161 | mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire | |
162 | # dont remove initramfs because grub need this to boot. | |
163 | ;; | |
164 | esac | |
165 | ||
166 | # remove lm_sensor config after collectd was started | |
167 | # to re-search sensors at next boot with updated kernel | |
168 | rm -f /etc/sysconfig/lm_sensors | |
169 | ||
170 | # Upadate Kernel version in uEnv.txt | |
171 | if [ -e /boot/uEnv.txt ]; then | |
172 | sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt | |
173 | fi | |
174 | ||
175 | # Call user update script (needed for some ARM boards) | |
176 | if [ -e /boot/pakfire-kernel-update ]; then | |
177 | /boot/pakfire-kernel-update ${KVER} | |
178 | fi | |
179 | ||
2054306c AB |
180 | ## Add providers legacy default line to n2n client config files |
181 | # Check if ovpnconfig exists and is not empty | |
182 | if [ -s /var/ipfire/ovpn/ovpnconfig ]; then | |
183 | # Identify all n2n connections | |
184 | for y in $(awk -F',' '/net/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do | |
185 | # Add the legacy option to all N2N client conf files | |
186 | if [ $(grep -c "Open VPN Client Config" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 1 ] ; then | |
187 | if [ $(grep -c "providers legacy default" /var/ipfire/ovpn/n2nconf/${y}/${y}.conf) -eq 0 ] ; then | |
188 | echo "providers legacy default" >> /var/ipfire/ovpn/n2nconf/${y}/${y}.conf | |
189 | fi | |
190 | fi | |
191 | done | |
192 | fi | |
193 | ||
d57f305a AB |
194 | ## Add unique_subject = yes to vpn index.txt.attr file |
195 | echo "unique_subject = yes" > /var/ipfire/certs/index.txt.attr | |
196 | ||
89e25656 | 197 | # This update needs a reboot... |
0179bff8 | 198 | touch /var/run/need_reboot |
89e25656 PM |
199 | |
200 | # Finish | |
201 | /etc/init.d/fireinfo start | |
202 | sendprofile | |
203 | ||
204 | # Update grub config to display new core version | |
205 | if [ -e /boot/grub/grub.cfg ]; then | |
206 | grub-mkconfig -o /boot/grub/grub.cfg | |
207 | fi | |
208 | ||
209 | sync | |
210 | ||
211 | # Don't report the exitcode last command | |
212 | exit 0 |