]>
Commit | Line | Data |
---|---|---|
ffe528be MT |
1 | #!/bin/bash |
2 | ############################################################################ | |
3 | # # | |
4 | # This file is part of the IPFire Firewall. # | |
5 | # # | |
6 | # IPFire is free software; you can redistribute it and/or modify # | |
7 | # it under the terms of the GNU General Public License as published by # | |
8 | # the Free Software Foundation; either version 3 of the License, or # | |
9 | # (at your option) any later version. # | |
10 | # # | |
11 | # IPFire is distributed in the hope that it will be useful, # | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
14 | # GNU General Public License for more details. # | |
15 | # # | |
16 | # You should have received a copy of the GNU General Public License # | |
17 | # along with IPFire; if not, write to the Free Software # | |
18 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # | |
19 | # # | |
b8f2d9da | 20 | # Copyright (C) 2024 IPFire-Team <info@ipfire.org>. # |
ffe528be MT |
21 | # # |
22 | ############################################################################ | |
23 | # | |
24 | . /opt/pakfire/lib/functions.sh | |
25 | /usr/local/bin/backupctrl exclude >/dev/null 2>&1 | |
26 | ||
24dbe4ea | 27 | core=185 |
ffe528be MT |
28 | |
29 | # Remove old core updates from pakfire cache to save space... | |
30 | for (( i=1; i<=$core; i++ )); do | |
31 | rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire | |
32 | done | |
33 | ||
34 | # Stop services | |
b8f2d9da | 35 | /etc/init.d/ntp stop |
8b4cc72d | 36 | /etc/init.d/squid stop |
ffe528be MT |
37 | |
38 | # Extract files | |
39 | extract_files | |
40 | ||
41 | # Remove files | |
d6511c82 | 42 | rm -rvf \ |
0b29422c | 43 | /etc/pango \ |
d6511c82 PM |
44 | /lib/firmware/ath10k/WCN3990/hw1.0/notice.txt_wlanmdsp \ |
45 | /lib/firmware/ath11k/IPQ6018/hw1.0/Notice.txt \ | |
46 | /lib/firmware/ath11k/IPQ8074/hw2.0/Notice.txt \ | |
47 | /lib/firmware/ath11k/QCA6390/hw2.0/Notice.txt \ | |
48 | /lib/firmware/ath11k/QCN9074/hw1.0/Notice.txt \ | |
49 | /lib/firmware/ath11k/WCN6855/hw2.0/Notice.txt \ | |
50 | /lib/firmware/intel-ucode/06-86-04 \ | |
0b29422c PM |
51 | /lib/firmware/intel-ucode/06-86-05 \ |
52 | /sbin/xtables-multi \ | |
53 | /srv/web/ipfire/html/themes/ipfire-rounded \ | |
54 | /usr/lib/crda/pubkeys/linville.key.pub.pem \ | |
55 | /usr/lib/grub/i386-pc/efiemu{32,64}.o \ | |
56 | /usr/lib/grub/i386-pc/verifiers.* \ | |
57 | /usr/lib/grub/i386-pc/verify.* \ | |
58 | /usr/lib/grub/x86_64-efi/shim_lock.* \ | |
59 | /usr/lib/grub/x86_64-efi/verifiers.* \ | |
60 | /usr/lib/grub/x86_64-efi/verify.* \ | |
61 | /usr/lib/snort_dynamic* \ | |
62 | /usr/local/bin/snortctrl \ | |
63 | /usr/share/usb_modeswitch/1033:0035 \ | |
64 | /usr/share/vim/vim7* \ | |
65 | /var/ipfire/geoip-functions.pl \ | |
66 | /var/ipfire/dhcpc/dhcpcd-hooks/00-linux \ | |
67 | /var/ipfire/dhcpc/dhcpcd-hooks/02-dump \ | |
68 | /var/lib/location/tmp* | |
ffe528be MT |
69 | |
70 | # update linker config | |
71 | ldconfig | |
72 | ||
73 | # Update Language cache | |
74 | /usr/local/bin/update-lang-cache | |
75 | ||
76 | # Filesytem cleanup | |
77 | /usr/local/bin/filesystem-cleanup | |
78 | ||
79 | # Apply local configuration to sshd_config | |
80 | /usr/local/bin/sshctrl | |
81 | ||
6336428e PM |
82 | # Fix permissions of /etc/sudoers.d/ |
83 | chmod -v 750 /etc/sudoers.d | |
84 | chmod -v 640 /etc/sudoers.d/* | |
85 | ||
ffe528be | 86 | # Start services |
448a98dc | 87 | telinit u |
772c150b | 88 | /etc/init.d/sshd restart |
65c19014 | 89 | /etc/init.d/suricata restart |
c5b441a4 | 90 | /etc/init.d/unbound restart |
b8f2d9da | 91 | /etc/init.d/ntp start |
8b4cc72d MT |
92 | if [ -f /var/ipfire/proxy/enable ]; then |
93 | /etc/init.d/squid start | |
94 | f | |
6dac44d4 AB |
95 | ## Modify ovpnconfig according to bug 13548 for no-pass entry for N2N client connections |
96 | # Check if ovpnconfig exists and is not empty | |
97 | if [ -s /var/ipfire/ovpn/ovpnconfig ]; then | |
98 | # Add blank line at top of ovpnconfig otherwise the first roadwarrior entry is treated like a blank line and missed out from update | |
99 | awk 'NR==1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig | |
100 | ||
101 | # Make all N2N connections 'no-pass' since they do not use encryption | |
102 | awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new | |
103 | ||
104 | # Copy all RW connections unchanged to the new ovpnconfig file | |
105 | for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do | |
106 | awk -v var="$y" '{FS=OFS=","} {if($3==var) {print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new | |
107 | ||
108 | done | |
109 | fi | |
110 | ||
111 | # Replace existing ovpnconfig with updated index | |
112 | mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig | |
113 | # Set correct ownership | |
114 | chown nobody:nobody /var/ipfire/ovpn/ovpnconfig | |
115 | ||
ffe528be | 116 | # This update needs a reboot... |
24dbe4ea | 117 | #touch /var/run/need_reboot |
ffe528be MT |
118 | |
119 | # Finish | |
120 | /etc/init.d/fireinfo start | |
121 | sendprofile | |
122 | ||
123 | # Update grub config to display new core version | |
124 | if [ -e /boot/grub/grub.cfg ]; then | |
125 | grub-mkconfig -o /boot/grub/grub.cfg | |
126 | fi | |
127 | ||
128 | sync | |
129 | ||
130 | # Don't report the exitcode last command | |
131 | exit 0 |