]> git.ipfire.org Git - ipfire-2.x.git/blob - config/rootfiles/core/172/update.sh
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Core Update 172: Ship bind
[ipfire-2.x.git] / config / rootfiles / core / 172 / update.sh
1 #!/bin/bash
2 ############################################################################
3 # #
4 # This file is part of the IPFire Firewall. #
5 # #
6 # IPFire is free software; you can redistribute it and/or modify #
7 # it under the terms of the GNU General Public License as published by #
8 # the Free Software Foundation; either version 3 of the License, or #
9 # (at your option) any later version. #
10 # #
11 # IPFire is distributed in the hope that it will be useful, #
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
14 # GNU General Public License for more details. #
15 # #
16 # You should have received a copy of the GNU General Public License #
17 # along with IPFire; if not, write to the Free Software #
18 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
19 # #
20 # Copyright (C) 2022 IPFire-Team <info@ipfire.org>. #
21 # #
22 ############################################################################
23 #
24 . /opt/pakfire/lib/functions.sh
25 /usr/local/bin/backupctrl exclude >/dev/null 2>&1
26
27 core=172
28
29 # Remove old core updates from pakfire cache to save space...
30 for (( i=1; i<=$core; i++ )); do
31 rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
32 done
33
34 # Stop services
35 /etc/rc.d/init.d/ipsec stop
36 /usr/local/bin/openvpnctrl -k
37 /usr/local/bin/openvpnctrl -kn2n
38 /etc/rc.d/init.d/sshd stop
39 /etc/rc.d/init.d/unbound stop
40
41 # Remove files
42 rm -rvf \
43 /etc/strongswan.d/scepclient.conf \
44 /lib/libz.so.1.2.12 \
45 /usr/lib/libbind9-9.16.33.so \
46 /usr/lib/libdns-9.16.33.so \
47 /usr/lib/libexpat.so.1.8.9 \
48 /usr/lib/libirs-9.16.33.so \
49 /usr/lib/libisc-9.16.33.so \
50 /usr/lib/libisccc-9.16.33.so \
51 /usr/lib/libisccfg-9.16.33.so \
52 /usr/lib/libns-9.16.33.so \
53 /usr/lib/libunbound.so.8.1.1* \
54 /usr/lib/libxml2.so.2.9.* \
55 /usr/lib/python3.10/ensurepip/_bundled/pip-21* \
56 /usr/lib/python3.10/ensurepip/_bundled/setuptools-5* \
57 /usr/lib/python3.10/lib2to3/Grammar3.10.* \
58 /usr/lib/python3.10/lib2to3/PatternGrammar3.10.* \
59 /usr/lib/python3.10/site-packages/pip-21.* \
60 /usr/lib/python3.10/site-packages/pip/_internal/utils/parallel.py \
61 /usr/lib/python3.10/site-packages/pip/_internal/utils/pkg_resources.py \
62 /usr/lib/python3.10/site-packages/pip/_vendor/appdirs.py \
63 /usr/lib/python3.10/site-packages/pip/_vendor/chardet/compat.py \
64 /usr/lib/python3.10/site-packages/pip/_vendor/distlib/_backport \
65 /usr/lib/python3.10/site-packages/pip/_vendor/distro.py \
66 /usr/lib/python3.10/site-packages/pip/_vendor/html5lib \
67 /usr/lib/python3.10/site-packages/pip/_vendor/msgpack/_version.py \
68 /usr/lib/python3.10/site-packages/pip/_vendor/progress \
69 /usr/lib/python3.10/site-packages/pip/_vendor/pyparsing.py \
70 /usr/lib/python3.10/site-packages/pip/_vendor/urllib3/packages/ssl_match_hostname \
71 /usr/lib/python3.10/site-packages/pkg_resources/_vendor/packaging/_compat.py \
72 /usr/lib/python3.10/site-packages/pkg_resources/_vendor/packaging/_typing.py \
73 /usr/lib/python3.10/site-packages/pkg_resources/_vendor/pyparsing.py \
74 /usr/lib/python3.10/site-packages/pkg_resources/tests/data \
75 /usr/lib/python3.10/site-packages/setuptools-5* \
76 /usr/lib/python3.10/site-packages/setuptools/_distutils/py35compat.py \
77 /usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/_compat.py \
78 /usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/_typing.py \
79 /usr/lib/python3.10/site-packages/setuptools/_vendor/pyparsing.py \
80 /usr/lib/python3.10/site-packages/setuptools/config.py \
81 /usr/lib/python3.10/site-packages/setuptools_rust/utils.py \
82 /usr/libexec/ipsec/scepclient \
83 /var/ipfire/ca/dh1024.pem
84
85 # Remove powertop add-on, if installed
86 if [ -e "/opt/pakfire/db/installed/meta-powertop" ]; then
87 for i in $(</opt/pakfire/db/rootfiles/powertop); do
88 rm -rfv "/${i}"
89 done
90 fi
91 rm -vf \
92 /opt/pakfire/db/installed/meta-powertop \
93 /opt/pakfire/db/meta/meta-powertop \
94 /opt/pakfire/db/rootfiles/powertop
95
96 # Extract files
97 extract_files
98
99 # update linker config
100 ldconfig
101
102 # Update Language cache
103 /usr/local/bin/update-lang-cache
104
105 # Filesytem cleanup
106 /usr/local/bin/filesystem-cleanup
107
108 # Apply local configuration to sshd_config
109 /usr/local/bin/sshctrl
110
111 # Correct permissions of some library files
112 chown -Rv root:root /var/ipfire/connscheduler/lib.pl /var/ipfire/updatexlrator/updxlrator-lib.pl /var/ipfire/menu.d/*
113
114 # Replace existing OpenVPN Diffie-Hellman parameter by ffdhe4096, as specified in RFC 7919
115 if [ -f /var/ipfire/ovpn/server.conf ]; then
116 sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/server.conf
117 fi
118
119 if [ -f "/var/ipfire/ovpn/n2nconf/*/*.conf" ]; then
120 sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/n2nconf/*/*.conf
121 fi
122
123 # Start services
124 /etc/init.d/unbound start
125 if grep -q "ENABLE_SSH=on" /var/ipfire/remote/settings; then
126 /etc/init.d/sshd start
127 fi
128 if grep -q "ENABLED=on" /var/ipfire/ovpn/settings; then
129 /usr/local/bin/openvpnctrl -s
130 /usr/local/bin/openvpnctrl -sn2n
131 fi
132 if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
133 /etc/init.d/ipsec start
134 fi
135
136 # This update needs a reboot...
137 touch /var/run/need_reboot
138
139 # Finish
140 /etc/init.d/fireinfo start
141 sendprofile
142
143 # Update grub config to display new core version
144 if [ -e /boot/grub/grub.cfg ]; then
145 grub-mkconfig -o /boot/grub/grub.cfg
146 fi
147
148 sync
149
150 # Don't report the exitcode last command
151 exit 0
IPFire 2.x development tree