]> git.ipfire.org Git - ipfire-2.x.git/blob - config/rootfiles/oldcore/183/update.sh
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'next'
[ipfire-2.x.git] / config / rootfiles / oldcore / 183 / update.sh
1 #!/bin/bash
2 ############################################################################
3 # #
4 # This file is part of the IPFire Firewall. #
5 # #
6 # IPFire is free software; you can redistribute it and/or modify #
7 # it under the terms of the GNU General Public License as published by #
8 # the Free Software Foundation; either version 3 of the License, or #
9 # (at your option) any later version. #
10 # #
11 # IPFire is distributed in the hope that it will be useful, #
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
14 # GNU General Public License for more details. #
15 # #
16 # You should have received a copy of the GNU General Public License #
17 # along with IPFire; if not, write to the Free Software #
18 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
19 # #
20 # Copyright (C) 2024 IPFire-Team <info@ipfire.org>. #
21 # #
22 ############################################################################
23 #
24 . /opt/pakfire/lib/functions.sh
25 /usr/local/bin/backupctrl exclude >/dev/null 2>&1
26
27 core=183
28
29 exit_with_error() {
30 # Set last succesfull installed core.
31 echo $(($core-1)) > /opt/pakfire/db/core/mine
32 # force fsck at next boot, this may fix free space on xfs
33 touch /forcefsck
34 # don't start pakfire again at error
35 killall -KILL pak_update
36 /usr/bin/logger -p syslog.emerg -t ipfire \
37 "core-update-${core}: $1"
38 exit $2
39 }
40
41 # Remove old core updates from pakfire cache to save space...
42 for (( i=1; i<=$core; i++ )); do
43 rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
44 done
45
46 # Stop services
47 /etc/rc.d/init.d/ipsec stop
48 /etc/rc.d/init.d/apache stop
49 /etc/rc.d/init.d/sshd stop
50
51 KVER="xxxKVERxxx"
52
53 # Backup uEnv.txt if exist
54 if [ -e /boot/uEnv.txt ]; then
55 cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
56 fi
57
58 # Do some sanity checks prior to the kernel update
59 case $(uname -r) in
60 *-ipfire*)
61 # Ok.
62 ;;
63 *)
64 exit_with_error "ERROR cannot update. No IPFire Kernel." 1
65 ;;
66 esac
67
68 # Check diskspace on root and size of boot
69 ROOTSPACE=$( df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1 )
70 if [ $ROOTSPACE -lt 200000 ]; then
71 exit_with_error "ERROR cannot update because not enough free space on root." 2
72 fi
73 BOOTSIZE=$( df /boot -Pk | sed "s| * | |g" | cut -d" " -f2 | tail -n 1 )
74 if [ $BOOTSIZE -lt 100000 ]; then
75 exit_with_error "ERROR cannot update. BOOT partition is to small." 3
76 fi
77
78 # Remove the old kernel
79 rm -rvf \
80 /boot/System.map-* \
81 /boot/config-* \
82 /boot/ipfirerd-* \
83 /boot/initramfs-* \
84 /boot/vmlinuz-* \
85 /boot/uImage-* \
86 /boot/zImage-* \
87 /boot/uInit-* \
88 /boot/dtb-* \
89 /lib/modules
90
91 # Extract files
92 extract_files
93
94 # Remove files
95 rm -rvf \
96 /etc/fonts/conf.d/10-sub-pixel-rgb.conf \
97 /srv/web/ipfire/html/themes/ipfire/images \
98 /usr/lib/libbind9-9.16.44.so \
99 /usr/lib/libdns-9.16.44.so \
100 /usr/lib/libirs-9.16.44.so \
101 /usr/lib/libisc-9.16.44.so \
102 /usr/lib/libisccc-9.16.44.so \
103 /usr/lib/libisccfg-9.16.44.so \
104 /usr/lib/libns-9.16.44.so \
105 /usr/lib/libxml2.so.2.11*
106
107 # update linker config
108 ldconfig
109
110 # Update Language cache
111 /usr/local/bin/update-lang-cache
112
113 # Filesytem cleanup
114 /usr/local/bin/filesystem-cleanup
115
116 # Relaunch init
117 telinit u
118
119 # Apply local configuration to sshd_config
120 /usr/local/bin/sshctrl
121
122 # Fix permissions of /etc/sudoers.d/
123 chmod -v 750 /etc/sudoers.d
124 chmod -v 640 /etc/sudoers.d/*
125
126 # Check apache rsa key and replace if it is too small
127 KEYSIZE=$(openssl rsa -in /etc/httpd/server.key -text -noout | sed -n 's/Private-Key:\ (\(.*\)\ bit.*/\1/p')
128 if [ $KEYSIZE \< 2048 ]; then
129 echo "Generating new HTTPS RSA server key (this will take a moment)..."
130 openssl genrsa -out /etc/httpd/server.key 4096 &>/dev/null
131 chmod 600 /etc/httpd/server.key
132 sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
133 openssl req -new -key /etc/httpd/server.key \
134 -out /etc/httpd/server.csr &>/dev/null
135 openssl x509 -req -days 999999 -sha256 \
136 -in /etc/httpd/server.csr \
137 -signkey /etc/httpd/server.key \
138 -out /etc/httpd/server.crt &>/dev/null
139 fi
140
141 # Start services
142 /etc/rc.d/init.d/apache start
143 if grep -q "ENABLE_SSH=on" /var/ipfire/remote/settings; then
144 /etc/init.d/sshd start
145 fi
146 if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
147 /etc/rc.d/init.d/ipsec start
148 fi
149 /etc/init.d/suricata restart
150
151 # Rebuild initial ramdisks
152 dracut --regenerate-all --force
153 KVER="xxxKVERxxx"
154 case "$(uname -m)" in
155 aarch64)
156 mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
157 # dont remove initramfs because grub need this to boot.
158 ;;
159 esac
160
161 # Upadate Kernel version in uEnv.txt
162 if [ -e /boot/uEnv.txt ]; then
163 sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt
164 fi
165
166 # Call user update script (needed for some ARM boards)
167 if [ -e /boot/pakfire-kernel-update ]; then
168 /boot/pakfire-kernel-update ${KVER}
169 fi
170
171 # This update needs a reboot...
172 touch /var/run/need_reboot
173
174 # Finish
175 /etc/init.d/fireinfo start
176 sendprofile
177
178 # Update grub config to display new core version
179 if [ -e /boot/grub/grub.cfg ]; then
180 /usr/bin/install-bootloader
181 fi
182
183 sync
184
185 # Don't report the exitcode last command
186 exit 0
IPFire 2.x development tree