[people/pmueller/ipfire-2.x.git] / config / rootfiles / oldcore / 181 / update.sh

#!/bin/bash
############################################################################
#                                                                          #
# This file is part of the IPFire Firewall.                                #
#                                                                          #
# IPFire is free software; you can redistribute it and/or modify           #
# it under the terms of the GNU General Public License as published by     #
# the Free Software Foundation; either version 3 of the License, or        #
# (at your option) any later version.                                      #
#                                                                          #
# IPFire is distributed in the hope that it will be useful,                #
# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
# GNU General Public License for more details.                             #
#                                                                          #
# You should have received a copy of the GNU General Public License        #
# along with IPFire; if not, write to the Free Software                    #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
#                                                                          #
# Copyright (C) 2023 IPFire-Team <info@ipfire.org>.                        #
#                                                                          #
############################################################################
#
. /opt/pakfire/lib/functions.sh
/usr/local/bin/backupctrl exclude >/dev/null 2>&1

core=181

exit_with_error() {
    # Set last succesfull installed core.
    echo $(($core-1)) > /opt/pakfire/db/core/mine
    # force fsck at next boot, this may fix free space on xfs
    touch /forcefsck
    # don't start pakfire again at error
    killall -KILL pak_update
    /usr/bin/logger -p syslog.emerg -t ipfire \
	"core-update-${core}: $1"
    exit $2
}


# Remove old core updates from pakfire cache to save space...
for (( i=1; i<=$core; i++ )); do
	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
done

# Stop services

KVER="xxxKVERxxx"

# Backup uEnv.txt if exist
if [ -e /boot/uEnv.txt ]; then
    cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
fi

# Do some sanity checks prior to the kernel update
case $(uname -r) in
    *-ipfire*)
	# Ok.
	;;
    *)
	exit_with_error "ERROR cannot update. No IPFire Kernel." 1
	;;
esac

# Check diskspace on root
ROOTSPACE=$( df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1 )

if [ $ROOTSPACE -lt 100000 ]; then
    exit_with_error "ERROR cannot update because not enough free space on root." 2
    exit 2
fi

# Remove the old kernel
rm -rvf \
	/boot/System.map-* \
	/boot/config-* \
	/boot/ipfirerd-* \
	/boot/initramfs-* \
	/boot/vmlinuz-* \
	/boot/uImage-* \
	/boot/zImage-* \
	/boot/uInit-* \
	/boot/dtb-* \
	/lib/modules

# Extract files
extract_files

# Remove files
rm -rvf \
	/etc/udev/rules.d/81-cdrom.rules \
	/etc/udev/rules.d/83-cdrom-symlinks.rules \
	/lib/libudev.so.1.6.3 \
	/lib/udev/collect \
	/lib/udev/init-net-rules.sh \
	/lib/udev/rule_generator.functions \
	/lib/udev/write_cd_rules \
	/lib/udev/write_net_rules

# update linker config
ldconfig

# Update Language cache
/usr/local/bin/update-lang-cache

# Filesytem cleanup
/usr/local/bin/filesystem-cleanup

# Start services
telinit u
/etc/init.d/udev restart
/etc/init.d/apache restart

# Rebuild initial ramdisks
dracut --regenerate-all --force
KVER="xxxKVERxxx"
case "$(uname -m)" in
	aarch64)
		mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
		# dont remove initramfs because grub need this to boot.
		;;
esac

# remove lm_sensor config after collectd was started
# to re-search sensors at next boot with updated kernel
rm -f  /etc/sysconfig/lm_sensors

# Upadate Kernel version in uEnv.txt
if [ -e /boot/uEnv.txt ]; then
    sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt
fi

# Call user update script (needed for some ARM boards)
if [ -e /boot/pakfire-kernel-update ]; then
    /boot/pakfire-kernel-update ${KVER}
fi

## Modify ovpnconfig according to bug 11048 for pass, no-pass modification in ovpnconfig index
# Check if ovpnconfig exists and is not empty
if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
       # Add blank line at top of ovpnconfig otherwise the first roadwarrior entry is treated like a blank line and missed out from update
       awk 'NR==1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig

       # Make all N2N connections 'no-pass' since they do not use encryption
       awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new

       # Evaluate roadwarrior connection names for *.p12 files
       for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
           # Sort all unencrypted roadwarriors out and set 'no-pass' in [43] index
               if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'Encrypted data') ]]; then
                       awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
               fi
           # Sort all encrypted roadwarriors out and set 'pass' in [43] index
               if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'verify error')  ]]; then
                       awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
               fi
       done
fi

# Replace existing ovpnconfig with updated index
mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
# Set correct ownership
chown nobody:nobody /var/ipfire/ovpn/ovpnconfig

# This update needs a reboot...
touch /var/run/need_reboot

# Finish
/etc/init.d/fireinfo start
sendprofile

# Update grub config to display new core version
if [ -e /boot/grub/grub.cfg ]; then
	grub-mkconfig -o /boot/grub/grub.cfg
fi

sync

# Don't report the exitcode last command
exit 0
Commit	Line	Data
46e91ccc MT	1	#!/bin/bash
	2	############################################################################
	3	# #
	4	# This file is part of the IPFire Firewall. #
	5	# #
	6	# IPFire is free software; you can redistribute it and/or modify #
	7	# it under the terms of the GNU General Public License as published by #
	8	# the Free Software Foundation; either version 3 of the License, or #
	9	# (at your option) any later version. #
	10	# #
	11	# IPFire is distributed in the hope that it will be useful, #
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	14	# GNU General Public License for more details. #
	15	# #
	16	# You should have received a copy of the GNU General Public License #
	17	# along with IPFire; if not, write to the Free Software #
	18	# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
	19	# #
	20	# Copyright (C) 2023 IPFire-Team <info@ipfire.org>. #
	21	# #
	22	############################################################################
	23	#
	24	. /opt/pakfire/lib/functions.sh
	25	/usr/local/bin/backupctrl exclude >/dev/null 2>&1
	26
db1ffe0f MT	27	core=181
	28
	29	exit_with_error() {
	30	# Set last succesfull installed core.
	31	echo $(($core-1)) > /opt/pakfire/db/core/mine
	32	# force fsck at next boot, this may fix free space on xfs
	33	touch /forcefsck
	34	# don't start pakfire again at error
	35	killall -KILL pak_update
	36	/usr/bin/logger -p syslog.emerg -t ipfire \
	37	"core-update-${core}: $1"
	38	exit $2
	39	}
	40
46e91ccc MT	41
	42	# Remove old core updates from pakfire cache to save space...
	43	for (( i=1; i<=$core; i++ )); do
	44	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
	45	done
	46
db1ffe0f MT	47	# Stop services
	48
	49	KVER="xxxKVERxxx"
	50
	51	# Backup uEnv.txt if exist
	52	if [ -e /boot/uEnv.txt ]; then
	53	cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
1c5883c1 MF	54	fi
1c5883c1 MF	55
db1ffe0f MT	56	# Do some sanity checks prior to the kernel update
	57	case $(uname -r) in
	58	-ipfire)
	59	# Ok.
	60	;;
	61	*)
	62	exit_with_error "ERROR cannot update. No IPFire Kernel." 1
	63	;;
	64	esac
	65
	66	# Check diskspace on root
	67	ROOTSPACE=$( df / -Pk \| sed "s\| * \| \|g" \| cut -d" " -f4 \| tail -n 1 )
	68
	69	if [ $ROOTSPACE -lt 100000 ]; then
	70	exit_with_error "ERROR cannot update because not enough free space on root." 2
	71	exit 2
	72	fi
	73
	74	# Remove the old kernel
	75	rm -rvf \
	76	/boot/System.map-* \
	77	/boot/config-* \
	78	/boot/ipfirerd-* \
	79	/boot/initramfs-* \
	80	/boot/vmlinuz-* \
	81	/boot/uImage-* \
	82	/boot/zImage-* \
	83	/boot/uInit-* \
	84	/boot/dtb-* \
	85	/lib/modules
46e91ccc MT	86
	87	# Extract files
	88	extract_files
	89
	90	# Remove files
775a1055 MT	91	rm -rvf \
	92	/etc/udev/rules.d/81-cdrom.rules \
	93	/etc/udev/rules.d/83-cdrom-symlinks.rules \
	94	/lib/libudev.so.1.6.3 \
	95	/lib/udev/collect \
	96	/lib/udev/init-net-rules.sh \
	97	/lib/udev/rule_generator.functions \
	98	/lib/udev/write_cd_rules \
	99	/lib/udev/write_net_rules
bde5bcaf	100
46e91ccc MT	101	# update linker config
	102	ldconfig
	103
	104	# Update Language cache
	105	/usr/local/bin/update-lang-cache
	106
	107	# Filesytem cleanup
	108	/usr/local/bin/filesystem-cleanup
	109
	110	# Start services
fd6dc213	111	telinit u
4bcceb83	112	/etc/init.d/udev restart
7a6cf827	113	/etc/init.d/apache restart
db1ffe0f MT	114
	115	# Rebuild initial ramdisks
	116	dracut --regenerate-all --force
	117	KVER="xxxKVERxxx"
	118	case "$(uname -m)" in
	119	aarch64)
	120	mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
	121	# dont remove initramfs because grub need this to boot.
	122	;;
	123	esac
	124
	125	# remove lm_sensor config after collectd was started
	126	# to re-search sensors at next boot with updated kernel
	127	rm -f /etc/sysconfig/lm_sensors
	128
	129	# Upadate Kernel version in uEnv.txt
	130	if [ -e /boot/uEnv.txt ]; then
	131	sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt
	132	fi
	133
	134	# Call user update script (needed for some ARM boards)
	135	if [ -e /boot/pakfire-kernel-update ]; then
	136	/boot/pakfire-kernel-update ${KVER}
c52a9716	137	fi
46e91ccc	138
f8648b95 AB	139	## Modify ovpnconfig according to bug 11048 for pass, no-pass modification in ovpnconfig index
	140	# Check if ovpnconfig exists and is not empty
	141	if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
	142	# Add blank line at top of ovpnconfig otherwise the first roadwarrior entry is treated like a blank line and missed out from update
	143	awk 'NR==1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig
	144
	145	# Make all N2N connections 'no-pass' since they do not use encryption
	146	awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
	147
	148	# Evaluate roadwarrior connection names for *.p12 files
	149	for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
	150	# Sort all unencrypted roadwarriors out and set 'no-pass' in [43] index
	151	if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 \| grep 'Encrypted data') ]]; then
	152	awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
	153	fi
	154	# Sort all encrypted roadwarriors out and set 'pass' in [43] index
	155	if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 \| grep 'verify error') ]]; then
	156	awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
	157	fi
	158	done
	159	fi
	160
	161	# Replace existing ovpnconfig with updated index
	162	mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
	163	# Set correct ownership
	164	chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
	165
46e91ccc	166	# This update needs a reboot...
db1ffe0f	167	touch /var/run/need_reboot
46e91ccc MT	168
	169	# Finish
	170	/etc/init.d/fireinfo start
	171	sendprofile
	172
	173	# Update grub config to display new core version
	174	if [ -e /boot/grub/grub.cfg ]; then
	175	grub-mkconfig -o /boot/grub/grub.cfg
	176	fi
	177
	178	sync
	179
	180	# Don't report the exitcode last command
	181	exit 0