]>
Commit | Line | Data |
---|---|---|
1d552885 PM |
1 | #!/bin/bash |
2 | ############################################################################ | |
3 | # # | |
4 | # This file is part of the IPFire Firewall. # | |
5 | # # | |
6 | # IPFire is free software; you can redistribute it and/or modify # | |
7 | # it under the terms of the GNU General Public License as published by # | |
8 | # the Free Software Foundation; either version 3 of the License, or # | |
9 | # (at your option) any later version. # | |
10 | # # | |
11 | # IPFire is distributed in the hope that it will be useful, # | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
14 | # GNU General Public License for more details. # | |
15 | # # | |
16 | # You should have received a copy of the GNU General Public License # | |
17 | # along with IPFire; if not, write to the Free Software # | |
18 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # | |
19 | # # | |
ed5e80eb | 20 | # Copyright (C) 2024 IPFire-Team <info@ipfire.org>. # |
1d552885 PM |
21 | # # |
22 | ############################################################################ | |
23 | # | |
24 | . /opt/pakfire/lib/functions.sh | |
25 | /usr/local/bin/backupctrl exclude >/dev/null 2>&1 | |
26 | ||
e36e826a | 27 | core=183 |
1d552885 | 28 | |
43d72238 MT |
29 | exit_with_error() { |
30 | # Set last succesfull installed core. | |
31 | echo $(($core-1)) > /opt/pakfire/db/core/mine | |
32 | # force fsck at next boot, this may fix free space on xfs | |
33 | touch /forcefsck | |
34 | # don't start pakfire again at error | |
35 | killall -KILL pak_update | |
36 | /usr/bin/logger -p syslog.emerg -t ipfire \ | |
37 | "core-update-${core}: $1" | |
38 | exit $2 | |
39 | } | |
40 | ||
1d552885 PM |
41 | # Remove old core updates from pakfire cache to save space... |
42 | for (( i=1; i<=$core; i++ )); do | |
43 | rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire | |
44 | done | |
45 | ||
46 | # Stop services | |
3b2e37af | 47 | /etc/rc.d/init.d/ipsec stop |
2508d606 | 48 | /etc/rc.d/init.d/apache stop |
1bbf6034 | 49 | /etc/rc.d/init.d/sshd stop |
1d552885 | 50 | |
4bc2da43 AF |
51 | KVER="xxxKVERxxx" |
52 | ||
62f2f2ab PM |
53 | # Backup uEnv.txt if exist |
54 | if [ -e /boot/uEnv.txt ]; then | |
55 | cp -vf /boot/uEnv.txt /boot/uEnv.txt.org | |
56 | fi | |
57 | ||
43d72238 MT |
58 | # Do some sanity checks prior to the kernel update |
59 | case $(uname -r) in | |
60 | *-ipfire*) | |
61 | # Ok. | |
62 | ;; | |
63 | *) | |
64 | exit_with_error "ERROR cannot update. No IPFire Kernel." 1 | |
65 | ;; | |
66 | esac | |
67 | ||
935e7e11 | 68 | # Check diskspace on root and size of boot |
43d72238 | 69 | ROOTSPACE=$( df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1 ) |
935e7e11 | 70 | if [ $ROOTSPACE -lt 200000 ]; then |
43d72238 | 71 | exit_with_error "ERROR cannot update because not enough free space on root." 2 |
935e7e11 AF |
72 | fi |
73 | BOOTSIZE=$( df /boot -Pk | sed "s| * | |g" | cut -d" " -f2 | tail -n 1 ) | |
74 | if [ $BOOTSIZE -lt 100000 ]; then | |
75 | exit_with_error "ERROR cannot update. BOOT partition is to small." 3 | |
43d72238 MT |
76 | fi |
77 | ||
78 | # Remove the old kernel | |
79 | rm -rvf \ | |
80 | /boot/System.map-* \ | |
81 | /boot/config-* \ | |
82 | /boot/ipfirerd-* \ | |
83 | /boot/initramfs-* \ | |
84 | /boot/vmlinuz-* \ | |
85 | /boot/uImage-* \ | |
86 | /boot/zImage-* \ | |
87 | /boot/uInit-* \ | |
88 | /boot/dtb-* \ | |
89 | /lib/modules | |
90 | ||
1d552885 PM |
91 | # Extract files |
92 | extract_files | |
93 | ||
94 | # Remove files | |
6ac85c11 | 95 | rm -rvf \ |
519fef8e | 96 | /etc/fonts/conf.d/10-sub-pixel-rgb.conf \ |
295af8f7 | 97 | /srv/web/ipfire/html/themes/ipfire/images \ |
6ac85c11 PM |
98 | /usr/lib/libbind9-9.16.44.so \ |
99 | /usr/lib/libdns-9.16.44.so \ | |
100 | /usr/lib/libirs-9.16.44.so \ | |
101 | /usr/lib/libisc-9.16.44.so \ | |
102 | /usr/lib/libisccc-9.16.44.so \ | |
103 | /usr/lib/libisccfg-9.16.44.so \ | |
2508d606 PM |
104 | /usr/lib/libns-9.16.44.so \ |
105 | /usr/lib/libxml2.so.2.11* | |
1d552885 PM |
106 | |
107 | # update linker config | |
108 | ldconfig | |
109 | ||
110 | # Update Language cache | |
111 | /usr/local/bin/update-lang-cache | |
112 | ||
113 | # Filesytem cleanup | |
114 | /usr/local/bin/filesystem-cleanup | |
115 | ||
83338946 MT |
116 | # Relaunch init |
117 | telinit u | |
118 | ||
20872140 PM |
119 | # Apply local configuration to sshd_config |
120 | /usr/local/bin/sshctrl | |
121 | ||
254dcbaa PM |
122 | # Fix permissions of /etc/sudoers.d/ |
123 | chmod -v 750 /etc/sudoers.d | |
124 | chmod -v 640 /etc/sudoers.d/* | |
125 | ||
36c16c71 AF |
126 | # Check apache rsa key and replace if it is too small |
127 | KEYSIZE=$(openssl rsa -in /etc/httpd/server.key -text -noout | sed -n 's/Private-Key:\ (\(.*\)\ bit.*/\1/p') | |
128 | if [ $KEYSIZE \< 2048 ]; then | |
129 | echo "Generating new HTTPS RSA server key (this will take a moment)..." | |
130 | openssl genrsa -out /etc/httpd/server.key 4096 &>/dev/null | |
131 | chmod 600 /etc/httpd/server.key | |
132 | sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \ | |
133 | openssl req -new -key /etc/httpd/server.key \ | |
134 | -out /etc/httpd/server.csr &>/dev/null | |
135 | openssl x509 -req -days 999999 -sha256 \ | |
136 | -in /etc/httpd/server.csr \ | |
137 | -signkey /etc/httpd/server.key \ | |
138 | -out /etc/httpd/server.crt &>/dev/null | |
139 | fi | |
140 | ||
6094f35b AF |
141 | # Start services |
142 | /etc/rc.d/init.d/apache start | |
143 | if grep -q "ENABLE_SSH=on" /var/ipfire/remote/settings; then | |
144 | /etc/init.d/sshd start | |
145 | fi | |
146 | if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then | |
147 | /etc/rc.d/init.d/ipsec start | |
148 | fi | |
ee4c8d28 | 149 | /etc/init.d/suricata restart |
6094f35b | 150 | |
62f2f2ab PM |
151 | # Rebuild initial ramdisks |
152 | dracut --regenerate-all --force | |
153 | KVER="xxxKVERxxx" | |
154 | case "$(uname -m)" in | |
155 | aarch64) | |
156 | mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire | |
157 | # dont remove initramfs because grub need this to boot. | |
158 | ;; | |
159 | esac | |
160 | ||
43d72238 MT |
161 | # Upadate Kernel version in uEnv.txt |
162 | if [ -e /boot/uEnv.txt ]; then | |
163 | sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt | |
164 | fi | |
165 | ||
62f2f2ab PM |
166 | # Call user update script (needed for some ARM boards) |
167 | if [ -e /boot/pakfire-kernel-update ]; then | |
168 | /boot/pakfire-kernel-update ${KVER} | |
169 | fi | |
170 | ||
1d552885 | 171 | # This update needs a reboot... |
3bad7e44 | 172 | touch /var/run/need_reboot |
1d552885 PM |
173 | |
174 | # Finish | |
175 | /etc/init.d/fireinfo start | |
176 | sendprofile | |
177 | ||
43d72238 | 178 | # Update grub config to display new core version |
1d552885 | 179 | if [ -e /boot/grub/grub.cfg ]; then |
e4374051 | 180 | /usr/bin/install-bootloader |
1d552885 PM |
181 | fi |
182 | ||
183 | sync | |
184 | ||
185 | # Don't report the exitcode last command | |
186 | exit 0 |