[people/pmueller/ipfire-2.x.git] / config / rootfiles / oldcore / 183 / update.sh

#!/bin/bash
############################################################################
#                                                                          #
# This file is part of the IPFire Firewall.                                #
#                                                                          #
# IPFire is free software; you can redistribute it and/or modify           #
# it under the terms of the GNU General Public License as published by     #
# the Free Software Foundation; either version 3 of the License, or        #
# (at your option) any later version.                                      #
#                                                                          #
# IPFire is distributed in the hope that it will be useful,                #
# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
# GNU General Public License for more details.                             #
#                                                                          #
# You should have received a copy of the GNU General Public License        #
# along with IPFire; if not, write to the Free Software                    #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
#                                                                          #
# Copyright (C) 2024 IPFire-Team <info@ipfire.org>.                        #
#                                                                          #
############################################################################
#
. /opt/pakfire/lib/functions.sh
/usr/local/bin/backupctrl exclude >/dev/null 2>&1

core=183

exit_with_error() {
    # Set last succesfull installed core.
    echo $(($core-1)) > /opt/pakfire/db/core/mine
    # force fsck at next boot, this may fix free space on xfs
    touch /forcefsck
    # don't start pakfire again at error
    killall -KILL pak_update
    /usr/bin/logger -p syslog.emerg -t ipfire \
	"core-update-${core}: $1"
    exit $2
}

# Remove old core updates from pakfire cache to save space...
for (( i=1; i<=$core; i++ )); do
	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
done

# Stop services
/etc/rc.d/init.d/ipsec stop
/etc/rc.d/init.d/apache stop
/etc/rc.d/init.d/sshd stop

KVER="xxxKVERxxx"

# Backup uEnv.txt if exist
if [ -e /boot/uEnv.txt ]; then
    cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
fi

# Do some sanity checks prior to the kernel update
case $(uname -r) in
    *-ipfire*)
	# Ok.
	;;
    *)
	exit_with_error "ERROR cannot update. No IPFire Kernel." 1
	;;
esac

# Check diskspace on root and size of boot
ROOTSPACE=$( df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1 )
if [ $ROOTSPACE -lt 200000 ]; then
    exit_with_error "ERROR cannot update because not enough free space on root." 2
fi
BOOTSIZE=$( df /boot -Pk | sed "s| * | |g" | cut -d" " -f2 | tail -n 1 )
if [ $BOOTSIZE -lt 100000 ]; then
    exit_with_error "ERROR cannot update. BOOT partition is to small." 3
fi

# Remove the old kernel
rm -rvf \
	/boot/System.map-* \
	/boot/config-* \
	/boot/ipfirerd-* \
	/boot/initramfs-* \
	/boot/vmlinuz-* \
	/boot/uImage-* \
	/boot/zImage-* \
	/boot/uInit-* \
	/boot/dtb-* \
	/lib/modules

# Extract files
extract_files

# Remove files
rm -rvf \
	/etc/fonts/conf.d/10-sub-pixel-rgb.conf \
	/srv/web/ipfire/html/themes/ipfire/images \
	/usr/lib/libbind9-9.16.44.so \
	/usr/lib/libdns-9.16.44.so \
	/usr/lib/libirs-9.16.44.so \
	/usr/lib/libisc-9.16.44.so \
	/usr/lib/libisccc-9.16.44.so \
	/usr/lib/libisccfg-9.16.44.so \
	/usr/lib/libns-9.16.44.so \
	/usr/lib/libxml2.so.2.11*

# update linker config
ldconfig

# Update Language cache
/usr/local/bin/update-lang-cache

# Filesytem cleanup
/usr/local/bin/filesystem-cleanup

# Relaunch init
telinit u

# Apply local configuration to sshd_config
/usr/local/bin/sshctrl

# Fix permissions of /etc/sudoers.d/
chmod -v 750 /etc/sudoers.d
chmod -v 640 /etc/sudoers.d/*

# Check apache rsa key and replace if it is too small
KEYSIZE=$(openssl rsa -in /etc/httpd/server.key -text -noout | sed -n 's/Private-Key:\ (\(.*\)\ bit.*/\1/p')
if [ $KEYSIZE \< 2048 ]; then
	echo "Generating new HTTPS RSA server key (this will take a moment)..."
	openssl genrsa -out /etc/httpd/server.key 4096 &>/dev/null
	chmod 600 /etc/httpd/server.key
	sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
		openssl req -new -key /etc/httpd/server.key \
			-out /etc/httpd/server.csr &>/dev/null
	openssl x509 -req -days 999999 -sha256 \
		-in /etc/httpd/server.csr \
		-signkey /etc/httpd/server.key \
		-out /etc/httpd/server.crt &>/dev/null
fi

# Start services
/etc/rc.d/init.d/apache start
if grep -q "ENABLE_SSH=on" /var/ipfire/remote/settings; then
	/etc/init.d/sshd start
fi
if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
	/etc/rc.d/init.d/ipsec start
fi
/etc/init.d/suricata restart

# Rebuild initial ramdisks
dracut --regenerate-all --force
KVER="xxxKVERxxx"
case "$(uname -m)" in
	aarch64)
		mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
		# dont remove initramfs because grub need this to boot.
		;;
esac

# Upadate Kernel version in uEnv.txt
if [ -e /boot/uEnv.txt ]; then
    sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt
fi

# Call user update script (needed for some ARM boards)
if [ -e /boot/pakfire-kernel-update ]; then
    /boot/pakfire-kernel-update ${KVER}
fi

# This update needs a reboot...
touch /var/run/need_reboot

# Finish
/etc/init.d/fireinfo start
sendprofile

# Update grub config to display new core version
if [ -e /boot/grub/grub.cfg ]; then
	/usr/bin/install-bootloader
fi

sync

# Don't report the exitcode last command
exit 0
Commit	Line	Data
1d552885 PM	1	#!/bin/bash
	2	############################################################################
	3	# #
	4	# This file is part of the IPFire Firewall. #
	5	# #
	6	# IPFire is free software; you can redistribute it and/or modify #
	7	# it under the terms of the GNU General Public License as published by #
	8	# the Free Software Foundation; either version 3 of the License, or #
	9	# (at your option) any later version. #
	10	# #
	11	# IPFire is distributed in the hope that it will be useful, #
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	14	# GNU General Public License for more details. #
	15	# #
	16	# You should have received a copy of the GNU General Public License #
	17	# along with IPFire; if not, write to the Free Software #
	18	# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
	19	# #
ed5e80eb	20	# Copyright (C) 2024 IPFire-Team <info@ipfire.org>. #
1d552885 PM	21	# #
	22	############################################################################
	23	#
	24	. /opt/pakfire/lib/functions.sh
	25	/usr/local/bin/backupctrl exclude >/dev/null 2>&1
	26
e36e826a	27	core=183
1d552885	28
43d72238 MT	29	exit_with_error() {
	30	# Set last succesfull installed core.
	31	echo $(($core-1)) > /opt/pakfire/db/core/mine
	32	# force fsck at next boot, this may fix free space on xfs
	33	touch /forcefsck
	34	# don't start pakfire again at error
	35	killall -KILL pak_update
	36	/usr/bin/logger -p syslog.emerg -t ipfire \
	37	"core-update-${core}: $1"
	38	exit $2
	39	}
	40
1d552885 PM	41	# Remove old core updates from pakfire cache to save space...
	42	for (( i=1; i<=$core; i++ )); do
	43	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
	44	done
	45
	46	# Stop services
3b2e37af	47	/etc/rc.d/init.d/ipsec stop
2508d606	48	/etc/rc.d/init.d/apache stop
1bbf6034	49	/etc/rc.d/init.d/sshd stop
1d552885	50
4bc2da43 AF	51	KVER="xxxKVERxxx"
4bc2da43 AF	52
62f2f2ab PM	53	# Backup uEnv.txt if exist
	54	if [ -e /boot/uEnv.txt ]; then
	55	cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
	56	fi
	57
43d72238 MT	58	# Do some sanity checks prior to the kernel update
	59	case $(uname -r) in
	60	-ipfire)
	61	# Ok.
	62	;;
	63	*)
	64	exit_with_error "ERROR cannot update. No IPFire Kernel." 1
	65	;;
	66	esac
	67
935e7e11	68	# Check diskspace on root and size of boot
43d72238	69	ROOTSPACE=$( df / -Pk \| sed "s\| * \| \|g" \| cut -d" " -f4 \| tail -n 1 )
935e7e11	70	if [ $ROOTSPACE -lt 200000 ]; then
43d72238	71	exit_with_error "ERROR cannot update because not enough free space on root." 2
935e7e11 AF	72	fi
	73	BOOTSIZE=$( df /boot -Pk \| sed "s\| * \| \|g" \| cut -d" " -f2 \| tail -n 1 )
	74	if [ $BOOTSIZE -lt 100000 ]; then
	75	exit_with_error "ERROR cannot update. BOOT partition is to small." 3
43d72238 MT	76	fi
	77
	78	# Remove the old kernel
	79	rm -rvf \
	80	/boot/System.map-* \
	81	/boot/config-* \
	82	/boot/ipfirerd-* \
	83	/boot/initramfs-* \
	84	/boot/vmlinuz-* \
	85	/boot/uImage-* \
	86	/boot/zImage-* \
	87	/boot/uInit-* \
	88	/boot/dtb-* \
	89	/lib/modules
	90
1d552885 PM	91	# Extract files
	92	extract_files
	93
	94	# Remove files
6ac85c11	95	rm -rvf \
519fef8e	96	/etc/fonts/conf.d/10-sub-pixel-rgb.conf \
295af8f7	97	/srv/web/ipfire/html/themes/ipfire/images \
6ac85c11 PM	98	/usr/lib/libbind9-9.16.44.so \
	99	/usr/lib/libdns-9.16.44.so \
	100	/usr/lib/libirs-9.16.44.so \
	101	/usr/lib/libisc-9.16.44.so \
	102	/usr/lib/libisccc-9.16.44.so \
	103	/usr/lib/libisccfg-9.16.44.so \
2508d606 PM	104	/usr/lib/libns-9.16.44.so \
2508d606 PM	105	/usr/lib/libxml2.so.2.11*
1d552885 PM	106
	107	# update linker config
	108	ldconfig
	109
	110	# Update Language cache
	111	/usr/local/bin/update-lang-cache
	112
	113	# Filesytem cleanup
	114	/usr/local/bin/filesystem-cleanup
	115
83338946 MT	116	# Relaunch init
	117	telinit u
	118
20872140 PM	119	# Apply local configuration to sshd_config
	120	/usr/local/bin/sshctrl
	121
254dcbaa PM	122	# Fix permissions of /etc/sudoers.d/
	123	chmod -v 750 /etc/sudoers.d
	124	chmod -v 640 /etc/sudoers.d/*
	125
36c16c71 AF	126	# Check apache rsa key and replace if it is too small
	127	KEYSIZE=$(openssl rsa -in /etc/httpd/server.key -text -noout \| sed -n 's/Private-Key:\ (\(.\)\ bit./\1/p')
	128	if [ $KEYSIZE \< 2048 ]; then
	129	echo "Generating new HTTPS RSA server key (this will take a moment)..."
	130	openssl genrsa -out /etc/httpd/server.key 4096 &>/dev/null
	131	chmod 600 /etc/httpd/server.key
	132	sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams \| \
	133	openssl req -new -key /etc/httpd/server.key \
	134	-out /etc/httpd/server.csr &>/dev/null
	135	openssl x509 -req -days 999999 -sha256 \
	136	-in /etc/httpd/server.csr \
	137	-signkey /etc/httpd/server.key \
	138	-out /etc/httpd/server.crt &>/dev/null
	139	fi
	140
6094f35b AF	141	# Start services
	142	/etc/rc.d/init.d/apache start
	143	if grep -q "ENABLE_SSH=on" /var/ipfire/remote/settings; then
	144	/etc/init.d/sshd start
	145	fi
	146	if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
	147	/etc/rc.d/init.d/ipsec start
	148	fi
ee4c8d28	149	/etc/init.d/suricata restart
6094f35b	150
62f2f2ab PM	151	# Rebuild initial ramdisks
	152	dracut --regenerate-all --force
	153	KVER="xxxKVERxxx"
	154	case "$(uname -m)" in
	155	aarch64)
	156	mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
	157	# dont remove initramfs because grub need this to boot.
	158	;;
	159	esac
	160
43d72238 MT	161	# Upadate Kernel version in uEnv.txt
	162	if [ -e /boot/uEnv.txt ]; then
	163	sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt
	164	fi
	165
62f2f2ab PM	166	# Call user update script (needed for some ARM boards)
	167	if [ -e /boot/pakfire-kernel-update ]; then
	168	/boot/pakfire-kernel-update ${KVER}
	169	fi
	170
1d552885	171	# This update needs a reboot...
3bad7e44	172	touch /var/run/need_reboot
1d552885 PM	173
	174	# Finish
	175	/etc/init.d/fireinfo start
	176	sendprofile
	177
43d72238	178	# Update grub config to display new core version
1d552885	179	if [ -e /boot/grub/grub.cfg ]; then
e4374051	180	/usr/bin/install-bootloader
1d552885 PM	181	fi
	182
	183	sync
	184
	185	# Don't report the exitcode last command
	186	exit 0