]> git.ipfire.org Git - ipfire-2.x.git/blob - config/rootfiles/core/185/update.sh
projects / ipfire-2.x.git / blob
? search:


28f18a7dac130f8975634a6444a23810d4c02fff
[ipfire-2.x.git] / config / rootfiles / core / 185 / update.sh
1 #!/bin/bash
2 ############################################################################
3 # #
4 # This file is part of the IPFire Firewall. #
5 # #
6 # IPFire is free software; you can redistribute it and/or modify #
7 # it under the terms of the GNU General Public License as published by #
8 # the Free Software Foundation; either version 3 of the License, or #
9 # (at your option) any later version. #
10 # #
11 # IPFire is distributed in the hope that it will be useful, #
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
14 # GNU General Public License for more details. #
15 # #
16 # You should have received a copy of the GNU General Public License #
17 # along with IPFire; if not, write to the Free Software #
18 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
19 # #
20 # Copyright (C) 2024 IPFire-Team <info@ipfire.org>. #
21 # #
22 ############################################################################
23 #
24 . /opt/pakfire/lib/functions.sh
25 /usr/local/bin/backupctrl exclude >/dev/null 2>&1
26
27 core=185
28
29 # Remove old core updates from pakfire cache to save space...
30 for (( i=1; i<=$core; i++ )); do
31 rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
32 done
33
34 # Stop services
35 /etc/init.d/ntp stop
36 /etc/init.d/squid stop
37
38 # Extract files
39 extract_files
40
41 # Remove files
42 rm -rvf \
43 /etc/pango \
44 /lib/firmware/ath10k/WCN3990/hw1.0/notice.txt_wlanmdsp \
45 /lib/firmware/ath11k/IPQ6018/hw1.0/Notice.txt \
46 /lib/firmware/ath11k/IPQ8074/hw2.0/Notice.txt \
47 /lib/firmware/ath11k/QCA6390/hw2.0/Notice.txt \
48 /lib/firmware/ath11k/QCN9074/hw1.0/Notice.txt \
49 /lib/firmware/ath11k/WCN6855/hw2.0/Notice.txt \
50 /lib/firmware/intel-ucode/06-86-04 \
51 /lib/firmware/intel-ucode/06-86-05 \
52 /lib/firmware/intel-ucode/06-8f-04 \
53 /sbin/xtables-multi \
54 /srv/web/ipfire/html/themes/ipfire-rounded \
55 /usr/lib/crda/pubkeys/linville.key.pub.pem \
56 /usr/lib/grub/i386-pc/efiemu{32,64}.o \
57 /usr/lib/grub/i386-pc/verifiers.* \
58 /usr/lib/grub/i386-pc/verify.* \
59 /usr/lib/grub/x86_64-efi/shim_lock.* \
60 /usr/lib/grub/x86_64-efi/verifiers.* \
61 /usr/lib/grub/x86_64-efi/verify.* \
62 /usr/lib/pppd/2.5.0 \
63 /usr/lib/snort_dynamic* \
64 /usr/local/bin/snortctrl \
65 /usr/share/usb_modeswitch/1033:0035 \
66 /usr/share/vim/vim7* \
67 /var/ipfire/geoip-functions.pl \
68 /var/ipfire/dhcpc/dhcpcd-hooks/00-linux \
69 /var/ipfire/dhcpc/dhcpcd-hooks/02-dump \
70 /var/lib/location/tmp*
71
72 # update linker config
73 ldconfig
74
75 # Update Language cache
76 /usr/local/bin/update-lang-cache
77
78 # Filesytem cleanup
79 /usr/local/bin/filesystem-cleanup
80
81 # Apply local configuration to sshd_config
82 /usr/local/bin/sshctrl
83
84 # Fix permissions of /etc/sudoers.d/
85 chmod -v 750 /etc/sudoers.d
86 chmod -v 640 /etc/sudoers.d/*
87
88 # Start services
89 telinit u
90 /etc/init.d/sshd restart
91 /etc/init.d/apache restart
92 /etc/init.d/suricata restart
93 /etc/init.d/unbound restart
94 /etc/init.d/ntp start
95 if [ -f /var/ipfire/proxy/enable ]; then
96 /etc/init.d/squid start
97 fi
98 /etc/init.d/collectd restart
99
100 ## Modify ovpnconfig according to bug 13548 for no-pass entry for N2N client connections
101 # Check if ovpnconfig exists and is not empty
102 if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
103 # Add blank line at top of ovpnconfig otherwise the first roadwarrior entry is treated like a blank line and missed out from update
104 awk 'NR==1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig
105
106 # Make all N2N connections 'no-pass' since they do not use encryption
107 awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
108
109 # Copy all RW connections unchanged to the new ovpnconfig file
110 for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
111 awk -v var="$y" '{FS=OFS=","} {if($3==var) {print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
112
113 done
114 fi
115
116 # Replace existing ovpnconfig with updated index
117 mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
118 # Set correct ownership
119 chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
120
121 # Check if the drop hostile in and out logging options need to be added
122 # into the optionsfw settings file and apply to firewall
123 if ! grep -q "^LOGDROPHOSTILEIN=" /var/ipfire/optionsfw/settings; then
124 echo "LOGDROPHOSTILEIN=on" >> /var/ipfire/optionsfw/settings
125 fi
126
127 if ! grep -q "^LOGDROPHOSTILEOUT=" /var/ipfire/optionsfw/settings; then
128 echo "LOGDROPHOSTILEOUT=on" >> /var/ipfire/optionsfw/settings
129 fi
130
131 # Reload all firewall rules
132 /usr/local/bin/firewallctrl
133
134 # Rebuild initial ramdisks
135 dracut --regenerate-all --force
136 KVER="xxxKVERxxx"
137 case "$(uname -m)" in
138 aarch64)
139 mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
140 # dont remove initramfs because grub need this to boot.
141 ;;
142 esac
143
144 # This update needs a reboot...
145 touch /var/run/need_reboot
146
147 # Finish
148 /etc/init.d/fireinfo start
149 sendprofile
150
151 # Update grub config to display new core version
152 if [ -e /boot/grub/grub.cfg ]; then
153 grub-mkconfig -o /boot/grub/grub.cfg
154 fi
155
156 sync
157
158 # Don't report the exitcode last command
159 exit 0
IPFire 2.x development tree