]>
Commit | Line | Data |
---|---|---|
77c3824f PM |
1 | #!/bin/bash |
2 | ############################################################################ | |
3 | # # | |
4 | # This file is part of the IPFire Firewall. # | |
5 | # # | |
6 | # IPFire is free software; you can redistribute it and/or modify # | |
7 | # it under the terms of the GNU General Public License as published by # | |
8 | # the Free Software Foundation; either version 3 of the License, or # | |
9 | # (at your option) any later version. # | |
10 | # # | |
11 | # IPFire is distributed in the hope that it will be useful, # | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
14 | # GNU General Public License for more details. # | |
15 | # # | |
16 | # You should have received a copy of the GNU General Public License # | |
17 | # along with IPFire; if not, write to the Free Software # | |
18 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # | |
19 | # # | |
20 | # Copyright (C) 2022 IPFire-Team <info@ipfire.org>. # | |
21 | # # | |
22 | ############################################################################ | |
23 | # | |
24 | . /opt/pakfire/lib/functions.sh | |
25 | /usr/local/bin/backupctrl exclude >/dev/null 2>&1 | |
26 | ||
27 | core=168 | |
28 | ||
29 | # Remove old core updates from pakfire cache to save space... | |
30 | for (( i=1; i<=$core; i++ )); do | |
31 | rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire | |
32 | done | |
33 | ||
fd1e3e3c | 34 | # Stop services |
27d1dc08 | 35 | /etc/init.d/ipsec stop |
fd1e3e3c PM |
36 | /etc/init.d/squid stop |
37 | /usr/local/bin/openvpnctrl -k | |
38 | /usr/local/bin/openvpnctrl -kn2n | |
39 | /etc/init.d/suricata stop | |
40 | ||
d258332f PM |
41 | # Remove files |
42 | rm -rvf \ | |
d7981448 PM |
43 | /etc/fcron.daily/suricata \ |
44 | /etc/fcron.weekly/suricata \ | |
8de58edc PM |
45 | /lib/firmware/cxgb4/t4fw-1.26.4.0.bin \ |
46 | /lib/firmware/cxgb4/t5fw-1.26.4.0.bin \ | |
47 | /lib/firmware/cxgb4/t6fw-1.26.4.0.bin \ | |
48 | /lib/firmware/intel/ice/ddp-comms/ice_comms-1.3.20.0.pkg \ | |
49 | /lib/firmware/silabs \ | |
28fdd8ed | 50 | /lib/libprocps.so* \ |
d258332f PM |
51 | /usr/bin/dnet-config \ |
52 | /usr/bin/sdparm \ | |
53 | /usr/lib/libart_lgpl_2.so* \ | |
54 | /usr/lib/libdnet.la \ | |
55 | /usr/lib/libdnet.so* \ | |
b86bd4f9 PM |
56 | /usr/lib/libevent-1.4.so* \ |
57 | /usr/lib/libevent_core-1.4.so* \ | |
58 | /usr/lib/libevent_extra-1.4.so* \ | |
0a1d567c | 59 | /usr/lib/liblber-2.4.so* \ |
00c31b29 | 60 | /usr/lib/libnl.so* \ |
d258332f PM |
61 | /usr/lib/libpri.so* \ |
62 | /usr/lib/libsolv.so* \ | |
63 | /usr/lib/libsolvext.so* \ | |
5ecf056d PM |
64 | /usr/lib/libusb.so \ |
65 | /usr/lib/libusb-0.1.so* \ | |
d258332f PM |
66 | /usr/sbin/dnet |
67 | ||
88e01ab8 PM |
68 | # Remove netbpm add-on, if installed |
69 | if [ -e "/opt/pakfire/db/installed/meta-netbpm" ]; then | |
70 | for i in $(</opt/pakfire/db/rootfiles/netbpm); do | |
71 | rm -rfv "/${i}" | |
72 | done | |
73 | fi | |
74 | rm -vf \ | |
75 | /opt/pakfire/db/installed/meta-netbpm \ | |
76 | /opt/pakfire/db/meta/meta-netbpm \ | |
77 | /opt/pakfire/db/rootfiles/netbpm | |
78 | ||
77c3824f PM |
79 | # Extract files |
80 | extract_files | |
81 | ||
82 | # update linker config | |
83 | ldconfig | |
84 | ||
68725035 PM |
85 | # Run IDSv4 converter |
86 | convert-ids-backend-files | |
87 | ||
77c3824f PM |
88 | # Update Language cache |
89 | /usr/local/bin/update-lang-cache | |
90 | ||
91 | # Filesytem cleanup | |
92 | /usr/local/bin/filesystem-cleanup | |
93 | ||
68725035 PM |
94 | # Delete orphaned Oinkmaster and Suricata default ruleset |
95 | rm -vf \ | |
96 | /usr/local/bin/oinkmaster.pl \ | |
97 | /var/ipfire/suricata/oinkmaster.conf \ | |
98 | /var/ipfire/suricata/suricata-default-rules.yaml | |
99 | ||
2f4148cc PM |
100 | # Apply local configuration to sshd_config |
101 | /usr/local/bin/sshctrl | |
102 | ||
d4afd45e PM |
103 | # Apply sysctl changes |
104 | /etc/init.d/sysctl start | |
105 | ||
2784c87b PM |
106 | # Fix permissions of /etc/sudoers.d/ |
107 | chmod -v 750 /etc/sudoers.d | |
108 | chmod -v 640 /etc/sudoers.d/* | |
109 | ||
3e2e9c15 PM |
110 | # Rebuild initial ramdisk to apply microcode updates |
111 | dracut --regenerate-all --force | |
112 | case "$(uname -m)" in | |
113 | armv*) | |
114 | mkimage -A arm -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire | |
115 | rm /boot/initramfs-${KVER}-ipfire.img | |
116 | ;; | |
117 | aarch64) | |
118 | mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire | |
119 | # dont remove initramfs because grub need this to boot. | |
120 | ;; | |
121 | esac | |
122 | ||
69aac83d MT |
123 | # Add rd.auto to kernel command line |
124 | if ! grep -q rd.auto /etc/default/grub; then | |
125 | sed -e "s/panic=10/& rd.auto/" -i /etc/default/grub | |
126 | fi | |
3e2e9c15 | 127 | |
71d53192 MT |
128 | # Repair any broken MDRAID arrays |
129 | /usr/local/bin/repair-mdraid | |
130 | ||
77c3824f | 131 | # Start services |
68725035 | 132 | /etc/init.d/fcron restart |
2f4148cc | 133 | /etc/init.d/sshd restart |
b101f8e8 | 134 | /etc/init.d/vnstatd restart |
5e792900 | 135 | /etc/init.d/squid start |
159f9214 PM |
136 | /usr/local/bin/openvpnctrl -s |
137 | /usr/local/bin/openvpnctrl -sn2n | |
701e63c2 | 138 | /etc/init.d/suricata start |
27d1dc08 PM |
139 | if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then |
140 | /etc/init.d/ipsec start | |
141 | fi | |
77c3824f PM |
142 | |
143 | # This update needs a reboot... | |
8de58edc | 144 | touch /var/run/need_reboot |
77c3824f PM |
145 | |
146 | # Finish | |
147 | /etc/init.d/fireinfo start | |
148 | sendprofile | |
149 | ||
150 | # Update grub config to display new core version | |
151 | if [ -e /boot/grub/grub.cfg ]; then | |
152 | grub-mkconfig -o /boot/grub/grub.cfg | |
153 | fi | |
154 | ||
155 | sync | |
156 | ||
157 | # Don't report the exitcode last command | |
158 | exit 0 |