]>
Commit | Line | Data |
---|---|---|
0f421901 PM |
1 | #!/bin/bash |
2 | ############################################################################ | |
3 | # # | |
4 | # This file is part of the IPFire Firewall. # | |
5 | # # | |
6 | # IPFire is free software; you can redistribute it and/or modify # | |
7 | # it under the terms of the GNU General Public License as published by # | |
8 | # the Free Software Foundation; either version 3 of the License, or # | |
9 | # (at your option) any later version. # | |
10 | # # | |
11 | # IPFire is distributed in the hope that it will be useful, # | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
14 | # GNU General Public License for more details. # | |
15 | # # | |
16 | # You should have received a copy of the GNU General Public License # | |
17 | # along with IPFire; if not, write to the Free Software # | |
18 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # | |
19 | # # | |
20 | # Copyright (C) 2022 IPFire-Team <info@ipfire.org>. # | |
21 | # # | |
22 | ############################################################################ | |
23 | # | |
24 | . /opt/pakfire/lib/functions.sh | |
25 | /usr/local/bin/backupctrl exclude >/dev/null 2>&1 | |
26 | ||
27 | core=172 | |
28 | ||
29 | # Remove old core updates from pakfire cache to save space... | |
30 | for (( i=1; i<=$core; i++ )); do | |
31 | rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire | |
32 | done | |
33 | ||
34 | # Stop services | |
f6121180 | 35 | /etc/rc.d/init.d/ipsec stop |
e044bc24 PM |
36 | /usr/local/bin/openvpnctrl -k |
37 | /usr/local/bin/openvpnctrl -kn2n | |
4ddb1fda | 38 | /etc/rc.d/init.d/sshd stop |
5f1abe00 | 39 | /etc/rc.d/init.d/unbound stop |
0f421901 PM |
40 | |
41 | # Remove files | |
5f1abe00 | 42 | rm -rvf \ |
c965daf6 | 43 | /etc/strongswan.d/scepclient.conf \ |
0a65d443 | 44 | /lib/libz.so.1.2.12 \ |
cc7bd114 PM |
45 | /usr/lib/libbind9-9.16.33.so \ |
46 | /usr/lib/libdns-9.16.33.so \ | |
4022e2f9 | 47 | /usr/lib/libexpat.so.1.8.9 \ |
cc7bd114 PM |
48 | /usr/lib/libirs-9.16.33.so \ |
49 | /usr/lib/libisc-9.16.33.so \ | |
50 | /usr/lib/libisccc-9.16.33.so \ | |
51 | /usr/lib/libisccfg-9.16.33.so \ | |
52 | /usr/lib/libns-9.16.33.so \ | |
c965daf6 | 53 | /usr/lib/libunbound.so.8.1.1* \ |
0675d2a4 | 54 | /usr/lib/libxml2.so.2.9.* \ |
f9ab4c43 PM |
55 | /usr/lib/python3.10/ensurepip/_bundled/pip-21* \ |
56 | /usr/lib/python3.10/ensurepip/_bundled/setuptools-5* \ | |
57 | /usr/lib/python3.10/lib2to3/Grammar3.10.* \ | |
58 | /usr/lib/python3.10/lib2to3/PatternGrammar3.10.* \ | |
59 | /usr/lib/python3.10/site-packages/pip-21.* \ | |
60 | /usr/lib/python3.10/site-packages/pip/_internal/utils/parallel.py \ | |
61 | /usr/lib/python3.10/site-packages/pip/_internal/utils/pkg_resources.py \ | |
62 | /usr/lib/python3.10/site-packages/pip/_vendor/appdirs.py \ | |
63 | /usr/lib/python3.10/site-packages/pip/_vendor/chardet/compat.py \ | |
64 | /usr/lib/python3.10/site-packages/pip/_vendor/distlib/_backport \ | |
65 | /usr/lib/python3.10/site-packages/pip/_vendor/distro.py \ | |
66 | /usr/lib/python3.10/site-packages/pip/_vendor/html5lib \ | |
67 | /usr/lib/python3.10/site-packages/pip/_vendor/msgpack/_version.py \ | |
68 | /usr/lib/python3.10/site-packages/pip/_vendor/progress \ | |
69 | /usr/lib/python3.10/site-packages/pip/_vendor/pyparsing.py \ | |
70 | /usr/lib/python3.10/site-packages/pip/_vendor/urllib3/packages/ssl_match_hostname \ | |
71 | /usr/lib/python3.10/site-packages/pkg_resources/_vendor/packaging/_compat.py \ | |
72 | /usr/lib/python3.10/site-packages/pkg_resources/_vendor/packaging/_typing.py \ | |
73 | /usr/lib/python3.10/site-packages/pkg_resources/_vendor/pyparsing.py \ | |
74 | /usr/lib/python3.10/site-packages/pkg_resources/tests/data \ | |
75 | /usr/lib/python3.10/site-packages/setuptools-5* \ | |
76 | /usr/lib/python3.10/site-packages/setuptools/_distutils/py35compat.py \ | |
77 | /usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/_compat.py \ | |
78 | /usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/_typing.py \ | |
79 | /usr/lib/python3.10/site-packages/setuptools/_vendor/pyparsing.py \ | |
80 | /usr/lib/python3.10/site-packages/setuptools/config.py \ | |
81 | /usr/lib/python3.10/site-packages/setuptools_rust/utils.py \ | |
e044bc24 PM |
82 | /usr/libexec/ipsec/scepclient \ |
83 | /var/ipfire/ca/dh1024.pem | |
0f421901 | 84 | |
d3a4fcc7 PM |
85 | # Remove powertop add-on, if installed |
86 | if [ -e "/opt/pakfire/db/installed/meta-powertop" ]; then | |
87 | for i in $(</opt/pakfire/db/rootfiles/powertop); do | |
88 | rm -rfv "/${i}" | |
89 | done | |
90 | fi | |
91 | rm -vf \ | |
92 | /opt/pakfire/db/installed/meta-powertop \ | |
93 | /opt/pakfire/db/meta/meta-powertop \ | |
94 | /opt/pakfire/db/rootfiles/powertop | |
95 | ||
0f421901 PM |
96 | # Extract files |
97 | extract_files | |
98 | ||
99 | # update linker config | |
100 | ldconfig | |
101 | ||
102 | # Update Language cache | |
103 | /usr/local/bin/update-lang-cache | |
104 | ||
105 | # Filesytem cleanup | |
106 | /usr/local/bin/filesystem-cleanup | |
107 | ||
4ddb1fda PM |
108 | # Apply local configuration to sshd_config |
109 | /usr/local/bin/sshctrl | |
110 | ||
eae0cb54 | 111 | # Correct permissions of some library files |
39d67050 | 112 | chown -Rv root:root /var/ipfire/connscheduler/lib.pl /var/ipfire/updatexlrator/updxlrator-lib.pl /var/ipfire/menu.d/* |
eae0cb54 | 113 | |
e044bc24 PM |
114 | # Replace existing OpenVPN Diffie-Hellman parameter by ffdhe4096, as specified in RFC 7919 |
115 | if [ -f /var/ipfire/ovpn/server.conf ]; then | |
116 | sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/server.conf | |
117 | fi | |
118 | ||
119 | if [ -f "/var/ipfire/ovpn/n2nconf/*/*.conf" ]; then | |
120 | sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/n2nconf/*/*.conf | |
121 | fi | |
122 | ||
0f421901 | 123 | # Start services |
5f1abe00 | 124 | /etc/init.d/unbound start |
4ddb1fda PM |
125 | if grep -q "ENABLE_SSH=on" /var/ipfire/remote/settings; then |
126 | /etc/init.d/sshd start | |
127 | fi | |
e044bc24 PM |
128 | if grep -q "ENABLED=on" /var/ipfire/ovpn/settings; then |
129 | /usr/local/bin/openvpnctrl -s | |
130 | /usr/local/bin/openvpnctrl -sn2n | |
131 | fi | |
f6121180 PM |
132 | if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then |
133 | /etc/init.d/ipsec start | |
134 | fi | |
0f421901 PM |
135 | |
136 | # This update needs a reboot... | |
4808c037 | 137 | touch /var/run/need_reboot |
0f421901 PM |
138 | |
139 | # Finish | |
140 | /etc/init.d/fireinfo start | |
141 | sendprofile | |
142 | ||
143 | # Update grub config to display new core version | |
144 | if [ -e /boot/grub/grub.cfg ]; then | |
145 | grub-mkconfig -o /boot/grub/grub.cfg | |
146 | fi | |
147 | ||
148 | sync | |
149 | ||
150 | # Don't report the exitcode last command | |
151 | exit 0 |