[people/pmueller/ipfire-2.x.git] / config / rootfiles / core / 172 / update.sh

#!/bin/bash
############################################################################
#                                                                          #
# This file is part of the IPFire Firewall.                                #
#                                                                          #
# IPFire is free software; you can redistribute it and/or modify           #
# it under the terms of the GNU General Public License as published by     #
# the Free Software Foundation; either version 3 of the License, or        #
# (at your option) any later version.                                      #
#                                                                          #
# IPFire is distributed in the hope that it will be useful,                #
# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
# GNU General Public License for more details.                             #
#                                                                          #
# You should have received a copy of the GNU General Public License        #
# along with IPFire; if not, write to the Free Software                    #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
#                                                                          #
# Copyright (C) 2022 IPFire-Team <info@ipfire.org>.                        #
#                                                                          #
############################################################################
#
. /opt/pakfire/lib/functions.sh
/usr/local/bin/backupctrl exclude >/dev/null 2>&1

core=172

# Remove old core updates from pakfire cache to save space...
for (( i=1; i<=$core; i++ )); do
	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
done

# Stop services
/etc/rc.d/init.d/ipsec stop
/usr/local/bin/openvpnctrl -k
/usr/local/bin/openvpnctrl -kn2n
/etc/rc.d/init.d/sshd stop
/etc/rc.d/init.d/unbound stop

# Remove files
rm -rvf \
	/etc/strongswan.d/scepclient.conf \
	/lib/libz.so.1.2.12 \
	/usr/lib/libbind9-9.16.33.so \
	/usr/lib/libdns-9.16.33.so \
	/usr/lib/libexpat.so.1.8.9 \
	/usr/lib/libirs-9.16.33.so \
	/usr/lib/libisc-9.16.33.so \
	/usr/lib/libisccc-9.16.33.so \
	/usr/lib/libisccfg-9.16.33.so \
	/usr/lib/libns-9.16.33.so \
	/usr/lib/libunbound.so.8.1.1* \
	/usr/lib/libxml2.so.2.9.* \
	/usr/lib/python3.10/ensurepip/_bundled/pip-21* \
	/usr/lib/python3.10/ensurepip/_bundled/setuptools-5* \
	/usr/lib/python3.10/lib2to3/Grammar3.10.* \
	/usr/lib/python3.10/lib2to3/PatternGrammar3.10.* \
	/usr/lib/python3.10/site-packages/pip-21.* \
	/usr/lib/python3.10/site-packages/pip/_internal/utils/parallel.py \
	/usr/lib/python3.10/site-packages/pip/_internal/utils/pkg_resources.py \
	/usr/lib/python3.10/site-packages/pip/_vendor/appdirs.py \
	/usr/lib/python3.10/site-packages/pip/_vendor/chardet/compat.py \
	/usr/lib/python3.10/site-packages/pip/_vendor/distlib/_backport \
	/usr/lib/python3.10/site-packages/pip/_vendor/distro.py \
	/usr/lib/python3.10/site-packages/pip/_vendor/html5lib \
	/usr/lib/python3.10/site-packages/pip/_vendor/msgpack/_version.py \
	/usr/lib/python3.10/site-packages/pip/_vendor/progress \
	/usr/lib/python3.10/site-packages/pip/_vendor/pyparsing.py \
	/usr/lib/python3.10/site-packages/pip/_vendor/urllib3/packages/ssl_match_hostname \
	/usr/lib/python3.10/site-packages/pkg_resources/_vendor/packaging/_compat.py \
	/usr/lib/python3.10/site-packages/pkg_resources/_vendor/packaging/_typing.py \
	/usr/lib/python3.10/site-packages/pkg_resources/_vendor/pyparsing.py \
	/usr/lib/python3.10/site-packages/pkg_resources/tests/data \
	/usr/lib/python3.10/site-packages/setuptools-5* \
	/usr/lib/python3.10/site-packages/setuptools/_distutils/py35compat.py \
	/usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/_compat.py \
	/usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/_typing.py \
	/usr/lib/python3.10/site-packages/setuptools/_vendor/pyparsing.py \
	/usr/lib/python3.10/site-packages/setuptools/config.py \
	/usr/lib/python3.10/site-packages/setuptools_rust/utils.py \
	/usr/libexec/ipsec/scepclient \
	/var/ipfire/ca/dh1024.pem

# Remove powertop add-on, if installed
if [ -e "/opt/pakfire/db/installed/meta-powertop" ]; then
	for i in $(</opt/pakfire/db/rootfiles/powertop); do
		rm -rfv "/${i}"
	done
fi
rm -vf \
	/opt/pakfire/db/installed/meta-powertop \
	/opt/pakfire/db/meta/meta-powertop \
	/opt/pakfire/db/rootfiles/powertop

# Extract files
extract_files

# update linker config
ldconfig

# Update Language cache
/usr/local/bin/update-lang-cache

# Filesytem cleanup
/usr/local/bin/filesystem-cleanup

# Apply local configuration to sshd_config
/usr/local/bin/sshctrl

# Correct permissions of some library files
chown -Rv root:root /var/ipfire/connscheduler/lib.pl /var/ipfire/updatexlrator/updxlrator-lib.pl /var/ipfire/menu.d/*

# Replace existing OpenVPN Diffie-Hellman parameter by ffdhe4096, as specified in RFC 7919
if [ -f /var/ipfire/ovpn/server.conf ]; then
	sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/server.conf
fi

if [ -f "/var/ipfire/ovpn/n2nconf/*/*.conf" ]; then
	sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/n2nconf/*/*.conf
fi

# Start services
/etc/init.d/unbound start
if grep -q "ENABLE_SSH=on" /var/ipfire/remote/settings; then
	/etc/init.d/sshd start
fi
if grep -q "ENABLED=on" /var/ipfire/ovpn/settings; then
	/usr/local/bin/openvpnctrl -s
	/usr/local/bin/openvpnctrl -sn2n
fi
if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
	/etc/init.d/ipsec start
fi

# This update needs a reboot...
touch /var/run/need_reboot

# Finish
/etc/init.d/fireinfo start
sendprofile

# Update grub config to display new core version
if [ -e /boot/grub/grub.cfg ]; then
	grub-mkconfig -o /boot/grub/grub.cfg
fi

sync

# Don't report the exitcode last command
exit 0
Commit	Line	Data
0f421901 PM	1	#!/bin/bash
	2	############################################################################
	3	# #
	4	# This file is part of the IPFire Firewall. #
	5	# #
	6	# IPFire is free software; you can redistribute it and/or modify #
	7	# it under the terms of the GNU General Public License as published by #
	8	# the Free Software Foundation; either version 3 of the License, or #
	9	# (at your option) any later version. #
	10	# #
	11	# IPFire is distributed in the hope that it will be useful, #
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	14	# GNU General Public License for more details. #
	15	# #
	16	# You should have received a copy of the GNU General Public License #
	17	# along with IPFire; if not, write to the Free Software #
	18	# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
	19	# #
	20	# Copyright (C) 2022 IPFire-Team <info@ipfire.org>. #
	21	# #
	22	############################################################################
	23	#
	24	. /opt/pakfire/lib/functions.sh
	25	/usr/local/bin/backupctrl exclude >/dev/null 2>&1
	26
	27	core=172
	28
	29	# Remove old core updates from pakfire cache to save space...
	30	for (( i=1; i<=$core; i++ )); do
	31	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
	32	done
	33
	34	# Stop services
f6121180	35	/etc/rc.d/init.d/ipsec stop
e044bc24 PM	36	/usr/local/bin/openvpnctrl -k
e044bc24 PM	37	/usr/local/bin/openvpnctrl -kn2n
4ddb1fda	38	/etc/rc.d/init.d/sshd stop
5f1abe00	39	/etc/rc.d/init.d/unbound stop
0f421901 PM	40
0f421901 PM	41	# Remove files
5f1abe00	42	rm -rvf \
c965daf6	43	/etc/strongswan.d/scepclient.conf \
0a65d443	44	/lib/libz.so.1.2.12 \
cc7bd114 PM	45	/usr/lib/libbind9-9.16.33.so \
cc7bd114 PM	46	/usr/lib/libdns-9.16.33.so \
4022e2f9	47	/usr/lib/libexpat.so.1.8.9 \
cc7bd114 PM	48	/usr/lib/libirs-9.16.33.so \
	49	/usr/lib/libisc-9.16.33.so \
	50	/usr/lib/libisccc-9.16.33.so \
	51	/usr/lib/libisccfg-9.16.33.so \
	52	/usr/lib/libns-9.16.33.so \
c965daf6	53	/usr/lib/libunbound.so.8.1.1* \
0675d2a4	54	/usr/lib/libxml2.so.2.9.* \
f9ab4c43 PM	55	/usr/lib/python3.10/ensurepip/_bundled/pip-21* \
	56	/usr/lib/python3.10/ensurepip/_bundled/setuptools-5* \
	57	/usr/lib/python3.10/lib2to3/Grammar3.10.* \
	58	/usr/lib/python3.10/lib2to3/PatternGrammar3.10.* \
	59	/usr/lib/python3.10/site-packages/pip-21.* \
	60	/usr/lib/python3.10/site-packages/pip/_internal/utils/parallel.py \
	61	/usr/lib/python3.10/site-packages/pip/_internal/utils/pkg_resources.py \
	62	/usr/lib/python3.10/site-packages/pip/_vendor/appdirs.py \
	63	/usr/lib/python3.10/site-packages/pip/_vendor/chardet/compat.py \
	64	/usr/lib/python3.10/site-packages/pip/_vendor/distlib/_backport \
	65	/usr/lib/python3.10/site-packages/pip/_vendor/distro.py \
	66	/usr/lib/python3.10/site-packages/pip/_vendor/html5lib \
	67	/usr/lib/python3.10/site-packages/pip/_vendor/msgpack/_version.py \
	68	/usr/lib/python3.10/site-packages/pip/_vendor/progress \
	69	/usr/lib/python3.10/site-packages/pip/_vendor/pyparsing.py \
	70	/usr/lib/python3.10/site-packages/pip/_vendor/urllib3/packages/ssl_match_hostname \
	71	/usr/lib/python3.10/site-packages/pkg_resources/_vendor/packaging/_compat.py \
	72	/usr/lib/python3.10/site-packages/pkg_resources/_vendor/packaging/_typing.py \
	73	/usr/lib/python3.10/site-packages/pkg_resources/_vendor/pyparsing.py \
	74	/usr/lib/python3.10/site-packages/pkg_resources/tests/data \
	75	/usr/lib/python3.10/site-packages/setuptools-5* \
	76	/usr/lib/python3.10/site-packages/setuptools/_distutils/py35compat.py \
	77	/usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/_compat.py \
	78	/usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/_typing.py \
	79	/usr/lib/python3.10/site-packages/setuptools/_vendor/pyparsing.py \
	80	/usr/lib/python3.10/site-packages/setuptools/config.py \
	81	/usr/lib/python3.10/site-packages/setuptools_rust/utils.py \
e044bc24 PM	82	/usr/libexec/ipsec/scepclient \
e044bc24 PM	83	/var/ipfire/ca/dh1024.pem
0f421901	84
d3a4fcc7 PM	85	# Remove powertop add-on, if installed
	86	if [ -e "/opt/pakfire/db/installed/meta-powertop" ]; then
	87	for i in $(</opt/pakfire/db/rootfiles/powertop); do
	88	rm -rfv "/${i}"
	89	done
	90	fi
	91	rm -vf \
	92	/opt/pakfire/db/installed/meta-powertop \
	93	/opt/pakfire/db/meta/meta-powertop \
	94	/opt/pakfire/db/rootfiles/powertop
	95
0f421901 PM	96	# Extract files
	97	extract_files
	98
	99	# update linker config
	100	ldconfig
	101
	102	# Update Language cache
	103	/usr/local/bin/update-lang-cache
	104
	105	# Filesytem cleanup
	106	/usr/local/bin/filesystem-cleanup
	107
4ddb1fda PM	108	# Apply local configuration to sshd_config
	109	/usr/local/bin/sshctrl
	110
eae0cb54	111	# Correct permissions of some library files
39d67050	112	chown -Rv root:root /var/ipfire/connscheduler/lib.pl /var/ipfire/updatexlrator/updxlrator-lib.pl /var/ipfire/menu.d/*
eae0cb54	113
e044bc24 PM	114	# Replace existing OpenVPN Diffie-Hellman parameter by ffdhe4096, as specified in RFC 7919
	115	if [ -f /var/ipfire/ovpn/server.conf ]; then
	116	sed -i 's\|/var/ipfire/ovpn/ca/dh1024.pem\|/etc/ssl/ffdhe4096.pem\|' /var/ipfire/ovpn/server.conf
	117	fi
	118
	119	if [ -f "/var/ipfire/ovpn/n2nconf//.conf" ]; then
	120	sed -i 's\|/var/ipfire/ovpn/ca/dh1024.pem\|/etc/ssl/ffdhe4096.pem\|' /var/ipfire/ovpn/n2nconf//.conf
	121	fi
	122
0f421901	123	# Start services
5f1abe00	124	/etc/init.d/unbound start
4ddb1fda PM	125	if grep -q "ENABLE_SSH=on" /var/ipfire/remote/settings; then
	126	/etc/init.d/sshd start
	127	fi
e044bc24 PM	128	if grep -q "ENABLED=on" /var/ipfire/ovpn/settings; then
	129	/usr/local/bin/openvpnctrl -s
	130	/usr/local/bin/openvpnctrl -sn2n
	131	fi
f6121180 PM	132	if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
	133	/etc/init.d/ipsec start
	134	fi
0f421901 PM	135
0f421901 PM	136	# This update needs a reboot...
4808c037	137	touch /var/run/need_reboot
0f421901 PM	138
	139	# Finish
	140	/etc/init.d/fireinfo start
	141	sendprofile
	142
	143	# Update grub config to display new core version
	144	if [ -e /boot/grub/grub.cfg ]; then
	145	grub-mkconfig -o /boot/grub/grub.cfg
	146	fi
	147
	148	sync
	149
	150	# Don't report the exitcode last command
	151	exit 0