]>
Commit | Line | Data |
---|---|---|
1 | #!/bin/bash | |
2 | ############################################################################ | |
3 | # # | |
4 | # This file is part of the IPFire Firewall. # | |
5 | # # | |
6 | # IPFire is free software; you can redistribute it and/or modify # | |
7 | # it under the terms of the GNU General Public License as published by # | |
8 | # the Free Software Foundation; either version 3 of the License, or # | |
9 | # (at your option) any later version. # | |
10 | # # | |
11 | # IPFire is distributed in the hope that it will be useful, # | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
14 | # GNU General Public License for more details. # | |
15 | # # | |
16 | # You should have received a copy of the GNU General Public License # | |
17 | # along with IPFire; if not, write to the Free Software # | |
18 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # | |
19 | # # | |
20 | # Copyright (C) 2023 IPFire-Team <info@ipfire.org>. # | |
21 | # # | |
22 | ############################################################################ | |
23 | # | |
24 | . /opt/pakfire/lib/functions.sh | |
25 | /usr/local/bin/backupctrl exclude >/dev/null 2>&1 | |
26 | ||
27 | core=181 | |
28 | ||
29 | exit_with_error() { | |
30 | # Set last succesfull installed core. | |
31 | echo $(($core-1)) > /opt/pakfire/db/core/mine | |
32 | # force fsck at next boot, this may fix free space on xfs | |
33 | touch /forcefsck | |
34 | # don't start pakfire again at error | |
35 | killall -KILL pak_update | |
36 | /usr/bin/logger -p syslog.emerg -t ipfire \ | |
37 | "core-update-${core}: $1" | |
38 | exit $2 | |
39 | } | |
40 | ||
41 | ||
42 | # Remove old core updates from pakfire cache to save space... | |
43 | for (( i=1; i<=$core; i++ )); do | |
44 | rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire | |
45 | done | |
46 | ||
47 | # Stop services | |
48 | ||
49 | KVER="xxxKVERxxx" | |
50 | ||
51 | # Backup uEnv.txt if exist | |
52 | if [ -e /boot/uEnv.txt ]; then | |
53 | cp -vf /boot/uEnv.txt /boot/uEnv.txt.org | |
54 | fi | |
55 | ||
56 | # Do some sanity checks prior to the kernel update | |
57 | case $(uname -r) in | |
58 | *-ipfire*) | |
59 | # Ok. | |
60 | ;; | |
61 | *) | |
62 | exit_with_error "ERROR cannot update. No IPFire Kernel." 1 | |
63 | ;; | |
64 | esac | |
65 | ||
66 | # Check diskspace on root | |
67 | ROOTSPACE=$( df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1 ) | |
68 | ||
69 | if [ $ROOTSPACE -lt 100000 ]; then | |
70 | exit_with_error "ERROR cannot update because not enough free space on root." 2 | |
71 | exit 2 | |
72 | fi | |
73 | ||
74 | # Remove the old kernel | |
75 | rm -rvf \ | |
76 | /boot/System.map-* \ | |
77 | /boot/config-* \ | |
78 | /boot/ipfirerd-* \ | |
79 | /boot/initramfs-* \ | |
80 | /boot/vmlinuz-* \ | |
81 | /boot/uImage-* \ | |
82 | /boot/zImage-* \ | |
83 | /boot/uInit-* \ | |
84 | /boot/dtb-* \ | |
85 | /lib/modules | |
86 | ||
87 | # Extract files | |
88 | extract_files | |
89 | ||
90 | # Remove files | |
91 | rm -rvf \ | |
92 | /etc/udev/rules.d/81-cdrom.rules \ | |
93 | /etc/udev/rules.d/83-cdrom-symlinks.rules \ | |
94 | /lib/libudev.so.1.6.3 \ | |
95 | /lib/udev/collect \ | |
96 | /lib/udev/init-net-rules.sh \ | |
97 | /lib/udev/rule_generator.functions \ | |
98 | /lib/udev/write_cd_rules \ | |
99 | /lib/udev/write_net_rules | |
100 | ||
101 | # update linker config | |
102 | ldconfig | |
103 | ||
104 | # Update Language cache | |
105 | /usr/local/bin/update-lang-cache | |
106 | ||
107 | # Filesytem cleanup | |
108 | /usr/local/bin/filesystem-cleanup | |
109 | ||
110 | # Start services | |
111 | telinit u | |
112 | /etc/init.d/udev restart | |
113 | /etc/init.d/apache restart | |
114 | ||
115 | # Rebuild initial ramdisks | |
116 | dracut --regenerate-all --force | |
117 | KVER="xxxKVERxxx" | |
118 | case "$(uname -m)" in | |
119 | aarch64) | |
120 | mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire | |
121 | # dont remove initramfs because grub need this to boot. | |
122 | ;; | |
123 | esac | |
124 | ||
125 | # remove lm_sensor config after collectd was started | |
126 | # to re-search sensors at next boot with updated kernel | |
127 | rm -f /etc/sysconfig/lm_sensors | |
128 | ||
129 | # Upadate Kernel version in uEnv.txt | |
130 | if [ -e /boot/uEnv.txt ]; then | |
131 | sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt | |
132 | fi | |
133 | ||
134 | # Call user update script (needed for some ARM boards) | |
135 | if [ -e /boot/pakfire-kernel-update ]; then | |
136 | /boot/pakfire-kernel-update ${KVER} | |
137 | fi | |
138 | ||
139 | ## Modify ovpnconfig according to bug 11048 for pass, no-pass modification in ovpnconfig index | |
140 | # Check if ovpnconfig exists and is not empty | |
141 | if [ -s /var/ipfire/ovpn/ovpnconfig ]; then | |
142 | # Add blank line at top of ovpnconfig otherwise the first roadwarrior entry is treated like a blank line and missed out from update | |
143 | awk 'NR==1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig | |
144 | ||
145 | # Make all N2N connections 'no-pass' since they do not use encryption | |
146 | awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new | |
147 | ||
148 | # Evaluate roadwarrior connection names for *.p12 files | |
149 | for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do | |
150 | # Sort all unencrypted roadwarriors out and set 'no-pass' in [43] index | |
151 | if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'Encrypted data') ]]; then | |
152 | awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new | |
153 | fi | |
154 | # Sort all encrypted roadwarriors out and set 'pass' in [43] index | |
155 | if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'verify error') ]]; then | |
156 | awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new | |
157 | fi | |
158 | done | |
159 | fi | |
160 | ||
161 | # Replace existing ovpnconfig with updated index | |
162 | mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig | |
163 | # Set correct ownership | |
164 | chown nobody:nobody /var/ipfire/ovpn/ovpnconfig | |
165 | ||
166 | # This update needs a reboot... | |
167 | touch /var/run/need_reboot | |
168 | ||
169 | # Finish | |
170 | /etc/init.d/fireinfo start | |
171 | sendprofile | |
172 | ||
173 | # Update grub config to display new core version | |
174 | if [ -e /boot/grub/grub.cfg ]; then | |
175 | grub-mkconfig -o /boot/grub/grub.cfg | |
176 | fi | |
177 | ||
178 | sync | |
179 | ||
180 | # Don't report the exitcode last command | |
181 | exit 0 |