2 ############################################################################
4 # This file is part of the IPFire Firewall. #
6 # IPFire is free software; you can redistribute it and/or modify #
7 # it under the terms of the GNU General Public License as published by #
8 # the Free Software Foundation; either version 3 of the License, or #
9 # (at your option) any later version. #
11 # IPFire is distributed in the hope that it will be useful, #
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
14 # GNU General Public License for more details. #
16 # You should have received a copy of the GNU General Public License #
17 # along with IPFire; if not, write to the Free Software #
18 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
20 # Copyright (C) 2022 IPFire-Team <info@ipfire.org>. #
22 ############################################################################
24 .
/opt
/pakfire
/lib
/functions.sh
25 /usr
/local
/bin
/backupctrl exclude
>/dev
/null
2>&1
29 # Remove old core updates from pakfire cache to save space...
30 for (( i
=1; i
<=$core; i
++ )); do
31 rm -f /var
/cache
/pakfire
/core-upgrade-
*-$i.ipfire
35 /etc
/init.d
/ipsec stop
36 /etc
/init.d
/squid stop
37 /usr
/local
/bin
/openvpnctrl
-k
38 /usr
/local
/bin
/openvpnctrl
-kn2n
39 /etc
/init.d
/suricata stop
43 /etc
/fcron.daily
/suricata \
44 /etc
/fcron.weekly
/suricata \
45 /lib
/firmware
/cxgb
4/t4fw-1.26
.4.0.bin \
46 /lib
/firmware
/cxgb
4/t5fw-1.26
.4.0.bin \
47 /lib
/firmware
/cxgb
4/t6fw-1.26
.4.0.bin \
48 /lib
/firmware
/intel
/ice
/ddp-comms
/ice_comms-1.3
.20.0.pkg \
49 /lib
/firmware
/silabs \
51 /usr
/bin
/dnet-config \
53 /usr
/lib
/libart_lgpl_2.so
* \
55 /usr
/lib
/libdnet.so
* \
56 /usr
/lib
/libevent-1.4.so
* \
57 /usr
/lib
/libevent_core-1.4.so
* \
58 /usr
/lib
/libevent_extra-1.4.so
* \
59 /usr
/lib
/liblber-2.4.so
* \
62 /usr
/lib
/libsolv.so
* \
63 /usr
/lib
/libsolvext.so
* \
65 /usr
/lib
/libusb-0.1.so
* \
68 # Remove netbpm add-on, if installed
69 if [ -e "/opt/pakfire/db/installed/meta-netbpm" ]; then
70 for i
in $
(</opt
/pakfire
/db
/rootfiles
/netbpm
); do
75 /opt
/pakfire
/db
/installed
/meta-netbpm \
76 /opt
/pakfire
/db
/meta
/meta-netbpm \
77 /opt
/pakfire
/db
/rootfiles
/netbpm
82 # update linker config
86 convert-ids-backend-files
88 # Update Language cache
89 /usr
/local
/bin
/update-lang-cache
92 /usr
/local
/bin
/filesystem-cleanup
94 # Delete orphaned Oinkmaster and Suricata default ruleset
96 /usr
/local
/bin
/oinkmaster.pl \
97 /var
/ipfire
/suricata
/oinkmaster.conf \
98 /var
/ipfire
/suricata
/suricata-default-rules.yaml
100 # Apply local configuration to sshd_config
101 /usr
/local
/bin
/sshctrl
103 # Apply sysctl changes
104 /etc
/init.d
/sysctl start
106 # Fix permissions of /etc/sudoers.d/
107 chmod -v 750 /etc
/sudoers.d
108 chmod -v 640 /etc
/sudoers.d
/*
110 # Rebuild initial ramdisk to apply microcode updates
111 dracut
--regenerate-all --force
112 case "$(uname -m)" in
114 mkimage
-A arm
-T ramdisk
-C lzma
-d /boot
/initramfs-
${KVER}-ipfire.img
/boot
/uInit-
${KVER}-ipfire
115 rm /boot
/initramfs-
${KVER}-ipfire.img
118 mkimage
-A arm64
-T ramdisk
-C lzma
-d /boot
/initramfs-
${KVER}-ipfire.img
/boot
/uInit-
${KVER}-ipfire
119 # dont remove initramfs because grub need this to boot.
123 # Add rd.auto to kernel command line
124 if ! grep -q rd.auto
/etc
/default
/grub
; then
125 sed -e "s/panic=10/& rd.auto/" -i /etc
/default
/grub
129 /etc
/init.d
/fcron restart
130 /etc
/init.d
/sshd restart
131 /etc
/init.d
/vnstatd restart
132 /etc
/init.d
/squid start
133 /usr
/local
/bin
/openvpnctrl
-s
134 /usr
/local
/bin
/openvpnctrl
-sn2n
135 /etc
/init.d
/suricata start
136 if grep -q "ENABLED=on" /var
/ipfire
/vpn
/settings
; then
137 /etc
/init.d
/ipsec start
140 # This update needs a reboot...
141 touch /var
/run
/need_reboot
144 /etc
/init.d
/fireinfo start
147 # Update grub config to display new core version
148 if [ -e /boot
/grub
/grub.cfg
]; then
149 grub-mkconfig
-o /boot
/grub
/grub.cfg
154 # Don't report the exitcode last command