core=196
+exit_with_error() {
+ # Set last succesfull installed core.
+ echo $(($core-1)) > /opt/pakfire/db/core/mine
+ # force fsck at next boot, this may fix free space on xfs
+ touch /forcefsck
+ # don't start pakfire again at error
+ killall -KILL pak_update
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: $1"
+ exit $2
+}
+
# Remove old core updates from pakfire cache to save space...
for (( i=1; i<=$core; i++ )); do
rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
# Stop services
/etc/rc.d/init.d/ipsec stop
+KVER="xxxKVERxxx"
+
+# Backup uEnv.txt if exist
+if [ -e /boot/uEnv.txt ]; then
+ cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
+fi
+
+# Do some sanity checks prior to the kernel update
+case $(uname -r) in
+ *-ipfire*)
+ # Ok.
+ ;;
+ *)
+ exit_with_error "ERROR cannot update. No IPFire Kernel." 1
+ ;;
+esac
+
+# Check diskspace on root and size of boot
+ROOTSPACE=$( df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1 )
+if [ $ROOTSPACE -lt 200000 ]; then
+ exit_with_error "ERROR cannot update because not enough free space on root." 2
+fi
+BOOTSIZE=$( df /boot -Pk | sed "s| * | |g" | cut -d" " -f2 | tail -n 1 )
+if [ $BOOTSIZE -lt 100000 ]; then
+ exit_with_error "ERROR cannot update. BOOT partition is to small." 3
+fi
+
+# Remove the old kernel
+rm -rvf \
+ /boot/System.map-* \
+ /boot/config-* \
+ /boot/ipfirerd-* \
+ /boot/initramfs-* \
+ /boot/vmlinuz-* \
+ /boot/uImage-* \
+ /boot/zImage-* \
+ /boot/uInit-* \
+ /boot/dtb-* \
+ /lib/modules
+
# Remove files
rm -rfv \
/usr/bin/genisoimage \
# Filesytem cleanup
/usr/local/bin/filesystem-cleanup
-# Build initial ramdisks for updated intel-microcode
-dracut --regenerate-all --force
-KVER="xxxKVERxxx"
-case "$(uname -m)" in
- aarch64)
- mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}.img /boot/uInit-${KVER}
- # dont remove initramfs because grub need this to boot.
- ;;
-esac
+# Increment ipsec serial file if x509 certificates present and no content in index.txt
+if [ -e "/var/ipfire/certs/hostcert.pem" ] && [ ! -s "/var/ipfire/certs/index.txt" ]; then
+ sed -i "s/01/02/" /var/ipfire/certs/serial
+fi
# Apply SSH configuration
-#/usr/local/bin/sshctrl
+/usr/local/bin/sshctrl
# Change IPsec configuration of existing connections using ML-KEM
# to always make use of hybrid key exchange in conjunction with Curve 25519.
/etc/rc.d/init.d/ipsec start
fi
+/etc/init.d/suricata restart
+
+# Build initial ramdisks
+dracut --regenerate-all --force
+KVER="xxxKVERxxx"
+case "$(uname -m)" in
+ aarch64)
+ mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}.img /boot/uInit-${KVER}
+ # dont remove initramfs because grub need this to boot.
+ ;;
+esac
+
+# Upadate Kernel version in uEnv.txt
+if [ -e /boot/uEnv.txt ]; then
+ sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt
+fi
+
+# Call user update script (needed for some ARM boards)
+if [ -e /boot/pakfire-kernel-update ]; then
+ /boot/pakfire-kernel-update ${KVER}
+fi
+
# This update needs a reboot...
-#touch /var/run/need_reboot
+touch /var/run/need_reboot
# Finish
/etc/init.d/fireinfo start
projects / ipfire-2.x.git / commitdiff
