From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri, 13 Jun 2025 17:58:57 +0000 (+0200)
Subject: core196: add kernel to update
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fheads%2Fnext;p=ipfire-2.x.git

core196: add kernel to update

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---

diff --git a/config/rootfiles/core/196/filelists/aarch64/linux b/config/rootfiles/core/196/filelists/aarch64/linux
new file mode 120000
index 000000000..3a2532bc7
--- /dev/null
+++ b/config/rootfiles/core/196/filelists/aarch64/linux
@@ -0,0 +1 @@
+../../../../common/aarch64/linux
\ No newline at end of file
diff --git a/config/rootfiles/core/196/filelists/riscv64/linux b/config/rootfiles/core/196/filelists/riscv64/linux
new file mode 120000
index 000000000..c8e8350ca
--- /dev/null
+++ b/config/rootfiles/core/196/filelists/riscv64/linux
@@ -0,0 +1 @@
+../../../../common/riscv64/linux
\ No newline at end of file
diff --git a/config/rootfiles/core/196/filelists/x86_64/linux b/config/rootfiles/core/196/filelists/x86_64/linux
new file mode 120000
index 000000000..0615b5b9a
--- /dev/null
+++ b/config/rootfiles/core/196/filelists/x86_64/linux
@@ -0,0 +1 @@
+../../../../common/x86_64/linux
\ No newline at end of file
diff --git a/config/rootfiles/core/196/update.sh b/config/rootfiles/core/196/update.sh
index bd9e80f42..e58b4e3b3 100644
--- a/config/rootfiles/core/196/update.sh
+++ b/config/rootfiles/core/196/update.sh
@@ -26,6 +26,18 @@
 
 core=196
 
+exit_with_error() {
+    # Set last succesfull installed core.
+    echo $(($core-1)) > /opt/pakfire/db/core/mine
+    # force fsck at next boot, this may fix free space on xfs
+    touch /forcefsck
+    # don't start pakfire again at error
+    killall -KILL pak_update
+    /usr/bin/logger -p syslog.emerg -t ipfire \
+	"core-update-${core}: $1"
+    exit $2
+}
+
 # Remove old core updates from pakfire cache to save space...
 for (( i=1; i<=$core; i++ )); do
 	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
@@ -34,6 +46,46 @@ done
 # Stop services
 /etc/rc.d/init.d/ipsec stop
 
+KVER="xxxKVERxxx"
+
+# Backup uEnv.txt if exist
+if [ -e /boot/uEnv.txt ]; then
+    cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
+fi
+
+# Do some sanity checks prior to the kernel update
+case $(uname -r) in
+    *-ipfire*)
+	# Ok.
+	;;
+    *)
+	exit_with_error "ERROR cannot update. No IPFire Kernel." 1
+	;;
+esac
+
+# Check diskspace on root and size of boot
+ROOTSPACE=$( df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1 )
+if [ $ROOTSPACE -lt 200000 ]; then
+    exit_with_error "ERROR cannot update because not enough free space on root." 2
+fi
+BOOTSIZE=$( df /boot -Pk | sed "s| * | |g" | cut -d" " -f2 | tail -n 1 )
+if [ $BOOTSIZE -lt 100000 ]; then
+    exit_with_error "ERROR cannot update. BOOT partition is to small." 3
+fi
+
+# Remove the old kernel
+rm -rvf \
+	/boot/System.map-* \
+	/boot/config-* \
+	/boot/ipfirerd-* \
+	/boot/initramfs-* \
+	/boot/vmlinuz-* \
+	/boot/uImage-* \
+	/boot/zImage-* \
+	/boot/uInit-* \
+	/boot/dtb-* \
+	/lib/modules
+
 # Remove files
 rm -rfv \
 	/usr/bin/genisoimage \
@@ -53,18 +105,13 @@ ldconfig
 # Filesytem cleanup
 /usr/local/bin/filesystem-cleanup
 
-# Build initial ramdisks for updated intel-microcode
-dracut --regenerate-all --force
-KVER="xxxKVERxxx"
-case "$(uname -m)" in
-	aarch64)
-		mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}.img /boot/uInit-${KVER}
-		# dont remove initramfs because grub need this to boot.
-		;;
-esac
+# Increment ipsec serial file if x509 certificates present and no content in index.txt
+if [ -e "/var/ipfire/certs/hostcert.pem" ] && [ ! -s "/var/ipfire/certs/index.txt" ]; then
+    sed -i "s/01/02/" /var/ipfire/certs/serial
+fi
 
 # Apply SSH configuration
-#/usr/local/bin/sshctrl
+/usr/local/bin/sshctrl
 
 # Change IPsec configuration of existing connections using ML-KEM
 # to always make use of hybrid key exchange in conjunction with Curve 25519.
@@ -80,8 +127,30 @@ if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
 	/etc/rc.d/init.d/ipsec start
 fi
 
+/etc/init.d/suricata restart
+
+# Build initial ramdisks
+dracut --regenerate-all --force
+KVER="xxxKVERxxx"
+case "$(uname -m)" in
+	aarch64)
+		mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}.img /boot/uInit-${KVER}
+		# dont remove initramfs because grub need this to boot.
+		;;
+esac
+
+# Upadate Kernel version in uEnv.txt
+if [ -e /boot/uEnv.txt ]; then
+    sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt
+fi
+
+# Call user update script (needed for some ARM boards)
+if [ -e /boot/pakfire-kernel-update ]; then
+    /boot/pakfire-kernel-update ${KVER}
+fi
+
 # This update needs a reboot...
-#touch /var/run/need_reboot
+touch /var/run/need_reboot
 
 # Finish
 /etc/init.d/fireinfo start