[ipfire-2.x.git] / config / rootfiles / core / 120 / update.sh

#!/bin/bash
############################################################################
#                                                                          #
# This file is part of the IPFire Firewall.                                #
#                                                                          #
# IPFire is free software; you can redistribute it and/or modify           #
# it under the terms of the GNU General Public License as published by     #
# the Free Software Foundation; either version 3 of the License, or        #
# (at your option) any later version.                                      #
#                                                                          #
# IPFire is distributed in the hope that it will be useful,                #
# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
# GNU General Public License for more details.                             #
#                                                                          #
# You should have received a copy of the GNU General Public License        #
# along with IPFire; if not, write to the Free Software                    #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
#                                                                          #
# Copyright (C) 2017 IPFire-Team <info@ipfire.org>.                        #
#                                                                          #
############################################################################
#
. /opt/pakfire/lib/functions.sh
/usr/local/bin/backupctrl exclude >/dev/null 2>&1

core=120

# Remove old core updates from pakfire cache to save space...
for (( i=1; i<=$core; i++ )); do
	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
done

# Remove forgotten PHP file
rm -f /etc/httpd/conf/conf.d/php5.conf

# Delete old PAM libs and symlinks if presant
if ls /lib | grep -q 'libpam.*'; then
    rm -f /lib/libpam*
fi

# Stop services

# Extract files
extract_files

# update linker config
ldconfig

# Update Language cache
/usr/local/bin/update-lang-cache

# Changed and new OpenVPN-2.4 directives will wrote to server.conf and renew CRL while update an core update
if [ -e /var/ipfire/ovpn/server.conf ]; then
	/usr/local/bin/openvpnctrl -k

	# Update configuration directives
	sed -i -e 's/script-security 3 system/script-security 3/' \
		-e '/status .*/ a ncp-disable' /var/ipfire/ovpn/server.conf

	# Disable Path MTU discovery settings
	sed -e "/^mtu-disc/d" -i /var/ipfire/ovpn/server.conf

	# Update the OpenVPN CRL
	openssl ca -gencrl -keyfile /var/ipfire/ovpn/ca/cakey.pem \
		-cert /var/ipfire/ovpn/ca/cacert.pem \
		-out /var/ipfire/ovpn/crls/cacrl.pem \
		-config /var/ipfire/ovpn/openssl/ovpn.cnf

	/usr/local/bin/openvpnctrl -s
fi

# Update OpenVPN N2N configurations
/usr/local/bin/openvpnctrl -kn2n

for file in /var/ipfire/ovpn/n2nconf/*/*.conf; do
	sed -e "/^mtu-disc/d" -i ${file}
done

/usr/local/bin/openvpnctrl -sn2n

# Start services
/etc/init.d/apache restart
/etc/init.d/unbound restart

# Regenerate IPsec configuration
sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi
if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
	/etc/init.d/ipsec restart
fi

# Remove deprecated SSH configuration option
sed -e "/UsePrivilegeSeparation/d" -i /etc/ssh/sshd_config

# Import new Pakfire key
/etc/init.d/pakfire start

# This update needs a reboot...
touch /var/run/need_reboot

# Finish
/etc/init.d/fireinfo start
sendprofile

# Update grub config to display new core version
if [ -e /boot/grub/grub.cfg ]; then
	grub-mkconfig -o /boot/grub/grub.cfg
fi

sync

# Don't report the exitcode last command
exit 0
Commit	Line	Data
ea938f62 MT	1	#!/bin/bash
	2	############################################################################
	3	# #
	4	# This file is part of the IPFire Firewall. #
	5	# #
	6	# IPFire is free software; you can redistribute it and/or modify #
	7	# it under the terms of the GNU General Public License as published by #
	8	# the Free Software Foundation; either version 3 of the License, or #
	9	# (at your option) any later version. #
	10	# #
	11	# IPFire is distributed in the hope that it will be useful, #
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	14	# GNU General Public License for more details. #
	15	# #
	16	# You should have received a copy of the GNU General Public License #
	17	# along with IPFire; if not, write to the Free Software #
	18	# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
	19	# #
	20	# Copyright (C) 2017 IPFire-Team <info@ipfire.org>. #
	21	# #
	22	############################################################################
	23	#
	24	. /opt/pakfire/lib/functions.sh
	25	/usr/local/bin/backupctrl exclude >/dev/null 2>&1
	26
cb8a6bf5	27	core=120
ea938f62 MT	28
	29	# Remove old core updates from pakfire cache to save space...
	30	for (( i=1; i<=$core; i++ )); do
	31	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
	32	done
	33
c8e4391e MT	34	# Remove forgotten PHP file
	35	rm -f /etc/httpd/conf/conf.d/php5.conf
	36
e779b6bc EK	37	# Delete old PAM libs and symlinks if presant
	38	if ls /lib \| grep -q 'libpam.*'; then
	39	rm -f /lib/libpam*
	40	fi
	41
d093117f	42	# Stop services
922ec43f	43
ea938f62 MT	44	# Extract files
	45	extract_files
	46
	47	# update linker config
	48	ldconfig
	49
	50	# Update Language cache
a679c563	51	/usr/local/bin/update-lang-cache
ea938f62	52
53929f5a MT	53	# Changed and new OpenVPN-2.4 directives will wrote to server.conf and renew CRL while update an core update
53929f5a MT	54	if [ -e /var/ipfire/ovpn/server.conf ]; then
e707599d	55	/usr/local/bin/openvpnctrl -k
53929f5a MT	56
	57	# Update configuration directives
	58	sed -i -e 's/script-security 3 system/script-security 3/' \
	59	-e '/status .*/ a ncp-disable' /var/ipfire/ovpn/server.conf
	60
c79cbc15 MT	61	# Disable Path MTU discovery settings
	62	sed -e "/^mtu-disc/d" -i /var/ipfire/ovpn/server.conf
	63
53929f5a MT	64	# Update the OpenVPN CRL
	65	openssl ca -gencrl -keyfile /var/ipfire/ovpn/ca/cakey.pem \
	66	-cert /var/ipfire/ovpn/ca/cacert.pem \
	67	-out /var/ipfire/ovpn/crls/cacrl.pem \
	68	-config /var/ipfire/ovpn/openssl/ovpn.cnf
	69
e707599d	70	/usr/local/bin/openvpnctrl -s
53929f5a MT	71	fi
53929f5a MT	72
c79cbc15 MT	73	# Update OpenVPN N2N configurations
	74	/usr/local/bin/openvpnctrl -kn2n
	75
	76	for file in /var/ipfire/ovpn/n2nconf//.conf; do
	77	sed -e "/^mtu-disc/d" -i ${file}
	78	done
	79
	80	/usr/local/bin/openvpnctrl -sn2n
	81
ea938f62	82	# Start services
53929f5a	83	/etc/init.d/apache restart
b2318b5e	84	/etc/init.d/unbound restart
a261cb06	85
39f4488a MT	86	# Regenerate IPsec configuration
	87	sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi
	88	if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
	89	/etc/init.d/ipsec restart
	90	fi
	91
8b080ef1 MT	92	# Remove deprecated SSH configuration option
	93	sed -e "/UsePrivilegeSeparation/d" -i /etc/ssh/sshd_config
	94
ceed3534	95	# Import new Pakfire key
0471d32b	96	/etc/init.d/pakfire start
ceed3534	97
a261cb06 MT	98	# This update needs a reboot...
a261cb06 MT	99	touch /var/run/need_reboot
ea938f62 MT	100
	101	# Finish
	102	/etc/init.d/fireinfo start
	103	sendprofile
	104
	105	# Update grub config to display new core version
	106	if [ -e /boot/grub/grub.cfg ]; then
	107	grub-mkconfig -o /boot/grub/grub.cfg
	108	fi
	109
	110	sync
	111
	112	# Don't report the exitcode last command
	113	exit 0