]>
Commit | Line | Data |
---|---|---|
ea938f62 MT |
1 | #!/bin/bash |
2 | ############################################################################ | |
3 | # # | |
4 | # This file is part of the IPFire Firewall. # | |
5 | # # | |
6 | # IPFire is free software; you can redistribute it and/or modify # | |
7 | # it under the terms of the GNU General Public License as published by # | |
8 | # the Free Software Foundation; either version 3 of the License, or # | |
9 | # (at your option) any later version. # | |
10 | # # | |
11 | # IPFire is distributed in the hope that it will be useful, # | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
14 | # GNU General Public License for more details. # | |
15 | # # | |
16 | # You should have received a copy of the GNU General Public License # | |
17 | # along with IPFire; if not, write to the Free Software # | |
18 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # | |
19 | # # | |
20 | # Copyright (C) 2017 IPFire-Team <info@ipfire.org>. # | |
21 | # # | |
22 | ############################################################################ | |
23 | # | |
24 | . /opt/pakfire/lib/functions.sh | |
25 | /usr/local/bin/backupctrl exclude >/dev/null 2>&1 | |
26 | ||
cb8a6bf5 | 27 | core=120 |
ea938f62 MT |
28 | |
29 | # Remove old core updates from pakfire cache to save space... | |
30 | for (( i=1; i<=$core; i++ )); do | |
31 | rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire | |
32 | done | |
33 | ||
c8e4391e MT |
34 | # Remove forgotten PHP file |
35 | rm -f /etc/httpd/conf/conf.d/php5.conf | |
36 | ||
e779b6bc EK |
37 | # Delete old PAM libs and symlinks if presant |
38 | if ls /lib | grep -q 'libpam.*'; then | |
39 | rm -f /lib/libpam* | |
40 | fi | |
41 | ||
d093117f | 42 | # Stop services |
922ec43f | 43 | |
ea938f62 MT |
44 | # Extract files |
45 | extract_files | |
46 | ||
47 | # update linker config | |
48 | ldconfig | |
49 | ||
50 | # Update Language cache | |
a679c563 | 51 | /usr/local/bin/update-lang-cache |
ea938f62 | 52 | |
53929f5a MT |
53 | # Changed and new OpenVPN-2.4 directives will wrote to server.conf and renew CRL while update an core update |
54 | if [ -e /var/ipfire/ovpn/server.conf ]; then | |
e707599d | 55 | /usr/local/bin/openvpnctrl -k |
53929f5a MT |
56 | |
57 | # Update configuration directives | |
58 | sed -i -e 's/script-security 3 system/script-security 3/' \ | |
59 | -e '/status .*/ a ncp-disable' /var/ipfire/ovpn/server.conf | |
60 | ||
c79cbc15 MT |
61 | # Disable Path MTU discovery settings |
62 | sed -e "/^mtu-disc/d" -i /var/ipfire/ovpn/server.conf | |
63 | ||
53929f5a MT |
64 | # Update the OpenVPN CRL |
65 | openssl ca -gencrl -keyfile /var/ipfire/ovpn/ca/cakey.pem \ | |
66 | -cert /var/ipfire/ovpn/ca/cacert.pem \ | |
67 | -out /var/ipfire/ovpn/crls/cacrl.pem \ | |
68 | -config /var/ipfire/ovpn/openssl/ovpn.cnf | |
69 | ||
e707599d | 70 | /usr/local/bin/openvpnctrl -s |
53929f5a MT |
71 | fi |
72 | ||
c79cbc15 MT |
73 | # Update OpenVPN N2N configurations |
74 | /usr/local/bin/openvpnctrl -kn2n | |
75 | ||
76 | for file in /var/ipfire/ovpn/n2nconf/*/*.conf; do | |
77 | sed -e "/^mtu-disc/d" -i ${file} | |
78 | done | |
79 | ||
80 | /usr/local/bin/openvpnctrl -sn2n | |
81 | ||
ea938f62 | 82 | # Start services |
53929f5a | 83 | /etc/init.d/apache restart |
b2318b5e | 84 | /etc/init.d/unbound restart |
a261cb06 | 85 | |
39f4488a MT |
86 | # Regenerate IPsec configuration |
87 | sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi | |
88 | if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then | |
89 | /etc/init.d/ipsec restart | |
90 | fi | |
91 | ||
8b080ef1 MT |
92 | # Remove deprecated SSH configuration option |
93 | sed -e "/UsePrivilegeSeparation/d" -i /etc/ssh/sshd_config | |
94 | ||
ceed3534 | 95 | # Import new Pakfire key |
0471d32b | 96 | /etc/init.d/pakfire start |
ceed3534 | 97 | |
a261cb06 MT |
98 | # This update needs a reboot... |
99 | touch /var/run/need_reboot | |
ea938f62 MT |
100 | |
101 | # Finish | |
102 | /etc/init.d/fireinfo start | |
103 | sendprofile | |
104 | ||
105 | # Update grub config to display new core version | |
106 | if [ -e /boot/grub/grub.cfg ]; then | |
107 | grub-mkconfig -o /boot/grub/grub.cfg | |
108 | fi | |
109 | ||
110 | sync | |
111 | ||
112 | # Don't report the exitcode last command | |
113 | exit 0 |