core120: Update pakfire keystore

[ipfire-2.x.git] / config / rootfiles / core / 120 / update.sh

diff --git a/config/rootfiles/core/120/update.sh b/config/rootfiles/core/120/update.sh
index 9986316e9f77f508cff2ab10a0c0fdd90b702f4e..0744f3a7f16acc08869bf6553493fe03ec3761a6 100644 (file)
--- a/config/rootfiles/core/120/update.sh
+++ b/config/rootfiles/core/120/update.sh
@@ -31,6 +31,14 @@ for (( i=1; i<=$core; i++ )); do
        rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
 done
 
+# Remove forgotten PHP file
+rm -f /etc/httpd/conf/conf.d/php5.conf
+
+# Delete old PAM libs and symlinks if presant
+if ls /lib | grep -q 'libpam.*'; then
+    rm -f /lib/libpam*
+fi
+
 # Stop services
 
 # Extract files
@@ -42,7 +50,38 @@ ldconfig
 # Update Language cache
 /usr/local/bin/update-lang-cache
 
+# Changed and new OpenVPN-2.4 directives will wrote to server.conf and renew CRL while update an core update
+if [ -e /var/ipfire/ovpn/server.conf ]; then
+       /usr/local/bin/openvpnctrl -k
+
+       # Update configuration directives
+       sed -i -e 's/script-security 3 system/script-security 3/' \
+               -e '/status .*/ a ncp-disable' /var/ipfire/ovpn/server.conf
+
+       # Update the OpenVPN CRL
+       openssl ca -gencrl -keyfile /var/ipfire/ovpn/ca/cakey.pem \
+               -cert /var/ipfire/ovpn/ca/cacert.pem \
+               -out /var/ipfire/ovpn/crls/cacrl.pem \
+               -config /var/ipfire/ovpn/openssl/ovpn.cnf
+
+       /usr/local/bin/openvpnctrl -s
+fi
+
 # Start services
+/etc/init.d/apache restart
+/etc/init.d/unbound restart
+
+# Remove deprecated SSH configuration option
+sed -e "/UsePrivilegeSeparation/d" -i /etc/ssh/sshd_config
+
+# Remove any pakfire keys stored in /
+rm -rfv /.gnupg
+
+# Move old pakfire keystore into new place
+mv -v /root/.gnupg /opt/pakfire/etc/.gnupg
+
+# Import new Pakfire key
+/etc/init.d/pakfire start
 
 # This update needs a reboot...
 touch /var/run/need_reboot