X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=config%2Frootfiles%2Fcore%2F168%2Fupdate.sh;h=6bb081ff28d2ce54384e6509752a80a470a1a0ba;hp=e27d041d377b7a2ee562d45fa400ad06cb7824f7;hb=4a4fc8f19a8734a7d92895da3772027550e80f01;hpb=159f9214a6852328f4edb327b33d2268ac4bac3f

diff --git a/config/rootfiles/core/168/update.sh b/config/rootfiles/core/168/update.sh
index e27d041d37..6bb081ff28 100644
--- a/config/rootfiles/core/168/update.sh
+++ b/config/rootfiles/core/168/update.sh
@@ -31,8 +31,23 @@ for (( i=1; i<=$core; i++ )); do
 	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
 done
 
+# Stop services
+/etc/init.d/ipsec stop
+/etc/init.d/squid stop
+/usr/local/bin/openvpnctrl -k
+/usr/local/bin/openvpnctrl -kn2n
+/etc/init.d/suricata stop
+
 # Remove files
 rm -rvf \
+	/etc/fcron.daily/suricata \
+	/etc/fcron.weekly/suricata \
+	/lib/firmware/cxgb4/t4fw-1.26.4.0.bin \
+	/lib/firmware/cxgb4/t5fw-1.26.4.0.bin \
+	/lib/firmware/cxgb4/t6fw-1.26.4.0.bin \
+	/lib/firmware/intel/ice/ddp-comms/ice_comms-1.3.20.0.pkg \
+	/lib/firmware/silabs \
+	/lib/libprocps.so* \
 	/usr/bin/dnet-config \
 	/usr/bin/sdparm \
 	/usr/lib/libart_lgpl_2.so* \
@@ -41,10 +56,13 @@ rm -rvf \
 	/usr/lib/libevent-1.4.so* \
 	/usr/lib/libevent_core-1.4.so* \
 	/usr/lib/libevent_extra-1.4.so* \
+	/usr/lib/liblber-2.4.so* \
 	/usr/lib/libnl.so* \
 	/usr/lib/libpri.so* \
 	/usr/lib/libsolv.so* \
 	/usr/lib/libsolvext.so* \
+	/usr/lib/libusb.so \
+	/usr/lib/libusb-0.1.so* \
 	/usr/sbin/dnet
 
 # Remove netbpm add-on, if installed
@@ -58,31 +76,75 @@ rm -vf \
 	/opt/pakfire/db/meta/meta-netbpm \
 	/opt/pakfire/db/rootfiles/netbpm
 
-# Stop services
-/etc/init.d/squid stop
-/usr/local/bin/openvpnctrl -k
-/usr/local/bin/openvpnctrl -kn2n
-
 # Extract files
 extract_files
 
 # update linker config
 ldconfig
 
+# Run IDSv4 converter
+convert-ids-backend-files
+
 # Update Language cache
 /usr/local/bin/update-lang-cache
 
 # Filesytem cleanup
 /usr/local/bin/filesystem-cleanup
 
+# Delete orphaned Oinkmaster and Suricata default ruleset
+rm -vf \
+	/usr/local/bin/oinkmaster.pl \
+	/var/ipfire/suricata/oinkmaster.conf \
+	/var/ipfire/suricata/suricata-default-rules.yaml
+
+# Apply local configuration to sshd_config
+/usr/local/bin/sshctrl
+
+# Apply sysctl changes
+/etc/init.d/sysctl start
+
+# Fix permissions of /etc/sudoers.d/
+chmod -v 750 /etc/sudoers.d
+chmod -v 640 /etc/sudoers.d/*
+
+# Rebuild initial ramdisk to apply microcode updates
+dracut --regenerate-all --force
+case "$(uname -m)" in
+        armv*)
+                mkimage -A arm -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
+                rm /boot/initramfs-${KVER}-ipfire.img
+                ;;
+        aarch64)
+                mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
+                # dont remove initramfs because grub need this to boot.
+                ;;
+esac
+
+# Add rd.auto to kernel command line
+if ! grep -q rd.auto /etc/default/grub; then
+	sed -e "s/panic=10/& rd.auto/" -i /etc/default/grub
+fi
+
+# Repair any broken MDRAID arrays
+/usr/local/bin/repair-mdraid
+
+# Rebuild fcrontab from scratch
+/usr/bin/fcrontab -z
+
 # Start services
+/etc/init.d/fcron restart
+/etc/init.d/sshd restart
 /etc/init.d/vnstatd restart
 /etc/init.d/squid start
 /usr/local/bin/openvpnctrl -s
 /usr/local/bin/openvpnctrl -sn2n
+/etc/init.d/suricata start
+if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
+       /etc/init.d/ipsec start
+fi
 
 # This update needs a reboot...
-#touch /var/run/need_reboot
+touch /var/run/need_reboot
 
 # Finish
 /etc/init.d/fireinfo start