[people/pmueller/ipfire-2.x.git] / config / rootfiles / core / 172 / update.sh

#!/bin/bash
############################################################################
#                                                                          #
# This file is part of the IPFire Firewall.                                #
#                                                                          #
# IPFire is free software; you can redistribute it and/or modify           #
# it under the terms of the GNU General Public License as published by     #
# the Free Software Foundation; either version 3 of the License, or        #
# (at your option) any later version.                                      #
#                                                                          #
# IPFire is distributed in the hope that it will be useful,                #
# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
# GNU General Public License for more details.                             #
#                                                                          #
# You should have received a copy of the GNU General Public License        #
# along with IPFire; if not, write to the Free Software                    #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
#                                                                          #
# Copyright (C) 2022 IPFire-Team <info@ipfire.org>.                        #
#                                                                          #
############################################################################
#
. /opt/pakfire/lib/functions.sh
/usr/local/bin/backupctrl exclude >/dev/null 2>&1

core=172

# Remove old core updates from pakfire cache to save space...
for (( i=1; i<=$core; i++ )); do
	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
done

# Stop services
/etc/rc.d/init.d/ipsec stop
/usr/local/bin/openvpnctrl -k
/usr/local/bin/openvpnctrl -kn2n
/etc/rc.d/init.d/sshd stop
/etc/rc.d/init.d/unbound stop

KVER="xxxKVERxxx"

# Backup uEnv.txt if exist
if [ -e /boot/uEnv.txt ]; then
    cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
fi

# Remove files
rm -rvf \
	/etc/pcmcia \
	/etc/strongswan.d/scepclient.conf \
	/etc/udev/rules.d/60-pcmcia.rules \
	/lib/firmware/cnm/wave521c_j721s2_codec_fw.bin \
	/lib/firmware/cxgb4/t4fw-1.26.6.0.bin \
	/lib/firmware/cxgb4/t5fw-1.26.6.0.bin \
	/lib/firmware/cxgb4/t6fw-1.26.6.0.bin \
	/lib/firmware/mediatek/sof/sof-mt8186-mt6366-da7219-max98357.tplg \
	/lib/firmware/mediatek/sof/sof-mt8186-mt6366-rt1019-rt5682s.tplg \
	/lib/firmware/qcom/a530_zap.b00 \
	/lib/firmware/qcom/a530_zap.b01 \
	/lib/firmware/qcom/a530_zap.b02 \
	/lib/firmware/qcom/venus-1.8/venus.b* \
	/lib/firmware/qcom/venus-4.2/venus.b* \
	/lib/firmware/qcom/venus-5.2/venus.b* \
	/lib/firmware/qcom/venus-5.4/venus.b* \
	/lib/firmware/qcom/vpu-1.0/venus.b* \
	/lib/firmware/qcom/vpu-2.0/venus.b* \
	/lib/firmware/qcom/vpu-2.0/venus.mdt \
	/lib/firmware/rtl_bt \
	/lib/libz.so.1.2.12 \
	/sbin/lspcmcia \
	/sbin/pccardctl \
	/sbin/pcmcia-check-broken-cis \
	/sbin/pcmcia-socket-startup \
	/usr/lib/libbind9-9.16.33.so \
	/usr/lib/libdns-9.16.33.so \
	/usr/lib/libedit.so.0.0.6* \
	/usr/lib/libexpat.so.1.8.9 \
	/usr/lib/libhistory.so.8.1 \
	/usr/lib/libirs-9.16.33.so \
	/usr/lib/libisc-9.16.33.so \
	/usr/lib/libisccc-9.16.33.so \
	/usr/lib/libisccfg-9.16.33.so \
	/usr/lib/liblzma.so.5.2.5 \
	/usr/lib/libnetfilter_conntrack.so.3.7.0 \
	/usr/lib/libns-9.16.33.so \
	/usr/lib/libpng16.so.16.37.0 \
	/usr/lib/libpoppler-cpp.so.0.9* \
	/usr/lib/libpoppler-glib.so.8.23.0 \
	/usr/lib/libpoppler.so.120* \
	/usr/lib/libreadline.so.8.1 \
	/usr/lib/libtasn1.so.6.6.2 \
	/usr/lib/libtiff.so.5.7* \
	/usr/lib/libtiffxx.so.5.7* \
	/usr/lib/libunbound.so.8.1.1* \
	/usr/lib/libxml2.so.2.9.* \
	/usr/lib/python3.10/ensurepip/_bundled/pip-21* \
	/usr/lib/python3.10/ensurepip/_bundled/setuptools-5* \
	/usr/lib/python3.10/lib2to3/Grammar3.10.* \
	/usr/lib/python3.10/lib2to3/PatternGrammar3.10.* \
	/usr/lib/python3.10/site-packages/pip-21.* \
	/usr/lib/python3.10/site-packages/pip/_internal/utils/parallel.py \
	/usr/lib/python3.10/site-packages/pip/_internal/utils/pkg_resources.py \
	/usr/lib/python3.10/site-packages/pip/_vendor/appdirs.py \
	/usr/lib/python3.10/site-packages/pip/_vendor/chardet/compat.py \
	/usr/lib/python3.10/site-packages/pip/_vendor/distlib/_backport \
	/usr/lib/python3.10/site-packages/pip/_vendor/distro.py \
	/usr/lib/python3.10/site-packages/pip/_vendor/html5lib \
	/usr/lib/python3.10/site-packages/pip/_vendor/msgpack/_version.py \
	/usr/lib/python3.10/site-packages/pip/_vendor/progress \
	/usr/lib/python3.10/site-packages/pip/_vendor/pyparsing.py \
	/usr/lib/python3.10/site-packages/pip/_vendor/urllib3/packages/ssl_match_hostname \
	/usr/lib/python3.10/site-packages/pkg_resources/_vendor/packaging/_compat.py \
	/usr/lib/python3.10/site-packages/pkg_resources/_vendor/packaging/_typing.py \
	/usr/lib/python3.10/site-packages/pkg_resources/_vendor/pyparsing.py \
	/usr/lib/python3.10/site-packages/pkg_resources/tests/data \
	/usr/lib/python3.10/site-packages/setuptools-5* \
	/usr/lib/python3.10/site-packages/setuptools/_distutils/py35compat.py \
	/usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/_compat.py \
	/usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/_typing.py \
	/usr/lib/python3.10/site-packages/setuptools/_vendor/pyparsing.py \
	/usr/lib/python3.10/site-packages/setuptools/config.py \
	/usr/lib/python3.10/site-packages/setuptools_rust/utils.py \
	/usr/lib/sudo/sample_approval.so \
	/usr/libexec/ipsec/scepclient \
	/var/ipfire/ca/dh1024.pem

# Remove gnu-netcat and powertop add-on, if installed
for addon in gnu-netcat powertop; do
	if [ -e "/opt/pakfire/db/installed/meta-${addon}" ]; then
		for i in $(</opt/pakfire/db/rootfiles/${addon}); do
			rm -rfv "/${i}"
		done
	fi
	rm -vf \
		/opt/pakfire/db/installed/meta-${addon} \
		/opt/pakfire/db/meta/meta-${addon} \
		/opt/pakfire/db/rootfiles/${addon}
done

# Extract files
extract_files

# update linker config
ldconfig

# Update Language cache
/usr/local/bin/update-lang-cache

# Filesytem cleanup
/usr/local/bin/filesystem-cleanup

# Apply local configuration to sshd_config
/usr/local/bin/sshctrl

# Correct permissions of some library files
chown -Rv root:root /var/ipfire/connscheduler/lib.pl /var/ipfire/updatexlrator/updxlrator-lib.pl /var/ipfire/menu.d/*

# Replace existing OpenVPN Diffie-Hellman parameter by ffdhe4096, as specified in RFC 7919
if [ -f /var/ipfire/ovpn/server.conf ]; then
	sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/server.conf
fi

if [ -f "/var/ipfire/ovpn/n2nconf/*/*.conf" ]; then
	sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/n2nconf/*/*.conf
fi

# Start services
/etc/init.d/unbound start
if grep -q "ENABLE_SSH=on" /var/ipfire/remote/settings; then
	/etc/init.d/sshd start
fi
if grep -q "ENABLED=on" /var/ipfire/ovpn/settings; then
	/usr/local/bin/openvpnctrl -s
	/usr/local/bin/openvpnctrl -sn2n
fi
if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
	/etc/init.d/ipsec start
fi

# Regenerate all initrds
dracut --regenerate-all --force
case "$(uname -m)" in
	armv*)
		mkimage -A arm -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
		rm /boot/initramfs-${KVER}-ipfire.img
		;;
	aarch64)
		mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
		# dont remove initramfs because grub need this to boot.
		;;
esac

# Call user update script (needed for some ARM boards)
if [ -e /boot/pakfire-kernel-update ]; then
    /boot/pakfire-kernel-update ${KVER}
fi

# This update needs a reboot...
touch /var/run/need_reboot

# Finish
/etc/init.d/fireinfo start
sendprofile

# Update grub config to display new core version
if [ -e /boot/grub/grub.cfg ]; then
	grub-mkconfig -o /boot/grub/grub.cfg
fi

sync

# Don't report the exitcode last command
exit 0
Commit	Line	Data
0f421901 PM	1	#!/bin/bash
	2	############################################################################
	3	# #
	4	# This file is part of the IPFire Firewall. #
	5	# #
	6	# IPFire is free software; you can redistribute it and/or modify #
	7	# it under the terms of the GNU General Public License as published by #
	8	# the Free Software Foundation; either version 3 of the License, or #
	9	# (at your option) any later version. #
	10	# #
	11	# IPFire is distributed in the hope that it will be useful, #
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	14	# GNU General Public License for more details. #
	15	# #
	16	# You should have received a copy of the GNU General Public License #
	17	# along with IPFire; if not, write to the Free Software #
	18	# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
	19	# #
	20	# Copyright (C) 2022 IPFire-Team <info@ipfire.org>. #
	21	# #
	22	############################################################################
	23	#
	24	. /opt/pakfire/lib/functions.sh
	25	/usr/local/bin/backupctrl exclude >/dev/null 2>&1
	26
	27	core=172
	28
	29	# Remove old core updates from pakfire cache to save space...
	30	for (( i=1; i<=$core; i++ )); do
	31	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
	32	done
	33
	34	# Stop services
f6121180	35	/etc/rc.d/init.d/ipsec stop
e044bc24 PM	36	/usr/local/bin/openvpnctrl -k
e044bc24 PM	37	/usr/local/bin/openvpnctrl -kn2n
4ddb1fda	38	/etc/rc.d/init.d/sshd stop
5f1abe00	39	/etc/rc.d/init.d/unbound stop
0f421901	40
819e5e08 PM	41	KVER="xxxKVERxxx"
	42
	43	# Backup uEnv.txt if exist
	44	if [ -e /boot/uEnv.txt ]; then
	45	cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
	46	fi
	47
0f421901	48	# Remove files
5f1abe00	49	rm -rvf \
f07ddd93	50	/etc/pcmcia \
c965daf6	51	/etc/strongswan.d/scepclient.conf \
f07ddd93	52	/etc/udev/rules.d/60-pcmcia.rules \
c932dcd7 PM	53	/lib/firmware/cnm/wave521c_j721s2_codec_fw.bin \
	54	/lib/firmware/cxgb4/t4fw-1.26.6.0.bin \
	55	/lib/firmware/cxgb4/t5fw-1.26.6.0.bin \
	56	/lib/firmware/cxgb4/t6fw-1.26.6.0.bin \
	57	/lib/firmware/mediatek/sof/sof-mt8186-mt6366-da7219-max98357.tplg \
	58	/lib/firmware/mediatek/sof/sof-mt8186-mt6366-rt1019-rt5682s.tplg \
	59	/lib/firmware/qcom/a530_zap.b00 \
	60	/lib/firmware/qcom/a530_zap.b01 \
	61	/lib/firmware/qcom/a530_zap.b02 \
	62	/lib/firmware/qcom/venus-1.8/venus.b* \
	63	/lib/firmware/qcom/venus-4.2/venus.b* \
	64	/lib/firmware/qcom/venus-5.2/venus.b* \
	65	/lib/firmware/qcom/venus-5.4/venus.b* \
	66	/lib/firmware/qcom/vpu-1.0/venus.b* \
	67	/lib/firmware/qcom/vpu-2.0/venus.b* \
	68	/lib/firmware/qcom/vpu-2.0/venus.mdt \
28b9df01	69	/lib/firmware/rtl_bt \
0a65d443	70	/lib/libz.so.1.2.12 \
f07ddd93 PM	71	/sbin/lspcmcia \
	72	/sbin/pccardctl \
	73	/sbin/pcmcia-check-broken-cis \
	74	/sbin/pcmcia-socket-startup \
cc7bd114 PM	75	/usr/lib/libbind9-9.16.33.so \
cc7bd114 PM	76	/usr/lib/libdns-9.16.33.so \
92cb2b55	77	/usr/lib/libedit.so.0.0.6* \
4022e2f9	78	/usr/lib/libexpat.so.1.8.9 \
7e464d15	79	/usr/lib/libhistory.so.8.1 \
cc7bd114 PM	80	/usr/lib/libirs-9.16.33.so \
	81	/usr/lib/libisc-9.16.33.so \
	82	/usr/lib/libisccc-9.16.33.so \
	83	/usr/lib/libisccfg-9.16.33.so \
a9aae44d	84	/usr/lib/liblzma.so.5.2.5 \
1545553c	85	/usr/lib/libnetfilter_conntrack.so.3.7.0 \
cc7bd114	86	/usr/lib/libns-9.16.33.so \
4e3a5352	87	/usr/lib/libpng16.so.16.37.0 \
c2eb7f25 PM	88	/usr/lib/libpoppler-cpp.so.0.9* \
	89	/usr/lib/libpoppler-glib.so.8.23.0 \
	90	/usr/lib/libpoppler.so.120* \
7e464d15	91	/usr/lib/libreadline.so.8.1 \
05dd992b	92	/usr/lib/libtasn1.so.6.6.2 \
8f591d72 PM	93	/usr/lib/libtiff.so.5.7* \
8f591d72 PM	94	/usr/lib/libtiffxx.so.5.7* \
c965daf6	95	/usr/lib/libunbound.so.8.1.1* \
0675d2a4	96	/usr/lib/libxml2.so.2.9.* \
f9ab4c43 PM	97	/usr/lib/python3.10/ensurepip/_bundled/pip-21* \
	98	/usr/lib/python3.10/ensurepip/_bundled/setuptools-5* \
	99	/usr/lib/python3.10/lib2to3/Grammar3.10.* \
	100	/usr/lib/python3.10/lib2to3/PatternGrammar3.10.* \
	101	/usr/lib/python3.10/site-packages/pip-21.* \
	102	/usr/lib/python3.10/site-packages/pip/_internal/utils/parallel.py \
	103	/usr/lib/python3.10/site-packages/pip/_internal/utils/pkg_resources.py \
	104	/usr/lib/python3.10/site-packages/pip/_vendor/appdirs.py \
	105	/usr/lib/python3.10/site-packages/pip/_vendor/chardet/compat.py \
	106	/usr/lib/python3.10/site-packages/pip/_vendor/distlib/_backport \
	107	/usr/lib/python3.10/site-packages/pip/_vendor/distro.py \
	108	/usr/lib/python3.10/site-packages/pip/_vendor/html5lib \
	109	/usr/lib/python3.10/site-packages/pip/_vendor/msgpack/_version.py \
	110	/usr/lib/python3.10/site-packages/pip/_vendor/progress \
	111	/usr/lib/python3.10/site-packages/pip/_vendor/pyparsing.py \
	112	/usr/lib/python3.10/site-packages/pip/_vendor/urllib3/packages/ssl_match_hostname \
	113	/usr/lib/python3.10/site-packages/pkg_resources/_vendor/packaging/_compat.py \
	114	/usr/lib/python3.10/site-packages/pkg_resources/_vendor/packaging/_typing.py \
	115	/usr/lib/python3.10/site-packages/pkg_resources/_vendor/pyparsing.py \
	116	/usr/lib/python3.10/site-packages/pkg_resources/tests/data \
	117	/usr/lib/python3.10/site-packages/setuptools-5* \
	118	/usr/lib/python3.10/site-packages/setuptools/_distutils/py35compat.py \
	119	/usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/_compat.py \
	120	/usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/_typing.py \
	121	/usr/lib/python3.10/site-packages/setuptools/_vendor/pyparsing.py \
	122	/usr/lib/python3.10/site-packages/setuptools/config.py \
	123	/usr/lib/python3.10/site-packages/setuptools_rust/utils.py \
3a42eaa9	124	/usr/lib/sudo/sample_approval.so \
e044bc24 PM	125	/usr/libexec/ipsec/scepclient \
e044bc24 PM	126	/var/ipfire/ca/dh1024.pem
0f421901	127
366cd034 PM	128	# Remove gnu-netcat and powertop add-on, if installed
	129	for addon in gnu-netcat powertop; do
	130	if [ -e "/opt/pakfire/db/installed/meta-${addon}" ]; then
	131	for i in $(</opt/pakfire/db/rootfiles/${addon}); do
	132	rm -rfv "/${i}"
	133	done
	134	fi
	135	rm -vf \
	136	/opt/pakfire/db/installed/meta-${addon} \
	137	/opt/pakfire/db/meta/meta-${addon} \
	138	/opt/pakfire/db/rootfiles/${addon}
	139	done
d3a4fcc7	140
0f421901 PM	141	# Extract files
	142	extract_files
	143
	144	# update linker config
	145	ldconfig
	146
	147	# Update Language cache
	148	/usr/local/bin/update-lang-cache
	149
	150	# Filesytem cleanup
	151	/usr/local/bin/filesystem-cleanup
	152
4ddb1fda PM	153	# Apply local configuration to sshd_config
	154	/usr/local/bin/sshctrl
	155
eae0cb54	156	# Correct permissions of some library files
39d67050	157	chown -Rv root:root /var/ipfire/connscheduler/lib.pl /var/ipfire/updatexlrator/updxlrator-lib.pl /var/ipfire/menu.d/*
eae0cb54	158
e044bc24 PM	159	# Replace existing OpenVPN Diffie-Hellman parameter by ffdhe4096, as specified in RFC 7919
	160	if [ -f /var/ipfire/ovpn/server.conf ]; then
	161	sed -i 's\|/var/ipfire/ovpn/ca/dh1024.pem\|/etc/ssl/ffdhe4096.pem\|' /var/ipfire/ovpn/server.conf
	162	fi
	163
	164	if [ -f "/var/ipfire/ovpn/n2nconf//.conf" ]; then
	165	sed -i 's\|/var/ipfire/ovpn/ca/dh1024.pem\|/etc/ssl/ffdhe4096.pem\|' /var/ipfire/ovpn/n2nconf//.conf
	166	fi
	167
0f421901	168	# Start services
5f1abe00	169	/etc/init.d/unbound start
4ddb1fda PM	170	if grep -q "ENABLE_SSH=on" /var/ipfire/remote/settings; then
	171	/etc/init.d/sshd start
	172	fi
e044bc24 PM	173	if grep -q "ENABLED=on" /var/ipfire/ovpn/settings; then
	174	/usr/local/bin/openvpnctrl -s
	175	/usr/local/bin/openvpnctrl -sn2n
	176	fi
f6121180 PM	177	if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
	178	/etc/init.d/ipsec start
	179	fi
0f421901	180
819e5e08 PM	181	# Regenerate all initrds
	182	dracut --regenerate-all --force
	183	case "$(uname -m)" in
	184	armv*)
	185	mkimage -A arm -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
	186	rm /boot/initramfs-${KVER}-ipfire.img
	187	;;
	188	aarch64)
	189	mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
	190	# dont remove initramfs because grub need this to boot.
	191	;;
	192	esac
	193
	194	# Call user update script (needed for some ARM boards)
	195	if [ -e /boot/pakfire-kernel-update ]; then
	196	/boot/pakfire-kernel-update ${KVER}
	197	fi
	198
0f421901	199	# This update needs a reboot...
4808c037	200	touch /var/run/need_reboot
0f421901 PM	201
	202	# Finish
	203	/etc/init.d/fireinfo start
	204	sendprofile
	205
	206	# Update grub config to display new core version
	207	if [ -e /boot/grub/grub.cfg ]; then
	208	grub-mkconfig -o /boot/grub/grub.cfg
	209	fi
	210
	211	sync
	212
	213	# Don't report the exitcode last command
	214	exit 0