config/rootfiles/core/172/update.sh

   1 #!/bin/bash
   2 ############################################################################
   3 #                                                                          #
   4 # This file is part of the IPFire Firewall.                                #
   5 #                                                                          #
   6 # IPFire is free software; you can redistribute it and/or modify           #
   7 # it under the terms of the GNU General Public License as published by     #
   8 # the Free Software Foundation; either version 3 of the License, or        #
   9 # (at your option) any later version.                                      #
  10 #                                                                          #
  11 # IPFire is distributed in the hope that it will be useful,                #
  12 # but WITHOUT ANY WARRANTY; without even the implied warranty of           #
  13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
  14 # GNU General Public License for more details.                             #
  15 #                                                                          #
  16 # You should have received a copy of the GNU General Public License        #
  17 # along with IPFire; if not, write to the Free Software                    #
  18 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
  19 #                                                                          #
  20 # Copyright (C) 2022 IPFire-Team <info@ipfire.org>.                        #
  21 #                                                                          #
  22 ############################################################################
  23 #
  24 . /opt/pakfire/lib/functions.sh
  25 /usr/local/bin/backupctrl exclude >/dev/null 2>&1
  26
  27 core=172
  28
  29 # Remove old core updates from pakfire cache to save space...
  30 for (( i=1; i<=$core; i++ )); do
  31         rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
  32 done
  33
  34 # Stop services
  35 /etc/rc.d/init.d/ipsec stop
  36 /usr/local/bin/openvpnctrl -k
  37 /usr/local/bin/openvpnctrl -kn2n
  38 /etc/rc.d/init.d/sshd stop
  39 /etc/rc.d/init.d/unbound stop
  40 /etc/rc.d/init.d/suricata stop
  41
  42 KVER="xxxKVERxxx"
  43
  44 # Backup uEnv.txt if exist
  45 if [ -e /boot/uEnv.txt ]; then
  46     cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
  47 fi
  48
  49 # Remove files
  50 rm -rvf \
  51         /etc/pcmcia \
  52         /etc/strongswan.d/scepclient.conf \
  53         /etc/udev/rules.d/60-pcmcia.rules \
  54         /lib/firmware/cnm/wave521c_j721s2_codec_fw.bin \
  55         /lib/firmware/cxgb4/t4fw-1.26.6.0.bin \
  56         /lib/firmware/cxgb4/t5fw-1.26.6.0.bin \
  57         /lib/firmware/cxgb4/t6fw-1.26.6.0.bin \
  58         /lib/firmware/mediatek/sof/sof-mt8186-mt6366-da7219-max98357.tplg \
  59         /lib/firmware/mediatek/sof/sof-mt8186-mt6366-rt1019-rt5682s.tplg \
  60         /lib/firmware/qcom/a530_zap.b00 \
  61         /lib/firmware/qcom/a530_zap.b01 \
  62         /lib/firmware/qcom/a530_zap.b02 \
  63         /lib/firmware/qcom/venus-1.8/venus.b* \
  64         /lib/firmware/qcom/venus-4.2/venus.b* \
  65         /lib/firmware/qcom/venus-5.2/venus.b* \
  66         /lib/firmware/qcom/venus-5.4/venus.b* \
  67         /lib/firmware/qcom/vpu-1.0/venus.b* \
  68         /lib/firmware/qcom/vpu-2.0/venus.b* \
  69         /lib/firmware/qcom/vpu-2.0/venus.mdt \
  70         /lib/firmware/rtl_bt \
  71         /lib/libz.so.1.2.12 \
  72         /sbin/lspcmcia \
  73         /sbin/pccardctl \
  74         /sbin/pcmcia-check-broken-cis \
  75         /sbin/pcmcia-socket-startup \
  76         /usr/lib/libbind9-9.16.33.so \
  77         /usr/lib/libdns-9.16.33.so \
  78         /usr/lib/libedit.so.0.0.6* \
  79         /usr/lib/libexpat.so.1.8.9 \
  80         /usr/lib/libirs-9.16.33.so \
  81         /usr/lib/libisc-9.16.33.so \
  82         /usr/lib/libisccc-9.16.33.so \
  83         /usr/lib/libisccfg-9.16.33.so \
  84         /usr/lib/liblzma.so.5.2.5 \
  85         /usr/lib/libnetfilter_conntrack.so.3.7.0 \
  86         /usr/lib/libns-9.16.33.so \
  87         /usr/lib/libpng16.so.16.37.0 \
  88         /usr/lib/libpoppler-cpp.so.0.9* \
  89         /usr/lib/libpoppler-glib.so.8.23.0 \
  90         /usr/lib/libpoppler.so.120* \
  91         /usr/lib/libtasn1.so.6.6.2 \
  92         /usr/lib/libtiff.so.5.7* \
  93         /usr/lib/libtiffxx.so.5.7* \
  94         /usr/lib/libunbound.so.8.1.1* \
  95         /usr/lib/libxml2.so.2.9.* \
  96         /usr/lib/python3.10/ensurepip/_bundled/pip-21* \
  97         /usr/lib/python3.10/ensurepip/_bundled/setuptools-5* \
  98         /usr/lib/python3.10/lib2to3/Grammar3.10.* \
  99         /usr/lib/python3.10/lib2to3/PatternGrammar3.10.* \
 100         /usr/lib/python3.10/site-packages/pip-21.* \
 101         /usr/lib/python3.10/site-packages/pip/_internal/utils/parallel.py \
 102         /usr/lib/python3.10/site-packages/pip/_internal/utils/pkg_resources.py \
 103         /usr/lib/python3.10/site-packages/pip/_vendor/appdirs.py \
 104         /usr/lib/python3.10/site-packages/pip/_vendor/chardet/compat.py \
 105         /usr/lib/python3.10/site-packages/pip/_vendor/distlib/_backport \
 106         /usr/lib/python3.10/site-packages/pip/_vendor/distro.py \
 107         /usr/lib/python3.10/site-packages/pip/_vendor/html5lib \
 108         /usr/lib/python3.10/site-packages/pip/_vendor/msgpack/_version.py \
 109         /usr/lib/python3.10/site-packages/pip/_vendor/progress \
 110         /usr/lib/python3.10/site-packages/pip/_vendor/pyparsing.py \
 111         /usr/lib/python3.10/site-packages/pip/_vendor/urllib3/packages/ssl_match_hostname \
 112         /usr/lib/python3.10/site-packages/pkg_resources/_vendor/packaging/_compat.py \
 113         /usr/lib/python3.10/site-packages/pkg_resources/_vendor/packaging/_typing.py \
 114         /usr/lib/python3.10/site-packages/pkg_resources/_vendor/pyparsing.py \
 115         /usr/lib/python3.10/site-packages/pkg_resources/tests/data \
 116         /usr/lib/python3.10/site-packages/setuptools-5* \
 117         /usr/lib/python3.10/site-packages/setuptools/_distutils/py35compat.py \
 118         /usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/_compat.py \
 119         /usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/_typing.py \
 120         /usr/lib/python3.10/site-packages/setuptools/_vendor/pyparsing.py \
 121         /usr/lib/python3.10/site-packages/setuptools/config.py \
 122         /usr/lib/python3.10/site-packages/setuptools_rust/utils.py \
 123         /usr/lib/sudo/sample_approval.so \
 124         /usr/libexec/ipsec/scepclient \
 125         /var/ipfire/ca/dh1024.pem
 126
 127 # Remove gnu-netcat and powertop add-on, if installed
 128 for addon in gnu-netcat powertop; do
 129         if [ -e "/opt/pakfire/db/installed/meta-${addon}" ]; then
 130                 for i in $(</opt/pakfire/db/rootfiles/${addon}); do
 131                         rm -rfv "/${i}"
 132                 done
 133         fi
 134         rm -vf \
 135                 /opt/pakfire/db/installed/meta-${addon} \
 136                 /opt/pakfire/db/meta/meta-${addon} \
 137                 /opt/pakfire/db/rootfiles/${addon}
 138 done
 139
 140 # Extract files
 141 extract_files
 142
 143 # update linker config
 144 ldconfig
 145
 146 # Update Language cache
 147 /usr/local/bin/update-lang-cache
 148
 149 # Filesytem cleanup
 150 /usr/local/bin/filesystem-cleanup
 151
 152 # Apply local configuration to sshd_config
 153 /usr/local/bin/sshctrl
 154
 155 # Correct permissions of some library files
 156 chown -Rv root:root /var/ipfire/connscheduler/lib.pl /var/ipfire/updatexlrator/updxlrator-lib.pl /var/ipfire/menu.d/*
 157
 158 # Replace existing OpenVPN Diffie-Hellman parameter by ffdhe4096, as specified in RFC 7919
 159 if [ -f /var/ipfire/ovpn/server.conf ]; then
 160         sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/server.conf
 161 fi
 162
 163 if [ -f "/var/ipfire/ovpn/n2nconf/*/*.conf" ]; then
 164         sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/n2nconf/*/*.conf
 165 fi
 166
 167 # Start services
 168 if grep -q "ENABLE_IDS=on" /var/ipfire/suricata/settings; then
 169         /etc/rc.d/init.d/suricata start
 170 fi
 171 /etc/init.d/unbound start
 172 if grep -q "ENABLE_SSH=on" /var/ipfire/remote/settings; then
 173         /etc/init.d/sshd start
 174 fi
 175 if grep -q "ENABLED=on" /var/ipfire/ovpn/settings; then
 176         /usr/local/bin/openvpnctrl -s
 177         /usr/local/bin/openvpnctrl -sn2n
 178 fi
 179 if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
 180         /etc/init.d/ipsec start
 181 fi
 182
 183 # Regenerate all initrds
 184 dracut --regenerate-all --force
 185 case "$(uname -m)" in
 186         armv*)
 187                 mkimage -A arm -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
 188                 rm /boot/initramfs-${KVER}-ipfire.img
 189                 ;;
 190         aarch64)
 191                 mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
 192                 # dont remove initramfs because grub need this to boot.
 193                 ;;
 194 esac
 195
 196 # Call user update script (needed for some ARM boards)
 197 if [ -e /boot/pakfire-kernel-update ]; then
 198     /boot/pakfire-kernel-update ${KVER}
 199 fi
 200
 201 # This update needs a reboot...
 202 touch /var/run/need_reboot
 203
 204 # Finish
 205 /etc/init.d/fireinfo start
 206 sendprofile
 207
 208 # Update grub config to display new core version
 209 if [ -e /boot/grub/grub.cfg ]; then
 210         grub-mkconfig -o /boot/grub/grub.cfg
 211 fi
 212
 213 sync
 214
 215 # Don't report the exitcode last command
 216 exit 0