2 ############################################################################
4 # This file is part of the IPFire Firewall. #
6 # IPFire is free software; you can redistribute it and/or modify #
7 # it under the terms of the GNU General Public License as published by #
8 # the Free Software Foundation; either version 3 of the License, or #
9 # (at your option) any later version. #
11 # IPFire is distributed in the hope that it will be useful, #
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
14 # GNU General Public License for more details. #
16 # You should have received a copy of the GNU General Public License #
17 # along with IPFire; if not, write to the Free Software #
18 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
20 # Copyright (C) 2022 IPFire-Team <info@ipfire.org>. #
22 ############################################################################
24 .
/opt
/pakfire
/lib
/functions.sh
25 /usr
/local
/bin
/backupctrl exclude
>/dev
/null
2>&1
29 # Remove old core updates from pakfire cache to save space...
30 for (( i
=1; i
<=$core; i
++ )); do
31 rm -f /var
/cache
/pakfire
/core-upgrade-
*-$i.ipfire
35 /etc
/rc.d
/init.d
/ipsec stop
36 /usr
/local
/bin
/openvpnctrl
-k
37 /usr
/local
/bin
/openvpnctrl
-kn2n
38 /etc
/rc.d
/init.d
/sshd stop
39 /etc
/rc.d
/init.d
/unbound stop
40 /etc
/rc.d
/init.d
/suricata stop
44 # Backup uEnv.txt if exist
45 if [ -e /boot
/uEnv.txt
]; then
46 cp -vf /boot
/uEnv.txt
/boot
/uEnv.txt.org
52 /etc
/strongswan.d
/scepclient.conf \
53 /etc
/udev
/rules.d
/60-pcmcia.rules \
54 /lib
/firmware
/cnm
/wave521c_j721s2_codec_fw.bin \
55 /lib
/firmware
/cxgb
4/t4fw-1.26
.6.0.bin \
56 /lib
/firmware
/cxgb
4/t5fw-1.26
.6.0.bin \
57 /lib
/firmware
/cxgb
4/t6fw-1.26
.6.0.bin \
58 /lib
/firmware
/mediatek
/sof
/sof-mt8186-mt6366-da7219-max98357.tplg \
59 /lib
/firmware
/mediatek
/sof
/sof-mt8186-mt6366-rt1019-rt5682s.tplg \
60 /lib
/firmware
/qcom
/a530_zap.b00 \
61 /lib
/firmware
/qcom
/a530_zap.b01 \
62 /lib
/firmware
/qcom
/a530_zap.b02 \
63 /lib
/firmware
/qcom
/venus-1.8
/venus.b
* \
64 /lib
/firmware
/qcom
/venus-4.2
/venus.b
* \
65 /lib
/firmware
/qcom
/venus-5.2
/venus.b
* \
66 /lib
/firmware
/qcom
/venus-5.4
/venus.b
* \
67 /lib
/firmware
/qcom
/vpu-1.0
/venus.b
* \
68 /lib
/firmware
/qcom
/vpu-2.0
/venus.b
* \
69 /lib
/firmware
/qcom
/vpu-2.0
/venus.mdt \
70 /lib
/firmware
/rtl_bt \
74 /sbin
/pcmcia-check-broken-cis \
75 /sbin
/pcmcia-socket-startup \
76 /usr
/lib
/libbind9-9.16
.33.so \
77 /usr
/lib
/libdns-9.16
.33.so \
78 /usr
/lib
/libedit.so
.0.0.6* \
79 /usr
/lib
/libexpat.so
.1.8.9 \
80 /usr
/lib
/libirs-9.16
.33.so \
81 /usr
/lib
/libisc-9.16
.33.so \
82 /usr
/lib
/libisccc-9.16
.33.so \
83 /usr
/lib
/libisccfg-9.16
.33.so \
84 /usr
/lib
/liblzma.so
.5.2.5 \
85 /usr
/lib
/libnetfilter_conntrack.so
.3.7.0 \
86 /usr
/lib
/libns-9.16
.33.so \
87 /usr
/lib
/libpng16.so
.16.37.0 \
88 /usr
/lib
/libpoppler-cpp.so
.0.9* \
89 /usr
/lib
/libpoppler-glib.so
.8.23.0 \
90 /usr
/lib
/libpoppler.so
.120* \
91 /usr
/lib
/libtasn1.so
.6.6.2 \
92 /usr
/lib
/libtiff.so
.5.7* \
93 /usr
/lib
/libtiffxx.so
.5.7* \
94 /usr
/lib
/libunbound.so
.8.1.1* \
95 /usr
/lib
/libxml2.so
.2.9.
* \
96 /usr
/lib
/python3.10
/ensurepip
/_bundled
/pip-21
* \
97 /usr
/lib
/python3.10
/ensurepip
/_bundled
/setuptools-5
* \
98 /usr
/lib
/python3.10
/lib2to
3/Grammar3.10.
* \
99 /usr
/lib
/python3.10
/lib2to
3/PatternGrammar3.10.
* \
100 /usr
/lib
/python3.10
/site-packages
/pip-21.
* \
101 /usr
/lib
/python3.10
/site-packages
/pip
/_internal
/utils
/parallel.py \
102 /usr
/lib
/python3.10
/site-packages
/pip
/_internal
/utils
/pkg_resources.py \
103 /usr
/lib
/python3.10
/site-packages
/pip
/_vendor
/appdirs.py \
104 /usr
/lib
/python3.10
/site-packages
/pip
/_vendor
/chardet
/compat.py \
105 /usr
/lib
/python3.10
/site-packages
/pip
/_vendor
/distlib
/_backport \
106 /usr
/lib
/python3.10
/site-packages
/pip
/_vendor
/distro.py \
107 /usr
/lib
/python3.10
/site-packages
/pip
/_vendor
/html5lib \
108 /usr
/lib
/python3.10
/site-packages
/pip
/_vendor
/msgpack
/_version.py \
109 /usr
/lib
/python3.10
/site-packages
/pip
/_vendor
/progress \
110 /usr
/lib
/python3.10
/site-packages
/pip
/_vendor
/pyparsing.py \
111 /usr
/lib
/python3.10
/site-packages
/pip
/_vendor
/urllib
3/packages
/ssl_match_hostname \
112 /usr
/lib
/python3.10
/site-packages
/pkg_resources
/_vendor
/packaging
/_compat.py \
113 /usr
/lib
/python3.10
/site-packages
/pkg_resources
/_vendor
/packaging
/_typing.py \
114 /usr
/lib
/python3.10
/site-packages
/pkg_resources
/_vendor
/pyparsing.py \
115 /usr
/lib
/python3.10
/site-packages
/pkg_resources
/tests
/data \
116 /usr
/lib
/python3.10
/site-packages
/setuptools-5
* \
117 /usr
/lib
/python3.10
/site-packages
/setuptools
/_distutils
/py35compat.py \
118 /usr
/lib
/python3.10
/site-packages
/setuptools
/_vendor
/packaging
/_compat.py \
119 /usr
/lib
/python3.10
/site-packages
/setuptools
/_vendor
/packaging
/_typing.py \
120 /usr
/lib
/python3.10
/site-packages
/setuptools
/_vendor
/pyparsing.py \
121 /usr
/lib
/python3.10
/site-packages
/setuptools
/config.py \
122 /usr
/lib
/python3.10
/site-packages
/setuptools_rust
/utils.py \
123 /usr
/lib
/sudo
/sample_approval.so \
124 /usr
/libexec
/ipsec
/scepclient \
125 /var
/ipfire
/ca
/dh1024.pem
127 # Remove gnu-netcat and powertop add-on, if installed
128 for addon
in gnu-netcat powertop
; do
129 if [ -e "/opt/pakfire/db/installed/meta-${addon}" ]; then
130 for i
in $
(</opt
/pakfire
/db
/rootfiles
/${addon}); do
135 /opt
/pakfire
/db
/installed
/meta-
${addon} \
136 /opt
/pakfire
/db
/meta
/meta-
${addon} \
137 /opt
/pakfire
/db
/rootfiles
/${addon}
143 # update linker config
146 # Update Language cache
147 /usr
/local
/bin
/update-lang-cache
150 /usr
/local
/bin
/filesystem-cleanup
152 # Apply local configuration to sshd_config
153 /usr
/local
/bin
/sshctrl
155 # Correct permissions of some library files
156 chown
-Rv root
:root
/var
/ipfire
/connscheduler
/lib.pl
/var
/ipfire
/updatexlrator
/updxlrator-lib.pl
/var
/ipfire
/menu.d
/*
158 # Replace existing OpenVPN Diffie-Hellman parameter by ffdhe4096, as specified in RFC 7919
159 if [ -f /var
/ipfire
/ovpn
/server.conf
]; then
160 sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var
/ipfire
/ovpn
/server.conf
163 if [ -f "/var/ipfire/ovpn/n2nconf/*/*.conf" ]; then
164 sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var
/ipfire
/ovpn
/n2nconf
/*/*.conf
168 if grep -q "ENABLE_IDS=on" /var
/ipfire
/suricata
/settings
; then
169 /etc
/rc.d
/init.d
/suricata start
171 /etc
/init.d
/unbound start
172 if grep -q "ENABLE_SSH=on" /var
/ipfire
/remote
/settings
; then
173 /etc
/init.d
/sshd start
175 if grep -q "ENABLED=on" /var
/ipfire
/ovpn
/settings
; then
176 /usr
/local
/bin
/openvpnctrl
-s
177 /usr
/local
/bin
/openvpnctrl
-sn2n
179 if grep -q "ENABLED=on" /var
/ipfire
/vpn
/settings
; then
180 /etc
/init.d
/ipsec start
183 # Regenerate all initrds
184 dracut
--regenerate-all --force
185 case "$(uname -m)" in
187 mkimage
-A arm
-T ramdisk
-C lzma
-d /boot
/initramfs-
${KVER}-ipfire.img
/boot
/uInit-
${KVER}-ipfire
188 rm /boot
/initramfs-
${KVER}-ipfire.img
191 mkimage
-A arm64
-T ramdisk
-C lzma
-d /boot
/initramfs-
${KVER}-ipfire.img
/boot
/uInit-
${KVER}-ipfire
192 # dont remove initramfs because grub need this to boot.
196 # Call user update script (needed for some ARM boards)
197 if [ -e /boot
/pakfire-kernel-update
]; then
198 /boot
/pakfire-kernel-update
${KVER}
201 # This update needs a reboot...
202 touch /var
/run
/need_reboot
205 /etc
/init.d
/fireinfo start
208 # Update grub config to display new core version
209 if [ -e /boot
/grub
/grub.cfg
]; then
210 grub-mkconfig
-o /boot
/grub
/grub.cfg
215 # Don't report the exitcode last command