]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - config/rootfiles/core/172/update.sh
projects / people / pmueller / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Core Update 172: Ship u-boot and regenerate all initrds
[people/pmueller/ipfire-2.x.git] / config / rootfiles / core / 172 / update.sh
1 #!/bin/bash
2 ############################################################################
3 # #
4 # This file is part of the IPFire Firewall. #
5 # #
6 # IPFire is free software; you can redistribute it and/or modify #
7 # it under the terms of the GNU General Public License as published by #
8 # the Free Software Foundation; either version 3 of the License, or #
9 # (at your option) any later version. #
10 # #
11 # IPFire is distributed in the hope that it will be useful, #
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
14 # GNU General Public License for more details. #
15 # #
16 # You should have received a copy of the GNU General Public License #
17 # along with IPFire; if not, write to the Free Software #
18 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
19 # #
20 # Copyright (C) 2022 IPFire-Team <info@ipfire.org>. #
21 # #
22 ############################################################################
23 #
24 . /opt/pakfire/lib/functions.sh
25 /usr/local/bin/backupctrl exclude >/dev/null 2>&1
26
27 core=172
28
29 # Remove old core updates from pakfire cache to save space...
30 for (( i=1; i<=$core; i++ )); do
31 rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
32 done
33
34 # Stop services
35 /etc/rc.d/init.d/ipsec stop
36 /usr/local/bin/openvpnctrl -k
37 /usr/local/bin/openvpnctrl -kn2n
38 /etc/rc.d/init.d/sshd stop
39 /etc/rc.d/init.d/unbound stop
40
41 KVER="xxxKVERxxx"
42
43 # Backup uEnv.txt if exist
44 if [ -e /boot/uEnv.txt ]; then
45 cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
46 fi
47
48 # Remove files
49 rm -rvf \
50 /etc/strongswan.d/scepclient.conf \
51 /lib/firmware/cnm/wave521c_j721s2_codec_fw.bin \
52 /lib/firmware/cxgb4/t4fw-1.26.6.0.bin \
53 /lib/firmware/cxgb4/t5fw-1.26.6.0.bin \
54 /lib/firmware/cxgb4/t6fw-1.26.6.0.bin \
55 /lib/firmware/mediatek/sof/sof-mt8186-mt6366-da7219-max98357.tplg \
56 /lib/firmware/mediatek/sof/sof-mt8186-mt6366-rt1019-rt5682s.tplg \
57 /lib/firmware/qcom/a530_zap.b00 \
58 /lib/firmware/qcom/a530_zap.b01 \
59 /lib/firmware/qcom/a530_zap.b02 \
60 /lib/firmware/qcom/venus-1.8/venus.b* \
61 /lib/firmware/qcom/venus-4.2/venus.b* \
62 /lib/firmware/qcom/venus-5.2/venus.b* \
63 /lib/firmware/qcom/venus-5.4/venus.b* \
64 /lib/firmware/qcom/vpu-1.0/venus.b* \
65 /lib/firmware/qcom/vpu-2.0/venus.b* \
66 /lib/firmware/qcom/vpu-2.0/venus.mdt \
67 /lib/firmware/rtl_bt \
68 /lib/libz.so.1.2.12 \
69 /usr/lib/libbind9-9.16.33.so \
70 /usr/lib/libdns-9.16.33.so \
71 /usr/lib/libexpat.so.1.8.9 \
72 /usr/lib/libhistory.so.8.1 \
73 /usr/lib/libirs-9.16.33.so \
74 /usr/lib/libisc-9.16.33.so \
75 /usr/lib/libisccc-9.16.33.so \
76 /usr/lib/libisccfg-9.16.33.so \
77 /usr/lib/liblzma.so.5.2.5 \
78 /usr/lib/libnetfilter_conntrack.so.3.7.0 \
79 /usr/lib/libns-9.16.33.so \
80 /usr/lib/libreadline.so.8.1 \
81 /usr/lib/libunbound.so.8.1.1* \
82 /usr/lib/libxml2.so.2.9.* \
83 /usr/lib/python3.10/ensurepip/_bundled/pip-21* \
84 /usr/lib/python3.10/ensurepip/_bundled/setuptools-5* \
85 /usr/lib/python3.10/lib2to3/Grammar3.10.* \
86 /usr/lib/python3.10/lib2to3/PatternGrammar3.10.* \
87 /usr/lib/python3.10/site-packages/pip-21.* \
88 /usr/lib/python3.10/site-packages/pip/_internal/utils/parallel.py \
89 /usr/lib/python3.10/site-packages/pip/_internal/utils/pkg_resources.py \
90 /usr/lib/python3.10/site-packages/pip/_vendor/appdirs.py \
91 /usr/lib/python3.10/site-packages/pip/_vendor/chardet/compat.py \
92 /usr/lib/python3.10/site-packages/pip/_vendor/distlib/_backport \
93 /usr/lib/python3.10/site-packages/pip/_vendor/distro.py \
94 /usr/lib/python3.10/site-packages/pip/_vendor/html5lib \
95 /usr/lib/python3.10/site-packages/pip/_vendor/msgpack/_version.py \
96 /usr/lib/python3.10/site-packages/pip/_vendor/progress \
97 /usr/lib/python3.10/site-packages/pip/_vendor/pyparsing.py \
98 /usr/lib/python3.10/site-packages/pip/_vendor/urllib3/packages/ssl_match_hostname \
99 /usr/lib/python3.10/site-packages/pkg_resources/_vendor/packaging/_compat.py \
100 /usr/lib/python3.10/site-packages/pkg_resources/_vendor/packaging/_typing.py \
101 /usr/lib/python3.10/site-packages/pkg_resources/_vendor/pyparsing.py \
102 /usr/lib/python3.10/site-packages/pkg_resources/tests/data \
103 /usr/lib/python3.10/site-packages/setuptools-5* \
104 /usr/lib/python3.10/site-packages/setuptools/_distutils/py35compat.py \
105 /usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/_compat.py \
106 /usr/lib/python3.10/site-packages/setuptools/_vendor/packaging/_typing.py \
107 /usr/lib/python3.10/site-packages/setuptools/_vendor/pyparsing.py \
108 /usr/lib/python3.10/site-packages/setuptools/config.py \
109 /usr/lib/python3.10/site-packages/setuptools_rust/utils.py \
110 /usr/libexec/ipsec/scepclient \
111 /var/ipfire/ca/dh1024.pem
112
113 # Remove powertop add-on, if installed
114 if [ -e "/opt/pakfire/db/installed/meta-powertop" ]; then
115 for i in $(</opt/pakfire/db/rootfiles/powertop); do
116 rm -rfv "/${i}"
117 done
118 fi
119 rm -vf \
120 /opt/pakfire/db/installed/meta-powertop \
121 /opt/pakfire/db/meta/meta-powertop \
122 /opt/pakfire/db/rootfiles/powertop
123
124 # Extract files
125 extract_files
126
127 # update linker config
128 ldconfig
129
130 # Update Language cache
131 /usr/local/bin/update-lang-cache
132
133 # Filesytem cleanup
134 /usr/local/bin/filesystem-cleanup
135
136 # Apply local configuration to sshd_config
137 /usr/local/bin/sshctrl
138
139 # Correct permissions of some library files
140 chown -Rv root:root /var/ipfire/connscheduler/lib.pl /var/ipfire/updatexlrator/updxlrator-lib.pl /var/ipfire/menu.d/*
141
142 # Replace existing OpenVPN Diffie-Hellman parameter by ffdhe4096, as specified in RFC 7919
143 if [ -f /var/ipfire/ovpn/server.conf ]; then
144 sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/server.conf
145 fi
146
147 if [ -f "/var/ipfire/ovpn/n2nconf/*/*.conf" ]; then
148 sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var/ipfire/ovpn/n2nconf/*/*.conf
149 fi
150
151 # Start services
152 /etc/init.d/unbound start
153 if grep -q "ENABLE_SSH=on" /var/ipfire/remote/settings; then
154 /etc/init.d/sshd start
155 fi
156 if grep -q "ENABLED=on" /var/ipfire/ovpn/settings; then
157 /usr/local/bin/openvpnctrl -s
158 /usr/local/bin/openvpnctrl -sn2n
159 fi
160 if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
161 /etc/init.d/ipsec start
162 fi
163
164 # Regenerate all initrds
165 dracut --regenerate-all --force
166 case "$(uname -m)" in
167 armv*)
168 mkimage -A arm -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
169 rm /boot/initramfs-${KVER}-ipfire.img
170 ;;
171 aarch64)
172 mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
173 # dont remove initramfs because grub need this to boot.
174 ;;
175 esac
176
177 # Call user update script (needed for some ARM boards)
178 if [ -e /boot/pakfire-kernel-update ]; then
179 /boot/pakfire-kernel-update ${KVER}
180 fi
181
182 # This update needs a reboot...
183 touch /var/run/need_reboot
184
185 # Finish
186 /etc/init.d/fireinfo start
187 sendprofile
188
189 # Update grub config to display new core version
190 if [ -e /boot/grub/grub.cfg ]; then
191 grub-mkconfig -o /boot/grub/grub.cfg
192 fi
193
194 sync
195
196 # Don't report the exitcode last command
197 exit 0
Peter's tree of IPFire 2.x