2 ############################################################################
4 # This file is part of the IPFire Firewall. #
6 # IPFire is free software; you can redistribute it and/or modify #
7 # it under the terms of the GNU General Public License as published by #
8 # the Free Software Foundation; either version 3 of the License, or #
9 # (at your option) any later version. #
11 # IPFire is distributed in the hope that it will be useful, #
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
14 # GNU General Public License for more details. #
16 # You should have received a copy of the GNU General Public License #
17 # along with IPFire; if not, write to the Free Software #
18 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
20 # Copyright (C) 2022 IPFire-Team <info@ipfire.org>. #
22 ############################################################################
24 .
/opt
/pakfire
/lib
/functions.sh
25 /usr
/local
/bin
/backupctrl exclude
>/dev
/null
2>&1
29 # Remove old core updates from pakfire cache to save space...
30 for (( i
=1; i
<=$core; i
++ )); do
31 rm -f /var
/cache
/pakfire
/core-upgrade-
*-$i.ipfire
35 /etc
/rc.d
/init.d
/ipsec stop
36 /usr
/local
/bin
/openvpnctrl
-k
37 /usr
/local
/bin
/openvpnctrl
-kn2n
38 /etc
/rc.d
/init.d
/sshd stop
39 /etc
/rc.d
/init.d
/unbound stop
43 # Backup uEnv.txt if exist
44 if [ -e /boot
/uEnv.txt
]; then
45 cp -vf /boot
/uEnv.txt
/boot
/uEnv.txt.org
50 /etc
/strongswan.d
/scepclient.conf \
51 /lib
/firmware
/cnm
/wave521c_j721s2_codec_fw.bin \
52 /lib
/firmware
/cxgb
4/t4fw-1.26
.6.0.bin \
53 /lib
/firmware
/cxgb
4/t5fw-1.26
.6.0.bin \
54 /lib
/firmware
/cxgb
4/t6fw-1.26
.6.0.bin \
55 /lib
/firmware
/mediatek
/sof
/sof-mt8186-mt6366-da7219-max98357.tplg \
56 /lib
/firmware
/mediatek
/sof
/sof-mt8186-mt6366-rt1019-rt5682s.tplg \
57 /lib
/firmware
/qcom
/a530_zap.b00 \
58 /lib
/firmware
/qcom
/a530_zap.b01 \
59 /lib
/firmware
/qcom
/a530_zap.b02 \
60 /lib
/firmware
/qcom
/venus-1.8
/venus.b
* \
61 /lib
/firmware
/qcom
/venus-4.2
/venus.b
* \
62 /lib
/firmware
/qcom
/venus-5.2
/venus.b
* \
63 /lib
/firmware
/qcom
/venus-5.4
/venus.b
* \
64 /lib
/firmware
/qcom
/vpu-1.0
/venus.b
* \
65 /lib
/firmware
/qcom
/vpu-2.0
/venus.b
* \
66 /lib
/firmware
/qcom
/vpu-2.0
/venus.mdt \
67 /lib
/firmware
/rtl_bt \
69 /usr
/lib
/libbind9-9.16
.33.so \
70 /usr
/lib
/libdns-9.16
.33.so \
71 /usr
/lib
/libexpat.so
.1.8.9 \
72 /usr
/lib
/libhistory.so
.8.1 \
73 /usr
/lib
/libirs-9.16
.33.so \
74 /usr
/lib
/libisc-9.16
.33.so \
75 /usr
/lib
/libisccc-9.16
.33.so \
76 /usr
/lib
/libisccfg-9.16
.33.so \
77 /usr
/lib
/liblzma.so
.5.2.5 \
78 /usr
/lib
/libnetfilter_conntrack.so
.3.7.0 \
79 /usr
/lib
/libns-9.16
.33.so \
80 /usr
/lib
/libreadline.so
.8.1 \
81 /usr
/lib
/libunbound.so
.8.1.1* \
82 /usr
/lib
/libxml2.so
.2.9.
* \
83 /usr
/lib
/python3.10
/ensurepip
/_bundled
/pip-21
* \
84 /usr
/lib
/python3.10
/ensurepip
/_bundled
/setuptools-5
* \
85 /usr
/lib
/python3.10
/lib2to
3/Grammar3.10.
* \
86 /usr
/lib
/python3.10
/lib2to
3/PatternGrammar3.10.
* \
87 /usr
/lib
/python3.10
/site-packages
/pip-21.
* \
88 /usr
/lib
/python3.10
/site-packages
/pip
/_internal
/utils
/parallel.py \
89 /usr
/lib
/python3.10
/site-packages
/pip
/_internal
/utils
/pkg_resources.py \
90 /usr
/lib
/python3.10
/site-packages
/pip
/_vendor
/appdirs.py \
91 /usr
/lib
/python3.10
/site-packages
/pip
/_vendor
/chardet
/compat.py \
92 /usr
/lib
/python3.10
/site-packages
/pip
/_vendor
/distlib
/_backport \
93 /usr
/lib
/python3.10
/site-packages
/pip
/_vendor
/distro.py \
94 /usr
/lib
/python3.10
/site-packages
/pip
/_vendor
/html5lib \
95 /usr
/lib
/python3.10
/site-packages
/pip
/_vendor
/msgpack
/_version.py \
96 /usr
/lib
/python3.10
/site-packages
/pip
/_vendor
/progress \
97 /usr
/lib
/python3.10
/site-packages
/pip
/_vendor
/pyparsing.py \
98 /usr
/lib
/python3.10
/site-packages
/pip
/_vendor
/urllib
3/packages
/ssl_match_hostname \
99 /usr
/lib
/python3.10
/site-packages
/pkg_resources
/_vendor
/packaging
/_compat.py \
100 /usr
/lib
/python3.10
/site-packages
/pkg_resources
/_vendor
/packaging
/_typing.py \
101 /usr
/lib
/python3.10
/site-packages
/pkg_resources
/_vendor
/pyparsing.py \
102 /usr
/lib
/python3.10
/site-packages
/pkg_resources
/tests
/data \
103 /usr
/lib
/python3.10
/site-packages
/setuptools-5
* \
104 /usr
/lib
/python3.10
/site-packages
/setuptools
/_distutils
/py35compat.py \
105 /usr
/lib
/python3.10
/site-packages
/setuptools
/_vendor
/packaging
/_compat.py \
106 /usr
/lib
/python3.10
/site-packages
/setuptools
/_vendor
/packaging
/_typing.py \
107 /usr
/lib
/python3.10
/site-packages
/setuptools
/_vendor
/pyparsing.py \
108 /usr
/lib
/python3.10
/site-packages
/setuptools
/config.py \
109 /usr
/lib
/python3.10
/site-packages
/setuptools_rust
/utils.py \
110 /usr
/libexec
/ipsec
/scepclient \
111 /var
/ipfire
/ca
/dh1024.pem
113 # Remove powertop add-on, if installed
114 if [ -e "/opt/pakfire/db/installed/meta-powertop" ]; then
115 for i
in $
(</opt
/pakfire
/db
/rootfiles
/powertop
); do
120 /opt
/pakfire
/db
/installed
/meta-powertop \
121 /opt
/pakfire
/db
/meta
/meta-powertop \
122 /opt
/pakfire
/db
/rootfiles
/powertop
127 # update linker config
130 # Update Language cache
131 /usr
/local
/bin
/update-lang-cache
134 /usr
/local
/bin
/filesystem-cleanup
136 # Apply local configuration to sshd_config
137 /usr
/local
/bin
/sshctrl
139 # Correct permissions of some library files
140 chown
-Rv root
:root
/var
/ipfire
/connscheduler
/lib.pl
/var
/ipfire
/updatexlrator
/updxlrator-lib.pl
/var
/ipfire
/menu.d
/*
142 # Replace existing OpenVPN Diffie-Hellman parameter by ffdhe4096, as specified in RFC 7919
143 if [ -f /var
/ipfire
/ovpn
/server.conf
]; then
144 sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var
/ipfire
/ovpn
/server.conf
147 if [ -f "/var/ipfire/ovpn/n2nconf/*/*.conf" ]; then
148 sed -i 's|/var/ipfire/ovpn/ca/dh1024.pem|/etc/ssl/ffdhe4096.pem|' /var
/ipfire
/ovpn
/n2nconf
/*/*.conf
152 /etc
/init.d
/unbound start
153 if grep -q "ENABLE_SSH=on" /var
/ipfire
/remote
/settings
; then
154 /etc
/init.d
/sshd start
156 if grep -q "ENABLED=on" /var
/ipfire
/ovpn
/settings
; then
157 /usr
/local
/bin
/openvpnctrl
-s
158 /usr
/local
/bin
/openvpnctrl
-sn2n
160 if grep -q "ENABLED=on" /var
/ipfire
/vpn
/settings
; then
161 /etc
/init.d
/ipsec start
164 # Regenerate all initrds
165 dracut
--regenerate-all --force
166 case "$(uname -m)" in
168 mkimage
-A arm
-T ramdisk
-C lzma
-d /boot
/initramfs-
${KVER}-ipfire.img
/boot
/uInit-
${KVER}-ipfire
169 rm /boot
/initramfs-
${KVER}-ipfire.img
172 mkimage
-A arm64
-T ramdisk
-C lzma
-d /boot
/initramfs-
${KVER}-ipfire.img
/boot
/uInit-
${KVER}-ipfire
173 # dont remove initramfs because grub need this to boot.
177 # Call user update script (needed for some ARM boards)
178 if [ -e /boot
/pakfire-kernel-update
]; then
179 /boot
/pakfire-kernel-update
${KVER}
182 # This update needs a reboot...
183 touch /var
/run
/need_reboot
186 /etc
/init.d
/fireinfo start
189 # Update grub config to display new core version
190 if [ -e /boot
/grub
/grub.cfg
]; then
191 grub-mkconfig
-o /boot
/grub
/grub.cfg
196 # Don't report the exitcode last command