[people/teissler/ipfire-2.x.git] / config / rootfiles / core / 76 / update.sh

#!/bin/bash
############################################################################
#                                                                          #
# This file is part of the IPFire Firewall.                                #
#                                                                          #
# IPFire is free software; you can redistribute it and/or modify           #
# it under the terms of the GNU General Public License as published by     #
# the Free Software Foundation; either version 3 of the License, or        #
# (at your option) any later version.                                      #
#                                                                          #
# IPFire is distributed in the hope that it will be useful,                #
# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
# GNU General Public License for more details.                             #
#                                                                          #
# You should have received a copy of the GNU General Public License        #
# along with IPFire; if not, write to the Free Software                    #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
#                                                                          #
# Copyright (C) 2014 IPFire-Team <info@ipfire.org>.                        #
#                                                                          #
############################################################################
#
. /opt/pakfire/lib/functions.sh
/usr/local/bin/backupctrl exclude >/dev/null 2>&1

function add_to_backup ()
{
	# Add path to ROOTFILES but remove old entries to prevent double
	# files in the tar
	grep -v "^$1" /opt/pakfire/tmp/ROOTFILES > /opt/pakfire/tmp/ROOTFILES.tmp
	mv /opt/pakfire/tmp/ROOTFILES.tmp /opt/pakfire/tmp/ROOTFILES
	echo $1 >> /opt/pakfire/tmp/ROOTFILES
}

#
# Remove old core updates from pakfire cache to save space...
core=76
for (( i=1; i<=${core}; i++ ))
do
	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
done

#
# Do some sanity checks.
case $(uname -r) in
	*-ipfire-versatile )
		/usr/bin/logger -p syslog.emerg -t ipfire \
			"core-update-${core}: ERROR cannot update. versatile support is dropped."
		# Report no error to pakfire. So it does not try to install it again.
		exit 0
		;;
	*-ipfire-xen )
		BOOTSIZE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f2 | tail -n 1`
		if [ $BOOTSIZE -lt 28000 ]; then
			/usr/bin/logger -p syslog.emerg -t ipfire \
				"core-update-${core}: ERROR cannot update because not enough space on boot."
			exit 2
		fi
		;;
	*-ipfire* )
		# Ok.
		;;
	* )
		/usr/bin/logger -p syslog.emerg -t ipfire \
			"core-update-${core}: ERROR cannot update. No IPFire Kernel."
		exit 1
	;;
esac


#
#
KVER="xxxKVERxxx"
MOUNT=`grep "kernel" /boot/grub/grub.conf 2>/dev/null | tail -n 1 `
# Nur den letzten Parameter verwenden
echo $MOUNT > /dev/null
MOUNT=$_
if [ ! $MOUNT == "rw" ]; then
	MOUNT="ro"
fi

#
# check if we the backup file already exist
if [ -e /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz ]; then
    echo Moving backup to backup-old ...
    mv -f /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz \
       /var/ipfire/backup/core-upgrade${core}_${KVER}-old.tar.xz
fi
echo First we made a backup of all files that was inside of the
echo update archive. This may take a while ...
# Add some files that are not in the package to backup
add_to_backup lib/modules
add_to_backup etc/udev
add_to_backup lib/udev
add_to_backup boot
add_to_backup etc/sysconfig/lm_sensors
add_to_backup etc/sysconfig/rc.local
add_to_backup srv/web/ipfire/html/themes/ipfire
add_to_backup usr/lib/engines
add_to_backup etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
add_to_backup etc/rc.d/init.d/networking/red.up/25-portfw
add_to_backup etc/rc.d/init.d/networking/red.up/26-xtaccess
add_to_backup usr/local/bin/setportfw
add_to_backup usr/local/bin/setdmzholes
add_to_backup usr/local/bin/setxtaccess
add_to_backup usr/local/bin/outgoingfwctrl
add_to_backup srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi
add_to_backup var/ipfire/{dmzholes,portfw,outgoing,xtaccess}
add_to_backup etc/inittab
add_to_backup etc/fstab
add_to_backup usr/share/usb_modeswitch
add_to_backup etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl
add_to_backup etc/rc.d/init.d/networking/red.up/99-U-dialctrl.pl
add_to_backup usr/local/bin/dialctrl.pl

# Backup the files
tar cJvf /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz \
    -C / -T /opt/pakfire/tmp/ROOTFILES --exclude='#*' --exclude='/var/cache' > /dev/null 2>&1

# Check diskspace on root
ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`

if [ $ROOTSPACE -lt 100000 ]; then
	/usr/bin/logger -p syslog.emerg -t ipfire \
		"core-update-${core}: ERROR cannot update because not enough free space on root."
	exit 2
fi


echo
echo Update Kernel to $KVER ...
#
# Remove old kernel, configs, initrd, modules ...
#
rm -rf /boot/System.map-*
rm -rf /boot/config-*
rm -rf /boot/ipfirerd-*
rm -rf /boot/vmlinuz-*
rm -rf /boot/uImage-ipfire-*
rm -rf /boot/uInit-ipfire-*
rm -rf /lib/modules

# Remove old usb_modeswitch_data
rm -rf /usr/share/usb_modeswitch
# Remove old tzdata
rm -rf /usr/share/zoneinfo

# Remove dialctrl.pl script
rm -f \
	/etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl \
	/etc/rc.d/init.d/networking/red.up/99-U-dialctrl.pl \
	/usr/local/bin/dialctrl.pl

#
# Remove old udev rules.
#
if [ -e /etc/udev/rules.d/29-ct-server-network.rules ]; then
	cp /etc/udev/rules.d/29-ct-server-network.rules /tmp/
fi
cp /etc/udev/rules.d/30-persistent-network.rules /tmp/
rm -rf /etc/udev
rm -rf /lib/udev
mkdir -p /etc/udev/rules.d
if [ -e /tmp/rules.d/29-ct-server-network.rules ]; then
	mv /tmp/29-ct-server-network.rules /etc/udev/rules.d/
fi
mv /tmp/30-persistent-network.rules /etc/udev/rules.d/

case $(uname -m) in
	i?86 )
		#
		# Backup grub.conf
		#
		cp -vf /boot/grub/grub.conf /boot/grub/grub.conf.org
	;;
esac
#
#Stop services
/etc/init.d/snort stop
/etc/init.d/squid stop
/etc/init.d/ipsec stop
/etc/init.d/apache stop

# Remove the old default theme
rm -rf /srv/web/ipfire/html/themes/ipfire

# rename /etc/modprobe.d files
for i in $(find /etc/modprobe.d/* | grep -v ".conf"); do
	mv $i $i.conf
done

# Move /var/run to /run.
if [ -L "/run" ]; then
	rm -f /run
fi

mkdir -p /run
if mountpoint /var/run; then
	mount --move /var/run /run
	rm -rf /var/run
fi

ln -svf ../run /var/run

# Creating directories for new firewall.
mkdir -p /var/ipfire/firewall
mkdir -p /var/ipfire/fwhosts

# Remove old ntp binaries
rm -f /usr/sbin/ntp-keygen
rm -f /usr/sbin/ntp-wait
rm -f /usr/sbin/ntpq
rm -f /usr/sbin/ntptime
rm -f /usr/sbin/ntptrace
rm -f /usr/sbin/tickadj

# Remove old firewall helper link
rm -f /etc/rc.d/init.d/networking/red.up/22-forwardfwctrl

#
#Extract files
tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /

# Check diskspace on boot
BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`

if [ $BOOTSPACE -lt 1000 ]; then
	case $(uname -r) in
		*-ipfire-kirkwood )
			# Special handling for old kirkwood images.
			# (install only kirkwood kernel)
			rm -rf /boot/*
			tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p \
				--numeric-owner -C / --wildcards 'boot/*-kirkwood*'
			;;
		* )
			/usr/bin/logger -p syslog.emerg -t ipfire \
				"core-update-${core}: FATAL-ERROR space run out on boot. System is not bootable..."
			/etc/init.d/apache start
			exit 4
			;;
	esac
fi

#
#Reload init to close old linker/glibc
telinit u

# Regenerate ipsec configuration files.
/srv/web/ipfire/cgi-bin/vpnmain.cgi

# Update Language cache
perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"

# Remove old openssl engines
rm -rf /usr/lib/engines

# Remove old initscripts
rm -f /etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
rm -f /etc/rc.d/init.d/networking/red.up/25-portfw
rm -f /etc/rc.d/init.d/networking/red.up/26-xtaccess
rm -f /etc/rc.d/rcsysinit.d/S90sysctl

# Remove old firewallscripts
rm -f /usr/local/bin/setportfw
rm -f /usr/local/bin/setdmzholes
rm -f /usr/local/bin/setxtaccess
rm -f /usr/local/bin/outgoingfwctrl

# Remove old CGI files
rm -f /srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi

# Generate chains for new firewall
/sbin/iptables -N INPUTFW 2>/dev/null
/sbin/iptables -N FORWARDFW 2>/dev/null
/sbin/iptables -N POLICYFWD 2>/dev/null
/sbin/iptables -N POLICYIN 2>/dev/null
/sbin/iptables -N POLICYOUT 2>/dev/null
/sbin/iptables -t nat -N NAT_SOURCE 2>/dev/null
/sbin/iptables -t nat -N NAT_DESTINATION 2>/dev/null

# Create config files for firewall and fix permissions.
touch /var/ipfire/firewall/config
touch /var/ipfire/firewall/input
touch /var/ipfire/firewall/outgoing
touch /var/ipfire/firewall/settings
touch /var/ipfire/fwhosts/customhosts
touch /var/ipfire/fwhosts/customnetworks
touch /var/ipfire/fwhosts/customgroups
touch /var/ipfire/fwhosts/customservices
touch /var/ipfire/fwhosts/customservicegrp

# Fix ownership.
chown -R nobody:nobody /var/ipfire/firewall
chown -R nobody:nobody /var/ipfire/fwhosts

# Convert firewall configuration
/usr/sbin/convert-xtaccess
/usr/sbin/convert-outgoingfw
/usr/sbin/convert-portfw
/usr/sbin/convert-dmz

# Remove old firewall configuration files
rm -rf /var/ipfire/{dmzholes,portfw,outgoing,xtaccess}

# In previously released IPFire versions the DROPOUTPUT and DROPINPUT
# option have two identical lines in the optionsfw/settings file as long as
# the user hasn't done any changes on the WUI.
#
# To prevent from any kind of side effects we are going to solve this issue now.

# Fix doubble enties of DROPOUTPUT when the default settings are still in use
# (the save button on the WUI page never has been clicked) or convert to the
# new option name required by the firewall of IPFire 2.15.

optionsfw_file="/var/ipfire/optionsfw/settings"

if [ $(grep -c "DROPOUTPUT" ${optionsfw_file}) -gt 1 ] ; then

        # Drop all DROPUTPUT entries.
        sed -e "/DROPOUTPUT/d" -i ${optionsfw_file}

        # Add default line for new option.
        echo "DROPOUTGOING=on" >> ${optionsfw_file}
else

        # Convert option name to new format.
        sed -e "s/DROPOUTPUT/DROPOUTGOING/g" -i ${optionsfw_file}
fi

# Fix doubble enties of DROPINPUT when the default settings are still in use
# (the save button on the WUI page never has been clicked).
if [ $(grep -c "DROPINPUT" ${optionsfw_file}) -gt 1 ] ; then

        # We only can remove all entries with an defined string.
        sed -e "/DROPINPUT/d" -i ${optionsfw_file}

        # Afterwards we have to add the required string with the default
        # value again.
        echo "DROPINPUT=on" >> ${optionsfw_file}
fi

# Add strings and default values for new options of the firewall.
echo "DROPFORWARD=on" >> ${optionsfw_file}
echo "FWPOLICY=DROP" >> ${optionsfw_file}
echo "FWPOLICY1=DROP" >> ${optionsfw_file}
echo "FWPOLICY2=DROP" >> ${optionsfw_file}
echo "DROPSAMBA=off" >> ${optionsfw_file}
echo "DROPPROXY=off" >> ${optionsfw_file}
echo "SHOWREMARK=on" >> ${optionsfw_file}
echo "SHOWCOLORS=on" >> ${optionsfw_file}
echo "SHOWTABLES=off" >> ${optionsfw_file}
echo "SHOWDROPDOWN=off" >> ${optionsfw_file}
echo "DROPWIRELESSINPUT=on" >> ${optionsfw_file}
echo "DROPWIRELESSFORWARD=on" >> ${optionsfw_file}

unset optionsfw_file

# Convert inittab and fstab
sed -i -e "s/tty1 9600$/tty1 9600 --noclear/g" /etc/inittab
sed -i -e "s/xvc0 9600$/xvc0 9600 --noclear/g" /etc/inittab
sed -i -e "s/^proc/#proc/g" /etc/fstab
sed -i -e "s/^sysfs/#sysfs/g" /etc/fstab
sed -i -e "s/^devpts/#devpts/g" /etc/fstab
sed -i -e "s|^none\s/var/run|#none	/var/run|g" /etc/fstab

# Convert udev persistent network rules
sed -i -e "s/SYSFS{/ATTR{/g" /etc/udev/rules.d/30-persistent-network.rules

# Firstsetup was already run
touch /var/ipfire/main/firstsetup_ok

#
# Start services
#
/etc/init.d/apache start
/etc/init.d/squid start
/etc/init.d/snort start
if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then
	/etc/init.d/ipsec start
fi

#
# Rebuild qosscript if enabled
#
if [ -e /var/ipfire/qos/enable ]; then
	/usr/local/bin/qosctrl stop
	/usr/local/bin/qosctrl generate
	/usr/local/bin/qosctrl start
fi

# Update crontab
cat <<EOF >> /var/spool/cron/root.orig

# Re-read firewall rules every Sunday in March, October and November to take care of daylight saving time
00 3 * 3 0          /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl
00 2 * 10-11 0      /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl
EOF
fcrontab -z &>/dev/null


case $(uname -m) in
	i?86 )
		#
		# Modify grub.conf
		#
		echo
		echo Update grub configuration ...
		ROOT=`mount | grep " / " | cut -d" " -f1`

		if [ ! -z $ROOT ]; then
			ROOTUUID=`blkid -c /dev/null -sUUID $ROOT | cut -d'"' -f2`
		fi

		if [ ! -z $ROOTUUID ]; then
			sed -i "s|ROOT|UUID=$ROOTUUID|g" /boot/grub/grub.conf
		else
			sed -i "s|ROOT|$ROOT|g" /boot/grub/grub.conf
		fi
		sed -i "s|KVER|$KVER|g" /boot/grub/grub.conf
		sed -i "s|MOUNT|$MOUNT|g" /boot/grub/grub.conf

		if [ "$(grep "^serial" /boot/grub/grub.conf.org)" == "" ]; then
			echo "grub use default console ..."
		else
			echo "grub use serial console ..."
			sed -i -e "s|splashimage|#splashimage|g" /boot/grub/grub.conf
			sed -i -e "s|#serial|serial|g" /boot/grub/grub.conf
			sed -i -e "s|#terminal|terminal|g" /boot/grub/grub.conf
			sed -i -e "s| panic=10 | console=ttyS0,115200n8 panic=10 |g" /boot/grub/grub.conf
		fi

		#
		# ReInstall grub
		#
			echo "(hd0) ${ROOT::`expr length $ROOT`-1}" > /boot/grub/device.map
			grub-install --no-floppy ${ROOT::`expr length $ROOT`-1}
	;;
esac
#
# Delete old lm-sensor modullist to force search at next boot
#
rm -rf /etc/sysconfig/lm_sensors


# Force (re)install pae kernel if pae is supported
rm -rf /opt/pakfire/db/*/meta-linux-pae
if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then
	ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
	BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
	if [ $BOOTSPACE -lt 12000 -o $ROOTSPACE -lt 90000 ]; then
		/usr/bin/logger -p syslog.emerg -t ipfire \
			"core-update-${core}: WARNING not enough space for pae kernel."
	else
		echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae
		echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae
		echo "Release: 0"     >> /opt/pakfire/db/installed/meta-linux-pae
		echo "Name: linux-pae" > /opt/pakfire/db/meta/meta-linux-pae
		echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-pae
		echo "Release: 0"     >> /opt/pakfire/db/meta/meta-linux-pae
	fi
fi

# Force reinstall xen kernel if it was installed
if [ -e "/opt/pakfire/db/installed/meta-linux-xen" ]; then
	echo "Name: linux-xen" > /opt/pakfire/db/installed/meta-linux-xen
	echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-xen
	echo "Release: 0"     >> /opt/pakfire/db/installed/meta-linux-xen
	echo "Name: linux-xen" > /opt/pakfire/db/meta/meta-linux-xen
	echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-xen
	echo "Release: 0"     >> /opt/pakfire/db/meta/meta-linux-xen
	# Add xvc0 to /etc/securetty
	echo "xvc0" >> /etc/securetty
fi

#
# After pakfire has ended run it again and update the lists and do upgrade
#
echo '#!/bin/bash'                                        >  /tmp/pak_update
echo 'while [ "$(ps -A | grep " update.sh")" != "" ]; do' >> /tmp/pak_update
echo '    sleep 1'                                        >> /tmp/pak_update
echo 'done'                                               >> /tmp/pak_update
echo 'while [ "$(ps -A | grep " pakfire")" != "" ]; do'   >> /tmp/pak_update
echo '    sleep 1'                                        >> /tmp/pak_update
echo 'done'                                               >> /tmp/pak_update
echo '/opt/pakfire/pakfire update -y --force'             >> /tmp/pak_update
echo '/opt/pakfire/pakfire upgrade -y'                    >> /tmp/pak_update
echo '/opt/pakfire/pakfire upgrade -y'                    >> /tmp/pak_update
echo '/opt/pakfire/pakfire upgrade -y'                    >> /tmp/pak_update
echo '/usr/bin/logger -p syslog.emerg -t ipfire "Core-upgrade finished. If you use a customized grub.cfg"' >> /tmp/pak_update
echo '/usr/bin/logger -p syslog.emerg -t ipfire "Check it before reboot !!!"' >> /tmp/pak_update
echo '/usr/bin/logger -p syslog.emerg -t ipfire " *** Please reboot... *** "' >> /tmp/pak_update
echo 'touch /var/run/need_reboot ' >> /tmp/pak_update
#
killall -KILL pak_update
chmod +x /tmp/pak_update
/tmp/pak_update &

sync

#
#Finish
(
	/etc/init.d/fireinfo start
	sendprofile
) >/dev/null 2>&1 &

# Update Package list for addon installation
/opt/pakfire/pakfire update -y --force

echo
echo Please wait until pakfire has ended...
echo
#Don't report the exitcode last command
exit 0
Commit	Line	Data
949d5c52 MT	1	#!/bin/bash
	2	############################################################################
	3	# #
	4	# This file is part of the IPFire Firewall. #
	5	# #
	6	# IPFire is free software; you can redistribute it and/or modify #
	7	# it under the terms of the GNU General Public License as published by #
	8	# the Free Software Foundation; either version 3 of the License, or #
	9	# (at your option) any later version. #
	10	# #
	11	# IPFire is distributed in the hope that it will be useful, #
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	14	# GNU General Public License for more details. #
	15	# #
	16	# You should have received a copy of the GNU General Public License #
	17	# along with IPFire; if not, write to the Free Software #
	18	# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
	19	# #
2106b71e	20	# Copyright (C) 2014 IPFire-Team <info@ipfire.org>. #
949d5c52 MT	21	# #
	22	############################################################################
	23	#
	24	. /opt/pakfire/lib/functions.sh
	25	/usr/local/bin/backupctrl exclude >/dev/null 2>&1
	26
31d488a4 AF	27	function add_to_backup ()
	28	{
	29	# Add path to ROOTFILES but remove old entries to prevent double
	30	# files in the tar
	31	grep -v "^$1" /opt/pakfire/tmp/ROOTFILES > /opt/pakfire/tmp/ROOTFILES.tmp
	32	mv /opt/pakfire/tmp/ROOTFILES.tmp /opt/pakfire/tmp/ROOTFILES
	33	echo $1 >> /opt/pakfire/tmp/ROOTFILES
	34	}
	35
949d5c52 MT	36	#
949d5c52 MT	37	# Remove old core updates from pakfire cache to save space...
31d488a4	38	core=76
62ae8b79	39	for (( i=1; i<=${core}; i++ ))
949d5c52 MT	40	do
	41	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
	42	done
	43
31d488a4 AF	44	#
	45	# Do some sanity checks.
	46	case $(uname -r) in
	47	*-ipfire-versatile )
	48	/usr/bin/logger -p syslog.emerg -t ipfire \
62ae8b79	49	"core-update-${core}: ERROR cannot update. versatile support is dropped."
31d488a4 AF	50	# Report no error to pakfire. So it does not try to install it again.
	51	exit 0
	52	;;
	53	*-ipfire-xen )
	54	BOOTSIZE=`df /boot -Pk \| sed "s\| * \| \|g" \| cut -d" " -f2 \| tail -n 1`
	55	if [ $BOOTSIZE -lt 28000 ]; then
	56	/usr/bin/logger -p syslog.emerg -t ipfire \
62ae8b79	57	"core-update-${core}: ERROR cannot update because not enough space on boot."
31d488a4 AF	58	exit 2
	59	fi
	60	;;
	61	-ipfire )
	62	# Ok.
	63	;;
	64	* )
	65	/usr/bin/logger -p syslog.emerg -t ipfire \
62ae8b79	66	"core-update-${core}: ERROR cannot update. No IPFire Kernel."
31d488a4 AF	67	exit 1
	68	;;
	69	esac
	70
	71
	72	#
	73	#
41e2c149	74	KVER="xxxKVERxxx"
31d488a4 AF	75	MOUNT=`grep "kernel" /boot/grub/grub.conf 2>/dev/null \| tail -n 1 `
	76	# Nur den letzten Parameter verwenden
	77	echo $MOUNT > /dev/null
	78	MOUNT=$_
	79	if [ ! $MOUNT == "rw" ]; then
	80	MOUNT="ro"
	81	fi
	82
	83	#
	84	# check if we the backup file already exist
62ae8b79	85	if [ -e /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz ]; then
31d488a4	86	echo Moving backup to backup-old ...
62ae8b79 AF	87	mv -f /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz \
62ae8b79 AF	88	/var/ipfire/backup/core-upgrade${core}_${KVER}-old.tar.xz
31d488a4 AF	89	fi
	90	echo First we made a backup of all files that was inside of the
	91	echo update archive. This may take a while ...
	92	# Add some files that are not in the package to backup
	93	add_to_backup lib/modules
	94	add_to_backup etc/udev
	95	add_to_backup lib/udev
	96	add_to_backup boot
	97	add_to_backup etc/sysconfig/lm_sensors
	98	add_to_backup etc/sysconfig/rc.local
	99	add_to_backup srv/web/ipfire/html/themes/ipfire
	100	add_to_backup usr/lib/engines
	101	add_to_backup etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
	102	add_to_backup etc/rc.d/init.d/networking/red.up/25-portfw
	103	add_to_backup etc/rc.d/init.d/networking/red.up/26-xtaccess
	104	add_to_backup usr/local/bin/setportfw
	105	add_to_backup usr/local/bin/setdmzholes
	106	add_to_backup usr/local/bin/setxtaccess
	107	add_to_backup usr/local/bin/outgoingfwctrl
	108	add_to_backup srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi
	109	add_to_backup var/ipfire/{dmzholes,portfw,outgoing,xtaccess}
2106b71e AF	110	add_to_backup etc/inittab
2106b71e AF	111	add_to_backup etc/fstab
986ba0d1	112	add_to_backup usr/share/usb_modeswitch
2a07aa9d MT	113	add_to_backup etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl
	114	add_to_backup etc/rc.d/init.d/networking/red.up/99-U-dialctrl.pl
	115	add_to_backup usr/local/bin/dialctrl.pl
31d488a4 AF	116
31d488a4 AF	117	# Backup the files
62ae8b79	118	tar cJvf /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz \
31d488a4 AF	119	-C / -T /opt/pakfire/tmp/ROOTFILES --exclude='#*' --exclude='/var/cache' > /dev/null 2>&1
	120
	121	# Check diskspace on root
	122	ROOTSPACE=`df / -Pk \| sed "s\| * \| \|g" \| cut -d" " -f4 \| tail -n 1`
	123
50da765d	124	if [ $ROOTSPACE -lt 100000 ]; then
31d488a4	125	/usr/bin/logger -p syslog.emerg -t ipfire \
62ae8b79	126	"core-update-${core}: ERROR cannot update because not enough free space on root."
31d488a4 AF	127	exit 2
	128	fi
	129
	130
	131	echo
	132	echo Update Kernel to $KVER ...
	133	#
	134	# Remove old kernel, configs, initrd, modules ...
	135	#
	136	rm -rf /boot/System.map-*
	137	rm -rf /boot/config-*
	138	rm -rf /boot/ipfirerd-*
	139	rm -rf /boot/vmlinuz-*
	140	rm -rf /boot/uImage-ipfire-*
	141	rm -rf /boot/uInit-ipfire-*
	142	rm -rf /lib/modules
	143
986ba0d1 AF	144	# Remove old usb_modeswitch_data
986ba0d1 AF	145	rm -rf /usr/share/usb_modeswitch
be0d1005 AF	146	# Remove old tzdata
be0d1005 AF	147	rm -rf /usr/share/zoneinfo
986ba0d1	148
2a07aa9d MT	149	# Remove dialctrl.pl script
	150	rm -f \
	151	/etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl \
	152	/etc/rc.d/init.d/networking/red.up/99-U-dialctrl.pl \
	153	/usr/local/bin/dialctrl.pl
	154
31d488a4 AF	155	#
	156	# Remove old udev rules.
	157	#
	158	if [ -e /etc/udev/rules.d/29-ct-server-network.rules ]; then
	159	cp /etc/udev/rules.d/29-ct-server-network.rules /tmp/
	160	fi
	161	cp /etc/udev/rules.d/30-persistent-network.rules /tmp/
	162	rm -rf /etc/udev
	163	rm -rf /lib/udev
	164	mkdir -p /etc/udev/rules.d
	165	if [ -e /tmp/rules.d/29-ct-server-network.rules ]; then
	166	mv /tmp/29-ct-server-network.rules /etc/udev/rules.d/
	167	fi
	168	mv /tmp/30-persistent-network.rules /etc/udev/rules.d/
	169
	170	case $(uname -m) in
	171	i?86 )
	172	#
	173	# Backup grub.conf
	174	#
	175	cp -vf /boot/grub/grub.conf /boot/grub/grub.conf.org
	176	;;
	177	esac
	178	#
	179	#Stop services
	180	/etc/init.d/snort stop
	181	/etc/init.d/squid stop
	182	/etc/init.d/ipsec stop
	183	/etc/init.d/apache stop
	184
8a39dd30 MT	185	# Remove the old default theme
	186	rm -rf /srv/web/ipfire/html/themes/ipfire
	187
2d0e29fc	188	# rename /etc/modprobe.d files
ad33c5fd	189	for i in $(find /etc/modprobe.d/* \| grep -v ".conf"); do
2d0e29fc AF	190	mv $i $i.conf
	191	done
	192
b8e2d108 AF	193	# Move /var/run to /run.
	194	if [ -L "/run" ]; then
	195	rm -f /run
	196	fi
	197
	198	mkdir -p /run
	199	if mountpoint /var/run; then
	200	mount --move /var/run /run
	201	rm -rf /var/run
	202	fi
	203
	204	ln -svf ../run /var/run
	205
5bdefccb SS	206	# Creating directories for new firewall.
	207	mkdir -p /var/ipfire/firewall
	208	mkdir -p /var/ipfire/fwhosts
	209
585df65a MT	210	# Remove old ntp binaries
	211	rm -f /usr/sbin/ntp-keygen
	212	rm -f /usr/sbin/ntp-wait
	213	rm -f /usr/sbin/ntpq
	214	rm -f /usr/sbin/ntptime
	215	rm -f /usr/sbin/ntptrace
	216	rm -f /usr/sbin/tickadj
	217
66f6b279 MT	218	# Remove old firewall helper link
	219	rm -f /etc/rc.d/init.d/networking/red.up/22-forwardfwctrl
	220
31d488a4 AF	221	#
	222	#Extract files
	223	tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
949d5c52	224
31d488a4 AF	225	# Check diskspace on boot
31d488a4 AF	226	BOOTSPACE=`df /boot -Pk \| sed "s\| * \| \|g" \| cut -d" " -f4 \| tail -n 1`
949d5c52	227
31d488a4 AF	228	if [ $BOOTSPACE -lt 1000 ]; then
	229	case $(uname -r) in
	230	*-ipfire-kirkwood )
	231	# Special handling for old kirkwood images.
	232	# (install only kirkwood kernel)
	233	rm -rf /boot/*
	234	tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p \
	235	--numeric-owner -C / --wildcards 'boot/-kirkwood'
	236	;;
	237	* )
	238	/usr/bin/logger -p syslog.emerg -t ipfire \
62ae8b79	239	"core-update-${core}: FATAL-ERROR space run out on boot. System is not bootable..."
31d488a4 AF	240	/etc/init.d/apache start
	241	exit 4
	242	;;
	243	esac
	244	fi
949d5c52	245
31d488a4 AF	246	#
	247	#Reload init to close old linker/glibc
	248	telinit u
949d5c52	249
31d488a4 AF	250	# Regenerate ipsec configuration files.
31d488a4 AF	251	/srv/web/ipfire/cgi-bin/vpnmain.cgi
949d5c52 MT	252
	253	# Update Language cache
	254	perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
	255
dfe0a20d MT	256	# Remove old openssl engines
	257	rm -rf /usr/lib/engines
	258
cf4d6bb7 MT	259	# Remove old initscripts
	260	rm -f /etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
	261	rm -f /etc/rc.d/init.d/networking/red.up/25-portfw
	262	rm -f /etc/rc.d/init.d/networking/red.up/26-xtaccess
dfa68452	263	rm -f /etc/rc.d/rcsysinit.d/S90sysctl
cf4d6bb7	264
8dafd717 AM	265	# Remove old firewallscripts
	266	rm -f /usr/local/bin/setportfw
	267	rm -f /usr/local/bin/setdmzholes
	268	rm -f /usr/local/bin/setxtaccess
	269	rm -f /usr/local/bin/outgoingfwctrl
	270
cf4d6bb7 MT	271	# Remove old CGI files
	272	rm -f /srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi
	273
8ecb6450	274	# Generate chains for new firewall
917ee261 SS	275	/sbin/iptables -N INPUTFW 2>/dev/null
	276	/sbin/iptables -N FORWARDFW 2>/dev/null
	277	/sbin/iptables -N POLICYFWD 2>/dev/null
	278	/sbin/iptables -N POLICYIN 2>/dev/null
	279	/sbin/iptables -N POLICYOUT 2>/dev/null
	280	/sbin/iptables -t nat -N NAT_SOURCE 2>/dev/null
	281	/sbin/iptables -t nat -N NAT_DESTINATION 2>/dev/null
8ecb6450	282
5bdefccb SS	283	# Create config files for firewall and fix permissions.
	284	touch /var/ipfire/firewall/config
	285	touch /var/ipfire/firewall/input
	286	touch /var/ipfire/firewall/outgoing
5bdefccb SS	287	touch /var/ipfire/firewall/settings
	288	touch /var/ipfire/fwhosts/customhosts
	289	touch /var/ipfire/fwhosts/customnetworks
	290	touch /var/ipfire/fwhosts/customgroups
	291	touch /var/ipfire/fwhosts/customservices
	292	touch /var/ipfire/fwhosts/customservicegrp
	293
	294	# Fix ownership.
	295	chown -R nobody:nobody /var/ipfire/firewall
	296	chown -R nobody:nobody /var/ipfire/fwhosts
	297
8d0aa710	298	# Convert firewall configuration
8ecb6450 AM	299	/usr/sbin/convert-xtaccess
	300	/usr/sbin/convert-outgoingfw
	301	/usr/sbin/convert-portfw
	302	/usr/sbin/convert-dmz
8d0aa710 MT	303
	304	# Remove old firewall configuration files
	305	rm -rf /var/ipfire/{dmzholes,portfw,outgoing,xtaccess}
	306
37013b3a SS	307	# In previously released IPFire versions the DROPOUTPUT and DROPINPUT
	308	# option have two identical lines in the optionsfw/settings file as long as
	309	# the user hasn't done any changes on the WUI.
	310	#
	311	# To prevent from any kind of side effects we are going to solve this issue now.
	312
	313	# Fix doubble enties of DROPOUTPUT when the default settings are still in use
	314	# (the save button on the WUI page never has been clicked) or convert to the
	315	# new option name required by the firewall of IPFire 2.15.
	316
	317	optionsfw_file="/var/ipfire/optionsfw/settings"
	318
	319	if [ $(grep -c "DROPOUTPUT" ${optionsfw_file}) -gt 1 ] ; then
	320
	321	# Drop all DROPUTPUT entries.
	322	sed -e "/DROPOUTPUT/d" -i ${optionsfw_file}
	323
	324	# Add default line for new option.
	325	echo "DROPOUTGOING=on" >> ${optionsfw_file}
	326	else
	327
	328	# Convert option name to new format.
	329	sed -e "s/DROPOUTPUT/DROPOUTGOING/g" -i ${optionsfw_file}
	330	fi
	331
	332	# Fix doubble enties of DROPINPUT when the default settings are still in use
	333	# (the save button on the WUI page never has been clicked).
	334	if [ $(grep -c "DROPINPUT" ${optionsfw_file}) -gt 1 ] ; then
	335
	336	# We only can remove all entries with an defined string.
	337	sed -e "/DROPINPUT/d" -i ${optionsfw_file}
	338
	339	# Afterwards we have to add the required string with the default
	340	# value again.
	341	echo "DROPINPUT=on" >> ${optionsfw_file}
	342	fi
	343
	344	# Add strings and default values for new options of the firewall.
	345	echo "DROPFORWARD=on" >> ${optionsfw_file}
	346	echo "FWPOLICY=DROP" >> ${optionsfw_file}
	347	echo "FWPOLICY1=DROP" >> ${optionsfw_file}
	348	echo "FWPOLICY2=DROP" >> ${optionsfw_file}
	349	echo "DROPSAMBA=off" >> ${optionsfw_file}
	350	echo "DROPPROXY=off" >> ${optionsfw_file}
	351	echo "SHOWREMARK=on" >> ${optionsfw_file}
	352	echo "SHOWCOLORS=on" >> ${optionsfw_file}
	353	echo "SHOWTABLES=off" >> ${optionsfw_file}
	354	echo "SHOWDROPDOWN=off" >> ${optionsfw_file}
	355	echo "DROPWIRELESSINPUT=on" >> ${optionsfw_file}
	356	echo "DROPWIRELESSFORWARD=on" >> ${optionsfw_file}
	357
	358	unset optionsfw_file
	359
2106b71e AF	360	# Convert inittab and fstab
2106b71e AF	361	sed -i -e "s/tty1 9600$/tty1 9600 --noclear/g" /etc/inittab
ff740a73	362	sed -i -e "s/xvc0 9600$/xvc0 9600 --noclear/g" /etc/inittab
2106b71e AF	363	sed -i -e "s/^proc/#proc/g" /etc/fstab
	364	sed -i -e "s/^sysfs/#sysfs/g" /etc/fstab
	365	sed -i -e "s/^devpts/#devpts/g" /etc/fstab
0053269b	366	sed -i -e "s\|^none\s/var/run\|#none /var/run\|g" /etc/fstab
2106b71e AF	367
	368	# Convert udev persistent network rules
	369	sed -i -e "s/SYSFS{/ATTR{/g" /etc/udev/rules.d/30-persistent-network.rules
	370
2a127986 AF	371	# Firstsetup was already run
	372	touch /var/ipfire/main/firstsetup_ok
	373
31d488a4 AF	374	#
	375	# Start services
	376	#
	377	/etc/init.d/apache start
	378	/etc/init.d/squid start
	379	/etc/init.d/snort start
	380	if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then
	381	/etc/init.d/ipsec start
	382	fi
	383
	384	#
	385	# Rebuild qosscript if enabled
	386	#
	387	if [ -e /var/ipfire/qos/enable ]; then
	388	/usr/local/bin/qosctrl stop
	389	/usr/local/bin/qosctrl generate
	390	/usr/local/bin/qosctrl start
	391	fi
	392
b23dd8b7 MT	393	# Update crontab
	394	cat <<EOF >> /var/spool/cron/root.orig
	395
	396	# Re-read firewall rules every Sunday in March, October and November to take care of daylight saving time
	397	00 3 * 3 0 /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl
	398	00 2 * 10-11 0 /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl
	399	EOF
	400	fcrontab -z &>/dev/null
	401
31d488a4 AF	402
	403	case $(uname -m) in
	404	i?86 )
	405	#
	406	# Modify grub.conf
	407	#
	408	echo
	409	echo Update grub configuration ...
	410	ROOT=`mount \| grep " / " \| cut -d" " -f1`
	411
	412	if [ ! -z $ROOT ]; then
	413	ROOTUUID=`blkid -c /dev/null -sUUID $ROOT \| cut -d'"' -f2`
	414	fi
	415
	416	if [ ! -z $ROOTUUID ]; then
	417	sed -i "s\|ROOT\|UUID=$ROOTUUID\|g" /boot/grub/grub.conf
	418	else
	419	sed -i "s\|ROOT\|$ROOT\|g" /boot/grub/grub.conf
	420	fi
	421	sed -i "s\|KVER\|$KVER\|g" /boot/grub/grub.conf
	422	sed -i "s\|MOUNT\|$MOUNT\|g" /boot/grub/grub.conf
	423
	424	if [ "$(grep "^serial" /boot/grub/grub.conf.org)" == "" ]; then
	425	echo "grub use default console ..."
	426	else
	427	echo "grub use serial console ..."
	428	sed -i -e "s\|splashimage\|#splashimage\|g" /boot/grub/grub.conf
	429	sed -i -e "s\|#serial\|serial\|g" /boot/grub/grub.conf
	430	sed -i -e "s\|#terminal\|terminal\|g" /boot/grub/grub.conf
	431	sed -i -e "s\| panic=10 \| console=ttyS0,115200n8 panic=10 \|g" /boot/grub/grub.conf
	432	fi
	433
	434	#
	435	# ReInstall grub
	436	#
	437	echo "(hd0) ${ROOT::`expr length $ROOT`-1}" > /boot/grub/device.map
	438	grub-install --no-floppy ${ROOT::`expr length $ROOT`-1}
	439	;;
	440	esac
	441	#
	442	# Delete old lm-sensor modullist to force search at next boot
	443	#
	444	rm -rf /etc/sysconfig/lm_sensors
	445
	446
	447	# Force (re)install pae kernel if pae is supported
	448	rm -rf /opt/pakfire/db/*/meta-linux-pae
	449	if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then
	450	ROOTSPACE=`df / -Pk \| sed "s\| * \| \|g" \| cut -d" " -f4 \| tail -n 1`
	451	BOOTSPACE=`df /boot -Pk \| sed "s\| * \| \|g" \| cut -d" " -f4 \| tail -n 1`
bf5e1c4c	452	if [ $BOOTSPACE -lt 12000 -o $ROOTSPACE -lt 90000 ]; then
31d488a4	453	/usr/bin/logger -p syslog.emerg -t ipfire \
62ae8b79	454	"core-update-${core}: WARNING not enough space for pae kernel."
31d488a4 AF	455	else
31d488a4 AF	456	echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae
2106b71e AF	457	echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae
2106b71e AF	458	echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae
e2398186 AF	459	echo "Name: linux-pae" > /opt/pakfire/db/meta/meta-linux-pae
	460	echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-pae
	461	echo "Release: 0" >> /opt/pakfire/db/meta/meta-linux-pae
31d488a4 AF	462	fi
	463	fi
	464
	465	# Force reinstall xen kernel if it was installed
	466	if [ -e "/opt/pakfire/db/installed/meta-linux-xen" ]; then
	467	echo "Name: linux-xen" > /opt/pakfire/db/installed/meta-linux-xen
2106b71e AF	468	echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-xen
2106b71e AF	469	echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-xen
e2398186 AF	470	echo "Name: linux-xen" > /opt/pakfire/db/meta/meta-linux-xen
	471	echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-xen
	472	echo "Release: 0" >> /opt/pakfire/db/meta/meta-linux-xen
31d488a4 AF	473	# Add xvc0 to /etc/securetty
	474	echo "xvc0" >> /etc/securetty
	475	fi
	476
	477	#
	478	# After pakfire has ended run it again and update the lists and do upgrade
	479	#
	480	echo '#!/bin/bash' > /tmp/pak_update
	481	echo 'while [ "$(ps -A \| grep " update.sh")" != "" ]; do' >> /tmp/pak_update
	482	echo ' sleep 1' >> /tmp/pak_update
	483	echo 'done' >> /tmp/pak_update
	484	echo 'while [ "$(ps -A \| grep " pakfire")" != "" ]; do' >> /tmp/pak_update
	485	echo ' sleep 1' >> /tmp/pak_update
	486	echo 'done' >> /tmp/pak_update
	487	echo '/opt/pakfire/pakfire update -y --force' >> /tmp/pak_update
	488	echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
	489	echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
	490	echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
	491	echo '/usr/bin/logger -p syslog.emerg -t ipfire "Core-upgrade finished. If you use a customized grub.cfg"' >> /tmp/pak_update
	492	echo '/usr/bin/logger -p syslog.emerg -t ipfire "Check it before reboot !!!"' >> /tmp/pak_update
	493	echo '/usr/bin/logger -p syslog.emerg -t ipfire " * Please reboot... * "' >> /tmp/pak_update
	494	echo 'touch /var/run/need_reboot ' >> /tmp/pak_update
	495	#
fa37e705	496	killall -KILL pak_update
31d488a4 AF	497	chmod +x /tmp/pak_update
31d488a4 AF	498	/tmp/pak_update &
949d5c52	499
31d488a4	500	sync
949d5c52	501
31d488a4 AF	502	#
31d488a4 AF	503	#Finish
949d5c52 MT	504	(
	505	/etc/init.d/fireinfo start
	506	sendprofile
	507	) >/dev/null 2>&1 &
	508
ba83f4b9 AF	509	# Update Package list for addon installation
	510	/opt/pakfire/pakfire update -y --force
	511
31d488a4 AF	512	echo
	513	echo Please wait until pakfire has ended...
	514	echo
	515	#Don't report the exitcode last command
949d5c52	516	exit 0
31d488a4	517