]>
Commit | Line | Data |
---|---|---|
1 | #!/bin/bash | |
2 | ############################################################################ | |
3 | # # | |
4 | # This file is part of the IPFire Firewall. # | |
5 | # # | |
6 | # IPFire is free software; you can redistribute it and/or modify # | |
7 | # it under the terms of the GNU General Public License as published by # | |
8 | # the Free Software Foundation; either version 3 of the License, or # | |
9 | # (at your option) any later version. # | |
10 | # # | |
11 | # IPFire is distributed in the hope that it will be useful, # | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
14 | # GNU General Public License for more details. # | |
15 | # # | |
16 | # You should have received a copy of the GNU General Public License # | |
17 | # along with IPFire; if not, write to the Free Software # | |
18 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # | |
19 | # # | |
20 | # Copyright (C) 2014 IPFire-Team <info@ipfire.org>. # | |
21 | # # | |
22 | ############################################################################ | |
23 | # | |
24 | . /opt/pakfire/lib/functions.sh | |
25 | /usr/local/bin/backupctrl exclude >/dev/null 2>&1 | |
26 | ||
27 | function add_to_backup () | |
28 | { | |
29 | # Add path to ROOTFILES but remove old entries to prevent double | |
30 | # files in the tar | |
31 | grep -v "^$1" /opt/pakfire/tmp/ROOTFILES > /opt/pakfire/tmp/ROOTFILES.tmp | |
32 | mv /opt/pakfire/tmp/ROOTFILES.tmp /opt/pakfire/tmp/ROOTFILES | |
33 | echo $1 >> /opt/pakfire/tmp/ROOTFILES | |
34 | } | |
35 | ||
36 | # | |
37 | # Remove old core updates from pakfire cache to save space... | |
38 | core=76 | |
39 | for (( i=1; i<=${core}; i++ )) | |
40 | do | |
41 | rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire | |
42 | done | |
43 | ||
44 | # | |
45 | # Do some sanity checks. | |
46 | case $(uname -r) in | |
47 | *-ipfire-versatile ) | |
48 | /usr/bin/logger -p syslog.emerg -t ipfire \ | |
49 | "core-update-${core}: ERROR cannot update. versatile support is dropped." | |
50 | # Report no error to pakfire. So it does not try to install it again. | |
51 | exit 0 | |
52 | ;; | |
53 | *-ipfire-xen ) | |
54 | BOOTSIZE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f2 | tail -n 1` | |
55 | if [ $BOOTSIZE -lt 28000 ]; then | |
56 | /usr/bin/logger -p syslog.emerg -t ipfire \ | |
57 | "core-update-${core}: ERROR cannot update because not enough space on boot." | |
58 | exit 2 | |
59 | fi | |
60 | ;; | |
61 | *-ipfire* ) | |
62 | # Ok. | |
63 | ;; | |
64 | * ) | |
65 | /usr/bin/logger -p syslog.emerg -t ipfire \ | |
66 | "core-update-${core}: ERROR cannot update. No IPFire Kernel." | |
67 | exit 1 | |
68 | ;; | |
69 | esac | |
70 | ||
71 | ||
72 | # | |
73 | # | |
74 | KVER="3.10.28" | |
75 | MOUNT=`grep "kernel" /boot/grub/grub.conf 2>/dev/null | tail -n 1 ` | |
76 | # Nur den letzten Parameter verwenden | |
77 | echo $MOUNT > /dev/null | |
78 | MOUNT=$_ | |
79 | if [ ! $MOUNT == "rw" ]; then | |
80 | MOUNT="ro" | |
81 | fi | |
82 | ||
83 | # | |
84 | # check if we the backup file already exist | |
85 | if [ -e /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz ]; then | |
86 | echo Moving backup to backup-old ... | |
87 | mv -f /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz \ | |
88 | /var/ipfire/backup/core-upgrade${core}_${KVER}-old.tar.xz | |
89 | fi | |
90 | echo First we made a backup of all files that was inside of the | |
91 | echo update archive. This may take a while ... | |
92 | # Add some files that are not in the package to backup | |
93 | add_to_backup lib/modules | |
94 | add_to_backup etc/udev | |
95 | add_to_backup lib/udev | |
96 | add_to_backup boot | |
97 | add_to_backup etc/sysconfig/lm_sensors | |
98 | add_to_backup etc/sysconfig/rc.local | |
99 | add_to_backup srv/web/ipfire/html/themes/ipfire | |
100 | add_to_backup usr/lib/engines | |
101 | add_to_backup etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl | |
102 | add_to_backup etc/rc.d/init.d/networking/red.up/25-portfw | |
103 | add_to_backup etc/rc.d/init.d/networking/red.up/26-xtaccess | |
104 | add_to_backup usr/local/bin/setportfw | |
105 | add_to_backup usr/local/bin/setdmzholes | |
106 | add_to_backup usr/local/bin/setxtaccess | |
107 | add_to_backup usr/local/bin/outgoingfwctrl | |
108 | add_to_backup srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi | |
109 | add_to_backup var/ipfire/{dmzholes,portfw,outgoing,xtaccess} | |
110 | add_to_backup etc/inittab | |
111 | add_to_backup etc/fstab | |
112 | add_to_backup usr/share/usb_modeswitch | |
113 | ||
114 | # Backup the files | |
115 | tar cJvf /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz \ | |
116 | -C / -T /opt/pakfire/tmp/ROOTFILES --exclude='#*' --exclude='/var/cache' > /dev/null 2>&1 | |
117 | ||
118 | # Check diskspace on root | |
119 | ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` | |
120 | ||
121 | if [ $ROOTSPACE -lt 100000 ]; then | |
122 | /usr/bin/logger -p syslog.emerg -t ipfire \ | |
123 | "core-update-${core}: ERROR cannot update because not enough free space on root." | |
124 | exit 2 | |
125 | fi | |
126 | ||
127 | ||
128 | echo | |
129 | echo Update Kernel to $KVER ... | |
130 | # | |
131 | # Remove old kernel, configs, initrd, modules ... | |
132 | # | |
133 | rm -rf /boot/System.map-* | |
134 | rm -rf /boot/config-* | |
135 | rm -rf /boot/ipfirerd-* | |
136 | rm -rf /boot/vmlinuz-* | |
137 | rm -rf /boot/uImage-ipfire-* | |
138 | rm -rf /boot/uInit-ipfire-* | |
139 | rm -rf /lib/modules | |
140 | ||
141 | # Remove old usb_modeswitch_data | |
142 | rm -rf /usr/share/usb_modeswitch | |
143 | ||
144 | # | |
145 | # Remove old udev rules. | |
146 | # | |
147 | if [ -e /etc/udev/rules.d/29-ct-server-network.rules ]; then | |
148 | cp /etc/udev/rules.d/29-ct-server-network.rules /tmp/ | |
149 | fi | |
150 | cp /etc/udev/rules.d/30-persistent-network.rules /tmp/ | |
151 | rm -rf /etc/udev | |
152 | rm -rf /lib/udev | |
153 | mkdir -p /etc/udev/rules.d | |
154 | if [ -e /tmp/rules.d/29-ct-server-network.rules ]; then | |
155 | mv /tmp/29-ct-server-network.rules /etc/udev/rules.d/ | |
156 | fi | |
157 | mv /tmp/30-persistent-network.rules /etc/udev/rules.d/ | |
158 | ||
159 | case $(uname -m) in | |
160 | i?86 ) | |
161 | # | |
162 | # Backup grub.conf | |
163 | # | |
164 | cp -vf /boot/grub/grub.conf /boot/grub/grub.conf.org | |
165 | ;; | |
166 | esac | |
167 | # | |
168 | #Stop services | |
169 | /etc/init.d/snort stop | |
170 | /etc/init.d/squid stop | |
171 | /etc/init.d/ipsec stop | |
172 | /etc/init.d/apache stop | |
173 | ||
174 | # Remove the old default theme | |
175 | rm -rf /srv/web/ipfire/html/themes/ipfire | |
176 | ||
177 | # rename /etc/modprobe.d files | |
178 | for i in $(find /etc/modprobe.d/* | grep -v ".conf"); do | |
179 | mv $i $i.conf | |
180 | done | |
181 | ||
182 | # Move /var/run to /run. | |
183 | if [ -L "/run" ]; then | |
184 | rm -f /run | |
185 | fi | |
186 | ||
187 | mkdir -p /run | |
188 | if mountpoint /var/run; then | |
189 | mount --move /var/run /run | |
190 | rm -rf /var/run | |
191 | fi | |
192 | ||
193 | ln -svf ../run /var/run | |
194 | ||
195 | # Creating directories for new firewall. | |
196 | mkdir -p /var/ipfire/firewall | |
197 | mkdir -p /var/ipfire/fwhosts | |
198 | ||
199 | # | |
200 | #Extract files | |
201 | tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C / | |
202 | ||
203 | # Check diskspace on boot | |
204 | BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` | |
205 | ||
206 | if [ $BOOTSPACE -lt 1000 ]; then | |
207 | case $(uname -r) in | |
208 | *-ipfire-kirkwood ) | |
209 | # Special handling for old kirkwood images. | |
210 | # (install only kirkwood kernel) | |
211 | rm -rf /boot/* | |
212 | tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p \ | |
213 | --numeric-owner -C / --wildcards 'boot/*-kirkwood*' | |
214 | ;; | |
215 | * ) | |
216 | /usr/bin/logger -p syslog.emerg -t ipfire \ | |
217 | "core-update-${core}: FATAL-ERROR space run out on boot. System is not bootable..." | |
218 | /etc/init.d/apache start | |
219 | exit 4 | |
220 | ;; | |
221 | esac | |
222 | fi | |
223 | ||
224 | # | |
225 | #Reload init to close old linker/glibc | |
226 | telinit u | |
227 | ||
228 | # Regenerate ipsec configuration files. | |
229 | /srv/web/ipfire/cgi-bin/vpnmain.cgi | |
230 | ||
231 | # Update Language cache | |
232 | perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" | |
233 | ||
234 | # Remove old openssl engines | |
235 | rm -rf /usr/lib/engines | |
236 | ||
237 | # Remove old initscripts | |
238 | rm -f /etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl | |
239 | rm -f /etc/rc.d/init.d/networking/red.up/25-portfw | |
240 | rm -f /etc/rc.d/init.d/networking/red.up/26-xtaccess | |
241 | ||
242 | # Remove old firewallscripts | |
243 | rm -f /usr/local/bin/setportfw | |
244 | rm -f /usr/local/bin/setdmzholes | |
245 | rm -f /usr/local/bin/setxtaccess | |
246 | rm -f /usr/local/bin/outgoingfwctrl | |
247 | ||
248 | # Remove old CGI files | |
249 | rm -f /srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi | |
250 | ||
251 | # Generate chains for new firewall | |
252 | /sbin/iptables -N INPUTFW 2>/dev/null | |
253 | /sbin/iptables -N FORWARDFW 2>/dev/null | |
254 | /sbin/iptables -N POLICYFWD 2>/dev/null | |
255 | /sbin/iptables -N POLICYIN 2>/dev/null | |
256 | /sbin/iptables -N POLICYOUT 2>/dev/null | |
257 | /sbin/iptables -t nat -N NAT_SOURCE 2>/dev/null | |
258 | /sbin/iptables -t nat -N NAT_DESTINATION 2>/dev/null | |
259 | ||
260 | # Create config files for firewall and fix permissions. | |
261 | touch /var/ipfire/firewall/config | |
262 | touch /var/ipfire/firewall/input | |
263 | touch /var/ipfire/firewall/outgoing | |
264 | touch /var/ipfire/firewall/settings | |
265 | touch /var/ipfire/fwhosts/customhosts | |
266 | touch /var/ipfire/fwhosts/customnetworks | |
267 | touch /var/ipfire/fwhosts/customgroups | |
268 | touch /var/ipfire/fwhosts/customservices | |
269 | touch /var/ipfire/fwhosts/customservicegrp | |
270 | ||
271 | # Fix ownership. | |
272 | chown -R nobody:nobody /var/ipfire/firewall | |
273 | chown -R nobody:nobody /var/ipfire/fwhosts | |
274 | ||
275 | # Convert firewall configuration | |
276 | /usr/sbin/convert-xtaccess | |
277 | /usr/sbin/convert-outgoingfw | |
278 | /usr/sbin/convert-portfw | |
279 | /usr/sbin/convert-dmz | |
280 | ||
281 | # Remove old firewall configuration files | |
282 | rm -rf /var/ipfire/{dmzholes,portfw,outgoing,xtaccess} | |
283 | ||
284 | # Convert inittab and fstab | |
285 | sed -i -e "s/tty1 9600$/tty1 9600 --noclear/g" /etc/inittab | |
286 | sed -i -e "s/xvc0 9600$/xvc0 9600 --noclear/g" /etc/inittab | |
287 | sed -i -e "s/^proc/#proc/g" /etc/fstab | |
288 | sed -i -e "s/^sysfs/#sysfs/g" /etc/fstab | |
289 | sed -i -e "s/^devpts/#devpts/g" /etc/fstab | |
290 | sed -i -e "s|^none\s/var/run|#none /var/run|g" /etc/fstab | |
291 | ||
292 | # Convert udev persistent network rules | |
293 | sed -i -e "s/SYSFS{/ATTR{/g" /etc/udev/rules.d/30-persistent-network.rules | |
294 | ||
295 | # Firstsetup was already run | |
296 | touch /var/ipfire/main/firstsetup_ok | |
297 | ||
298 | # | |
299 | # Start services | |
300 | # | |
301 | /etc/init.d/apache start | |
302 | /etc/init.d/squid start | |
303 | /etc/init.d/snort start | |
304 | if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then | |
305 | /etc/init.d/ipsec start | |
306 | fi | |
307 | ||
308 | # | |
309 | # Rebuild qosscript if enabled | |
310 | # | |
311 | if [ -e /var/ipfire/qos/enable ]; then | |
312 | /usr/local/bin/qosctrl stop | |
313 | /usr/local/bin/qosctrl generate | |
314 | /usr/local/bin/qosctrl start | |
315 | fi | |
316 | ||
317 | # Update crontab | |
318 | cat <<EOF >> /var/spool/cron/root.orig | |
319 | ||
320 | # Re-read firewall rules every Sunday in March, October and November to take care of daylight saving time | |
321 | 00 3 * 3 0 /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl | |
322 | 00 2 * 10-11 0 /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl | |
323 | EOF | |
324 | fcrontab -z &>/dev/null | |
325 | ||
326 | ||
327 | case $(uname -m) in | |
328 | i?86 ) | |
329 | # | |
330 | # Modify grub.conf | |
331 | # | |
332 | echo | |
333 | echo Update grub configuration ... | |
334 | ROOT=`mount | grep " / " | cut -d" " -f1` | |
335 | ||
336 | if [ ! -z $ROOT ]; then | |
337 | ROOTUUID=`blkid -c /dev/null -sUUID $ROOT | cut -d'"' -f2` | |
338 | fi | |
339 | ||
340 | if [ ! -z $ROOTUUID ]; then | |
341 | sed -i "s|ROOT|UUID=$ROOTUUID|g" /boot/grub/grub.conf | |
342 | else | |
343 | sed -i "s|ROOT|$ROOT|g" /boot/grub/grub.conf | |
344 | fi | |
345 | sed -i "s|KVER|$KVER|g" /boot/grub/grub.conf | |
346 | sed -i "s|MOUNT|$MOUNT|g" /boot/grub/grub.conf | |
347 | ||
348 | if [ "$(grep "^serial" /boot/grub/grub.conf.org)" == "" ]; then | |
349 | echo "grub use default console ..." | |
350 | else | |
351 | echo "grub use serial console ..." | |
352 | sed -i -e "s|splashimage|#splashimage|g" /boot/grub/grub.conf | |
353 | sed -i -e "s|#serial|serial|g" /boot/grub/grub.conf | |
354 | sed -i -e "s|#terminal|terminal|g" /boot/grub/grub.conf | |
355 | sed -i -e "s| panic=10 | console=ttyS0,115200n8 panic=10 |g" /boot/grub/grub.conf | |
356 | fi | |
357 | ||
358 | # | |
359 | # ReInstall grub | |
360 | # | |
361 | echo "(hd0) ${ROOT::`expr length $ROOT`-1}" > /boot/grub/device.map | |
362 | grub-install --no-floppy ${ROOT::`expr length $ROOT`-1} | |
363 | ;; | |
364 | esac | |
365 | # | |
366 | # Delete old lm-sensor modullist to force search at next boot | |
367 | # | |
368 | rm -rf /etc/sysconfig/lm_sensors | |
369 | ||
370 | ||
371 | # Force (re)install pae kernel if pae is supported | |
372 | rm -rf /opt/pakfire/db/*/meta-linux-pae | |
373 | if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then | |
374 | ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` | |
375 | BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` | |
376 | if [ $BOOTSPACE -lt 12000 -o $ROOTSPACE -lt 90000 ]; then | |
377 | /usr/bin/logger -p syslog.emerg -t ipfire \ | |
378 | "core-update-${core}: WARNING not enough space for pae kernel." | |
379 | else | |
380 | echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae | |
381 | echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae | |
382 | echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae | |
383 | echo "Name: linux-pae" > /opt/pakfire/db/meta/meta-linux-pae | |
384 | echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-pae | |
385 | echo "Release: 0" >> /opt/pakfire/db/meta/meta-linux-pae | |
386 | fi | |
387 | fi | |
388 | ||
389 | # Force reinstall xen kernel if it was installed | |
390 | if [ -e "/opt/pakfire/db/installed/meta-linux-xen" ]; then | |
391 | echo "Name: linux-xen" > /opt/pakfire/db/installed/meta-linux-xen | |
392 | echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-xen | |
393 | echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-xen | |
394 | echo "Name: linux-xen" > /opt/pakfire/db/meta/meta-linux-xen | |
395 | echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-xen | |
396 | echo "Release: 0" >> /opt/pakfire/db/meta/meta-linux-xen | |
397 | # Add xvc0 to /etc/securetty | |
398 | echo "xvc0" >> /etc/securetty | |
399 | fi | |
400 | ||
401 | # | |
402 | # After pakfire has ended run it again and update the lists and do upgrade | |
403 | # | |
404 | echo '#!/bin/bash' > /tmp/pak_update | |
405 | echo 'while [ "$(ps -A | grep " update.sh")" != "" ]; do' >> /tmp/pak_update | |
406 | echo ' sleep 1' >> /tmp/pak_update | |
407 | echo 'done' >> /tmp/pak_update | |
408 | echo 'while [ "$(ps -A | grep " pakfire")" != "" ]; do' >> /tmp/pak_update | |
409 | echo ' sleep 1' >> /tmp/pak_update | |
410 | echo 'done' >> /tmp/pak_update | |
411 | echo '/opt/pakfire/pakfire update -y --force' >> /tmp/pak_update | |
412 | echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update | |
413 | echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update | |
414 | echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update | |
415 | echo '/usr/bin/logger -p syslog.emerg -t ipfire "Core-upgrade finished. If you use a customized grub.cfg"' >> /tmp/pak_update | |
416 | echo '/usr/bin/logger -p syslog.emerg -t ipfire "Check it before reboot !!!"' >> /tmp/pak_update | |
417 | echo '/usr/bin/logger -p syslog.emerg -t ipfire " *** Please reboot... *** "' >> /tmp/pak_update | |
418 | echo 'touch /var/run/need_reboot ' >> /tmp/pak_update | |
419 | # | |
420 | killall -KILL pak_update | |
421 | chmod +x /tmp/pak_update | |
422 | /tmp/pak_update & | |
423 | ||
424 | sync | |
425 | ||
426 | # | |
427 | #Finish | |
428 | ( | |
429 | /etc/init.d/fireinfo start | |
430 | sendprofile | |
431 | ) >/dev/null 2>&1 & | |
432 | ||
433 | # Update Package list for addon installation | |
434 | /opt/pakfire/pakfire update -y --force | |
435 | ||
436 | echo | |
437 | echo Please wait until pakfire has ended... | |
438 | echo | |
439 | #Don't report the exitcode last command | |
440 | exit 0 | |
441 |