]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blob - config/rootfiles/core/76/update.sh
projects / people / teissler / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'alfh/feature_firewalllog_centergraph' into next
[people/teissler/ipfire-2.x.git] / config / rootfiles / core / 76 / update.sh
1 #!/bin/bash
2 ############################################################################
3 # #
4 # This file is part of the IPFire Firewall. #
5 # #
6 # IPFire is free software; you can redistribute it and/or modify #
7 # it under the terms of the GNU General Public License as published by #
8 # the Free Software Foundation; either version 3 of the License, or #
9 # (at your option) any later version. #
10 # #
11 # IPFire is distributed in the hope that it will be useful, #
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
14 # GNU General Public License for more details. #
15 # #
16 # You should have received a copy of the GNU General Public License #
17 # along with IPFire; if not, write to the Free Software #
18 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
19 # #
20 # Copyright (C) 2014 IPFire-Team <info@ipfire.org>. #
21 # #
22 ############################################################################
23 #
24 . /opt/pakfire/lib/functions.sh
25 /usr/local/bin/backupctrl exclude >/dev/null 2>&1
26
27 function add_to_backup ()
28 {
29 # Add path to ROOTFILES but remove old entries to prevent double
30 # files in the tar
31 grep -v "^$1" /opt/pakfire/tmp/ROOTFILES > /opt/pakfire/tmp/ROOTFILES.tmp
32 mv /opt/pakfire/tmp/ROOTFILES.tmp /opt/pakfire/tmp/ROOTFILES
33 echo $1 >> /opt/pakfire/tmp/ROOTFILES
34 }
35
36 #
37 # Remove old core updates from pakfire cache to save space...
38 core=76
39 for (( i=1; i<=${core}; i++ ))
40 do
41 rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
42 done
43
44 #
45 # Do some sanity checks.
46 case $(uname -r) in
47 *-ipfire-versatile )
48 /usr/bin/logger -p syslog.emerg -t ipfire \
49 "core-update-${core}: ERROR cannot update. versatile support is dropped."
50 # Report no error to pakfire. So it does not try to install it again.
51 exit 0
52 ;;
53 *-ipfire-xen )
54 BOOTSIZE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f2 | tail -n 1`
55 if [ $BOOTSIZE -lt 28000 ]; then
56 /usr/bin/logger -p syslog.emerg -t ipfire \
57 "core-update-${core}: ERROR cannot update because not enough space on boot."
58 exit 2
59 fi
60 ;;
61 *-ipfire* )
62 # Ok.
63 ;;
64 * )
65 /usr/bin/logger -p syslog.emerg -t ipfire \
66 "core-update-${core}: ERROR cannot update. No IPFire Kernel."
67 exit 1
68 ;;
69 esac
70
71
72 #
73 #
74 KVER="xxxKVERxxx"
75 MOUNT=`grep "kernel" /boot/grub/grub.conf 2>/dev/null | tail -n 1 `
76 # Nur den letzten Parameter verwenden
77 echo $MOUNT > /dev/null
78 MOUNT=$_
79 if [ ! $MOUNT == "rw" ]; then
80 MOUNT="ro"
81 fi
82
83 #
84 # check if we the backup file already exist
85 if [ -e /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz ]; then
86 echo Moving backup to backup-old ...
87 mv -f /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz \
88 /var/ipfire/backup/core-upgrade${core}_${KVER}-old.tar.xz
89 fi
90 echo First we made a backup of all files that was inside of the
91 echo update archive. This may take a while ...
92 # Add some files that are not in the package to backup
93 add_to_backup lib/modules
94 add_to_backup etc/udev
95 add_to_backup lib/udev
96 add_to_backup boot
97 add_to_backup etc/sysconfig/lm_sensors
98 add_to_backup etc/sysconfig/rc.local
99 add_to_backup srv/web/ipfire/html/themes/ipfire
100 add_to_backup usr/lib/engines
101 add_to_backup etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
102 add_to_backup etc/rc.d/init.d/networking/red.up/25-portfw
103 add_to_backup etc/rc.d/init.d/networking/red.up/26-xtaccess
104 add_to_backup usr/local/bin/setportfw
105 add_to_backup usr/local/bin/setdmzholes
106 add_to_backup usr/local/bin/setxtaccess
107 add_to_backup usr/local/bin/outgoingfwctrl
108 add_to_backup srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi
109 add_to_backup var/ipfire/{dmzholes,portfw,outgoing,xtaccess}
110 add_to_backup etc/inittab
111 add_to_backup etc/fstab
112 add_to_backup usr/share/usb_modeswitch
113 add_to_backup etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl
114 add_to_backup etc/rc.d/init.d/networking/red.up/99-U-dialctrl.pl
115 add_to_backup usr/local/bin/dialctrl.pl
116
117 # Backup the files
118 tar cJvf /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz \
119 -C / -T /opt/pakfire/tmp/ROOTFILES --exclude='#*' --exclude='/var/cache' > /dev/null 2>&1
120
121 # Check diskspace on root
122 ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
123
124 if [ $ROOTSPACE -lt 100000 ]; then
125 /usr/bin/logger -p syslog.emerg -t ipfire \
126 "core-update-${core}: ERROR cannot update because not enough free space on root."
127 exit 2
128 fi
129
130
131 echo
132 echo Update Kernel to $KVER ...
133 #
134 # Remove old kernel, configs, initrd, modules ...
135 #
136 rm -rf /boot/System.map-*
137 rm -rf /boot/config-*
138 rm -rf /boot/ipfirerd-*
139 rm -rf /boot/vmlinuz-*
140 rm -rf /boot/uImage-ipfire-*
141 rm -rf /boot/uInit-ipfire-*
142 rm -rf /lib/modules
143
144 # Remove old usb_modeswitch_data
145 rm -rf /usr/share/usb_modeswitch
146
147 # Remove dialctrl.pl script
148 rm -f \
149 /etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl \
150 /etc/rc.d/init.d/networking/red.up/99-U-dialctrl.pl \
151 /usr/local/bin/dialctrl.pl
152
153 #
154 # Remove old udev rules.
155 #
156 if [ -e /etc/udev/rules.d/29-ct-server-network.rules ]; then
157 cp /etc/udev/rules.d/29-ct-server-network.rules /tmp/
158 fi
159 cp /etc/udev/rules.d/30-persistent-network.rules /tmp/
160 rm -rf /etc/udev
161 rm -rf /lib/udev
162 mkdir -p /etc/udev/rules.d
163 if [ -e /tmp/rules.d/29-ct-server-network.rules ]; then
164 mv /tmp/29-ct-server-network.rules /etc/udev/rules.d/
165 fi
166 mv /tmp/30-persistent-network.rules /etc/udev/rules.d/
167
168 case $(uname -m) in
169 i?86 )
170 #
171 # Backup grub.conf
172 #
173 cp -vf /boot/grub/grub.conf /boot/grub/grub.conf.org
174 ;;
175 esac
176 #
177 #Stop services
178 /etc/init.d/snort stop
179 /etc/init.d/squid stop
180 /etc/init.d/ipsec stop
181 /etc/init.d/apache stop
182
183 # Remove the old default theme
184 rm -rf /srv/web/ipfire/html/themes/ipfire
185
186 # rename /etc/modprobe.d files
187 for i in $(find /etc/modprobe.d/* | grep -v ".conf"); do
188 mv $i $i.conf
189 done
190
191 # Move /var/run to /run.
192 if [ -L "/run" ]; then
193 rm -f /run
194 fi
195
196 mkdir -p /run
197 if mountpoint /var/run; then
198 mount --move /var/run /run
199 rm -rf /var/run
200 fi
201
202 ln -svf ../run /var/run
203
204 # Creating directories for new firewall.
205 mkdir -p /var/ipfire/firewall
206 mkdir -p /var/ipfire/fwhosts
207
208 # Remove old ntp binaries
209 rm -f /usr/sbin/ntp-keygen
210 rm -f /usr/sbin/ntp-wait
211 rm -f /usr/sbin/ntpq
212 rm -f /usr/sbin/ntptime
213 rm -f /usr/sbin/ntptrace
214 rm -f /usr/sbin/tickadj
215
216 # Remove old firewall helper link
217 rm -f /etc/rc.d/init.d/networking/red.up/22-forwardfwctrl
218
219 #
220 #Extract files
221 tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
222
223 # Check diskspace on boot
224 BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
225
226 if [ $BOOTSPACE -lt 1000 ]; then
227 case $(uname -r) in
228 *-ipfire-kirkwood )
229 # Special handling for old kirkwood images.
230 # (install only kirkwood kernel)
231 rm -rf /boot/*
232 tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p \
233 --numeric-owner -C / --wildcards 'boot/*-kirkwood*'
234 ;;
235 * )
236 /usr/bin/logger -p syslog.emerg -t ipfire \
237 "core-update-${core}: FATAL-ERROR space run out on boot. System is not bootable..."
238 /etc/init.d/apache start
239 exit 4
240 ;;
241 esac
242 fi
243
244 #
245 #Reload init to close old linker/glibc
246 telinit u
247
248 # Regenerate ipsec configuration files.
249 /srv/web/ipfire/cgi-bin/vpnmain.cgi
250
251 # Update Language cache
252 perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
253
254 # Remove old openssl engines
255 rm -rf /usr/lib/engines
256
257 # Remove old initscripts
258 rm -f /etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
259 rm -f /etc/rc.d/init.d/networking/red.up/25-portfw
260 rm -f /etc/rc.d/init.d/networking/red.up/26-xtaccess
261 rm -f /etc/rc.d/rcsysinit.d/S90sysctl
262
263 # Remove old firewallscripts
264 rm -f /usr/local/bin/setportfw
265 rm -f /usr/local/bin/setdmzholes
266 rm -f /usr/local/bin/setxtaccess
267 rm -f /usr/local/bin/outgoingfwctrl
268
269 # Remove old CGI files
270 rm -f /srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi
271
272 # Generate chains for new firewall
273 /sbin/iptables -N INPUTFW 2>/dev/null
274 /sbin/iptables -N FORWARDFW 2>/dev/null
275 /sbin/iptables -N POLICYFWD 2>/dev/null
276 /sbin/iptables -N POLICYIN 2>/dev/null
277 /sbin/iptables -N POLICYOUT 2>/dev/null
278 /sbin/iptables -t nat -N NAT_SOURCE 2>/dev/null
279 /sbin/iptables -t nat -N NAT_DESTINATION 2>/dev/null
280
281 # Create config files for firewall and fix permissions.
282 touch /var/ipfire/firewall/config
283 touch /var/ipfire/firewall/input
284 touch /var/ipfire/firewall/outgoing
285 touch /var/ipfire/firewall/settings
286 touch /var/ipfire/fwhosts/customhosts
287 touch /var/ipfire/fwhosts/customnetworks
288 touch /var/ipfire/fwhosts/customgroups
289 touch /var/ipfire/fwhosts/customservices
290 touch /var/ipfire/fwhosts/customservicegrp
291
292 # Fix ownership.
293 chown -R nobody:nobody /var/ipfire/firewall
294 chown -R nobody:nobody /var/ipfire/fwhosts
295
296 # Convert firewall configuration
297 /usr/sbin/convert-xtaccess
298 /usr/sbin/convert-outgoingfw
299 /usr/sbin/convert-portfw
300 /usr/sbin/convert-dmz
301
302 # Remove old firewall configuration files
303 rm -rf /var/ipfire/{dmzholes,portfw,outgoing,xtaccess}
304
305 # In previously released IPFire versions the DROPOUTPUT and DROPINPUT
306 # option have two identical lines in the optionsfw/settings file as long as
307 # the user hasn't done any changes on the WUI.
308 #
309 # To prevent from any kind of side effects we are going to solve this issue now.
310
311 # Fix doubble enties of DROPOUTPUT when the default settings are still in use
312 # (the save button on the WUI page never has been clicked) or convert to the
313 # new option name required by the firewall of IPFire 2.15.
314
315 optionsfw_file="/var/ipfire/optionsfw/settings"
316
317 if [ $(grep -c "DROPOUTPUT" ${optionsfw_file}) -gt 1 ] ; then
318
319 # Drop all DROPUTPUT entries.
320 sed -e "/DROPOUTPUT/d" -i ${optionsfw_file}
321
322 # Add default line for new option.
323 echo "DROPOUTGOING=on" >> ${optionsfw_file}
324 else
325
326 # Convert option name to new format.
327 sed -e "s/DROPOUTPUT/DROPOUTGOING/g" -i ${optionsfw_file}
328 fi
329
330 # Fix doubble enties of DROPINPUT when the default settings are still in use
331 # (the save button on the WUI page never has been clicked).
332 if [ $(grep -c "DROPINPUT" ${optionsfw_file}) -gt 1 ] ; then
333
334 # We only can remove all entries with an defined string.
335 sed -e "/DROPINPUT/d" -i ${optionsfw_file}
336
337 # Afterwards we have to add the required string with the default
338 # value again.
339 echo "DROPINPUT=on" >> ${optionsfw_file}
340 fi
341
342 # Add strings and default values for new options of the firewall.
343 echo "DROPFORWARD=on" >> ${optionsfw_file}
344 echo "FWPOLICY=DROP" >> ${optionsfw_file}
345 echo "FWPOLICY1=DROP" >> ${optionsfw_file}
346 echo "FWPOLICY2=DROP" >> ${optionsfw_file}
347 echo "DROPSAMBA=off" >> ${optionsfw_file}
348 echo "DROPPROXY=off" >> ${optionsfw_file}
349 echo "SHOWREMARK=on" >> ${optionsfw_file}
350 echo "SHOWCOLORS=on" >> ${optionsfw_file}
351 echo "SHOWTABLES=off" >> ${optionsfw_file}
352 echo "SHOWDROPDOWN=off" >> ${optionsfw_file}
353 echo "DROPWIRELESSINPUT=on" >> ${optionsfw_file}
354 echo "DROPWIRELESSFORWARD=on" >> ${optionsfw_file}
355
356 unset optionsfw_file
357
358 # Convert inittab and fstab
359 sed -i -e "s/tty1 9600$/tty1 9600 --noclear/g" /etc/inittab
360 sed -i -e "s/xvc0 9600$/xvc0 9600 --noclear/g" /etc/inittab
361 sed -i -e "s/^proc/#proc/g" /etc/fstab
362 sed -i -e "s/^sysfs/#sysfs/g" /etc/fstab
363 sed -i -e "s/^devpts/#devpts/g" /etc/fstab
364 sed -i -e "s|^none\s/var/run|#none /var/run|g" /etc/fstab
365
366 # Convert udev persistent network rules
367 sed -i -e "s/SYSFS{/ATTR{/g" /etc/udev/rules.d/30-persistent-network.rules
368
369 # Firstsetup was already run
370 touch /var/ipfire/main/firstsetup_ok
371
372 #
373 # Start services
374 #
375 /etc/init.d/apache start
376 /etc/init.d/squid start
377 /etc/init.d/snort start
378 if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then
379 /etc/init.d/ipsec start
380 fi
381
382 #
383 # Rebuild qosscript if enabled
384 #
385 if [ -e /var/ipfire/qos/enable ]; then
386 /usr/local/bin/qosctrl stop
387 /usr/local/bin/qosctrl generate
388 /usr/local/bin/qosctrl start
389 fi
390
391 # Update crontab
392 cat <<EOF >> /var/spool/cron/root.orig
393
394 # Re-read firewall rules every Sunday in March, October and November to take care of daylight saving time
395 00 3 * 3 0 /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl
396 00 2 * 10-11 0 /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl
397 EOF
398 fcrontab -z &>/dev/null
399
400
401 case $(uname -m) in
402 i?86 )
403 #
404 # Modify grub.conf
405 #
406 echo
407 echo Update grub configuration ...
408 ROOT=`mount | grep " / " | cut -d" " -f1`
409
410 if [ ! -z $ROOT ]; then
411 ROOTUUID=`blkid -c /dev/null -sUUID $ROOT | cut -d'"' -f2`
412 fi
413
414 if [ ! -z $ROOTUUID ]; then
415 sed -i "s|ROOT|UUID=$ROOTUUID|g" /boot/grub/grub.conf
416 else
417 sed -i "s|ROOT|$ROOT|g" /boot/grub/grub.conf
418 fi
419 sed -i "s|KVER|$KVER|g" /boot/grub/grub.conf
420 sed -i "s|MOUNT|$MOUNT|g" /boot/grub/grub.conf
421
422 if [ "$(grep "^serial" /boot/grub/grub.conf.org)" == "" ]; then
423 echo "grub use default console ..."
424 else
425 echo "grub use serial console ..."
426 sed -i -e "s|splashimage|#splashimage|g" /boot/grub/grub.conf
427 sed -i -e "s|#serial|serial|g" /boot/grub/grub.conf
428 sed -i -e "s|#terminal|terminal|g" /boot/grub/grub.conf
429 sed -i -e "s| panic=10 | console=ttyS0,115200n8 panic=10 |g" /boot/grub/grub.conf
430 fi
431
432 #
433 # ReInstall grub
434 #
435 echo "(hd0) ${ROOT::`expr length $ROOT`-1}" > /boot/grub/device.map
436 grub-install --no-floppy ${ROOT::`expr length $ROOT`-1}
437 ;;
438 esac
439 #
440 # Delete old lm-sensor modullist to force search at next boot
441 #
442 rm -rf /etc/sysconfig/lm_sensors
443
444
445 # Force (re)install pae kernel if pae is supported
446 rm -rf /opt/pakfire/db/*/meta-linux-pae
447 if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then
448 ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
449 BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
450 if [ $BOOTSPACE -lt 12000 -o $ROOTSPACE -lt 90000 ]; then
451 /usr/bin/logger -p syslog.emerg -t ipfire \
452 "core-update-${core}: WARNING not enough space for pae kernel."
453 else
454 echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae
455 echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae
456 echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae
457 echo "Name: linux-pae" > /opt/pakfire/db/meta/meta-linux-pae
458 echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-pae
459 echo "Release: 0" >> /opt/pakfire/db/meta/meta-linux-pae
460 fi
461 fi
462
463 # Force reinstall xen kernel if it was installed
464 if [ -e "/opt/pakfire/db/installed/meta-linux-xen" ]; then
465 echo "Name: linux-xen" > /opt/pakfire/db/installed/meta-linux-xen
466 echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-xen
467 echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-xen
468 echo "Name: linux-xen" > /opt/pakfire/db/meta/meta-linux-xen
469 echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-xen
470 echo "Release: 0" >> /opt/pakfire/db/meta/meta-linux-xen
471 # Add xvc0 to /etc/securetty
472 echo "xvc0" >> /etc/securetty
473 fi
474
475 #
476 # After pakfire has ended run it again and update the lists and do upgrade
477 #
478 echo '#!/bin/bash' > /tmp/pak_update
479 echo 'while [ "$(ps -A | grep " update.sh")" != "" ]; do' >> /tmp/pak_update
480 echo ' sleep 1' >> /tmp/pak_update
481 echo 'done' >> /tmp/pak_update
482 echo 'while [ "$(ps -A | grep " pakfire")" != "" ]; do' >> /tmp/pak_update
483 echo ' sleep 1' >> /tmp/pak_update
484 echo 'done' >> /tmp/pak_update
485 echo '/opt/pakfire/pakfire update -y --force' >> /tmp/pak_update
486 echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
487 echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
488 echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
489 echo '/usr/bin/logger -p syslog.emerg -t ipfire "Core-upgrade finished. If you use a customized grub.cfg"' >> /tmp/pak_update
490 echo '/usr/bin/logger -p syslog.emerg -t ipfire "Check it before reboot !!!"' >> /tmp/pak_update
491 echo '/usr/bin/logger -p syslog.emerg -t ipfire " *** Please reboot... *** "' >> /tmp/pak_update
492 echo 'touch /var/run/need_reboot ' >> /tmp/pak_update
493 #
494 killall -KILL pak_update
495 chmod +x /tmp/pak_update
496 /tmp/pak_update &
497
498 sync
499
500 #
501 #Finish
502 (
503 /etc/init.d/fireinfo start
504 sendprofile
505 ) >/dev/null 2>&1 &
506
507 # Update Package list for addon installation
508 /opt/pakfire/pakfire update -y --force
509
510 echo
511 echo Please wait until pakfire has ended...
512 echo
513 #Don't report the exitcode last command
514 exit 0
515
Timo's tree of IPFire 2.x