8d55152486da009b056ab3274337090c256ed365
[people/teissler/ipfire-2.x.git] / config / rootfiles / core / 76 / update.sh
1 #!/bin/bash
2 ############################################################################
3 # #
4 # This file is part of the IPFire Firewall. #
5 # #
6 # IPFire is free software; you can redistribute it and/or modify #
7 # it under the terms of the GNU General Public License as published by #
8 # the Free Software Foundation; either version 3 of the License, or #
9 # (at your option) any later version. #
10 # #
11 # IPFire is distributed in the hope that it will be useful, #
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
14 # GNU General Public License for more details. #
15 # #
16 # You should have received a copy of the GNU General Public License #
17 # along with IPFire; if not, write to the Free Software #
18 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
19 # #
20 # Copyright (C) 2014 IPFire-Team <info@ipfire.org>. #
21 # #
22 ############################################################################
23 #
24 . /opt/pakfire/lib/functions.sh
25 /usr/local/bin/backupctrl exclude >/dev/null 2>&1
26
27 function add_to_backup ()
28 {
29 # Add path to ROOTFILES but remove old entries to prevent double
30 # files in the tar
31 grep -v "^$1" /opt/pakfire/tmp/ROOTFILES > /opt/pakfire/tmp/ROOTFILES.tmp
32 mv /opt/pakfire/tmp/ROOTFILES.tmp /opt/pakfire/tmp/ROOTFILES
33 echo $1 >> /opt/pakfire/tmp/ROOTFILES
34 }
35
36 #
37 # Remove old core updates from pakfire cache to save space...
38 core=76
39 for (( i=1; i<=$core; i++ ))
40 do
41 rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
42 done
43
44 #
45 # Do some sanity checks.
46 case $(uname -r) in
47 *-ipfire-versatile )
48 /usr/bin/logger -p syslog.emerg -t ipfire \
49 "core-update-$core: ERROR cannot update. versatile support is dropped."
50 # Report no error to pakfire. So it does not try to install it again.
51 exit 0
52 ;;
53 *-ipfire-xen )
54 BOOTSIZE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f2 | tail -n 1`
55 if [ $BOOTSIZE -lt 28000 ]; then
56 /usr/bin/logger -p syslog.emerg -t ipfire \
57 "core-update-$core: ERROR cannot update because not enough space on boot."
58 exit 2
59 fi
60 ;;
61 *-ipfire* )
62 # Ok.
63 ;;
64 * )
65 /usr/bin/logger -p syslog.emerg -t ipfire \
66 "core-update-$core: ERROR cannot update. No IPFire Kernel."
67 exit 1
68 ;;
69 esac
70
71
72 #
73 #
74 KVER="3.10.26"
75 MOUNT=`grep "kernel" /boot/grub/grub.conf 2>/dev/null | tail -n 1 `
76 # Nur den letzten Parameter verwenden
77 echo $MOUNT > /dev/null
78 MOUNT=$_
79 if [ ! $MOUNT == "rw" ]; then
80 MOUNT="ro"
81 fi
82
83 #
84 # check if we the backup file already exist
85 if [ -e /var/ipfire/backup/core-upgrade$core_$KVER.tar.xz ]; then
86 echo Moving backup to backup-old ...
87 mv -f /var/ipfire/backup/core-upgrade$core_$KVER.tar.xz \
88 /var/ipfire/backup/core-upgrade$core_$KVER-old.tar.xz
89 fi
90 echo First we made a backup of all files that was inside of the
91 echo update archive. This may take a while ...
92 # Add some files that are not in the package to backup
93 add_to_backup lib/modules
94 add_to_backup etc/udev
95 add_to_backup lib/udev
96 add_to_backup boot
97 add_to_backup etc/sysconfig/lm_sensors
98 add_to_backup etc/sysconfig/rc.local
99 add_to_backup srv/web/ipfire/html/themes/ipfire
100 add_to_backup usr/lib/engines
101 add_to_backup etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
102 add_to_backup etc/rc.d/init.d/networking/red.up/25-portfw
103 add_to_backup etc/rc.d/init.d/networking/red.up/26-xtaccess
104 add_to_backup usr/local/bin/setportfw
105 add_to_backup usr/local/bin/setdmzholes
106 add_to_backup usr/local/bin/setxtaccess
107 add_to_backup usr/local/bin/outgoingfwctrl
108 add_to_backup srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi
109 add_to_backup var/ipfire/{dmzholes,portfw,outgoing,xtaccess}
110 add_to_backup etc/inittab
111 add_to_backup etc/fstab
112 add_to_backup usr/share/usb_modeswitch
113
114 # Backup the files
115 tar cJvf /var/ipfire/backup/core-upgrade$core_$KVER.tar.xz \
116 -C / -T /opt/pakfire/tmp/ROOTFILES --exclude='#*' --exclude='/var/cache' > /dev/null 2>&1
117
118 # Check diskspace on root
119 ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
120
121 if [ $ROOTSPACE -lt 100000 ]; then
122 /usr/bin/logger -p syslog.emerg -t ipfire \
123 "core-update-$core: ERROR cannot update because not enough free space on root."
124 exit 2
125 fi
126
127
128 echo
129 echo Update Kernel to $KVER ...
130 #
131 # Remove old kernel, configs, initrd, modules ...
132 #
133 rm -rf /boot/System.map-*
134 rm -rf /boot/config-*
135 rm -rf /boot/ipfirerd-*
136 rm -rf /boot/vmlinuz-*
137 rm -rf /boot/uImage-ipfire-*
138 rm -rf /boot/uInit-ipfire-*
139 rm -rf /lib/modules
140
141 # Remove old usb_modeswitch_data
142 rm -rf /usr/share/usb_modeswitch
143
144 #
145 # Remove old udev rules.
146 #
147 if [ -e /etc/udev/rules.d/29-ct-server-network.rules ]; then
148 cp /etc/udev/rules.d/29-ct-server-network.rules /tmp/
149 fi
150 cp /etc/udev/rules.d/30-persistent-network.rules /tmp/
151 rm -rf /etc/udev
152 rm -rf /lib/udev
153 mkdir -p /etc/udev/rules.d
154 if [ -e /tmp/rules.d/29-ct-server-network.rules ]; then
155 mv /tmp/29-ct-server-network.rules /etc/udev/rules.d/
156 fi
157 mv /tmp/30-persistent-network.rules /etc/udev/rules.d/
158
159 case $(uname -m) in
160 i?86 )
161 #
162 # Backup grub.conf
163 #
164 cp -vf /boot/grub/grub.conf /boot/grub/grub.conf.org
165 ;;
166 esac
167 #
168 #Stop services
169 /etc/init.d/snort stop
170 /etc/init.d/squid stop
171 /etc/init.d/ipsec stop
172 /etc/init.d/apache stop
173
174 # Remove the old default theme
175 rm -rf /srv/web/ipfire/html/themes/ipfire
176
177 # rename /etc/modprobe.d files
178 for i in $(find /etc/modprobe.d/* | grep -v ".conf"); do
179 mv $i $i.conf
180 done
181
182 # Move /var/run to /run.
183 if [ -L "/run" ]; then
184 rm -f /run
185 fi
186
187 mkdir -p /run
188 if mountpoint /var/run; then
189 mount --move /var/run /run
190 rm -rf /var/run
191 fi
192
193 ln -svf ../run /var/run
194
195 #
196 #Extract files
197 tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
198
199 # Check diskspace on boot
200 BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
201
202 if [ $BOOTSPACE -lt 1000 ]; then
203 case $(uname -r) in
204 *-ipfire-kirkwood )
205 # Special handling for old kirkwood images.
206 # (install only kirkwood kernel)
207 rm -rf /boot/*
208 tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p \
209 --numeric-owner -C / --wildcards 'boot/*-kirkwood*'
210 ;;
211 * )
212 /usr/bin/logger -p syslog.emerg -t ipfire \
213 "core-update-$core: FATAL-ERROR space run out on boot. System is not bootable..."
214 /etc/init.d/apache start
215 exit 4
216 ;;
217 esac
218 fi
219
220 #
221 #Reload init to close old linker/glibc
222 telinit u
223
224 # Regenerate ipsec configuration files.
225 /srv/web/ipfire/cgi-bin/vpnmain.cgi
226
227 # Update Language cache
228 perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
229
230 # Remove old openssl engines
231 rm -rf /usr/lib/engines
232
233 # Remove old initscripts
234 rm -f /etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
235 rm -f /etc/rc.d/init.d/networking/red.up/25-portfw
236 rm -f /etc/rc.d/init.d/networking/red.up/26-xtaccess
237
238 # Remove old firewallscripts
239 rm -f /usr/local/bin/setportfw
240 rm -f /usr/local/bin/setdmzholes
241 rm -f /usr/local/bin/setxtaccess
242 rm -f /usr/local/bin/outgoingfwctrl
243
244 # Remove old CGI files
245 rm -f /srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi
246
247 # Generate chains for new firewall
248 /sbin/iptables -N INPUTFW
249 /sbin/iptables -N FORWARDFW
250 /sbin/iptables -N POLICYFWD
251 /sbin/iptables -N POLICYIN
252 /sbin/iptables -N POLICYOUT
253 /sbin/iptables -t nat -N NAT_SOURCE
254 /sbin/iptables -t nat -N NAT_DESTINATION
255
256 # Convert firewall configuration
257 /usr/sbin/convert-xtaccess
258 /usr/sbin/convert-outgoingfw
259 /usr/sbin/convert-portfw
260 /usr/sbin/convert-dmz
261
262 # Remove old firewall configuration files
263 rm -rf /var/ipfire/{dmzholes,portfw,outgoing,xtaccess}
264
265 # Convert inittab and fstab
266 sed -i -e "s/tty1 9600$/tty1 9600 --noclear/g" /etc/inittab
267 sed -i -e "s/^proc/#proc/g" /etc/fstab
268 sed -i -e "s/^sysfs/#sysfs/g" /etc/fstab
269 sed -i -e "s/^devpts/#devpts/g" /etc/fstab
270
271 # Convert udev persistent network rules
272 sed -i -e "s/SYSFS{/ATTR{/g" /etc/udev/rules.d/30-persistent-network.rules
273
274 #
275 # Start services
276 #
277 /etc/init.d/apache start
278 /etc/init.d/squid start
279 /etc/init.d/snort start
280 if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then
281 /etc/init.d/ipsec start
282 fi
283
284 #
285 # Rebuild qosscript if enabled
286 #
287 if [ -e /var/ipfire/qos/enable ]; then
288 /usr/local/bin/qosctrl stop
289 /usr/local/bin/qosctrl generate
290 /usr/local/bin/qosctrl start
291 fi
292
293
294 case $(uname -m) in
295 i?86 )
296 #
297 # Modify grub.conf
298 #
299 echo
300 echo Update grub configuration ...
301 ROOT=`mount | grep " / " | cut -d" " -f1`
302
303 if [ ! -z $ROOT ]; then
304 ROOTUUID=`blkid -c /dev/null -sUUID $ROOT | cut -d'"' -f2`
305 fi
306
307 if [ ! -z $ROOTUUID ]; then
308 sed -i "s|ROOT|UUID=$ROOTUUID|g" /boot/grub/grub.conf
309 else
310 sed -i "s|ROOT|$ROOT|g" /boot/grub/grub.conf
311 fi
312 sed -i "s|KVER|$KVER|g" /boot/grub/grub.conf
313 sed -i "s|MOUNT|$MOUNT|g" /boot/grub/grub.conf
314
315 if [ "$(grep "^serial" /boot/grub/grub.conf.org)" == "" ]; then
316 echo "grub use default console ..."
317 else
318 echo "grub use serial console ..."
319 sed -i -e "s|splashimage|#splashimage|g" /boot/grub/grub.conf
320 sed -i -e "s|#serial|serial|g" /boot/grub/grub.conf
321 sed -i -e "s|#terminal|terminal|g" /boot/grub/grub.conf
322 sed -i -e "s| panic=10 | console=ttyS0,115200n8 panic=10 |g" /boot/grub/grub.conf
323 fi
324
325 #
326 # ReInstall grub
327 #
328 echo "(hd0) ${ROOT::`expr length $ROOT`-1}" > /boot/grub/device.map
329 grub-install --no-floppy ${ROOT::`expr length $ROOT`-1}
330 ;;
331 esac
332 #
333 # Delete old lm-sensor modullist to force search at next boot
334 #
335 rm -rf /etc/sysconfig/lm_sensors
336
337
338 # Force (re)install pae kernel if pae is supported
339 rm -rf /opt/pakfire/db/*/meta-linux-pae
340 if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then
341 ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
342 BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
343 if [ $BOOTSPACE -lt 9000 -o $ROOTSPACE -lt 90000 ]; then
344 /usr/bin/logger -p syslog.emerg -t ipfire \
345 "core-update-$core: WARNING not enough space for pae kernel."
346 else
347 echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae
348 echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae
349 echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae
350 fi
351 fi
352
353 # Force reinstall xen kernel if it was installed
354 if [ -e "/opt/pakfire/db/installed/meta-linux-xen" ]; then
355 echo "Name: linux-xen" > /opt/pakfire/db/installed/meta-linux-xen
356 echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-xen
357 echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-xen
358 # Add xvc0 to /etc/securetty
359 echo "xvc0" >> /etc/securetty
360 fi
361
362 #
363 # After pakfire has ended run it again and update the lists and do upgrade
364 #
365 echo '#!/bin/bash' > /tmp/pak_update
366 echo 'while [ "$(ps -A | grep " update.sh")" != "" ]; do' >> /tmp/pak_update
367 echo ' sleep 1' >> /tmp/pak_update
368 echo 'done' >> /tmp/pak_update
369 echo 'while [ "$(ps -A | grep " pakfire")" != "" ]; do' >> /tmp/pak_update
370 echo ' sleep 1' >> /tmp/pak_update
371 echo 'done' >> /tmp/pak_update
372 echo '/opt/pakfire/pakfire update -y --force' >> /tmp/pak_update
373 echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
374 echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
375 echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
376 echo '/usr/bin/logger -p syslog.emerg -t ipfire "Core-upgrade finished. If you use a customized grub.cfg"' >> /tmp/pak_update
377 echo '/usr/bin/logger -p syslog.emerg -t ipfire "Check it before reboot !!!"' >> /tmp/pak_update
378 echo '/usr/bin/logger -p syslog.emerg -t ipfire " *** Please reboot... *** "' >> /tmp/pak_update
379 echo 'touch /var/run/need_reboot ' >> /tmp/pak_update
380 #
381 chmod +x /tmp/pak_update
382 /tmp/pak_update &
383
384 sync
385
386 #
387 #Finish
388 (
389 /etc/init.d/fireinfo start
390 sendprofile
391 ) >/dev/null 2>&1 &
392
393 echo
394 echo Please wait until pakfire has ended...
395 echo
396 #Don't report the exitcode last command
397 exit 0
398