#
# Remove old core updates from pakfire cache to save space...
core=76
-for (( i=1; i<=$core; i++ ))
+for (( i=1; i<=${core}; i++ ))
do
rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
done
case $(uname -r) in
*-ipfire-versatile )
/usr/bin/logger -p syslog.emerg -t ipfire \
- "core-update-$core: ERROR cannot update. versatile support is dropped."
+ "core-update-${core}: ERROR cannot update. versatile support is dropped."
# Report no error to pakfire. So it does not try to install it again.
exit 0
;;
BOOTSIZE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f2 | tail -n 1`
if [ $BOOTSIZE -lt 28000 ]; then
/usr/bin/logger -p syslog.emerg -t ipfire \
- "core-update-$core: ERROR cannot update because not enough space on boot."
+ "core-update-${core}: ERROR cannot update because not enough space on boot."
exit 2
fi
;;
;;
* )
/usr/bin/logger -p syslog.emerg -t ipfire \
- "core-update-$core: ERROR cannot update. No IPFire Kernel."
+ "core-update-${core}: ERROR cannot update. No IPFire Kernel."
exit 1
;;
esac
#
#
-KVER="3.10.26"
+KVER="xxxKVERxxx"
MOUNT=`grep "kernel" /boot/grub/grub.conf 2>/dev/null | tail -n 1 `
# Nur den letzten Parameter verwenden
echo $MOUNT > /dev/null
#
# check if we the backup file already exist
-if [ -e /var/ipfire/backup/core-upgrade$core_$KVER.tar.xz ]; then
+if [ -e /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz ]; then
echo Moving backup to backup-old ...
- mv -f /var/ipfire/backup/core-upgrade$core_$KVER.tar.xz \
- /var/ipfire/backup/core-upgrade$core_$KVER-old.tar.xz
+ mv -f /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz \
+ /var/ipfire/backup/core-upgrade${core}_${KVER}-old.tar.xz
fi
echo First we made a backup of all files that was inside of the
echo update archive. This may take a while ...
add_to_backup etc/inittab
add_to_backup etc/fstab
add_to_backup usr/share/usb_modeswitch
+add_to_backup etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl
+add_to_backup etc/rc.d/init.d/networking/red.up/99-U-dialctrl.pl
+add_to_backup usr/local/bin/dialctrl.pl
# Backup the files
-tar cJvf /var/ipfire/backup/core-upgrade$core_$KVER.tar.xz \
+tar cJvf /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz \
-C / -T /opt/pakfire/tmp/ROOTFILES --exclude='#*' --exclude='/var/cache' > /dev/null 2>&1
# Check diskspace on root
if [ $ROOTSPACE -lt 100000 ]; then
/usr/bin/logger -p syslog.emerg -t ipfire \
- "core-update-$core: ERROR cannot update because not enough free space on root."
+ "core-update-${core}: ERROR cannot update because not enough free space on root."
exit 2
fi
# Remove old usb_modeswitch_data
rm -rf /usr/share/usb_modeswitch
+# Remove old tzdata
+rm -rf /usr/share/zoneinfo
+
+# Remove dialctrl.pl script
+rm -f \
+ /etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl \
+ /etc/rc.d/init.d/networking/red.up/99-U-dialctrl.pl \
+ /usr/local/bin/dialctrl.pl
#
# Remove old udev rules.
ln -svf ../run /var/run
+# Creating directories for new firewall.
+mkdir -p /var/ipfire/firewall
+mkdir -p /var/ipfire/fwhosts
+
+# Remove old ntp binaries
+rm -f /usr/sbin/ntp-keygen
+rm -f /usr/sbin/ntp-wait
+rm -f /usr/sbin/ntpq
+rm -f /usr/sbin/ntptime
+rm -f /usr/sbin/ntptrace
+rm -f /usr/sbin/tickadj
+
+# Remove old firewall helper link
+rm -f /etc/rc.d/init.d/networking/red.up/22-forwardfwctrl
+
#
#Extract files
tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
;;
* )
/usr/bin/logger -p syslog.emerg -t ipfire \
- "core-update-$core: FATAL-ERROR space run out on boot. System is not bootable..."
+ "core-update-${core}: FATAL-ERROR space run out on boot. System is not bootable..."
/etc/init.d/apache start
exit 4
;;
rm -f /etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
rm -f /etc/rc.d/init.d/networking/red.up/25-portfw
rm -f /etc/rc.d/init.d/networking/red.up/26-xtaccess
+rm -f /etc/rc.d/rcsysinit.d/S90sysctl
# Remove old firewallscripts
rm -f /usr/local/bin/setportfw
rm -f /srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi
# Generate chains for new firewall
-/sbin/iptables -N INPUTFW
-/sbin/iptables -N FORWARDFW
-/sbin/iptables -N POLICYFWD
-/sbin/iptables -N POLICYIN
-/sbin/iptables -N POLICYOUT
-/sbin/iptables -t nat -N NAT_SOURCE
-/sbin/iptables -t nat -N NAT_DESTINATION
+/sbin/iptables -N INPUTFW 2>/dev/null
+/sbin/iptables -N FORWARDFW 2>/dev/null
+/sbin/iptables -N POLICYFWD 2>/dev/null
+/sbin/iptables -N POLICYIN 2>/dev/null
+/sbin/iptables -N POLICYOUT 2>/dev/null
+/sbin/iptables -t nat -N NAT_SOURCE 2>/dev/null
+/sbin/iptables -t nat -N NAT_DESTINATION 2>/dev/null
+
+# Create config files for firewall and fix permissions.
+touch /var/ipfire/firewall/config
+touch /var/ipfire/firewall/input
+touch /var/ipfire/firewall/outgoing
+touch /var/ipfire/firewall/settings
+touch /var/ipfire/fwhosts/customhosts
+touch /var/ipfire/fwhosts/customnetworks
+touch /var/ipfire/fwhosts/customgroups
+touch /var/ipfire/fwhosts/customservices
+touch /var/ipfire/fwhosts/customservicegrp
+
+# Fix ownership.
+chown -R nobody:nobody /var/ipfire/firewall
+chown -R nobody:nobody /var/ipfire/fwhosts
# Convert firewall configuration
/usr/sbin/convert-xtaccess
# Remove old firewall configuration files
rm -rf /var/ipfire/{dmzholes,portfw,outgoing,xtaccess}
+# In previously released IPFire versions the DROPOUTPUT and DROPINPUT
+# option have two identical lines in the optionsfw/settings file as long as
+# the user hasn't done any changes on the WUI.
+#
+# To prevent from any kind of side effects we are going to solve this issue now.
+
+# Fix doubble enties of DROPOUTPUT when the default settings are still in use
+# (the save button on the WUI page never has been clicked) or convert to the
+# new option name required by the firewall of IPFire 2.15.
+
+optionsfw_file="/var/ipfire/optionsfw/settings"
+
+if [ $(grep -c "DROPOUTPUT" ${optionsfw_file}) -gt 1 ] ; then
+
+ # Drop all DROPUTPUT entries.
+ sed -e "/DROPOUTPUT/d" -i ${optionsfw_file}
+
+ # Add default line for new option.
+ echo "DROPOUTGOING=on" >> ${optionsfw_file}
+else
+
+ # Convert option name to new format.
+ sed -e "s/DROPOUTPUT/DROPOUTGOING/g" -i ${optionsfw_file}
+fi
+
+# Fix doubble enties of DROPINPUT when the default settings are still in use
+# (the save button on the WUI page never has been clicked).
+if [ $(grep -c "DROPINPUT" ${optionsfw_file}) -gt 1 ] ; then
+
+ # We only can remove all entries with an defined string.
+ sed -e "/DROPINPUT/d" -i ${optionsfw_file}
+
+ # Afterwards we have to add the required string with the default
+ # value again.
+ echo "DROPINPUT=on" >> ${optionsfw_file}
+fi
+
+# Add strings and default values for new options of the firewall.
+echo "DROPFORWARD=on" >> ${optionsfw_file}
+echo "FWPOLICY=DROP" >> ${optionsfw_file}
+echo "FWPOLICY1=DROP" >> ${optionsfw_file}
+echo "FWPOLICY2=DROP" >> ${optionsfw_file}
+echo "DROPSAMBA=off" >> ${optionsfw_file}
+echo "DROPPROXY=off" >> ${optionsfw_file}
+echo "SHOWREMARK=on" >> ${optionsfw_file}
+echo "SHOWCOLORS=on" >> ${optionsfw_file}
+echo "SHOWTABLES=off" >> ${optionsfw_file}
+echo "SHOWDROPDOWN=off" >> ${optionsfw_file}
+echo "DROPWIRELESSINPUT=on" >> ${optionsfw_file}
+echo "DROPWIRELESSFORWARD=on" >> ${optionsfw_file}
+
+unset optionsfw_file
+
# Convert inittab and fstab
sed -i -e "s/tty1 9600$/tty1 9600 --noclear/g" /etc/inittab
+sed -i -e "s/xvc0 9600$/xvc0 9600 --noclear/g" /etc/inittab
sed -i -e "s/^proc/#proc/g" /etc/fstab
sed -i -e "s/^sysfs/#sysfs/g" /etc/fstab
sed -i -e "s/^devpts/#devpts/g" /etc/fstab
-sed -i -e "s|^none\s/var/run|#none /var/run|/g" /etc/fstab
+sed -i -e "s|^none\s/var/run|#none /var/run|g" /etc/fstab
# Convert udev persistent network rules
sed -i -e "s/SYSFS{/ATTR{/g" /etc/udev/rules.d/30-persistent-network.rules
/usr/local/bin/qosctrl start
fi
+# Update crontab
+cat <<EOF >> /var/spool/cron/root.orig
+
+# Re-read firewall rules every Sunday in March, October and November to take care of daylight saving time
+00 3 * 3 0 /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl
+00 2 * 10-11 0 /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl
+EOF
+fcrontab -z &>/dev/null
+
case $(uname -m) in
i?86 )
BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
if [ $BOOTSPACE -lt 12000 -o $ROOTSPACE -lt 90000 ]; then
/usr/bin/logger -p syslog.emerg -t ipfire \
- "core-update-$core: WARNING not enough space for pae kernel."
+ "core-update-${core}: WARNING not enough space for pae kernel."
else
echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae
echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae
echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae
+ echo "Name: linux-pae" > /opt/pakfire/db/meta/meta-linux-pae
+ echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-pae
+ echo "Release: 0" >> /opt/pakfire/db/meta/meta-linux-pae
fi
fi
echo "Name: linux-xen" > /opt/pakfire/db/installed/meta-linux-xen
echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-xen
echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-xen
+ echo "Name: linux-xen" > /opt/pakfire/db/meta/meta-linux-xen
+ echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-xen
+ echo "Release: 0" >> /opt/pakfire/db/meta/meta-linux-xen
# Add xvc0 to /etc/securetty
echo "xvc0" >> /etc/securetty
fi
echo '/usr/bin/logger -p syslog.emerg -t ipfire " *** Please reboot... *** "' >> /tmp/pak_update
echo 'touch /var/run/need_reboot ' >> /tmp/pak_update
#
+killall -KILL pak_update
chmod +x /tmp/pak_update
/tmp/pak_update &
sendprofile
) >/dev/null 2>&1 &
+# Update Package list for addon installation
+/opt/pakfire/pakfire update -y --force
+
echo
echo Please wait until pakfire has ended...
echo
projects / people / teissler / ipfire-2.x.git / blobdiff