webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-12 20:16:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
40407aee99546b4f25632bcaeb796d2a53cb1bcb
bpfire/config/rootfiles/oldcore/77/update.sh
Arne Fitzenreiter 581f19ddf1 start core80.
2014-06-14 22:21:08 +02:00

531 lines
17 KiB
Bash
Raw Blame History

#!/bin/bash
############################################################################
# #
# This file is part of the IPFire Firewall. #
# #
# IPFire is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 3 of the License, or #
# (at your option) any later version. #
# #
# IPFire is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
# Copyright (C) 2014 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
/usr/local/bin/backupctrl exclude >/dev/null 2>&1
function add_to_backup ()
{
# Add path to ROOTFILES but remove old entries to prevent double
# files in the tar
grep -v "^$1" /opt/pakfire/tmp/ROOTFILES > /opt/pakfire/tmp/ROOTFILES.tmp
mv /opt/pakfire/tmp/ROOTFILES.tmp /opt/pakfire/tmp/ROOTFILES
echo $1 >> /opt/pakfire/tmp/ROOTFILES
}
#
# Remove old core updates from pakfire cache to save space...
core=77
for (( i=1; i<=${core}; i++ ))
do
rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
done
#
# Do some sanity checks.
case $(uname -r) in
*-ipfire-versatile )
/usr/bin/logger -p syslog.emerg -t ipfire \
"core-update-${core}: ERROR cannot update. versatile support is dropped."
# Report no error to pakfire. So it does not try to install it again.
exit 0
;;
*-ipfire-xen )
BOOTSIZE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f2 | tail -n 1`
if [ $BOOTSIZE -lt 28000 ]; then
/usr/bin/logger -p syslog.emerg -t ipfire \
"core-update-${core}: ERROR cannot update because not enough space on boot."
exit 2
fi
;;
*-ipfire* )
# Ok.
;;
* )
/usr/bin/logger -p syslog.emerg -t ipfire \
"core-update-${core}: ERROR cannot update. No IPFire Kernel."
exit 1
;;
esac
#
#
KVER="xxxKVERxxx"
MOUNT=`grep "kernel" /boot/grub/grub.conf 2>/dev/null | tail -n 1 `
# Nur den letzten Parameter verwenden
echo $MOUNT > /dev/null
MOUNT=$_
if [ ! $MOUNT == "rw" ]; then
MOUNT="ro"
fi
#
# check if we the backup file already exist
if [ -e /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz ]; then
echo Moving backup to backup-old ...
mv -f /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz \
/var/ipfire/backup/core-upgrade${core}_${KVER}-old.tar.xz
fi
echo First we made a backup of all files that was inside of the
echo update archive. This may take a while ...
# Add some files that are not in the package to backup
add_to_backup lib/modules
add_to_backup etc/udev
add_to_backup lib/udev
add_to_backup boot
add_to_backup etc/sysconfig/lm_sensors
add_to_backup etc/sysconfig/rc.local
add_to_backup srv/web/ipfire/html/themes/ipfire
add_to_backup usr/lib/engines
add_to_backup etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
add_to_backup etc/rc.d/init.d/networking/red.up/25-portfw
add_to_backup etc/rc.d/init.d/networking/red.up/26-xtaccess
add_to_backup usr/local/bin/setportfw
add_to_backup usr/local/bin/setdmzholes
add_to_backup usr/local/bin/setxtaccess
add_to_backup usr/local/bin/outgoingfwctrl
add_to_backup srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi
add_to_backup var/ipfire/{dmzholes,portfw,outgoing,xtaccess}
add_to_backup etc/inittab
add_to_backup etc/fstab
add_to_backup usr/share/usb_modeswitch
add_to_backup etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl
add_to_backup etc/rc.d/init.d/networking/red.up/99-U-dialctrl.pl
add_to_backup usr/local/bin/dialctrl.pl
add_to_backup usr/lib/locale/locale-archive
# Backup the files
tar cJvf /var/ipfire/backup/core-upgrade${core}_${KVER}.tar.xz \
-C / -T /opt/pakfire/tmp/ROOTFILES --exclude='#*' --exclude='/var/cache' > /dev/null 2>&1
# Check diskspace on root
ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
if [ $ROOTSPACE -lt 100000 ]; then
/usr/bin/logger -p syslog.emerg -t ipfire \
"core-update-${core}: ERROR cannot update because not enough free space on root."
exit 2
fi
echo
echo Update Kernel to $KVER ...
#
# Remove old kernel, configs, initrd, modules ...
#
rm -rf /boot/System.map-*
rm -rf /boot/config-*
rm -rf /boot/ipfirerd-*
rm -rf /boot/vmlinuz-*
rm -rf /boot/uImage-ipfire-*
rm -rf /boot/uInit-ipfire-*
rm -rf /lib/modules
# Remove old usb_modeswitch_data
rm -rf /usr/share/usb_modeswitch
# Remove old tzdata
rm -rf /usr/share/zoneinfo
# Remoce old locale-archive
rm -rf /usr/lib/locale/locale-archive
# Remove dialctrl.pl script
rm -f \
/etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl \
/etc/rc.d/init.d/networking/red.up/99-U-dialctrl.pl \
/usr/local/bin/dialctrl.pl
#
# Remove old udev rules.
#
if [ -e /etc/udev/rules.d/29-ct-server-network.rules ]; then
cp /etc/udev/rules.d/29-ct-server-network.rules /tmp/
fi
cp /etc/udev/rules.d/30-persistent-network.rules /tmp/
rm -rf /etc/udev
rm -rf /lib/udev
mkdir -p /etc/udev/rules.d
if [ -e /tmp/rules.d/29-ct-server-network.rules ]; then
mv /tmp/29-ct-server-network.rules /etc/udev/rules.d/
fi
mv /tmp/30-persistent-network.rules /etc/udev/rules.d/
case $(uname -m) in
i?86 )
#
# Backup grub.conf
#
cp -vf /boot/grub/grub.conf /boot/grub/grub.conf.org
;;
esac
#
#Stop services
/etc/init.d/snort stop
/etc/init.d/squid stop
/etc/init.d/ipsec stop
/etc/init.d/apache stop
# Remove the old default theme
rm -rf /srv/web/ipfire/html/themes/ipfire
# rename /etc/modprobe.d files
for i in $(find /etc/modprobe.d/* | grep -v ".conf"); do
mv $i $i.conf
done
# Move /var/run to /run.
if [ -L "/run" ]; then
rm -f /run
fi
mkdir -p /run
if mountpoint /var/run; then
mount --move /var/run /run
rm -rf /var/run
fi
ln -svf ../run /var/run
# Creating directories for new firewall.
mkdir -p /var/ipfire/firewall
mkdir -p /var/ipfire/fwhosts
# Remove old ntp binaries
rm -f /usr/sbin/ntp-keygen
rm -f /usr/sbin/ntp-wait
rm -f /usr/sbin/ntpq
rm -f /usr/sbin/ntptime
rm -f /usr/sbin/ntptrace
rm -f /usr/sbin/tickadj
# Remove old firewall helper link
rm -f /etc/rc.d/init.d/networking/red.up/22-forwardfwctrl
#
#Extract files
tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
# Check diskspace on boot
BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
if [ $BOOTSPACE -lt 1000 ]; then
case $(uname -r) in
*-ipfire-kirkwood )
# Special handling for old kirkwood images.
# (install only kirkwood kernel)
rm -rf /boot/*
tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p \
--numeric-owner -C / --wildcards 'boot/*-kirkwood*'
;;
* )
/usr/bin/logger -p syslog.emerg -t ipfire \
"core-update-${core}: FATAL-ERROR space run out on boot. System is not bootable..."
/etc/init.d/apache start
exit 4
;;
esac
fi
#
#Reload init to close old linker/glibc
telinit u
# Regenerate ipsec configuration files.
/srv/web/ipfire/cgi-bin/vpnmain.cgi
# Update Language cache
perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
# Remove old openssl engines
rm -rf /usr/lib/engines
# Remove old initscripts
rm -f /etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
rm -f /etc/rc.d/init.d/networking/red.up/25-portfw
rm -f /etc/rc.d/init.d/networking/red.up/26-xtaccess
rm -f /etc/rc.d/rcsysinit.d/S90sysctl
# Remove old firewallscripts
rm -f /usr/local/bin/setportfw
rm -f /usr/local/bin/setdmzholes
rm -f /usr/local/bin/setxtaccess
rm -f /usr/local/bin/outgoingfwctrl
# Remove old CGI files
rm -f /srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi
# Generate chains for new firewall
/sbin/iptables -N INPUTFW 2>/dev/null
/sbin/iptables -N FORWARDFW 2>/dev/null
/sbin/iptables -N POLICYFWD 2>/dev/null
/sbin/iptables -N POLICYIN 2>/dev/null
/sbin/iptables -N POLICYOUT 2>/dev/null
/sbin/iptables -t nat -N NAT_SOURCE 2>/dev/null
/sbin/iptables -t nat -N NAT_DESTINATION 2>/dev/null
/sbin/iptables -t mangle -N NAT_DESTINATION 2>/dev/null
# Create config files for firewall and fix permissions.
touch /var/ipfire/firewall/config
touch /var/ipfire/firewall/input
touch /var/ipfire/firewall/outgoing
touch /var/ipfire/firewall/settings
touch /var/ipfire/fwhosts/customhosts
touch /var/ipfire/fwhosts/customnetworks
touch /var/ipfire/fwhosts/customgroups
touch /var/ipfire/fwhosts/customservices
touch /var/ipfire/fwhosts/customservicegrp
if [ ! -s "/var/ipfire/fwhosts/customservices" ];then
cp /var/ipfire/fwhosts/customservices.default /var/ipfire/fwhosts/customservices
fi
# Fix ownership.
chown -R nobody:nobody /var/ipfire/firewall
chown -R nobody:nobody /var/ipfire/fwhosts
# Convert firewall configuration
/usr/sbin/convert-xtaccess
/usr/sbin/convert-outgoingfw
/usr/sbin/convert-portfw
/usr/sbin/convert-dmz
# Remove old firewall configuration files
rm -rf /var/ipfire/{dmzholes,portfw,outgoing,xtaccess}
# In previously released IPFire versions the DROPOUTPUT and DROPINPUT
# option have two identical lines in the optionsfw/settings file as long as
# the user hasn't done any changes on the WUI.
#
# To prevent from any kind of side effects we are going to solve this issue now.
# Fix doubble enties of DROPOUTPUT when the default settings are still in use
# (the save button on the WUI page never has been clicked) or convert to the
# new option name required by the firewall of IPFire 2.15.
optionsfw_file="/var/ipfire/optionsfw/settings"
if [ $(grep -c "DROPOUTPUT" ${optionsfw_file}) -gt 1 ] ; then
# Drop all DROPUTPUT entries.
sed -e "/DROPOUTPUT/d" -i ${optionsfw_file}
# Add default line for new option.
echo "DROPOUTGOING=on" >> ${optionsfw_file}
else
# Convert option name to new format.
sed -e "s/DROPOUTPUT/DROPOUTGOING/g" -i ${optionsfw_file}
fi
# Fix doubble enties of DROPINPUT when the default settings are still in use
# (the save button on the WUI page never has been clicked).
if [ $(grep -c "DROPINPUT" ${optionsfw_file}) -gt 1 ] ; then
# We only can remove all entries with an defined string.
sed -e "/DROPINPUT/d" -i ${optionsfw_file}
# Afterwards we have to add the required string with the default
# value again.
echo "DROPINPUT=on" >> ${optionsfw_file}
fi
# Add strings and default values for new options of the firewall.
echo "DROPFORWARD=on" >> ${optionsfw_file}
echo "FWPOLICY=DROP" >> ${optionsfw_file}
echo "FWPOLICY1=DROP" >> ${optionsfw_file}
echo "FWPOLICY2=DROP" >> ${optionsfw_file}
echo "DROPSAMBA=off" >> ${optionsfw_file}
echo "DROPPROXY=off" >> ${optionsfw_file}
echo "SHOWREMARK=on" >> ${optionsfw_file}
echo "SHOWCOLORS=on" >> ${optionsfw_file}
echo "SHOWTABLES=off" >> ${optionsfw_file}
echo "SHOWDROPDOWN=off" >> ${optionsfw_file}
echo "DROPWIRELESSINPUT=on" >> ${optionsfw_file}
echo "DROPWIRELESSFORWARD=on" >> ${optionsfw_file}
unset optionsfw_file
# Convert inittab and fstab
sed -i -e "s/tty1 9600$/tty1 9600 --noclear/g" /etc/inittab
sed -i -e "s/xvc0 9600$/xvc0 9600 --noclear/g" /etc/inittab
sed -i -e "s/^proc/#proc/g" /etc/fstab
sed -i -e "s/^sysfs/#sysfs/g" /etc/fstab
sed -i -e "s/^devpts/#devpts/g" /etc/fstab
sed -i -e "s|^none\s/var/run|#none /var/run|g" /etc/fstab
# Convert udev persistent network rules
sed -i -e "s/SYSFS{/ATTR{/g" /etc/udev/rules.d/30-persistent-network.rules
# Firstsetup was already run
touch /var/ipfire/main/firstsetup_ok
#
# Start services
#
/etc/init.d/apache start
/etc/init.d/squid start
/etc/init.d/snort start
if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then
/etc/init.d/ipsec start
fi
#
# Rebuild qosscript if enabled
#
if [ -e /var/ipfire/qos/enable ]; then
/usr/local/bin/qosctrl stop
/usr/local/bin/qosctrl generate
/usr/local/bin/qosctrl start
fi
chown cron:cron /var/spool/cron
# Update crontab
grep -q timezone-transition /var/spool/cron/root.orig || cat <<EOF >> /var/spool/cron/root.orig
# Re-read firewall rules every Sunday in March, October and November to take care of daylight saving time
00 3 * 3 0 /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl
00 2 * 10-11 0 /usr/local/bin/timezone-transition /usr/local/bin/firewallctrl
EOF
# Remove dialctrl script.
sed -i /var/spool/cron/root.orig -e "/Dialup/,/dialctrl.pl/d"
fcrontab -z &>/dev/null
case $(uname -m) in
i?86 )
#
# Modify grub.conf
#
echo
echo Update grub configuration ...
ROOT=`mount | grep " / " | cut -d" " -f1`
if [ ! -z $ROOT ]; then
ROOTUUID=`blkid -c /dev/null -sUUID $ROOT | cut -d'"' -f2`
fi
if [ ! -z $ROOTUUID ]; then
sed -i "s|ROOT|UUID=$ROOTUUID|g" /boot/grub/grub.conf
else
sed -i "s|ROOT|$ROOT|g" /boot/grub/grub.conf
fi
sed -i "s|KVER|$KVER|g" /boot/grub/grub.conf
sed -i "s|MOUNT|$MOUNT|g" /boot/grub/grub.conf
if [ "$(grep "^serial" /boot/grub/grub.conf.org)" == "" ]; then
echo "grub use default console ..."
else
echo "grub use serial console ..."
sed -i -e "s|splashimage|#splashimage|g" /boot/grub/grub.conf
sed -i -e "s|#serial|serial|g" /boot/grub/grub.conf
sed -i -e "s|#terminal|terminal|g" /boot/grub/grub.conf
sed -i -e "s| panic=10 | console=ttyS0,115200n8 panic=10 |g" /boot/grub/grub.conf
fi
#
# ReInstall grub
#
echo "(hd0) ${ROOT::`expr length $ROOT`-1}" > /boot/grub/device.map
grub-install --no-floppy ${ROOT::`expr length $ROOT`-1}
;;
esac
#
# Delete old lm-sensor modullist to force search at next boot
#
rm -rf /etc/sysconfig/lm_sensors
# Force (re)install pae kernel if pae is supported
rm -rf /opt/pakfire/db/*/meta-linux-pae
if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then
ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
if [ $BOOTSPACE -lt 12000 -o $ROOTSPACE -lt 90000 ]; then
/usr/bin/logger -p syslog.emerg -t ipfire \
"core-update-${core}: WARNING not enough space for pae kernel."
else
echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae
echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae
echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae
echo "Name: linux-pae" > /opt/pakfire/db/meta/meta-linux-pae
echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-pae
echo "Release: 0" >> /opt/pakfire/db/meta/meta-linux-pae
fi
fi
# Force reinstall xen kernel if it was installed
if [ -e "/opt/pakfire/db/installed/meta-linux-xen" ]; then
echo "Name: linux-xen" > /opt/pakfire/db/installed/meta-linux-xen
echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-xen
echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-xen
echo "Name: linux-xen" > /opt/pakfire/db/meta/meta-linux-xen
echo "ProgVersion: 0" >> /opt/pakfire/db/meta/meta-linux-xen
echo "Release: 0" >> /opt/pakfire/db/meta/meta-linux-xen
# Add xvc0 to /etc/securetty
echo "xvc0" >> /etc/securetty
fi
#
# After pakfire has ended run it again and update the lists and do upgrade
#
echo '#!/bin/bash' > /tmp/pak_update
echo 'while [ "$(ps -A | grep " update.sh")" != "" ]; do' >> /tmp/pak_update
echo ' sleep 1' >> /tmp/pak_update
echo 'done' >> /tmp/pak_update
echo 'while [ "$(ps -A | grep " pakfire")" != "" ]; do' >> /tmp/pak_update
echo ' sleep 1' >> /tmp/pak_update
echo 'done' >> /tmp/pak_update
echo '/opt/pakfire/pakfire update -y --force' >> /tmp/pak_update
echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update
echo '/usr/bin/logger -p syslog.emerg -t ipfire "Core-upgrade finished. If you use a customized grub.cfg"' >> /tmp/pak_update
echo '/usr/bin/logger -p syslog.emerg -t ipfire "Check it before reboot !!!"' >> /tmp/pak_update
echo '/usr/bin/logger -p syslog.emerg -t ipfire " *** Please reboot... *** "' >> /tmp/pak_update
echo 'touch /var/run/need_reboot ' >> /tmp/pak_update
#
killall -KILL pak_update
chmod +x /tmp/pak_update
/tmp/pak_update &
sync
#
#Finish
(
/etc/init.d/fireinfo start
sendprofile
) >/dev/null 2>&1 &
# Update Package list for addon installation
/opt/pakfire/pakfire update -y --force
echo
echo Please wait until pakfire has ended...
echo
#Don't report the exitcode last command
exit 0
Reference in New Issue View Git Blame Copy Permalink