webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-19 07:23:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
8cdc44bc70e7700a9627e8aadfc8622067d8a7d7
bpfire/config/rootfiles/oldcore/185/update.sh
Arne Fitzenreiter 2d4f4ebfa2 Merge remote-tracking branch 'origin/master' into next 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2024-03-31 13:36:08 +02:00

161 lines
5.7 KiB
Bash
Raw Blame History

#!/bin/bash
############################################################################
# #
# This file is part of the IPFire Firewall. #
# #
# IPFire is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 3 of the License, or #
# (at your option) any later version. #
# #
# IPFire is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
# Copyright (C) 2024 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
/usr/local/bin/backupctrl exclude >/dev/null 2>&1
core=185
# Remove old core updates from pakfire cache to save space...
for (( i=1; i<=$core; i++ )); do
rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
done
# Stop services
/etc/init.d/ntp stop
/etc/init.d/squid stop
# Extract files
extract_files
# Remove files
rm -rvf \
/etc/pango \
/lib/firmware/ath10k/WCN3990/hw1.0/notice.txt_wlanmdsp \
/lib/firmware/ath11k/IPQ6018/hw1.0/Notice.txt \
/lib/firmware/ath11k/IPQ8074/hw2.0/Notice.txt \
/lib/firmware/ath11k/QCA6390/hw2.0/Notice.txt \
/lib/firmware/ath11k/QCN9074/hw1.0/Notice.txt \
/lib/firmware/ath11k/WCN6855/hw2.0/Notice.txt \
/lib/firmware/intel-ucode/06-86-04 \
/lib/firmware/intel-ucode/06-86-05 \
/lib/firmware/intel-ucode/06-8f-04 \
/sbin/xtables-multi \
/srv/web/ipfire/html/themes/ipfire-rounded \
/usr/lib/crda/pubkeys/linville.key.pub.pem \
/usr/lib/grub/i386-pc/efiemu{32,64}.o \
/usr/lib/grub/i386-pc/verifiers.* \
/usr/lib/grub/i386-pc/verify.* \
/usr/lib/grub/x86_64-efi/shim_lock.* \
/usr/lib/grub/x86_64-efi/verifiers.* \
/usr/lib/grub/x86_64-efi/verify.* \
/usr/lib/pppd/2.5.0 \
/usr/lib/snort_dynamic* \
/usr/local/bin/snortctrl \
/usr/share/usb_modeswitch/1033:0035 \
/usr/share/vim/vim7* \
/var/ipfire/geoip-functions.pl \
/var/ipfire/dhcpc/dhcpcd-hooks/00-linux \
/var/ipfire/dhcpc/dhcpcd-hooks/02-dump \
/var/lib/location/tmp* \
/usr/lib/liblzma.so.5.6.*
# update linker config
ldconfig
# Update Language cache
/usr/local/bin/update-lang-cache
# Filesytem cleanup
/usr/local/bin/filesystem-cleanup
# Apply local configuration to sshd_config
/usr/local/bin/sshctrl
# Fix permissions of /etc/sudoers.d/
chmod -v 750 /etc/sudoers.d
chmod -v 640 /etc/sudoers.d/*
# Start services
telinit u
/etc/init.d/sshd restart
/etc/init.d/apache restart
/etc/init.d/suricata restart
/etc/init.d/unbound restart
/etc/init.d/ntp start
if [ -f /var/ipfire/proxy/enable ]; then
/etc/init.d/squid start
fi
/etc/init.d/collectd restart
## Modify ovpnconfig according to bug 13548 for no-pass entry for N2N client connections
# Check if ovpnconfig exists and is not empty
if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
# Add blank line at top of ovpnconfig otherwise the first roadwarrior entry is treated like a blank line and missed out from update
awk 'NR==1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig
# Make all N2N connections 'no-pass' since they do not use encryption
awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
# Copy all RW connections unchanged to the new ovpnconfig file
for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
awk -v var="$y" '{FS=OFS=","} {if($3==var) {print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
done
fi
# Replace existing ovpnconfig with updated index
mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
# Set correct ownership
chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
# Check if the drop hostile in and out logging options need to be added
# into the optionsfw settings file and apply to firewall
if ! grep -q "^LOGDROPHOSTILEIN=" /var/ipfire/optionsfw/settings; then
echo "LOGDROPHOSTILEIN=on" >> /var/ipfire/optionsfw/settings
fi
if ! grep -q "^LOGDROPHOSTILEOUT=" /var/ipfire/optionsfw/settings; then
echo "LOGDROPHOSTILEOUT=on" >> /var/ipfire/optionsfw/settings
fi
# Reload all firewall rules
/usr/local/bin/firewallctrl
# Rebuild initial ramdisks
dracut --regenerate-all --force
KVER="xxxKVERxxx"
case "$(uname -m)" in
aarch64)
mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
# dont remove initramfs because grub need this to boot.
;;
esac
# This update needs a reboot...
touch /var/run/need_reboot
# Finish
/etc/init.d/fireinfo start
sendprofile
# Update grub config to display new core version
if [ -e /boot/grub/grub.cfg ]; then
grub-mkconfig -o /boot/grub/grub.cfg
fi
sync
# Don't report the exitcode last command
exit 0
Reference in New Issue View Git Blame Copy Permalink