mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-28 03:33:25 +02:00
91443f9234
This is another fragment of rngd - the gift that keeps giving. The udev rules file contains a lot of stuff for a prototype which never went into production. So, that can be dropped. It would have been left with one rule that starts rngd whenever a HWRNG is being found. That is however no longer needed as rngd is being started in the init process. We no longer need to initialize it as early as possible to seed the kernel's PRNG. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
184 lines
5.3 KiB
Bash
184 lines
5.3 KiB
Bash
#!/bin/bash
|
|
############################################################################
|
|
# #
|
|
# This file is part of the IPFire Firewall. #
|
|
# #
|
|
# IPFire is free software; you can redistribute it and/or modify #
|
|
# it under the terms of the GNU General Public License as published by #
|
|
# the Free Software Foundation; either version 3 of the License, or #
|
|
# (at your option) any later version. #
|
|
# #
|
|
# IPFire is distributed in the hope that it will be useful, #
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
|
|
# GNU General Public License for more details. #
|
|
# #
|
|
# You should have received a copy of the GNU General Public License #
|
|
# along with IPFire; if not, write to the Free Software #
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
|
|
# #
|
|
# Copyright (C) 2023 IPFire-Team <info@ipfire.org>. #
|
|
# #
|
|
############################################################################
|
|
#
|
|
. /opt/pakfire/lib/functions.sh
|
|
/usr/local/bin/backupctrl exclude >/dev/null 2>&1
|
|
|
|
core=177
|
|
|
|
exit_with_error() {
|
|
# Set last succesfull installed core.
|
|
echo $(($core-1)) > /opt/pakfire/db/core/mine
|
|
# force fsck at next boot, this may fix free space on xfs
|
|
touch /forcefsck
|
|
# don't start pakfire again at error
|
|
killall -KILL pak_update
|
|
/usr/bin/logger -p syslog.emerg -t ipfire \
|
|
"core-update-${core}: $1"
|
|
exit $2
|
|
}
|
|
|
|
|
|
# Remove old core updates from pakfire cache to save space...
|
|
for (( i=1; i<=$core; i++ )); do
|
|
rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
|
|
done
|
|
|
|
# Stop services
|
|
/etc/rc.d/init.d/squid stop
|
|
|
|
KVER="xxxKVERxxx"
|
|
|
|
# Backup uEnv.txt if exist
|
|
if [ -e /boot/uEnv.txt ]; then
|
|
cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
|
|
fi
|
|
|
|
# Do some sanity checks prior to the kernel update
|
|
case $(uname -r) in
|
|
*-ipfire*)
|
|
# Ok.
|
|
;;
|
|
*)
|
|
exit_with_error "ERROR cannot update. No IPFire Kernel." 1
|
|
;;
|
|
esac
|
|
|
|
# Check diskspace on root
|
|
ROOTSPACE=$( df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1 )
|
|
|
|
if [ $ROOTSPACE -lt 100000 ]; then
|
|
exit_with_error "ERROR cannot update because not enough free space on root." 2
|
|
exit 2
|
|
fi
|
|
|
|
# Remove the old kernel
|
|
rm -rvf \
|
|
/boot/System.map-* \
|
|
/boot/config-* \
|
|
/boot/ipfirerd-* \
|
|
/boot/initramfs-* \
|
|
/boot/vmlinuz-* \
|
|
/boot/uImage-* \
|
|
/boot/zImage-* \
|
|
/boot/uInit-* \
|
|
/boot/dtb-* \
|
|
/lib/modules
|
|
|
|
# Remove dropped squidclamav add-on, if installed
|
|
if [ -e "/opt/pakfire/db/installed/meta-squidclamav" ]; then
|
|
stop_service "squidclamav"
|
|
for i in $(</opt/pakfire/db/rootfiles/squidclamav); do
|
|
rm -rfv "/${i}"
|
|
done
|
|
fi
|
|
rm -f \
|
|
/opt/pakfire/db/installed/meta-squidclamav \
|
|
/opt/pakfire/db/meta/meta-squidclamav \
|
|
/opt/pakfire/db/rootfiles/squidclamav
|
|
|
|
# remove old rngd if the addon is not installed
|
|
if [ ! -e "/opt/pakfire/db/installed/meta-rng-tools" ]; then
|
|
rm -fv /usr/bin/randstat \
|
|
/usr/bin/rngtest \
|
|
/usr/sbin/rngd \
|
|
/etc/rc.d/init.d/rngd \
|
|
/etc/rc.d/rc*.d/*rngd
|
|
fi
|
|
rm -vf /lib/udev/rules.d/90-hwrng.rules
|
|
|
|
# Extract files
|
|
extract_files
|
|
|
|
# Remove files
|
|
rm -rvf \
|
|
/lib/firmware/cxgb4/t4fw-1.27.1* \
|
|
/lib/firmware/cxgb4/t5fw-1.27.1* \
|
|
/lib/firmware/cxgb4/t6fw-1.27.1* \
|
|
/lib/firmware/intel/ice/ddp-comms/ice_comms-1.3.3* \
|
|
/lib/firmware/intel/ice/ddp-wireless_edge/ice_wireless_edge-1.3.7* \
|
|
/usr/lib/engines-1* \
|
|
/usr/lib/libcrypto.so.1* \
|
|
/usr/lib/libssl.so.1*
|
|
|
|
# update linker config
|
|
ldconfig
|
|
|
|
# Update Language cache
|
|
/usr/local/bin/update-lang-cache
|
|
|
|
# Filesytem cleanup
|
|
/usr/local/bin/filesystem-cleanup
|
|
|
|
# Apply local configuration to sshd_config
|
|
/usr/local/bin/sshctrl
|
|
|
|
# Start services
|
|
/etc/init.d/sshd restart
|
|
/etc/init.d/unbound reload
|
|
/etc/init.d/ntp restart
|
|
if [ -f /var/ipfire/proxy/enable ]; then
|
|
/etc/init.d/squid start
|
|
fi
|
|
|
|
# Rebuild initial ramdisks
|
|
dracut --regenerate-all --force
|
|
KVER="xxxKVERxxx"
|
|
case "$(uname -m)" in
|
|
aarch64)
|
|
mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire
|
|
# dont remove initramfs because grub need this to boot.
|
|
;;
|
|
esac
|
|
|
|
# remove lm_sensor config after collectd was started
|
|
# to re-search sensors at next boot with updated kernel
|
|
rm -f /etc/sysconfig/lm_sensors
|
|
|
|
# Upadate Kernel version in uEnv.txt
|
|
if [ -e /boot/uEnv.txt ]; then
|
|
sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt
|
|
fi
|
|
|
|
# Call user update script (needed for some ARM boards)
|
|
if [ -e /boot/pakfire-kernel-update ]; then
|
|
/boot/pakfire-kernel-update ${KVER}
|
|
fi
|
|
|
|
# This update needs a reboot...
|
|
touch /var/run/need_reboot
|
|
|
|
# Finish
|
|
/etc/init.d/fireinfo start
|
|
sendprofile
|
|
|
|
# Update grub config to display new core version
|
|
if [ -e /boot/grub/grub.cfg ]; then
|
|
grub-mkconfig -o /boot/grub/grub.cfg
|
|
fi
|
|
|
|
sync
|
|
|
|
# Don't report the exitcode last command
|
|
exit 0
|