Hello,
I am somewhat concerned about this patch when it comes to the libraries.
Please make sure that literally nothing is linked against any of those and that we definitely shipped any binary that might have linked against those libraries.
Secondly, we do have a script that should take care of this. Why did the script not cleanup those files? Could you please investigate on your system why they did not get deleted?
-Michael
On 8 Jan 2024, at 21:48, Peter Müller peter.mueller@ipfire.org wrote:
By comparing the filelist present on a fresh installation of the latest Core Update 183 nightly build with various IPFire installations in the fields, a number of differences surfaced, of which most are caused by erroneous additions or exclusions of certain files while shipping Core Updates, first and foremost related to linux-firmware.
In addition, libcap was also updated to 2.69, but never shipped on existing installations.
This patch corrects all differences, and aligns the files present and absent on existing installations with those freshly shipped with Core Update 183.
The second version of this patch does not delete the "/etc/rc.d/rc3.d/off" directory, if present (it is used for storing initscripts of disabled services), is more explicit about removing /usr/lib/grub/x86_64-efi/verify.* (dot omitted in the first version), and includes additional files surfacing on yet another IPFire installation in the fields.
The changes are cross-checked against linked libraries on the affected systems to rule out any instances of binaries being present that are still linked against the old libraries.
Cc: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
config/rootfiles/core/183/filelists/files | 45 +++++++++++++++++++ config/rootfiles/core/183/filelists/libcap | 1 + config/rootfiles/core/183/update.sh | 52 +++++++++++++++++++++- 3 files changed, 97 insertions(+), 1 deletion(-) create mode 120000 config/rootfiles/core/183/filelists/libcap
diff --git a/config/rootfiles/core/183/filelists/files b/config/rootfiles/core/183/filelists/files index 949b1b2dc..259fc7c37 100644 --- a/config/rootfiles/core/183/filelists/files +++ b/config/rootfiles/core/183/filelists/files @@ -1,3 +1,48 @@ +etc/sudoers.d/logwatch-mdadm +lib/firmware/brcm/BCM-0a5c-6410.hcd +lib/firmware/brcm/brcmfmac43012-sdio.bin +lib/firmware/brcm/brcmfmac43012-sdio.clm_blob +lib/firmware/brcm/brcmfmac43430-sdio.clm_blob +lib/firmware/brcm/brcmfmac43430-sdio.raspberrypi,model-zero-w.txt +lib/firmware/brcm/brcmfmac43430-sdio.sinovoip,bpi-m2-plus.txt +lib/firmware/brcm/brcmfmac43430-sdio.sinovoip,bpi-m2-ultra.txt +lib/firmware/brcm/brcmfmac43430-sdio.sinovoip,bpi-m2-zero.txt +lib/firmware/brcm/brcmfmac43430-sdio.sinovoip,bpi-m3.txt +lib/firmware/brcm/brcmfmac43455-sdio.clm_blob +lib/firmware/brcm/brcmfmac43455-sdio.raspberrypi,3-model-a-plus.txt +lib/firmware/brcm/brcmfmac43455-sdio.Raspberry_Pi_Foundation-Raspberry_Pi_4_Model_B.txt +lib/firmware/brcm/brcmfmac43455-sdio.Raspberry_Pi_Foundation-Raspberry_Pi_Compute_Module_4.txt +lib/firmware/brcm/brcmfmac4354-sdio.clm_blob +lib/firmware/brcm/brcmfmac4356-pcie.clm_blob +lib/firmware/brcm/brcmfmac4356-sdio.clm_blob +lib/firmware/brcm/brcmfmac4356-sdio.khadas,vim2.txt +lib/firmware/brcm/brcmfmac43570-pcie.clm_blob +lib/firmware/brcm/brcmfmac4373-sdio.clm_blob +lib/firmware/brcm/brcmfmac54591-pcie.bin +lib/firmware/brcm/brcmfmac54591-pcie.clm_blob +lib/firmware/cxgb4/t4-config.txt +lib/firmware/cxgb4/t5-config.txt +lib/firmware/cxgb4/t6-config.txt +lib/firmware/intel/ice/ddp/ice.pkg +lib/firmware/netronome/flower/nic_AMDA0058-0011_1x100.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0011_2x40.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0011_4x10_1x40.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0011_8x10.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0012_1x100.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0012_2x40.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0012_4x10_1x40.nffw +lib/firmware/netronome/flower/nic_AMDA0058-0012_8x10.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0011_1x100.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0011_2x40.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0011_4x10_1x40.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0011_8x10.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0012_1x100.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0012_2x40.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0012_4x10_1x40.nffw +lib/firmware/netronome/flower/nic_AMDA0078-0012_8x10.nffw +lib/firmware/nvidia/tegra124/vic.bin +lib/firmware/nvidia/tegra186/vic.bin +lib/firmware/nvidia/tegra210/vic.bin srv/web/ipfire/cgi-bin/dhcp.cgi srv/web/ipfire/cgi-bin/proxy.cgi srv/web/ipfire/cgi-bin/logs.cgi/firewalllog.dat diff --git a/config/rootfiles/core/183/filelists/libcap b/config/rootfiles/core/183/filelists/libcap new file mode 120000 index 000000000..ed67d950a --- /dev/null +++ b/config/rootfiles/core/183/filelists/libcap @@ -0,0 +1 @@ +../../../common/libcap \ No newline at end of file diff --git a/config/rootfiles/core/183/update.sh b/config/rootfiles/core/183/update.sh index 6ff84387f..db807c5df 100644 --- a/config/rootfiles/core/183/update.sh +++ b/config/rootfiles/core/183/update.sh @@ -92,15 +92,65 @@ extract_files
# Remove files rm -rvf \
- /etc/fb.modes \
- /etc/pango \
/etc/fonts/conf.d/10-sub-pixel-rgb.conf \
- /etc/rc.d/init.d/snort \
- /lib/libBrokenLocale-2.33.so \
- /lib/libcap.so.2.66 \
- /lib/libpsx.so.2.66 \
- /lib/firmware/ath10k/WCN3990/hw1.0/notice.txt_wlanmdsp \
- /lib/firmware/ath11k/IPQ6018/hw1.0/Notice.txt \
- /lib/firmware/ath11k/IPQ8074/hw2.0/Notice.txt \
- /lib/firmware/ath11k/QCA6390/hw2.0/Notice.txt \
- /lib/firmware/ath11k/QCN9074/hw1.0/Notice.txt \
- /lib/firmware/ath11k/WCN6855/hw2.0/Notice.txt \
- /lib/firmware/intel-ucode/06-86-04 \
- /lib/firmware/intel-ucode/06-86-05 \
- /lib/xtables/libebt_802_3.so \
- /lib/xtables/libebt_ip.so \
- /lib/xtables/libebt_log.so \
- /lib/xtables/libebt_mark_m.so \
- /lib/xtables/libxt_mangle.so \
- /sbin/xtables-multi \
- /srv/web/ipfire/html/themes/ipfire-rounded \
- /usr/lib/crda/pubkeys/linville.key.pub.pem \
- /usr/lib/libasan.so.{4,6}* \
- /usr/lib/libbfd-2.3* \
- /usr/lib/libbfd-2.40.so \
/usr/lib/libbind9-9.16.44.so \
- /usr/lib/libcilkrts.so* \
/usr/lib/libdns-9.16.44.so \
- /usr/lib/libdnssec.so.6* \
- /usr/lib/libhogweed.so.4* \
- /usr/lib/libipset.so.11* \
/usr/lib/libirs-9.16.44.so \ /usr/lib/libisc-9.16.44.so \ /usr/lib/libisccc-9.16.44.so \ /usr/lib/libisccfg-9.16.44.so \
- /usr/lib/libknot.so.8* \
- /usr/lib/libknot.so.12* \
- /usr/lib/libnettle.so.6* \
/usr/lib/libns-9.16.44.so \
- /usr/lib/libxml2.so.2.11*
- /usr/lib/libopcodes-2.3* \
- /usr/lib/libopcodes-2.40.so \
- /usr/lib/libubsan.so.0* \
- /usr/lib/libxml2.so.2.11* \
- /usr/lib/libzscanner.so* \
- /usr/lib/grub/i386-pc/efiemu{32,64}.o \
- /usr/lib/grub/i386-pc/verifiers.* \
- /usr/lib/grub/i386-pc/verify.* \
- /usr/lib/grub/x86_64-efi/shim_lock.* \
- /usr/lib/grub/x86_64-efi/verifiers.* \
- /usr/lib/grub/x86_64-efi/verify.* \
- /usr/lib/snort_dynamic* \
- /usr/local/bin/snortctrl \
- /usr/share/usb_modeswitch/1033:0035 \
- /usr/share/vim/vim7* \
- /var/ipfire/geoip-functions.pl \
- /var/ipfire/dhcpc/dhcpcd-hooks/00-linux \
- /var/ipfire/dhcpc/dhcpcd-hooks/02-dump \
- /var/lib/location/tmp*
# update linker config ldconfig -- 2.35.3