This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 8029c2a899b3b70e5e35f8461daddc288b9abe75 (commit) via f5275b5930016b466e136dd6fb8ce535be618c4a (commit) via cd805ced09c2e203e7e6b874b7b96fb5e86a11b5 (commit) via 3bc177eec53248b296e13654003f278c65ddc413 (commit) via 8bbed7a5b6a878dae03d605042b48304f3900304 (commit) via db7ef87902096d8268bb348ba5821eba344e27ba (commit) via c4a1169ed975c15ee8c29c99d0667388a09c29bf (commit) via ad7e47072b4993d96749f4e8f0f106b409ed77ca (commit) via 59d8f64e50bdcc339b95f306e4cebf85c36a3a4e (commit) from bbe8e009b824aef745c9ab9718dce9a1b557f5fc (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 8029c2a899b3b70e5e35f8461daddc288b9abe75 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Sep 22 14:47:47 2016 +0100
strongswan: Update to 5.5.0
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f5275b5930016b466e136dd6fb8ce535be618c4a Merge: bbe8e00 cd805ce Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Sep 22 12:05:13 2016 +0100
Merge branch 'core105' into next
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/strongswan | 40 +++++++++++----- config/rootfiles/core/{104 => 105}/exclude | 0 .../{oldcore/55 => core/105}/filelists/files | 2 +- .../{oldcore/94 => core/105}/filelists/libgcrypt | 0 .../{oldcore/99 => core/105}/filelists/openssl | 0 config/rootfiles/core/{104 => 105}/meta | 0 .../rootfiles/{oldcore/102 => core/105}/update.sh | 5 +- config/rootfiles/oldcore/{103 => 104}/exclude | 0 .../rootfiles/{core => oldcore}/104/filelists/acl | 0 .../104/filelists/armv5tel/linux-kirkwood | 0 .../104/filelists/armv5tel/linux-multi | 0 .../104/filelists/armv5tel/linux-rpi | 0 .../rootfiles/{core => oldcore}/104/filelists/curl | 0 .../rootfiles/{core => oldcore}/104/filelists/ddns | 0 .../{core => oldcore}/104/filelists/dnsmasq | 0 .../{core => oldcore}/104/filelists/files | 0 .../{core => oldcore}/104/filelists/i586/acpid | 0 .../{core => oldcore}/104/filelists/i586/linux | 0 .../{core => oldcore}/104/filelists/iputils | 0 .../{core => oldcore}/104/filelists/libarchive | 0 .../{core => oldcore}/104/filelists/libcap | 0 .../rootfiles/{core => oldcore}/104/filelists/ntp | 0 .../{core => oldcore}/104/filelists/openssh | 0 .../rootfiles/{core => oldcore}/104/filelists/pcre | 0 .../rootfiles/{core => oldcore}/104/filelists/popt | 0 .../{core => oldcore}/104/filelists/screen | 0 .../{core => oldcore}/104/filelists/shadow | 0 .../{core => oldcore}/104/filelists/snort | 0 .../rootfiles/{core => oldcore}/104/filelists/wget | 0 .../{core => oldcore}/104/filelists/which | 0 .../{core => oldcore}/104/filelists/x86_64/acpid | 0 .../{core => oldcore}/104/filelists/x86_64/linux | 0 config/rootfiles/oldcore/{99 => 104}/meta | 0 config/rootfiles/{core => oldcore}/104/update.sh | 0 lfs/openssl | 4 +- lfs/strongswan | 5 +- make.sh | 4 +- ...n-event-when-deleting-redundant-CHILD_SAs.patch | 56 ---------------------- 38 files changed, 36 insertions(+), 80 deletions(-) rename config/rootfiles/core/{104 => 105}/exclude (100%) copy config/rootfiles/{oldcore/55 => core/105}/filelists/files (65%) copy config/rootfiles/{oldcore/94 => core/105}/filelists/libgcrypt (100%) copy config/rootfiles/{oldcore/99 => core/105}/filelists/openssl (100%) rename config/rootfiles/core/{104 => 105}/meta (100%) copy config/rootfiles/{oldcore/102 => core/105}/update.sh (99%) copy config/rootfiles/oldcore/{103 => 104}/exclude (100%) rename config/rootfiles/{core => oldcore}/104/filelists/acl (100%) rename config/rootfiles/{core => oldcore}/104/filelists/armv5tel/linux-kirkwood (100%) rename config/rootfiles/{core => oldcore}/104/filelists/armv5tel/linux-multi (100%) rename config/rootfiles/{core => oldcore}/104/filelists/armv5tel/linux-rpi (100%) rename config/rootfiles/{core => oldcore}/104/filelists/curl (100%) rename config/rootfiles/{core => oldcore}/104/filelists/ddns (100%) rename config/rootfiles/{core => oldcore}/104/filelists/dnsmasq (100%) rename config/rootfiles/{core => oldcore}/104/filelists/files (100%) rename config/rootfiles/{core => oldcore}/104/filelists/i586/acpid (100%) rename config/rootfiles/{core => oldcore}/104/filelists/i586/linux (100%) rename config/rootfiles/{core => oldcore}/104/filelists/iputils (100%) rename config/rootfiles/{core => oldcore}/104/filelists/libarchive (100%) rename config/rootfiles/{core => oldcore}/104/filelists/libcap (100%) rename config/rootfiles/{core => oldcore}/104/filelists/ntp (100%) rename config/rootfiles/{core => oldcore}/104/filelists/openssh (100%) rename config/rootfiles/{core => oldcore}/104/filelists/pcre (100%) rename config/rootfiles/{core => oldcore}/104/filelists/popt (100%) rename config/rootfiles/{core => oldcore}/104/filelists/screen (100%) rename config/rootfiles/{core => oldcore}/104/filelists/shadow (100%) rename config/rootfiles/{core => oldcore}/104/filelists/snort (100%) rename config/rootfiles/{core => oldcore}/104/filelists/wget (100%) rename config/rootfiles/{core => oldcore}/104/filelists/which (100%) rename config/rootfiles/{core => oldcore}/104/filelists/x86_64/acpid (100%) rename config/rootfiles/{core => oldcore}/104/filelists/x86_64/linux (100%) copy config/rootfiles/oldcore/{99 => 104}/meta (100%) rename config/rootfiles/{core => oldcore}/104/update.sh (100%) delete mode 100644 src/patches/strongswan-child-rekey-Suppress-updown-event-when-deleting-redundant-CHILD_SAs.patch
Difference in files: diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan index f51cc3a..f81a9c8 100644 --- a/config/rootfiles/common/strongswan +++ b/config/rootfiles/common/strongswan @@ -40,7 +40,6 @@ etc/strongswan.d/charon/kernel-netlink.conf etc/strongswan.d/charon/md5.conf etc/strongswan.d/charon/nonce.conf etc/strongswan.d/charon/openssl.conf -#etc/strongswan.d/charon/padlock.conf etc/strongswan.d/charon/pem.conf etc/strongswan.d/charon/pgp.conf etc/strongswan.d/charon/pkcs1.conf @@ -58,6 +57,7 @@ etc/strongswan.d/charon/socket-default.conf etc/strongswan.d/charon/sshkey.conf etc/strongswan.d/charon/stroke.conf etc/strongswan.d/charon/updown.conf +etc/strongswan.d/charon/vici.conf etc/strongswan.d/charon/x509.conf etc/strongswan.d/charon/xauth-eap.conf etc/strongswan.d/charon/xauth-generic.conf @@ -66,6 +66,21 @@ etc/strongswan.d/charon/xcbc.conf etc/strongswan.d/pki.conf etc/strongswan.d/scepclient.conf etc/strongswan.d/starter.conf +etc/strongswan.d/swanctl.conf +#etc/swanctl +etc/swanctl/bliss +etc/swanctl/ecdsa +etc/swanctl/pkcs12 +etc/swanctl/pkcs8 +etc/swanctl/pubkey +etc/swanctl/rsa +etc/swanctl/swanctl.conf +etc/swanctl/x509 +etc/swanctl/x509aa +etc/swanctl/x509ac +etc/swanctl/x509ca +etc/swanctl/x509crl +etc/swanctl/x509ocsp usr/bin/pki #usr/lib/ipsec #usr/lib/ipsec/libcharon.a @@ -73,11 +88,6 @@ usr/bin/pki usr/lib/ipsec/libcharon.so usr/lib/ipsec/libcharon.so.0 usr/lib/ipsec/libcharon.so.0.0.0 -#usr/lib/ipsec/libhydra.a -#usr/lib/ipsec/libhydra.la -usr/lib/ipsec/libhydra.so -usr/lib/ipsec/libhydra.so.0 -usr/lib/ipsec/libhydra.so.0.0.0 #usr/lib/ipsec/libradius.a #usr/lib/ipsec/libradius.la usr/lib/ipsec/libradius.so @@ -93,6 +103,11 @@ usr/lib/ipsec/libstrongswan.so.0.0.0 usr/lib/ipsec/libtls.so usr/lib/ipsec/libtls.so.0 usr/lib/ipsec/libtls.so.0.0.0 +#usr/lib/ipsec/libvici.a +#usr/lib/ipsec/libvici.la +usr/lib/ipsec/libvici.so +usr/lib/ipsec/libvici.so.0 +usr/lib/ipsec/libvici.so.0.0.0 #usr/lib/ipsec/plugins usr/lib/ipsec/plugins/libstrongswan-aes.so usr/lib/ipsec/plugins/libstrongswan-attr.so @@ -101,8 +116,8 @@ usr/lib/ipsec/plugins/libstrongswan-cmac.so usr/lib/ipsec/plugins/libstrongswan-constraints.so usr/lib/ipsec/plugins/libstrongswan-ctr.so usr/lib/ipsec/plugins/libstrongswan-curl.so -usr/lib/ipsec/plugins/libstrongswan-dhcp.so usr/lib/ipsec/plugins/libstrongswan-des.so +usr/lib/ipsec/plugins/libstrongswan-dhcp.so usr/lib/ipsec/plugins/libstrongswan-dnskey.so usr/lib/ipsec/plugins/libstrongswan-eap-identity.so usr/lib/ipsec/plugins/libstrongswan-eap-mschapv2.so @@ -120,7 +135,6 @@ usr/lib/ipsec/plugins/libstrongswan-kernel-netlink.so usr/lib/ipsec/plugins/libstrongswan-md5.so usr/lib/ipsec/plugins/libstrongswan-nonce.so usr/lib/ipsec/plugins/libstrongswan-openssl.so -#usr/lib/ipsec/plugins/libstrongswan-padlock.so usr/lib/ipsec/plugins/libstrongswan-pem.so usr/lib/ipsec/plugins/libstrongswan-pgp.so usr/lib/ipsec/plugins/libstrongswan-pkcs1.so @@ -130,7 +144,6 @@ usr/lib/ipsec/plugins/libstrongswan-pkcs8.so usr/lib/ipsec/plugins/libstrongswan-pubkey.so usr/lib/ipsec/plugins/libstrongswan-random.so usr/lib/ipsec/plugins/libstrongswan-rc2.so -#usr/lib/ipsec/plugins/libstrongswan-rdrand.so usr/lib/ipsec/plugins/libstrongswan-resolve.so usr/lib/ipsec/plugins/libstrongswan-revocation.so usr/lib/ipsec/plugins/libstrongswan-sha1.so @@ -139,6 +152,7 @@ usr/lib/ipsec/plugins/libstrongswan-socket-default.so usr/lib/ipsec/plugins/libstrongswan-sshkey.so usr/lib/ipsec/plugins/libstrongswan-stroke.so usr/lib/ipsec/plugins/libstrongswan-updown.so +usr/lib/ipsec/plugins/libstrongswan-vici.so usr/lib/ipsec/plugins/libstrongswan-x509.so usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so usr/lib/ipsec/plugins/libstrongswan-xauth-generic.so @@ -152,6 +166,7 @@ usr/libexec/ipsec/scepclient usr/libexec/ipsec/starter usr/libexec/ipsec/stroke usr/sbin/ipsec +usr/sbin/swanctl #usr/share/man/man1/pki---acert.1 #usr/share/man/man1/pki---dn.1 #usr/share/man/man1/pki---gen.1 @@ -168,10 +183,10 @@ usr/sbin/ipsec #usr/share/man/man5/ipsec.conf.5 #usr/share/man/man5/ipsec.secrets.5 #usr/share/man/man5/strongswan.conf.5 -#usr/share/man/man8/_updown.8 +#usr/share/man/man5/swanctl.conf.5 #usr/share/man/man8/ipsec.8 -#usr/share/man/man8/openac.8 #usr/share/man/man8/scepclient.8 +#usr/share/man/man8/swanctl.8 #usr/share/strongswan #usr/share/strongswan/templates #usr/share/strongswan/templates/config @@ -202,7 +217,6 @@ usr/sbin/ipsec #usr/share/strongswan/templates/config/plugins/md5.conf #usr/share/strongswan/templates/config/plugins/nonce.conf #usr/share/strongswan/templates/config/plugins/openssl.conf -#usr/share/strongswan/templates/config/plugins/padlock.conf #usr/share/strongswan/templates/config/plugins/pem.conf #usr/share/strongswan/templates/config/plugins/pgp.conf #usr/share/strongswan/templates/config/plugins/pkcs1.conf @@ -220,6 +234,7 @@ usr/sbin/ipsec #usr/share/strongswan/templates/config/plugins/sshkey.conf #usr/share/strongswan/templates/config/plugins/stroke.conf #usr/share/strongswan/templates/config/plugins/updown.conf +#usr/share/strongswan/templates/config/plugins/vici.conf #usr/share/strongswan/templates/config/plugins/x509.conf #usr/share/strongswan/templates/config/plugins/xauth-eap.conf #usr/share/strongswan/templates/config/plugins/xauth-generic.conf @@ -232,3 +247,4 @@ usr/sbin/ipsec #usr/share/strongswan/templates/config/strongswan.d/pki.conf #usr/share/strongswan/templates/config/strongswan.d/scepclient.conf #usr/share/strongswan/templates/config/strongswan.d/starter.conf +#usr/share/strongswan/templates/config/strongswan.d/swanctl.conf diff --git a/config/rootfiles/core/104/exclude b/config/rootfiles/core/104/exclude deleted file mode 100644 index 7ddeae0..0000000 --- a/config/rootfiles/core/104/exclude +++ /dev/null @@ -1,28 +0,0 @@ -boot/config.txt -boot/grub/grub.cfg -boot/grub/grubenv -etc/alternatives -etc/collectd.custom -etc/default/grub -etc/ipsec.conf -etc/ipsec.secrets -etc/ipsec.user.conf -etc/ipsec.user.secrets -etc/localtime -etc/shadow -etc/snort/snort.conf -etc/ssh/ssh_config -etc/ssh/sshd_config -etc/ssl/openssl.cnf -etc/sudoers -etc/sysconfig/firewall.local -etc/sysconfig/rc.local -etc/udev/rules.d/30-persistent-network.rules -srv/web/ipfire/html/proxy.pac -var/ipfire/dma -var/ipfire/time -var/ipfire/ovpn -var/lib/alternatives -var/log/cache -var/state/dhcp/dhcpd.leases -var/updatecache diff --git a/config/rootfiles/core/104/filelists/acl b/config/rootfiles/core/104/filelists/acl deleted file mode 120000 index d819f9c..0000000 --- a/config/rootfiles/core/104/filelists/acl +++ /dev/null @@ -1 +0,0 @@ -../../../common/acl \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/armv5tel/linux-kirkwood b/config/rootfiles/core/104/filelists/armv5tel/linux-kirkwood deleted file mode 120000 index 7217107..0000000 --- a/config/rootfiles/core/104/filelists/armv5tel/linux-kirkwood +++ /dev/null @@ -1 +0,0 @@ -../../../../common/armv5tel/linux-kirkwood \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/armv5tel/linux-multi b/config/rootfiles/core/104/filelists/armv5tel/linux-multi deleted file mode 120000 index 204eb4c..0000000 --- a/config/rootfiles/core/104/filelists/armv5tel/linux-multi +++ /dev/null @@ -1 +0,0 @@ -../../../../common/armv5tel/linux-multi \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/armv5tel/linux-rpi b/config/rootfiles/core/104/filelists/armv5tel/linux-rpi deleted file mode 120000 index a651a49..0000000 --- a/config/rootfiles/core/104/filelists/armv5tel/linux-rpi +++ /dev/null @@ -1 +0,0 @@ -../../../../common/armv5tel/linux-rpi \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/curl b/config/rootfiles/core/104/filelists/curl deleted file mode 120000 index 4b84bef..0000000 --- a/config/rootfiles/core/104/filelists/curl +++ /dev/null @@ -1 +0,0 @@ -../../../common/curl \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/ddns b/config/rootfiles/core/104/filelists/ddns deleted file mode 120000 index 7395164..0000000 --- a/config/rootfiles/core/104/filelists/ddns +++ /dev/null @@ -1 +0,0 @@ -../../../common/ddns \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/dnsmasq b/config/rootfiles/core/104/filelists/dnsmasq deleted file mode 120000 index d469c74..0000000 --- a/config/rootfiles/core/104/filelists/dnsmasq +++ /dev/null @@ -1 +0,0 @@ -../../../common/dnsmasq \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/files b/config/rootfiles/core/104/filelists/files deleted file mode 100644 index c172c14..0000000 --- a/config/rootfiles/core/104/filelists/files +++ /dev/null @@ -1,14 +0,0 @@ -etc/system-release -etc/issue -etc/collectd.conf -etc/httpd/conf/global.conf -etc/rc.d/init.d/snort -opt/pakfire/lib/functions.sh -srv/web/ipfire/cgi-bin/ids.cgi -srv/web/ipfire/cgi-bin/proxy.cgi -srv/web/ipfire/cgi-bin/logs.cgi/log.dat -srv/web/ipfire/html/themes/ipfire/include/functions.pl -srv/web/ipfire/html/themes/ipfire/include/js/refreshInetInfo.js -var/ipfire/langs -var/ipfire/fwhosts/customservices.default -var/ipfire/updatexlrator/bin/download diff --git a/config/rootfiles/core/104/filelists/i586/acpid b/config/rootfiles/core/104/filelists/i586/acpid deleted file mode 120000 index 21d36ee..0000000 --- a/config/rootfiles/core/104/filelists/i586/acpid +++ /dev/null @@ -1 +0,0 @@ -../../../../common/i586/acpid \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/i586/linux b/config/rootfiles/core/104/filelists/i586/linux deleted file mode 120000 index 693ec4b..0000000 --- a/config/rootfiles/core/104/filelists/i586/linux +++ /dev/null @@ -1 +0,0 @@ -../../../../common/i586/linux \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/iputils b/config/rootfiles/core/104/filelists/iputils deleted file mode 120000 index 361c28f..0000000 --- a/config/rootfiles/core/104/filelists/iputils +++ /dev/null @@ -1 +0,0 @@ -../../../common/iputils \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/libarchive b/config/rootfiles/core/104/filelists/libarchive deleted file mode 120000 index 551f1f7..0000000 --- a/config/rootfiles/core/104/filelists/libarchive +++ /dev/null @@ -1 +0,0 @@ -../../../common/libarchive \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/libcap b/config/rootfiles/core/104/filelists/libcap deleted file mode 120000 index ed67d95..0000000 --- a/config/rootfiles/core/104/filelists/libcap +++ /dev/null @@ -1 +0,0 @@ -../../../common/libcap \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/ntp b/config/rootfiles/core/104/filelists/ntp deleted file mode 120000 index 7542d86..0000000 --- a/config/rootfiles/core/104/filelists/ntp +++ /dev/null @@ -1 +0,0 @@ -../../../common/ntp \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/openssh b/config/rootfiles/core/104/filelists/openssh deleted file mode 120000 index d8c77fd..0000000 --- a/config/rootfiles/core/104/filelists/openssh +++ /dev/null @@ -1 +0,0 @@ -../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/pcre b/config/rootfiles/core/104/filelists/pcre deleted file mode 120000 index b390d9a..0000000 --- a/config/rootfiles/core/104/filelists/pcre +++ /dev/null @@ -1 +0,0 @@ -../../../common/pcre \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/popt b/config/rootfiles/core/104/filelists/popt deleted file mode 120000 index d71a9ab..0000000 --- a/config/rootfiles/core/104/filelists/popt +++ /dev/null @@ -1 +0,0 @@ -../../../common/popt \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/screen b/config/rootfiles/core/104/filelists/screen deleted file mode 120000 index 81008f4..0000000 --- a/config/rootfiles/core/104/filelists/screen +++ /dev/null @@ -1 +0,0 @@ -../../../common/screen \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/shadow b/config/rootfiles/core/104/filelists/shadow deleted file mode 120000 index c0824b7..0000000 --- a/config/rootfiles/core/104/filelists/shadow +++ /dev/null @@ -1 +0,0 @@ -../../../common/shadow \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/snort b/config/rootfiles/core/104/filelists/snort deleted file mode 120000 index 9406ce0..0000000 --- a/config/rootfiles/core/104/filelists/snort +++ /dev/null @@ -1 +0,0 @@ -../../../common/snort \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/wget b/config/rootfiles/core/104/filelists/wget deleted file mode 120000 index fcb57df..0000000 --- a/config/rootfiles/core/104/filelists/wget +++ /dev/null @@ -1 +0,0 @@ -../../../common/wget \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/which b/config/rootfiles/core/104/filelists/which deleted file mode 120000 index 9cfc884..0000000 --- a/config/rootfiles/core/104/filelists/which +++ /dev/null @@ -1 +0,0 @@ -../../../common/which \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/x86_64/acpid b/config/rootfiles/core/104/filelists/x86_64/acpid deleted file mode 120000 index 289f8f5..0000000 --- a/config/rootfiles/core/104/filelists/x86_64/acpid +++ /dev/null @@ -1 +0,0 @@ -../../../../common/x86_64/acpid \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/x86_64/linux b/config/rootfiles/core/104/filelists/x86_64/linux deleted file mode 120000 index 0615b5b..0000000 --- a/config/rootfiles/core/104/filelists/x86_64/linux +++ /dev/null @@ -1 +0,0 @@ -../../../../common/x86_64/linux \ No newline at end of file diff --git a/config/rootfiles/core/104/meta b/config/rootfiles/core/104/meta deleted file mode 100644 index d547fa8..0000000 --- a/config/rootfiles/core/104/meta +++ /dev/null @@ -1 +0,0 @@ -DEPS="" diff --git a/config/rootfiles/core/104/update.sh b/config/rootfiles/core/104/update.sh deleted file mode 100644 index 0223923..0000000 --- a/config/rootfiles/core/104/update.sh +++ /dev/null @@ -1,254 +0,0 @@ -#!/bin/bash -############################################################################ -# # -# This file is part of the IPFire Firewall. # -# # -# IPFire is free software; you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation; either version 3 of the License, or # -# (at your option) any later version. # -# # -# IPFire is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with IPFire; if not, write to the Free Software # -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -# # -# Copyright (C) 2016 IPFire-Team info@ipfire.org. # -# # -############################################################################ -# -. /opt/pakfire/lib/functions.sh -/usr/local/bin/backupctrl exclude >/dev/null 2>&1 - -function find_device() { - local mountpoint="${1}" - - local root - local dev mp fs flags rest - while read -r dev mp fs flags rest; do - # Skip unwanted entries - [ "${dev}" = "rootfs" ] && continue - - if [ "${mp}" = "${mountpoint}" ] && [ -b "${dev}" ]; then - root="$(basename "${dev}")" - break - fi - done < /proc/mounts - - # Get the actual device from the partition that holds / - while [ -n "${root}" ]; do - if [ -e "/sys/block/${root}" ]; then - echo "${root}" - return 0 - fi - - # Remove last character - root="${root::-1}" - done - - return 1 -} - - -core=104 - -function exit_with_error() { - # Set last succesfull installed core. - echo $(($core-1)) > /opt/pakfire/db/core/mine - /usr/bin/logger -p syslog.emerg -t ipfire \ - "core-update-${core}: $1" - exit $2 -} - -# Remove old core updates from pakfire cache to save space... -for (( i=1; i<=$core; i++ )) -do - rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire -done - -# -# Do some sanity checks. -case $(uname -r) in - *-ipfire* ) - # Ok. - ;; - * ) - exit_with_error "ERROR cannot update. No IPFire Kernel." 1 - ;; -esac - - -# -# -KVER="xxxKVERxxx" - -# Check diskspace on root -ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` - -if [ $ROOTSPACE -lt 100000 ]; then - exit_with_error "ERROR cannot update because not enough free space on root." 2 - exit 2 -fi - -echo -echo Update Kernel to $KVER ... -# -# Remove old kernel, configs, initrd, modules, dtb's ... -# -rm -rf /boot/System.map-* -rm -rf /boot/config-* -rm -rf /boot/ipfirerd-* -rm -rf /boot/initramfs-* -rm -rf /boot/vmlinuz-* -rm -rf /boot/uImage-ipfire-* -rm -rf /boot/zImage-ipfire-* -rm -rf /boot/uInit-ipfire-* -rm -rf /boot/dtb-*-ipfire-* -rm -rf /lib/modules - -case "$(uname -m)" in - armv*) - # Backup uEnv.txt if exist - if [ -e /boot/uEnv.txt ]; then - cp -vf /boot/uEnv.txt /boot/uEnv.txt.org - fi - - # work around the u-boot folder detection bug - mkdir -pv /boot/dtb-$KVER-ipfire-kirkwood - mkdir -pv /boot/dtb-$KVER-ipfire-multi - touch /boot/uImage-ipfire-kirkwood - touch /boot/zImage-ipfire-multi - touch /boot/uIinit-ipfire-kirkwood - touch /boot/uIinit-ipfire-multi - ;; -esac - -# Stop services -/etc/init.d/collectd stop -/etc/init.d/snort stop -/etc/init.d/squid stop -/etc/init.d/dnsmasq stop -/etc/init.d/sshd stop -/etc/init.d/ipsec stop -/etc/init.d/apache stop - -# Extract files -tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C / - -# Remove some old files -rm -f /bin/groups /lib/libshadow.so.0* - -# update linker config -ldconfig - -# Check diskspace on boot -BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` - -if [ $BOOTSPACE -lt 1000 ]; then - case $(uname -r) in - *-ipfire-kirkwood ) - # Special handling for old kirkwood images. - # (install only kirkwood kernel) - rm -rf /boot/* - # work around the u-boot folder detection bug - mkdir -pv /boot/dtb-$KVER-ipfire-kirkwood - tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p \ - --numeric-owner -C / --wildcards 'boot/*-kirkwood*' - ;; - * ) - /etc/init.d/apache start - exit_with_error "FATAL-ERROR space run out on boot. System is not bootable..." 4 - ;; - esac -fi - -# Update Language cache -/usr/local/bin/update-lang-cache - -# -# Start services -# -/etc/init.d/collectd start -/etc/init.d/apache start -/etc/init.d/dnsmasq start -/etc/init.d/sshd start -/etc/init.d/squid start -/etc/init.d/snort start -if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then - /etc/init.d/ipsec start -fi - -# Delete old QoS enabled indicator -rm -f /var/ipfire/qos/enable - -# Upadate Kernel version uEnv.txt -if [ -e /boot/uEnv.txt ]; then - sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt -fi - -# call user update script (needed for some arm boards) -if [ -e /boot/pakfire-kernel-update ]; then - /boot/pakfire-kernel-update ${KVER} -fi - -case "$(uname -m)" in - i?86) - # Force (re)install pae kernel if pae is supported - rm -rf /opt/pakfire/db/installed/meta-linux-pae - if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then - ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` - BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` - if [ $BOOTSPACE -lt 12000 -o $ROOTSPACE -lt 90000 ]; then - /usr/bin/logger -p syslog.emerg -t ipfire \ - "core-update-${core}: WARNING not enough space for pae kernel." - else - echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae - echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae - echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae - fi - fi - ;; -esac -# -# After pakfire has ended run it again and update the lists and do upgrade -# -echo '#!/bin/bash' > /tmp/pak_update -echo 'while [ "$(ps -A | grep " update.sh")" != "" ]; do' >> /tmp/pak_update -echo ' sleep 1' >> /tmp/pak_update -echo 'done' >> /tmp/pak_update -echo 'while [ "$(ps -A | grep " pakfire")" != "" ]; do' >> /tmp/pak_update -echo ' sleep 1' >> /tmp/pak_update -echo 'done' >> /tmp/pak_update -echo '/opt/pakfire/pakfire update -y --force' >> /tmp/pak_update -echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update -echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update -echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update -echo '/usr/bin/logger -p syslog.emerg -t ipfire "Core-upgrade finished. If you use a customized grub/uboot config"' >> /tmp/pak_update -echo '/usr/bin/logger -p syslog.emerg -t ipfire "Check it before reboot !!!"' >> /tmp/pak_update -echo '/usr/bin/logger -p syslog.emerg -t ipfire " *** Please reboot... *** "' >> /tmp/pak_update -echo 'touch /var/run/need_reboot ' >> /tmp/pak_update -# -killall -KILL pak_update -chmod +x /tmp/pak_update -/tmp/pak_update & - -sync - -# This update need a reboot... -touch /var/run/need_reboot - -# Finish -/etc/init.d/fireinfo start -sendprofile -# Update grub config to display new core version -if [ -e /boot/grub/grub.cfg ]; then - grub-mkconfig -o /boot/grub/grub.cfg -fi -sync - -# Don't report the exitcode last command -exit 0 diff --git a/config/rootfiles/core/105/exclude b/config/rootfiles/core/105/exclude new file mode 100644 index 0000000..7ddeae0 --- /dev/null +++ b/config/rootfiles/core/105/exclude @@ -0,0 +1,28 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/ovpn +var/lib/alternatives +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/105/filelists/files b/config/rootfiles/core/105/filelists/files new file mode 100644 index 0000000..95f6e10 --- /dev/null +++ b/config/rootfiles/core/105/filelists/files @@ -0,0 +1,2 @@ +etc/system-release +etc/issue \ No newline at end of file diff --git a/config/rootfiles/core/105/filelists/libgcrypt b/config/rootfiles/core/105/filelists/libgcrypt new file mode 120000 index 0000000..2df12a2 --- /dev/null +++ b/config/rootfiles/core/105/filelists/libgcrypt @@ -0,0 +1 @@ +../../../common/libgcrypt \ No newline at end of file diff --git a/config/rootfiles/core/105/filelists/openssl b/config/rootfiles/core/105/filelists/openssl new file mode 120000 index 0000000..e011a92 --- /dev/null +++ b/config/rootfiles/core/105/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/105/meta b/config/rootfiles/core/105/meta new file mode 100644 index 0000000..d547fa8 --- /dev/null +++ b/config/rootfiles/core/105/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/105/update.sh b/config/rootfiles/core/105/update.sh new file mode 100644 index 0000000..3e9f601 --- /dev/null +++ b/config/rootfiles/core/105/update.sh @@ -0,0 +1,71 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2016 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +core=105 + +function exit_with_error() { + # Set last succesfull installed core. + echo $(($core-1)) > /opt/pakfire/db/core/mine + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: $1" + exit $2 +} + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + + +# Stop services + +# Extract files +extract_files + +# update linker config +ldconfig + +# Update Language cache +#/usr/local/bin/update-lang-cache + +# Start services + +# This update need a reboot... +touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi +sync + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/oldcore/104/exclude b/config/rootfiles/oldcore/104/exclude new file mode 100644 index 0000000..7ddeae0 --- /dev/null +++ b/config/rootfiles/oldcore/104/exclude @@ -0,0 +1,28 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/ovpn +var/lib/alternatives +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/oldcore/104/filelists/acl b/config/rootfiles/oldcore/104/filelists/acl new file mode 120000 index 0000000..d819f9c --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/acl @@ -0,0 +1 @@ +../../../common/acl \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/armv5tel/linux-kirkwood b/config/rootfiles/oldcore/104/filelists/armv5tel/linux-kirkwood new file mode 120000 index 0000000..7217107 --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/armv5tel/linux-kirkwood @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-kirkwood \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/armv5tel/linux-multi b/config/rootfiles/oldcore/104/filelists/armv5tel/linux-multi new file mode 120000 index 0000000..204eb4c --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/armv5tel/linux-multi @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-multi \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/armv5tel/linux-rpi b/config/rootfiles/oldcore/104/filelists/armv5tel/linux-rpi new file mode 120000 index 0000000..a651a49 --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/armv5tel/linux-rpi @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-rpi \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/curl b/config/rootfiles/oldcore/104/filelists/curl new file mode 120000 index 0000000..4b84bef --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/curl @@ -0,0 +1 @@ +../../../common/curl \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/ddns b/config/rootfiles/oldcore/104/filelists/ddns new file mode 120000 index 0000000..7395164 --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/ddns @@ -0,0 +1 @@ +../../../common/ddns \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/dnsmasq b/config/rootfiles/oldcore/104/filelists/dnsmasq new file mode 120000 index 0000000..d469c74 --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/dnsmasq @@ -0,0 +1 @@ +../../../common/dnsmasq \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/files b/config/rootfiles/oldcore/104/filelists/files new file mode 100644 index 0000000..c172c14 --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/files @@ -0,0 +1,14 @@ +etc/system-release +etc/issue +etc/collectd.conf +etc/httpd/conf/global.conf +etc/rc.d/init.d/snort +opt/pakfire/lib/functions.sh +srv/web/ipfire/cgi-bin/ids.cgi +srv/web/ipfire/cgi-bin/proxy.cgi +srv/web/ipfire/cgi-bin/logs.cgi/log.dat +srv/web/ipfire/html/themes/ipfire/include/functions.pl +srv/web/ipfire/html/themes/ipfire/include/js/refreshInetInfo.js +var/ipfire/langs +var/ipfire/fwhosts/customservices.default +var/ipfire/updatexlrator/bin/download diff --git a/config/rootfiles/oldcore/104/filelists/i586/acpid b/config/rootfiles/oldcore/104/filelists/i586/acpid new file mode 120000 index 0000000..21d36ee --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/i586/acpid @@ -0,0 +1 @@ +../../../../common/i586/acpid \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/i586/linux b/config/rootfiles/oldcore/104/filelists/i586/linux new file mode 120000 index 0000000..693ec4b --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/i586/linux @@ -0,0 +1 @@ +../../../../common/i586/linux \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/iputils b/config/rootfiles/oldcore/104/filelists/iputils new file mode 120000 index 0000000..361c28f --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/iputils @@ -0,0 +1 @@ +../../../common/iputils \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/libarchive b/config/rootfiles/oldcore/104/filelists/libarchive new file mode 120000 index 0000000..551f1f7 --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/libarchive @@ -0,0 +1 @@ +../../../common/libarchive \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/libcap b/config/rootfiles/oldcore/104/filelists/libcap new file mode 120000 index 0000000..ed67d95 --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/libcap @@ -0,0 +1 @@ +../../../common/libcap \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/ntp b/config/rootfiles/oldcore/104/filelists/ntp new file mode 120000 index 0000000..7542d86 --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/ntp @@ -0,0 +1 @@ +../../../common/ntp \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/openssh b/config/rootfiles/oldcore/104/filelists/openssh new file mode 120000 index 0000000..d8c77fd --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/pcre b/config/rootfiles/oldcore/104/filelists/pcre new file mode 120000 index 0000000..b390d9a --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/pcre @@ -0,0 +1 @@ +../../../common/pcre \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/popt b/config/rootfiles/oldcore/104/filelists/popt new file mode 120000 index 0000000..d71a9ab --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/popt @@ -0,0 +1 @@ +../../../common/popt \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/screen b/config/rootfiles/oldcore/104/filelists/screen new file mode 120000 index 0000000..81008f4 --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/screen @@ -0,0 +1 @@ +../../../common/screen \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/shadow b/config/rootfiles/oldcore/104/filelists/shadow new file mode 120000 index 0000000..c0824b7 --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/shadow @@ -0,0 +1 @@ +../../../common/shadow \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/snort b/config/rootfiles/oldcore/104/filelists/snort new file mode 120000 index 0000000..9406ce0 --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/snort @@ -0,0 +1 @@ +../../../common/snort \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/wget b/config/rootfiles/oldcore/104/filelists/wget new file mode 120000 index 0000000..fcb57df --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/wget @@ -0,0 +1 @@ +../../../common/wget \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/which b/config/rootfiles/oldcore/104/filelists/which new file mode 120000 index 0000000..9cfc884 --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/which @@ -0,0 +1 @@ +../../../common/which \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/x86_64/acpid b/config/rootfiles/oldcore/104/filelists/x86_64/acpid new file mode 120000 index 0000000..289f8f5 --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/x86_64/acpid @@ -0,0 +1 @@ +../../../../common/x86_64/acpid \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/filelists/x86_64/linux b/config/rootfiles/oldcore/104/filelists/x86_64/linux new file mode 120000 index 0000000..0615b5b --- /dev/null +++ b/config/rootfiles/oldcore/104/filelists/x86_64/linux @@ -0,0 +1 @@ +../../../../common/x86_64/linux \ No newline at end of file diff --git a/config/rootfiles/oldcore/104/meta b/config/rootfiles/oldcore/104/meta new file mode 100644 index 0000000..d547fa8 --- /dev/null +++ b/config/rootfiles/oldcore/104/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/oldcore/104/update.sh b/config/rootfiles/oldcore/104/update.sh new file mode 100644 index 0000000..0223923 --- /dev/null +++ b/config/rootfiles/oldcore/104/update.sh @@ -0,0 +1,254 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2016 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +function find_device() { + local mountpoint="${1}" + + local root + local dev mp fs flags rest + while read -r dev mp fs flags rest; do + # Skip unwanted entries + [ "${dev}" = "rootfs" ] && continue + + if [ "${mp}" = "${mountpoint}" ] && [ -b "${dev}" ]; then + root="$(basename "${dev}")" + break + fi + done < /proc/mounts + + # Get the actual device from the partition that holds / + while [ -n "${root}" ]; do + if [ -e "/sys/block/${root}" ]; then + echo "${root}" + return 0 + fi + + # Remove last character + root="${root::-1}" + done + + return 1 +} + + +core=104 + +function exit_with_error() { + # Set last succesfull installed core. + echo $(($core-1)) > /opt/pakfire/db/core/mine + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: $1" + exit $2 +} + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# +# Do some sanity checks. +case $(uname -r) in + *-ipfire* ) + # Ok. + ;; + * ) + exit_with_error "ERROR cannot update. No IPFire Kernel." 1 + ;; +esac + + +# +# +KVER="xxxKVERxxx" + +# Check diskspace on root +ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + +if [ $ROOTSPACE -lt 100000 ]; then + exit_with_error "ERROR cannot update because not enough free space on root." 2 + exit 2 +fi + +echo +echo Update Kernel to $KVER ... +# +# Remove old kernel, configs, initrd, modules, dtb's ... +# +rm -rf /boot/System.map-* +rm -rf /boot/config-* +rm -rf /boot/ipfirerd-* +rm -rf /boot/initramfs-* +rm -rf /boot/vmlinuz-* +rm -rf /boot/uImage-ipfire-* +rm -rf /boot/zImage-ipfire-* +rm -rf /boot/uInit-ipfire-* +rm -rf /boot/dtb-*-ipfire-* +rm -rf /lib/modules + +case "$(uname -m)" in + armv*) + # Backup uEnv.txt if exist + if [ -e /boot/uEnv.txt ]; then + cp -vf /boot/uEnv.txt /boot/uEnv.txt.org + fi + + # work around the u-boot folder detection bug + mkdir -pv /boot/dtb-$KVER-ipfire-kirkwood + mkdir -pv /boot/dtb-$KVER-ipfire-multi + touch /boot/uImage-ipfire-kirkwood + touch /boot/zImage-ipfire-multi + touch /boot/uIinit-ipfire-kirkwood + touch /boot/uIinit-ipfire-multi + ;; +esac + +# Stop services +/etc/init.d/collectd stop +/etc/init.d/snort stop +/etc/init.d/squid stop +/etc/init.d/dnsmasq stop +/etc/init.d/sshd stop +/etc/init.d/ipsec stop +/etc/init.d/apache stop + +# Extract files +tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C / + +# Remove some old files +rm -f /bin/groups /lib/libshadow.so.0* + +# update linker config +ldconfig + +# Check diskspace on boot +BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + +if [ $BOOTSPACE -lt 1000 ]; then + case $(uname -r) in + *-ipfire-kirkwood ) + # Special handling for old kirkwood images. + # (install only kirkwood kernel) + rm -rf /boot/* + # work around the u-boot folder detection bug + mkdir -pv /boot/dtb-$KVER-ipfire-kirkwood + tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p \ + --numeric-owner -C / --wildcards 'boot/*-kirkwood*' + ;; + * ) + /etc/init.d/apache start + exit_with_error "FATAL-ERROR space run out on boot. System is not bootable..." 4 + ;; + esac +fi + +# Update Language cache +/usr/local/bin/update-lang-cache + +# +# Start services +# +/etc/init.d/collectd start +/etc/init.d/apache start +/etc/init.d/dnsmasq start +/etc/init.d/sshd start +/etc/init.d/squid start +/etc/init.d/snort start +if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then + /etc/init.d/ipsec start +fi + +# Delete old QoS enabled indicator +rm -f /var/ipfire/qos/enable + +# Upadate Kernel version uEnv.txt +if [ -e /boot/uEnv.txt ]; then + sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt +fi + +# call user update script (needed for some arm boards) +if [ -e /boot/pakfire-kernel-update ]; then + /boot/pakfire-kernel-update ${KVER} +fi + +case "$(uname -m)" in + i?86) + # Force (re)install pae kernel if pae is supported + rm -rf /opt/pakfire/db/installed/meta-linux-pae + if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then + ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + if [ $BOOTSPACE -lt 12000 -o $ROOTSPACE -lt 90000 ]; then + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: WARNING not enough space for pae kernel." + else + echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae + echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae + echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae + fi + fi + ;; +esac +# +# After pakfire has ended run it again and update the lists and do upgrade +# +echo '#!/bin/bash' > /tmp/pak_update +echo 'while [ "$(ps -A | grep " update.sh")" != "" ]; do' >> /tmp/pak_update +echo ' sleep 1' >> /tmp/pak_update +echo 'done' >> /tmp/pak_update +echo 'while [ "$(ps -A | grep " pakfire")" != "" ]; do' >> /tmp/pak_update +echo ' sleep 1' >> /tmp/pak_update +echo 'done' >> /tmp/pak_update +echo '/opt/pakfire/pakfire update -y --force' >> /tmp/pak_update +echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update +echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update +echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update +echo '/usr/bin/logger -p syslog.emerg -t ipfire "Core-upgrade finished. If you use a customized grub/uboot config"' >> /tmp/pak_update +echo '/usr/bin/logger -p syslog.emerg -t ipfire "Check it before reboot !!!"' >> /tmp/pak_update +echo '/usr/bin/logger -p syslog.emerg -t ipfire " *** Please reboot... *** "' >> /tmp/pak_update +echo 'touch /var/run/need_reboot ' >> /tmp/pak_update +# +killall -KILL pak_update +chmod +x /tmp/pak_update +/tmp/pak_update & + +sync + +# This update need a reboot... +touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi +sync + +# Don't report the exitcode last command +exit 0 diff --git a/lfs/openssl b/lfs/openssl index 0a0b2cf..d0ed4d3 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@
include Config
-VER = 1.0.2h +VER = 1.0.2i
THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -87,7 +87,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 9392e65072ce4b614c1392eefc1f23d0 +$(DL_FILE)_MD5 = 678374e63f8df456a697d3e5e5a931fb
install : $(TARGET)
diff --git a/lfs/strongswan b/lfs/strongswan index c6d655b..17c1a01 100644 --- a/lfs/strongswan +++ b/lfs/strongswan @@ -24,7 +24,7 @@
include Config
-VER = 5.3.5 +VER = 5.5.0
THISAPP = strongswan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a2f9ea185f27e7f8413d4cd2ee61efe4 +$(DL_FILE)_MD5 = a96fa7eb6c62b40143dadb064b6bd586
install : $(TARGET)
@@ -79,7 +79,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-ipfire.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/strongswan-child-rekey-Suppress-updown-event-when-deleting-redundant-CHILD_SAs.patch
cd $(DIR_APP) && ./configure \ --prefix="/usr" \ diff --git a/make.sh b/make.sh index 951f3dc..e1a6233 100755 --- a/make.sh +++ b/make.sh @@ -25,8 +25,8 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.19" # Version number -CORE="104" # Core Level (Filename) -PAKFIRE_CORE="104" # Core Level (PAKFIRE) +CORE="105" # Core Level (Filename) +PAKFIRE_CORE="105" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir diff --git a/src/patches/strongswan-child-rekey-Suppress-updown-event-when-deleting-redundant-CHILD_SAs.patch b/src/patches/strongswan-child-rekey-Suppress-updown-event-when-deleting-redundant-CHILD_SAs.patch deleted file mode 100644 index 27b6f06..0000000 --- a/src/patches/strongswan-child-rekey-Suppress-updown-event-when-deleting-redundant-CHILD_SAs.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 0e32cbc0bc8fce3319491db360fb23b16561ec58 Mon Sep 17 00:00:00 2001 -From: Tobias Brunner tobias@strongswan.org -Date: Tue, 15 Dec 2015 17:15:32 +0100 -Subject: [PATCH] child-rekey: Suppress updown event when deleting redundant - CHILD_SAs - -When handling a rekey collision we might have to delete an already -installed redundant CHILD_SA (or expect the other peer to do so). We don't -want to trigger updown events for these as we don't during rekeying. - -Instead of setting the state to CHILD_REKEYING we could maybe use -CHILD_REKEYED, which we currently only use for IKEv1, and set it for -all CHILD_SAs we delete or expect the other peer to delete. Would need -a small change in child-delete too. Or we could introduce a new state. - - #853. ---- - src/libcharon/sa/ikev2/tasks/child_rekey.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c -index c7a8a13..6f0c2b2 100644 ---- a/src/libcharon/sa/ikev2/tasks/child_rekey.c -+++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c -@@ -279,11 +279,15 @@ static child_sa_t *handle_collision(private_child_rekey_t *this) - /* don't touch child other created, it has already been deleted */ - if (!this->other_child_destroyed) - { -- /* disable close action for the redundand child */ -+ /* disable close action and updown event for redundant child */ - child_sa = other->child_create->get_child(other->child_create); - if (child_sa) - { - child_sa->set_close_action(child_sa, ACTION_NONE); -+ if (child_sa->get_state(child_sa) != CHILD_REKEYING) -+ { -+ child_sa->set_state(child_sa, CHILD_REKEYING); -+ } - } - } - } -@@ -372,6 +376,11 @@ METHOD(task_t, process_i, status_t, - { - return SUCCESS; - } -+ /* disable updown event for redundant CHILD_SA */ -+ if (to_delete->get_state(to_delete) != CHILD_REKEYING) -+ { -+ to_delete->set_state(to_delete, CHILD_REKEYING); -+ } - spi = to_delete->get_spi(to_delete, TRUE); - protocol = to_delete->get_protocol(to_delete); - --- -1.7.9.5 -
hooks/post-receive -- IPFire 2.x development tree