#!/bin/bash # _____ _ _ # | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ # | __| _| -_| -_| . | . | | . | . | | -_| # |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # # Freedom in the Cloud # # Command to upgrade the system # # License # ======= # # Copyright (C) 2015-2018 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . PROJECT_NAME='freedombone' PROJECT_DIR="$HOME/${PROJECT_NAME}" # An optional configuration file which overrides some of these variables CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg" PROJECT_REPO="https://code.freedombone.net/bashrc/${PROJECT_NAME}" CURRENT_BRANCH=master # Is letsencrypt updating its certificates? # If yes then skip the upgrade to avoid any collisions if [ -f ~/temp_renewletsencrypt.txt ]; then exit 0 fi UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*" for f in $UTILS_FILES do source "$f" done source "/usr/share/${PROJECT_NAME}/base/${PROJECT_NAME}-base-email" read_config_param PROJECT_REPO if [[ "$PROJECT_REPO" == "https://github.com/bashrc/${PROJECT_NAME}" ]]; then PROJECT_REPO="https://code.freedombone.net/bashrc/${PROJECT_NAME}" write_config_param PROJECT_REPO fi read_config_param DEVELOPMENT_BRANCH read_config_param DEFAULT_DOMAIN_NAME DEVELOPMENT_BRANCH=master write_config_param "DEVELOPMENT_BRANCH" "$DEVELOPMENT_BRANCH" if [ $DEVELOPMENT_BRANCH ]; then if [ ${#DEVELOPMENT_BRANCH} -gt 0 ]; then CURRENT_BRANCH=$DEVELOPMENT_BRANCH fi fi # upgrading file prevents USB canary or other jobs from activating rm -rf /tmp/* touch /tmp/.upgrading if [ -f /usr/bin/backupdatabases ]; then if grep -q "cat /root/dbpass" /usr/bin/backupdatabases; then # update to using the password manager sed -i "s|cat /root/dbpass|${PROJECT_NAME}-pass -u root -a mariadb|g" /usr/bin/backupdatabases fi fi #update-ca-certificates if [ ! -d "$PROJECT_DIR" ]; then git_clone "$PROJECT_REPO" "$PROJECT_DIR" fi if [ -d "$PROJECT_DIR" ]; then if [ -f "$CONFIGURATION_FILE" ]; then cd "$PROJECT_DIR" || exit 246823484 rm -rf "$PROJECT_DIR/locale/"* if [[ "$CURRENT_BRANCH" == *"master" ]]; then git_pull $PROJECT_REPO else git_pull $PROJECT_REPO origin/$DEVELOPMENT_BRANCH fi git checkout stretch make install if [ -d /usr/share/${PROJECT_NAME} ]; then chown -R root:root /usr/share/${PROJECT_NAME} chmod -R +r /usr/share/${PROJECT_NAME} fi if ! ${PROJECT_NAME} -c "$CONFIGURATION_FILE"; then rm /tmp/.upgrading exit 453536 fi #rebuild_exim_with_socks install_dynamicdns torrc_migrate nodejs_upgrade apt-get -yq -t stretch-backports install certbot email_install_tls email_disable_chunking remove_ip_addresses_from_email_logs rm /etc/exim4/exim4.conf.template.bak* email_update_onion_domain prevent_mail_process_overrun android_update_apps yes #defrag_filesystem # reinstall tor from backports tor_version=$(tor --version) if [[ "$tor_version" == *' 0.2'* ]]; then echo 'N' | apt-get -yq -t stretch-backports install tor systemctl restart tor fi fi fi # If logging was left on then turn it off ${PROJECT_NAME}-logging off # This is a hack to fix nginx failures which happen sometimes # when matrix is installed if [ -d /etc/matrix ]; then systemctl restart matrix systemctl restart nginx fi # upgrading file prevents USB canary from activating if [ -f /tmp/.upgrading ]; then rm /tmp/.upgrading fi # deliberately there is no 'exit 0' here