#!/bin/bash
#
# Upgrade IPCop
#

UPGRADEVERSION=2.1.8
PREVIOUSVERSION=2.1.7


msg() {
    /usr/bin/logger -t installpackage "$*"
    /bin/echo "$*"
}


# Verify architecture
MACHINE=`/usr/bin/perl -e "require '/usr/lib/ipcop/general-functions.pl';print \\$General::machine;"`
if [ "$MACHINE" != `/bin/cat ./ARCH` ]; then
    msg "Update for wrong architecture: `/bin/cat ./ARCH`! We are: $MACHINE. Aborting installation."
    exit 1
fi

# Verify version, note we also accept replaying an upgrade
CURRENTVERSION=`/usr/bin/perl -e "require '/usr/lib/ipcop/general-functions.pl';print \\$General::version;"`
if [ "$CURRENTVERSION" != "$PREVIOUSVERSION" -a "$CURRENTVERSION" != "$UPGRADEVERSION" ]; then
    msg "IPCop v$PREVIOUSVERSION or v$UPGRADEVERSION not running. Aborting installation."
    exit 1
fi

# Stop fcron, to keep tasks from running during update
FCRONPID=`cat /var/run/fcron.pid`
/bin/kill $FCRONPID
COUNT=120

while [ -e /var/run/fcron.pid -a ${COUNT} -ge 0 ]
do
    sleep 1
    COUNT=$(( ${COUNT} - 1 ))
done

if [ -e /var/run/fcron.pid ]; then
    msg "kill fcron, still running after 30 seconds"
    /bin/kill -KILL $FCRONPID
fi

#####
#
# Add version specific handling *before* unpacking the patch here.
# For example stopping dnsmasq(required before update), squid, etc...
#
#####



#####
#
# End of version specific handling. Continue with universal stuff.
#
#####

FAILURE=0
/bin/tar -zxpf patch.tar.gz -C /
FAILURE=$?
if [ $FAILURE -ne 0 ]; then
    msg "Error extracting patch.tar.gz $1, need more free space on disk. Aborting."
    exit 4 # ERRORTAR
fi

# Modify or remove line below, depending on update
# Update bootloader config
# /usr/local/sbin/updatekernel.pl --add 2.6.32-2 --keep 2.6.32-1 --remove 2.6.32-0

# Modify or remove line below, depending on update
# Create the new initramfs
# /sbin/mkinitramfs --with-kernel=2.6.32-2 --with-firmware --many-modules --with-list=/etc/modules.initramfs

# Adjust the changed config files
/usr/local/bin/upgrade.sh

# Remove certificates
/bin/rm -f /usr/share/ca-certificates/mozilla/Entrust.net_Secure_Server_CA.crt
/bin/rm -f /usr/share/ca-certificates/mozilla/RSA_Root_Certificate_1.crt
/bin/rm -f /usr/share/ca-certificates/mozilla/TDC_Internet_Root_CA.crt
/bin/rm -f /usr/share/ca-certificates/mozilla/ValiCert_Class_1_VA.crt
/bin/rm -f /usr/share/ca-certificates/mozilla/ValiCert_Class_2_VA.crt

# Remove old libraries (version specific)
/bin/rm -f /usr/lib/libapr-1.so.0.5.0
/bin/rm -f /usr/lib/libbind9.so.90
/bin/rm -f /usr/lib/libbind9.so.90.0.9
/bin/rm -f /usr/lib/libdns.so.100
/bin/rm -f /usr/lib/libdns.so.100.2.2
/bin/rm -f /usr/lib/libisc.so.95
/bin/rm -f /usr/lib/libisc.so.95.5.0
/bin/rm -f /usr/lib/libisccc.so.90
/bin/rm -f /usr/lib/libisccc.so.90.0.6
/bin/rm -f /usr/lib/libisccfg.so.90
/bin/rm -f /usr/lib/libisccfg.so.90.1.0
/bin/rm -f /usr/lib/liblwres.so.90
/bin/rm -f /usr/lib/liblwres.so.90.0.7
/bin/rm -f /usr/lib/libcairo.so.2.11200.16
/bin/rm -f /usr/lib/libdb-6.0.so
/bin/rm -f /usr/lib/libfreetype.so.6.11.2
/bin/rm -f /usr/lib/libharfbuzz.so.0.927.0
/bin/rm -f /usr/lib/libgssrpc.so.4
/bin/rm -f /usr/lib/libgssrpc.so.4.1
/bin/rm -f /usr/lib/libkdb5.so.6
/bin/rm -f /usr/lib/libkdb5.so.6.0
/bin/rm -f /usr/lib/liblber-2.4.so.2.10.2
/bin/rm -f /usr/lib/libldap-2.4.so.2.10.2
/bin/rm -f /usr/lib/libpcap.so.1.5.3
/bin/rm -f /usr/lib/libpci.so.3.2.1
/bin/rm -f /usr/lib/libpcre.so.1.2.2
/bin/rm -f /usr/lib/libpng16.so.16.10.0
/bin/rm -f /usr/lib/libxml2.so.2.9.1
/bin/rm -f /usr/lib/libpango-1.0.so.0.3600.3
/bin/rm -f /usr/lib/libpangocairo-1.0.so.0.3600.3
/bin/rm -f /usr/lib/libpangoft2-1.0.so.0.3600.3
/bin/rm -f /usr/lib/libpixman-1.so.0.32.4
/bin/rm -f /lib/libprocps.so.3
/bin/rm -f /lib/libprocps.so.3.0.0
/bin/rm -f /usr/lib/librrd.so.4.2.1
/bin/rm -f /usr/lib/librrd_th.so.4.2.1

# For new shared libs. May not always be required, but makes sure we do not forget
/sbin/ldconfig

#####
#
# Add version specific handling *after* unpacking the patch here.
# For example restarting apache, squid, etc...
#
#####

# Restart ntp daemon
if [ -e /var/run/ntpd.pid ]; then
    /usr/local/bin/restartntpd
fi

# Use new apache
/usr/local/bin/restarthttpd restart &

# Restart OpenVPN server
if [ -e /var/run/openvpn.pid ]; then
    /usr/local/bin/openvpnctrl --restart
fi

# restart squid (helper checks whether squid is enabled)
/usr/local/bin/restartsquid

# CA certificate bundle
/usr/sbin/update-ca-certificates --fresh

#####
#
# End of version specific handling. Continue with universal stuff.
#
#####

# Restart fcron
if [ -e /etc/FLASH ]; then
    /usr/sbin/fcron -s 86400
else
    /usr/sbin/fcron
fi

# Patch general-functions.pl
/bin/sed -i -e "s+^\(\$General::version\s*=\s*\).*+\1'$UPGRADEVERSION';+" /usr/lib/ipcop/general-functions.pl
# Patch /etc/issue
/bin/sed -i -e "s+$PREVIOUSVERSION+$UPGRADEVERSION+" /etc/issue

# Update menu
/usr/local/bin/updatemenu.pl

msg "$UPGRADEVERSION update installed."
