gist:a9d3a0cf847d4652b4f394afdff970d2

修訂 683661a56cba643745ac101e5a06ef99731c6956

stretch2buster.sh · 8.5 KiB · Bash 原始檔案

Please also refer to http://www.debian.org/releases/buster/releasenotes and use your brain! # Crossgrading ?!? [ "$(dpkg --print-architecture)" == "i386" ] && echo "How about crossgrading to amd64 as described in https://stbuehler.de/blog/article/2017/06/28/debian_stretch__upgrade_32-bit_to_64-bit.html?" # upgrade to UTF-8 locales (http://www.debian.org/releases/buster/amd64/release-notes/ap-old-stuff.en.html#switch-utf8) dpkg-reconfigure locales # remove unused config file rm -rf /etc/network/options /etc/environment # are there 3rd party packages installed? (https://www.debian.org/releases/buster/amd64/release-notes/ch-upgrading.de.html#system-status) aptitude search '~i(!~ODebian)' # check for ftp protocol in sources lists (https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#deprecation-of-ftp-apt-mirrors) rgrep --color "deb ftp" /etc/apt/sources.list* # Transition and remove entries from older releases sed -i /lenny/d /etc/apt/sources.list* sed -i /sarge/d /etc/apt/sources.list* sed -i /squeeze/d /etc/apt/sources.list* sed -i /wheezy/d /etc/apt/sources.list* sed -i /jessie/d /etc/apt/sources.list* sed -i /volatile/d /etc/apt/sources.list* sed -i /proposed-updates/d /etc/apt/sources.list* # change distro (please move 3rd party sources to /etc/apt/sources.list.d/), maybe look into http://ftp.cyconet.org/debian/sources.list.d/ sed -i s/stretch/buster/g /etc/apt/sources.list* sed -i "s/ stable/ buster/g" /etc/apt/sources.list* sed -i s/stretch/buster/g /etc/apt/preferences* sed -i s/stretch/buster/g /etc/apt/sources.list.d/*stretch* rename s/stretch/buster/g /etc/apt/sources.list.d/*stretch* rgrep --color stretch /etc/apt/sources.list* apt-get update # check package status dpkg --audit aptitude search "~ahold" | grep "^.h" dpkg --get-selections | grep hold # unmark packages auto aptitude unmarkauto vim net-tools && \ aptitude unmarkauto libapache2-mpm-itk && \ aptitude unmarkauto $(dpkg-query -W 'linux-image-4.9.0*' | cut -f1) # have a look into required and free disk space apt-get -o APT::Get::Trivial-Only=true dist-upgrade || df -h # record session script -t 2>~/upgrade-buster.time -a ~/upgrade-buster.script # install our preseed so libc doesn't whine cat > /tmp/stretch.preseed <<EOF libc6 glibc/upgrade boolean true libc6 glibc/restart-services string libc6 libraries/restart-without-asking boolean true EOF /usr/bin/debconf-set-selections /tmp/stretch.preseed # update aptitude first [ "$(which aptitude)" = "/usr/bin/aptitude" ] && aptitude install aptitude && \ [ "$(which apt)" = "/usr/bin/apt" ] && apt install apt # minimal system upgrade aptitude upgrade # randomize crontab if [ -f /etc/crontab.dpkg-new ]; then CFG=/etc/crontab.dpkg-new; else CFG=/etc/crontab; fi sed -i 's#root cd#root perl -e "sleep int(rand(300))" \&\& cd#' $CFG sed -i 's#root\ttest#root\tperl -e "sleep int(rand(3600))" \&\& test#' $CFG # chrony update, modify the new config to our needs and place it where it is expected. # Keep LOCAL config if asked when upgrading if [ -f /etc/chrony/chrony.conf.new ]; then CFG=/etc/chrony/chrony.conf.new; else CFG=/etc/chrony/chrony.conf; fi sed s/2.debian.pool/0.de.pool/g /usr/share/chrony/chrony.conf > $CFG # Fix our ssh pub key package configuration # Accept MAINTAINERS version (and run this snippet afterwards) [ -x /var/lib/dpkg/info/config-openssh-server-authorizedkeys-core.postinst ] && \ /var/lib/dpkg/info/config-openssh-server-authorizedkeys-core.postinst configure # migrate unattended-upgrades config, modify the new config to our needs and place it where it is expected. # Keep LOCAL config if asked when upgrading (and run this snippet afterwards) if [ -f /etc/apt/apt.conf.d/50unattended-upgrades.ucf-old ]; then CFG=/etc/apt/apt.conf.d/50unattended-upgrades.ucf-old; else CFG=/etc/apt/apt.conf.d/50unattended-upgrades; fi && \ cp /usr/share/unattended-upgrades/50unattended-upgrades /tmp/ && \ MAIL=$(grep ^Unattended-Upgrade::Mail $CFG | awk -F\" '{print $2}'); sed -i 's#//Unattended-Upgrade::Mail ".*";#Unattended-Upgrade::Mail "'${MAIL}'";#g' /tmp/50unattended-upgrades && \ TIME=$(grep ^Unattended-Upgrade::Automatic-Reboot-Time $CFG | awk -F\" '{print $2}'); if [ "${TIME}" != "" ]; then sed -i 's#//Unattended-Upgrade::Automatic-Reboot-Time "02:00"#Unattended-Upgrade::Automatic-Reboot-Time "'${TIME}'"#' /tmp/50unattended-upgrades; fi sed -i 's#// "origin=Debian,codename=${distro_codename}-updates"# "origin=Debian,codename=${distro_codename}-updates"#' /tmp/50unattended-upgrades && \ sed -i 's#//Unattended-Upgrade::Remove-Unused-Dependencies "false"#Unattended-Upgrade::Remove-Unused-Dependencies "true"#' /tmp/50unattended-upgrades && \ sed -i 's#//Unattended-Upgrade::Automatic-Reboot "false"#Unattended-Upgrade::Automatic-Reboot "true"#' /tmp/50unattended-upgrades && \ /bin/bash /usr/bin/ucf --three-way --debconf-ok /tmp/50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades && \ [ "$CFG" == "/etc/apt/apt.conf.d/50unattended-upgrades.ucf-old" ] && mv $CFG /etc/apt/apt.conf.d/50unattended-upgrades.ucf-save ## phpmyadmin if [ -f /etc/phpmyadmin/config.inc.php.dpkg-new ]; then CFG=/etc/phpmyadmin/config.inc.php.dpkg-new; \ else CFG=/etc/phpmyadmin/config.inc.php; fi sed -i "s/\['auth_type'\] = 'cookie'/\['auth_type'\] = 'http'/" $CFG sed -i "s#//\$cfg\['Servers'\]\[\$i\]\['auth_type'\] = 'http';#\$cfg['Servers'][\$i]['auth_type'] = 'http';#" $CFG # full-upgrade apt-get dist-upgrade # Migrate (webserver) from php7.0 to php7.3 apt install $(dpkg -l |grep php7.0 | awk '/^i/ { print $2 }' |grep -v ^php7.0-opcache |sed s/php7.0/php/) ls -la /etc/php/7.0/*/conf.d/ # php-fpm tail -10 /etc/php/7.0/fpm/pool.d/www.conf vi /etc/php/7.3/fpm/pool.d/www.conf systemctl disable php7.0-fpm && systemctl stop php7.0-fpm && systemctl restart php7.3-fpm # nginx rename s/php70/php73/g /etc/nginx/conf.d/*php70*.conf sed -i s/php7.0-fpm/php7.3-fpm/g /etc/nginx/conf.d/*.conf /etc/nginx/snippets/*.conf /etc/nginx/sites-available/* systemctl restart nginx # transition docker-ce to buster package DOCKER_VER="$(apt-cache policy docker-ce | grep debian-buster | head -1 | awk '{print $1}')" && [ -n "${DOCKER_VER}" ] && apt install docker-ce=${DOCKER_VER} docker-ce-cli=${DOCKER_VER} # Fixing systemd unit for chrooted unbound (https://bugs.debian.org/931583) mkdir -p /etc/systemd/system/unbound.service.d/ && cat > /etc/systemd/system/unbound.service.d/override.conf <<EOF [Service] BindPaths=/run/systemd/notify:/var/lib/unbound/run/systemd/notify EOF systemctl daemon-reload && systemctl restart unbound # remove old squeeze packages left around (keep eyes open!) apt autoremove && \ apt purge $(aptitude search ?obsolete | grep -v -E 'linux-image|mailscanner|phpmyadmin' | awk '/^i *A/ { print $3 }') && \ apt purge $(aptitude search ?obsolete | grep -v -E 'linux-image|mailscanner|phpmyadmin' | awk '/^i/ { print $2 }') && \ apt purge $(dpkg -l | grep etch | grep -v xen | grep -v unbound | grep -v finch | awk '/^rc/ { print $2 }') && \ apt purge $(dpkg -l | grep lenny | grep -v xen | awk '/^rc/ { print $2 }') && \ apt purge $(dpkg -l | grep -E 'deb6|squeeze' | grep -v xen | awk '/^rc/ { print $2 }') && \ apt purge $(dpkg -l | grep -E 'deb7|wheezy' | grep -v xen | grep -v -E 'linux-image|mailscanner|openswan|debian-security-support' | awk '/^rc/ { print $2 }') && \ apt purge $(dpkg -l | grep -E 'deb8|jessie' | grep -v xen | grep -v -E 'linux-image|debian-security-support' | awk '{ print $2 }') && \ apt purge $(dpkg -l | grep -E 'deb9|stretch' | grep -v xen | grep -v -E 'linux-image|debian-security-support|icinga2' | awk '{ print $2 }') && \ apt -y install deborphan && apt purge $(deborphan | grep -v xen | grep -v -E 'libpam-cracklib|libapache2-mpm-itk') apt purge $(dpkg -l | awk '/^rc/ { print $2 }') # for the brave YoloOps crowd reboot && sleep 180; echo u > /proc/sysrq-trigger ; sleep 2 ; echo s > /proc/sysrq-trigger ; sleep 2 ; echo b > /proc/sysrq-trigger ### not needed until now # Upgrade postgres # See also https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.de.html#plperl if [ "$(dpkg -l | grep "postgresql-9.4" | awk {'print $2'})" = "postgresql-9.4" ]; then \ aptitude install postgresql-9.6 && \ pg_dropcluster --stop 9.6 main && \ /etc/init.d/postgresql stop && \ pg_upgradecluster -v 9.6 9.4 main && \ sed -i "s/^manual/auto/g" /etc/postgresql/9.6/main/start.conf && \ sed -i "s/^port = .*/port = 5432/" /etc/postgresql/9.6/main/postgresql.conf && \ sed -i "s/^shared_buffers = .*/shared_buffers = 128MB/" /etc/postgresql/9.6/main/postgresql.conf && \ /etc/init.d/postgresql restart; \ fi pg_dropcluster 9.4 main

1	Please also refer to http://www.debian.org/releases/buster/releasenotes and use your brain!
2
3	# Crossgrading ?!?
4	[ "$(dpkg --print-architecture)" == "i386" ] && echo "How about crossgrading to amd64 as described in https://stbuehler.de/blog/article/2017/06/28/debian_stretch__upgrade_32-bit_to_64-bit.html?"
5
6	# upgrade to UTF-8 locales (http://www.debian.org/releases/buster/amd64/release-notes/ap-old-stuff.en.html#switch-utf8)
7	dpkg-reconfigure locales
8
9	# remove unused config file
10	rm -rf /etc/network/options /etc/environment
11
12	# are there 3rd party packages installed? (https://www.debian.org/releases/buster/amd64/release-notes/ch-upgrading.de.html#system-status)
13	aptitude search '~i(!~ODebian)'
14
15	# check for ftp protocol in sources lists (https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#deprecation-of-ftp-apt-mirrors)
16	rgrep --color "deb ftp" /etc/apt/sources.list*
17
18	# Transition and remove entries from older releases
19	sed -i /lenny/d /etc/apt/sources.list*
20	sed -i /sarge/d /etc/apt/sources.list*
21	sed -i /squeeze/d /etc/apt/sources.list*
22	sed -i /wheezy/d /etc/apt/sources.list*
23	sed -i /jessie/d /etc/apt/sources.list*
24	sed -i /volatile/d /etc/apt/sources.list*
25	sed -i /proposed-updates/d /etc/apt/sources.list*
26	# change distro (please move 3rd party sources to /etc/apt/sources.list.d/), maybe look into http://ftp.cyconet.org/debian/sources.list.d/
27	sed -i s/stretch/buster/g /etc/apt/sources.list*
28	sed -i "s/ stable/ buster/g" /etc/apt/sources.list*
29	sed -i s/stretch/buster/g /etc/apt/preferences*
30	sed -i s/stretch/buster/g /etc/apt/sources.list.d/stretch
31	rename s/stretch/buster/g /etc/apt/sources.list.d/stretch
32	rgrep --color stretch /etc/apt/sources.list*
33	apt-get update
34
35	# check package status
36	dpkg --audit
37	aptitude search "~ahold" \| grep "^.h"
38	dpkg --get-selections \| grep hold
39
40	# unmark packages auto
41	aptitude unmarkauto vim net-tools && \
42	aptitude unmarkauto libapache2-mpm-itk && \
43	aptitude unmarkauto $(dpkg-query -W 'linux-image-4.9.0*' \| cut -f1)
44
45	# have a look into required and free disk space
46	apt-get -o APT::Get::Trivial-Only=true dist-upgrade \|\| df -h
47
48	# record session
49	script -t 2>~/upgrade-buster.time -a ~/upgrade-buster.script
50
51	# install our preseed so libc doesn't whine
52	cat > /tmp/stretch.preseed <<EOF
53	libc6 glibc/upgrade boolean true
54	libc6 glibc/restart-services string
55	libc6 libraries/restart-without-asking boolean true
56	EOF
57	/usr/bin/debconf-set-selections /tmp/stretch.preseed
58
59	# update aptitude first
60	[ "$(which aptitude)" = "/usr/bin/aptitude" ] && aptitude install aptitude && \
61	[ "$(which apt)" = "/usr/bin/apt" ] && apt install apt
62
63	# minimal system upgrade
64	aptitude upgrade
65
66	# randomize crontab
67	if [ -f /etc/crontab.dpkg-new ]; then CFG=/etc/crontab.dpkg-new; else CFG=/etc/crontab; fi
68	sed -i 's#root cd#root perl -e "sleep int(rand(300))" \&\& cd#' $CFG
69	sed -i 's#root\ttest#root\tperl -e "sleep int(rand(3600))" \&\& test#' $CFG
70
71	# chrony update, modify the new config to our needs and place it where it is expected.
72	# Keep LOCAL config if asked when upgrading
73	if [ -f /etc/chrony/chrony.conf.new ]; then CFG=/etc/chrony/chrony.conf.new; else CFG=/etc/chrony/chrony.conf; fi
74	sed s/2.debian.pool/0.de.pool/g /usr/share/chrony/chrony.conf > $CFG
75
76	# Fix our ssh pub key package configuration
77	# Accept MAINTAINERS version (and run this snippet afterwards)
78	[ -x /var/lib/dpkg/info/config-openssh-server-authorizedkeys-core.postinst ] && \
79	/var/lib/dpkg/info/config-openssh-server-authorizedkeys-core.postinst configure
80
81	# migrate unattended-upgrades config, modify the new config to our needs and place it where it is expected.
82	# Keep LOCAL config if asked when upgrading (and run this snippet afterwards)
83	if [ -f /etc/apt/apt.conf.d/50unattended-upgrades.ucf-old ]; then CFG=/etc/apt/apt.conf.d/50unattended-upgrades.ucf-old; else CFG=/etc/apt/apt.conf.d/50unattended-upgrades; fi && \
84	cp /usr/share/unattended-upgrades/50unattended-upgrades /tmp/ && \
85	MAIL=$(grep ^Unattended-Upgrade::Mail $CFG \| awk -F\" '{print $2}'); sed -i 's#//Unattended-Upgrade::Mail ".*";#Unattended-Upgrade::Mail "'${MAIL}'";#g' /tmp/50unattended-upgrades && \
86	TIME=$(grep ^Unattended-Upgrade::Automatic-Reboot-Time $CFG \| awk -F\" '{print $2}'); if [ "${TIME}" != "" ]; then sed -i 's#//Unattended-Upgrade::Automatic-Reboot-Time "02:00"#Unattended-Upgrade::Automatic-Reboot-Time "'${TIME}'"#' /tmp/50unattended-upgrades; fi
87	sed -i 's#// "origin=Debian,codename=${distro_codename}-updates"# "origin=Debian,codename=${distro_codename}-updates"#' /tmp/50unattended-upgrades && \
88	sed -i 's#//Unattended-Upgrade::Remove-Unused-Dependencies "false"#Unattended-Upgrade::Remove-Unused-Dependencies "true"#' /tmp/50unattended-upgrades && \
89	sed -i 's#//Unattended-Upgrade::Automatic-Reboot "false"#Unattended-Upgrade::Automatic-Reboot "true"#' /tmp/50unattended-upgrades && \
90	/bin/bash /usr/bin/ucf --three-way --debconf-ok /tmp/50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades && \
91	[ "$CFG" == "/etc/apt/apt.conf.d/50unattended-upgrades.ucf-old" ] && mv $CFG /etc/apt/apt.conf.d/50unattended-upgrades.ucf-save
92
93	## phpmyadmin
94	if [ -f /etc/phpmyadmin/config.inc.php.dpkg-new ]; then CFG=/etc/phpmyadmin/config.inc.php.dpkg-new; \
95	else CFG=/etc/phpmyadmin/config.inc.php; fi
96	sed -i "s/\['auth_type'\] = 'cookie'/\['auth_type'\] = 'http'/" $CFG
97	sed -i "s#//\$cfg\['Servers'\]\[\$i\]\['auth_type'\] = 'http';#\$cfg['Servers'][\$i]['auth_type'] = 'http';#" $CFG
98
99	# full-upgrade
100	apt-get dist-upgrade
101
102	# Migrate (webserver) from php7.0 to php7.3
103	apt install $(dpkg -l \|grep php7.0 \| awk '/^i/ { print $2 }' \|grep -v ^php7.0-opcache \|sed s/php7.0/php/)
104	ls -la /etc/php/7.0/*/conf.d/
105	# php-fpm
106	tail -10 /etc/php/7.0/fpm/pool.d/www.conf
107	vi /etc/php/7.3/fpm/pool.d/www.conf
108	systemctl disable php7.0-fpm && systemctl stop php7.0-fpm && systemctl restart php7.3-fpm
109	# nginx
110	rename s/php70/php73/g /etc/nginx/conf.d/php70.conf
111	sed -i s/php7.0-fpm/php7.3-fpm/g /etc/nginx/conf.d/.conf /etc/nginx/snippets/.conf /etc/nginx/sites-available/*
112	systemctl restart nginx
113
114	# transition docker-ce to buster package
115	DOCKER_VER="$(apt-cache policy docker-ce \| grep debian-buster \| head -1 \| awk '{print $1}')" && [ -n "${DOCKER_VER}" ] && apt install docker-ce=${DOCKER_VER} docker-ce-cli=${DOCKER_VER}
116
117	# Fixing systemd unit for chrooted unbound (https://bugs.debian.org/931583)
118	mkdir -p /etc/systemd/system/unbound.service.d/ && cat > /etc/systemd/system/unbound.service.d/override.conf <<EOF
119	[Service]
120	BindPaths=/run/systemd/notify:/var/lib/unbound/run/systemd/notify
121	EOF
122	systemctl daemon-reload && systemctl restart unbound
123
124	# remove old squeeze packages left around (keep eyes open!)
125	apt autoremove && \
126	apt purge $(aptitude search ?obsolete \| grep -v -E 'linux-image\|mailscanner\|phpmyadmin' \| awk '/^i *A/ { print $3 }') && \
127	apt purge $(aptitude search ?obsolete \| grep -v -E 'linux-image\|mailscanner\|phpmyadmin' \| awk '/^i/ { print $2 }') && \
128	apt purge $(dpkg -l \| grep etch \| grep -v xen \| grep -v unbound \| grep -v finch \| awk '/^rc/ { print $2 }') && \
129	apt purge $(dpkg -l \| grep lenny \| grep -v xen \| awk '/^rc/ { print $2 }') && \
130	apt purge $(dpkg -l \| grep -E 'deb6\|squeeze' \| grep -v xen \| awk '/^rc/ { print $2 }') && \
131	apt purge $(dpkg -l \| grep -E 'deb7\|wheezy' \| grep -v xen \| grep -v -E 'linux-image\|mailscanner\|openswan\|debian-security-support' \| awk '/^rc/ { print $2 }') && \
132	apt purge $(dpkg -l \| grep -E 'deb8\|jessie' \| grep -v xen \| grep -v -E 'linux-image\|debian-security-support' \| awk '{ print $2 }') && \
133	apt purge $(dpkg -l \| grep -E 'deb9\|stretch' \| grep -v xen \| grep -v -E 'linux-image\|debian-security-support\|icinga2' \| awk '{ print $2 }') && \
134	apt -y install deborphan && apt purge $(deborphan \| grep -v xen \| grep -v -E 'libpam-cracklib\|libapache2-mpm-itk')
135	apt purge $(dpkg -l \| awk '/^rc/ { print $2 }')
136
137	# for the brave YoloOps crowd
138	reboot && sleep 180; echo u > /proc/sysrq-trigger ; sleep 2 ; echo s > /proc/sysrq-trigger ; sleep 2 ; echo b > /proc/sysrq-trigger
139
140	### not needed until now
141	# Upgrade postgres
142	# See also https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.de.html#plperl
143	if [ "$(dpkg -l \| grep "postgresql-9.4" \| awk {'print $2'})" = "postgresql-9.4" ]; then \
144	aptitude install postgresql-9.6 && \
145	pg_dropcluster --stop 9.6 main && \
146	/etc/init.d/postgresql stop && \
147	pg_upgradecluster -v 9.6 9.4 main && \
148	sed -i "s/^manual/auto/g" /etc/postgresql/9.6/main/start.conf && \
149	sed -i "s/^port = .*/port = 5432/" /etc/postgresql/9.6/main/postgresql.conf && \
150	sed -i "s/^shared_buffers = .*/shared_buffers = 128MB/" /etc/postgresql/9.6/main/postgresql.conf && \
151	/etc/init.d/postgresql restart; \
152	fi
153	pg_dropcluster 9.4 main
154