gist:a9d3a0cf847d4652b4f394afdff970d2

Révision 9c9f424f5a37615ca1c39cc545148f82b18a1504

stretch2buster.sh · 7.9 KiB · Bash Brut

Please also refer to http://www.debian.org/releases/buster/releasenotes and use your brain! # Crossgrading ?!? [ "$(dpkg --print-architecture)" == "i386" ] && echo "How about crossgrading to amd64 as described in https://stbuehler.de/blog/article/2017/06/28/debian_stretch__upgrade_32-bit_to_64-bit.html?" # upgrade to UTF-8 locales (http://www.debian.org/releases/buster/amd64/release-notes/ap-old-stuff.en.html#switch-utf8) dpkg-reconfigure locales # remove unused config file rm -rf /etc/network/options /etc/environment # are there 3rd party packages installed? (https://www.debian.org/releases/buster/amd64/release-notes/ch-upgrading.de.html#system-status) aptitude search '~i(!~ODebian)' # check for ftp protocol in sources lists (https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#deprecation-of-ftp-apt-mirrors) rgrep --color "deb ftp" /etc/apt/sources.list* # Transition and remove entries from older releases sed -i /lenny/d /etc/apt/sources.list* sed -i /sarge/d /etc/apt/sources.list* sed -i /squeeze/d /etc/apt/sources.list* sed -i /wheezy/d /etc/apt/sources.list* sed -i /jessie/d /etc/apt/sources.list* sed -i /volatile/d /etc/apt/sources.list* sed -i /proposed-updates/d /etc/apt/sources.list* # change distro (please move 3rd party sources to /etc/apt/sources.list.d/), maybe look into http://ftp.cyconet.org/debian/sources.list.d/ sed -i s/stretch/buster/g /etc/apt/sources.list* sed -i "s/ stable/ buster/g" /etc/apt/sources.list* sed -i s/stretch/buster/g /etc/apt/preferences* sed -i s/stretch/buster/g /etc/apt/sources.list.d/*stretch* rename s/stretch/buster/g /etc/apt/sources.list.d/*stretch* rgrep --color stretch /etc/apt/sources.list* apt-get update # check package status dpkg --audit aptitude search "~ahold" | grep "^.h" dpkg --get-selections | grep hold # unmark packages auto aptitude unmarkauto vim net-tools && \ aptitude unmarkauto libapache2-mpm-itk && \ aptitude unmarkauto $(dpkg-query -W 'linux-image-4.9.0*' | cut -f1) # have a look into required and free disk space apt-get -o APT::Get::Trivial-Only=true dist-upgrade || df -h # record session script -t 2>~/upgrade-buster.time -a ~/upgrade-buster.script # install our preseed so libc doesn't whine cat > /tmp/stretch.preseed <<EOF libc6 glibc/upgrade boolean true libc6 glibc/restart-services string libc6 libraries/restart-without-asking boolean true EOF /usr/bin/debconf-set-selections /tmp/stretch.preseed # update aptitude first [ "$(which aptitude)" = "/usr/bin/aptitude" ] && aptitude install aptitude && \ [ "$(which apt)" = "/usr/bin/apt" ] && apt install apt # minimal system upgrade aptitude upgrade # randomize crontab if [ -f /etc/crontab.dpkg-new ]; then CFG=/etc/crontab.dpkg-new; else CFG=/etc/crontab; fi sed -i 's#root cd#root perl -e "sleep int(rand(300))" \&\& cd#' $CFG sed -i 's#root\ttest#root\tperl -e "sleep int(rand(3600))" \&\& test#' $CFG # chrony update if [ -f /etc/chrony/chrony.conf.new ]; then CFG=/etc/chrony/chrony.conf.new; else CFG=/etc/chrony/chrony.conf; fi sed -i s/2.debian.pool/0.de.pool/g $CFG # Fix our ssh pub key package configuration [ -x /var/lib/dpkg/info/config-openssh-server-authorizedkeys-core.postinst ] && \ /var/lib/dpkg/info/config-openssh-server-authorizedkeys-core.postinst configure # migrate unattended-upgrades config cp /usr/share/unattended-upgrades/50unattended-upgrades /tmp/ && \ MAIL=$(grep ^Unattended-Upgrade::Mail /etc/apt/apt.conf.d/50unattended-upgrades | awk -F\" '{print $2}'); sed -i 's#//Unattended-Upgrade::Mail ".*";#Unattended-Upgrade::Mail "'${MAIL}'";#g' /tmp/50unattended-upgrades && \ TIME=$(grep ^Unattended-Upgrade::Automatic-Reboot-Time /etc/apt/apt.conf.d/50unattended-upgrades | awk -F\" '{print $2}'); if [ "${TIME}" != "" ]; then sed -i 's#//Unattended-Upgrade::Automatic-Reboot-Time "02:00"#Unattended-Upgrade::Automatic-Reboot-Time "'${TIME}'"#' /tmp/50unattended-upgrades; fi sed -i 's#// "origin=Debian,codename=${distro_codename}-updates"# "origin=Debian,codename=${distro_codename}-updates"#' /tmp/50unattended-upgrades && \ sed -i 's#//Unattended-Upgrade::Remove-Unused-Dependencies "false"#Unattended-Upgrade::Remove-Unused-Dependencies "true"#' /tmp/50unattended-upgrades && \ sed -i 's#//Unattended-Upgrade::Automatic-Reboot "false"#Unattended-Upgrade::Automatic-Reboot "true"#' /tmp/50unattended-upgrades && \ /bin/bash /usr/bin/ucf --three-way --debconf-ok /tmp/50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades ## phpmyadmin if [ -f /etc/phpmyadmin/config.inc.php.dpkg-new ]; then CFG=/etc/phpmyadmin/config.inc.php.dpkg-new; \ else CFG=/etc/phpmyadmin/config.inc.php; fi sed -i "s/\['auth_type'\] = 'cookie'/\['auth_type'\] = 'http'/" $CFG sed -i "s#//\$cfg\['Servers'\]\[\$i\]\['auth_type'\] = 'http';#\$cfg['Servers'][\$i]['auth_type'] = 'http';#" $CFG # full-upgrade apt-get dist-upgrade # Migrate (webserver) from php7.0 to php7.3 apt install $(dpkg -l |grep php7.0 | awk '/^i/ { print $2 }' |grep -v ^php7.0-opcache |sed s/php7.0/php/) ls -la /etc/php/7.0/*/conf.d/ # php-fpm tail -10 /etc/php/7.0/fpm/pool.d/www.conf vi /etc/php/7.3/fpm/pool.d/www.conf systemctl disable php7.0-fpm && systemctl stop php7.0-fpm && systemctl restart php7.3-fpm # nginx rename s/php70/php73/g /etc/nginx/conf.d/*php70*.conf sed -i s/php7.0-fpm/php7.3-fpm/g /etc/nginx/conf.d/*.conf /etc/nginx/snippets/*.conf /etc/nginx/sites-available/* systemctl restart nginx # transition docker-ce to buster package DOCKER_VER="$(apt-cache policy docker-ce | grep debian-buster | head -1 | awk '{print $1}')" && [ -n "${DOCKER_VER}" ] && apt install docker-ce=${DOCKER_VER} docker-ce-cli=${DOCKER_VER} # Fixing systemd unit for chrooted unbound (https://bugs.debian.org/931583) mkdir -p /etc/systemd/system/unbound.service.d/ && cat > /etc/systemd/system/unbound.service.d/override.conf <<EOF [Service] BindPaths=/run/systemd/notify:/var/lib/unbound/run/systemd/notify EOF systemctl daemon-reload && systemctl restart unbound # remove old squeeze packages left around (keep eyes open!) apt autoremove && \ apt purge $(aptitude search ?obsolete | grep -v -E 'linux-image|mailscanner|phpmyadmin' | awk '/^i *A/ { print $3 }') && \ apt purge $(aptitude search ?obsolete | grep -v -E 'linux-image|mailscanner|phpmyadmin' | awk '/^i/ { print $2 }') && \ apt purge $(dpkg -l | grep etch | grep -v xen | grep -v unbound | grep -v finch | awk '/^rc/ { print $2 }') && \ apt purge $(dpkg -l | grep lenny | grep -v xen | awk '/^rc/ { print $2 }') && \ apt purge $(dpkg -l | grep -E 'deb6|squeeze' | grep -v xen | awk '/^rc/ { print $2 }') && \ apt purge $(dpkg -l | grep -E 'deb7|wheezy' | grep -v xen | grep -v -E 'linux-image|mailscanner|openswan|debian-security-support' | awk '/^rc/ { print $2 }') && \ apt purge $(dpkg -l | grep -E 'deb8|jessie' | grep -v xen | grep -v -E 'linux-image|debian-security-support' | awk '{ print $2 }') && \ apt purge $(dpkg -l | grep -E 'deb9|stretch' | grep -v xen | grep -v -E 'linux-image|debian-security-support|icinga2' | awk '{ print $2 }') && \ apt -y install deborphan && apt purge $(deborphan | grep -v xen | grep -v -E 'libpam-cracklib|libapache2-mpm-itk') apt purge $(dpkg -l | awk '/^rc/ { print $2 }') # for the brave YoloOps crowd reboot && sleep 180; echo u > /proc/sysrq-trigger ; sleep 2 ; echo s > /proc/sysrq-trigger ; sleep 2 ; echo b > /proc/sysrq-trigger ### not needed until now # Upgrade postgres # See also https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.de.html#plperl if [ "$(dpkg -l | grep "postgresql-9.4" | awk {'print $2'})" = "postgresql-9.4" ]; then \ aptitude install postgresql-9.6 && \ pg_dropcluster --stop 9.6 main && \ /etc/init.d/postgresql stop && \ pg_upgradecluster -v 9.6 9.4 main && \ sed -i "s/^manual/auto/g" /etc/postgresql/9.6/main/start.conf && \ sed -i "s/^port = .*/port = 5432/" /etc/postgresql/9.6/main/postgresql.conf && \ sed -i "s/^shared_buffers = .*/shared_buffers = 128MB/" /etc/postgresql/9.6/main/postgresql.conf && \ /etc/init.d/postgresql restart; \ fi pg_dropcluster 9.4 main

1	Please also refer to http://www.debian.org/releases/buster/releasenotes and use your brain!
2
3	# Crossgrading ?!?
4	[ "$(dpkg --print-architecture)" == "i386" ] && echo "How about crossgrading to amd64 as described in https://stbuehler.de/blog/article/2017/06/28/debian_stretch__upgrade_32-bit_to_64-bit.html?"
5
6	# upgrade to UTF-8 locales (http://www.debian.org/releases/buster/amd64/release-notes/ap-old-stuff.en.html#switch-utf8)
7	dpkg-reconfigure locales
8
9	# remove unused config file
10	rm -rf /etc/network/options /etc/environment
11
12	# are there 3rd party packages installed? (https://www.debian.org/releases/buster/amd64/release-notes/ch-upgrading.de.html#system-status)
13	aptitude search '~i(!~ODebian)'
14
15	# check for ftp protocol in sources lists (https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#deprecation-of-ftp-apt-mirrors)
16	rgrep --color "deb ftp" /etc/apt/sources.list*
17
18	# Transition and remove entries from older releases
19	sed -i /lenny/d /etc/apt/sources.list*
20	sed -i /sarge/d /etc/apt/sources.list*
21	sed -i /squeeze/d /etc/apt/sources.list*
22	sed -i /wheezy/d /etc/apt/sources.list*
23	sed -i /jessie/d /etc/apt/sources.list*
24	sed -i /volatile/d /etc/apt/sources.list*
25	sed -i /proposed-updates/d /etc/apt/sources.list*
26	# change distro (please move 3rd party sources to /etc/apt/sources.list.d/), maybe look into http://ftp.cyconet.org/debian/sources.list.d/
27	sed -i s/stretch/buster/g /etc/apt/sources.list*
28	sed -i "s/ stable/ buster/g" /etc/apt/sources.list*
29	sed -i s/stretch/buster/g /etc/apt/preferences*
30	sed -i s/stretch/buster/g /etc/apt/sources.list.d/stretch
31	rename s/stretch/buster/g /etc/apt/sources.list.d/stretch
32	rgrep --color stretch /etc/apt/sources.list*
33	apt-get update
34
35	# check package status
36	dpkg --audit
37	aptitude search "~ahold" \| grep "^.h"
38	dpkg --get-selections \| grep hold
39
40	# unmark packages auto
41	aptitude unmarkauto vim net-tools && \
42	aptitude unmarkauto libapache2-mpm-itk && \
43	aptitude unmarkauto $(dpkg-query -W 'linux-image-4.9.0*' \| cut -f1)
44
45	# have a look into required and free disk space
46	apt-get -o APT::Get::Trivial-Only=true dist-upgrade \|\| df -h
47
48	# record session
49	script -t 2>~/upgrade-buster.time -a ~/upgrade-buster.script
50
51	# install our preseed so libc doesn't whine
52	cat > /tmp/stretch.preseed <<EOF
53	libc6 glibc/upgrade boolean true
54	libc6 glibc/restart-services string
55	libc6 libraries/restart-without-asking boolean true
56	EOF
57	/usr/bin/debconf-set-selections /tmp/stretch.preseed
58
59	# update aptitude first
60	[ "$(which aptitude)" = "/usr/bin/aptitude" ] && aptitude install aptitude && \
61	[ "$(which apt)" = "/usr/bin/apt" ] && apt install apt
62
63	# minimal system upgrade
64	aptitude upgrade
65
66	# randomize crontab
67	if [ -f /etc/crontab.dpkg-new ]; then CFG=/etc/crontab.dpkg-new; else CFG=/etc/crontab; fi
68	sed -i 's#root cd#root perl -e "sleep int(rand(300))" \&\& cd#' $CFG
69	sed -i 's#root\ttest#root\tperl -e "sleep int(rand(3600))" \&\& test#' $CFG
70
71	# chrony update
72	if [ -f /etc/chrony/chrony.conf.new ]; then CFG=/etc/chrony/chrony.conf.new; else CFG=/etc/chrony/chrony.conf; fi
73	sed -i s/2.debian.pool/0.de.pool/g $CFG
74
75	# Fix our ssh pub key package configuration
76	[ -x /var/lib/dpkg/info/config-openssh-server-authorizedkeys-core.postinst ] && \
77	/var/lib/dpkg/info/config-openssh-server-authorizedkeys-core.postinst configure
78
79	# migrate unattended-upgrades config
80	cp /usr/share/unattended-upgrades/50unattended-upgrades /tmp/ && \
81	MAIL=$(grep ^Unattended-Upgrade::Mail /etc/apt/apt.conf.d/50unattended-upgrades \| awk -F\" '{print $2}'); sed -i 's#//Unattended-Upgrade::Mail ".*";#Unattended-Upgrade::Mail "'${MAIL}'";#g' /tmp/50unattended-upgrades && \
82	TIME=$(grep ^Unattended-Upgrade::Automatic-Reboot-Time /etc/apt/apt.conf.d/50unattended-upgrades \| awk -F\" '{print $2}'); if [ "${TIME}" != "" ]; then sed -i 's#//Unattended-Upgrade::Automatic-Reboot-Time "02:00"#Unattended-Upgrade::Automatic-Reboot-Time "'${TIME}'"#' /tmp/50unattended-upgrades; fi
83	sed -i 's#// "origin=Debian,codename=${distro_codename}-updates"# "origin=Debian,codename=${distro_codename}-updates"#' /tmp/50unattended-upgrades && \
84	sed -i 's#//Unattended-Upgrade::Remove-Unused-Dependencies "false"#Unattended-Upgrade::Remove-Unused-Dependencies "true"#' /tmp/50unattended-upgrades && \
85	sed -i 's#//Unattended-Upgrade::Automatic-Reboot "false"#Unattended-Upgrade::Automatic-Reboot "true"#' /tmp/50unattended-upgrades && \
86	/bin/bash /usr/bin/ucf --three-way --debconf-ok /tmp/50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades
87
88	## phpmyadmin
89	if [ -f /etc/phpmyadmin/config.inc.php.dpkg-new ]; then CFG=/etc/phpmyadmin/config.inc.php.dpkg-new; \
90	else CFG=/etc/phpmyadmin/config.inc.php; fi
91	sed -i "s/\['auth_type'\] = 'cookie'/\['auth_type'\] = 'http'/" $CFG
92	sed -i "s#//\$cfg\['Servers'\]\[\$i\]\['auth_type'\] = 'http';#\$cfg['Servers'][\$i]['auth_type'] = 'http';#" $CFG
93
94	# full-upgrade
95	apt-get dist-upgrade
96
97	# Migrate (webserver) from php7.0 to php7.3
98	apt install $(dpkg -l \|grep php7.0 \| awk '/^i/ { print $2 }' \|grep -v ^php7.0-opcache \|sed s/php7.0/php/)
99	ls -la /etc/php/7.0/*/conf.d/
100	# php-fpm
101	tail -10 /etc/php/7.0/fpm/pool.d/www.conf
102	vi /etc/php/7.3/fpm/pool.d/www.conf
103	systemctl disable php7.0-fpm && systemctl stop php7.0-fpm && systemctl restart php7.3-fpm
104	# nginx
105	rename s/php70/php73/g /etc/nginx/conf.d/php70.conf
106	sed -i s/php7.0-fpm/php7.3-fpm/g /etc/nginx/conf.d/.conf /etc/nginx/snippets/.conf /etc/nginx/sites-available/*
107	systemctl restart nginx
108
109	# transition docker-ce to buster package
110	DOCKER_VER="$(apt-cache policy docker-ce \| grep debian-buster \| head -1 \| awk '{print $1}')" && [ -n "${DOCKER_VER}" ] && apt install docker-ce=${DOCKER_VER} docker-ce-cli=${DOCKER_VER}
111
112	# Fixing systemd unit for chrooted unbound (https://bugs.debian.org/931583)
113	mkdir -p /etc/systemd/system/unbound.service.d/ && cat > /etc/systemd/system/unbound.service.d/override.conf <<EOF
114	[Service]
115	BindPaths=/run/systemd/notify:/var/lib/unbound/run/systemd/notify
116	EOF
117	systemctl daemon-reload && systemctl restart unbound
118
119	# remove old squeeze packages left around (keep eyes open!)
120	apt autoremove && \
121	apt purge $(aptitude search ?obsolete \| grep -v -E 'linux-image\|mailscanner\|phpmyadmin' \| awk '/^i *A/ { print $3 }') && \
122	apt purge $(aptitude search ?obsolete \| grep -v -E 'linux-image\|mailscanner\|phpmyadmin' \| awk '/^i/ { print $2 }') && \
123	apt purge $(dpkg -l \| grep etch \| grep -v xen \| grep -v unbound \| grep -v finch \| awk '/^rc/ { print $2 }') && \
124	apt purge $(dpkg -l \| grep lenny \| grep -v xen \| awk '/^rc/ { print $2 }') && \
125	apt purge $(dpkg -l \| grep -E 'deb6\|squeeze' \| grep -v xen \| awk '/^rc/ { print $2 }') && \
126	apt purge $(dpkg -l \| grep -E 'deb7\|wheezy' \| grep -v xen \| grep -v -E 'linux-image\|mailscanner\|openswan\|debian-security-support' \| awk '/^rc/ { print $2 }') && \
127	apt purge $(dpkg -l \| grep -E 'deb8\|jessie' \| grep -v xen \| grep -v -E 'linux-image\|debian-security-support' \| awk '{ print $2 }') && \
128	apt purge $(dpkg -l \| grep -E 'deb9\|stretch' \| grep -v xen \| grep -v -E 'linux-image\|debian-security-support\|icinga2' \| awk '{ print $2 }') && \
129	apt -y install deborphan && apt purge $(deborphan \| grep -v xen \| grep -v -E 'libpam-cracklib\|libapache2-mpm-itk')
130	apt purge $(dpkg -l \| awk '/^rc/ { print $2 }')
131
132	# for the brave YoloOps crowd
133	reboot && sleep 180; echo u > /proc/sysrq-trigger ; sleep 2 ; echo s > /proc/sysrq-trigger ; sleep 2 ; echo b > /proc/sysrq-trigger
134
135	### not needed until now
136	# Upgrade postgres
137	# See also https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.de.html#plperl
138	if [ "$(dpkg -l \| grep "postgresql-9.4" \| awk {'print $2'})" = "postgresql-9.4" ]; then \
139	aptitude install postgresql-9.6 && \
140	pg_dropcluster --stop 9.6 main && \
141	/etc/init.d/postgresql stop && \
142	pg_upgradecluster -v 9.6 9.4 main && \
143	sed -i "s/^manual/auto/g" /etc/postgresql/9.6/main/start.conf && \
144	sed -i "s/^port = .*/port = 5432/" /etc/postgresql/9.6/main/postgresql.conf && \
145	sed -i "s/^shared_buffers = .*/shared_buffers = 128MB/" /etc/postgresql/9.6/main/postgresql.conf && \
146	/etc/init.d/postgresql restart; \
147	fi
148	pg_dropcluster 9.4 main
149