Jan Wagner zrewidował ten Gist 4 years ago. Przejdź do rewizji
1 file changed, 1 insertion
buster2bullseye.sh
| @@ -41,6 +41,7 @@ dpkg --get-selections "*" > ~/curr-pkgs.txt | |||
| 41 | 41 | # unmark packages auto | |
| 42 | 42 | aptitude unmarkauto vim net-tools && \ | |
| 43 | 43 | aptitude unmarkauto libapache2-mpm-itk && \ | |
| 44 | + | aptitude unmarkauto monitoring-plugins-contrib && \ | |
| 44 | 45 | aptitude unmarkauto $(dpkg-query -W 'linux-image-4.19.0*' | cut -f1) | |
| 45 | 46 | ||
| 46 | 47 | # have a look into required and free disk space | |
Jan Wagner zrewidował ten Gist 4 years ago. Przejdź do rewizji
1 file changed, 8 insertions, 8 deletions
buster2bullseye.sh
| @@ -80,6 +80,14 @@ apt upgrade | |||
| 80 | 80 | # chrony update, modify the new config to our needs and place it where it is expected. | |
| 81 | 81 | if [ ! -d /etc/chrony/conf.d/ ]; then mkdir -p /etc/chrony/conf.d/; fi; echo "pool 0.de.pool.ntp.org iburst" > /etc/chrony/conf.d/pool.conf | |
| 82 | 82 | ||
| 83 | + | # (re)configure snmpd | |
| 84 | + | COMMUNITY="$(grep ^rocommunity /etc/snmp/snmpd.conf | cut -d" " -f2)"; \ | |
| 85 | + | if [ -f /etc/snmp/snmpd.conf.dpkg-new ]; then CFG=/etc/snmp/snmpd.conf.dpkg-new; \ | |
| 86 | + | else CFG=/etc/snmp/snmpd.conf; fi | |
| 87 | + | sed -i "s/^agentaddress.*/agentaddress udp:161,udp6:[::1]:161/g" $CFG | |
| 88 | + | sed -i "s/public default/$COMMUNITY default/g" $CFG | |
| 89 | + | grep ^extend /etc/snmp/snmpd.conf >> $CFG | |
| 90 | + | ||
| 83 | 91 | # migrate unattended-upgrades config, modify the new config to our needs and place it where it is expected. | |
| 84 | 92 | # Keep LOCAL config if asked when upgrading (and run this snippet afterwards, when dpkg is not blocked anymore and choose 'package maintainer version' then, cause this is the one we are adjusting here) | |
| 85 | 93 | if [ -f /etc/apt/apt.conf.d/50unattended-upgrades.ucf-old ]; then CFG=/etc/apt/apt.conf.d/50unattended-upgrades.ucf-old; else CFG=/etc/apt/apt.conf.d/50unattended-upgrades; fi && \ | |
| @@ -97,14 +105,6 @@ sed -i 's#//Unattended-Upgrade::MailReport "on-change"#Unattended-Upgrade::MailR | |||
| 97 | 105 | # full-upgrade | |
| 98 | 106 | apt full-upgrade | |
| 99 | 107 | ||
| 100 | - | # (re)configure snmpd | |
| 101 | - | COMMUNITY="$(grep ^rocommunity /etc/snmp/snmpd.conf | cut -d" " -f2)"; \ | |
| 102 | - | if [ -f /etc/snmp/snmpd.conf.dpkg-new ]; then CFG=/etc/snmp/snmpd.conf.dpkg-new; \ | |
| 103 | - | else CFG=/etc/snmp/snmpd.conf; fi | |
| 104 | - | sed -i "s/^agentaddress.*/agentaddress udp:161,udp6:[::1]:161/g" $CFG | |
| 105 | - | sed -i "s/public default/$COMMUNITY default/g" $CFG | |
| 106 | - | grep ^extend /etc/snmp/snmpd.conf >> $CFG | |
| 107 | - | ||
| 108 | 108 | # Migrate (webserver) from php7.3 to php7.4 | |
| 109 | 109 | apt install $(dpkg -l |grep php7.3 | awk '/^i/ { print $2 }' |grep -v ^php7.3-opcache |sed s/php7.3/php/) | |
| 110 | 110 | [ -L /etc/apache2/mods-enabled/mpm_prefork.load ] && a2dismod php7.3 && a2enmod php7.4 && systemctl restart apache2; ls -la /etc/php/7.3/*/conf.d/ | |
Jan Wagner zrewidował ten Gist 4 years ago. Przejdź do rewizji
1 file changed, 14 insertions, 13 deletions
buster2bullseye.sh
| @@ -80,6 +80,20 @@ apt upgrade | |||
| 80 | 80 | # chrony update, modify the new config to our needs and place it where it is expected. | |
| 81 | 81 | if [ ! -d /etc/chrony/conf.d/ ]; then mkdir -p /etc/chrony/conf.d/; fi; echo "pool 0.de.pool.ntp.org iburst" > /etc/chrony/conf.d/pool.conf | |
| 82 | 82 | ||
| 83 | + | # migrate unattended-upgrades config, modify the new config to our needs and place it where it is expected. | |
| 84 | + | # Keep LOCAL config if asked when upgrading (and run this snippet afterwards, when dpkg is not blocked anymore and choose 'package maintainer version' then, cause this is the one we are adjusting here) | |
| 85 | + | if [ -f /etc/apt/apt.conf.d/50unattended-upgrades.ucf-old ]; then CFG=/etc/apt/apt.conf.d/50unattended-upgrades.ucf-old; else CFG=/etc/apt/apt.conf.d/50unattended-upgrades; fi && \ | |
| 86 | + | cp /usr/share/unattended-upgrades/50unattended-upgrades /tmp/ && \ | |
| 87 | + | MAIL=$(grep ^Unattended-Upgrade::Mail $CFG | awk -F\" '{print $2}'); sed -i 's#//Unattended-Upgrade::Mail ".*";#Unattended-Upgrade::Mail "'${MAIL}'";#g' /tmp/50unattended-upgrades && \ | |
| 88 | + | TIME=$(grep ^Unattended-Upgrade::Automatic-Reboot-Time $CFG | awk -F\" '{print $2}'); if [ "${TIME}" != "" ]; then sed -i 's#//Unattended-Upgrade::Automatic-Reboot-Time "02:00"#Unattended-Upgrade::Automatic-Reboot-Time "'${TIME}'"#' /tmp/50unattended-upgrades; fi | |
| 89 | + | sed -i 's#// "origin=Debian,codename=${distro_codename}-updates"# "origin=Debian,codename=${distro_codename}-updates"#' /tmp/50unattended-upgrades && \ | |
| 90 | + | sed -i 's#//Unattended-Upgrade::Remove-Unused-Dependencies "false"#Unattended-Upgrade::Remove-Unused-Dependencies "true"#' /tmp/50unattended-upgrades && \ | |
| 91 | + | sed -i 's#//Unattended-Upgrade::Automatic-Reboot "false"#Unattended-Upgrade::Automatic-Reboot "true"#' /tmp/50unattended-upgrades && \ | |
| 92 | + | sed -i '/codename=..distro_codename.-updates/ s#^//# #' /tmp/50unattended-upgrades && \ | |
| 93 | + | sed -i 's#//Unattended-Upgrade::MailReport "on-change"#Unattended-Upgrade::MailReport "always"#' /tmp/50unattended-upgrades && \ | |
| 94 | + | /bin/bash /usr/bin/ucf --three-way --debconf-ok /tmp/50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades && \ | |
| 95 | + | [ "$CFG" == "/etc/apt/apt.conf.d/50unattended-upgrades.ucf-old" ] && mv $CFG /etc/apt/apt.conf.d/50unattended-upgrades.ucf-save | |
| 96 | + | ||
| 83 | 97 | # full-upgrade | |
| 84 | 98 | apt full-upgrade | |
| 85 | 99 | ||
| @@ -136,19 +150,6 @@ if [ -f /etc/crontab.dpkg-new ]; then CFG=/etc/crontab.dpkg-new; else CFG=/etc/c | |||
| 136 | 150 | sed -i 's#root cd#root perl -e "sleep int(rand(300))" \&\& cd#' $CFG | |
| 137 | 151 | sed -i 's#root\ttest#root\tperl -e "sleep int(rand(3600))" \&\& test#' $CFG | |
| 138 | 152 | ||
| 139 | - | # migrate unattended-upgrades config, modify the new config to our needs and place it where it is expected. | |
| 140 | - | # Keep LOCAL config if asked when upgrading (and run this snippet afterwards, when dpkg is not blocked anymore and choose 'package maintainer version' then, cause this is the one we are adjusting here) | |
| 141 | - | if [ -f /etc/apt/apt.conf.d/50unattended-upgrades.ucf-old ]; then CFG=/etc/apt/apt.conf.d/50unattended-upgrades.ucf-old; else CFG=/etc/apt/apt.conf.d/50unattended-upgrades; fi && \ | |
| 142 | - | cp /usr/share/unattended-upgrades/50unattended-upgrades /tmp/ && \ | |
| 143 | - | MAIL=$(grep ^Unattended-Upgrade::Mail $CFG | awk -F\" '{print $2}'); sed -i 's#//Unattended-Upgrade::Mail ".*";#Unattended-Upgrade::Mail "'${MAIL}'";#g' /tmp/50unattended-upgrades && \ | |
| 144 | - | TIME=$(grep ^Unattended-Upgrade::Automatic-Reboot-Time $CFG | awk -F\" '{print $2}'); if [ "${TIME}" != "" ]; then sed -i 's#//Unattended-Upgrade::Automatic-Reboot-Time "02:00"#Unattended-Upgrade::Automatic-Reboot-Time "'${TIME}'"#' /tmp/50unattended-upgrades; fi | |
| 145 | - | sed -i 's#// "origin=Debian,codename=${distro_codename}-updates"# "origin=Debian,codename=${distro_codename}-updates"#' /tmp/50unattended-upgrades && \ | |
| 146 | - | sed -i 's#//Unattended-Upgrade::Remove-Unused-Dependencies "false"#Unattended-Upgrade::Remove-Unused-Dependencies "true"#' /tmp/50unattended-upgrades && \ | |
| 147 | - | sed -i 's#//Unattended-Upgrade::Automatic-Reboot "false"#Unattended-Upgrade::Automatic-Reboot "true"#' /tmp/50unattended-upgrades && \ | |
| 148 | - | sed -i '/codename=..distro_codename.-updates/ s#^//# #' /tmp/50unattended-upgrades && \ | |
| 149 | - | /bin/bash /usr/bin/ucf --three-way --debconf-ok /tmp/50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades && \ | |
| 150 | - | [ "$CFG" == "/etc/apt/apt.conf.d/50unattended-upgrades.ucf-old" ] && mv $CFG /etc/apt/apt.conf.d/50unattended-upgrades.ucf-save | |
| 151 | - | ||
| 152 | 153 | ## phpmyadmin | |
| 153 | 154 | if [ -f /etc/phpmyadmin/config.inc.php.dpkg-new ]; then CFG=/etc/phpmyadmin/config.inc.php.dpkg-new; \ | |
| 154 | 155 | else CFG=/etc/phpmyadmin/config.inc.php; fi | |
Jan Wagner zrewidował ten Gist 4 years ago. Przejdź do rewizji
1 file changed, 2 insertions, 1 deletion
buster2bullseye.sh
| @@ -84,11 +84,12 @@ if [ ! -d /etc/chrony/conf.d/ ]; then mkdir -p /etc/chrony/conf.d/; fi; echo "po | |||
| 84 | 84 | apt full-upgrade | |
| 85 | 85 | ||
| 86 | 86 | # (re)configure snmpd | |
| 87 | - | COMMUNITY="mycommunity"; \ | |
| 87 | + | COMMUNITY="$(grep ^rocommunity /etc/snmp/snmpd.conf | cut -d" " -f2)"; \ | |
| 88 | 88 | if [ -f /etc/snmp/snmpd.conf.dpkg-new ]; then CFG=/etc/snmp/snmpd.conf.dpkg-new; \ | |
| 89 | 89 | else CFG=/etc/snmp/snmpd.conf; fi | |
| 90 | 90 | sed -i "s/^agentaddress.*/agentaddress udp:161,udp6:[::1]:161/g" $CFG | |
| 91 | 91 | sed -i "s/public default/$COMMUNITY default/g" $CFG | |
| 92 | + | grep ^extend /etc/snmp/snmpd.conf >> $CFG | |
| 92 | 93 | ||
| 93 | 94 | # Migrate (webserver) from php7.3 to php7.4 | |
| 94 | 95 | apt install $(dpkg -l |grep php7.3 | awk '/^i/ { print $2 }' |grep -v ^php7.3-opcache |sed s/php7.3/php/) | |
Jan Wagner zrewidował ten Gist 4 years ago. Przejdź do rewizji
1 file changed, 5 insertions, 5 deletions
buster2bullseye.sh
| @@ -62,11 +62,7 @@ libc6 libraries/restart-without-asking boolean true | |||
| 62 | 62 | EOF | |
| 63 | 63 | /usr/bin/debconf-set-selections /tmp/buster.preseed | |
| 64 | 64 | ||
| 65 | - | # update aptitude and apt first | |
| 66 | - | [ "$(which aptitude)" = "/usr/bin/aptitude" ] && apt install aptitude && \ | |
| 67 | - | [ "$(which apt)" = "/usr/bin/apt" ] && apt install apt | |
| 68 | - | ||
| 69 | - | # transition sshd port changes and adjusted authkeyfile | |
| 65 | + | # transition sshd port changes and adjusted authkeyfile before starting the update | |
| 70 | 66 | if [ ! -d /etc/ssh/sshd_config.d ]; then mkdir -p /etc/ssh/sshd_config.d; fi | |
| 71 | 67 | if [ ! $(grep ^Port /etc/ssh/sshd_config | tee /etc/ssh/sshd_config.d/port.conf | wc -l) -gt 0 ]; then rm /etc/ssh/sshd_config.d/port.conf; fi | |
| 72 | 68 | if [ ! $(grep ^AuthorizedKeysFile /etc/ssh/sshd_config | tee /etc/ssh/sshd_config.d/authorizedkeysfile.conf | wc -l) -gt 0 ]; then rm /etc/ssh/sshd_config.d/authorizedkeysfile.conf ; fi | |
| @@ -74,6 +70,10 @@ if [ ! $(grep ^AuthorizedKeysFile /etc/ssh/sshd_config | tee /etc/ssh/sshd_confi | |||
| 74 | 70 | if [ ! -d /etc/ssh/ssh_config.d ]; then mkdir -p /etc/ssh/ssh_config.d; fi | |
| 75 | 71 | if [ ! $(grep "^ *Port" /etc/ssh/ssh_config | tee /etc/ssh/ssh_config.d/port.conf | wc -l) -gt 0 ]; then rm /etc/ssh/ssh_config.d/port.conf; fi | |
| 76 | 72 | ||
| 73 | + | # update aptitude and apt first | |
| 74 | + | [ "$(which aptitude)" = "/usr/bin/aptitude" ] && apt install aptitude && \ | |
| 75 | + | [ "$(which apt)" = "/usr/bin/apt" ] && apt install apt | |
| 76 | + | ||
| 77 | 77 | # minimal system upgrade | |
| 78 | 78 | apt upgrade | |
| 79 | 79 | ||
Jan Wagner zrewidował ten Gist 4 years ago. Przejdź do rewizji
1 file changed, 3 insertions
buster2bullseye.sh
| @@ -46,6 +46,9 @@ aptitude unmarkauto $(dpkg-query -W 'linux-image-4.19.0*' | cut -f1) | |||
| 46 | 46 | # have a look into required and free disk space | |
| 47 | 47 | apt-get -o APT::Get::Trivial-Only=true dist-upgrade || df -h | |
| 48 | 48 | ||
| 49 | + | # purge already remove packages | |
| 50 | + | apt purge $(dpkg -l | awk '/^rc/ { print $2 }') | |
| 51 | + | ||
| 49 | 52 | # check for a linux-image meta package | |
| 50 | 53 | dpkg -l "linux-image*" | grep ^ii | grep -i meta || echo "Please have a look into https://www.debian.org/releases/bullseye/amd64/release-notes/ch-upgrading.en.html#kernel-metapackage!" | |
| 51 | 54 | # record session | |
Jan Wagner zrewidował ten Gist 4 years ago. Przejdź do rewizji
1 file changed, 2 insertions, 2 deletions
buster2bullseye.sh
| @@ -110,8 +110,8 @@ apt remove libgcc1 && apt full-upgrade | |||
| 110 | 110 | ||
| 111 | 111 | # remove old squeeze packages left around (keep eyes open!) | |
| 112 | 112 | apt autoremove && \ | |
| 113 | - | apt purge $(aptitude search ?obsolete | grep -v -E 'linux-image|mailscanner|phpmyadmin|check-openmanage|check-linux-bonding' | awk '/^i *A/ { print $3 }') && \ | |
| 114 | - | apt purge $(aptitude search ?obsolete | grep -v -E 'linux-image|mailscanner|phpmyadmin|check-openmanage|check-linux-bonding' | awk '/^i/ { print $2 }') && \ | |
| 113 | + | apt purge $(aptitude search ?obsolete | grep -v -E 'linux-image|mailscanner|check-openmanage|check-linux-bonding|webalizer' | awk '/^i *A/ { print $3 }') && \ | |
| 114 | + | apt purge $(aptitude search ?obsolete | grep -v -E 'linux-image|mailscanner|check-openmanage|check-linux-bonding|webalizer' | awk '/^i/ { print $2 }') && \ | |
| 115 | 115 | apt purge $(dpkg -l | grep etch | grep -v xen | grep -v unbound | grep -v finch | awk '/^rc/ { print $2 }') && \ | |
| 116 | 116 | apt purge $(dpkg -l | grep lenny | grep -v xen | awk '/^rc/ { print $2 }') && \ | |
| 117 | 117 | apt purge $(dpkg -l | grep -E 'deb6|squeeze' | grep -v xen | awk '/^rc/ { print $2 }') && \ | |
Jan Wagner zrewidował ten Gist 4 years ago. Przejdź do rewizji
1 file changed, 3 insertions
buster2bullseye.sh
| @@ -105,6 +105,9 @@ DOCKER_VER="$(apt-cache policy docker-ce | grep debian-bullseye | head -1 | awk | |||
| 105 | 105 | # transition icingaweb2 to bullseye package | |
| 106 | 106 | ICINGAWEB2_VER="$(apt-cache policy icingaweb2 | grep "\.bullseye" | head -1 | awk '{print $1}')" && [ -n "${ICINGAWEB2_VER}" ] && apt install icingaweb2=${ICINGAWEB2_VER} icingaweb2-common=${ICINGAWEB2_VER} icingaweb2-module-monitoring=${ICINGAWEB2_VER} php-icinga=${ICINGAWEB2_VER} icingacli=${ICINGAWEB2_VER} | |
| 107 | 107 | ||
| 108 | + | # Remove libgcc1 so cpp-8 can be updated | |
| 109 | + | apt remove libgcc1 && apt full-upgrade | |
| 110 | + | ||
| 108 | 111 | # remove old squeeze packages left around (keep eyes open!) | |
| 109 | 112 | apt autoremove && \ | |
| 110 | 113 | apt purge $(aptitude search ?obsolete | grep -v -E 'linux-image|mailscanner|phpmyadmin|check-openmanage|check-linux-bonding' | awk '/^i *A/ { print $3 }') && \ | |
Jan Wagner zrewidował ten Gist 4 years ago. Przejdź do rewizji
1 file changed, 7 insertions
buster2bullseye.sh
| @@ -80,6 +80,13 @@ if [ ! -d /etc/chrony/conf.d/ ]; then mkdir -p /etc/chrony/conf.d/; fi; echo "po | |||
| 80 | 80 | # full-upgrade | |
| 81 | 81 | apt full-upgrade | |
| 82 | 82 | ||
| 83 | + | # (re)configure snmpd | |
| 84 | + | COMMUNITY="mycommunity"; \ | |
| 85 | + | if [ -f /etc/snmp/snmpd.conf.dpkg-new ]; then CFG=/etc/snmp/snmpd.conf.dpkg-new; \ | |
| 86 | + | else CFG=/etc/snmp/snmpd.conf; fi | |
| 87 | + | sed -i "s/^agentaddress.*/agentaddress udp:161,udp6:[::1]:161/g" $CFG | |
| 88 | + | sed -i "s/public default/$COMMUNITY default/g" $CFG | |
| 89 | + | ||
| 83 | 90 | # Migrate (webserver) from php7.3 to php7.4 | |
| 84 | 91 | apt install $(dpkg -l |grep php7.3 | awk '/^i/ { print $2 }' |grep -v ^php7.3-opcache |sed s/php7.3/php/) | |
| 85 | 92 | [ -L /etc/apache2/mods-enabled/mpm_prefork.load ] && a2dismod php7.3 && a2enmod php7.4 && systemctl restart apache2; ls -la /etc/php/7.3/*/conf.d/ | |
Jan Wagner zrewidował ten Gist 4 years ago. Przejdź do rewizji
1 file changed, 33 insertions, 34 deletions
buster2bullseye.sh
| @@ -74,34 +74,8 @@ if [ ! $(grep "^ *Port" /etc/ssh/ssh_config | tee /etc/ssh/ssh_config.d/port.con | |||
| 74 | 74 | # minimal system upgrade | |
| 75 | 75 | apt upgrade | |
| 76 | 76 | ||
| 77 | - | # randomize crontab | |
| 78 | - | if [ -f /etc/crontab.dpkg-new ]; then CFG=/etc/crontab.dpkg-new; else CFG=/etc/crontab; fi | |
| 79 | - | sed -i 's#root cd#root perl -e "sleep int(rand(300))" \&\& cd#' $CFG | |
| 80 | - | sed -i 's#root\ttest#root\tperl -e "sleep int(rand(3600))" \&\& test#' $CFG | |
| 81 | - | ||
| 82 | 77 | # chrony update, modify the new config to our needs and place it where it is expected. | |
| 83 | - | # Accept MAINTAINERS version (and run this snippet afterwards) | |
| 84 | - | if [ -f /etc/chrony/chrony.conf.new ]; then CFG=/etc/chrony/chrony.conf.new; else CFG=/etc/chrony/chrony.conf; fi | |
| 85 | - | sed s/2.debian.pool/0.de.pool/g /usr/share/chrony/chrony.conf > $CFG | |
| 86 | - | ||
| 87 | - | # migrate unattended-upgrades config, modify the new config to our needs and place it where it is expected. | |
| 88 | - | # Keep LOCAL config if asked when upgrading (and run this snippet afterwards, when dpkg is not blocked anymore and choose 'package maintainer version' then, cause this is the one we are adjusting here) | |
| 89 | - | if [ -f /etc/apt/apt.conf.d/50unattended-upgrades.ucf-old ]; then CFG=/etc/apt/apt.conf.d/50unattended-upgrades.ucf-old; else CFG=/etc/apt/apt.conf.d/50unattended-upgrades; fi && \ | |
| 90 | - | cp /usr/share/unattended-upgrades/50unattended-upgrades /tmp/ && \ | |
| 91 | - | MAIL=$(grep ^Unattended-Upgrade::Mail $CFG | awk -F\" '{print $2}'); sed -i 's#//Unattended-Upgrade::Mail ".*";#Unattended-Upgrade::Mail "'${MAIL}'";#g' /tmp/50unattended-upgrades && \ | |
| 92 | - | TIME=$(grep ^Unattended-Upgrade::Automatic-Reboot-Time $CFG | awk -F\" '{print $2}'); if [ "${TIME}" != "" ]; then sed -i 's#//Unattended-Upgrade::Automatic-Reboot-Time "02:00"#Unattended-Upgrade::Automatic-Reboot-Time "'${TIME}'"#' /tmp/50unattended-upgrades; fi | |
| 93 | - | sed -i 's#// "origin=Debian,codename=${distro_codename}-updates"# "origin=Debian,codename=${distro_codename}-updates"#' /tmp/50unattended-upgrades && \ | |
| 94 | - | sed -i 's#//Unattended-Upgrade::Remove-Unused-Dependencies "false"#Unattended-Upgrade::Remove-Unused-Dependencies "true"#' /tmp/50unattended-upgrades && \ | |
| 95 | - | sed -i 's#//Unattended-Upgrade::Automatic-Reboot "false"#Unattended-Upgrade::Automatic-Reboot "true"#' /tmp/50unattended-upgrades && \ | |
| 96 | - | sed -i '/codename=..distro_codename.-updates/ s#^//# #' /tmp/50unattended-upgrades && \ | |
| 97 | - | /bin/bash /usr/bin/ucf --three-way --debconf-ok /tmp/50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades && \ | |
| 98 | - | [ "$CFG" == "/etc/apt/apt.conf.d/50unattended-upgrades.ucf-old" ] && mv $CFG /etc/apt/apt.conf.d/50unattended-upgrades.ucf-save | |
| 99 | - | ||
| 100 | - | ## phpmyadmin | |
| 101 | - | if [ -f /etc/phpmyadmin/config.inc.php.dpkg-new ]; then CFG=/etc/phpmyadmin/config.inc.php.dpkg-new; \ | |
| 102 | - | else CFG=/etc/phpmyadmin/config.inc.php; fi | |
| 103 | - | sed -i "s/\['auth_type'\] = 'cookie'/\['auth_type'\] = 'http'/" $CFG | |
| 104 | - | sed -i "s#//\$cfg\['Servers'\]\[\$i\]\['auth_type'\] = 'http';#\$cfg['Servers'][\$i]['auth_type'] = 'http';#" $CFG | |
| 78 | + | if [ ! -d /etc/chrony/conf.d/ ]; then mkdir -p /etc/chrony/conf.d/; fi; echo "pool 0.de.pool.ntp.org iburst" > /etc/chrony/conf.d/pool.conf | |
| 105 | 79 | ||
| 106 | 80 | # full-upgrade | |
| 107 | 81 | apt full-upgrade | |
| @@ -118,13 +92,6 @@ rename s/php73/php74/g /etc/nginx/conf.d/*php73*.conf | |||
| 118 | 92 | sed -i s/php7.3-fpm/php7.4-fpm/g /etc/nginx/conf.d/*.conf /etc/nginx/snippets/*.conf /etc/nginx/sites-available/* | |
| 119 | 93 | systemctl restart nginx | |
| 120 | 94 | ||
| 121 | - | # Update old postfix configurations | |
| 122 | - | cp /etc/postfix/main.cf /tmp/main.cf && \ | |
| 123 | - | if [ $(postconf -n smtpd_relay_restrictions | wc -l) -eq 0 ]; then sed -i '/^myhostname.*/i smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination' /etc/postfix/main.cf; fi && \ | |
| 124 | - | if [ -z $(postconf -nh compatibility_level) ]; then sed -iE 's/^readme_directory = no/readme_directory = no\n\n# See http:\/\/www.postfix.org\/COMPATIBILITY_README.html -- default to 2 on\n# fresh installs.\ncompatibility_level = 2\n\n/' /etc/postfix/main.cf; fi && \ | |
| 125 | - | diff -Nur /tmp/postfix/main.cf /etc/postfix/main.cf && \ | |
| 126 | - | postfix reload | |
| 127 | - | ||
| 128 | 95 | # transition docker-ce to bullseye package | |
| 129 | 96 | DOCKER_VER="$(apt-cache policy docker-ce | grep debian-bullseye | head -1 | awk '{print $1}')" && [ -n "${DOCKER_VER}" ] && apt install docker-ce=${DOCKER_VER} docker-ce-cli=${DOCKER_VER} | |
| 130 | 97 | ||
| @@ -149,6 +116,38 @@ apt purge $(dpkg -l | awk '/^rc/ { print $2 }') | |||
| 149 | 116 | reboot && sleep 180; echo u > /proc/sysrq-trigger ; sleep 2 ; echo s > /proc/sysrq-trigger ; sleep 2 ; echo b > /proc/sysrq-trigger | |
| 150 | 117 | ||
| 151 | 118 | ### not needed until now | |
| 119 | + | ||
| 120 | + | # randomize crontab | |
| 121 | + | if [ -f /etc/crontab.dpkg-new ]; then CFG=/etc/crontab.dpkg-new; else CFG=/etc/crontab; fi | |
| 122 | + | sed -i 's#root cd#root perl -e "sleep int(rand(300))" \&\& cd#' $CFG | |
| 123 | + | sed -i 's#root\ttest#root\tperl -e "sleep int(rand(3600))" \&\& test#' $CFG | |
| 124 | + | ||
| 125 | + | # migrate unattended-upgrades config, modify the new config to our needs and place it where it is expected. | |
| 126 | + | # Keep LOCAL config if asked when upgrading (and run this snippet afterwards, when dpkg is not blocked anymore and choose 'package maintainer version' then, cause this is the one we are adjusting here) | |
| 127 | + | if [ -f /etc/apt/apt.conf.d/50unattended-upgrades.ucf-old ]; then CFG=/etc/apt/apt.conf.d/50unattended-upgrades.ucf-old; else CFG=/etc/apt/apt.conf.d/50unattended-upgrades; fi && \ | |
| 128 | + | cp /usr/share/unattended-upgrades/50unattended-upgrades /tmp/ && \ | |
| 129 | + | MAIL=$(grep ^Unattended-Upgrade::Mail $CFG | awk -F\" '{print $2}'); sed -i 's#//Unattended-Upgrade::Mail ".*";#Unattended-Upgrade::Mail "'${MAIL}'";#g' /tmp/50unattended-upgrades && \ | |
| 130 | + | TIME=$(grep ^Unattended-Upgrade::Automatic-Reboot-Time $CFG | awk -F\" '{print $2}'); if [ "${TIME}" != "" ]; then sed -i 's#//Unattended-Upgrade::Automatic-Reboot-Time "02:00"#Unattended-Upgrade::Automatic-Reboot-Time "'${TIME}'"#' /tmp/50unattended-upgrades; fi | |
| 131 | + | sed -i 's#// "origin=Debian,codename=${distro_codename}-updates"# "origin=Debian,codename=${distro_codename}-updates"#' /tmp/50unattended-upgrades && \ | |
| 132 | + | sed -i 's#//Unattended-Upgrade::Remove-Unused-Dependencies "false"#Unattended-Upgrade::Remove-Unused-Dependencies "true"#' /tmp/50unattended-upgrades && \ | |
| 133 | + | sed -i 's#//Unattended-Upgrade::Automatic-Reboot "false"#Unattended-Upgrade::Automatic-Reboot "true"#' /tmp/50unattended-upgrades && \ | |
| 134 | + | sed -i '/codename=..distro_codename.-updates/ s#^//# #' /tmp/50unattended-upgrades && \ | |
| 135 | + | /bin/bash /usr/bin/ucf --three-way --debconf-ok /tmp/50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades && \ | |
| 136 | + | [ "$CFG" == "/etc/apt/apt.conf.d/50unattended-upgrades.ucf-old" ] && mv $CFG /etc/apt/apt.conf.d/50unattended-upgrades.ucf-save | |
| 137 | + | ||
| 138 | + | ## phpmyadmin | |
| 139 | + | if [ -f /etc/phpmyadmin/config.inc.php.dpkg-new ]; then CFG=/etc/phpmyadmin/config.inc.php.dpkg-new; \ | |
| 140 | + | else CFG=/etc/phpmyadmin/config.inc.php; fi | |
| 141 | + | sed -i "s/\['auth_type'\] = 'cookie'/\['auth_type'\] = 'http'/" $CFG | |
| 142 | + | sed -i "s#//\$cfg\['Servers'\]\[\$i\]\['auth_type'\] = 'http';#\$cfg['Servers'][\$i]['auth_type'] = 'http';#" $CFG | |
| 143 | + | ||
| 144 | + | # Update old postfix configurations | |
| 145 | + | cp /etc/postfix/main.cf /tmp/main.cf && \ | |
| 146 | + | if [ $(postconf -n smtpd_relay_restrictions | wc -l) -eq 0 ]; then sed -i '/^myhostname.*/i smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination' /etc/postfix/main.cf; fi && \ | |
| 147 | + | if [ -z $(postconf -nh compatibility_level) ]; then sed -iE 's/^readme_directory = no/readme_directory = no\n\n# See http:\/\/www.postfix.org\/COMPATIBILITY_README.html -- default to 2 on\n# fresh installs.\ncompatibility_level = 2\n\n/' /etc/postfix/main.cf; fi && \ | |
| 148 | + | diff -Nur /tmp/postfix/main.cf /etc/postfix/main.cf && \ | |
| 149 | + | postfix reload | |
| 150 | + | ||
| 152 | 151 | # Upgrade postgres | |
| 153 | 152 | # See also https://www.debian.org/releases/buster/amd64/release-notes/ch-information.de.html#plperl | |
| 154 | 153 | if [ "$(dpkg -l | grep "postgresql-9.4" | awk {'print $2'})" = "postgresql-9.4" ]; then \ | |