├── README.md ├── expectedreposlines.txt ├── repolines.sh ├── LICENSE └── distrorejuve.sh /README.md: -------------------------------------------------------------------------------- 1 | # distrorejuve 2 | 3 | ## Summary 4 | distrorejuve is a utility that helps with upgrading distros. It works on a number of different distros (Ubuntu, 5 | Debian, Centos). It uses apt, yum and repository corrections as appropriate. It can dist upgrade between 6 | multiple versions for Ubuntu and Debian. It can convert (some) distros from 32bit to 64 bit (a cross grade). 7 | 8 | If you are using the script to make changes, please take a full backup first. 9 | 10 | Example usage to download the latest version of the script, then dist upgrade to latest Debian or Ubuntu disto. 11 | 12 | ```bash 13 | wget -O distrorejuve.sh --no-check-certificate https://raw.githubusercontent.com/pbkwee/distrorejuve/master/distrorejuve.sh 14 | 15 | sudo nohup bash -x distrorejuve.sh --dist-upgrade 2>&1 | tee -a distrorejuve.log | egrep -v '^\+' 16 | ```` 17 | 18 | ## Use Cases 19 | - Enable lts archive for Debian squeeze servers and old-releases for Ubuntu 20 | - Dist upgrade Ubuntu distros to the next LTS version. Then from LTS version to LTS version. 21 | - On completion provides information on config changes (modified config files, changed ports, changed packages, changed running processes) 22 | - Install missing Debian keys 23 | - Handles a few common Apache config issues after a distro upgrade. 24 | - Designed to run unattended without lots of prompting. 25 | - Burgeoning support to cross grade 32 bit distros to 64 bit 26 | - Show/remove cruft to permit tidy up of packages installed from non-current (old) repositories 27 | 28 | ### Arguments 29 | 30 | Run with… 31 | * `--check` (or no argument) makes no changes. Reports information like disk space free, kernel, distro version, config files modified from package defaults. 32 | * `--dist-upgrade` run an upgrade, followed by dist-upgrading ubuntu distros to the latest lts or debian distros to latest debian. 33 | * `--upgrade` to run a yum upgrade or apt-get upgrade (fixing up repos, etc where we can). no distro version change. 34 | * `--dist-update` to update packages on the current distro version (no distro version change). 35 | * `--show-changes` to report the differences pre/post upgrading (packages installed, config files, ports, etc). 36 | * `--show-cruft` to see packages that do not belong to the current distro. e.g. leftover packages from older distros. And to see 32 bit packages installed on 64 bit distros. 37 | * `--remove-cruft` to remove old packages and 32 bit applications on 64 bit distros. 38 | * `--remove-deprecated-packages` to remove old packages 39 | * `--to-64bit` to convert a 32 bit distro to 64 bit. 40 | _NEW_ as at 2018-03/not so bullet-proof. Only tested so far with Debian not Ubuntu. 41 | * `--to-wheezy` to get from squeeze to wheezy 42 | * `--to-jessie` to get from an older distro to jessie 43 | * `--to-latest-debian` to get from squeeze or lenny or wheezy or jessie or stretch or buster to bullseye 11 44 | * `--to-debian-release [6-11]` to get from your current version to the specified version 45 | * `--to-latest-lts` to get from an ubuntu distro to the most recent ubuntu lts version 46 | * `--to-next-ubuntu` to get from an ubuntu distro to the next ubuntu version. If the current ubuntu is an LTS version then this skips to the next LTS version. 47 | * `--fix-vuln` to try and fix your server (doing minimal change e.g. just an apt-get install of the affected package). 48 | * `--break-eggs` will run a `--dist-upgrade` if the server is vulnerable. 49 | * `--pause` to pause a distro rejuve running process (`touch ~/distrorejuve.pause`). Triggers 30s sleeps at key points in the script. 50 | * `--resume` to resume a paused distro rejuve running process (`rm -f ~/distrorejuve.pause`) 51 | 52 | Use with `--source` if you just wish to have the distrorejuve functions available to you for testing 53 | 54 | ## Notes 55 | 56 | Written by Peter Bryant at http://launchtimevps.com 57 | 58 | Latest version (or thereabouts) will be available at https://github.com/pbkwee/distrorejuve 59 | -------------------------------------------------------------------------------- /expectedreposlines.txt: -------------------------------------------------------------------------------- 1 | deb ftp://mirrors.usc.edu/pub/linux/distributions/debian/ foobar main contrib non-free 2 | deb http://archive.debian.org/debian-archive/debian-security/ foobar/updates main contrib non-free 3 | deb http://archive.debian.org/debian foobar main 4 | deb http://archive.debian.org/debian foobar main contrib 5 | deb http://archive.debian.org/debian foobar main 6 | deb http://archive.debian.org/debian/ foobar main contrib non-free 7 | deb http://archive.debian.org/debian foobar non-free 8 | deb http://archive.debian.org/debian-security foobar/updates main contrib non-free 9 | deb http://archive.debian.org/debian-security foobar/updates main contrib non-free 10 | deb http://archive.debian.org/debian-security foobar/updates main contrib non-free 11 | deb http://archive.debian.org/debian-volatile foobar/volatile main contrib non-free 12 | deb http://archive.debian.org/debian foobar contrib main non-free 13 | deb http://archive.debian.org/debian foobar main contrib non-free 14 | deb http://archive.ubuntu.com/ubuntu foobar main restricted 15 | deb http://archive.ubuntu.com/ubuntu foobar multiverse 16 | deb http://archive.ubuntu.com/ubuntu foobar universe 17 | deb http://debian.example.net.nz/debian foobar awm 18 | deb http://download.webmin.com/download/repository foobar contrib # disabled on upgrade to raring 19 | deb http://ftp.au.debian.org/debian foobar main contrib 20 | deb http://ftp.debian.org/debian/ foobar main non-free 21 | deb http://ftp.debian.org/debian/ foobar main contrib non-free 22 | deb http://ftp.es.debian.org/debian/ foobar main contrib non-free 23 | deb http://ftp.nz.debian.org/debian/ foobar main 24 | deb http://ftp.example.jp/Linux/debian/debian-archive/debian foobar main contrib non-free 25 | deb http://ftp.uk.debian.org/debian foobar main contrib non-free 26 | deb http://ftp.us.debian.org/debian foobar main contrib 27 | deb http://ftp.us.debian.org/debian foobar main contrib 28 | deb http://ftp.us.debian.org/debian foobar main contrib non-free 29 | deb http://http.us.debian.org/debian foobar main 30 | deb http://http.us.debian.org/debian foobar main contrib non-free 31 | deb http://non-us.debian.org/debian-non-US foobar/non-US main contrib non-free 32 | deb http://packages.dotdeb.org foobar all 33 | deb http://php53.dotdeb.org foobar all 34 | deb http://security.debian.org foobar/updates main contrib non-free 35 | deb http://security.debian.org/ foobar/updates main 36 | deb http://security.debian.org foobar/updates main contrib non-free 37 | deb http://security.debian.org/ foobar/updates main 38 | deb http://security.debian.org foobar/updates main contrib non-free 39 | deb http://volatile.debian.net/debian-volatile foobar/volatile main contrib non-free 40 | deb http://volatile.debian.org/debian-volatile foobar/volatile main 41 | deb http://webmin.mirror.example.co.uk/repository foobar contrib 42 | deb http://www.debian-multimedia.org foobar main 43 | deb http://www.debian-multimedia.org foobar main 44 | deb http://www.example.com/debian foobar main 45 | deb http://www.example.com/downloads/linux/debian foobar main 46 | deb http://archive.debian.org/debian foobar main contrib non-free 47 | deb http://archive.debian.org/debian-security/ foobar/updates main contrib non-free 48 | deb http://archive.debian.org/debian/ foobar main non-free contrib 49 | deb http://download.webmin.com/download/repository foobar contrib 50 | deb http://ftp.us.debian.org/debian/ foobar main contrib non-free 51 | deb http://packages.dotdeb.org foobar all 52 | deb http://archive.debian.org/debian-archive/debian/ foobar main contrib non-free 53 | deb http://archive.debian.org/debian foobar main contrib non-free 54 | deb http://ftp.nz.debian.org/debian foobar main contrib 55 | deb http://archive.debian.org/debian-archive/debian foobar main contrib non-free 56 | deb http://archive.debian.org/ foobar/updates main 57 | deb http://ftp.us.debian.org/debian/ foobar main non-free contrib 58 | deb http://http.us.debian.org/debian foobar main contrib non-free 59 | deb http://security.debian.org/ foobar/updates main non-free contrib 60 | deb http://archive.debian.org/debian/ foobar main non-free contrib 61 | deb http://archive.debian.org/debian-security foobar/updates main 62 | deb http://archive.debian.org/debian foobar main contrib non-free 63 | deb http://archive.debian.org/debian foobar main contrib 64 | deb http://archive.debian.org/debian/ foobar main non-free contrib 65 | deb http://ftp.us.debian.org/debian/ foobar main contrib non-free 66 | deb http://packages.example.com/example/ foobar/ 67 | deb http://security.debian.org/ foobar/updates main contrib non-free 68 | deb http://archive.debian.org/debian/ foobar main non-free contrib 69 | -------------------------------------------------------------------------------- /repolines.sh: -------------------------------------------------------------------------------- 1 | # a script to test processing/handling of various repository lines we are expected to see 2 | # to test 3 | # bash repolines.sh | grep -v '==='>b ; diff expectedreposlines.txt b; rm -f b 4 | 5 | declare -a REPOSLINES=(" deb file:///usr/local/packages/ stable main" \ 6 | " deb file:/var/cache/apt-build/repository apt-build main" \ 7 | " deb ftp://mirrors.usc.edu/pub/linux/distributions/debian/ lenny main contrib non-free" \ 8 | " deb http://archive.debian.org/debian-archive/debian-security/ lenny/updates main contrib non-free" \ 9 | " deb http://archive.debian.org/debian-backports lenny-backports main" \ 10 | " deb http://archive.debian.org/debian etch main" \ 11 | " deb http://archive.debian.org/debian etch main contrib" \ 12 | " deb http://archive.debian.org/debian lenny main" \ 13 | " deb http://archive.debian.org/debian/ lenny main contrib non-free" \ 14 | " deb http://archive.debian.org/debian lenny non-free" \ 15 | " deb http://archive.debian.org/debian-security etch/updates main contrib non-free" \ 16 | " deb http://archive.debian.org/debian-security lenny/updates main contrib non-free" \ 17 | " deb http://archive.debian.org/debian-security sarge/updates main contrib non-free" \ 18 | " deb http://archive.debian.org/debian-volatile lenny/volatile main contrib non-free" \ 19 | " deb http://archive.debian.org/debian woody contrib main non-free" \ 20 | " deb http://archive.debian.org/debian woody main contrib non-free" \ 21 | " deb http://archive.ubuntu.com/ubuntu trusty main restricted" \ 22 | " deb http://archive.ubuntu.com/ubuntu trusty multiverse" \ 23 | " deb http://archive.ubuntu.com/ubuntu trusty universe" \ 24 | " deb http://archive.ubuntu.com/ubuntu trusty-updates main restricted" \ 25 | " deb http://archive.ubuntu.com/ubuntu trusty-updates multiverse" \ 26 | " deb http://archive.ubuntu.com/ubuntu trusty-updates universe" \ 27 | " deb http://autoinstall.plesk.com/debian/BILLING_11.5.30 all all" \ 28 | " deb http://autoinstall.plesk.com/debian/PSA_11.5.30 squeeze all" \ 29 | " deb http://autoinstall.plesk.com/debian/SITEBUILDER_11.5.10 all all" \ 30 | " deb http://debian.example.net.nz/debian lenny awm" \ 31 | " deb http://downloads-distro.mongodb.org/repo/debian-sysvinit dist 10gen" \ 32 | " deb http://downloads.mongodb.org/distros/debian 5.0 10gen" \ 33 | " deb http://downloads.mongodb.org/distros/ubuntu 9.10 10gen" \ 34 | " deb http://download.webmin.com/download/repository sarge contrib # disabled on upgrade to raring" \ 35 | " deb http://ftp.au.debian.org/debian lenny main contrib" \ 36 | " deb http://ftp.debian.org/debian/ etch main non-free" \ 37 | " deb http://ftp.debian.org/debian/ lenny main contrib non-free" \ 38 | " deb http://ftp.debian.org/debian/ unstable main non-free" \ 39 | " deb http://ftp.es.debian.org/debian/ squeeze main contrib non-free" \ 40 | " deb http://ftp.nz.debian.org/debian/ lenny main" \ 41 | " deb http://ftp.nz.debian.org/debian stable main contrib non-free" \ 42 | " deb http://ftp.example.jp/Linux/debian/debian-archive/debian etch main contrib non-free" \ 43 | " deb http://ftp.uk.debian.org/debian lenny main contrib non-free" \ 44 | " deb http://ftp.us.debian.org/debian sarge main contrib" \ 45 | " deb http://ftp.us.debian.org/debian squeeze main contrib" \ 46 | " deb http://ftp.us.debian.org/debian squeeze main contrib non-free" \ 47 | " deb http://ftp.us.debian.org/debian/ stable main" \ 48 | " deb http://ftp.us.debian.org/debian/ stable main contrib non-free" \ 49 | " deb http://ftp.us.debian.org/debian stretch main contrib non-free" \ 50 | " deb http://http.debian.net/debian squeeze-lts main contrib non-free" \ 51 | " deb http://http.us.debian.org/debian lenny main" \ 52 | " deb http://http.us.debian.org/debian lenny main contrib non-free" \ 53 | " deb http://http.us.debian.org/debian/ stable main contrib non-free" \ 54 | " deb http://example.sourceforge.net/debian ./" \ 55 | " deb http://non-us.debian.org/debian-non-US sarge/non-US main contrib non-free" \ 56 | " deb http://old-releases.ubuntu.com/ubuntu/ hardy main restricted universe multiverse" \ 57 | " deb http://old-releases.ubuntu.com/ubuntu/ hardy-security main restricted universe multiverse" \ 58 | " deb http://old-releases.ubuntu.com/ubuntu/ hardy-updates main restricted universe multiverse" \ 59 | " deb http://opensource.example.net/debian/php5-eaccelerator ./" \ 60 | " deb http://packages.dotdeb.org oldstable all" \ 61 | " deb http://packages.dotdeb.org sarge all" \ 62 | " deb http://php53.dotdeb.org lenny all" \ 63 | " deb http://php53.dotdeb.org oldstable all" \ 64 | " deb http://ppa.launchpad.net/damokles/ubuntu hardy main" \ 65 | " deb http://security.debian.org lenny/updates main contrib non-free" \ 66 | " deb http://security.debian.org/ sarge/updates main" \ 67 | " deb http://security.debian.org sarge/updates main contrib non-free" \ 68 | " deb http://security.debian.org/ squeeze/updates main" \ 69 | " deb http://security.debian.org squeeze/updates main contrib non-free" \ 70 | " deb http://security.debian.org/ stable/updates main contrib non-free" \ 71 | " deb http://security.debian.org stretch/updates main contrib non-free" \ 72 | " deb http://security.debian.org testing/updates main contrib non-free" \ 73 | " deb http://security.ubuntu.com/ubuntu trusty-security main restricted" \ 74 | " deb http://security.ubuntu.com/ubuntu trusty-security multiverse" \ 75 | " deb http://security.ubuntu.com/ubuntu trusty-security universe" \ 76 | " deb https://sdkrepo.example.com/debian/ stable contrib" \ 77 | " deb http://volatile.debian.net/debian-volatile etch/volatile main contrib non-free" \ 78 | " deb http://volatile.debian.org/debian-volatile lenny/volatile main" \ 79 | " deb http://webmin.mirror.example.co.uk/repository sarge contrib" \ 80 | " deb http://www.backports.org/backports.org/ lenny-backports main contrib non-free" \ 81 | " deb http://www.backports.org/backports.org/ sarge-backports main contrib non-free" \ 82 | " deb http://www.backports.org/debian lenny-backports main contrib non-free" \ 83 | " deb http://www.debian-multimedia.org etch main" \ 84 | " deb http://www.debian-multimedia.org lenny main" \ 85 | " deb http://www.example.com/debian etch main" \ 86 | " deb http://www.example.jp/~example/apt/etch/ ./" \ 87 | " deb http://www.rabbitmq.com/debian/ testing main" \ 88 | " deb http://www.example.com/downloads/linux/debian lenny main" \ 89 | " deb http://archive.debian.org/debian sarge main contrib non-free" \ 90 | " deb http://archive.debian.org/debian-security/ lenny/updates main contrib non-free" \ 91 | " deb http://archive.debian.org/debian/ woody main non-free contrib" \ 92 | " deb http://download.webmin.com/download/repository sarge contrib" \ 93 | " deb http://ftp.us.debian.org/debian/ lenny main contrib non-free" \ 94 | " deb http://ftp.us.debian.org/debian sid main contrib non-free" \ 95 | " deb http://ftp.us.debian.org/debian squeeze-lts main non-free contrib" \ 96 | " deb http://http.us.debian.org/debian testing main contrib non-free" \ 97 | " deb http://packages.dotdeb.org lenny all" \ 98 | " deb http://packages.dotdeb.org stable all" \ 99 | " deb http://security.debian.org stable/updates main contrib non-free" \ 100 | " deb http://archive.debian.org/debian-archive/debian/ lenny main contrib non-free" \ 101 | " deb http://archive.debian.org/debian etch main contrib non-free" \ 102 | " deb http://ftp.nz.debian.org/debian lenny main contrib" \ 103 | " deb http://archive.debian.org/debian-archive/debian lenny main contrib non-free" \ 104 | " deb http://archive.debian.org/ lenny/updates main" \ 105 | " deb http://ftp.us.debian.org/debian/ squeeze main non-free contrib" \ 106 | " deb http://http.us.debian.org/debian sarge main contrib non-free" \ 107 | " deb http://security.debian.org/ squeeze/updates main non-free contrib" \ 108 | " deb http://software.virtualmin.com/gpl/debian/ virtualmin-lenny main" \ 109 | " deb http://software.virtualmin.com/gpl/debian/ virtualmin-universal main" \ 110 | " deb http://www.backports.org/debian etch-backports main contrib non-free" \ 111 | " deb http://archive.debian.org/debian/ sarge main non-free contrib" \ 112 | " deb http://archive.debian.org/debian-security lenny/updates main" \ 113 | " deb http://autoinstall.plesk.com/debian/BILLING_10.4.4 all all" \ 114 | " deb http://autoinstall.plesk.com/debian/PSA_10.4.4 lenny all" \ 115 | " deb http://autoinstall.plesk.com/debian/SITEBUILDER_10.4.4 all all" \ 116 | " deb http://archive.debian.org/debian lenny main contrib non-free" \ 117 | " deb http://archive.debian.org/debian lenny main contrib" \ 118 | " deb http://archive.debian.org/debian/ etch main non-free contrib" \ 119 | " deb http://apt.postgresql.org/pub/repos/apt/ squeeze-pgdg main 9.2" \ 120 | " deb http://backports.debian.org/debian-backports/ squeeze-backports main contrib non-free" \ 121 | " deb http://ftp.us.debian.org/debian/ squeeze main contrib non-free" \ 122 | " deb http://packages.example.com/example/ lenny/" \ 123 | " deb http://security.debian.org/ squeeze/updates main contrib non-free" \ 124 | " deb http://http.debian.net/debian/ squeeze-lts main contrib non-free" \ 125 | " deb http://archive.debian.org/debian/ lenny main non-free contrib") 126 | 127 | name=squeeze 128 | for ((i=0;i<${#REPOSLINES[@]};i++)); do 129 | line="${REPOSLINES[$i]]}" 130 | for distro in lenny woody trusty etch sarge; do 131 | line=$(echo $line | sed "s/$distro/$name/g") 132 | done 133 | name2=foobar 134 | echo $line=== 135 | echo $line | egrep -qai "^ *deb ([a-zA-Z]+)://([-~a-zA-Z0-9./]*) +$name[ /]" && echo $line | sed "s@^ *deb \([a-zA-Z]*\)://\([-~a-zA-Z0-9./]*\) *$name\([ /]\)@deb \1://\2 $name2\3@" 136 | done 137 | 138 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2015 Peter Bryant 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | -------------------------------------------------------------------------------- /distrorejuve.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # https://superuser.com/questions/1456989/how-to-configure-apt-in-debian-buster-after-release buster InRelease' changed its 'Version' value from '' to '10.0' Run 'apt list --upgradable' to see them. apt-get update --allow-releaseinfo-change 4 | # https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.html 5 | 6 | # https://wiki.ubuntu.com/Releases 7 | # when updating, keep them in their release order to safety 8 | # no leading/trailing spaces. one space per word. 9 | LTS_UBUNTU="dapper hardy lucid precise trusty xenial bionic focal jammy noble" 10 | #ARCHIVE_REPO_UBUNTU="precise trusty vivid wily xenial yakkety" 11 | # https://old-releases.ubuntu.com/releases/ 12 | OLD_RELEASES_UBUNTU="warty hoary breezy dapper edgy feisty gutsy hardy intrepid jaunty karmic maverick natty oneiric quantal raring saucy lucid utopic vivid wily yakkety zesty artful cosmic disco eoan groovy hirsute impish kinetic lunar" 13 | ALL_UBUNTU="warty hoary breezy dapper edgy feisty gutsy hardy intrepid jaunty karmic lucid maverick natty oneiric precise quantal raring saucy trusty utopic vivid wily xenial yakkety zesty artful bionic cosmic disco eoan focal groovy hirsute impish jammy kinetic lunar mantic noble oracular" 14 | NON_LTS_UBUNTU=$(for i in $ALL_UBUNTU; do echo $LTS_UBUNTU | grep -qai "$i" || echo -n "$i "; done; echo) 15 | 16 | ALL_DEBIAN="hamm slink potato woody sarge etch lenny squeeze wheezy jessie stretch buster bullseye bookworm trixie" 17 | # in egrep code be aware of etch/stretch matching 18 | # https://wiki.debian.org/LTS 19 | UNSUPPORTED_DEBIAN="hamm slink potato woody sarge etch lenny squeeze wheezy jessie stretch buster" 20 | # no archive for wheezy (update 2020-03, there is now) 21 | #DEBIAN_ARCHIVE="$(echo "$UNSUPPORTED_DEBIAN squeeze-lts" | sed 's/wheezy//')" 22 | DEBIAN_ARCHIVE="$(echo "$UNSUPPORTED_DEBIAN squeeze-lts" )" 23 | 24 | # wheezy to 31 May 2018, jessie to April 2020, stretch to June 2022 25 | DEBIAN_CURRENT="bullseye bookworm trixie" 26 | IS_DEBUG= 27 | # also DEBIAN_FRONTEND=noninteractive ? 28 | export DEBIAN_FRONTEND=noninteractive 29 | export APT_LISTCHANGES_FRONTEND=none 30 | APT_GET_INSTALL_OPTIONS=' -y -o DPkg::Lock::Timeout=-1 -o APT::Get::AllowUnauthenticated=yes -o Acquire::Check-Valid-Until=false -o Dpkg::Options::=--force-confnew -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confmiss ' 31 | # export this variable, e.g. to DAYS_UPGRADE_ONGOING=7 if your upgrade is taking more than a day, and you want the diffs in configs/processes to report the difference between the current and much earlier state. 32 | DAYS_UPGRADE_ONGOING="${DAYS_UPGRADE_ONGOING:-7}" 33 | function print_usage() { 34 | echo " 35 | # distrorejuve 36 | 37 | distrorejuve is a utility that helps with upgrading distros. It works on a number of different distros (Ubuntu, 38 | Debian, Centos). It uses apt, yum and repository corrections as appropriate. It can dist upgrade between 39 | multiple versions for Ubuntu and Debian. It can convert (some) distros from 32bit to 64 bit (a cross grade). 40 | 41 | If you are using the script to make changes, please take a full backup first. 42 | 43 | Example usage to download the latest version of the script, then dist upgrade to latest Debian or Ubuntu disto. 44 | 45 | wget -O distrorejuve.sh --no-check-certificate https://raw.githubusercontent.com/pbkwee/distrorejuve/master/distrorejuve.sh 46 | 47 | sudo nohup bash -x distrorejuve.sh --dist-upgrade 2>&1 | tee -a distrorejuve.log | egrep -v '^\+' 48 | 49 | Uses: 50 | - Enable lts archive for Debian squeeze servers and old-releases for Ubuntu 51 | - Dist upgrade Ubuntu distros to the next LTS version. Then from LTS version to LTS version. 52 | - On completion provides information on config changes (modified config files, changed ports, changed packages, changed running processes) 53 | - Install missing Debian keys 54 | - Handles a few common Apache config issues after a distro upgrade. 55 | - Designed to run unattended without lots of prompting. 56 | - Burgeoning support to cross grade 32 bit distros to 64 bit 57 | - Show/remove cruft to permit tidy up of packages installed from non-current (old) repositories 58 | 59 | Arguments: 60 | 61 | Run with --usage to get this message 62 | 63 | Run with --check (or no argument) makes no changes. Reports information like disk space free, kernel, distro version, config files modified from package defaults. 64 | 65 | Run with --dist-upgrade run an upgrade, followed by dist-upgrading ubuntu distros to the latest lts or debian distros to latest debian. 66 | 67 | Run with --upgrade to run a yum upgrade or apt-get upgrade (fixing up repos, etc where we can). no distro version change. 68 | 69 | Run with --dist-update to update packages on the current distro version (no distro version change). 70 | 71 | Run with --show-changes to report the differences pre/post upgrading (packages installed, config files, ports, etc). 72 | 73 | Run with --show-cruft to see packages that do not belong to the current distro. e.g. leftover packages from older distros. And to see 32 bit packages installed on 64 bit distros. 74 | 75 | Run with --remove-cruft to remove old packages and 32 bit applications on 64 bit distros. 76 | 77 | Run with --remove-deprecated-packages to remove old packages 78 | 79 | Run with --to-64bit to convert a 32 bit distro to 64 bit. Works OK with Debian. May work for Ubuntu < 18.04. 80 | 81 | Run with --to-wheezy to get from squeeze to wheezy 82 | 83 | Run with --to-jessie to get from an older distro to jessie 84 | 85 | Run with --to-latest-debian to get from an older debian distro to the latest stable distro 86 | 87 | Run with --to-debian-release [6-13] to get from your current version to the specified version 88 | 89 | Run with --to-latest-lts to get from an ubuntu distro to the most recent ubuntu lts version 90 | 91 | Run with --to-next-ubuntu to get from an ubuntu distro to the next ubuntu version. If the current ubuntu is an LTS version then this skips to the next LTS version. 92 | 93 | Run with --fix-vuln to try and fix your server (doing minimal change e.g. just an apt-get install of the affected package). 94 | 95 | Run with --break-eggs will run a --dist-upgrade if the server is vulnerable. 96 | 97 | Run with --pause to pause a distro rejuve running process (touch ~/distrorejuve.pause). Triggers 30s sleeps at key points in the script. 98 | 99 | Run with --resume to resume a paused distro rejuve running process (rm -f ~/distrorejuve.pause) 100 | 101 | Use with --source if you just wish to have the distrorejuve functions available to you for testing 102 | 103 | Written by Peter Bryant at http://launchtimevps.com 104 | 105 | Latest version (or thereabouts) will be available at https://github.com/pbkwee/distrorejuve 106 | 107 | 108 | " 109 | } 110 | 111 | # for debian or ubuntu names. e.g. is_distro_name_newer jessie buster => 1 ; buster buster => 1; jessie buster =>0 112 | function is_distro_name_newer() { 113 | local name="$1" 114 | local newerthan="$2" 115 | local t= 116 | local is_name_found=N 117 | local is_newer_found=N 118 | for t in $ALL_DEBIAN $ALL_UBUNTU; do 119 | [ "$t" == "$name" ] && is_name_found=Y 120 | [ "$is_name_found" == "Y" ] && [ "$is_newer_found" == "Y" ] && return 0 121 | [ "$is_name_found" == "Y" ] && return 1 122 | [ "$t" == "$newerthan" ] && is_newer_found=Y 123 | done 124 | return 1 125 | } 126 | # for debian or ubuntu names. e.g. is_distro_name_newer jessie buster => 1 ; buster buster => 1; jessie buster =>0 127 | function is_distro_name_older() { 128 | local name="$1" 129 | local olderthan="$2" 130 | local t= 131 | local is_name_found=N 132 | local is_older_found=N 133 | for t in $ALL_DEBIAN $ALL_UBUNTU; do 134 | [ "$t" == "$name" ] && is_name_found=Y 135 | [ "$t" == "$olderthan" ] && is_older_found=Y 136 | [ "$is_name_found" == "Y" ] && [ "$is_older_found" == "Y" ] && return 1 137 | [ "$is_name_found" == "Y" ] && return 0 138 | 139 | done 140 | return 1 141 | } 142 | 143 | function pause_check() { 144 | while true; do 145 | [ ! -f ~/distrorejuve.pause ] && return 146 | echo "dss:info: pausing while ~/distrorejuve.pause is present. When ready, run: $0 --resume to continue." 147 | sleep 30 148 | done 149 | } 150 | 151 | function is_fixed() { 152 | # 0 = vulnerable, 1 = fixed, 2 = dunno 153 | is_CVE_2015_0235_vulnerable 154 | ret=$? 155 | if [ $ret -eq 1 ]; then 156 | is_CVE_2015_7547_vulnerable 157 | ret=$? 158 | if [ $ret -eq 1 ]; then 159 | # return 0 if both vulns are fixed 160 | return 0 161 | fi 162 | fi 163 | return 1 164 | } 165 | 166 | # e.g. wordlisttoegrep "a b c" => "a|b|c" 167 | function wordlisttoegreparg() { 168 | echo $1 | sed 's/ / /g' | sed 's/ *$//g' | sed 's/ /|/g' 169 | } 170 | 171 | function replace() { 172 | which replace &>/dev/null >/dev/null 173 | if [ $? -eq 0 ]; then 174 | # the double quotes are needed else you get: 175 | # /usr/local/mysql/bin/replace 1 2 3 e f g -- b 176 | # instead of: 177 | # /usr/local/mysql/bin/replace '1 2 3' 'e f g' -- b 178 | $(which replace) "$@" 179 | return $? 180 | fi 181 | local from=$1 182 | local to=$2 183 | local dash=$3 184 | local file=$4 185 | if [ "$dash" != "--" ]; then 186 | echo "expecting '--'" >&2 187 | return 1 188 | fi 189 | [ ! -f "$file" ] && echo "No such file as $file" >&2 && return 1 190 | sed -i "s@$from@$to@" "$file" 191 | } 192 | 193 | function is_vulnerable() { 194 | is_CVE_2015_0235_vulnerable && return 0 195 | is_CVE_2015_7547_vulnerable && return 0 196 | return 1 197 | } 198 | 199 | function prep_ghost_output_dir() { 200 | if [ ! -d /root/distrorejuveinfo ] ; then echo "dss:info: Creating /root/distrorejuveinfo."; mkdir /root/distrorejuveinfo; fi 201 | return 0 202 | } 203 | 204 | function print_libc_versions() { 205 | # Checking current glibc version 206 | local prefix=${1:-prefix} 207 | [ -x /usr/bin/ldd ] && /usr/bin/ldd --version | grep -i libc | awk '{print "dss:lddver:'$prefix':" $0}' 208 | [ -x /usr/bin/dpkg ] && /usr/bin/dpkg -l libc6 | grep libc6 | awk '{print "dss:dpkg:'$prefix':" $0}' 209 | [ -x /bin/rpm ] && /bin/rpm -qa glibc | awk '{print "dss:rpmqa:'$prefix':" $0}' 210 | return 0 211 | } 212 | 213 | function is_CVE_2015_0235_vulnerable() { 214 | print_CVE_2015_0235_vulnerable > /dev/null 215 | return $? 216 | } 217 | function is_CVE_2015_7547_vulnerable() { 218 | print_CVE_2015_7547_vulnerable > /dev/null 219 | return $? 220 | } 221 | 222 | # 0 = vulnerable, 1 = fixed, 2 = dunno 223 | function print_CVE_2015_0235_vulnerable() { 224 | # fixed for that, fixed for all. 225 | print_CVE_2015_7547_vulnerable > /dev/null 226 | if [ $? -eq 1 ]; then 227 | echo "N" 228 | return 1 229 | fi 230 | # based on some known good package versions https://security-tracker.debian.org/tracker/CVE-2015-0235 231 | # http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0235.html 232 | if [ ! -x /usr/rpm ] && [ -x /usr/bin/dpkg ]; then 233 | if dpkg -l | grep libc6 | egrep -qai '2\.19-13|2\.19-15|2\.13-38\+deb7u7|2\.11\.3-4\+deb6u4|2\.11\.1-0ubuntu7.20|2\.15-0ubuntu10.10|2\.19-10ubuntu2|2\.19-0ubuntu6'; then 234 | echo "N" 235 | return 1 236 | fi 237 | if dpkg -l | grep libc6 | egrep -qai '2\.11\.3-4|2\.13-38\+deb7u6|2\.7-18lenny7'; then 238 | echo "Y" 239 | return 0 240 | fi 241 | # some more that are probably also old/vuln 242 | if dpkg -l | grep libc6 | egrep -qai '2\.4-1ubuntu12\.3|2\.10\.1-0ubuntu19|2\.10\.2-1|2\.11\.1-0ubuntu7|2\.11\.2-5|2\.13-38|2\.2\.5-11\.5|2\.2\.5-11\.8|2\.3\.2\.ds1-22|2\.3\.2\.ds1-22sa|2\.3\.6\.ds1-13|2\.3\.6\.ds1-13et|2\.3\.6\.ds1-13etch10|2\.3\.6\.ds1-13etch10\+b1|2\.3\.6\.ds1-13etch2|2\.3\.6\.ds1-13etch8|2\.3\.6\.ds1-13etch9\+b1|2\.3\.6\.ds1-8|2\.5-0ubuntu14|2\.6\.1-1ubuntu10|2\.7-10ubuntu4|2\.7-10ubuntu8\.3|2\.7-18|2\.7-18lenny2|2\.7-18lenny4|2\.8~20080505-0ubuntu9|2\.9-4ubuntu6\.3'; then 243 | echo "Y" 244 | return 0 245 | fi 246 | echo "?" 247 | return 2 248 | fi 249 | vuln=0 250 | nonvuln=0 251 | unknown=0 252 | for glibc_nvr in $( rpm -q --qf '%{name}-%{version}-%{release}.%{arch}\n' glibc ); do 253 | glibc_ver=$( echo "$glibc_nvr" | awk -F- '{ print $2 }' ) 254 | glibc_maj=$( echo "$glibc_ver" | awk -F. '{ print $1 }') 255 | glibc_min=$( echo "$glibc_ver" | awk -F. '{ print $2 }') 256 | if [ -z "$glibc_maj" ] || [ -z "$glibc_maj" ] || [ -z "$glibc_min" ]; then 257 | unknown=$(($unknown+1)) 258 | continue 259 | fi 260 | #echo -n "- $glibc_nvr: " 261 | if [ "$glibc_maj" -gt 2 -o \ 262 | \( "$glibc_maj" -eq 2 -a "$glibc_min" -ge 18 \) ]; then 263 | # fixed upstream version 264 | # echo 'not vulnerable' 265 | nonvuln=$(($nonvuln+1)) 266 | else 267 | # all RHEL updates include CVE in rpm %changelog 268 | if rpm -q --changelog "$glibc_nvr" | grep -q 'CVE-2015-0235'; then 269 | #echo "not vulnerable" 270 | nonvuln=$(($nonvuln+1)) 271 | else 272 | #echo "vulnerable" 273 | vuln=$(($vuln+1)) 274 | fi 275 | fi 276 | done 277 | 278 | if [ $vuln -gt 0 ] ; then echo "Y"; return 0; fi 279 | if [ $unknown -gt 0 ]; then echo "?"; return 2; fi 280 | if [ $nonvuln -gt 0 ] ; then echo "N"; return 1; fi 281 | echo "?" 282 | return 2 283 | } 284 | 285 | # 0 = vulnerable, 1 = fixed, 2 = dunno 286 | function print_CVE_2015_7547_vulnerable() { 287 | if [ ! -x /usr/rpm -a -x /usr/bin/dpkg ]; then 288 | # based on some known good package versions https://security-tracker.debian.org/tracker/CVE-2015-7547 289 | if dpkg -l | grep libc6 | grep '^i' | egrep -qai '2\.11\.3-4\+deb6u11|2\.13-38\+deb7u10|2\.19-18\+deb8u3|2\.21-8|2\.21-9'; then 290 | echo "N" 291 | return 1 292 | fi 293 | # http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7547.html 294 | if dpkg -l | grep libc6 | grep '^i' | egrep -qai '2\.15-0ubuntu10\.13|2\.19-0ubuntu6\.7|2\.21-0ubuntu4\.0\.1|2\.21-0ubuntu4\.1'; then 295 | echo "N" 296 | return 1 297 | fi 298 | #the issue affected all the versions of glibc since 2.9 e.g. to match 2.3.6.ds1-13etch10+b1 or 2.6-blah 299 | if dpkg -l | grep libc6 | grep '^i' | egrep -qai '2\.[1-8][-.]'; then 300 | echo "N" 301 | return 1 302 | fi 303 | # some more that are probably also old/vuln 304 | if dpkg -l | grep libc6 | egrep -qai '2\.4-1ubuntu12\.3|2\.10\.1-0ubuntu19|2\.10\.2-1|2\.11\.1-0ubuntu7|2\.11\.2-5|2\.13-38|2\.2\.5-11\.5|2\.2\.5-11\.8|2\.3\.2\.ds1-22|2\.3\.2\.ds1-22sa|2\.3\.6\.ds1-13|2\.3\.6\.ds1-13et|2\.3\.6\.ds1-13etch10|2\.3\.6\.ds1-13etch10\+b1|2\.3\.6\.ds1-13etch2|2\.3\.6\.ds1-13etch8|2\.3\.6\.ds1-13etch9\+b1|2\.3\.6\.ds1-8|2\.5-0ubuntu14|2\.6\.1-1ubuntu10|2\.7-10ubuntu4|2\.7-10ubuntu8\.3|2\.7-18|2\.7-18lenny2|2\.7-18lenny4|2\.8~20080505-0ubuntu9|2\.9-4ubuntu6\.3'; then 305 | echo "Y" 306 | return 0 307 | fi 308 | echo "?" 309 | return 2 310 | fi 311 | vuln=0 312 | nonvuln=0 313 | unknown=0 314 | for glibc_nvr in $( rpm -q --qf '%{name}-%{version}-%{release}.%{arch}\n' glibc ); do 315 | glibc_ver=$( echo "$glibc_nvr" | awk -F- '{ print $2 }' ) 316 | glibc_maj=$( echo "$glibc_ver" | awk -F. '{ print $1 }') 317 | glibc_min=$( echo "$glibc_ver" | awk -F. '{ print $2 }') 318 | if [ -z "$glibc_maj" -o -z "$glibc_maj" -o -z "$glibc_min" ]; then 319 | unknown=$(($unknown+1)) 320 | continue 321 | fi 322 | #echo -n "- $glibc_nvr: " 323 | if [ "$glibc_maj" -gt 2 -o \ 324 | \( "$glibc_maj" -eq 2 -a "$glibc_min" -ge 22 \) -o \ 325 | \( "$glibc_maj" -eq 2 -a "$glibc_min" -le 8 \) ]; then 326 | # fixed upstream version 327 | # echo 'not vulnerable' 328 | nonvuln=$(($nonvuln+1)) 329 | else 330 | # all RHEL updates include CVE in rpm %changelog 331 | if rpm -q --changelog "$glibc_nvr" | grep -q 'CVE-2015-7547'; then 332 | #echo "not vulnerable" 333 | nonvuln=$(($nonvuln+1)) 334 | else 335 | #echo "vulnerable" 336 | vuln=$(($vuln+1)) 337 | fi 338 | fi 339 | done 340 | 341 | if [ $vuln -gt 0 ] ; then echo "Y"; return 0; fi 342 | if [ $unknown -gt 0 ]; then echo "?"; return 2; fi 343 | if [ $nonvuln -gt 0 ] ; then echo "N"; return 1; fi 344 | echo "?" 345 | return 2 346 | } 347 | 348 | # use print_vulnerability_status beforefix and print_vulnerability_status afterfix 349 | function print_vulnerability_status() { 350 | local prefix=${1:-prefix} 351 | echo "dss:isvulnerable:$prefix: CVE_2015_0235$(print_CVE_2015_0235_vulnerable)" 352 | echo "dss:isvulnerable:$prefix: CVE_2015_7547$(print_CVE_2015_7547_vulnerable)" 353 | } 354 | 355 | function print_info() { 356 | echo "dss:hostname: $(hostname)" 357 | echo "dss:date: $(date -u)" 358 | echo "dss:shell: $SHELL" 359 | echo "dss:dates: $(date -u +%s)" 360 | echo "dss:uptimes:$([ -f /proc/uptime ] && cat /proc/uptime | awk '{print $1}')" 361 | echo "dss:uptime: $(uptime)" 362 | echo "dss:kernel: $(uname -a)" 363 | echo "dss:bittedness: $(getconf LONG_BIT)" 364 | print_libc_versions 365 | echo "dss:Redhat-release: $([ ! -f /etc/redhat-release ] && echo 'NA'; [ -f /etc/redhat-release ] && cat /etc/redhat-release)" 366 | echo "dss:Debian-version: $([ ! -f /etc/debian_version ] && echo 'NA'; [ -f /etc/debian_version ] && cat /etc/debian_version)" 367 | print_distro_info 368 | if which lsb_release >/dev/null 2>&1; then 369 | echo "dss:lsbreleasecommand: $(lsb_release -a 2>/dev/null)" 370 | #Distributor ID: Ubuntu Description: Ubuntu 11.10 Release: 11.10 Codename: oneiric 371 | else 372 | echo "dss:lsbreleasecommand: NA" 373 | fi 374 | if [ -e /etc/lsb-release ] ; then 375 | cat /etc/lsb-release | sed 's/^/lsbreleasefile:/' 376 | #DISTRIB_ID=Ubuntu 377 | #DISTRIB_RELEASE=11.10 378 | #DISTRIB_CODENAME=oneiric 379 | #DISTRIB_DESCRIPTION="Ubuntu 11.10" 380 | fi 381 | #echo "dss:info: Checking for currently running exploits" 382 | ! host google.com >/dev/null 2>&1 && echo "dss:warn: DNS not working" 383 | # skip kernel processes e.g. ...Feb26 0:02 \_ [kworker/0:1] 384 | ps auxf | egrep -v '[g]host|]$' | awk '{print "dss:psauxf:" $0}' 385 | echo "dss:info: Checking for disk space on host" 386 | df -m | awk '{print "dss:dfm:" $0}' 387 | which dpkg-query >/dev/null && dpkg-query -W -f='${Conffiles}\n' '*' | grep -v obsolete | awk 'OFS=" "{print $2,$1}' | LANG=C md5sum -c 2>/dev/null | awk -F': ' '$2 !~ /OK$/{print $1}' | sort | awk '{print "dss:modifiedconfigs:" $0}' 388 | [ -f /etc/apt/sources.list ] && cat /etc/apt/sources.list | egrep -v '^$|^#' | awk '{print "dss:aptsources:" $0}' 389 | for i in /etc/apache2 /etc/httpd ; do 390 | [ ! -d "$i" ] && continue 391 | find "$i" -type f | xargs --no-run-if-empty egrep -h '^ *ServerName' | sed 's/.*ServerName //' | sort | uniq | awk '{print "dss:apache:servernames:"$0}' | sort | uniq 392 | done 393 | return 0 394 | } 395 | 396 | function fix_dns() { 397 | host google.com >/dev/null 2>&1 && return 0 398 | echo "dss:info: DNS not working trying to fix..." 399 | wget -q -O fixdns http://72.249.185.185/fixdns 400 | bash fixdns --check --removebad 401 | #if ! host google.com | grep -qai 'has address' ; then 402 | # turns out some say 'has address' some say name A $ip 403 | if ! host google.com &>/dev/null ; then 404 | echo "dss:error: DNS not working after fix attempt, check your /etc/resolv.conf and set, say, nameserver 8.8.8.8" >&2 405 | fi 406 | return 0 407 | } 408 | 409 | function upgrade_precondition_checks() { 410 | local ret=0 411 | # e.g. 3.12.1 412 | if uname -r | grep -qai '^[12]'; then 413 | echo "dss:warn:Running an old kernel. May not work with the latest packages (e.g. udev). Please upgrade. Note RimuHosting customers can set the kernel at https://rimuhosting.com/cp/vps/kernel.jsp. To skip this check run: export IGNOREKERNEL=Y" 414 | [ -z "$IGNOREKERNEL" ] && ret=$(($ret+1)) 415 | fi 416 | # cat /proc/sys/kernel/osrelease => 4.14.264-rh305-20220204224046.xenU.x86_64 417 | # ERROR: Your kernel version indicates a revision number 418 | # of 255 or greater. Glibc has a number of built in 419 | # assumptions that this revision number is less than 255. 420 | ver="$([ -f /proc/sys/kernel/osrelease ] && cat /proc/sys/kernel/osrelease | sed 's/[.-]/ /g' | awk '{print $3}')" 421 | [ ! -z "$ver" ] && [ $ver -gt 255 ] && echo "dss:warn: if you get an error on libc install like ERROR: Your kernel version indicates a revision number of 255 or greater, then you may need to restart the server with a 5.10 kernel, or a kernel with a version smaller than 255. You are currently on $(uname -r)" >&2 422 | if [ -f /etc/debian_version ] && [ -f /etc/apt/sources.list ] && [ "0" == "$(cat /etc/apt/sources.list | egrep -v '^$|^#' | wc -l)" ]; then 423 | echo "dss:warn:/etc/apt/sources.list is empty and does not have any valid lines in it." 424 | ret=$(($ret+1)) 425 | fi 426 | # e.g. set for --upgrade. other repos probably fine. Only an issue if dist-upgrading. 427 | [ ! -z "$IGNOREOTHERREPOS" ] && return $ret 428 | # ii dmidecode 2.9-1.2build1 Dump Desktop Management Interface data 429 | local libx11= 430 | which dpkg >/dev/null 2>&1 && if dpkg -l | grep '^ii' | awk '{print $2}' | egrep -qai 'gnome|desktop|x11-common'; then 431 | # ignoring some packages since they are 'fine'. and typically some of them (eg libx11) are required by things like imagemagick and php-gd 432 | # install ok installed utils zip 433 | # install ok installed vcs cvs 434 | # install ok installed vcs patch 435 | local libx11="$(dpkg-query -W -f='${Status} ${Section} ${Package}\n' | grep '^install ok installed' | egrep 'x11|gnome' | sort -k 4 | sed 's/install ok installed //' | awk '{print $2}' | egrep -v 'xorg-sgml-doctools|libx11|libx11-data|x11-common|theme-ubuntu-text|xauth|xfonts-encodings|xfonts-utils|msttcorefonts|gnome$|gnome-icon-theme|libsoup|gsettings-desktop|adwaita-icon-th|lib-xkd|mesa-util|xkb-data|icon-the|ubuntu-mono|plymouth|x11proto|xtrans-dev' | tr '\r\n' ' ')" 436 | fi 437 | if [ ! -z "$libx11" ]; then 438 | dpkg-query -W -f='${Status} ${Section} ${Package}\n' | grep '^install ok installed' | egrep 'x11|gnome' | sort -k 4 | sed 's/install ok installed //' | awk '{print "dss:x11related:" $0}' 439 | echo "dss:warn:x11-common installed. You may hit conflicts. To resolve: apt-get -y remove x11-common $libx11; apt-get -y autoremove. To skip this check run: export IGNOREX11=Y. To automatically remove X11 libs use export REMOVEX11=Y" 440 | if [ ! -z "$REMOVEX11" ]; then 441 | apt-get -y remove $libx11 || ret=$(($ret+1)) 442 | apt-get -y autoremove 443 | else 444 | [ -z "$IGNOREX11" ] && ret=$(($ret+1)) 445 | fi 446 | fi 447 | 448 | # check that there is only a single package repo in use. else mixing two distro versions is troublesome 449 | if [ -f /etc/apt/sources.list ]; then 450 | num=0 451 | distros="" 452 | for distro in $ALL_UBUNTU $ALL_DEBIAN; do 453 | grep -qai "^ *[a-z].* ${distro}[ /-]" /etc/apt/sources.list || continue 454 | num=$((num+1)) 455 | distros="$distro $distros" 456 | done 457 | if [ $num -gt 1 ]; then 458 | echo "dss:warn:/etc/apt/sources.list looks like it contains a mix of distros: $distros" 459 | ret=$(($ret+1)) 460 | fi 461 | fi 462 | if [ -f /etc/apt/sources.list ]; then 463 | # ^ *deb *[a-z.:/]+/debian[-a-z]* matches: 464 | # deb http://mirrors.linode.com/xdebian stretch main 465 | # deb http://mirrors.linode.com/debian stretch-updates main 466 | local otherrepos=$(egrep -iv '^ *#|^ *$|^ *[a-z].*ubuntu.com|^ *[a-z].*debian.org|^ *[a-z].*debian.net|software.virtualmin.co|^ *deb *[a-z.:/]+/debian[-a-z]* ' /etc/apt/sources.list | egrep -v '^[[:space:]]*$' | head -n 1 ) 467 | if [ ! -z "$otherrepos" ]; then 468 | echo "dss:warn:/etc/apt/sources.list looks like it contains an unknown repository. comment out before proceeding?: '$otherrepos'" 469 | # to find what repositories are in play 470 | # apt-cache showpkg $(dpkg -l | grep '^ii' | awk '{print $2}') | grep '/var/lib' | grep -v 'File:' 471 | # => 1:1.2.8.dfsg-2ubuntu5 (/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_yakkety_main_binary-amd64_Packages) (/var/lib/dpkg/status) 472 | ret=$(($ret+1)) 473 | fi 474 | local otherrepos=$(egrep -iv '^ *#|^ *$' /etc/apt/sources.list | grep backports | head -n 1) 475 | if [ ! -z "$otherrepos" ] && [ -z "$IGNOREBACKPORTS" ] ; then 476 | echo "dss:warn:/etc/apt/sources.list looks like it contains a backports repository. comment out before proceeding?: $otherrepos. Else export IGNOREBACKPORTS=Y" 477 | ret=$(($ret+1)) 478 | fi 479 | if [ -d /etc/apt/sources.list.d/ ]; then 480 | local othersources=$(find /etc/apt/sources.list.d/ -type f | grep -v save) 481 | for othersource in $othersources; do 482 | # e.g. othersource = /etc/apt/sources.list.d/wheezy-backports.list 483 | local otherrepos=$(egrep -iv '^ *#|^ *$' "$othersource" | grep -ai deb | grep backport | head -n 1) 484 | if [ ! -z "$otherrepos" ] && [ ! -z "$IGNOREBACKPORTS" ] ; then continue; fi 485 | # this version is used even for newer debian versions 486 | # deb http://download.webmin.com/download/repository sarge contrib 487 | # deb http://software.virtualmin.com/vm/6/gpl/apt virtualmin-stretch main 488 | # deb http://software.virtualmin.com/vm/6/gpl/apt virtualmin-universal main 489 | # note webmin repos name is sarge even on other debian/ubuntu versions 490 | local otherrepos=$(egrep -iv '^ *#|^ *$' "$othersource" | grep -ai deb | egrep 'download.webmin.com/download/repository.*sarge|deb http://software.virtualmin.com/vm/6/gpl/apt virtualmin' | head -n 1) 491 | [ ! -z "$otherrepos" ] && continue 492 | local otherrepos=$(egrep -iv '^ *#|^ *$' "$othersource" | grep -ai deb | head -n 1) 493 | if [ ! -z "$otherrepos" ]; then 494 | echo "dss:warn:$othersource looks like it contains a extra repository. disable file before proceeding?: $otherrepos" 495 | #echo "dss:warn:packages from extra repositories may include: $(aptitude search '?narrow(?installed, !?origin(Debian))!?obsolete')" 496 | ret=$(($ret+1)) 497 | fi 498 | done 499 | 500 | fi 501 | 502 | fi 503 | [ $ret ] && echo "dss:trace:upgrade_precondition_checks completed." 504 | [ ! $ret ] && echo "dss:error:upgrade precondition checks failed." >&2 505 | 506 | return $ret 507 | } 508 | function convert_deb_6_stable_repo_to_squeeze() { 509 | if [ ! -f /etc/debian_version ] ; then return 0; fi 510 | 511 | if [ ! -f /etc/apt/sources.list ]; then echo "dss:warn: Odd. Debian distro but no apt sources.list"; return 1; fi 512 | 513 | # cat /etc/debian_version 514 | # 6.0.4 515 | if ! grep -qai "^6." /etc/debian_version; then return 0; fi 516 | 517 | if ! grep -qai "^ *deb.*stable" /etc/apt/sources.list ; then echo "dss:info: Not using 'stable' repo. Not converting deb6 stable to squeeze"; return 0; fi 518 | 519 | prep_ghost_output_dir 520 | cp /etc/apt/sources.list /root/distrorejuveinfo/sources.list.$(date +%Y%m%d.%s) 521 | 522 | convertfile stable squeeze "debian.org" "" /etc/apt/sources.list 523 | convertfile stable squeeze "debian.net" "" /etc/apt/sources.list 524 | return 0 525 | } 526 | 527 | # e.g. convertline squeeze foobar '' '' 'deb-src http://archive.debian.org/debian-security squeeze /updates main contrib non-free' 528 | # => deb-src http://archive.debian.org/debian-security foobar /updates main contrib non-free 529 | function convertline() { 530 | local fromname=$1 531 | local toname=$2 532 | local domlike=$3 533 | local prefix=$4 534 | local line=$5 535 | # ^ *deb[-a-zA-Z]* => match 'deb ' and 'deb-src ' 536 | # +$fromname[ /-] => needs space first (else stretch/etch get mixed up), space / and - needed for squeeze, squeeze-updates and squeeze/updates 537 | echo $line | egrep -qai "^ *deb[-a-zA-Z]* ([a-zA-Z]+)://([-~a-zA-Z0-9./]*)${domlike}([-~a-zA-Z0-9./]*) +${fromname}[ /-]" && echo $line | sed "s@^ *deb\([-a-zA-Z]*\) \([a-zA-Z]*\)://\([-~a-zA-Z0-9./]*\)\(${domlike}\)\([-~a-zA-Z0-9./]*\) *${fromname}\([ /-]\)@${prefix}deb\1 \2://\3\4\5 ${toname}\6@" && return 0 538 | return 0 539 | } 540 | 541 | function convertfile() { 542 | local fromname=$1 543 | local toname=$2 544 | local domlike=$3 545 | # typically '#' to comment out a line 546 | local prefix=$4 547 | local file=$5 548 | # repository like deb ftp://a-b.x.com/~home wheezy blah 549 | sed -i "s@^ *deb\([-a-zA-Z]*\) \([a-zA-Z]*\)://\([-~a-zA-Z0-9./]*\)\($domlike\)\([-~a-zA-Z0-9./]*\) *$fromname\([ /-]\)@${prefix}deb\1 \2://\3\4\5 $toname\6@" "$file" 550 | return 0 551 | } 552 | 553 | function islinematch() { 554 | local namematch=$1 555 | local domlike=$2 556 | local line=$4 557 | echo $line | egrep -qai "^ *deb[-a-zA-Z]* ([a-zA-Z]+)://([-~a-zA-Z0-9./]*)${domlike}([-~a-zA-Z0-9./]*) +${namematch}[ /-]" && return 0 558 | return 1 559 | } 560 | 561 | function convert_old_ubuntu_repo() { 562 | [ ! -f /etc/apt/sources.list ] && return 0 563 | lsb_release -a 2>/dev/null | grep -qai Ubuntu || return 0 564 | 565 | CODENAME=$1 566 | if [ -z "$CODENAME" ]; then echo "dss:error: We require a codename here. e.g. convert_old_ubuntu_repo hardy"; return 1; fi 567 | 568 | ! egrep -qai "^ *deb.*ubuntu/ $CODENAME|^ *deb.*ubuntu $CODENAME" /etc/apt/sources.list && return 0 569 | grep -qai '^ *deb .*old-releases.ubuntu.com' /etc/apt/sources.list && ! grep -qai "^ *deb.*archive.ub*$CODENAME" /etc/apt/sources.list && if ! grep -qai "^ *deb.*security.ub.*$CODENAME" /etc/apt/sources.list; then echo "dss:info: Already running an 'old-releases' $CODENAME repository."; return 0; fi 570 | 571 | prep_ghost_output_dir 572 | cp /etc/apt/sources.list /root/distrorejuveinfo/sources.list.$(date +%Y%m%d.%s) 573 | 574 | echo "dss:info: Commenting out expired $CODENAME repository" 575 | sed -i "s@^ *deb http://us.archive.ubuntu.com/ubuntu/ $CODENAME@#deb http://us.archive.ubuntu.com/ubuntu/ $CODENAME@" /etc/apt/sources.list 576 | sed -i "s@^ *deb http://security.ubuntu.com/ubuntu $CODENAME@#deb http://security.ubuntu.com/ubuntu $CODENAME@" /etc/apt/sources.list 577 | sed -i "s@^ *deb-src http://security.ubuntu.com/ubuntu $CODENAME@#deb-src http://security.ubuntu.com/ubuntu $CODENAME@" /etc/apt/sources.list 578 | sed -i "s@^ *deb\(.*\)archive\(.*\)$CODENAME@#deb\1archive\2$CODENAME@" /etc/apt/sources.list 579 | if ! grep -ai old-releases /etc/apt/sources.list | grep -qai "$CODENAME" /etc/apt; then 580 | echo "dss: Adding in the 'old-releases' repository for $CODENAME" 581 | echo " 582 | deb http://old-releases.ubuntu.com/ubuntu/ $CODENAME main restricted universe multiverse 583 | deb http://old-releases.ubuntu.com/ubuntu/ $CODENAME-updates main restricted universe multiverse 584 | deb http://old-releases.ubuntu.com/ubuntu/ $CODENAME-security main restricted universe multiverse" >> /etc/apt/sources.list 585 | fi 586 | 587 | return 0 588 | 589 | } 590 | 591 | function add_missing_ubuntu_keys() { 592 | [ ! -e /etc/apt/sources.list ] && return 0 593 | [ ! -x /usr/bin/apt-key ] && return 0 594 | print_distro_info | grep -qai ubuntu || return 0 595 | # import the lts key 596 | 597 | apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 112695A0E562B32A 598 | 599 | apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138 600 | 601 | apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0E98404D386FA1D9 602 | 603 | return 0 604 | } 605 | 606 | HAS_INSTALLED_KEYS= 607 | function add_missing_debian_keys() { 608 | [ ! -e /etc/apt/sources.list ] && return 0 609 | [ ! -x /usr/bin/apt-key ] && return 0 610 | print_distro_info | grep -qai debian || return 0 611 | # only needs doing once 612 | [ -n "$HAS_INSTALLED_KEYS" ] && return 0 613 | echo "dss:info: checking debian keys" 614 | # import the lts key 615 | # sometimes its like '...AD62 4692 5553' other times its like '...AD6246925553' 616 | if ! apt-key list | egrep -qai "4692.*5553"; then 617 | echo "dss:info: installing the deb 7 2020 key" 618 | if ! gpg --recv-key 8B48AD6246925553 ; then gpg --keyserver pgpkeys.mit.edu --recv-key 8B48AD6246925553; fi 619 | gpg -a --export 8B48AD6246925553 | apt-key add - 620 | fi 621 | 622 | if ! apt-key list | egrep -qai "4730.*41FA"; then 623 | # Debian Archive Automatic Signing Key (6.0/squeeze) 624 | echo "dss:info: installing the deb 6 key" 625 | gpg --recv-key AED4B06F473041FA 626 | gpg -a --export AED4B06F473041FA | apt-key add - 627 | fi 628 | if ! apt-key list | egrep D97A3AE911F63C51; then 629 | #webmin key 630 | echo "dss:info: installing webmin key" 631 | gpg --keyserver pgpkeys.mit.edu --recv-key D97A3AE911F63C51 632 | gpg -a --export D97A3AE911F63C51 | apt-key add - 633 | fi 634 | HAS_INSTALLED_KEYS=Y 635 | 636 | return 0 637 | } 638 | 639 | # e.g. test with diff /etc/apt/sources.list <(disable_debian_repos squeeze) 640 | function disable_debian_repos() { 641 | [ ! -f /etc/apt/sources.list ] && return 0 642 | local name=$1 643 | # disable both squeeze and squeeze lts if squeeze 644 | [ "$name" == "squeeze" ] && disable_debian_repos squeeze-lts 645 | [ ! -z "$IS_DEBUG" ] && echo "dss:sources:disable_debian_repos:pre:$name: $(cat /etc/apt/sources.list | egrep -v '^$|^#')" 646 | { 647 | local line= 648 | cat /etc/apt/sources.list | while IFS='' read -r line || [[ -n "$line" ]]; do 649 | # leave comment lines 650 | local line0=$line 651 | echo $line | grep -qai '^ *#' && echo $line && continue 652 | local line2= 653 | local line2=$(convertline $name $name debian.org "#" "$line") 654 | [ -z "$line2" ] && line2=$(convertline $name $name debian.net "#" "$line") 655 | if [ -z "$line2" ]; then 656 | # echo 'deb http://mirrors.linode.com/debian stretch-updates main' | egrep '^ *deb *http[s]{0,1}://[a-z.:/]+/debian[-a-z]* .*' | sed -re 's#^ *deb *http[s]{0,1}://([a-z.:/]+)/debian[-a-z]* .*#\1#' 657 | # => mirrors.linode.com 658 | local d2="$(echo $line | egrep '^ *deb *http[s]{0,1}://[a-z.:/]+/debian[-a-z]* .*' | sed -re 's#^ *deb *http[s]{0,1}://([a-z.:/]+)/debian[-a-z]* .*#\1#')" 659 | if [ ! -z "$d2" ]; then 660 | line2=$(convertline $name $name "$d2" "#" "$line") 661 | fi 662 | fi 663 | [ -z "$line2" ] && echo $line 664 | echo $line2 665 | # leave non-debian lines. e.g. keep deb http://packages.prosody.im/debian wheezy main 666 | #echo $line | grep -q deb && echo "$line" | grep -qaiv --fixed-strings '.debian.' && echo $line && continue 667 | # comment out the old entries 668 | #line=$(echo $line | sed "s@^ *deb http://ftp.\(\S*\).debian.org/debian[/] $name\([ /]\)@#deb http://ftp.\1.debian.org/debian $name\2@") 669 | #line=$(echo $line | sed "s@^ *deb http://security.debian.org/ $name\([ /]\)@#deb http://security.debian.org/ $name\1@") 670 | #line=$(echo $line | sed "s@^ *deb-src http://ftp.\(\S*\).debian.org/debian[/] $name\([ /]\)@#deb-src http://ftp.\1.debian.org/debian $name\2@") 671 | # deb http://http.us.debian.org/debian/ wheezy main non-free contrib 672 | #line=$(echo $line | sed "s@^ *deb http://http.\(\S*\).debian.org/debian[/] $name\([ /]\)@#deb http://http.\1.debian.org/debian $name\2@") 673 | #line=$(echo $line | sed "s@^ *deb http://non-us.debian.org/debian-non-US $name\([ /]\)@#deb http://non-us.debian.org/debian-non-US $name\1@") 674 | #line=$(echo $line | sed "s@^ *deb http://security.debian.org[/] $name\([ /]\)@#deb http://security.debian.org $name\1@") 675 | # deb-src http://ftp.us.debian.org/debian/ wheezy main 676 | # deb-src http://security.debian.org/ wheezy/updates main 677 | #line=$(echo $line | sed "s@^ *deb-src http://ftp.\(\S*\).debian.org/debian[/] $name\([ /]\)@#deb-src http://ftp.\1.debian.org/debian $name\2@") 678 | # deb-src http://security.debian.org/ wheezy/updates main 679 | # deb-src http://mirrors.coyx.com/debian/ wheezy-updates main 680 | #line=$(echo $line | sed "s@^ *deb http://http.\(\S*\).debian.org/debian[/] $name\([ /]\)@#deb http://http.\1.debian.org/debian $name\2@") 681 | #line=$(echo $line | sed "s@^ *deb-src http://\([a-zA-Z0-9./]*\) *$name\([ /]\)@#deb-src http://\1 $name\2@") 682 | # disable the archive repositories 683 | #line=$(echo $line | sed "s@^ *deb http://archive.\([a-zA-Z0-9./]*\) *$name\([ /]\)@#deb http://archive.\1 $name\2@") 684 | #echo $line 685 | done 686 | } > /etc/apt/sources.list.$$ 687 | [ ! -z "$IS_DEBUG" ] && cat /etc/apt/sources.list.$$ | awk '{print "dss:trace:sources:createdaptsources:" $0}' 688 | if diff /etc/apt/sources.list /etc/apt/sources.list.$$ >/dev/null; then 689 | rm /etc/apt/sources.list.$$ 690 | return 0 691 | fi 692 | [ ! -z "$IS_DEBUG" ] && echo "dss:sources:disable_debian_repos:post:$name: $(cat /etc/apt/sources.list | egrep -v '^$|^#')" 693 | prep_ghost_output_dir 694 | cp /etc/apt/sources.list /root/distrorejuveinfo/sources.list.$(date +%Y%m%d.%s) 695 | echo "dss:info: disable_debian_repos $name diff follows:" 696 | print_minimal_config_diff /etc/apt/sources.list /etc/apt/sources.list.$$ | awk '{print "dss:configdiff: " $0}' 697 | mv /etc/apt/sources.list.$$ /etc/apt/sources.list 698 | echo "$name: apt sources now has $(cat /etc/apt/sources.list | egrep -v '^$|^#')" | awk '{print "dss:sources:disable_debian_repos:post:" $0}' 699 | return 0 700 | } 701 | 702 | # e.g. enable_debian_archive squeeze squeeze-lts 703 | function enable_debian_archive() { 704 | [ ! -f /etc/apt/sources.list ] && return 0 705 | [ ! -z "$IS_DEBUG" ] && echo "apt sources now has $(cat /etc/apt/sources.list | egrep -v '^$|^#')" | awk '{print "dss:trace:sources:enable_debian_archive:pre:" $0 }' 706 | { 707 | > /tmp/enablearchive.$$ 708 | > /tmp/enabledarchive.$$ 709 | # variables in here not seen outside scope. need to store in a temp file. 710 | local line= 711 | cat /etc/apt/sources.list | while IFS='' read -r line || [[ -n "$line" ]]; do 712 | local name= 713 | for name in $DEBIAN_ARCHIVE; do 714 | # comment line. skip checking other names. go onto next line 715 | local line0=$line 716 | local name0=$name 717 | echo $line | egrep -qai '^$|^ *#' && echo $line && line="" && break 718 | 719 | echo $line | grep -qai "^deb http://archive.debian.org/debian ${name}[ /-]" && echo " $name " >> /tmp/enabledarchive.$$ && break 720 | # disable srcs 721 | echo $line | egrep -qai "^ *deb-src ([a-z]+)://([-~a-zA-Z0-9./]*) * ${name}[ /-]" && echo $line | sed "s@^ *deb-src \([a-zA-Z]*\)://\([a-zA-Z0-9./]*\) *$name@#deb-src \1://\2 $name@" && line="" && break 722 | echo $line | egrep -qai "^ *deb ([a-z]+)://([-~a-zA-Z0-9./]*) * ${name}[ /-]" && echo " $name " >> /tmp/enablearchive.$$ && echo "#$line" && line="" && break 723 | done 724 | [ ! -z "$line" ] && echo $line 725 | done 726 | # if one or the other is enable, add both 727 | enablearchive=$(cat /tmp/enablearchive.$$) 728 | enabledarchive=$(cat /tmp/enabledarchive.$$) 729 | rm -f /tmp/enablearchive.$$ /tmp/enabledarchive.$$ 730 | echo $enablearchive | grep -qai " squeeze " && enablearchive="$enablearchive squeeze-lts" 731 | uniqueenablearchive=$(for i in $enablearchive; do echo $i; done | sort | uniq) 732 | spaceenablearchive=$(for i in $uniqueenablearchive; do echo -n " $i "; done) 733 | for name in $spaceenablearchive; do 734 | # already there 735 | echo "$enabledarchive" | grep -qai "$name" && continue 736 | echo "deb http://archive.debian.org/debian $name main contrib non-free" 737 | done 738 | } > /etc/apt/sources.list.$$ 739 | if diff /etc/apt/sources.list /etc/apt/sources.list.$$ >/dev/null; then 740 | rm /etc/apt/sources.list.$$ 741 | return 0 742 | fi 743 | prep_ghost_output_dir 744 | cp /etc/apt/sources.list /root/distrorejuveinfo/sources.list.$(date +%Y%m%d.%s) 745 | echo "dss:info: enabling debian archive repos. diff follows:" 746 | print_minimal_config_diff /etc/apt/sources.list /etc/apt/sources.list.$$ | awk '{print "dss:configdiff:sources: " $0}' 747 | mv /etc/apt/sources.list.$$ /etc/apt/sources.list 748 | [ ! -z "$IS_DEBUG" ] && echo "apt sources now has $(cat /etc/apt/sources.list | egrep -v '^$|^#')" | awk '{print "dss:trace:sources:enable_debian_archive:post:" $0 }' 749 | return 0 750 | } 751 | 752 | function print_uninstall_fail2ban() { 753 | [ ! -f /etc/apt/sources.list ] && return 0 754 | ! dpkg -l | grep -qai '^i.*fail2ban' && return 0 755 | echo "dss:info: Changes to the fail2ban configs mean that this script will likely hit problems when doing the dist upgrade. so aborting before starting." >&2 756 | echo "dss:info: Please remove the fail2ban configs. You may do that with the following commands:" 757 | echo apt-get -y purge $(dpkg -l | grep fail2ban | egrep -i 'ii|iF|iU' | awk '{print $2}') 758 | } 759 | 760 | function print_uninstall_dovecot() { 761 | [ ! -f /etc/apt/sources.list ] && return 0 762 | ! dpkg -l | grep -qai '^i.*dovecot' && return 0 763 | # trusty 2.9, precise 2.0, lucid (=10.4) 1.29 per https://launchpad.net/ubuntu/+source/dovecot 764 | echo "dss:info: Seeing '$( [ -f /var/log/mail.info ] && grep 'dovecot' /var/log/mail.info* | grep -c 'Login:')' logins via imap recently." 765 | echo "dss:info: Changes to the dovecot configs mean that this script will likely hit problems when doing the dist upgrade. so aborting before starting." >&2 766 | echo "dss:info: Saving the current dovecot config to /root/distrorejuveinfo/doveconf.log.$$" 767 | echo "dss:info: Please remove dovecot. You may do that with the following commands:" 768 | prep_ghost_output_dir 769 | postconf -n > /root/distrorejuveinfo/postconf.log.$$ 770 | doveconf -n > /root/distrorejuveinfo/doveconf.log.$$ 771 | echo apt-get -y remove $(dpkg -l | grep dovecot | egrep -i 'ii|iF|iU' | awk '{print $2}') 772 | # dovecot reinstall tips 773 | 774 | # apt-get install dovecot-pop3d dovecot-imapd dovecot-managesieved dovecot-sieve 775 | # dovecot -n > /etc/dovecot/dovecot.conf.new 776 | # mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.predistupgrade 777 | # mv /etc/dovecot/dovecot.conf.new /etc/dovecot/dovecot.conf 778 | 779 | # sed -i s@'mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-dovecot-postfix.conf -m "${EXTENSION}"'@'mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}"'@g main.cf 780 | 781 | # Could also try removing /etc/dovecot/conf.d/01-dovecot-postfix.conf and replacing it with this package (replaces postfix-dovecot package): 782 | 783 | # http://packages.ubuntu.com/trusty/all/mail-stack-delivery/filelist 784 | 785 | #doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf 786 | #doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:25: 'imaps' protocol is no longer necessary, remove it 787 | #doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:25: 'pop3s' protocol is no longer necessary, remove it 788 | #doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:717: protocol managesieve {} has been replaced by protocol sieve { } 789 | #doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:889: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely 790 | #doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:927: passdb pam {} has been replaced by passdb { driver=pam } 791 | #doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:1040: userdb passwd {} has been replaced by userdb { driver=passwd } 792 | #doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:1102: auth_user has been replaced by service auth { user } 793 | #doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set 794 | #Stopping IMAP/POP3 mail server: dovecot. 795 | #Processing triggers for man-db ... 796 | #Errors were encountered while processing: 797 | # dovecot-sieve 798 | # dovecot-pop3d 799 | # dovecot-ldap 800 | # dovecot-imapd 801 | #E: Sub-process /usr/bin/dpkg returned an error code (1) 802 | 803 | 804 | return 0 805 | } 806 | 807 | function print_failed_dist_upgrade_tips() { 808 | #echo "dss:warn: In the event of a dist-upgrade failure, try things like commenting out the new distro, uncomment the previous distro, try an apt-get -f install, then change the distros back." 809 | #echo "dss:warn: In the event of dovecot errors, apt-get remove dovecot* unless you need dovecot (e.g. you need imap/pop3)" 810 | #echo "dss:warn: May be worth trying: aptitude -vv full-upgrade" 811 | #echo "dss:warn: after attempting a fix manually, rerun the bash distrorejuve.sh command" 812 | return 0 813 | } 814 | 815 | function dist_upgrade_lenny_to_squeeze() { 816 | export old_distro=lenny 817 | export old_ver="inux 5" 818 | export new_distro=squeeze 819 | export new_ver="inux 6" 820 | 821 | dist_upgrade_x_to_y 822 | ret=$? 823 | return $ret 824 | } 825 | 826 | function dist_upgrade_squeeze_to_wheezy() { 827 | export old_distro=squeeze 828 | export old_ver="inux 6" 829 | export new_distro=wheezy 830 | export new_ver="inux 7" 831 | 832 | dist_upgrade_x_to_y 833 | ret=$? 834 | return $ret 835 | } 836 | 837 | function dist_upgrade_wheezy_to_jessie() { 838 | export old_distro=wheezy 839 | export old_ver="inux 7" 840 | export new_distro=jessie 841 | export new_ver="inux 8" 842 | dist_upgrade_x_to_y 843 | ret=$? 844 | return $ret 845 | } 846 | 847 | function dist_upgrade_jessie_to_stretch() { 848 | export old_distro=jessie 849 | export old_ver="inux 8" 850 | export new_distro=stretch 851 | export new_ver="inux 9" 852 | dist_upgrade_x_to_y 853 | ret=$? 854 | return $ret 855 | } 856 | 857 | function dist_upgrade_stretch_to_buster() { 858 | export old_distro=stretch 859 | export old_ver="inux 9" 860 | export new_distro=buster 861 | export new_ver="inux 10" 862 | dist_upgrade_x_to_y 863 | ret=$? 864 | return $ret 865 | } 866 | 867 | function dist_upgrade_buster_to_bullseye() { 868 | export old_distro=buster 869 | export old_ver="inux 10" 870 | export new_distro=bullseye 871 | export new_ver="inux 11" 872 | dist_upgrade_x_to_y 873 | ret=$? 874 | return $ret 875 | } 876 | 877 | function dist_upgrade_bullseye_to_bookworm() { 878 | export old_distro=bullseye 879 | export old_ver="inux 11" 880 | export new_distro=bookworm 881 | export new_ver="inux 12" 882 | retain_etc_networking_naming_re_enX0 883 | dist_upgrade_x_to_y 884 | ret=$? 885 | return $ret 886 | } 887 | 888 | function dist_upgrade_bookworm_to_trixie() { 889 | export old_distro=bookworm 890 | export old_ver="inux 12" 891 | export new_distro=trixie 892 | export new_ver="inux 13" 893 | retain_etc_networking_naming_re_enX0 894 | check_usrmerge 895 | dist_upgrade_x_to_y 896 | ret=$? 897 | return $ret 898 | } 899 | 900 | 901 | function check_usrmerge() { 902 | [ -L /lib ] && return 0 903 | echo "dss:warn: /usr not merged. Trying to install usrmerge to resolve." 904 | [ -e /etc/unsupported-skip-usrmerge-conversion ] && rm /etc/unsupported-skip-usrmerge-conversion 905 | apt_get_install usrmerge 906 | local ret=$? 907 | [ $ret ] && echo "dss:trace:check_usrmerge completed." 908 | [ ! $ret ] && echo "dss:error:check usrmerge failed." >&2 909 | return $ret 910 | } 911 | 912 | function retain_etc_networking_naming_re_enX0() { 913 | # test we're a debian/ubuntu system currently using eth0 914 | [ ! -f /etc/network/interfaces ] && return 0 915 | ! egrep -i '^ *iface.*eth0.*static' /etc/network/interfaces && return 0 916 | [ -e /etc/systemd/network/99-default.link ] && return 0 917 | ! ifconfig eth0 2>/dev/null && return 0 918 | 919 | ln -sf /dev/null /etc/systemd/network/99-default.link && echo "Disabling /etc/systemd/network/99-default.link re enX0" 920 | # dev null approach described: 921 | # https://www.linuxfromscratch.org/lfs/view/9.1-systemd/chapter07/network.html 922 | # https://bbs.archlinux.org/viewtopic.php?id=259086&p=2 the dev null symlink approach 923 | # another option: kernel parameter: net.ifnames=0 924 | # description of change going into bookworm (deb 12): 925 | # https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#xen-network 926 | # https://wiki.debian.org/NetworkInterfaceNames#bookworm-xen 927 | } 928 | 929 | 930 | # return 0 if a file or two was removed. e.g. so you can to rm_overwrite_files $tmplog && retry 931 | function rm_overwrite_files() { 932 | [ -z "$1" ] && return 1 933 | [ ! -f "$1" ] && return 1 934 | local tmplog="$1" 935 | 936 | if egrep -aqi 'mysql_upgrade: [ERROR] .*alter routine command denied to user ' $tmplog; then 937 | echo "dss:warn: mysql error. Trying a mysql_upgrade to resolve." 938 | mysql_upgrade 939 | fi 940 | local mysqlerrlogs="$([ -d /var/lib/mysql ] && [ -d /var/log/mysql ] && find /var/lib/mysql /var/log/mysql -type f -mmin -10 | egrep '\.err$|mysql/error.log')" 941 | if [ -d /var/lib/mysql ] ; then 942 | mysqlerrlogs="$mysqlerrlog $tmplog" 943 | fi 944 | if [ ! -z "$mysqlerrlogs" ] && grep -qai 'Thread stack overrun' $mysqlerrlogs; then 945 | echo "dss:warn: mysql Thread stack overrun. Attempting to tweak 128K stacks to be bigger." 946 | find /etc/mysql/ -type f | xargs --no-run-if-empty egrep 'thread_stac' | awk '{print "dss:info:mysqlthreadstacks:before:" $0}' 947 | find /etc/mysql/ -type f | xargs --no-run-if-empty egrep -l '^thread_stac' | xargs --no-run-if-empty sed -i 's/128K/256K/' 948 | find /etc/mysql/ -type f | xargs --no-run-if-empty egrep 'thread_stac' | awk '{print "dss:info:mysqlthreadstacks:after:" $0}' 949 | fi 950 | if [ ! -z "$mysqlerrlogs" ] && egrep -aqi 'mysql_upgrade: [ERROR] .*alter routine command denied to user ' $mysqlerrlogs; then 951 | echo "dss:warn: mysql error. Trying a mysql_upgrade to resolve." 952 | mysql_upgrade 953 | fi 954 | 955 | # disable some settings that become deprecated (if they are causing errors). 956 | if [ ! -z "$mysqlerrlogs" ] && egrep -qai 'e-rc.d: initscript mysql, action "start" fai' $mysqlerrlogs; then 957 | #egrep -qai 'pkg: error processing package mysq' $mysqlerrlogs || 958 | #if egrep -qai 'mysql_upgrade: [ERROR] .*alter routine command denied to user ' $mysqlerrlogs; then 959 | for i in query_cache_limit query_cache_size key_buffer myisam-recover; do 960 | if egrep -qai "unknown variable '$i" $mysqlerrlogs; then 961 | #if egrep -aqi "unknown variable '$i" $tmplog; then 962 | echo "dss:warn: trying to fix an issue re unknown variable $i." 963 | find /etc/mysql/ -type f | xargs --no-run-if-empty egrep "$i" | awk '{print "dss:info:mysql:'$i':before:" $0}' 964 | find /etc/mysql/ -type f | xargs --no-run-if-empty egrep -l "^$i" | xargs --no-run-if-empty sed -i "s/^$i/#$i/" 965 | find /etc/mysql/ -type f | xargs --no-run-if-empty egrep "$i" | awk '{print "dss:info:mysql:'$i':after:" $0}' 966 | fi 967 | done 968 | fi 969 | 970 | 971 | if egrep -qi "doveconf: Fatal: " "$tmplog"; then 972 | # e.g. doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set 973 | echo "dss:error: issue with dovecot config. Resolve (e.g. by removing dovecot for fixing the issue). $(egrep -i "doveconf: Fatal: " "$tmplog")" 974 | print_uninstall_dovecot 975 | elif egrep -qi "doveconf: Warning: Obsolete setting in" "$tmplog"; then 976 | echo "dss:warn: issue with obsolete dovecot config. $(egrep -i "doveconf: Fatal: " "$tmplog")" 977 | echo "dss:warn: May pay to remove dovecot per the instructions below." 978 | print_uninstall_dovecot 979 | fi 980 | if egrep -qi "dpkg: error processing package fail2ban (--configure):" "$tmplog" || egrep -qi 'See "systemctl status fail2ban.service"' "$tmplog" ; then 981 | echo "dss:error: issue with fail2ban config. Resolve (e.g. by removing dovecot for fixing the issue). $(egrep -i "fail2ban (--configure|status fail2ban.service" "$tmplog")" 982 | print_uninstall_fail2ban 983 | fi 984 | 985 | # trying to overwrite shared '/usr/share/doc/libkmod2/changelog.Debian.gz', which is different from other instances of package libkmod2:amd64 986 | # Unpacking libpython2.7-minimal:amd64 (2.7.12-1ubuntu0~16.04.3) ... 987 | # dpkg: error processing archive /var/cache/apt/archives/libpython2.7-minimal_2.7.12-1ubuntu0~16.04.3_amd64.deb (--install): 988 | # trying to overwrite shared '/etc/python2.7/sitecustomize.py', which is different from other instances of package libpython2.7-minimal:amd64 989 | 990 | # egrep -qai "trying to overwrite shared '/usr/share/doc/libperl5.22/changelog.Debian.gz" "$tmplog" && echo "dss:info: handling libperl issue." && rm -f /usr/share/doc/libperl5.22/changelog.Debian.gz 991 | local overwrites="$(grep "trying to overwrite shared '/usr/share/doc/.*/changelog.Debian.gz'" $tmplog | sed 's#.*trying to overwrite shared .##g' | sed 's#., which is different from other instances of package.*##g')" 992 | overwrites="$overwrites $(grep "trying to overwrite shared '/.*.py'" $tmplog | sed 's#.*trying to overwrite shared .##g' | sed 's#., which is different from other instances of package.*##g')" 993 | overwrites="$overwrites $(grep "trying to overwrite shared '/.*.conf'" $tmplog | sed 's#.*trying to overwrite shared .##g' | sed 's#., which is different from other instances of package.*##g')" 994 | local i= 995 | local rmed=0 996 | for i in $overwrites; do 997 | [ ! -f "$i" ] && echo "dss:warn: expecting $i to be a file in rm_overwrite_files" && continue 998 | rm -f "$i" 999 | echo "dss:info: removed a shared overwrite file. sometimes required when cross grading: $i" 1000 | rmed=$((rmed+1)) 1001 | done 1002 | if egrep -aqi 'ERROR: Your kernel version indicates a revision number' $tmplog; then 1003 | #Preparing to unpack .../libc6_2.27-3ubuntu1.4_amd64.deb ... 1004 | #ERROR: Your kernel version indicates a revision number 1005 | #of 255 or greater. Glibc has a number of built in 1006 | #assumptions that this revision number is less than 255. 1007 | #If you\'ve built your own kernel, please make sure that any 1008 | #custom version numbers are appended to the upstream 1009 | #kernel number with a dash or some other delimiter. 1010 | # uname -a 1011 | # Linux example.com 4.14.256-rh294-20211127025231.xenU.x86_64 #1 SMP Sat Nov 27 02:58:28 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux 1012 | echo "dss:error: old glibc error. This glibc cannot handle kernels with minor versions > 255. e.g. $(uname -a). Try restarting the server with a kernel with a lower minor version. e.g. a 5.10.96 kernel would be OK, but 4.14.264 is not OK. For RimuHosting customers use https://rimuhosting.com/cp/vps/kernel.jsp to do this." 1013 | return 1 1014 | fi 1015 | [ $rmed -eq 0 ] && return 1 1016 | return 0 1017 | } 1018 | 1019 | function apt_get_remove() { 1020 | pause_check 1021 | local tmplog=$(mktemp "tmplog.aptgetremove.log.XXXXXX") 1022 | apt-get $APT_GET_INSTALL_OPTIONS remove $@ | tee $tmplog 1023 | local ret=${PIPESTATUS[0]} 1024 | [ $ret -ne 0 ] && rm_overwrite_files "$tmplog" && apt-get $APT_GET_INSTALL_OPTIONS remove $@ && ret=$? 1025 | #if [ $ret -ne 0 ] && echo "$@" | egrep -qai 'gcc-6-base:i386'; then 1026 | #fi 1027 | if [ $ret -ne 0 ] && echo "$@" | egrep -qai 'gcc-6-base:i386'; then 1028 | if egrep -qai 'systemd : Depends: libcap2-bin' "$tmplog"; then 1029 | echo "dss:info: attempting to install libcap2-bin since gcc-6-base remove failed." && apt_get_install libcap2-bin:amd64 && apt-get $APT_GET_INSTALL_OPTIONS remove $@ && ret=$? 1030 | fi 1031 | fi 1032 | local essentialissuepackages="$(cat $tmplog | grep --after-context 50 'WARNING: The following essential packages will be removed.' | grep '^ ' | tr '\n' ' ' | sed -r 's/\(due to +\S*?\)//g')" 1033 | [ ! -z "$essentialissuepackages" ] && echo "dss:warn: apt_get_remove $@ essential package issues for: $essentialissuepackages" 1034 | echo "$essentialissuepackages" | egrep -qai 'libgcc-s1:i386' && echo "dss:warn: This issue may be related to this bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992317" 1035 | rm -rf "$tmplog" 1036 | return $ret 1037 | } 1038 | 1039 | function apt_get_install() { 1040 | pause_check 1041 | local tmplog=$(mktemp "tmplog.aptgetinstall.log.XXXXXX") 1042 | apt-get $APT_GET_INSTALL_OPTIONS install $@ | tee $tmplog 1043 | local ret=${PIPESTATUS[0]} 1044 | [ $ret -ne 0 ] && rm_overwrite_files "$tmplog" && apt-get $APT_GET_INSTALL_OPTIONS install $@ && ret=$? 1045 | local essentialissuepackages="$(cat $tmplog | grep --after-context 50 'WARNING: The following essential packages will be removed.' | grep '^ ' | tr '\n' ' ' | sed -r 's/\(due to +\S*?\)//g')" 1046 | [ ! -z "$essentialissuepackages" ] && echo "dss:warn: apt_get_install $@ essential package issues for: $essentialissuepackages" 1047 | 1048 | rm -rf "$tmplog" 1049 | return $ret 1050 | } 1051 | 1052 | function apt_get_f_install() { 1053 | pause_check 1054 | local tmplog=$(mktemp "tmplog.aptgetfinstall.log.XXXXXX") 1055 | apt-get $APT_GET_INSTALL_OPTIONS -f install | tee $tmplog 1056 | local ret=${PIPESTATUS[0]} 1057 | if [ $ret -ne 0 ]; then 1058 | rm_overwrite_files "$tmplog" && apt-get $APT_GET_INSTALL_OPTIONS -f install && ret=$? 1059 | fi 1060 | echo "dss:trace:apt_get_f_install:$1 results $(egrep 'upgraded' $tmplog)" 1061 | local essentialissuepackages="$(cat $tmplog | grep --after-context 50 'WARNING: The following essential packages will be removed.' | grep '^ ' | tr '\n' ' ' | sed -r 's/\(due to +\S*?\)//g')" 1062 | [ ! -z "$essentialissuepackages" ] && echo "dss:warn: apt_get_f_install $@ essential package issues for: $essentialissuepackages" 1063 | if [ ! -z "$essentialissuepackages" ] && echo "$essentialissuepackages" | grep -qai 'perl-base:amd64'; then 1064 | echo "dss:trying to dpkg -i perl-base:i386" 1065 | if dpkg -l | grep perl-base | grep i386 | grep -qai ii; then 1066 | echo "dss: perl-base:i386 already installed" 1067 | else 1068 | apt-get download perl-base:i386 1069 | dpkg -i perl-base*i386*deb 1070 | apt-get $APT_GET_INSTALL_OPTIONS -f install | tee $tmplog 1071 | local ret=${PIPESTATUS[0]} 1072 | fi 1073 | fi 1074 | 1075 | rm -rf "$tmplog" 1076 | if [ $ret -ne 0 ]; then 1077 | echo "dss:warn: dpkg results showing packages with issues." 1078 | dpkg -l | egrep -v '^ii|^rc|^iU' | awk '{print "dss:warn:apt_get_f_install: " $0}' 1079 | echo "dss:info: as a last resort you can move away the failed dpkg status files at /var/lib/dpkg/info/pkngname*" 1080 | fi 1081 | return $ret 1082 | } 1083 | 1084 | function dpkg_install() { 1085 | [ -z "$1" ] && return 0 1086 | local tmplog=$(mktemp "tmplog.dpkginstall.log.XXXXXX") 1087 | dpkg --force-confnew --force-confdef --force-confmiss --install $@ 2>&1 | tee "$tmplog" 1088 | ret=${PIPESTATUS[0]} 1089 | if [ $ret -eq 0 ]; then 1090 | # dpkg: error processing archive /var/cache/apt/archives/bash_4.4-5_amd64.deb (--install): 1091 | # pre-dependency problem - not installing bash 1092 | # Errors were encountered while processing: 1093 | # /var/cache/apt/archives/bash_4.4-5_amd64.deb 1094 | 1095 | # Errors were encountered while processing: 1096 | # gcj-6-jre-lib 1097 | # openjdk-8-jre-headless:amd64 1098 | # postfix 1099 | # dss:warn: dpkg install lied about the return code(#2). will need to retry the install. 1100 | 1101 | egrep -qai 'Errors |pre-dependency problem|dpkg: error' "$tmplog" && ret=1 && echo "dss:warn: dpkg install lied about the return code. will need to retry the install." 1102 | # maybe it never lied? Changed from ret=$? to ret=${PIPESTATUS[0]} because of the pipe to tee 1103 | 1104 | fi 1105 | # https://bugs.launchpad.net/ubuntu/+source/perl/+bug/1574351 1106 | # dpkg: error processing archive libperl5.22_5.22.1-9ubuntu0.2_amd64.deb (--install): 1107 | # trying to overwrite shared '/usr/share/doc/libperl5.22/changelog.Debian.gz', which is different from other instances of package libperl5.22:amd64 1108 | 1109 | [ $ret -ne 0 ] && rm_overwrite_files "$tmplog" 1110 | if [ $ret -ne 0 ]; then 1111 | # first dpkg --install fails. second one should work ok. e.g.: 1112 | # Errors were encountered while processing: 1113 | # /var/cache/apt/archives/dpkg_1.18.24_amd64.deb 1114 | # /var/cache/apt/archives/tar_1.29b-1.1_amd64.deb 1115 | local failedinstalls=$(cat "$tmplog" | grep --after-context 50 'Errors were encountered while processing:' | sed 's/.*Errors were encountered while processing://' | grep '.deb') 1116 | if [ ! -z "$failedinstalls" ]; then 1117 | echo "dss:trace:dpkg_install: some .deb packages had issues. retrying those: $failedinstalls" 1118 | dpkg --force-confnew --force-confdef --force-confmiss --install $failedinstalls 1119 | ret=$? 1120 | echo "dss:trace:dpkg_install: retry install $([ $ret -eq 0 ] && echo "succeeded" || echo "failed")" 1121 | fi 1122 | fi 1123 | if [ $ret -ne 0 ]; then 1124 | echo "dss:trace:dpkg_install: some .deb packages had issues. retrying to install all packages." 1125 | dpkg --force-confnew --force-confdef --force-confmiss --install $@ 2>&1 | tee "$tmplog" 1126 | ret=$? 1127 | if [ $ret -eq 0 ]; then 1128 | egrep -qai 'Errors |pre-dependency problem|dpkg: error' "$tmplog" && ret=1 && echo "dss:warn: dpkg install lied about the return code(#2). will need to retry the install." 1129 | fi 1130 | fi 1131 | [ -f "$tmplog" ] && rm -f "$tmplog" 1132 | return $ret 1133 | } 1134 | 1135 | function check_systemd_install_matches_init() { 1136 | [ ! -f /etc/debian_version ] && return 0 1137 | [ -x /usr/bin/dpkg ] || return 0 1138 | local psservicemanager= 1139 | local dpkgservicemanager= 1140 | 1141 | # lsof -p 1 since ps may have an 'init' when its actually systemd 1142 | # root 1 0.0 0.0 204588 6864 ? Ss Nov30 0:29 /sbin/init 1143 | #root@pingability:~# ls -l /sbin/init 1144 | #lrwxrwxrwx 1 root root 20 Dec 3 2017 /sbin/init -> /lib/systemd/systemd 1145 | #root@pingability:~# lsof -p 1 1146 | #COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME 1147 | #systemd 1 root cwd DIR 202,1 4096 2 / 1148 | #systemd 1 root rtd DIR 202,1 4096 2 / 1149 | #systemd 1 root txt REG 202,1 1141448 238139 /lib/systemd/systemd 1150 | 1151 | if ps auxf | egrep -qai '^root +1 +.*init'; then 1152 | if ! lsof -p 1 | grep -qai systemd; then 1153 | psservicemanager="${psservicemanager}sysvinit" 1154 | fi 1155 | fi 1156 | ps auxf | egrep -qai '^root +1 +.*systemd' && psservicemanager="${psservicemanager}systemd" 1157 | [ -z "$psservicemanager" ] && lsof -p 1 | grep -qai systemd && psservicemanager="${psservicemanager}systemd" 1158 | 1159 | # packages will sometimes be 1160 | # systemd:i386 1161 | # or 1162 | # systemd 1163 | 1164 | dpkg -l | egrep '^.i|^iU' | awk '{print $2}' | grep -v '^lib' | egrep -qai '^sysvinit(:|$)' && dpkgservicemanager="${dpkgservicemanager}sysvinit" 1165 | dpkg -l | egrep '^.i|^iU' | awk '{print $2}' | grep -v '^lib' | egrep -qai '^systemd(:|$)' && dpkgservicemanager="${dpkgservicemanager}systemd" 1166 | 1167 | [ "$psservicemanager" != "$dpkgservicemanager" ] && echo "dss:warn:sysvinit / systemd conflict (between running init/systemd process, and installed packages). Reboot (and rerun distrorejuve) required? controlling process is '$psservicemanager' (per lsof -p 1), packages are '$dpkgservicemanager'. Sometimes running $0 --remove-cruft can remove older sysvinit packages to resolve this issue." 2>&1 && return 1 1168 | return 0 1169 | 1170 | # sysv wheezy 1171 | # ps auxf | egrep '^root +1 +' 1172 | # root 1 0.0 0.0 2320 1340 ? Ss Oct08 2:32 init [2] 1173 | # root 1 0.0 0.0 2320 1340 ? Ss Oct08 2:32 init [2] 1174 | # dpkg -l | grep sysv 1175 | # ii sysv-rc 2.88dsf-41+deb7u1 all System-V-like runlevel change mechanism 1176 | # ii sysvinit 2.88dsf-41+deb7u1 i386 System-V-like init utilities 1177 | # ii sysvinit-utils 2.88dsf-41+deb7u1 i386 System-V-like utilities 1178 | 1179 | # dpkg -l | grep systemd 1180 | # ii libsystemd-login0:i386 44-11+deb7u5 i386 systemd login utility library 1181 | 1182 | # systemd jessie 1183 | # root@debian:~# ps auxf | egrep '^root +1 +' 1184 | # root 1 0.3 0.4 204580 7176 ? Ss 01:59 0:09 /lib/systemd/systemd --system --deserialize 22 1185 | # root@debian:~# dpkg -l | grep sysv 1186 | # ii systemd-sysv 232-25+deb9u6 amd64 system and service manager - SysV links 1187 | # ii sysv-rc 2.88dsf-59.9 all System-V-like runlevel change mechanism 1188 | # ii sysvinit-utils 2.88dsf-59.9 amd64 System-V-like utilities 1189 | # root@debian:~# dpkg -l | grep systemd 1190 | # ii libpam-systemd:amd64 232-25+deb9u6 amd64 system and service manager - PAM module 1191 | # ii libsystemd0:amd64 232-25+deb9u6 amd64 systemd utility library 1192 | # ii systemd 232-25+deb9u6 amd64 system and service manager 1193 | # ii systemd-sysv 232-25+deb9u6 amd64 system and service manager - SysV links 1194 | 1195 | } 1196 | 1197 | function crossgrade_debian() { 1198 | [ ! -f /etc/debian_version ] && echo "dss:info: Only debian derived distro crossgrades are supported, but not $(print_distro_info)." && return 0 1199 | # see https://wiki.debian.org/CrossGrading 1200 | ! uname -a | grep -qai x86_64 && echo "dss:error: Not running a 64 bit kernel. Cannot crossgrade." 2>&1 && return 1 1201 | 1202 | lsb_release -a 2>/dev/null | egrep -qai 'stretch|lenny|squeeze|wheezy|jessie' && echo "dss:error: Older (pre stretch) Debian distros have dependency issues preventing crossgrades. $0 --dist-upgrade prior to cross grading." 2>&1 && return 1 1203 | 1204 | [ -z "$ENABLE_UBUNTU_CROSSGRADE" ] && lsb_release -a 2>/dev/null | egrep -qai 'ubuntu' && echo "dss:error: Ubuntu cross grades have not been successful. To ignore this warning and attempt one at your own peril: export ENABLE_UBUNTU_CROSSGRADE=Y" 2>&1 && return 1 1205 | 1206 | if ! check_systemd_install_matches_init; then 1207 | echo "dss:error: system needs a reboot prior to cross grading to fully switch to systemd." 2>&1 1208 | return 1 1209 | fi 1210 | 1211 | local bittedness=$(getconf LONG_BIT) 1212 | if echo $bittedness | grep -qai 64; then 1213 | echo "dss:info: FYI getconf reports 64 bits." 1214 | #[ $(dpkg -l | grep '^ii ' | grep ':i386' | wc -l ) -gt 0 ] && echo "i386 packages on this server (may need tidying up): $(dpkg -l | grep '^ii ' | grep ':i386')" 1215 | #return 0 1216 | # may be part way through. may still be 386 packages. so carry on with the cross grade. 1217 | fi 1218 | local now=$(date +%s) 1219 | 1220 | #(Reading database ... 42551 files and directories currently installed.) 1221 | #Removing wpasupplicant (2.4-0ubuntu6.2) ... 1222 | #Processing triggers for dbus:amd64 (1.10.6-1ubuntu3.3) ... 1223 | #=> root 11133 0.1 4.4 70196 66740 pts/2 S+ 07:12 0:09 \_ apt-get -y -o APT::Get::AllowUnauthenticated=yes -o Acquire::Check-Valid-Until=false -o Dpkg::Options::=--force-confnew -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confmiss install wpasupplicant:amd64 1224 | #root 13076 1.7 0.6 12920 10036 pts/0 Ss+ 09:09 0:00 \_ /usr/bin/dpkg --force-confnew --force-confdef --force-confmiss --status-fd 29 --unpack --auto-deconfigure /var/cache/apt/archives/libnl-3-200_3.2.27-1ubuntu0.16.04.1_amd64.deb /var/cache/apt/archives/libnl-genl-3-200_3.2.27-1ubuntu0.16.04.1_amd64.deb /var/cache/apt/archives/libpcsclite1_1.8.14-1ubuntu1.16.04.1_amd64.deb /var/cache/apt/archives/wpasupplicant_2.4-0ubuntu6.2_amd64.deb 1225 | #root 13640 0.0 0.0 2372 636 pts/0 S+ 09:09 0:00 \_ /bin/sh /var/lib/dpkg/info/dbus.postinst triggered /etc/dbus-1/system.d /usr/share/dbus-1/system-services 1226 | #root 13641 0.2 0.0 25520 1392 pts/0 S+ 09:09 0:00 \_ dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig 1227 | #=> dbus-send non responsive 1228 | #=> kill 13641 1229 | 1230 | print_distro_info | grep -qai ubuntu && dpkg -l | grep '^ii' | grep wpasupplicant && echo "dss:warn: There have been issues with updates on Ubuntu where the wpasupplicant is installed. Run apt-get remove wpasupplicant to remove it first." && return 1 1231 | 1232 | # slightly different config file state name. e.g. regular upgrade can remove things like dovecot if they were not used. 1233 | # and this different file means they won't get reinstalled by mistake 1234 | [ ! -f /root/distrorejuveinfo/crossgrade.preupgrade.dpkg.$$ ] && record_config_state /root/distrorejuveinfo/crossgrade.preupgrade.dpkg.$$ 1235 | [ -f /root/distrorejuveinfo/crossgrade.preupgrade.dpkg.$$ ] && [ ! -f /root/distrorejuveinfo/preupgrade.dpkg.$$ ] && cp /root/distrorejuveinfo/crossgrade.preupgrade.dpkg.$$ /root/distrorejuveinfo/preupgrade.dpkg.$$ 1236 | 1237 | echo "dss:trace:Current architecture: $(dpkg --print-architecture)" 1238 | echo "dss:trace:Foreign architectures: $(dpkg --print-foreign-architectures)" 1239 | echo "dss:info: cross grading distro from 32 to 64 bit." 1240 | local vimpkg="$(dpkg -l | grep '^.*ii' | grep -qai vim && echo vim)" 1241 | local apachepkg="$(dpkg -l | grep '^.*ii' | grep -qai apache2-bin && echo apache2-bin)" 1242 | apt_get_update 1243 | apt_get_install apt-rdepends 1244 | 1245 | if [ $? -ne 0 ]; then 1246 | if dpkg -l | egrep apt-rdepends | grep -qai ii; then 1247 | echo "dss:warn: getting an error on apt-get install apt-rdpends. However it is installed. So let's proceed." 1248 | else 1249 | echo "dss:error: failed to install apt-rdpends. Which we rely on to download necessary dependencies." 1250 | fi 1251 | fi 1252 | 1253 | [ ! -x /usr/bin/apt-show-versions ] && echo "dss:info:installing apt-show-versions" && apt_get_install apt-show-versions 1254 | [ -z "$IGNORECRUFT" ] && has_cruft_packages oldpkg && show_cruft_packages oldpkg && echo "dss:warn:There are some old packages installed. Best to remove them before proceeding. Do that by running bash $0 --show-cruft followed by bash $0 --remove-cruft. Or to ignore that, run export IGNORECRUFT=Y and re-run this command. " && return 1 1255 | 1256 | dpkg --add-architecture amd64 1257 | [ $? -ne 0 ] && echo "dss:error: Failed adding amd64 architecture." 2>&1 && return 1 1258 | 1259 | # needed to load amd package info. e.g. on debian. 1260 | apt_get_update 1261 | #apt-get $APT_GET_INSTALL_OPTIONS autoremove 1262 | 1263 | apt-get $APT_GET_INSTALL_OPTIONS --allow-downgrades upgrade 1264 | [ ! -d /root/distrorejuveinfo/$$ ] && mkdir /root/distrorejuveinfo/$$ 1265 | debs="$(find /var/cache/apt/archives -type f | egrep 'amd64.deb$|all.deb$')" 1266 | [ ! -z "$debs" ] && echo "dss:info:moving 64bit packages out of the way" && mv $debs /root/distrorejuveinfo/$$/ 1267 | apt-get clean 1268 | 1269 | #WARNING: The following essential packages will be removed. 1270 | #This should NOT be done unless you know exactly what you are doing! 1271 | #perl-base:amd64 1272 | # => apt-get download perl-base:i386; dpkg -i perl-base*; apt-get -f install 1273 | # download lots of amd64 packages if you get stuck, e.g. on ubuntu 1274 | # for i in $(dpkg -l | grep ii | grep i386 | awk '{print $2}' | sed 's/:i386//' | grep -v "^ "|grep -v "libc-dev" | awk '{print $0":amd64"}'); do apt-get download $i; done 1275 | 1276 | #if ! dpkg -l | egrep -qai '^ii.*dpkg.*amd64'; then 1277 | if true; then 1278 | echo "dss:trace: cross grading. grabbing key amd64 deb packages." 1279 | apt-get --reinstall --download-only $APT_GET_INSTALL_OPTIONS install dpkg:amd64 tar:amd64 apt:amd64 apt-utils:amd64 1280 | [ $? -ne 0 ] && apt-get download dpkg:amd64 tar:amd64 apt:amd64 apt-utils:amd64 1281 | # error if we append perl-base:amd64 to the line above... 1282 | # and if we don't have perl-base then apt-get -f install has this error: E: Unmet dependencies 1283 | echo "dss:trace: cross grading. grabbing extra amd64 deb packages." 1284 | apt-get --reinstall --download-only $APT_GET_INSTALL_OPTIONS install perl-base:amd64 perl-base:i386 1285 | # above will also fail due to dependency hell 1286 | [ $? -ne 0 ] && apt-get download perl-base:amd64 1287 | apt-get --reinstall --download-only $APT_GET_INSTALL_OPTIONS install perl:amd64 perl:i386 1288 | [ $? -ne 0 ] && apt-get download perl:amd64 1289 | requiredlist="$(apt-rdepends apt apt-listchanges| grep -v "^ "|grep -v "libc-dev" | awk '{print $0":amd64"}')" 1290 | echo "dss:trace: cross grading. doing a 'download only' on $requiredlist." 1291 | for i in $requiredlist; do apt-get --reinstall --download-only $APT_GET_INSTALL_OPTIONS install $i; done 1292 | dpkg -l | grep ii | grep -v lib | awk '{print $2}' | grep -v "^ "|grep -v "libc-dev" | awk '{print $0":amd64"}' 1293 | 1294 | #E: Unable to locate package libbz2-1.0:amd64 1295 | #E: Couldn't find any package by glob 'libbz2-1.0' 1296 | 1297 | 1298 | echo "dss:trace: cross grading. installing key amd64 deb packages: dpkg:amd64 tar:amd64 apt:amd64 perl-base:amd64" 1299 | # something about this removes apache2. figure out why... 1300 | cd /root/distrorejuveinfo/$$ 1301 | local debs="$(find /var/cache/apt/archives -type f | egrep 'amd64.deb$|all.deb$') $(find . -maxdepth 1 -type f | egrep 'amd64.deb$|all.deb$')" 1302 | while true; do 1303 | pause_check 1304 | #Preparing to replace libblkid1:amd64 2.20.1-5.3 (using libblkid1_2.20.1-5.3_amd64.deb) ... 1305 | #Unpacking replacement libblkid1:amd64 ... 1306 | #dpkg: dependency problems prevent configuration of libblkid1:amd64: 1307 | #libblkid1:amd64 depends on libuuid1 (>= 2.16). 1308 | #Unpacking replacement sysvinit ... 1309 | #dpkg: regarding .../util-linux_2.20.1-5.3_amd64.deb containing util-linux, pre-dependency problem: 1310 | #util-linux pre-depends on libblkid1 (>= 2.20.1) 1311 | #mime-support depends on mailcap; however: 1312 | #Package mailcap is not configured yet. 1313 | #mailcap depends on perl. 1314 | 1315 | local predeps="$(dpkg_install $debs 2>&1 | grep 'depends on' | sed 's/.*depends on //' | sed 's/;however.*//' | sed 's/.$//' | sed -r 's/\([^)]+\)//g' | sed 's/;//' | awk '{print $1":amd64"}' | sort | uniq)" 1316 | [ -z "$predeps" ] && break 1317 | echo "dss:info: loading more pre-dependencies: $predeps" 1318 | apt-get download $predeps 1319 | local debs2="$(find /var/cache/apt/archives -type f | egrep 'amd64.deb$|all.deb$') $(find . -maxdepth 1 -type f | egrep 'amd64.deb$|all.deb$')" 1320 | if [ "$debs" == "$debs2" ]; then 1321 | echo "dss:info: not making any progress with downloading pre-dependencies. Going to try and install some." 1322 | break 1323 | fi 1324 | debs="$debs2" 1325 | done 1326 | if [ ! -z "$debs" ]; then 1327 | echo "dss:info: installing packages via dpkg -i including: $(echo "$debs" | head | tr '\n' ' ')..." 1328 | dpkg_install $debs 1329 | if [ $? -ne 0 ]; then 1330 | [ $? -ne 0 ] && echo "dss:error: dpkg install amd64.deb files failed" 2>&1 && cd - && return 1 1331 | fi 1332 | mv $debs /root/distrorejuveinfo/$$ 1333 | fi 1334 | cd - 1335 | fi 1336 | #apt-get $APT_GET_INSTALL_OPTIONS autoremove 1337 | echo "dss:trace: cross grading. force installing to see what amd64 packages need to be installed/fixed." 1338 | local i=0 pkg 1339 | for i in 0 1; do 1340 | pause_check 1341 | apt_get_f_install crossgrade 1342 | ret=$? 1343 | [ $ret -eq 0 ] && break; 1344 | # apt-get -f install=> 1345 | # The following NEW packages will be installed: 1346 | # dash:i386 1347 | # WARNING: The following essential packages will be removed. 1348 | # This should NOT be done unless you know exactly what you are doing! 1349 | # dash 1350 | #0 upgraded, 1 newly installed, 1 to remove and 0 not upgraded. 1351 | # remove 'due to stuff' e.g.: 1352 | # dpkg:amd64 tar:amd64 (due to dpkg:amd64) perl-base:amd64 1353 | 1354 | local essentialtoinstall="$(apt-get $APT_GET_INSTALL_OPTIONS -f install 2>&1 | grep --after-context 50 'WARNING: The following essential packages will be removed.' | grep '^ ' | tr '\n' ' ' | sed -r 's/\(due to +\S*?\)//g')" 1355 | [ -z "$essentialtoinstall" ] && echo "dss:info: all essential packages appear to be installed." && break 1356 | mkdir -p distrorejuveinfo/$$/essentialdebs 1357 | cd distrorejuveinfo/$$/essentialdebs 1358 | echo "dss:trace: apt-get -f install had errors. there may be some essential packages not installed. trying to install 32 and 64 bit versions of: $essentialtoinstall" 1359 | for pkg in ${essentialtoinstall}; do 1360 | pkg=$(echo "${pkg}" | sed 's/:i386//') 1361 | pkg=$(echo "${pkg}" | sed 's/:amd64//') 1362 | # had been downloading 64 and 32 bit versions. but installing both (for say perl-base) resulted in dpkg -l listing just the i386 version. 1363 | #apt-get download $i 1364 | #apt-get download $i:i386 1365 | apt-get download "${pkg}:amd64" 1366 | done 1367 | dpkg_install $(find . -name '*.deb') 1368 | cd - 1369 | done 1370 | apt_get_f_install 1371 | ret=$? 1372 | if [ $ret -ne 0 ]; then 1373 | if [ -z "$essentialtoinstall" ]; then 1374 | echo "dss:warn: apt-get -f install failed. However it appears we have all essential 64 bit packages. Trying to continue." 1375 | # dpkg --remove --force-remove-reinstreq python3-lxml:amd64 1376 | # dpkg-query: error: --listfiles needs a valid package name but 'python3-lxml' is not: ambiguous package name 'python3-lxml' with more than one installed instance 1377 | # mkdir /root/t 1378 | # mv /var/lib/dpkg/info/python3-lxml\:amd64.* . 1379 | # apt-get install --reinstall python3-lxml 1380 | else 1381 | echo "dss:error: apt-get -f install failed. we are stuck." 1382 | return 1 1383 | fi 1384 | fi 1385 | #apt-get $APT_GET_INSTALL_OPTIONS autoremove 1386 | 1387 | # doesn't seem to achieve much... should result in apt-get install blah installing the amd64 (vs. i386) version 1388 | dpkg --get-selections | grep :i386 | sed -e s/:i386/:amd64/ | dpkg --set-selections 1389 | lsb_release -a 2>/dev/null | grep -qai Ubuntu && echo "dss:fiddle to try and have Ubuntu use amd64 packages by default." && 1390 | echo "dss:info: cross grading. force installing of amd64 packages after dpkg --set-selections." 1391 | apt_get_f_install 1392 | if [ $? -ne 0 ]; then 1393 | if [ -z "$essentialtoinstall" ]; then 1394 | echo "dss:warn: apt-get -f install failed. However it appears we have all essential 64 bit packages. Trying to continue." 1395 | else 1396 | echo "dss:error: cross grading failed after initial amd64 package installs. See crossgrade_debian for a few suggestions to resolve manually." 1397 | return 1 1398 | fi 1399 | fi 1400 | #apt-get $APT_GET_INSTALL_OPTIONS autoremove 1401 | 1402 | for i in 0; do 1403 | echo "dss:info: cross grading figuring out essential packages." 1404 | local essentialpackages= 1405 | local i386apps="$(dpkg -l | grep '^ii' | grep ':i386' | awk '{print $2}' | sed 's/:i386$//' | grep -v '^lib' )" 1406 | local i386app= 1407 | local essentialdeps= 1408 | for i386app in $i386apps; do 1409 | pause_check 1410 | local needsdeps= 1411 | apt-cache show $i386app | egrep -qai 'Essential: yes|Priority: required|Priority: important' && ! dpkg -l | egrep -qai '^ii.*${i386app}.*amd64' && essentialpackages="$essentialpackages ${i386app}:amd64" && needsdeps=true 1412 | [ -z "$needsdeps" ] && continue 1413 | # pre-depends can include options (one of n). e.g. init 1414 | # apt-cache show init | grep Pre-Depends 1415 | # Pre-Depends: systemd-sysv | sysvinit-core | runit-init 1416 | # can also have versions 1417 | # Pre-Depends: libc6 (>= 2.15), libgmp10, libmpfr6 (>= 3.1.3), libreadline7 (>= 6.0), libsigsegv2 (>= 2.9) 1418 | local addep="" 1419 | for pkg in $(apt-cache show $i386app | grep Pre-Depends | sed -r 's/\([^)]+\)//g' | sed 's/,//g' | sed 's/.*://' | sed 's/ | /____/g'); do 1420 | if echo "${pkg}" | grep -qai '____'; then 1421 | local j="$(echo "${pkg}" | sed 's/____/ /g')" 1422 | for k in $j; do 1423 | if dpkg -l | grep 'ii' | grep -qai " $k"; then 1424 | echo "dss:info:selecting $k as the pre-dependency for $i386app from options of '$j' since that is what is installed" 1425 | pkg="$k" 1426 | fi 1427 | done 1428 | [ -z "${pkg}" ] && pkg="$(echo $j | awk '{print $0}')" && echo "dss:info:selecting ${pkg} as the pre-dependencies for ${i386} from options of '${pkg}' since it that is the first one listed and the others were not installed" 1429 | fi 1430 | addep="$addep ${pkg}:amd64" 1431 | done 1432 | essentialdeps="$essentialdeps $addep" 1433 | done 1434 | # => essentialpackages=base-files:amd64 base-passwd:amd64... 1435 | 1436 | [ -z "$essentialpackages" ] && echo "dss:info: no essential packages missing. moving to next step." && break 1437 | local debs="$(find /var/cache/apt/archives -type f | egrep 'amd64.deb$|all.deb$')" 1438 | [ ! -d /root/distrorejuveinfo/$$ ] && mkdir /root/distrorejuveinfo/$$ 1439 | [ ! -z "$debs" ] && mv $debs /root/distrorejuveinfo/$$ 1440 | echo "dss:info: cross grading essential packages. Downloading essentialpackages: $essentialpackages" 1441 | echo "dss:info: cross grading essential packages. Downloading essentialdependencies: $essentialdeps" 1442 | 1443 | essentialpackages="$(for i in $essentialpackages; do echo $i; done | sort | uniq)" 1444 | essentialdeps="$(for i in $essentialdeps; do echo $i; done | sort | uniq)" 1445 | cd /root/distrorejuveinfo/$$ 1446 | [ ! -z "$essentialpackages" ] && apt-get --reinstall --download-only $APT_GET_INSTALL_OPTIONS install $essentialpackages || apt-get download $essentialpackages 1447 | [ ! -z "$essentialdeps" ] && apt-get --reinstall --download-only $APT_GET_INSTALL_OPTIONS install $essentialdeps || apt-get download $essentialdeps 1448 | apt-get --reinstall --download-only $APT_GET_INSTALL_OPTIONS install init:amd64 1449 | #apt-get --reinstall --download-only -y install systemd-sysv:amd64 1450 | apt-get --reinstall --download-only $APT_GET_INSTALL_OPTIONS install libc-bin:amd64 1451 | echo "dss:trace: cross grading dpkg installing essential packages." 1452 | #apt-get download e2fsprogs:amd64 util-linux:amd64 sed:amd64 1453 | local debs="$(find /var/cache/apt/archives -type f | egrep 'amd64.deb$|all.deb$')" 1454 | local debs2="$(find . -type f | egrep 'amd64.deb$|all.deb$')" 1455 | [ ! -z "$debs" ] && dpkg_install $debs $debs2 1456 | ret=$? 1457 | [ ! -z "$debs" ] && mv $debs /root/distrorejuveinfo/$$ 1458 | [ $ret -ne 0 ] && echo "dss:error: dpkg install essential amd64.deb files failed" 2>&1 1459 | cd - 1460 | done 1461 | 1462 | # getting a dependency issue on apt-get remove a few things: libpam-modules : PreDepends: libpam-modules-bin (= 1.1.8-3.6) 1463 | # workaround is: 1464 | apt_get_install libpam-modules-bin:amd64 1465 | 1466 | # these seem to be uninstalled by something above. 1467 | # now handled by other code 1468 | # [ ! -z "${vimpkg}${apachepkg}" ] && echo "dss:trace: cross grading and installing vim/apache2." && apt-get $APT_GET_INSTALL_OPTIONS install $apachepkg $vimpkg 1469 | 1470 | for i in 0 1; do 1471 | # for all i386 apps, install the amd64 and remove the i386. some will fail, that's ok. 1472 | # do 1473 | #apt-get $APT_GET_INSTALL_OPTIONS autoremove 1474 | 1475 | local i386toremove="$(dpkg -l | grep 'i386' | grep '^ii' | awk '{print $2}' | grep -v '^lib' | sed 's/:i386//' | sed 's/$/:i386/' | tr '\n' ' ')" 1476 | # => e.g. apache2-utils:i386 bc:i386 bind9-host:i386... 1477 | local amd64toinstall="$(echo $i386toremove | sed 's/:i386/:amd64/g')" 1478 | # e.g. => apache2-utils:amd64 bc:amd64 bind9-host:amd64 1479 | [ -z "$amd64toinstall" ] && [ -z "$i386toremove" ] && break 1480 | local ret=0 1481 | # tends to remove necessities. like ifupdown 1482 | # echo "dss:trace: cross grading and bulk replacing i386 apps with 64 bit versions. Round #$i" 1483 | # apt_get_install $amd64toinstall && apt_get_remove $i386toremove 1484 | #[ $? -ne 0 ] && ret=$(($ret+1)) 1485 | 1486 | local i386toremove="$(dpkg -l | grep 'i386' | grep '^ii' | awk '{print $2}' | grep -v '^lib' | sed 's/:i386//')" 1487 | echo "dss:trace: cross grading and individually installing 64 bit versions of all i386 packages: $i386toremove" 1488 | # => e.g. apache2-utils bc bind9-host 1489 | local i386toremove2="" 1490 | # install them all 1491 | for pkg in ${i386toremove} ifupdown; do 1492 | apt_get_install "${pkg}:amd64" 1493 | local lret=$? 1494 | # fwiw apt-get install $alreadyinstalled returns 0 1495 | [ $lret -eq 0 ] && echo $pkg | egrep -qai 'gcc.*base' && echo "dss:info: not apt-get remove-ing $pkg, as has tended to remove lots of necessary things. e.g. ifupdown." 1496 | [ $lret -eq 0 ] && echo $pkg | egrep -qai 'gcc.*base' || i386toremove2="$i386toremove2 $pkg" 1497 | done 1498 | echo "dss:trace: removing 32 bit versions of packages where we were able to install the 64bit version: $i386toremove2" 1499 | # then remove the i386 version. Used to this after installing each amd64 package, but that sometimes led to other things being removed that broke things 1500 | # fwiw when you install $pkg:amd4 it will typically remove the $pkg:i386, so hopefully not will actually happen in this section? 1501 | for pkg in $i386toremove2 ; do 1502 | local lret=0 1503 | if echo "${pkg}" | egrep -qai 'gcc.*base'; then 1504 | true 1505 | else 1506 | apt_get_remove "${pkg}:i386" 1507 | lret=$? 1508 | if [ $lret -ne 0 ]; then 1509 | echo "dss:warn: apt-get remove ${pkg}:i386 failed. Trying an apt-get -f install. Will continue irregardless." 1510 | ret=$(($ret+1)) 1511 | apt_get_f_install "after-${pkg}-remove" 1512 | fi 1513 | fi 1514 | done 1515 | 1516 | echo "dss:trace: completed individual install and removal of i386 packages. Ret code of $ret (0 means we are done, otherwise we go for another round)." 1517 | [ $ret -eq 0 ] && break 1518 | done 1519 | 1520 | # try to install 1521 | while true; do 1522 | mkdir -p distrorejuveinfo/$$/extra64debs 1523 | cd distrorejuveinfo/$$/extra64debs 1524 | for pkg in ${amd64toinstall}; do 1525 | pause_check 1526 | ! dpkg -l | grep '^ii' | awk '{print $2}' | grep -qai "${pkg}" && echo "dss:trace: downloading amd64 debian file for ${pkg}" && apt-get download "${pkg}" 1527 | done 1528 | local amdfilestoinstall="$(find . -type f | egrep 'amd64.deb$|all.deb$')" 1529 | if [ -z "$amdfilestoinstall" ]; then 1530 | echo "dss:trace: not finding any extra amd64 files to install" 1531 | break; 1532 | fi 1533 | cd - 1534 | echo "dss:trace: attempting a dpkg install of non-lib packages: $(echo $amd64toinstall)" 1535 | dpkg_install $(find distrorejuveinfo/$$/extra64debs -type f | egrep 'amd64.deb$|all.deb$') 1536 | local lret=$? 1537 | echo "dss:trace: dpkg install $( [ $lret -eq 0 ] && echo "succeeded" || echo "failed")" 1538 | break 1539 | done 1540 | 1541 | while true; do 1542 | mkdir -p distrorejuveinfo/$$/settheory 1543 | cd distrorejuveinfo/$$/settheory 1544 | #[ir] e.g. to find desired = install or remove where status = installed 1545 | dpkg -l | egrep '^[ir]i.*i386' | awk '{print $2}' | sed 's/:i386//' | sort > pkgs.386.log 1546 | dpkg -l | egrep '^ii.*amd64' | awk '{print $2}' | sed 's/:amd64//' | sort> pkgs.amd64.log 1547 | amd64toinstall="$(for i in $(comm -3 --check-order pkgs.amd64.log pkgs.386.log | grep -v '^[a-z]'); do echo "$i:amd64 "; done)" 1548 | 1549 | for pkg in ${amd64toinstall}; do 1550 | pause_check 1551 | echo "dss:trace: downloading amd64 debian file for ${pkg}" 1552 | apt-get download "${pkg}" 1553 | done 1554 | cd - 1555 | local amdfilestoinstall=$(find distrorejuveinfo/$$/settheory -type f | egrep 'amd64.deb$|all.deb$') 1556 | if [ -z "$amdfilestoinstall" ]; then 1557 | echo "dss:trace: not finding any extra amd64 files to install per distrorejuveinfo/$$/settheory" 1558 | break; 1559 | fi 1560 | echo "dss:trace: using set theory method for lib and non-lib packages: $(echo $amd64toinstall)" 1561 | dpkg_install $(find distrorejuveinfo/$$/settheory -type f | egrep 'amd64.deb$|all.deb$') 1562 | local lret=$? 1563 | echo "dss:trace: set theory dpkg install $( [ $lret -eq 0 ] && echo "succeeded" || echo "failed")" 1564 | break 1565 | done 1566 | 1567 | # apt-get $APT_GET_INSTALL_OPTIONS autoremove 1568 | 1569 | ## apt-show-versions | grep amd64 | grep 'not installed' 1570 | # acl:amd64 not installed 1571 | # aptitude:amd64 not installed 1572 | # banana not available for architecture amd64 1573 | # tar:amd64/xenial-security 1.28-2.1ubuntu0.1 uptodate 1574 | # tar:i386 not installed 1575 | 1576 | # => 1577 | # # echo "$available" 1578 | #acl 1579 | #aptitude 1580 | #bsd-mailx 1581 | local loop= 1582 | for loop in 0; do 1583 | local fromfile="$(find /root/distrorejuveinfo/ /root/deghostinfo/ -mtime -${DAYS_UPGRADE_ONGOING} 2>/dev/null | grep crossgrade)" 1584 | [ ! -z "$fromfile" ] && fromfile="$(ls -1rt $fromfile | head -n 1)" 1585 | [ -z "$fromfile" ] && break 1586 | local uninstalled="$(print_config_state_changes "$fromfile" | grep '^dss:configdiff:statechanges:-installed:' | sed 's/.*installed://' | sed 's/:i386//' | sed 's/:amd64//' | grep -v '^ *$' | grep -v wpasupplicant | tr '\n' ' ')" 1587 | # => e.g. apache2 apache2-bin fontconfig-config fonts-dejavu-core php5-curl php5-gd php5-imap 1588 | # apt-show-versions ruby:amd64 1589 | # ruby not available for architecture amd64 1590 | # apt-show-versions ruby 1591 | # ruby:all not installed 1592 | # rubygems-integration: not installed 1593 | # systemd:amd64 not installed 1594 | 1595 | local available=$(apt-show-versions $uninstalled | grep -v i386 | grep 'not installed' | sed 's/ not installed.*//' | sed 's/:.*$//') 1596 | # => e.g. apache2 apache2-bin fontconfig-config 1597 | # (excludes older packages that were uninstalled. e.g. php5 on a newer ubuntu/debian) 1598 | local toreinstall= 1599 | local donotreinstallregex="linux-.*-686-pae|anotherpackagehere" 1600 | for pkg in ${uninstalled}; do 1601 | # sometimes packages are removed, but due to being deprecated. $available will contain only the packages on the current distro 1602 | echo "$available" | egrep -v "$donotreinstallregex" | egrep -qai "^${pkg}\$" && toreinstall="$toreinstall ${pkg}" 1603 | done 1604 | # => e.g. toreinstall=apache2 apache2-bin fontconfig-config fonts-dejavu-core 1605 | [ ! -z "$toreinstall" ] && echo "dss:info: Will reinstall some packages that have been removed during the crossgrade: $(echo $toreinstall)" 1606 | for pkg in ${toreinstall}; do 1607 | apt_get_install "${pgk}" 1608 | done 1609 | done 1610 | 1611 | apt-get $APT_GET_INSTALL_OPTIONS autoremove 1612 | 1613 | if has_cruft_packages 32bit; then 1614 | show_cruft_packages 1615 | echo "dss:error:after cross grade, 32 bit packages remain." >&2 1616 | return 1 1617 | else 1618 | echo "dss:info:no 32 bit packages remain (good)" 1619 | fi 1620 | 1621 | echo "dss:info: Cross grade has completed." 1622 | return 0 1623 | 1624 | # sample cleanup/finish up/suggestions: 1625 | 1626 | # bash : Conflicts: bash:i386 1627 | # apt-get download bash; dpkg_install bash*64.deb 1628 | 1629 | # libpam-modules : PreDepends: libpam-modules-bin (= 1.1.8-3.6) => 1630 | # apt-get install libpam-modules-bin:amd64 1631 | 1632 | # apt-get -s -o Debug::pkgProblemResolver=yes -f install 1633 | 1634 | # if "apt-get --download-only install perl-base:amd64" => E: Unmet dependencies. Try 'apt --fix-broken install' 1635 | # try: 1636 | # apt-get download perl-base:amd64 1637 | # dpkg --install perl-base*amd64.deb 1638 | 1639 | #WARNING: The following essential packages will be removed. 1640 | #This should NOT be done unless you know exactly what you are doing! 1641 | # diffutils:i386 1642 | #=> 1643 | # apt-get download diffutils 1644 | # dpkg --install diffutils*amd64.deb 1645 | 1646 | 1647 | # apt-get install apache2 1648 | #apt-get install $(dpkg -l | grep '^ii' | grep i386 | awk '{print $2}' | sed 's/:i386$//' | grep -v '^lib') 1649 | 1650 | # apt-get purge zlib1g:i386 1651 | # remove i386 packages 1652 | # for i in $(dpkg -l | grep 'i386' | grep '^ii' | awk '{print $2}' | sed 's/:i386//' | grep -v '^lib' ); do apt-get -y remove $i:i386; done 1653 | 1654 | #apt-get install sysvinit-core:amd64 1655 | 1656 | # pkgs installed for older/different distros 1657 | # allpkgs="$(apt-cache pkgnames)"; for i in $(dpkg -l | grep 'i386' | grep '^ii' | awk '{print $2}' | grep -v '^lib' | sed 's/:i386//'); do echo " $allpkgs " | grep -qai " $i " && continue; echo $i; done 1658 | 1659 | 1660 | # e2fsprogs pre-depends on libcomerr2 (>= 1.42~W 1661 | # => 1662 | # dpkg_install e2fsprogs_1.42.13-1ubuntu1_amd64.deb libcomerr2_1.42.13-1ubuntu1_amd64.deb libss2_1.42.13-1ubuntu1_amd64.deb 1663 | 1664 | # check 64 bit versions here? 1665 | # dpkg -l | grep libc-bin 1666 | # return 0 1667 | } 1668 | 1669 | # e.g. has_cruft_packages && show_cruft_packages && reduce_cruft_packages 1670 | function has_cruft_packages() { 1671 | cruft_packages0 has $1 1672 | # returns 0 if cruft packages 1673 | return $? 1674 | } 1675 | function show_cruft_packages() { 1676 | cruft_packages0 show $1 1677 | return $? 1678 | } 1679 | 1680 | function remove_cruft_packages() { 1681 | cruft_packages0 remove $1 1682 | local ret=$? 1683 | [ $ret ] && echo "dss:trace:removed_cruft_packages completed." 1684 | [ ! $ret ] && echo "dss:error:remove cruft packages failed." >&2 1685 | return $ret 1686 | } 1687 | 1688 | function print_no_available_versions() { 1689 | [ ! -f /etc/apt/sources.list ] && return 0 1690 | [ ! -x /usr/bin/apt-show-versions ] && echo "dss:error:apt-show-versions is not installed." >&2 && return 1 1691 | local not_available="$(mktemp "not_available.log.XXXXXX")" 1692 | local amd64_available="$(mktemp "available.log.XXXXXX")" 1693 | apt-show-versions | grep 'No available version' | awk '{print $1}' | sed 's/:.*//' | sort > $not_available 1694 | dpkg --print-architecture | grep -qai amd64 && cat $not_available && rm -f $not_available && return 0 1695 | local remove_amd64="" 1696 | # add amd64 and update list if we need it 1697 | # dpkg --print-architecture 1698 | #i386 1699 | # dpkg --print-foreign-architectures 1700 | #amd64 1701 | ! dpkg --print-foreign-architectures | grep -qai amd64 && dpkg --add-architecture amd64 && remove_amd64="dpkg --remove-architecture amd64" && apt_get_update > /dev/null 1702 | apt-show-versions | grep -v 'No available version' | grep amd64 | awk '{print $1}' | sed 's/:.*//'| sort > $amd64_available 1703 | # on ubuntu (at least) we get, say, postfix 'No available version in archive' for the i386, but there exists an amd64 package 1704 | # /usr/bin/apt-show-versions | egrep 'subversion|postfix|iproute|multiarch-support|php5-json' 1705 | # iproute:all 1:4.3.0-1ubuntu3.16.04.5 installed: No available version in archive 1706 | # iproute2:amd64 not installed 1707 | # iproute2:i386/focal 5.5.0-1ubuntu1 uptodate 1708 | # multiarch-support:i386 2.27-3ubuntu1.4 installed: No available version in archive 1709 | # php5-json:i386 1.3.2-2build1 installed: No available version in archive 1710 | # postfix:amd64 not installed 1711 | # postfix:i386 3.3.0-1ubuntu0.3 installed: No available version in archive 1712 | # remove it if we added it 1713 | # suppress 2 (lines unique in amd64_available) and 3 (lines in both) leaving 1 (just lines that only exist in not_available) 1714 | comm -2 -3 $not_available $amd64_available 1715 | rm -f $not_available $amd64_available 1716 | $remove_amd64 1717 | } 1718 | 1719 | # e.g. cruft_packages0 show 32bit 1720 | function cruft_packages0() { 1721 | [ ! -f /etc/debian_version ] && return 0 1722 | [ ! -x /usr/bin/apt-show-versions ] && apt-get $APT_GET_INSTALL_OPTIONS install apt-show-versions 1723 | local cruftlog=$(mktemp "cruftpackages.log.XXXXXX") 1724 | [ "$1" = "show" ] && local show="true" 1725 | [ "$1" = "has" ] && local has="true" && local hasold="yes" && local has32bit="true" 1726 | [ "$1" = "remove" ] || [ -z "$1" ]&& local remove="true" 1727 | local oldpkg=true 1728 | local bit32=true 1729 | [ "$2" = "oldpkg" ] && oldpkg=true && bit32= 1730 | [ "$2" = "32bit" ] && bit32=true && oldpkg= 1731 | 1732 | local has_cruft=0 1733 | local commandret=0 1734 | 1735 | # apt-show-versions 1736 | # ruby:i386 not installed 1737 | # openssl-blacklist:all 0.5-3 installed: No available version in archive 1738 | # ruby-did-you-mean:all/stretch 1.0.0-2 uptodate 1739 | 1740 | #echo "dss:trace: cruft show=$show has=$has remove=$remove oldpkg=$oldpgk 32bit=$bit32" 1741 | 1742 | ignorablecruft="^lib|webmin|virtualmin|usermin" 1743 | if [ ! -z "$oldpkg" ] && [ -x /usr/bin/apt-show-versions ] && [ 0 -ne $(print_no_available_versions | egrep -v "$ignorablecruft" | wc -l) ]; then 1744 | has_cruft=$((has_cruft+1)) 1745 | [ ! -z "$show" ] && echo "dss:warn: Applications from non-current distro versions installed: $(print_no_available_versions |egrep -v "$ignorablecruft" | grep -v '^lib' | awk '{print $1}' | tr '\n' ' ')" 1746 | if [ ! -z "$remove" ]; then 1747 | echo "dss:trace: Working out the old packages to resume." 1748 | local oldpkgstoremove="$(print_no_available_versions | egrep -v "$ignorablecruft" | awk '{print $1}' | tr '\n' ' ')" 1749 | # e.g. oldpkgstoremove has mysql-server-5.0:i386 mysql-server-core-5.0:i386 1750 | [ $? -ne 0 ] && commandret=$((commandret+1)) 1751 | # /var/log/mysql/error.log: 1752 | # [Warning] Failed to set up SSL because of the following SSL library error: SSL context is not usable without certificate and private key 1753 | # => 1754 | # mysql_ssl_rsa_setup 1755 | 1756 | # may also need to add skip-grant-tables to /etc/mysql/my.cnf [mysqld] section 1757 | echo "$oldpkgstoremove" | grep -qai mysql-ser && apt_get_install mysql-server 1758 | echo "$oldpkgstoremove" | grep -qai mariadb-server && apt_get_install mariadb-server 1759 | apt_get_remove $oldpkgstoremove 1760 | #apt-get $APT_GET_INSTALL_OPTIONS autoremove 1761 | fi 1762 | fi 1763 | if [ ! -z "$oldpkg" ] && [ -x /usr/bin/apt-show-versions ] && [ 0 -ne $(print_no_available_versions | grep '^lib' | wc -l) ]; then 1764 | has_cruft=$((has_cruft+1)) 1765 | [ ! -z "$show" ] && echo "dss:warn: Libraries from non-current distro versions installed: $(print_no_available_versions | grep '^lib' | awk '{print $1}' | tr '\n' ' ')" 1766 | if [ ! -z "$remove" ]; then 1767 | apt_get_remove $(print_no_available_versions | grep '^lib' | awk '{print $1}' | tr '\n' ' ') 1768 | [ $? -ne 0 ] && commandret=$((commandret+1)) 1769 | #apt-get $APT_GET_INSTALL_OPTIONS autoremove 1770 | fi 1771 | fi 1772 | if [ ! -z "$bit32" ]; then 1773 | if [ $(getconf LONG_BIT) -eq 32 ]; then 1774 | return 0 1775 | fi 1776 | if [ $(getconf LONG_BIT) -eq 64 ]; then 1777 | dpkg -l | grep 'i386' | grep '^ii' | awk '{print $2}' > "$cruftlog" 1778 | if [ $(cat "$cruftlog" | head | wc -l ) -gt 0 ]; then 1779 | has_cruft=$((has_cruft+1)) 1780 | [ ! -z "$show" ] && echo "dss:warn: There are some i386 application packages still installed. They can be removed by running bash $0 --remove-cruft. They are: $(grep -v '^lib' "$cruftlog" | tr '\n' ' ') $(grep '^lib' "$cruftlog" | tr '\n' ' ')." 1781 | if [ ! -z "$remove" ]; then 1782 | 1783 | local loop=0 1784 | for loop in 0; do 1785 | # dead code. rely on --to-64bit call to crossgrade to sort this out. 1786 | break; 1787 | echo "dss:trace: cross grading figuring out essential packages." 1788 | local essentialpackages=; for i in $(dpkg -l | grep '^ii' | grep :i386 | awk '{print $2}' | sed 's/:i386$//' | grep -v '^lib' ); do apt-cache show $i | egrep -qai 'Essential: yes|Priority: required|Priority: important' && essentialpackages="$essentialpackages $i:amd64"; done 1789 | echo "dss:trace: cross grading downloading essential packages via download and dpkg_install." 1790 | [ ! -z "$essentialpackages" ] && if apt-get --reinstall --download-only $APT_GET_INSTALL_OPTIONS install $essentialpackages; then 1791 | dpkg_install $(find /var/cache/apt/archives -type f | egrep 'amd64.deb$|all.deb$') 1792 | [ ! -d /root/distrorejuveinfo/$$ ] && mkdir /root/distrorejuveinfo/$$ 1793 | mv $(find /var/cache/apt/archives/ -type f | egrep 'amd64.deb$|all.deb$') /root/distrorejuveinfo/$$ 1794 | dpkg -l | grep 'i386' | grep '^ii' | awk '{print $2}' > "$cruftlog" 1795 | else 1796 | echo "dss:trace: cross grading downloading essential packages (after download+install failed) via download and separate install" 1797 | apt-get $APT_GET_INSTALL_OPTIONS download $essentialpackages 1798 | dpkg_install $(find . -type f | egrep 'amd64.deb$|all.deb$') 1799 | [ ! -d /root/distrorejuveinfo/$$ ] && mkdir /root/distrorejuveinfo/$$ 1800 | mv $(find /var/cache/apt/archives/ -type f | egrep 'amd64.deb$|all.deb$') /root/distrorejuveinfo/$$ 1801 | dpkg -l | grep 'i386' | grep '^ii' | awk '{print $2}' > "$cruftlog" 1802 | fi 1803 | done 1804 | 1805 | # install 64 versions of the packages if we can. 1806 | local lib64="$(grep -v '^lib' "$cruftlog" | sed 's/:i386/:amd64/g' | tr '\n' ' ')" 1807 | echo "dss:trace: bulk installing 64bit versions of installed i386 apps: $lib64" 1808 | apt_get_install $lib64 1809 | echo "dss:trace: force install check" 1810 | apt_get_f_install 1811 | local lib32="$(dpkg -l | grep ':i386' | grep '^ii' | awk '{print $2}' | grep -v '^lib' | sed 's/:i386//')" 1812 | echo "dss:trace: individually installing 64bit versions of installed i386 apps: $lib32" 1813 | for i in $lib32; do apt_get_install $i:amd64 && apt_get_remove $i:i386; done 1814 | echo "dss:trace: force install check" 1815 | apt_get_f_install 1816 | # [ $? -ne 0 ] && commandret=$((commandret+1)) 1817 | echo "dss:trace: removing 32 bit libraries" 1818 | apt_get_remove $(grep -v '^lib' "$cruftlog" | sed 's/:i386//' | sed 's/$/:i386/' | tr '\n' ' ' ) 1819 | local lib32="$(dpkg -l | grep ':i386' | grep '^ii' | awk '{print $2}' | grep 'lib' )" 1820 | echo "dss:trace: individually removing i386 libraries: $lib32" 1821 | for i in $lib32; do apt_get_remove $i; done 1822 | #apt-get $APT_GET_INSTALL_OPTIONS autoremove 1823 | [ $(dpkg -l | grep ':i386' | grep '^ii' | wc -l) -gt 0 ] && commandret=$((commandret+1)) 1824 | fi 1825 | fi 1826 | fi 1827 | fi # if32 1828 | [ -f "$cruftlog" ] && rm -f "$cruftlog" 1829 | # returns 0 if cruft packages 1830 | [ ! -z "$remove" ] && return $commandret 1831 | if [ ! -z "$has" ]; then [ $has_cruft -gt 0 ] && return 0 || return 1; fi 1832 | [ ! -z "$show" ] && return 0 1833 | } 1834 | 1835 | function tweak_broken_configs() { 1836 | echo "dss:trace:tweak_broken_configs: tweaking certain broken configs if they exist." 1837 | [ -f /etc/apache2/apache2.conf ] && grep -qai 'Include conf.d' /etc/apache2/apache2.conf && [ ! -d /etc/apache2/conf.d ] && mkdir /etc/apache2/conf.d 1838 | if [ -x /usr/sbin/apache2ctl ] && [ -f /etc/apache2/apache2.conf ]; then 1839 | if grep -qai '^Include /etc/apache2/conf.d/' /etc/apache2/apache2.conf && [ ! -d /etc/apache2/conf.d ]; then 1840 | replace 'Include /etc/apache2/conf.d/' '#Include /etc/apache2/conf.d/' -- /etc/apache2/apache2.conf 1841 | echo "dss:info: Commenting out Include /etc/apache2/conf.d/ for non-existent directory. Might be better to use revert to package provided apache config?" 1842 | fi 1843 | if grep -qa '^Include /etc/apache2/httpd.conf' /etc/apache2/apache2.conf && [ ! -f /etc/apache2/httpd.conf ]; then 1844 | replace "Include /etc/apache2/httpd.conf" "#Include /etc/apache2/httpd.conf" -- /etc/apache2/apache2.conf 1845 | echo "dss:info: Commenting out Include /etc/apache2/httpd.conf for non existent file" 1846 | fi 1847 | if grep -qa '^Include httpd.conf' /etc/apache2/apache2.conf && [ ! -f /etc/apache2/httpd.conf ]; then 1848 | replace "Include httpd.conf" "#Include httpd.conf" -- /etc/apache2/apache2.conf 1849 | echo "dss:info: Commenting out Include httpd.conf for non existent file" 1850 | fi 1851 | if ! /usr/sbin/apache2ctl -S &> /dev/null && grep -qa '^LockFile ' /etc/apache2/apache2.conf; then 1852 | replace "LockFile" "#LockFile" -- /etc/apache2/apache2.conf 1853 | echo "dss:info: Commented out Lockfile in /etc/apache2/apache2.conf" 1854 | fi 1855 | if [ -f /etc/apache2/mods-available/ssl.conf ] && /usr/sbin/apache2ctl -S 2>&1 | grep -qai "Invalid command 'SSLMutex'"; then 1856 | replace "SSLMutex" "#SSLMutex" -- /etc/apache2/mods-available/ssl.conf 1857 | fi 1858 | if /usr/sbin/apache2ctl -S 2>&1 | grep -qai 'Ignoring deprecated use of DefaultType'; then 1859 | replace "DefaultType" "#DefaultType" -- /etc/apache2/apache2.conf 1860 | echo "dss:info: Commented out DefaultType in /etc/apache2/apache2.conf" 1861 | fi 1862 | fi 1863 | # error of sshd[1762]: Missing privilege separation directory: /var/run/sshd 1864 | # => mkdir /var/run/sshd 1865 | # FIXME: https://wiki.debian.org/ReleaseGoals/RunDirectory 1866 | # => do we need to if -d /var/run; then mv -f /var/run/* /run/; rm -rf /var/run; ln -s /run /var/run; fi 1867 | while true; do 1868 | # not debian-ish 1869 | if ! which dpkg >/dev/null 2>&1; then break; fi 1870 | 1871 | # mysql server of some version is installed. done 1872 | if dpkg -l | egrep -qai '^ii.*mysql-server|^ii.*mariadb-server'; then break; fi 1873 | 1874 | # skip if they never had a mysql server installed. don't skip if they had an rc=removed,configured 1875 | # if they had mysql they'll have something like: 1876 | # rc mysql-server-5.1 5.1.73-1 ... 1877 | if ! dpkg -l | grep -qai '^rc.*mysql-server'; then break; fi 1878 | 1879 | # if mysql or maria db something is installed, quit here. 1880 | # replaced by check above for ii.*mysql-server 1881 | # and otherwise you'd need to be wary of packages like libdbd-mysql; mysql-commo; libmariadbclient 1882 | # if dpkg -l | egrep -v 'mysql-common|libmariad' | egrep -qai '^ii.*mysql-|^ii.*mariadb'; then break; fi 1883 | 1884 | # no mysql conf dir, quit 1885 | if [ ! -d /etc/mysql ]; then break; fi 1886 | 1887 | echo "dss:info: MySQL appears to have been installed, but no longer present. This can happen between debian 8 and debian 9. As mysql is replaced by mariadb. Attempting to install mysql-server which would pull in mariadb." 1888 | dpkg -l | egrep -i 'mysql|mariadb' | awk '{print "dss:mysqlrelatedpackages:pre:" $0}' 1889 | local dbpgk= 1890 | local dbpkgret=0 1891 | if dpkg -l | egrep ii | egrep -qai 'mariadb'; then 1892 | dbpkg=mariadb-server 1893 | elif dpkg -l | egrep ii | egrep -qai 'mysql.*server'; then 1894 | dbpkg=mysql-server 1895 | fi 1896 | if [ ! -z "$dbpkg" ]; then 1897 | apt_get_install $dbpkg 1898 | dbpkgret=$? 1899 | if [ $dbpkgret -ne 0 ]; then 1900 | apt_get_install default-mysql-server 1901 | dbpkgret=$? 1902 | fi 1903 | fi 1904 | dpkg -l | egrep -i 'mysql|mariadb' | awk '{print "dss:mysqlrelatedpackages:post:" $0}' 1905 | break 1906 | done 1907 | 1908 | #Failed because this line in /etc/mysql/my.cnf.migrated 1909 | #log_slow_queries = /var/log/mysql/mysql-slow.log 1910 | #needed to change to: 1911 | #slow_query_log = 1 1912 | #slow_query_log_file = /var/log/mysql/mysql-slow.log 1913 | #find /var/log -type f | xargs --no-run-if-empty grep log_slow | grep ERROR 1914 | #/var/log/daemon.log:Apr 6 19:14:44 ititch mysqld_safe[13273]: 2020-04-06 19:14:44 3079187200 [ERROR] /usr/sbin/mysqld: unknown variable 'log_slow_queries=/var/log/mysql/mysql-slow.log' 1915 | if [ -f /var/log/daemon.log ] && grep -qai "unknown variable 'log_slow" /var/log/daemon.log; then 1916 | echo "dss:info: Disabling log_slow settings, they are now slow_query_log" 1917 | [ -d /etc/mysql ] && for file in $(find /etc/mysql/ -type f | xargs --no-run-if-empty grep -l '^log_slow'); do 1918 | sed -i 's/^log_slow/#log_slow/' $file && echo "dss:info: disabled log_slow in $file" 1919 | done 1920 | [ -f /etc/init.d/mysql ] && ps auxf | grep -qai '[m]ysqld_safe' && /etc/init.d/mysql restart && echo "dss:info: issued a mysql restart" 1921 | fi 1922 | 1923 | for i in $(find /etc/cron.* -type f -name 000loaddelay); do 1924 | #old style ifconfig 1925 | ifconfig | grep -qai 'inet addr' && continue 1926 | # not our script 1927 | grep -qai 'random=.*ifconfig.*sed' $i || continue 1928 | echo '#!/bin/bash 1929 | # This is to delay cron jobs by up to 10 minutes to relieve host server load. 1930 | # needs to parse inet 174.136.11.74 B174.136.11.79 M255.255.255.248 and 1931 | # inet addr:174.136.11.74 Bcast:174.136.11.79 Mask:255.255.255.248 1932 | declare -i random=$(expr $(ifconfig | grep -v inet6 | grep "inet" | head -n 1 | sed -e "s/[^0-9 ]//g" | sed "s/^ *//" | cut -f 1 -d\ ) % 900) 1933 | sleep ${random} 1934 | exit 0' > $i 1935 | echo "dss:info: updating load delay script: $i" 1936 | done 1937 | # fix missing udev 1938 | while true; do 1939 | # not debian-ish 1940 | if ! which dpkg >/dev/null 2>&1; then break; fi 1941 | 1942 | # dpkg -l | grep '/dev' 1943 | # ii makedev 2.3.1-93 all creates device files in /dev 1944 | # rc udev 232-25+deb9u1 i386 /dev/ and hotplug management daemon 1945 | if dpkg -l | grep -qai '^ii.*udev-'; then break; fi 1946 | 1947 | apt_get_install udev 1948 | ret=$? 1949 | echo "dss:info: udev install result $ret $(dpkg -l | grep udev)" 1950 | break 1951 | done 1952 | return 0 1953 | } 1954 | 1955 | function dist_upgrade_x_to_y() { 1956 | pause_check 1957 | [ ! -e /etc/apt/sources.list ] && return 0 1958 | echo "dss:trace:dist_upgrade_x_to_y:checking:olddistro=$old_distro:oldver=$old_ver:newdistro=$new_distro" 1959 | 1960 | if ! grep -qai "^ *deb.*$old_distro" -- /etc/apt/sources.list; then 1961 | echo "dss:info: Not finding $old_distro in /etc/apt/sources.list. Skipping $old_distro to $new_distro" 1962 | return 0 1963 | fi 1964 | fix_missing_lsb_release 1965 | if ! lsb_release -a 2>/dev/null| egrep -qai "$old_distro|$old_ver" ; then 1966 | echo "dss:info: Not finding $old_distro or $old_ver in lsb_release output. Skipping $old_distro to $new_distro" 1967 | return 0 1968 | fi 1969 | 1970 | if is_distro_name_older "$old_distro" "squeeze"; then 1971 | if dpkg -l | grep -qai '^i.*dovecot'; then 1972 | print_uninstall_dovecot 1973 | return 1 1974 | fi 1975 | fi 1976 | if [ "$old_distro" == "lenny" ]; then 1977 | add_missing_debian_keys 1978 | [ ! -d "/dev/pts" ] && mkdir /dev/pts && echo "dss:info: created /dev/pts" 1979 | fi 1980 | 1981 | if is_distro_name_older "$old_distro" "stretch"; then 1982 | if dpkg -l | grep -qai '^i.*fail2ban'; then 1983 | print_uninstall_fail2ban 1984 | return 1 1985 | fi 1986 | fi 1987 | 1988 | if is_distro_name_older "$old_distro" "bookwrom"; then 1989 | local bittedness="$(getconf LONG_BIT)" 1990 | if [ ! -z "$bittedness" ] && [ 32 -eq $bittedness ]; then 1991 | echo "dss:warn: You are running a 32 bit distro. Debian 13/trixie has reduced 32 bit support. So you may wish to use this script to crossgrade the distro to 64 bits before proceeding." >&2 1992 | [ -z "$IGNORE_BITTEDNESS_ERROR" ] && return 1 1993 | fi 1994 | if dpkg -l | grep -qai '^i.*dovecot'; then 1995 | echo "dss:warn: Dovecot configs work differently. See https://doc.dovecot.org/main/installation/upgrade/2.3-to-2.4.html. export IGNORE_DOVECOT_ERROR=Y to continue." >&2 1996 | [ -z "$IGNORE_DOVECOT_ERROR" ] && return 1 1997 | return 1 1998 | fi 1999 | fi 2000 | 2001 | 2002 | upgrade_precondition_checks || return $? 2003 | 2004 | echo "dss:trace:dist_upgrade_x_to_y:pre_apt_get_upgrade:old:$old_distro:new:$new_distro" 2005 | apt_get_upgrade 2006 | local ret=$? 2007 | apt-get clean 2008 | apt-get $APT_GET_INSTALL_OPTIONS autoremove 2009 | if [ $ret -ne 0 ]; then 2010 | echo "dss:error: apt-get upgrade failed. exiting dist_upgrade_x_to_y:${old_distro}_to_${new_distro}" 2011 | return 1 2012 | fi 2013 | 2014 | disable_debian_repos $old_distro 2015 | 2016 | if ! grep -qai "^ *deb.* ${new_distro}[ /-]" /etc/apt/sources.list; then 2017 | echo "deb http://http.us.debian.org/debian/ ${new_distro} main non-free contrib" >> /etc/apt/sources.list 2018 | 2019 | #Err:3 http://security.debian.org bullseye/updates Release 2020 | #FIXME wrong for bookworm. See also https://www.debian.org/releases/stable/errata 2021 | #404 Not Found [IP: 199.232.10.132 80] 2022 | if is_distro_name_newer "${new_distro}" "buster"; then 2023 | echo "deb http://security.debian.org/debian-security ${new_distro}-security main" >> /etc/apt/sources.list 2024 | else 2025 | echo "deb http://security.debian.org/ ${new_distro}/updates main" >> /etc/apt/sources.list 2026 | fi 2027 | echo "$old_distro:$new_distro: apt sources now has $(cat /etc/apt/sources.list | egrep -v '^$|^#')" | awk '{print "dss:sources:dist_upgrade_x_to_y:" $0}' 2028 | fi 2029 | 2030 | 2031 | # redo to convert the above to archive where appropriate. And add lts if appropriate. 2032 | enable_debian_archive 2033 | 2034 | echo "dss:trace:dist_upgrade_x_to_y:pre_apt_get_dist_upgrade::olddistro=$old_distro:oldver=$old_ver:newdistro=$new_distro" 2035 | apt_get_dist_upgrade 2036 | ret=$? 2037 | apt-get $APT_GET_INSTALL_OPTIONS autoremove 2038 | if [ $ret -eq 0 ]; then 2039 | echo "dss:trace:dist_upgrade_x_to_y:post_apt_get_dist_upgrade::olddistro=$old_distro:oldver=$old_ver:newdistro=$new_distro:ret=$ret" 2040 | if lsb_release -a 2>/dev/null| egrep -qai "${new_distro}|${new_ver:-xxxxx}"; then 2041 | # dist-upgrade returned ok, and lsb_release thinks we are wheezy 2042 | echo "dss:info: dist-upgrade from ${old_distro} to ${new_distro} appears to have worked." 2043 | return 0; 2044 | else 2045 | echo "dss:warn: dist-upgrade from ${old_distro} appears to have failed. lsb_release does not match '${new_distro}' or '${new_ver:-xxxxx}': $(lsb_release -a)" 2046 | return 1 2047 | fi 2048 | fi 2049 | echo "dss:error:dist_upgrade_x_to_y:post_apt_get_dist_upgrade::olddistro=$old_distro:oldver=$old_ver:newdistro=$new_distro:ret=$ret" 2050 | 2051 | return 1 2052 | 2053 | } 2054 | 2055 | function print_minimal_config() { 2056 | local a=$1 2057 | local b=$2 2058 | [ ! -f $a ] && return 1 2059 | egrep -v '^\s*#|^$' $a 2060 | return 0 2061 | } 2062 | function print_pkg_to_modified_diff() { 2063 | [ ! -d "/root/pkgdiff.$$" ] && mkdir /root/pkgdiff.$$ 2064 | # get a list of config files in packages that have been changed by the user 2065 | local modifiedconfigfiles=$(dpkg-query -W -f='${Conffiles}\n' '*' | grep -v obsolete | awk 'OFS=" "{print $2,$1}' | LANG=C md5sum -c 2>/dev/null | awk -F': ' '$2 !~ /OK$/{print $1}' | sort) 2066 | local modifiedconfigfile 2067 | cd /root/pkgdiff.$$ 2068 | for modifiedconfigfile in $modifiedconfigfiles; do 2069 | # figure out the package name 2070 | # dpkg -S /etc/apache2/mods-available/ssl.conf 2071 | # apache2: /etc/apache2/mods-available/ssl.conf 2072 | local pkg=$(dpkg -S "$modifiedconfigfile" | awk '{print $1}' | sed 's/://') 2073 | [ -z "$pkg" ] && continue 2074 | 2075 | #figure out the filename 2076 | #apt-get --print-uris download apache2 2077 | # 'http://http.us.debian.org/debian/pool/main/a/apache2/apache2_2.4.10-10+deb8u7_i386.deb' apache2_2.4.10-10+deb8u7_i386.deb 207220 SHA256:7974cdeed39312fda20165f4ee8bebc10f51062600a7cd95f4c5cba32f7ae12c 2078 | # note will not return a result if the file is already here (hence the 'hidden' stuff below). 2079 | local debfilename=$(apt-get --print-uris download "$pkg" 2>/dev/null| awk '{print $2}') 2080 | [ -z "$debfilename" ] && continue 2081 | 2082 | # download it if we don't already have it 2083 | if [ ! -f "hidden-${debfilename}" ]; then 2084 | apt-get download "$pkg" &>/dev/null 2085 | # can fail if apt is not up to date 2086 | [ $? -ne 0 ] && apt_get_update &>/dev/null && apt-get download "$pkg" &>/dev/null 2087 | # extract to local dir 2088 | dpkg -x "$debfilename" . 2089 | mv "$debfilename" "hidden-$debfilename" 2090 | fi 2091 | 2092 | # pop a copy there so we can replace current file if desired 2093 | [ -f "./${modifiedconfigfile}" ] && [ ! -f "${modifiedconfigfile}.dpkg-dist" ] && cp "./${modifiedconfigfile}" "${modifiedconfigfile}.dpkg-dist" 2094 | [ -f "${modifiedconfigfile}.dpkg-dist" ] && echo "dss:modifiedfilereplace:To replace edited file with dist file: [ ! -f $modifiedconfigfile.dpkg-old ] && [ -f /etc/nginx/nginx.conf.dpkg-dist] && mv $modifiedconfigfile $modifiedconfigfile.dpkg-old && mv ${modifiedconfigfile}.dpkg-dist ${modifiedconfigfile}" 2095 | # show a diff 2096 | print_minimal_config_diff "./$modifiedconfigfile" "$modifiedconfigfile" | awk '{print "dss:configdiff:modifiedconfig:'$pkg':'$modifiedconfigfile':" $0}' 2097 | done 2098 | 2099 | # cleanup 2100 | cd - >/dev/null 2101 | rm -rf /root/pkgdiff.$$ 2102 | return 0 2103 | } 2104 | 2105 | function print_minimal_config_diff() { 2106 | local a=$1 2107 | local b=$2 2108 | [ ! -f $a ] && return 1 2109 | [ ! -f $b ] && return 1 2110 | ta=$(mktemp "$(basename "${a}").XXXXXX") 2111 | tb=$(mktemp "$(basename "${b}").XXXXXX") 2112 | print_minimal_config $a > $ta 2113 | print_minimal_config $b > $tb 2114 | diff --ignore-all-space -u $ta $tb 2115 | ret=$? 2116 | rm -f $ta $tb 2117 | return $ret 2118 | } 2119 | function print_config_state_changes() { 2120 | prep_ghost_output_dir 2121 | local now=$(date +%s) 2122 | record_config_state /root/distrorejuveinfo/postupgrade.dpkg.$now 2123 | # get oldest/first preupgrade file. e.g. we may have to rerun this script. so diff from first run 2124 | local fromfile="${1}" 2125 | if [ -z "$fromfile" ]; then 2126 | fromfile="$(find /root/distrorejuveinfo/ /root/deghostinfo/ -mtime -${DAYS_UPGRADE_ONGOING} 2>/dev/null | grep preupgrade)" 2127 | [ ! -z "$fromfile" ] && fromfile="$(ls -1rt $fromfile | head -n 1)" 2128 | fi 2129 | [ -z "$fromfile" ] && fromfile=/root/distrorejuveinfo/preupgrade.dpkg.$$ 2130 | # no prior changes just yet. 2131 | [ ! -f "$fromfile" ] && return 0 2132 | # dpkg-new is used on unpack prior to choosing dpkg-dist or overwriting. 2133 | echo "dss:info: Config changes to check. e.g. different processes after upgrade. e.g. different ports. e.g. different apache status output. e.g. changes to dpkg-old/dpkg-dist files. dpkg-old = your files that were not used. dpkg-dist = distro files that were not used." 2134 | print_minimal_config_diff $fromfile /root/distrorejuveinfo/postupgrade.dpkg.$now | awk '{print "dss:configdiff:statechanges:" $0}' 2135 | 2136 | # ucf-dist = backup of what was there before dist upgrade 2137 | local files=$(find /etc -type f | egrep '.ucf-old|.ucf-diff|.dpkg-new|.dpkg-old|dpkg-dist|\.rpmnew|.rpmsave' | sort) 2138 | [ -z "$files" ] && echo "dss:info: Looks like the server is using all distro-provided config files (no local overrides). That makes it easy." 2139 | [ ! -z "$files" ] && echo "dss:info:key: How the distro provided config files differ from what is installed. Consider what is needed to switch back to the distro provided config files?" 2140 | for file in $files; do 2141 | # defer to the new and improved print_pkg_to_modified_diff function (debian/ubuntu only) 2142 | echo $file | grep -q 'dpkg-dist' && continue 2143 | # if not rpmnew file, skip 2144 | echo $file | egrep -qv 'dpkg-dist|rpmnew' && continue 2145 | current=$(echo $file | sed 's/\.dpkg-dist$//') 2146 | current=$(echo $file | sed 's/\.rpmnew$//') 2147 | 2148 | # modified file exists? 2149 | [ -z "$current" ] || [ ! -f $current ] && continue 2150 | 2151 | echo "dss:pkgdiff:$current To use the dist file: mv $current $current.dpkg-old; mv $file $current" 2152 | print_minimal_config_diff $file $current | awk '{print "dss:configdiff:pkgconfig:" $0}' 2153 | done 2154 | print_pkg_to_modified_diff 2155 | 2156 | # non .conf site files 2157 | # IncludeOptional sites-enabled/*.conf 2158 | [ -d /etc/apache2/sites-available ] && [ -f /etc/apache2/apache2.conf ] && grep -qai 'Include.*sites-.*conf' /etc/apache2/apache2.conf && local nonconfsitefiles=$(find /etc/apache2/sites-available -type f | egrep -v '\.conf$|dpkg-') 2159 | for file in $nonconfsitefiles; do 2160 | echo "dss:warn: Apache config file '$file' should have a .conf extension: mv $file $file.conf;a2ensite $(basename $file).conf" 2161 | done 2162 | return 0 2163 | } 2164 | 2165 | function record_config_state() { 2166 | prep_ghost_output_dir 2167 | local file=$1 2168 | if [ -z "$file" ]; then 2169 | file="/root/distrorejuveinfo/preupgrade.dpkg.$$" 2170 | fi 2171 | # don't overwrite the preupgrade file 2172 | echo $file | grep -qai preupgrade && [ -f $file ] && return 0 2173 | echo "dss:trace:record_config_state:$file" 2174 | local files=$(find /etc -type f | egrep '.ucf-old|.ucf-diff|.dpkg-new|.dpkg-old|dpkg-dist|\.rpmnew|.rpmsave' | sort) 2175 | > $file 2176 | # conf files 2177 | echo "Date: $(date)" >> $file 2178 | [ ! -z "$files" ] && ls -lrt $files | awk '{print "configfiles:" $0}' > $file 2179 | echo "Listening ports:" >> $file 2180 | echo "" >> $file 2181 | # listening ports 2182 | # Listen ports: 0.0.0.0:995 dovecot 2183 | netstat -ntpl | grep LISTEN | awk '{print "Listen ports: " $4 " " $7}' | sed 's/ [0-9]*\// /' | sed 's/0.0.0.0:/:::/' | sort -k 3 | uniq >> $file 2184 | echo "Apache vhosts:" >> $file 2185 | echo "" >> $file 2186 | print_distro_info >> $file 2187 | # vhosts 2188 | [ -x /usr/sbin/apache2ctl ] && /usr/sbin/apache2ctl -S 2>&1 | awk '{print "ApacheStatus: " $0}' >> $file 2189 | echo "" >> $file 2190 | echo "Running processes:" >> $file 2191 | echo "" >> $file 2192 | ps ax | awk '{print "process: " $5 " " $6 " " $7 " " $8 " " $9}' | egrep -v '^process: \[|COMMAND|init' | sort | uniq >> $file 2193 | 2194 | [ -x /usr/bin/dpkg ] && echo "Installed packages:" >> $file && dpkg -l | grep '^ii' | awk '{print $2}' | sed 's/:.*//' | sort | grep -v '^lib' | awk '{ print "installed: " $0 }' >> $file 2195 | return 0 2196 | } 2197 | 2198 | function apt_get_update() { 2199 | pause_check 2200 | local tmplog=$(mktemp "tmplog.aptgetupdate.log.XXXXXX") 2201 | apt-get $APT_GET_INSTALL_OPTIONS update 2>&1 | tee $tmplog 2202 | ret=${PIPESTATUS[0]} 2203 | 2204 | # E: Release file expired, ignoring http://archive.debian.org/debian/dists/squeeze-lts/Release (invalid since 14d 8h 58min 38s) 2205 | if [ $ret -ne 0 ]; then apt-get -o Acquire::ForceIPv4=true -o APT::Get::AllowUnauthenticated=yes -o Acquire::Check-Valid-Until=false update; ret=$?; fi 2206 | 2207 | # https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.html#non-free-split 2208 | if egrep -qai "Repository 'Debian bookworm' changed its 'non-free component' value from 'non-free' to 'non-free non-free-firmware'" "$tmplog" && [ -d /etc/apt/apt.conf.d/ ]; then 2209 | echo "dss:info: disabling the warning around non-free/non-free-firmware per /etc/apt/apt.conf.d/no-bookworm-firmware.conf and https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.html#non-free-split" && echo 'APT::Get::Update::SourceListWarnings::NonFreeFirmware "false";' > /etc/apt/apt.conf.d/no-bookworm-firmware.conf 2210 | fi 2211 | 2212 | rm -rf "$tmplog" 2213 | [ ! $ret ] && echo "dss:error:apt_get_update failed." >&2 2214 | return $ret 2215 | } 2216 | 2217 | function apt_get_upgrade() { 2218 | pause_check 2219 | [ ! -e /etc/apt/sources.list ] && return 0 2220 | [ -e /etc/redhat-release ] && return 0 2221 | upgrade_precondition_checks || return $? 2222 | echo "dss:trace:apt_get_upgrade" 2223 | 2224 | enable_debian_archive 2225 | apt_get_update 2226 | record_config_state 2227 | dpkg --configure -a --force-confnew --force-confdef --force-confmiss 2228 | apt-get $APT_GET_INSTALL_OPTIONS autoremove 2229 | apt_get_f_install 2230 | echo "dss:info: running an apt-get upgrade" 2231 | apt-get $APT_GET_INSTALL_OPTIONS --allow-downgrades upgrade 2232 | ret=$? 2233 | apt-get $APT_GET_INSTALL_OPTIONS autoremove 2234 | apt_get_f_install 2235 | if [ $ret -ne 0 ]; then 2236 | echo "dss:info: apt-get upgrade failed. trying a dist-ugprade..." 2237 | apt-get $APT_GET_INSTALL_OPTIONS dist-upgrade 2238 | ret=$? 2239 | if [ $ret -eq 0 ]; then 2240 | echo "dss:info: apt-get dist-upgrade succeeded when a upgrade failed." 2241 | return 0 2242 | else 2243 | echo "dss:warn: apt-get upgrade/dist-upgrade failed." 2244 | return 1 2245 | fi 2246 | fi 2247 | apt-get clean 2248 | [ ! $ret ] && echo "dss:error:apt_get_upgrade failed." >&2 2249 | return $ret 2250 | } 2251 | 2252 | function plesk_upgrade() { 2253 | which plesk >/dev/null 2>&1 || return 0 2254 | plesk installer --select-release-current --reinstall-patch --upgrade-installed-components 2255 | local ret=$? 2256 | [ ! $ret ] && echo "dss:error:plesk upgrade failed." >&2 2257 | [ $ret ] && echo "dss:info:plesk upgrade completed." >&2 2258 | return $ret 2259 | } 2260 | 2261 | function apt_get_dist_upgrade() { 2262 | pause_check 2263 | [ ! -e /etc/apt/sources.list ] && return 0 2264 | upgrade_precondition_checks || return $? 2265 | echo "dss:trace:apt_get_dist_upgrade:pre_apt_get_upgrade:" 2266 | apt_get_upgrade || return 1 2267 | echo "dss:trace:apt_get_dist_upgrade" 2268 | apt_get_f_install 2269 | apt_get_install dpkg 2270 | apt-get $APT_GET_INSTALL_OPTIONS autoremove 2271 | apt-get $APT_GET_INSTALL_OPTIONS dist-upgrade 2272 | # cope with 'one of those random things' 2273 | # E: Could not perform immediate configuration on 'python-minimal'.Please see man 5 apt.conf under APT::Immediate-Configure for details. (2) 2274 | if [ $? -ne 0 ] && apt-get $APT_GET_INSTALL_OPTIONS dist-upgrade 2>&1 | grep -qai "Could not perform immediate configuration on "; then 2275 | apt-get -f $APT_GET_INSTALL_OPTIONS install libc6-dev 2276 | apt-get dist-upgrade -f -o APT::Immediate-Configure=0 $APT_GET_INSTALL_OPTIONS 2277 | fi 2278 | [ -e /var/log/syslog ] && [ -e /etc/my/my.cnf ] && if grep "unknown variable 'lc-messages-dir" /var/log/syslog; then 2279 | #lc-messages-dir = /usr/share/mysql... 2280 | echo "dss: info: commenting out the my.cnf lc-messages-dir directive in case it is causing problems" 2281 | sed -i "s@^lc-messages-dir\(.*\)@#lc-messages-dir\1@" /etc/my/my.cnf 2282 | fi 2283 | 2284 | dpkg --configure -a --force-confnew --force-confdef --force-confmiss 2285 | apt-get $APT_GET_INSTALL_OPTIONS autoremove 2286 | apt-get -y autoclean 2287 | apt-get $APT_GET_INSTALL_OPTIONS dist-upgrade 2288 | ret=$? 2289 | if [ $ret -ne 0 ] ; then 2290 | echo "dss:warn: Got an error after an apt-get dist-upgrade. trying an apt-get -f install" 2291 | apt_get_f_install 2292 | apt-get $APT_GET_INSTALL_OPTIONS dist-upgrade 2293 | ret=$? 2294 | if [ $ret -ne 0 ] ; then 2295 | check_systemd_install_matches_init 2296 | echo "dss:error: Got an error after an apt-get dist-upgrade" 2297 | fi 2298 | fi 2299 | # report -dist or -old file changes 2300 | tweak_broken_configs 2301 | echo "dss:trace:apt_get_dist_upgrade completed $(print_distro_info). ret=$ret" 2302 | 2303 | return $ret 2304 | } 2305 | 2306 | # arg1 is the number of distros to upgrade. default is all/1000. else you can do 1 to just go up one distro. lts to lts counts as 1. 2307 | function dist_upgrade_ubuntu_to_latest() { 2308 | pause_check 2309 | [ ! -e /etc/apt/sources.list ] && return 0 2310 | lsb_release -a 2>/dev/null | grep -qai Ubuntu || return 0 2311 | 2312 | echo "dss:trace:dist_upgrade_ubuntu_to_latest $(print_distro_info)." 2313 | 2314 | if is_distro_name_older "$old_distro" "xenial"; then 2315 | if dpkg -l | grep -qai '^i.*dovecot'; then 2316 | print_uninstall_dovecot 2317 | return 1 2318 | fi 2319 | fi 2320 | 2321 | if is_distro_name_older "$old_distro" "bionic"; then 2322 | if dpkg -l | grep -qai '^i.*fail2ban'; then 2323 | print_uninstall_fail2ban 2324 | return 1 2325 | fi 2326 | fi 2327 | 2328 | local NUM_TO_DIST_UPGRADE="${1:-1000}" 2329 | 2330 | upgrade_precondition_checks || return $? 2331 | echo "dss:trace:dist_upgrade_ubuntu_to_latest:pre_apt_get_upgrade:" 2332 | apt_get_upgrade 2333 | local candidates="$ALL_UBUNTU" 2334 | # add a symlink 2335 | retain_etc_networking_naming_re_enX0 2336 | for start in $ALL_UBUNTU; do 2337 | [ $NUM_TO_DIST_UPGRADE -lt 1 ] && echo "Stopping after $1 distro version updates as requested" && return 0 2338 | #No LSB modules are available. 2339 | #Distributor ID: Ubuntu 2340 | #Description: Ubuntu 14.04.4 LTS 2341 | #Release: 14.04 2342 | #Codename: trusty 2343 | current=$(lsb_release -a 2>/dev/null| grep -i Codename | awk '{print $2}') 2344 | # remove distros prior to us 2345 | candidates="$(echo $candidates | sed "s/$start//")" 2346 | candidates="$(echo $candidates | sed "s/$current//")" 2347 | [ "32" == "$(getconf LONG_BIT)" ] && lsb_release -a 2>/dev/null | grep -qai 18.04 && echo "dss:error: You cannot dist-upgrade a 32 bit Ubuntu install past Ubuntu 18.04" >&2 && return 1 2348 | # keep looping till we find our current distro 2349 | if [ "$current" != "$start" ]; then continue; fi 2350 | # all done 2351 | if [ -z "$candidates" ]; then return 0; fi 2352 | # if we are currently an lts, then we can move from lts to next lts and skip over the non-lts ones 2353 | if echo $LTS_UBUNTU | grep -qai $current; then 2354 | local removed="" 2355 | for remove in $NON_LTS_UBUNTU; do 2356 | removed="$remove $removed" 2357 | candidates="$(echo $candidates | sed "s/$remove//")" 2358 | done 2359 | echo "dss:info: current distro ($current) is an Ubuntu LTS. Skipping non-LTS versions: $removed; Leaving LTS versions of: $candidates" 2360 | fi 2361 | # comment out current sources entries 2362 | prep_ghost_output_dir 2363 | local next=$(echo $candidates | awk '{print $1}') 2364 | if [ -z "$next" ]; then 2365 | echo "dss:info: Current Ubuntu distro is $current. No newer/better distro. Finished." 2366 | return 0 2367 | fi 2368 | cp /etc/apt/sources.list /root/distrorejuveinfo/sources.list.$(date +%Y%m%d.%s) 2369 | # comment out package entries 2370 | sed -i "s@^ *deb \(.*\)ubuntu.com\(.*\)@#deb \1ubuntu.com\2@" /etc/apt/sources.list 2371 | # add in new repo names 2372 | echo "dss:info: attempting a dist-upgrade from $current to $next." 2373 | if echo $OLD_RELEASES_UBUNTU | grep -qai $next; then 2374 | echo "deb http://old-releases.ubuntu.com/ubuntu/ $next main restricted universe multiverse" >> /etc/apt/sources.list 2375 | echo "deb http://old-releases.ubuntu.com/ubuntu/ $next-updates main restricted universe multiverse" >> /etc/apt/sources.list 2376 | echo "deb http://old-releases.ubuntu.com/ubuntu/ $next-security main restricted universe multiverse" >> /etc/apt/sources.list 2377 | else 2378 | echo "deb http://archive.ubuntu.com/ubuntu/ $next main universe" >> /etc/apt/sources.list 2379 | echo "deb http://security.ubuntu.com/ubuntu/ $next-security main universe" >> /etc/apt/sources.list 2380 | echo "deb http://archive.ubuntu.com/ubuntu/ $next-updates main universe" >> /etc/apt/sources.list 2381 | fi 2382 | # Old apache version contains 'Include /etc/apache2/httpd.conf'. Can be 'touch'ed to recreate 2383 | [ -d /etc/apache2 ] && [ ! -f /etc/apache2/httpd.conf ] && touch /etc/apache2/httpd.conf 2384 | echo "dss:trace:dist_upgrade_ubuntu_to_latest:pre_apt_get_upgrade:next:$next" 2385 | apt_get_dist_upgrade 2386 | ret=$? 2387 | NUM_TO_DIST_UPGRADE=$((NUM_TO_DIST_UPGRADE-1)) 2388 | if [ $ret -eq 0 ]; then 2389 | if lsb_release -a 2>/dev/null| grep -qai $next; then 2390 | # dist-upgrade returned ok, and lsb_release thinks we are wheezy 2391 | echo "dss:info: dist-upgrade from $current to $next appears to have worked." 2392 | continue; 2393 | fi 2394 | ret=1 2395 | else 2396 | echo "dss:warn: dist-upgrade from $current to $next appears to have failed." 2397 | fi 2398 | echo "dss:trace:dist_upgrade_ubuntu_to_latest:completed $(print_distro_info). ret=$ret" 2399 | return $ret 2400 | done 2401 | } 2402 | 2403 | function convert_old_debian_repo() { 2404 | pause_check 2405 | # no apt sources nothing to do 2406 | [ ! -f /etc/apt/sources.list ] && return 0 2407 | lsb_release -a 2>/dev/null | grep -qai Ubuntu && return 0 2408 | 2409 | echo "dss:trace:convert_old_debian_distro" 2410 | 2411 | #deb http://http.us.debian.org/debian sarge main contrib non-free 2412 | #deb http://non-us.debian.org/debian-non-US sarge/non-US main contrib non-free 2413 | #deb http://security.debian.org sarge/updates main contrib non-free 2414 | # ==> 2415 | #deb http://non-us.debian.org/debian-non-US sarge/non-US main contrib non-free 2416 | #deb http://security.debian.org sarge/updates main contrib non-free 2417 | #deb http://archive.debian.org/debian/ sarge main non-free contrib 2418 | 2419 | local name= 2420 | for name in $DEBIAN_ARCHIVE; do 2421 | # no lenny stuff, nothing to do 2422 | ! grep -qai "^ *deb.*debian.* ${name}[ /-]" /etc/apt/sources.list && continue 2423 | 2424 | # already using archives, all good 2425 | if grep -qai "^ *deb http://archive.debian.org/debian/ ${name}[ /-]" /etc/apt/sources.list; then 2426 | echo "dss:info: This is a $name distro, and already has archive.debian in the repository." 2427 | continue 2428 | fi 2429 | 2430 | prep_ghost_output_dir 2431 | cp /etc/apt/sources.list /root/distrorejuveinfo/sources.list.$(date +%Y%m%d.%s) 2432 | 2433 | # comment out the old entries 2434 | convertfile $name $name debian.org "#" /etc/apt/sources.list 2435 | #sed -i "s@^ *deb http://ftp.\(\S*\).debian.org/debian $name@#deb http://ftp.\1.debian.org/debian $name@" /etc/apt/sources.list 2436 | #sed -i "s@^ *deb http://security.debian.org/ $name@#deb http://security.debian.org/ $name@" /etc/apt/sources.list 2437 | #sed -i "s@^ *deb-src http://ftp.\(\S*\).debian.org/debian $name main contrib@#deb-src http://ftp.\1.debian.org/debian $name main contrib@" /etc/apt/sources.list 2438 | #sed -i "s@^ *deb http://http.\(\S*\).debian.org/debian $name@#deb http://http.\1.debian.org/debian $name@" /etc/apt/sources.list 2439 | #sed -i "s@^ *deb http://non-us.debian.org/debian-non-US $name@#deb http://non-us.debian.org/debian-non-US $name@" /etc/apt/sources.list 2440 | #sed -i "s@^ *deb http://security.debian.org $name@#deb http://security.debian.org $name@" /etc/apt/sources.list 2441 | 2442 | echo "deb http://archive.debian.org/debian/ ${name} main non-free contrib" >> /etc/apt/sources.list 2443 | echo "$name apt sources now has $(cat /etc/apt/sources.list | egrep -v '^$|^#')" | awk '{print "dss:sources:convert_old_debian_repo:" $0}' 2444 | done 2445 | return 0 2446 | } 2447 | 2448 | function print_distro_info() { 2449 | if [ -f /etc/redhat-release ]; then 2450 | local foo="dss:distroinfo: REDHAT $(cat /etc/redhat-release)" 2451 | echo $foo 2452 | elif [ -x /usr/bin/lsb_release ] || [ -x /bin/lsb_release ] ; then 2453 | local foo="dss:distroinfo: $(lsb_release -a 2>/dev/null | grep -i description)" 2454 | echo $foo 2455 | elif [ -f /etc/debian_version ]; then 2456 | local foo="dss:distroinfo: DEBIAN $(cat /etc/debian_version)" 2457 | echo $foo 2458 | else echo "dss:distroinfo: NA"; fi 2459 | return 0 2460 | } 2461 | 2462 | 2463 | function fix_missing_lsb_release() { 2464 | which lsb_release >/dev/null 2>&1 && return 0 2465 | ! [ -f /etc/debian_version ] && return 0 2466 | echo "dss:info: Missing lsb release command. trying to install it." 2467 | apt_get_update 2468 | apt_get_install lsb-release 2469 | ret=$? 2470 | return $ret 2471 | } 2472 | 2473 | function fix_via_apt_install() { 2474 | is_fixed && return 0 2475 | if ! which dpkg >/dev/null 2>&1; then 2476 | # echo "dss:info: dpkg not installed. Skipping apt-get install"; 2477 | return 0; 2478 | fi 2479 | add_missing_debian_keys 2480 | add_missing_ubuntu_keys 2481 | 2482 | if print_distro_info | grep Ubuntu | egrep -qai "$(echo $OLD_RELEASES_UBUNTU | sed 's/ /|/')"; then 2483 | echo "dss:info: Running an EOL Ubuntu. Not doing an apt-get install -y libc6. $(print_distro_info)" 2484 | return 0 2485 | fi 2486 | 2487 | if dpkg -s libc6 2>/dev/null | grep -q "Status.*installed" ; then 2488 | echo "dss:info: Attempting to apt-get install libc6" 2489 | apt_get_update 2490 | ret=$? 2491 | if [ $ret -ne 0 ]; then 2492 | echo "dss:warn: There was an error doing an apt-get update" 2493 | fi 2494 | for distro in $DEBIAN_CURRENT; do 2495 | if grep -qai "^ *deb.* ${distro}[ /-]" /etc/apt/sources.list && ! grep -qai "^ *deb.*security\.deb.* ${distro}[ /-]" /etc/apt/sources.list; then 2496 | echo "dss:info: adding the $distro security repository to the sources.list" 2497 | cp /etc/apt/sources.list /root/distrorejuveinfo/sources.list.$(date +%Y%m%d.%s) 2498 | # https://wiki.debian.org/NewInBullseye 2499 | # The format of the /etc/apt/sources.list line for the security repository has changed. It should look something like this: 2500 | # deb http://security.debian.org/debian-security bullseye-security main 2501 | if is_distro_name_newer "${distro}" "buster"; then 2502 | echo "deb http://security.debian.org/debian-security ${distro}-security main" >> /etc/apt/sources.list 2503 | else 2504 | echo "deb http://security.debian.org/ $distro/updates main" >> /etc/apt/sources.list 2505 | fi 2506 | apt_get_update 2507 | fi 2508 | done 2509 | POLICY=$(apt-cache policy libc6) 2510 | POLICY_INSTALLED=$(echo $POLICY | grep Installed | sed -e 's/.*Installed: \(\S*\).*/\1/') 2511 | POLICY_CANDIDATE=$(echo $POLICY | grep Candidate | sed -e 's/.*Candidate: \(\S*\).*/\1/') 2512 | if [ ! -z "$POLICY_INSTALLED" -a "$POLICY_INSTALLED" == "$POLICY_CANDIDATE" ]; then 2513 | echo "dss:info: apt-cache policy reports the latest libc6 package already installed" 2514 | return 0 2515 | fi 2516 | if [ -d /var/lib/dpkg/updates ] && [ 0 -ne $(find /var/lib/dpkg/updates -type f | wc -l) ]; then 2517 | echo "dss:info: looks like there were some pending updates. checking if they need configuring before proceeding with the libc6 install" 2518 | dpkg --configure -a --force-confnew --force-confdef --force-confmiss 2519 | fi 2520 | apt_get_install libc6 2521 | ret=$? 2522 | if [ $ret -eq 0 ]; then 2523 | echo "dss:fixmethod: apt-get install" 2524 | # if wrong version is installed you can force the version with something like this on squeeze: 2525 | # apt-get install libc6=2.11.3-4+deb6u4 libc6-i686=2.11.3-4+deb6u4 libc-bin=2.11.3-4+deb6u4 2526 | return 0 2527 | fi 2528 | echo "dss:error: Failed doing apt-get -y install libc6" 2529 | prep_ghost_output_dir 2530 | # download isnt an option on some older apts 2531 | apt-get download libc6 2>/dev/null 2532 | ret=$? 2533 | local file=$(find . -name '*.deb' | grep libc6 | head -n 1) 2534 | if [ $ret -ne 0 ] || [ -z "$file" ]; then 2535 | echo "dss:error: Failed downloading the libc6 package with apt-get download libc6" 2536 | return 1 2537 | fi 2538 | dpkg -i $file 2539 | ret=$? 2540 | if [ $ret -eq 0 ]; then 2541 | echo "dss:fixmethod: apt-get download libc6 and dpkg -i" 2542 | return 0 2543 | fi 2544 | return $ret 2545 | fi 2546 | echo "dss:warn: libc6 not installed. Not running apt-get install libc6" 2547 | return 0 2548 | } 2549 | 2550 | function yum_upgrade() { 2551 | pause_check 2552 | [ ! -f /etc/redhat-release ] && return 0 2553 | yum_enable_rhel4 || return 0 2554 | if ! which yum >/dev/null 2>&1; then echo "dss:info: yum not found."; return 1; fi 2555 | local QOPT=" -q" 2556 | echo "dss:trace:yum_upgrade" 2557 | 2558 | yum --version >/dev/null && ! yum -q --version 2>/dev/null >/dev/null && QOPT= 2559 | yum -y install yum rpm > /dev/null 2>&1 2560 | 2561 | # handy tools to make life better 2562 | yum $QOPT -y install yum-utils yum-verify 2563 | 2564 | echo "dss:info: running yum upgrade" 2565 | yum $QOPT -y upgrade 2566 | ret=$? 2567 | [ ! $ret ] && echo "dss:error:yum_upgrade failed." >&2 2568 | [ $ret ] && echo "dss:info:yum_upgrade completed." 2569 | return $ret 2570 | } 2571 | 2572 | function yum_enable_rhel4() { 2573 | [ ! -f /etc/redhat-release ] && return 0 2574 | ! grep -qai 'release.* 4' /etc/redhat-release && return 0 2575 | if which yum >/dev/null 2>&1; then echo "dss:info: yum enabled on a rhel4 distro already."; return 0; fi 2576 | echo "dss:info: yum not enabled on $(print_distro_info). Trying to enable it." 2577 | { 2578 | rpm -Uvh http://vault.centos.org/4.9/os/i386/CentOS/RPMS/libxml2-2.6.16-12.6.i386.rpm 2579 | rpm -Uvh http://vault.centos.org/4.9/os/i386/CentOS/RPMS/libxml2-python-2.6.16-12.6.i386.rpm 2580 | 2581 | rpm -Uvh http://vault.centos.org/4.9/os/i386/CentOS/RPMS/readline-4.3-13.i386.rpm 2582 | rpm -Uvh http://vault.centos.org/4.9/os/i386/CentOS/RPMS/python-2.3.4-14.7.el4.i386.rpm 2583 | 2584 | # install all together else dependency issues 2585 | rpm -Uvh http://vault.centos.org/4.9/os/i386/CentOS/RPMS/sqlite-3.3.6-2.i386.rpm http://vault.centos.org/4.9/os/i386/CentOS/RPMS/sqlite-devel-3.3.6-2.i386.rpm http://vault.centos.org/4.9/os/i386/CentOS/RPMS/python-sqlite-1.1.7-1.2.1.i386.rpm 2586 | 2587 | rpm -Uvh http://vault.centos.org/4.9/os/i386/CentOS/RPMS/python-elementtree-1.2.6-5.el4.centos.i386.rpm 2588 | rpm -Uvh http://vault.centos.org/4.9/os/i386/CentOS/RPMS/sqlite-3.3.6-2.i386.rpm 2589 | rpm -Uvh http://vault.centos.org/4.9/os/i386/CentOS/RPMS/python-sqlite-1.1.7-1.2.1.i386.rpm 2590 | 2591 | rpm -Uvh http://vault.centos.org/4.9/os/i386/CentOS/RPMS/elfutils-libelf-0.97.1-5.i386.rpm 2592 | rpm -Uvh http://vault.centos.org/4.9/os/i386/CentOS/RPMS/elfutils-0.97.1-5.i386.rpm 2593 | rpm -Uvh http://vault.centos.org/4.9/os/i386/CentOS/RPMS/popt-1.9.1-32_nonptl.i386.rpm 2594 | 2595 | rpm -Uvh http://vault.centos.org/4.9/os/i386/CentOS/RPMS/python-urlgrabber-2.9.8-2.noarch.rpm 2596 | rpm -Uvh http://vault.centos.org/4.9/os/i386/CentOS/RPMS/yum-metadata-parser-1.0-8.el4.centos.i386.rpm 2597 | rpm -Uvh http://vault.centos.org/4.9/os/i386/CentOS/RPMS/centos-release-4-8.i386.rpm 2598 | rpm -Uvh http://vault.centos.org/4.9/os/i386/CentOS/RPMS/yum-2.4.3-4.el4.centos.noarch.rpm 2599 | prep_ghost_output_dir 2600 | if [ ! -e /root/distrorejuveinfo/CentOS-Base.repo ]; then 2601 | echo "dss:info: Running cp /etc/yum.repos.d/CentOS-Base.repo /root/distrorejuveinfo/CentOS-Base.repo" 2602 | cp /etc/yum.repos.d/CentOS-Base.repo /root/distrorejuveinfo/CentOS-Base.repo 2603 | fi 2604 | 2605 | wget -nc -O /etc/yum.repos.d/CentOS-Base.repo http://vault.centos.org/4.9/CentOS-Base.repo 2606 | } 2607 | if which yum >/dev/null 2>&1; then echo "dss:info: yum enabled on a rhel4 distro."; return 0 2608 | else echo "dss:info: yum install failed on a rhel4 distro."; return 1 ; fi 2609 | return 0 2610 | } 2611 | 2612 | function report_unsupported() { 2613 | is_fixed && return 0 2614 | 2615 | [ -f /etc/apt/sources.list ] && [ -f /etc/debian_version ] && if print_distro_info | grep Ubuntu | egrep -qai "$(wordlisttoegreparg $OLD_RELEASES_UBUNTU)"; then 2616 | echo "dss:warn: Running an end-of-life Ubuntu distro ($(print_distro_info)). No new package updates available. dist upgrade to the latest lts" 2617 | return 1 2618 | fi 2619 | # DEBIAN 7.4 2620 | # Debian GNU/Linux 7.9 (n/a) Release: 7.9 Codename: n/a 2621 | # Distributor ID: Debian Description: Debian GNU/Linux 7.2 (wheezy) Release: 7.2 Codename: wheezy 2622 | 2623 | [ -f /etc/apt/sources.list ] && [ -f /etc/debian_version ] && if print_distro_info | grep -i 'Debian GNU' | egrep -qai "$(wordlisttoegreparg $UNSUPPORTED_DEBIAN)"; then 2624 | # due to etch being unsupported and stretch beinc current 2625 | if ! print_distro_info | grep -i 'Debian GNU' | egrep -qai "$(wordlisttoegreparg $DEBIAN_CURRENT)"; then 2626 | echo "dss:warn: Running an end-of-life Debian distro ($(print_distro_info)). No new package updates available. dist upgrade to the latest lts" 2627 | fi 2628 | return 1 2629 | fi 2630 | 2631 | if [ ! -f /etc/redhat-release ]; then return 0; fi 2632 | if grep -qai 'Shrike' /etc/redhat-release; then 2633 | # RH9 2634 | return 0 2635 | elif grep -qai 'release.* 7' /etc/redhat-release; then 2636 | # yum install 2637 | return 0 2638 | elif grep -qai 'release.* 6' /etc/redhat-release; then 2639 | # yum install 2640 | return 0 2641 | elif grep -qai 'release.* 5' /etc/redhat-release; then 2642 | # yum install 2643 | return 0 2644 | elif grep -qai 'release.* 4' /etc/redhat-release; then 2645 | # install prebuilt rpm 2646 | return 0 2647 | elif grep -qai 'release.* 3' /etc/redhat-release; then 2648 | # install prebuilt rpm 2649 | return 0 2650 | elif grep -qai 'release.* 2' /etc/redhat-release; then 2651 | true 2652 | elif grep -qai 'release.* 1' /etc/redhat-release; then 2653 | true 2654 | else 2655 | return 0 2656 | fi 2657 | 2658 | # cat /etc/redhat-release 2659 | #Red Hat Enterprise Linux WS release 4 (Nahant) 2660 | echo "dss:warn: There is currently no autopatch option for $(print_distro_info). The distro is likely out of date and no longer supported." 2661 | return 1 2662 | } 2663 | 2664 | function improve_yum_setup() { 2665 | if ! print_distro_info | egrep -i 'redhat|centos' | egrep -qai 'release.* 5|release.* 6|release.* 7' ; then return 0; fi 2666 | if rpm -qa 2>&1 | grep -qai rpmdbnextiter ; then 2667 | # e.g. error: rpmdbNextIterator: skipping h# 489 Header V3 RSA/SHA256 Signature, key ID c105b9de: BAD 2668 | echo "dss:info: rpm database errors. rebuilding the rpm db" 2669 | rpm --rebuilddb 2670 | fi 2671 | if [ ! -x /usr/bin/yum ] ; then 2672 | #rpm http://centos5.rimuhosting.com/centos /5 os updates rimuhosting addons extras centosplus 2673 | if [ ! -f /etc/apt/sources.list ]; then 2674 | echo "dss:warn: Cannot do a yum install on this host, yum not installed, no /etc/apt/sources.list either." 2675 | return 1 2676 | fi 2677 | if ! which apt-get >/dev/null 2>&1 ; then 2678 | echo "dss:warn: Cannot do a yum install on this host, yum not installed, no apt-get either." 2679 | fi 2680 | echo "dss:info: Trying to install yum via apt-get" 2681 | apt-get --force-yes -y install yum 2682 | fi 2683 | if [ ! -x /usr/bin/yum ] ; then 2684 | echo "dss:warn: Cannot do a yum install on this host, yum not installed" 2685 | return 1 2686 | fi 2687 | if [ ! -x /usr/bin/which ]; then 2688 | echo "dss:warn: Which not installed. Installing that with yum install which." 2689 | yum install -y which 2690 | fi 2691 | 2692 | # this file was added by us, but with wrong name (ending in s). 2693 | [ -f /etc/yum.repos.d/CentOS-Base.repos ] && [ -f /etc/yum.repos.d/CentOS-Base.repo ] && rm /etc/yum.repos.d/CentOS-Base.repos 2694 | if print_distro_info | egrep -i 'redhat|centos' | egrep -qai 'release.* 5' && [ ! -f /etc/yum.repos.d/CentOS-Base.repo ] && [ -d /etc/yum.repos.d ] ; then 2695 | wget -nc -O /etc/yum.repos.d/CentOS-Base.repo http://downloads.rimuhosting.com/CentOS-Base.repos.v5 2696 | fi 2697 | return 0 2698 | } 2699 | 2700 | function fix_via_yum_install() { 2701 | is_fixed && return 0 2702 | improve_yum_setup || return 1 2703 | if ! print_distro_info | egrep -i 'redhat|centos' | egrep -qai 'release.* 5|release.* 6|release.* 7' ; then return 0; fi 2704 | echo "dss:info: Doing a centos5-7 fix for $(print_distro_info)" 2705 | yum install -y glibc 2706 | ret=$? 2707 | if [ $ret -ne 0 ]; then 2708 | echo "dss:warn:Error running yum install -y glibc" 2709 | fi 2710 | echo "dss:fixmethod: yum install glibc" 2711 | return $ret 2712 | } 2713 | 2714 | 2715 | function fix_vuln() { 2716 | print_vulnerability_status beforefix 2717 | print_libc_versions beforefix || return $? 2718 | print_info 2719 | 2720 | if is_fixed ; then 2721 | echo "dss:info: The server appears to not be vulnerable. Not doing anything." 2722 | return 0 2723 | fi 2724 | 2725 | upgrade_precondition_checks || return $? 2726 | 2727 | # improve apt sources 2728 | convert_deb_6_stable_repo_to_squeeze || return $? 2729 | convert_old_debian_repo || return $? 2730 | 2731 | # https://wiki.ubuntu.com/Releases 2732 | # lucid server still current? 2733 | for distro in $OLD_RELEASES_UBUNTU; do 2734 | convert_old_ubuntu_repo $distro || return $? 2735 | done 2736 | enable_debian_archive || return $? 2737 | 2738 | fix_missing_lsb_release 2739 | 2740 | 2741 | fix_via_apt_install #|| return $? 2742 | 2743 | yum_enable_rhel4 || return $? 2744 | 2745 | fix_via_yum_install || return $? 2746 | 2747 | report_unsupported || return $? 2748 | return 0 2749 | } 2750 | 2751 | function packages_upgrade() { 2752 | upgrade_precondition_checks || return $? 2753 | 2754 | # improve apt sources 2755 | convert_deb_6_stable_repo_to_squeeze || return $? 2756 | convert_old_debian_repo || return $? 2757 | 2758 | # https://wiki.ubuntu.com/Releases 2759 | # lucid server still current? 2760 | for distro in $OLD_RELEASES_UBUNTU; do 2761 | convert_old_ubuntu_repo $distro || return $? 2762 | done 2763 | enable_debian_archive || return $? 2764 | 2765 | fix_missing_lsb_release 2766 | 2767 | fix_via_apt_install #|| return $? 2768 | 2769 | yum_enable_rhel4 || return $? 2770 | 2771 | improve_yum_setup || return $? 2772 | 2773 | add_missing_debian_keys || return $? 2774 | 2775 | upgrade_precondition_checks || return $? 2776 | 2777 | echo "dss:trace:packages_upgrade:pre_apt_get_upgrade:" 2778 | apt_get_upgrade || return $? 2779 | 2780 | yum_upgrade || return $? 2781 | 2782 | return 0 2783 | } 2784 | 2785 | function dist_upgrade_to_latest() { 2786 | pause_check 2787 | echo "dss:trace:dist_upgrade_to_latest" 2788 | 2789 | if ! packages_upgrade; then echo "dss:error:dist_upgrade_to_latest:packages_upgrade:failed" && return 1; fi 2790 | if ! apt_get_dist_upgrade; then echo "dss:error:dist_upgrade_to_latest:apt_get_dist_upgrade:failed" && return 1; fi 2791 | if [ -e /etc/apt/sources.list ] && lsb_release -a 2>/dev/null | grep -qai debian; then 2792 | if ! dist_upgrade_lenny_to_squeeze; then echo "dss:error:dist_upgrade_to_latest:dist_upgrade_lenny_to_squeeze:failed" && return 1; fi 2793 | if ! dist_upgrade_squeeze_to_wheezy; then echo "dss:error:dist_upgrade_to_latest:dist_upgrade_squeeze_to_wheezy:failed" && return 1; fi 2794 | if ! dist_upgrade_wheezy_to_jessie; then echo "dss:error:dist_upgrade_to_latest:dist_upgrade_wheezy_to_jessie:failed" && return 1; fi 2795 | if ! dist_upgrade_jessie_to_stretch; then echo "dss:error:dist_upgrade_to_latest:dist_upgrade_jessie_to_stretch:failed" && return 1; fi 2796 | if ! dist_upgrade_stretch_to_buster; then echo "dss:error:dist_upgrade_to_latest:dist_upgrade_stretch_to_buster:failed" && return 1; fi 2797 | if ! dist_upgrade_buster_to_bullseye; then echo "dss:error:dist_upgrade_to_latest:dist_upgrade_buster_to_bullseye:failed" && return 1; fi 2798 | if ! dist_upgrade_bullseye_to_bookworm; then echo "dss:error:dist_upgrade_to_latest:dist_upgrade_bullseye_to_bookworm:failed" && return 1; fi 2799 | if ! dist_upgrade_bookworm_to_trixie; then echo "dss:error:dist_upgrade_to_latest:dist_upgrade_bookworm_to_trixie:failed" && return 1; fi 2800 | 2801 | if ! apt_get_dist_upgrade; then echo "dss:error:dist_upgrade_to_latest:apt_get_dist_upgrade:failed" && return 1; fi 2802 | fi 2803 | if [ -e /etc/apt/sources.list ] && lsb_release -a 2>/dev/null | grep -qai ubuntu; then 2804 | if ! dist_upgrade_ubuntu_to_latest; then echo "dss:error:dist_upgrade_to_latest:dist_upgrade_ubuntu_to_latest:failed" && return 1; fi 2805 | if ! apt_get_dist_upgrade; then echo "dss:error:dist_upgrade_to_latest:apt_get_dist_upgrade:failed" && return 1; fi 2806 | fi 2807 | if ! plesk_upgrade; then echo "dss:error:dist_upgrade_to_latest:plesk_upgrade:failed" && return 1; fi 2808 | } 2809 | 2810 | function print_php5_advice() { 2811 | cat<