#!/bin/bash # Script version of http://fedorasolved.org/Members/fenris02/post_upgrade_cleanup # Do not set TMPDIR to any tmpfs mount, these files should remain after boot. TMPDIR=/root/tmp DEBUG='' VERBOSE='1' LOG_ALL='1' LANG=C DS=$(date +%Y%m%d) if [ "$(whoami)" != "root" ]; then echo "Must be run as root." exit 1 fi ping -c3 -q > /dev/null if [ $? -eq 1 ]; then echo "Please ensure you have network connectivity." exit 2 fi if [ $(runlevel |awk '{print$NF}') != "3" ]; then echo "Must be run from runlevel 3." exit 3 fi cat -< $PIPEFILE 2>&1 #exec < /dev/null 2<&1 fi # [ -n "$VERBOSE" ] && echo 'Cleaning up yumdb' [ -n "$DEBUG" ] && read rm /var/lib/rpm/__db.00? rpm --rebuilddb yum update -y /etc/*-release dracut rpm yum yum clean all yum-complete-transaction # [ -n "$VERBOSE" ] && echo 'Removing old packages from cache directories' [ -n "$DEBUG" ] && read DIST=$(rpm --eval '%{dist}') for D in /var/cache/yum /var/lib/yum/plugins/local; do [ -d $D ] \ && find $D -type f -name \*.rpm \ |grep -v $DIST \ |xargs rm -f done # [ -n "$VERBOSE" ] && echo 'Repairing permissions' [ -n "$DEBUG" ] && read [ -n "$VERBOSE" ] && echo 'This may take a few minutes, resetting user/group ownership' time rpm -a --setugids > /dev/null 2>&1 [ -n "$VERBOSE" ] && echo 'This may take a few minutes, resetting permissions' time rpm -a --setperms > /dev/null 2>&1 [ -x /usr/bin/package-cleanup ] || yum install -y yum-utils YSHELL=${TMPDIR}/YUM-SHELL_${DS}.txt YSHELL2=${TMPDIR}/YUM-SHELL2_${DS}.txt # Reinstall desktops and sync YSHELL3=${TMPDIR}/YUM-SHELL3_${DS}.txt # Locate installed leaves packages that were installed as a dep of some other package repoquery --installed --qf "%{nvra} - %{yumdb_info.reason}" \ `package-cleanup --leaves -q --all` \ |grep '\- dep' \ |while read n a a; do \ echo remove $n done > $YSHELL # reinstall duplicate packages, might clean them without breaking package-cleanup -q --dupes > ${TMPDIR}/DUPLICATE-PACKAGES_${DS}.txt [ -s ${TMPDIR}/DUPLICATE-PACKAGES_${DS}.txt ] && \ cat ${TMPDIR}/DUPLICATE-PACKAGES_${DS}.txt | \ while read PKGNAME; do rpm -q --qf 'reinstall %{name}.%{arch}\n' $PKGNAME >> $YSHELL done # Add default package sets cat ->> $YSHELL <> $YSHELL2 <> $YSHELL3 echo "install @${GROUP}" >> $YSHELL3 done # Add default package sets echo 'run' >> $YSHELL # Break out non-essential groups so that yum succeeds even on rawhide echo 'run' >> $YSHELL2 # Locate installed desktops -- Hack around broken depsolver echo 'run' >> $YSHELL3 # echo 'Generate package list before package-updates' [ -x /usr/bin/show-installed ] || yum install -y yum-utils show-installed -f kickstart -e -o ${TMPDIR}/SHOW-INSTALLED1_${DS}.txt [ -n "$VERBOSE" ] && echo 'Importing Keys for Fedora versions: https://fedoraproject.org/keys' [ -n "$DEBUG" ] && read curl -s https://fedoraproject.org/keys |\ grep fedoraproject.org/static |\ cut -f2 -d\" |\ while read URL; do rpm --import $URL done # [ -n "$VERBOSE" ] && echo 'Removing dependency leaves and installing default package sets' [ -n "$DEBUG" ] && read [ -x /usr/sbin/semanage ] || yum install policycoreutils-python semanage -o ${TMPDIR}/SELINUX-CUSTOM-CONFIG_${DS}.txt mv /etc/selinux/targeted ${TMPDIR}/targeted.${DS} mkdir -p /etc/selinux/targeted time yum shell $YSHELL2 -y --disableplugin=presto --skip-broken time yum shell $YSHELL3 -y --disableplugin=presto --skip-broken time yum distribution-synchronization -y --disableplugin=presto --skip-broken time yum shell $YSHELL -y --disableplugin=presto --skip-broken [ -f /etc/PackageKit/CommandNotFound.conf ] \ && sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf # Something went around above if this directory does not exist [ -n "$VERBOSE" ] && echo 'Resetting local selinux policy' [ -n "$DEBUG" ] && read [ -d /etc/selinux/targeted/policy ] || yum reinstall -y selinux-policy-targeted semanage -i ${TMPDIR}/SELINUX-CUSTOM-CONFIG_${DS}.txt # [ -n "$VERBOSE" ] && echo 'Remove duplicate packages if any found.' [ -n "$DEBUG" ] && read package-cleanup --cleandupes # echo 'Generate package list after package-updates' [ -x /usr/bin/show-installed ] || yum install yum-utils show-installed -f kickstart -e -o ${TMPDIR}/SHOW-INSTALLED2_${DS}.txt # [ -n "$VERBOSE" ] && echo "Moving ~/.config/ directories to ~/.config.${DS}" [ -n "$DEBUG" ] && read getent passwd \ |while IFS=: read userName passWord userID groupID geCos homeDir userShell; do [ -d "${homeDir}/.config" ] \ && mv "${homeDir}/.config" "${homeDir}/.config.${DS}" done # [ -n "$VERBOSE" ] && echo 'Correct labels.' [ -n "$DEBUG" ] && read [ -x /sbin/fixfiles ] || yum install -y policycoreutils time fixfiles -R -a restore # [ -n "$VERBOSE" ] && echo 'Merge *.rpmnew files semi-automatically.' [ -n "$DEBUG" ] && read [ -x /usr/sbin/rpmconf ] || yum install -y rpmconf rpmconf -a # [ -n "$VERBOSE" ] && echo 'Build problem report.' [ -n "$DEBUG" ] && read [ -f /etc/sysconfig/prelink ] \ && . /etc/sysconfig/prelink \ && /usr/sbin/prelink -av $PRELINK_OPTS >> /var/log/prelink/prelink.log 2>&1 # [ -n "$VERBOSE" ] && echo 'configure dynamic linker run-time bindings' /sbin/ldconfig # [ -n "$VERBOSE" ] && echo 'Verify all installed packages' [ -n "$DEBUG" ] && read time rpm -Va > ${TMPDIR}/RPM-VA_${DS}.txt 2>&1 # Need a better way to fix caps [ -n "$VERBOSE" ] && echo 'Reset file capabilities' [ -n "$DEBUG" ] && read egrep '^.{8}P ' ${TMPDIR}/RPM-VA_${DS}.txt \ |awk '{print$NF}' \ |xargs rpm --filecaps -qf \ |grep '= cap' \ |while read fileName eq fileCaps; do rpm --qf '%{name}.%{arch}\n' -qf "${fileName}" >> ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt setcap "${fileCaps}" "${fileName}" done sort -u -o ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt #yum reinstall -y $(cat ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt) # [ -n "$VERBOSE" ] && echo 'Generate reports' [ -n "$DEBUG" ] && read time rpm -Va > ${TMPDIR}/RPM-VA2_${DS}.txt 2>&1 egrep -v '^.{9} (c /| /lib/modules/.*/modules\.)' ${TMPDIR}/RPM-VA2_${DS}.txt > ${TMPDIR}/URGENT-REVIEW_${DS}.txt egrep '^.{9} c /' ${TMPDIR}/RPM-VA2_${DS}.txt > ${TMPDIR}/REVIEW-CONFIGS_${DS}.txt find /etc -name '*.rpm?*' > ${TMPDIR}/REVIEW-OBSOLETE-CONFIGS_${DS}.txt # Stop logging. No changes below this point. if [ -n "$LOG_ALL" ]; then echo "Kill off logger" #exec 1>&- 2>&- #kill $TEEPID rm $PIPEFILE #wait $TEEPID fi # Reboot script that works even when init has changed cat -> ${TMPDIR}/raising-elephants.sh < /proc/sys/kernel/sysrq #https://secure.wikimedia.org/wikipedia/en/wiki/Magic_SysRq_key#.22Raising_Elephants.22_mnemonic_device # "Raising Elephants Is So Utterly Boring" for ST in r e i s s s u b; do echo \$ST > /proc/sysrq-trigger done #EOF EOT chmod 0700 ${TMPDIR}/raising-elephants.sh # Done echo "Verify packages are installed the way you want and then type ${TMPDIR}/raising-elephants.sh" echo 'If you have questions, share this link.' [ -x /usr/bin/fpaste ] || yum install -y fpaste for E in ${TMPDIR}/[A-Z]*_${DS}.txt; do [ -s $E ] || rm $E done fpaste ${TMPDIR}/[A-Z]*_${DS}.txt echo '' if [ -n "$LOG_ALL" ]; then echo "Detailed log can be found in $LOGFILE" fi #EOF