From 018fcce82c6b10f20dd950425e8751cb29a4c4f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyryl=20P=C5=82otnicki-Chudyk?= Date: Mon, 1 Aug 2016 07:07:58 +0200 Subject: [PATCH 1/4] add support for automatic security updates for fedora --- fedora/configure_fresh_system | 13 ++++++++-- fedora/etc/dnf/automatic.conf | 46 +++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 2 deletions(-) create mode 100644 fedora/etc/dnf/automatic.conf diff --git a/fedora/configure_fresh_system b/fedora/configure_fresh_system index a379a25e..09dbefa7 100755 --- a/fedora/configure_fresh_system +++ b/fedora/configure_fresh_system @@ -4,19 +4,28 @@ set -e #software and shell sudo dnf -y upgrade --best --allowerasing -sudo dnf -y --best --allowerasing install vim tmux atop zsh thunderbird thunderbird-enigmail thunderbird-lightning firefox aria2 gajim lm_sensors freecad python3-pip qt5-qtbase-devel qt5-qtwebkit-devel meld whois curl pv tor torsocks nodejs terminator gsmartcontrol python-pip mercurial python-devel libxslt-devel libjpeg-turbo-devel conky conky-manager redshift redshift-gtk cmake gtk2-devel intltool gparted wine solaar glances the_silver_searcher dkms kernel-devel gimp transmission-gtk git xz util-linux-user powertop +sudo dnf -y --best --allowerasing install vim tmux atop zsh thunderbird thunderbird-enigmail thunderbird-lightning firefox aria2 gajim lm_sensors freecad python3-pip qt5-qtbase-devel qt5-qtwebkit-devel meld whois curl pv tor torsocks nodejs terminator gsmartcontrol python-pip mercurial python-devel libxslt-devel libjpeg-turbo-devel conky conky-manager redshift redshift-gtk cmake gtk2-devel intltool gparted wine solaar glances the_silver_searcher dkms kernel-devel gimp transmission-gtk git xz util-linux-user powertop dnf-automatic FEDORA_VERSION=`rpm -E %fedora` sudo dnf -y install http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$FEDORA_VERSION.noarch.rpm sudo dnf -y install http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$FEDORA_VERSION.noarch.rpm sudo dnf -y --best --allowerasing install vlc splix gutenprint-cups cups-bjnp keepass mplayer golang ncurses-compat-libs kicad retext sudo dnf -y groupinstall "C Development Tools and Libraries" +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +cp -v /etc/dnf/automatic.conf /etc/dnf/automatic.conf.bak +cp -v $DIR/etc/dnf/automatic.conf /etc/dnf/automatic.conf +diff /etc/dnf/automatic.conf.bak /etc/dnf/automatic.conf + +sudo systemctl enable dnf-automatic.timer +sudo systemctl start dnf-automatic.timer +sudo systemctl list-timers "*dnf-*" + if [[ -z $DONT_START_TOR ]]; then sudo systemctl enable tor sudo systemctl start tor fi -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" DIR="$DIR/../" DIR="$DIR" $DIR/common/configure_fresh_system diff --git a/fedora/etc/dnf/automatic.conf b/fedora/etc/dnf/automatic.conf new file mode 100644 index 00000000..848f2c09 --- /dev/null +++ b/fedora/etc/dnf/automatic.conf @@ -0,0 +1,46 @@ +[commands] +# What kind of upgrade to perform: +# default = all available upgrades +# security = only the security upgrades +upgrade_type = security +random_sleep = 300 + +# Whether updates should be downloaded when they are available. +download_updates = yes + +# Whether updates should be applied when they are available. +# Note that if this is set to no, downloaded packages will be left in the +# cache regardless of the keepcache setting. +apply_updates = yes + + +[emitters] +# Name to use for this system in messages that are emitted. Default is the +# hostname. +# system_name = my-host + +# How to send messages. Valid options are stdio, email and motd. If +# emit_via includes stdio, messages will be sent to stdout; this is useful +# to have cron send the messages. If emit_via includes email, this +# program will send email itself according to the configured options. +# If emit_via includes motd, /etc/motd file will have the messages. +# Default is email,stdio. +emit_via = stdio,email + + +[email] +# The address to send email messages from. +email_from = root@skinnyv + +# List of addresses to send messages to. +email_to = admin@cyplo.net + +# Name of the host to connect to to send email messages. +email_host = localhost + + +[base] +# This section overrides dnf.conf + +# Use this to filter DNF core messages +debuglevel = 1 From 2d5c36d3546be95d6ec295b523a711010e79eefe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyryl=20P=C5=82otnicki-Chudyk?= Date: Mon, 1 Aug 2016 07:22:07 +0200 Subject: [PATCH 2/4] do not faild the script when non-zero diff on dnf settings --- fedora/configure_fresh_system | 2 ++ fedora/etc/dnf/automatic.conf | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/fedora/configure_fresh_system b/fedora/configure_fresh_system index 09dbefa7..af4b474e 100755 --- a/fedora/configure_fresh_system +++ b/fedora/configure_fresh_system @@ -15,7 +15,9 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" cp -v /etc/dnf/automatic.conf /etc/dnf/automatic.conf.bak cp -v $DIR/etc/dnf/automatic.conf /etc/dnf/automatic.conf +set +e diff /etc/dnf/automatic.conf.bak /etc/dnf/automatic.conf +set -e sudo systemctl enable dnf-automatic.timer sudo systemctl start dnf-automatic.timer diff --git a/fedora/etc/dnf/automatic.conf b/fedora/etc/dnf/automatic.conf index 848f2c09..d5bed173 100644 --- a/fedora/etc/dnf/automatic.conf +++ b/fedora/etc/dnf/automatic.conf @@ -30,7 +30,7 @@ emit_via = stdio,email [email] # The address to send email messages from. -email_from = root@skinnyv +email_from = root # List of addresses to send messages to. email_to = admin@cyplo.net From 4e7faebe2bfa519aaa0ddf79db3f2e9d2eb420c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyryl=20P=C5=82otnicki-Chudyk?= Date: Mon, 1 Aug 2016 07:29:33 +0200 Subject: [PATCH 3/4] use sudo to copy config files --- fedora/configure_fresh_system | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fedora/configure_fresh_system b/fedora/configure_fresh_system index af4b474e..0fdee57a 100755 --- a/fedora/configure_fresh_system +++ b/fedora/configure_fresh_system @@ -13,10 +13,10 @@ sudo dnf -y groupinstall "C Development Tools and Libraries" DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -cp -v /etc/dnf/automatic.conf /etc/dnf/automatic.conf.bak -cp -v $DIR/etc/dnf/automatic.conf /etc/dnf/automatic.conf +sudo cp -v /etc/dnf/automatic.conf /etc/dnf/automatic.conf.bak +sudo cp -v $DIR/etc/dnf/automatic.conf /etc/dnf/automatic.conf set +e -diff /etc/dnf/automatic.conf.bak /etc/dnf/automatic.conf +sudo diff /etc/dnf/automatic.conf.bak /etc/dnf/automatic.conf set -e sudo systemctl enable dnf-automatic.timer From 6016fc5ecc79c3f0c87909a10be26636825a0cbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyryl=20P=C5=82otnicki-Chudyk?= Date: Mon, 1 Aug 2016 07:37:34 +0200 Subject: [PATCH 4/4] introduce NO_SYSTEMCTL flag --- bunsen/configure_fresh_system | 2 +- bunsen/test_insider | 2 +- fedora/configure_fresh_system | 8 ++++---- fedora/test_insider | 2 +- ubuntu/configure_fresh_system | 2 +- ubuntu/test_insider | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/bunsen/configure_fresh_system b/bunsen/configure_fresh_system index c4e9bc8d..60820f23 100755 --- a/bunsen/configure_fresh_system +++ b/bunsen/configure_fresh_system @@ -14,7 +14,7 @@ done set -e eval $install_packages -if [[ -z $DONT_START_TOR ]]; then +if [[ -z $NO_SYSTEMCTL ]]; then sudo systemctl enable tor sudo systemctl start tor fi diff --git a/bunsen/test_insider b/bunsen/test_insider index d1612fb6..8e653f4d 100755 --- a/bunsen/test_insider +++ b/bunsen/test_insider @@ -4,7 +4,7 @@ set -e export DEBIAN_FRONTEND=noninteractive export DONT_CHANGE_SHELL=true -export DONT_START_TOR=true +export NO_SYSTEMCTL=true echo "APT::Acquire::Retries=16;" >> /etc/apt/apt.conf.d/99_retries diff --git a/fedora/configure_fresh_system b/fedora/configure_fresh_system index 0fdee57a..b7089cd7 100755 --- a/fedora/configure_fresh_system +++ b/fedora/configure_fresh_system @@ -19,11 +19,11 @@ set +e sudo diff /etc/dnf/automatic.conf.bak /etc/dnf/automatic.conf set -e -sudo systemctl enable dnf-automatic.timer -sudo systemctl start dnf-automatic.timer -sudo systemctl list-timers "*dnf-*" +if [[ -z $NO_SYSTEMCTL ]]; then + sudo systemctl enable dnf-automatic.timer + sudo systemctl start dnf-automatic.timer + sudo systemctl list-timers "*dnf-*" -if [[ -z $DONT_START_TOR ]]; then sudo systemctl enable tor sudo systemctl start tor fi diff --git a/fedora/test_insider b/fedora/test_insider index 496329b8..e31efca7 100755 --- a/fedora/test_insider +++ b/fedora/test_insider @@ -3,7 +3,7 @@ set -e export DONT_CHANGE_SHELL=true -export DONT_START_TOR=true +export NO_SYSTEMCTL=true dnf -y install sudo diff --git a/ubuntu/configure_fresh_system b/ubuntu/configure_fresh_system index 06a7e31a..ec8b0a9b 100755 --- a/ubuntu/configure_fresh_system +++ b/ubuntu/configure_fresh_system @@ -15,7 +15,7 @@ done set -e eval $install_packages -if [[ -z $DONT_START_TOR ]]; then +if [[ -z $NO_SYSTEMCTL ]]; then sudo systemctl enable tor sudo systemctl start tor fi diff --git a/ubuntu/test_insider b/ubuntu/test_insider index 55aa9929..1234fce0 100755 --- a/ubuntu/test_insider +++ b/ubuntu/test_insider @@ -4,7 +4,7 @@ set -e export DEBIAN_FRONTEND=noninteractive export DONT_CHANGE_SHELL=true -export DONT_START_TOR=true +export NO_SYSTEMCTL=true echo "APT::Acquire::Retries=16;" >> /etc/apt/apt.conf.d/99_retries