-
- ######### begin flidas pinned packages ######
- case $(debian-codename) in
- # needed for debootstrap scripts for fai since fai requires debian
- flidas)
- curl http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg | s apt-key add -
- s dd of=/etc/apt/preferences.d/flidas-xenial <<EOF
-Package: *
-Pin: release a=xenial
-Pin-Priority: -100
-
-Package: *
-Pin: release a=xenial-updates
-Pin-Priority: -100
-
-Package: *
-Pin: release a=xenial-security
-Pin-Priority: -100
-EOF
- s dd of=/etc/apt/sources.list.d/xenial.list 2>/dev/null <<EOF
-deb http://us.archive.ubuntu.com/ubuntu/ xenial main
-deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates main
-deb http://us.archive.ubuntu.com/ubuntu/ xenial-security main
-EOF
-
- s apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
- s dd of=/etc/apt/preferences.d/flidas-bionic <<EOF
-Package: *
-Pin: release a=bionic
-Pin-Priority: -100
-
-Package: *
-Pin: release a=bionic-updates
-Pin-Priority: -100
-
-Package: *
-Pin: release a=bionic-security
-Pin-Priority: -100
-EOF
-
- # better to run btrfs-progs which matches our kernel version
- # (note, renamed from btrfs-tools)
- s dd of=/etc/apt/preferences.d/btrfs-progs <<EOF
-Package: btrfs-progs libzstd1
-Pin: release a=bionic
-Pin-Priority: 1005
-
-Package: btrfs-progs libzstd1
-Pin: release a=bionic-updates
-Pin-Priority: 1005
-
-Package: btrfs-progs libzstd1
-Pin: release a=bionic-security
-Pin-Priority: 1005
-EOF
-
-
- t=$(mktemp)
- cat >$t <<EOF
-deb http://us.archive.ubuntu.com/ubuntu/ bionic main
-deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main
-deb http://us.archive.ubuntu.com/ubuntu/ bionic-security main
-EOF
- f=/etc/apt/sources.list.d/bionic.list
- if ! diff -q $t $f; then
- s cp $t $f
- s chmod 644 $f
- p update
- fi
-
- # no special reason, but its better for btrfs-progs to
- # be closer to our kernel version
- pi btrfs-progs
-
- t=$(mktemp -d)
- cd $t
- aptitude download debootstrap/xenial
- ex ./*
- s cp ./usr/share/debootstrap/scripts/* /usr/share/debootstrap/scripts
-
- s dd of=/etc/apt/preferences.d/flidas-etiona <<EOF
-Package: *
-Pin: release a=etiona
-Pin-Priority: -100
-
-Package: *
-Pin: release a=etiona-updates
-Pin-Priority: -100
-
-Package: *
-Pin: release a=etiona-security
-Pin-Priority: -100
-
-Package: *
-Pin: release a=etiona-backports
-Pin-Priority: -100
-EOF
-
- t=$(mktemp)
- cat >$t <<EOF
-deb http://mirror.fsf.org/trisquel/ etiona main
-deb http://mirror.fsf.org/trisquel/ etiona-updates main
-deb http://archive.trisquel.info/trisquel/ etiona-security main
-deb http://mirror.fsf.org/trisquel/ etiona-backports main
-EOF
- f=/etc/apt/sources.list.d/etiona.list
- if ! diff -q $t $f; then
- s cp $t $f
- s chmod 644 $f
- p update
- fi
-
- s dd of=/etc/apt/preferences.d/debian-goodies <<EOF
-Package: debian-goodies
-Pin: release n=etiona
-Pin-Priority: 1005
-EOF
-
-
- s dd of=/etc/apt/preferences.d/flidas-buster <<EOF
-Package: *
-Pin: release n=buster
-Pin-Priority: -100
-
-Package: *
-Pin: release n=buster-updates
-Pin-Priority: -100
-EOF
-
- # dont use buster because it causes dist-upgrade to think its downgrading
- # packages while really just reinstalling the same version.
- f=/etc/apt/apt.conf.d/01iank
- rm -f $f
-# # stupid buster uses some key algorithm not supported by flidas gpg that apt uses.
-# s dd of=/etc/apt/apt.conf.d/01iank <<'EOF'
-# Acquire::AllowInsecureRepositories "true";
-# EOF
-
- f=/etc/apt/sources.list.d/buster.list
- rm -f $f
-# t=$(mktemp)
-# cat >$t <<EOF
-# deb http://http.us.debian.org/debian buster main
-# deb-src http://http.us.debian.org/debian buster main
-
-# deb http://security.debian.org/ buster/updates main
-# deb-src http://security.debian.org/ buster/updates main
-
-# deb http://http.us.debian.org/debian buster-updates main
-# deb-src http://http.us.debian.org/debian buster-updates main
-# EOF
-# if ! diff -q $t $f; then
-# s cp $t $f
-# s chmod 644 $f
-# p update
-# fi
-
- # newer version needed for false positive in checkrestart.
- # I did buster at first, but other problem above with having
- # buster repos. not sure if the false positive exists in etiona.
- p install -y --allow-unauthenticated debian-goodies
-
- s dd of=/etc/apt/preferences.d/shellcheck <<EOF
-Package: shellcheck
-Pin: release a=etiona
-Pin-Priority: 1005
-
-Package: shellcheck
-Pin: release a=etiona-updates
-Pin-Priority: 1005
-
-Package: shellcheck
-Pin: release a=etiona-security
-Pin-Priority: 1005
-EOF
-
- s dd of=/etc/apt/preferences.d/bash <<EOF
-Package: bash
-Pin: release a=etiona
-Pin-Priority: 1005
-
-Package: bash
-Pin: release a=etiona-updates
-Pin-Priority: 1005
-
-Package: bash
-Pin: release a=etiona-security
-Pin-Priority: 1005
-EOF
-
-
- ;;
- *)
- if isdeb; then
- pi debian-goodies shellcheck
- fi
- ;;
- esac
- ######### end flidas pinned packages ######
-
- ##### begin automatic upgrades (after checkrestart has been installed) ####
- s dd of=/etc/apt/apt.conf.d/10periodic <<'EOF'
-# this file was mostly just comments.
-APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Download-Upgradeable-Packages "1";
-APT::Periodic::AutocleanInterval "7";
-APT::Periodic::Unattended-Upgrade "1";
-EOF
-
- s dd of=/etc/apt/apt.conf.d/50unattended-upgrades <<EOF
-# fyi: default file has comments about available options,
-# you may want to read that, do pkx unattended-upgrades
-Unattended-Upgrade::Mail "root";
-Unattended-Upgrade::MailOnlyOnError "true";
-Unattended-Upgrade::Remove-Unused-Dependencies "true";
-Unattended-Upgrade::Origins-Pattern {
- # default is just security updates. this list found from reading
- # match_whitelist_string() in `which unattended-upgrades`
- "o=*,l=*,a=*,c=*,site=*,n=*";
-};
-EOF
-
- # old names, too verbose
- s rm -f /etc/cron.d/unattended-upgrade-reboot /usr/local/bin/zelous-unattended-reboot
-
- s dd of=/etc/cron.d/myupgrade <<'EOF'
-# Setup reboots when running outdated stuff, unattended upgrades happen
-# at 6 am + rand(60 min).
-20 7 * * * root /usr/local/bin/myupgrade | /usr/local/bin/log-once -1 myupgrade
-0 * * * * root /usr/local/bin/mycheckrestart | /usr/local/bin/log-once -1 mycheckrestart
-EOF
- ##### end automatic upgrades ####
-
-
- echo "$0: $(date): ending now)"
- exit 0