various improvements

[distro-setup] / distro-end
diff --git a/distro-end b/distro-end

index bc334d659261c84d032cba53e273130b6d0f90e4..84566b89fa4299468c147d69bd2e60ee97911166 100755 (executable)
--- a/distro-end
+++ b/distro-end
@@ -193,11 +193,6 @@ s dpkg-reconfigure -u -fnoninteractive unattended-upgrades
  # Setup daily reboots, so all unattended upgrades go into affect
  # unattended upgrades happen at 6 am + rand(60 min).
  echo '20 7 * * * root /usr/local/bin/zelous-unattended-reboot' | s dd of=/etc/cron.d/unattended-upgrade-reboot
-case $(debian-codename) in
-  flidas)
-    if [[ ! -e /usr/local/bin/checkrestart ]]; then
-      ;;
-esac
  ##### end automatic upgrades ####
  
  # office is not exposed to internet yet
@@ -725,20 +720,45 @@ EOF
        p update
      fi
  
-    # needed for false positive in checkrestart
      s dd of=/etc/apt/preferences.d/debian-goodies <<EOF
  Package: debian-goodies
-Pin: release a=etiona
+Pin: release n=buster
  Pin-Priority: 1005
+EOF
  
-Package: debian-goodies
-Pin: release a=etiona-updates
-Pin-Priority: 1005
  
-Package: debian-goodies
-Pin: release a=etiona-security
-Pin-Priority: 1005
+    s dd of=/etc/apt/preferences.d/flidas-buster <<EOF
+Package: *
+Pin: release n=buster
+Pin-Priority: -100
+EOF
+
+    # stupid buster uses some key algorithm not supported by flidas gpg that apt uses.
+    s dd of=/etc/apt/apt.conf.d/01iank <<'EOF'
+Acquire::AllowInsecureRepositories "true";
+EOF
+
+    t=$(mktemp)
+    cat >$t <<EOF
+deb http://http.us.debian.org/debian buster main
+deb-src http://http.us.debian.org/debian buster main
+
+deb http://security.debian.org/ buster/updates main
+deb-src http://security.debian.org/ buster/updates main
+
+deb http://http.us.debian.org/debian buster-updates main
+deb-src http://http.us.debian.org/debian buster-updates main
  EOF
+    f=/etc/apt/sources.list.d/buster.list
+    if ! diff -q $t $f; then
+      s cp $t $f
+      s chmod 644 $f
+      p update
+    fi
+
+    # newer version needed for false positive in checkrestart
+    p install -y --allow-unauthenticated debian-goodies
+
      ;;
  esac
  
@@ -1712,9 +1732,12 @@ if ! type -p guix >/dev/null; then
    guix package --install guile
  fi
  
-# install rust
+# install rust.
  curl https://sh.rustup.rs -sSf | bash -s -- -y
-cargo install ripgrep
+# todo: update this. updates in rust are stupidly complicate
+if ! which rg &>/dev/null; then
+  cargo install ripgrep
+fi
  
  #### tor
  case $distro in