#! /bin/bash
# $Header: /anfs/www/VH-cl/html/deb/RCS/bs,v 1.30 2026/05/18 17:30:10 mas90 Exp $
# Command to setup an or ubuntu machine after a basic install.
# cd /tmp; wget www/deb/bs; bash ./bs full auto
# enable en_GB.utf8 ADD: dpkg-reconfigure locales
PATH=/sbin:/usr/sbin:$PATH
case "$1" in nnl)
b=128.232;s=$b.64;ifconfig eth0 $s.11/20;route add default gw $s.1;wget $b.20/deb/bs
exit
esac
DEBIAN_FRONTEND=noninteractive
export DEBIAN_FRONTEND
# Packages to install which default to "yes", "maybe" (alien machines) and "no".
# resolvconf needed so that /etc/resolv.conf is setup from /etc/network/interfaces on U18
# net-tools may be off use as admins may be used to commands such as ifconfig on U18
# cl-onserver is needed early on to 'cl-onserver --keytab' to get host keytab
earlyrpms="perl-modules cl-hostid-fix" # cl-hostid-fix requires Pod which is in perl-modules
basicrpmscl="cl-make-ownfiles cl-onserver resolvconf net-tools cl-update-system cl-patch-files cl-rpm-bundles cl-add-rpms cl-add-user cl-patch-file cl-asuser cl-ssh-known-hosts-out cl-root-authorized-keys" # cl-xon"
#wsrpmscl="cl-isidle-05-workstation.conf cl-cron-isidle-halt" # cl-isidle-10-nosuspend.conf
basicrpms="$basicrpmscl patch ed ufw openssh-server" # exim4-daemon-light
notdomurpms="ntp"
krb5rpms="krb5-user libpam-krb5 krb5-config"
krb5rpmse=libkadm55 # U8.10 legacy
pkgsy=$basicrpms
#pkgsm="exmh metamail quota" # Is metamail available?
pkgsm="quota"
staff=sysadmin
staffn=10000
pkgsn="cl-root-abbot-authorized-keys"
rmnm= # "network-manager"
# How to "upgrade" an existing machine
upgradefiles="/etc/krb5.keytab /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.pub /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub /mnt/etc/ssh/ssh_host_ecdsa_key /mnt/etc/ssh/ssh_host_ecdsa_key.pub"
NOTD7="# HACK for debian ...;NOT_xemacs21;NOT_make-doc;NOT_xubuntu-default-settings"
dn=/dev/null
env=/etc/default/locale
# Set the system wide LANG (etc)
test -r $env && . $env
# Where is UFW info held? up to U9.04 it was /var/lib, 9.10 on it's /usr/share
ufwl=/lib/ufw/user.rules
l=+
level=
ufwvl=/var$ufwl
ufwus=/usr/share/ufw/user.rules
rund=/etc/rc2.d
m=/mnt
o=-DIST
eub=/etc/user-config/bundles
eup=/etc/user-config/patches
euh=/etc/user-config/hostid
copiedcomment="# copied from $eub"
f=-f # fix broken packages
F="-o DPkg::Options::=--force-confdef"
# setup tommands to do things: in this case, as user first (may be replaced)
# Assume "Yes"
runy() { echo -n "Run: '$@' ? [Y/n] "; read a; case "$a" in n*|N*) echo "skip '$@'";; *) eval "$@";; esac; }
# Assume "No"
runn() { echo -n "Run: '$@' ? [y/N] "; read a; case "$a" in y*|Y*) eval "$@";; *) echo "skip '$@'";; esac; }
# Assume "Yes" IFF level contains the condition
runl() { cond=$1; shift; case "$level" in
*${l}$cond${l}*)echo -n "Run: '$@' ? [Y/n] "; read a; case "$a" in n*|N*) echo "skip '$@'";; *) eval "$@";; esac;;
*) echo -n "Run: '$@' ? [y/N] "; read a; case "$a" in y*|Y*) eval "$@";; *) echo "skip '$@'";; esac;;
esac; }
# Assume "No" IFF level contains the condition
runi() { cond=$1; shift; case "$level" in
*${l}$cond${l}*)echo -n "Run: '$@' ? [y/N] "; read a; case "$a" in y*|Y*) eval "$@";; *) echo "skip '$@'";; esac;;
*) echo -n "Run: '$@' ? [Y/n] "; read a; case "$a" in n*|N*) echo "skip '$@'";; *) eval "$@";; esac;;
esac; }
# is any one of the listed packages installed?
haspkg() { dpkg -l $@ | grep ^ii > $dn 2>&1; }
# Decode any command line args which tell what to do etc
while test $# -gt 0
do
case "$1" in
# Try to fully automate it -- reduce user interaction
auto) y="-y";
auto=true
echo; echo "# full autopilot - not asking whether to try each step"; sleep 2; echo;
runy () { echo "# run: $@"; eval "$@"; }
runn () { echo "# skip: $@"; }
runl() { cond=$1; shift; case "$level" in
*${l}$cond${l}*) runy "$@";;
*) runn "$@";;
esac;
}
runi() { cond=$1; shift; case "$level" in
*${l}$cond${l}*) runn "$@";;
*) runy "$@";;
esac;
} ;;
y|yes) y=-y;;
noldap) ldap=false;;
min) min=true;; # needs 2.5GB to do initial install
# remove the 32b (on a 64b machine!)
only64|64only) remove32=true;;
# Set the level of the install
level) level="$level$l$2" levelf=$2; shift;;
repo) level="$level$l$1" levelf=$1;; # JUST the repo
none) level="$level$l$1" levelf=$1;; # no side effects
alien) level="$level$l$1" levelf=$1;; # cron updates etc
full) level="$level$l$1" levelf=$1;; # ldap, krb5, autofs
server) level="$level$l$1" levelf=$1;; # "server" with full access
dmz) level="$level$l$1" levelf=${levelf-alien};; # "std management tools"
domU) level="$level$l$1" levelf=${levelf-alien};; # Xen domU VM
krb5) level="$level$l$1" levelf=${levelf-full};; # krb5
nfs) level="$level$l$1" levelf=${levelf-full};; # nfs
ws) level="$level$l$1" levelf=${levelf-full};; # WS with full access
localhome)level="$level$l$1" levelf=${levelf-full};; # full access with local HOME
filerhome)level="$level$l$1" levelf=${levelf-full};; # full access with HOME on filer
editbundles) editbundles=editbundles=;; # Allow the user to edit the bundles
loadall) haspkg() { false; };;
installall) haspkg() { false; };;
upgrade) upgrade="$2"; shift;;
# Unknown
*) echo "Unknown argument '$1' - ignored" 1>&2;;
esac
shift
done
name=`uname -n | sed 's/\..*//'`
case "$auto$level" in
"") echo -n "What level configuraion? [repo|none|alien|dmz|server|full|localhome|filerhome] "; read level;
case "$level" in '') level=none; echo "(setting level to '$level')";; esac
levelf=$level
level="$l$level"
esac
level="$level$l"
# "derived" levels: (ws|localhome|filerhome) -> full; full -> krb5; krb5 -> nfs
case "$level" in *${l}ws${l}*) level="${l}full$level";; esac
case "$level" in *${l}localhome${l}*) level="${l}full$level";; esac
case "$level" in *${l}filerhome${l}*) level="${l}full$level";; esac
case "$level" in *${l}full${l}*) level="${l}krb5$level";; esac
case "$level" in *${l}krb5${l}*) level="${l}nfs$level";; esac
# Neither local or filer home defaults to local
case "$level" in *${l}localhome${l}*|*${l}filerhome${l}*) : OK;; *) level="${l}DEFAULTED${l}localhome$level";; esac
case "$levelf" in '') echo; echo "**** levelf unset -- please report to pb22 ****"; echo; levelf=full;; esac
# Capture useful initial stats before they are lost
test -r /root/debs-0 || dpkg-query -l | LANG=C sort -o /root/debs-0 && ls -l /root/debs-0
test -t /root/df-0 || df >> /root/df-0 && ls -l /root/df-0
# Is ZFS available for scratch?
df -t zfs > $dn && zfs=true zfse=""
# Deduce the release, to allow later conditional processing
case "`cat /etc/issue`" in
*"Debian GNU/Linux 4.0"*) rel=D4.0; echo "# Installing debian 4";;
*"Debian GNU/Linux 7"*) rel=D7; echo "# Installing debian 7";;
*"Debian GNU/Linux 8"*) rel=D8; echo "# Installing debian 8";;
"Raspbian GNU/Linux 8"*) rel=R8; echo "# Installing Raspbian 8";;
*"Ubuntu 8.04"*) rel=U8.04; echo "# Installing Ubuntu 8.04 ($rel)";;
*"Ubuntu 8.10"*) rel=U8.10; echo "# Installing Ubuntu 8.10";;
*"Ubuntu 9.04"*) rel=U9.04; echo "# Installing Ubuntu 9.04";;
*"Ubuntu 9.10"*) rel=U9.10; echo "# Installing Ubuntu 9.10";;
*"Ubuntu karmic"*) rel=U9.10; echo "# Installing Ubuntu 9.10";;
*"Ubuntu 10.04"*) rel=U10.04; echo "# Installing Ubuntu 10.04";;
"Ubuntu 10.10"*) rel=U10.10; echo "# Installing Ubuntu 10.10";;
"Ubuntu 11.04"*) rel=U11.04; echo "# Installing Ubuntu 11.04";;
"Ubuntu 11.10"*) rel=U11.10; echo "# Installing Ubuntu 11.10";;
"Ubuntu 16.04"*) rel=U16.04; echo "# Installing Ubuntu 16.04";;
"Ubuntu 18.04"*) rel=U18.04; echo "# Installing Ubuntu 18.04";;
"Ubuntu 20.04"*) rel=U20.04; echo "# Installing Ubuntu 20.04";;
"Ubuntu 22.04"*) rel=U22.04; echo "# Installing Ubuntu 22.04";;
"Ubuntu 24.04"*) rel=U24.04; echo "# Installing Ubuntu 24.04";;
"Ubuntu Xenial Xerus (dev"*) rel=U16.04; echo "# Installing Ubuntu 16.04 dev";;
"Ubuntu Xenial Xerus"*) rel=U16.04; echo "# Installing Ubuntu 16.04 (dev?)";;
"Ubuntu Bionic Beaver (dev"*) rel=U18.04; echo "# Installing Ubuntu 18.04 dev";;
"Linux Mint 9 Isadora"*) rel=U10.04; echo "# Installing Mint 9 (U10.04)";;
"Ubuntu Trust"*) rel=U14.04; level="${level}noaptsrc$l"; echo "# Installing Ubuntu Trusty Tahr (14.04) [devel]";;
*"NexentaCore 2.0"*"Hardy 8.04"*) rel=U8.04;echo "# Installing NexentaCore Ubuntu 8.04";;
*) rel=unknown;;
esac
if [ "$rel" = "unknown" ]
then
case "$(lsb_release -si)" in
Ubuntu)
rel=U$(lsb_release -sr)
echo "# Installing $rel"
;;
esac
fi
if [ "$rel" = "unknown" ]
then
echo "# Installing Unrecognised Distro"
fi
echo "# level is $level, levelf is $levelf, rel is $rel, ${zfse-no }ZFS"
# Which systems need the extra krb5 packages in $krb5rpmse
case "$rel" in
U8.10) : OK;;
U24.04) krb5rpmse=
pkgsy=$(echo $pkgsy|sed s/resolvconf/systemd-resolved/)
#basicrpms=$(echo $basicrpms|sed s/resolvconf/systemd-resolved/)
#basicrpmscl=$(echo $basicrpmscl|sed s/resolvconf/systemd-resolved/)
;;
*) krb5rpmse=;;
esac
case "$level+$rel" in
*${l}full${l}*+U10.*) cat << \EOF
Make sure that you have a "DES+" keytab
EOF
sleep 3
runn "exit";;
esac
case "$TESTSTART" in
?*) echo "## level=<$level>, levelf=<$levelf>";
exit 1;
esac
# Try to avoid UID clashes with old CRSIDs
grep ^maj1 /etc/passwd > $dn || (cat > passwd-t << \EOF
maj1:*:101:60101:Martyn Johnson:/home/maj1:/bin/bash
pb22:*:104:60104:Piete Brooks:/home/pb22:/bin/bash
acn1:*:107:60107:Arthur Norman:/home/acn1:/bin/bash
mjcg:*:110:60110:Mike Gordon:/home/mjcg:/bin/bash
pr10:*:111:60111:Peter Robinson:/home/pr10:/bin/bash
jf15:*:128:60128:Jon Fairbairn:/home/jf15:/bin/bash
lp15:*:138:60138:Larry Paulson:/home/lp15:/bin/bash
ceb4:*:145:60145:Caroline Blackmun:/home/ceb4:/bin/bash
gt19:*:178:60178:Graham Titmus:/home/gt19:/bin/bash
mvw1:*:217:60217:Maurice Wilkes:/home/mvw1:/bin/bash
iml1:*:243:60243:Ian Leslie:/home/iml1:/bin/bash
gw104:*:244:60244:Glynn Winskel:/home/gw104:/bin/bash
ah12:*:260:60260:Andy Hopper:/home/ah12:/bin/bash
am21:*:300:60300:Alan Mycroft:/home/am21:/bin/bash
fhk1:*:301:60301:Frank King:/home/fhk1:/bin/bash
mr10:*:302:60302:Martin Richards:/home/mr10:/bin/bash
drm10:*:336:60336:Derek McAuley:/home/drm10:/bin/bash
jmb25:*:341:60341:Jean Bacon:/home/jmb25:/bin/bash
rf10:*:344:60344:Robin Fairbairns:/home/rf10:/bin/bash
jac8:*:407:60407:John Carroll:/home/jac8:/bin/bash
ejb1:*:412:60412:Ted Briscoe:/home/ejb1:/bin/bash
aac10:*:432:60432:Ann Copestake:/home/aac10:/bin/bash
wwwsvn:*:505:505:WWW SVN user id:/usr/groups/wwwsvn/home:/bin/bash
nprobe:*:506:101:nprobe pseudo-user:/usr/groups/nprobe/home:/bin/false
ivc:*:511:511:ivc pseudo user:/home/ivc:/bin/false
EOF
runn "cat passwd-t >> /etc/passwd")
diff <(sort -t: -k 3,4 -n -u /etc/passwd) <(sort -t: -k 3,4 -n /etc/passwd)
#- # Try to avoid GID clashes
#- if grep uucp:x:10 /etc/group || grep staff:x:50: /etc/group
#- then
#- # Avoid the use of "ed" -- use "sed"?
#- runy "(echo /^uucp/s/:.0/:50/p; echo /^staff/s/:.0/:10/p; echo w) | ed - /etc/group"
#- fi
case "$y" in y*) rmf="-y $F";; esac
# If user requested "full", set "FIRST" if this is the first run
case "$level" in *${l}full${l}*|*${l}dmz${l}*) test -r $eub || FIRST=true;; esac
# Bootstrap access to the local repository
test -e /etc/apt/sources.list.d/cl.list -o -e /etc/apt/sources.list.d/cl.sources || (
runy "cd /tmp; test -e cl.deb || wget https://www.cl.cam.ac.uk/deb/cl.deb; dpkg --force-bad-verify -i cl.deb"
runy "apt-get -q=1 $y update"
)
# ?? why -modules ?? for p in $earlyrpms; do haspkg $p-modules || runy "apt-get install $p"; done
for p in $earlyrpms; do haspkg $p || runy "apt-get install $F $f $y $p"; done
grep mirror.apps.cam.ac.uk /etc/apt/sources.list > $dn || (
runi noaptsrc "cl-hostid-fix --do_aptsrc"
# kingston complains: ls: cannot access /etc/user-config/bundles: No such file or directory
runi noaptsrc "apt-get -q=1 $y update"
)
haspkg krb5-user || runl krb5 "apt-get install $F $f $y $krb5rpms"
# kingson gives:
# The following NEW packages will be installed:
# krb5-config krb5-user libgssrpc4 libkadm5clnt-mit8 libkadm5srv-mit8
# libkdb5-6 libpam-krb5
# 0 upgraded, 7 newly installed, 0 to remove and 0 not upgraded.
# Need to get 0 B/571 kB of archives.
# After this operation, 1,338 kB of additional disk space will be used.
# Do you want to continue [Y/n]?
# Media change: please insert the disc labeled
# 'Debian GNU/Linux wheezy-DI-b4 _Wheezy_ - Official Snapshot amd64 DVD Binary-1 20121117-20:31'
# in the drive '/media/cdrom/' and press enter
haspkg lsb-release || runy "apt-get install $F $f $y lsb-release"
# Add our ESM repo (recent Ubuntu only)
case "$rel" in U[23456789][0123456789].*)
rel_codename=$(lsb_release -sc 2>/dev/null)
if [ "$rel_codename" ] && ! test -e /etc/apt/sources.list.d/esm.sources
then
runy "wget -O- https://www.cl.cam.ac.uk/deb/esm.sources | sed 's/%DIST%/$rel_codename/g' > /etc/apt/sources.list.d/esm.sources"
runy "apt-get -q=1 $y update"
fi
;;
esac
# sudo-rs doesn't (yet, 2026) support our configuration; roll back to real sudo before we install an invalid one
case "$rel" in U*)
if [ -e /usr/bin/sudo.ws -a -e /etc/alternatives/sudo -a -e /usr/lib/cargo/bin/sudo -a /etc/alternatives/sudo -ef /usr/lib/cargo/bin/sudo ]
then
update-alternatives --set sudo /usr/bin/sudo.ws
fi
;;
esac
# Load up certain packages -- pro tem ask the user :-(
haspkg cl-patch-file || runy "apt-get install $F $f $y $basicrpmscl"
#haspkg cl-isidle-05-workstation.conf || runl ws "apt-get install $F $f $y $wsrpmscl"
haspkg ntp || runi domU "apt-get install $F $f $y $notdomurpms"
haspkg krb5-user || runl krb5 "apt-get install $F $f $y $krb5rpms"
case "$level" in
*${l}full${l}*) for p in $rmnm; do haspkg $p && runy "apt-get remove $rmf $p"; done
esac
case "$krb5rpmse" in ?*) haspkg $krb5rpmse || runl krb5 "apt-get install $F $f $y $krb5rpmse";; esac
# Go through again, checking them one at a time ...
for p in $pkgsy; do haspkg $p || runy "apt-get install $F $f $y $p"; done
for p in $pkgsm; do haspkg $p || runl nfs "apt-get install $F $f $y $p"; done
for p in $pkgsn; do haspkg $p || runn "apt-get install $F $f $y $p"; done
haspkg autofs-ldap || runl krb5 "echo LDAP and AUTOFS; test -d /home -a ! -L /home && mkdir -p /home-local && mv /home/* /home-local/ && (echo /localadmin/s=/home/=/home-local/=p; echo w) | ed - /etc/passwd; apt-get install $F $f $y portmap nfs-common autofs autofs-ldap ldap-utils libpam-ldap libnss-ldap nscd cl-autofs-dirs; test -e /home || ln -sf homes /home; test -e $rund/S*autofs || echo Need to auto start autofs "
# Try both locations for UFW info
ufw=$ufwl
test -e $ufw || ufw=$ufwus
test -e $ufw || ufw=$ufwvl
ufw=${UFW-$ufw} # HACK to avoid doing ufw setup if testing
if test -e $ufw
then
# IPV6=yes in /etc/default/ufw
# ufw allow from 128.232.10.53 to any app OpenSSH # probes
case "$rel" in
"U8.04")
grep 128.232.9.254 $ufw > $dn || runy "ufw allow from 128.232.9.254 to any port 22"
grep 128.232.10.53 $ufw > $dn || runy "ufw allow from 128.232.10.53 to any port 22"
grep 22.-s.128.232.0 $ufw > $dn || runy "ufw allow from 128.232.0.0/17 to any port 22"
grep dport.22.-j $ufw > $dn || runy "ufw allow to any port 22"
;;
*)
grep 128.232.9.254 $ufw > $dn || runy "ufw allow from 128.232.9.254 to any app OpenSSH"
grep 128.232.10.53 $ufw > $dn || runy "ufw allow from 128.232.10.53 to any app OpenSSH"
# ufw allow from 2001:630:200:ac70:216:3eff:fee8:9fe to any app OpenSSH # separately
# ufw allow from 2001:630:200:ac70:216:3eff:fee8:a35 to any app OpenSSH # IPv[46]
grep 22.-s.128.232.0 $ufw > $dn || runy "ufw allow from 128.232.0.0/17 to any app OpenSSH"
# ufw allow from 2001:630:200:ac00::/56 to any app OpenSSH # access separately
grep dport.22.-j $ufw > $dn || runy "ufw allow OpenSSH"
esac
grep "113 -s 128.232.0.0/16" $ufw > $dn || runy "ufw allow proto tcp from 128.232.0.0/16 to any port auth"
grep "113 -s 131.111.0.0/16" $ufw > $dn || runy "ufw allow proto tcp from 131.111.0.0/16 to any port auth"
# ufw allow proto tcp from 2001:630:200::/48 to any port auth # ... and IPv6
grep "udp any 255.255.255.255" $ufw > $dn || runy "ufw deny proto udp to 255.255.255.255"
grep "udp any 128.232.15.255" $ufw > $dn || runn "ufw deny proto udp to 128.232.15.255"
# "proto igmp" not accepted
ROUTERS="0.2 100.2 103.194 103.194 103.65 103.65 103.65 108.2 108.2 108.2 108.2 110.2 110.2 18.2 18.2 20.2 24.2 24.2 32.2 32.2 32.2 60.2 60.2 64.2 99.2 99.2"
runn "for R in $ROUTERS; do ufw deny in to 224.0.0.1 from 128.232.\$R; done"
runn "ufw deny in to 224.0.0.1 from 128.232.0.4"
runn "ufw deny in to 224.0.0.1 from 128.232.32.4"
runy "ufw deny in to 224.0.0.1 from 128.232.64.4"
runy "ufw deny in to 224.0.0.1 from 128.232.64.2"
runy "ufw deny in to ff02::1 from fe80::208:e3ff:feff:fc04"
runn "ufw deny in proto udp to 224.0.0.1 port 8612 from 128.232.56.37"
runn "ufw deny in proto udp to 224.0.0.1 port 8612 from 128.232.56.35"
runn "ufw deny in proto udp to 224.0.0.1 port 8612 from 128.232.1.20"
runy "ufw deny in proto udp to 224.0.0.1 port 8612 from 128.232.0.0/20"
runy "ufw deny to ff02::1 port 8610 proto udp"
runy "ufw deny to ff02::1 port 8612 proto udp"
### XENE
grep "tcp 5900" $ufw > $dn || runn "echo XenE domU; ufw allow proto tcp from 128.232.28.0/22 to any port 5900"
grep "tcp 5900" $ufw > $dn || runn "echo XenE domU; ufw allow proto tcp from 128.232.26.0/24 to any port 5900"
fi
test -r $eub.samp-$levelf && (diff $eub $eub.samp > $dn 2>&1 || test ! -r $eub) &&
(FIRST=true || test ! -r $eub) && runy "cp -p $eub.samp-$levelf $eub; chown localadmin $eub; chmod ug+w $eub" && case "$level" in *localhome*) grep snap $eub || echo snapd >> $eub;; esac
test -r $eup.samp-$levelf && diff $eup $eup.samp > $dn 2>&1 &&
runy "cp -p $eup.samp-$levelf $eup; chown localadmin $eup; chmod ug+w $eup"
find $eub ! -perm -440| grep $eub > $dn && runy "chmod ug+w $eub"
find $eub -group root | grep $eub > $dn && runy "chgrp $staff $eub"
find $eub -group root | grep $eub > $dn && runy "chgrp $staffn $eub"
find $eup ! -perm -440| grep $eup > $dn && runy "chmod ug+w $eup"
find $eup -group root | grep $eup > $dn && runy "chgrp $staff $eup"
find $eup -group root | grep $eup > $dn && runy "chgrp $staffn $eup"
case "$FIRST" in
true)
if grep -q '^xen$' /sys/hypervisor/type 2>/dev/null
then
runy "echo @R-xen-domU >> $eub"
fi
esac
case "$FIRST++$editbundles" in
true++?*)
case "$y" in
'-y') echo "About to invoke '${EDITOR-vi} $eub' as EDITOR set to ${EDITOR-vi}"
echo "To abort vi, type ':q!'"
sleep 5;;
*) echo "If you are installing a completely standard Lab Managed machine, press 'n'."
echo "If not, you can use Ctrl-Z now to edit the files, resume the script and press 'n'."
echo "Otherwise press RETURN and it will drop you into \$EDITOR which is ${EDITOR-vi}"
esac
runy "${EDITOR-vi} $eub"
esac
grep 'root:!:' /etc/shadow && runn "passwd"
case "$upgrade" in
?*) if $fmount mount -r $upgrade $m || $fmount mount -r -t ext3 $upgrade $m || $fmount mount -r -t ext2 $upgrade $m
then for f in $upgradefiles
do if test ! -e $m$f
then echo "# no $m$f to copy - skip"
elif test -e $f$o
then echo "# already have a backup file $f$o - skip"
elif cmp -s $m$f $f
then echo "# $m$f and $f are identical - skip"
else
runy "(test ! -e $f || mv $f $f$o) && cp -p $m$f $f"
fi
done
if grep "^$copiedcomment" $eub > $dn
then : Already copied
else runy '(echo "$copiedcomment"; sed "1,/Rest are user or auto-patch added/d;s/^/#- /" < $m/$eub) >> $eub'
ua=$(ls -l $m$eub | (read a b c d; echo $c))
runy "chown $ua $eub $eup"
fi
umount $m
else echo mount of $upgrade failed so data not copied 1>&2
fi
esac
case "$level" in
*) : Disable ....;;
[f]*)
test -e join-ad-domain || runy "wget http://www.cl.cam.ac.uk/~pb22/join-ad-domain"
# test -e join-ad-domain || runy "wget http://www.cl.cam.ac.uk/suse/11.0/autoyast/join-ad-domain"
(type -p klist > $dn 2>&1 && klist -k /etc/krb5.keytab) || test ! -e ./join-ad-domain || runl krb5 "bash ./join-ad-domain < /dev/tty"
type -p klist > $dn 2>&1 && klist -k /etc/krb5.keytab
;;
*) haspkg cl-add-user || runy "apt-get install $F $f $y cl-add-user"
;;
esac
case "$rel" in
D7) m=xemacs21; grep $m $eub > $dn || runy "echo '$NOTD7' | tr ';' '\12' >> $eub"
esac
case "$rel" in
U10*) m=metamail; grep $m $eub > $dn || runy "echo NOT_$m >> $eub"
m=lvm2; grep $m $eub > $dn || runy "echo $m >> $eub"
esac
#m=CL-isidle-10-nosuspend.conf; grep $m $eub > $dn || runy "echo '# $m' >> $eub"
grep aptsrc $euh > $dn || runl noaptsrc "echo aptsrc=0 >> $euh"
grep uuid $euh > $dn || runl noaptsrc "echo uuid=0 >> $euh"
case "$rel" in
U18*) runy "echo NOT_mcelog >> $eub";;
esac
case "$CLUPDATE$rel" in
no|NO) : nothing;;
U10*) runn "cl-update-system -t"; runy "cl-add-rpms -a -y";;
*) runy "cl-update-system -t"; runy "apt-get -y -o DPkg::Options::=--force-confdef dist-upgrade";;
esac
runy "apt-get -y autoremove"
case "$zfs" in
'') test -d /local/scratch || runy "mkdir -p /local/scratch";;
*) test -d /local/scratch || runy "zfs create -o mountpoint=/local/scratch rpool/scratch";;
esac
case "$level" in
*${l}localhome${l}*) pam-auth-update --enable mkhomedir;;
*${l}full${l}*)
test -L /home || runy "rmdir /home && ln -s homes /home"
esac
case "$level" in
*${l}full${l}*) for p in $rmnm
do if test ! -e $eub || grep $p $eub > $dn
then : SKIP as OK
else runy "echo NOT_$p >> $eub"
fi
haspkg $p && runy "apt-get $rmf remove $p"
done
esac
k=/etc/krb5.keytab; test -e $k || runy "cl-onserver --keytab"
f=/etc/default/nfs-common;find $f $k -cmin -30|grep .>$dn&&grep ^NEED_GSSD=yes $f>$dn&&runy "service gssd restart"
runy "service autofs restart"
find /etc/ssh/sshd_config -mmin -30|grep .>$dn&&runy "service ssh restart"
## This is WRONG or U24.24!!! f=/etc/grub.d/10_linux.*; test -e $f && runy "rm $f"
## This is WRONG or U24.24!!! f=/boot/grub/grub.cfg; LANG=en_GB grub-mkconfig -o $f-n; diff $f $f-n || runy "mv $f-n $f"; rm -f $f-n
case "$CLUPDATE$rel" in
no|NO) : nothing;;
*) runy "cl-add-rpms -a -y --doremoves=1";;
esac
p=cl-krb5.conf-cl
echo; echo "Re-install $f to improve its chance of working ..."
haspkg $p && runy "apt-get remove -y $p; apt-get install -y $p"
echo; echo "final fix - does this look ..."
cl-hostid-fix
echo; echo "look OK - check before you proceed ...."
runy cl-hostid-fix -a
exit 0