#!/bin/bash ####################################################################### # MYP AIO-Installer - System Packages Module # # Dieses Modul behandelt die Installation und Aktualisierung von: # - System-Updates und Upgrades # - Grundlegende System-Packages # - Zusätzliche Sources und Repositories # - Abhängigkeiten für das MYP-System ####################################################################### # Funktionsdeklarationen für Package Management update_system_packages() { log "INFO" "=== SYSTEM-PACKAGES AKTUALISIEREN ===" # APT Sources konfigurieren configure_apt_sources # System-Update durchführen perform_system_update # Grundlegende Packages installieren install_base_packages # Spezielle Repositories hinzufügen add_additional_repositories # Cleanup durchführen cleanup_packages log "INFO" "System-Package-Aktualisierung abgeschlossen" } configure_apt_sources() { log "INFO" "Konfiguriere APT-Sources..." # Backup der aktuellen sources.list cp /etc/apt/sources.list /etc/apt/sources.list.backup.$(date +%Y%m%d) # Detect Debian/Ubuntu Version local os_id=$(lsb_release -si) local os_codename=$(lsb_release -sc) log "INFO" "Erkanntes System: $os_id $os_codename" case "$os_id" in "Debian") configure_debian_sources "$os_codename" ;; "Ubuntu"|"Raspbian") configure_ubuntu_sources "$os_codename" ;; *) log "WARN" "Unbekanntes System, verwende Standard-Konfiguration" ;; esac # Sicherstellen dass Universe und Multiverse aktiviert sind (Ubuntu/Raspbian) if [[ "$os_id" == "Ubuntu" ]] || [[ "$os_id" == "Raspbian" ]]; then add-apt-repository universe -y 2>/dev/null || true add-apt-repository multiverse -y 2>/dev/null || true fi log "INFO" "APT-Sources konfiguriert" } configure_debian_sources() { local codename="$1" log "INFO" "Konfiguriere Debian Sources für $codename" # Standard Debian Sources cat > /etc/apt/sources.list << EOF # Debian $codename - Hauptrepositories deb http://deb.debian.org/debian $codename main contrib non-free deb-src http://deb.debian.org/debian $codename main contrib non-free # Debian $codename - Updates deb http://deb.debian.org/debian $codename-updates main contrib non-free deb-src http://deb.debian.org/debian $codename-updates main contrib non-free # Debian $codename - Security Updates deb http://security.debian.org/debian-security $codename-security main contrib non-free deb-src http://security.debian.org/debian-security $codename-security main contrib non-free # Debian $codename - Backports (falls verfügbar) deb http://deb.debian.org/debian $codename-backports main contrib non-free deb-src http://deb.debian.org/debian $codename-backports main contrib non-free EOF } configure_ubuntu_sources() { local codename="$1" log "INFO" "Konfiguriere Ubuntu/Raspbian Sources für $codename" # Ubuntu/Raspbian Sources cat > /etc/apt/sources.list << EOF # Ubuntu/Raspbian $codename - Hauptrepositories deb http://archive.ubuntu.com/ubuntu $codename main restricted universe multiverse deb-src http://archive.ubuntu.com/ubuntu $codename main restricted universe multiverse # Ubuntu/Raspbian $codename - Updates deb http://archive.ubuntu.com/ubuntu $codename-updates main restricted universe multiverse deb-src http://archive.ubuntu.com/ubuntu $codename-updates main restricted universe multiverse # Ubuntu/Raspbian $codename - Security Updates deb http://security.ubuntu.com/ubuntu $codename-security main restricted universe multiverse deb-src http://security.ubuntu.com/ubuntu $codename-security main restricted universe multiverse # Ubuntu/Raspbian $codename - Backports deb http://archive.ubuntu.com/ubuntu $codename-backports main restricted universe multiverse deb-src http://archive.ubuntu.com/ubuntu $codename-backports main restricted universe multiverse EOF } perform_system_update() { log "INFO" "Führe System-Update durch..." # APT-Cache aktualisieren log "INFO" "Aktualisiere APT-Cache..." apt-get update -y || { log "ERROR" "APT-Update fehlgeschlagen" return 1 } # Upgrade durchführen log "INFO" "Führe System-Upgrade durch..." DEBIAN_FRONTEND=noninteractive apt-get upgrade -y || { log "ERROR" "APT-Upgrade fehlgeschlagen" return 1 } # Dist-Upgrade für kritische Updates log "INFO" "Führe Distribution-Upgrade durch..." DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y || { log "WARN" "Dist-Upgrade hatte Probleme, fortfahren..." } log "INFO" "System-Update abgeschlossen" } install_base_packages() { log "INFO" "Installiere grundlegende System-Packages..." # Essentielle System-Tools local base_packages=( # Grundlegende Tools "curl" "wget" "git" "unzip" "zip" "tar" "gzip" "rsync" "htop" "tree" "nano" "vim-tiny" # Netzwerk-Tools "net-tools" "iputils-ping" "dnsutils" "ssh" "openssh-server" # Build-Tools "build-essential" "gcc" "g++" "make" "cmake" "pkg-config" # Python-Grundlagen "python3" "python3-pip" "python3-dev" "python3-venv" "python3-setuptools" "python3-wheel" # SSL/TLS "ca-certificates" "openssl" # System-Utilities "systemd" "systemctl" "cron" "logrotate" "sudo" # Raspberry Pi spezifisch "rpi-update" "raspberrypi-kernel-headers" # Zusätzliche Libraries "libffi-dev" "libssl-dev" "libxml2-dev" "libxslt1-dev" "zlib1g-dev" "libjpeg-dev" "libpng-dev" "libfreetype6-dev" "liblcms2-dev" "libwebp-dev" "tcl8.6-dev" "tk8.6-dev" "python3-tk" # Firewall "ufw" "iptables" "iptables-persistent" # Monitoring "psmisc" "lsof" "strace" ) # Installiere Packages in Batches für bessere Fehlerbehandlung local batch_size=10 local total_packages=${#base_packages[@]} local current_batch=0 for ((i=0; i /etc/apt/sources.list.d/nodesource.list echo "deb-src https://deb.nodesource.com/node_18.x $os_codename main" >> /etc/apt/sources.list.d/nodesource.list # APT-Cache aktualisieren apt-get update -y || { log "WARN" "Node.js Repository-Update fehlgeschlagen" return 1 } log "INFO" "Node.js Repository hinzugefügt" } add_chromium_repository() { log "INFO" "Prüfe Chromium-Verfügbarkeit..." # Prüfe ob Chromium bereits verfügbar ist if apt-cache search chromium-browser | grep -q chromium-browser; then log "INFO" "Chromium ist bereits über Standard-Repository verfügbar" return 0 fi # Füge Snap für Chromium hinzu falls APT-Version nicht verfügbar if command -v snap >/dev/null 2>&1; then log "INFO" "Snap verfügbar, Chromium wird über Snap installiert" return 0 fi # Installiere Snap falls nicht vorhanden if ! DEBIAN_FRONTEND=noninteractive apt-get install -y snapd; then log "WARN" "Snap konnte nicht installiert werden" return 1 fi log "INFO" "Snap für Chromium-Installation vorbereitet" } add_docker_repository() { log "INFO" "Füge Docker Repository hinzu (optional)..." # Docker GPG-Key curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - || { log "WARN" "Docker GPG-Key konnte nicht hinzugefügt werden" return 1 } # Docker Repository local os_codename=$(lsb_release -sc) echo "deb [arch=amd64,arm64,armhf] https://download.docker.com/linux/debian $os_codename stable" > /etc/apt/sources.list.d/docker.list # APT-Cache aktualisieren apt-get update -y || { log "WARN" "Docker Repository-Update fehlgeschlagen" return 1 } log "INFO" "Docker Repository hinzugefügt" } install_security_updates() { log "INFO" "Installiere Sicherheitsupdates..." # Unattended-upgrades für automatische Sicherheitsupdates DEBIAN_FRONTEND=noninteractive apt-get install -y unattended-upgrades apt-listchanges || { log "WARN" "Unattended-upgrades konnte nicht installiert werden" } # Konfiguriere automatische Sicherheitsupdates cat > /etc/apt/apt.conf.d/20auto-upgrades << 'EOF' APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1"; APT::Periodic::AutocleanInterval "7"; EOF # Konfiguriere welche Updates automatisch installiert werden cat > /etc/apt/apt.conf.d/50unattended-upgrades << 'EOF' Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}-security"; "${distro_id} ESMApps:${distro_codename}-apps-security"; "${distro_id} ESM:${distro_codename}-infra-security"; }; Unattended-Upgrade::Package-Blacklist { // Keine Packages blockieren für MYP-System }; Unattended-Upgrade::AutoFixInterruptedDpkg "true"; Unattended-Upgrade::MinimalSteps "true"; Unattended-Upgrade::Remove-Unused-Dependencies "true"; Unattended-Upgrade::Automatic-Reboot "false"; Unattended-Upgrade::SyslogEnable "true"; EOF log "INFO" "Automatische Sicherheitsupdates konfiguriert" } cleanup_packages() { log "INFO" "Bereinige Package-System..." # Nicht mehr benötigte Packages entfernen apt-get autoremove --purge -y || { log "WARN" "Autoremove hatte Probleme" } # APT-Cache bereinigen apt-get autoclean || { log "WARN" "Autoclean hatte Probleme" } apt-get clean || { log "WARN" "Clean hatte Probleme" } # Alte Kernel entfernen (behalte nur die letzten 2) if command -v purge-old-kernels >/dev/null 2>&1; then purge-old-kernels --keep 2 -y || { log "WARN" "Alte Kernel konnten nicht bereinigt werden" } fi log "INFO" "Package-System bereinigt" } verify_packages() { log "INFO" "Überprüfe installierte Packages..." local errors=0 # Kritische Packages prüfen local critical_packages=( "python3" "python3-pip" "git" "curl" "wget" "build-essential" "openssh-server" "systemd" ) for package in "${critical_packages[@]}"; do if ! dpkg -l | grep -q "^ii.*$package"; then log "ERROR" "Kritisches Package fehlt: $package" errors=$((errors + 1)) fi done # System-Dienste prüfen local critical_services=( "ssh" "systemd-resolved" "cron" ) for service in "${critical_services[@]}"; do if ! systemctl is-active --quiet "$service"; then log "WARN" "Service nicht aktiv: $service" fi done if [[ $errors -eq 0 ]]; then log "INFO" "Package-Verifikation erfolgreich" return 0 else log "ERROR" "Package-Verifikation fehlgeschlagen ($errors Fehler)" return 1 fi } optimize_raspberry_pi() { log "INFO" "Optimiere System für Raspberry Pi..." # Prüfe ob es sich um einen Raspberry Pi handelt if [[ ! -f /proc/device-tree/model ]] || ! grep -q "Raspberry Pi" /proc/device-tree/model; then log "INFO" "Kein Raspberry Pi erkannt, überspringe Optimierungen" return 0 fi # GPU Memory Split optimieren if command -v raspi-config >/dev/null 2>&1; then log "INFO" "Konfiguriere GPU Memory Split..." raspi-config nonint do_memory_split 128 fi # Overclock aktivieren (vorsichtig) if [[ -f /boot/config.txt ]]; then log "INFO" "Aktiviere moderate Overclock-Einstellungen..." # Backup der config.txt cp /boot/config.txt /boot/config.txt.backup.$(date +%Y%m%d) # Füge Overclock-Einstellungen hinzu cat >> /boot/config.txt << 'EOF' # MYP System Optimierungen # Moderate Overclock für bessere Performance arm_freq=1200 gpu_freq=400 sdram_freq=500 over_voltage=2 # USB Power max_usb_current=1 # Audio deaktivieren (nicht benötigt) dtparam=audio=off EOF fi # Swap optimieren if [[ -f /etc/dphys-swapfile ]]; then log "INFO" "Optimiere Swap-Konfiguration..." sed -i 's/CONF_SWAPSIZE=100/CONF_SWAPSIZE=1024/' /etc/dphys-swapfile systemctl restart dphys-swapfile fi log "INFO" "Raspberry Pi Optimierungen abgeschlossen" }