496 lines
14 KiB
Bash
496 lines
14 KiB
Bash
#!/bin/bash
|
|
|
|
#######################################################################
|
|
# MYP AIO-Installer - System Packages Module
|
|
#
|
|
# Dieses Modul behandelt die Installation und Aktualisierung von:
|
|
# - System-Updates und Upgrades
|
|
# - Grundlegende System-Packages
|
|
# - Zusätzliche Sources und Repositories
|
|
# - Abhängigkeiten für das MYP-System
|
|
#######################################################################
|
|
|
|
# Funktionsdeklarationen für Package Management
|
|
|
|
update_system_packages() {
|
|
log "INFO" "=== SYSTEM-PACKAGES AKTUALISIEREN ==="
|
|
|
|
# APT Sources konfigurieren
|
|
configure_apt_sources
|
|
|
|
# System-Update durchführen
|
|
perform_system_update
|
|
|
|
# Grundlegende Packages installieren
|
|
install_base_packages
|
|
|
|
# Spezielle Repositories hinzufügen
|
|
add_additional_repositories
|
|
|
|
# Cleanup durchführen
|
|
cleanup_packages
|
|
|
|
log "INFO" "System-Package-Aktualisierung abgeschlossen"
|
|
}
|
|
|
|
configure_apt_sources() {
|
|
log "INFO" "Konfiguriere APT-Sources..."
|
|
|
|
# Backup der aktuellen sources.list
|
|
cp /etc/apt/sources.list /etc/apt/sources.list.backup.$(date +%Y%m%d)
|
|
|
|
# Detect Debian/Ubuntu Version
|
|
local os_id=$(lsb_release -si)
|
|
local os_codename=$(lsb_release -sc)
|
|
|
|
log "INFO" "Erkanntes System: $os_id $os_codename"
|
|
|
|
case "$os_id" in
|
|
"Debian")
|
|
configure_debian_sources "$os_codename"
|
|
;;
|
|
"Ubuntu"|"Raspbian")
|
|
configure_ubuntu_sources "$os_codename"
|
|
;;
|
|
*)
|
|
log "WARN" "Unbekanntes System, verwende Standard-Konfiguration"
|
|
;;
|
|
esac
|
|
|
|
# Sicherstellen dass Universe und Multiverse aktiviert sind (Ubuntu/Raspbian)
|
|
if [[ "$os_id" == "Ubuntu" ]] || [[ "$os_id" == "Raspbian" ]]; then
|
|
add-apt-repository universe -y 2>/dev/null || true
|
|
add-apt-repository multiverse -y 2>/dev/null || true
|
|
fi
|
|
|
|
log "INFO" "APT-Sources konfiguriert"
|
|
}
|
|
|
|
configure_debian_sources() {
|
|
local codename="$1"
|
|
|
|
log "INFO" "Konfiguriere Debian Sources für $codename"
|
|
|
|
# Standard Debian Sources
|
|
cat > /etc/apt/sources.list << EOF
|
|
# Debian $codename - Hauptrepositories
|
|
deb http://deb.debian.org/debian $codename main contrib non-free
|
|
deb-src http://deb.debian.org/debian $codename main contrib non-free
|
|
|
|
# Debian $codename - Updates
|
|
deb http://deb.debian.org/debian $codename-updates main contrib non-free
|
|
deb-src http://deb.debian.org/debian $codename-updates main contrib non-free
|
|
|
|
# Debian $codename - Security Updates
|
|
deb http://security.debian.org/debian-security $codename-security main contrib non-free
|
|
deb-src http://security.debian.org/debian-security $codename-security main contrib non-free
|
|
|
|
# Debian $codename - Backports (falls verfügbar)
|
|
deb http://deb.debian.org/debian $codename-backports main contrib non-free
|
|
deb-src http://deb.debian.org/debian $codename-backports main contrib non-free
|
|
EOF
|
|
}
|
|
|
|
configure_ubuntu_sources() {
|
|
local codename="$1"
|
|
|
|
log "INFO" "Konfiguriere Ubuntu/Raspbian Sources für $codename"
|
|
|
|
# Ubuntu/Raspbian Sources
|
|
cat > /etc/apt/sources.list << EOF
|
|
# Ubuntu/Raspbian $codename - Hauptrepositories
|
|
deb http://archive.ubuntu.com/ubuntu $codename main restricted universe multiverse
|
|
deb-src http://archive.ubuntu.com/ubuntu $codename main restricted universe multiverse
|
|
|
|
# Ubuntu/Raspbian $codename - Updates
|
|
deb http://archive.ubuntu.com/ubuntu $codename-updates main restricted universe multiverse
|
|
deb-src http://archive.ubuntu.com/ubuntu $codename-updates main restricted universe multiverse
|
|
|
|
# Ubuntu/Raspbian $codename - Security Updates
|
|
deb http://security.ubuntu.com/ubuntu $codename-security main restricted universe multiverse
|
|
deb-src http://security.ubuntu.com/ubuntu $codename-security main restricted universe multiverse
|
|
|
|
# Ubuntu/Raspbian $codename - Backports
|
|
deb http://archive.ubuntu.com/ubuntu $codename-backports main restricted universe multiverse
|
|
deb-src http://archive.ubuntu.com/ubuntu $codename-backports main restricted universe multiverse
|
|
EOF
|
|
}
|
|
|
|
perform_system_update() {
|
|
log "INFO" "Führe System-Update durch..."
|
|
|
|
# APT-Cache aktualisieren
|
|
log "INFO" "Aktualisiere APT-Cache..."
|
|
apt-get update -y || {
|
|
log "ERROR" "APT-Update fehlgeschlagen"
|
|
return 1
|
|
}
|
|
|
|
# Upgrade durchführen
|
|
log "INFO" "Führe System-Upgrade durch..."
|
|
DEBIAN_FRONTEND=noninteractive apt-get upgrade -y || {
|
|
log "ERROR" "APT-Upgrade fehlgeschlagen"
|
|
return 1
|
|
}
|
|
|
|
# Dist-Upgrade für kritische Updates
|
|
log "INFO" "Führe Distribution-Upgrade durch..."
|
|
DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y || {
|
|
log "WARN" "Dist-Upgrade hatte Probleme, fortfahren..."
|
|
}
|
|
|
|
log "INFO" "System-Update abgeschlossen"
|
|
}
|
|
|
|
install_base_packages() {
|
|
log "INFO" "Installiere grundlegende System-Packages..."
|
|
|
|
# Essentielle System-Tools
|
|
local base_packages=(
|
|
# Grundlegende Tools
|
|
"curl"
|
|
"wget"
|
|
"git"
|
|
"unzip"
|
|
"zip"
|
|
"tar"
|
|
"gzip"
|
|
"rsync"
|
|
"htop"
|
|
"tree"
|
|
"nano"
|
|
"vim-tiny"
|
|
|
|
# Netzwerk-Tools
|
|
"net-tools"
|
|
"iputils-ping"
|
|
"dnsutils"
|
|
"ssh"
|
|
"openssh-server"
|
|
|
|
# Build-Tools
|
|
"build-essential"
|
|
"gcc"
|
|
"g++"
|
|
"make"
|
|
"cmake"
|
|
"pkg-config"
|
|
|
|
# Python-Grundlagen
|
|
"python3"
|
|
"python3-pip"
|
|
"python3-dev"
|
|
"python3-venv"
|
|
"python3-setuptools"
|
|
"python3-wheel"
|
|
|
|
# SSL/TLS
|
|
"ca-certificates"
|
|
"openssl"
|
|
|
|
# System-Utilities
|
|
"systemd"
|
|
"systemctl"
|
|
"cron"
|
|
"logrotate"
|
|
"sudo"
|
|
|
|
# Raspberry Pi spezifisch
|
|
"rpi-update"
|
|
"raspberrypi-kernel-headers"
|
|
|
|
# Zusätzliche Libraries
|
|
"libffi-dev"
|
|
"libssl-dev"
|
|
"libxml2-dev"
|
|
"libxslt1-dev"
|
|
"zlib1g-dev"
|
|
"libjpeg-dev"
|
|
"libpng-dev"
|
|
"libfreetype6-dev"
|
|
"liblcms2-dev"
|
|
"libwebp-dev"
|
|
"tcl8.6-dev"
|
|
"tk8.6-dev"
|
|
"python3-tk"
|
|
|
|
# Firewall
|
|
"ufw"
|
|
"iptables"
|
|
"iptables-persistent"
|
|
|
|
# Monitoring
|
|
"psmisc"
|
|
"lsof"
|
|
"strace"
|
|
)
|
|
|
|
# Installiere Packages in Batches für bessere Fehlerbehandlung
|
|
local batch_size=10
|
|
local total_packages=${#base_packages[@]}
|
|
local current_batch=0
|
|
|
|
for ((i=0; i<total_packages; i+=batch_size)); do
|
|
current_batch=$((current_batch + 1))
|
|
local batch=("${base_packages[@]:i:batch_size}")
|
|
|
|
log "INFO" "Installiere Package-Batch $current_batch (${#batch[@]} Packages)..."
|
|
|
|
if ! DEBIAN_FRONTEND=noninteractive apt-get install -y "${batch[@]}"; then
|
|
log "WARN" "Batch $current_batch hatte Probleme, installiere einzeln..."
|
|
|
|
# Installiere einzeln bei Fehlern
|
|
for package in "${batch[@]}"; do
|
|
if ! DEBIAN_FRONTEND=noninteractive apt-get install -y "$package"; then
|
|
log "WARN" "Package konnte nicht installiert werden: $package"
|
|
fi
|
|
done
|
|
fi
|
|
done
|
|
|
|
log "INFO" "Grundlegende Packages installiert"
|
|
}
|
|
|
|
add_additional_repositories() {
|
|
log "INFO" "Füge zusätzliche Repositories hinzu..."
|
|
|
|
# Node.js Repository (NodeSource)
|
|
add_nodejs_repository
|
|
|
|
# Chromium Repository (falls nicht verfügbar)
|
|
add_chromium_repository
|
|
|
|
# Docker Repository (optional, für erweiterte Funktionen)
|
|
# add_docker_repository
|
|
|
|
log "INFO" "Zusätzliche Repositories hinzugefügt"
|
|
}
|
|
|
|
add_nodejs_repository() {
|
|
log "INFO" "Füge Node.js Repository hinzu..."
|
|
|
|
# NodeSource GPG-Key hinzufügen
|
|
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - || {
|
|
log "WARN" "Node.js GPG-Key konnte nicht hinzugefügt werden"
|
|
return 1
|
|
}
|
|
|
|
# Node.js 18.x Repository
|
|
local os_codename=$(lsb_release -sc)
|
|
echo "deb https://deb.nodesource.com/node_18.x $os_codename main" > /etc/apt/sources.list.d/nodesource.list
|
|
echo "deb-src https://deb.nodesource.com/node_18.x $os_codename main" >> /etc/apt/sources.list.d/nodesource.list
|
|
|
|
# APT-Cache aktualisieren
|
|
apt-get update -y || {
|
|
log "WARN" "Node.js Repository-Update fehlgeschlagen"
|
|
return 1
|
|
}
|
|
|
|
log "INFO" "Node.js Repository hinzugefügt"
|
|
}
|
|
|
|
add_chromium_repository() {
|
|
log "INFO" "Prüfe Chromium-Verfügbarkeit..."
|
|
|
|
# Prüfe ob Chromium bereits verfügbar ist
|
|
if apt-cache search chromium-browser | grep -q chromium-browser; then
|
|
log "INFO" "Chromium ist bereits über Standard-Repository verfügbar"
|
|
return 0
|
|
fi
|
|
|
|
# Füge Snap für Chromium hinzu falls APT-Version nicht verfügbar
|
|
if command -v snap >/dev/null 2>&1; then
|
|
log "INFO" "Snap verfügbar, Chromium wird über Snap installiert"
|
|
return 0
|
|
fi
|
|
|
|
# Installiere Snap falls nicht vorhanden
|
|
if ! DEBIAN_FRONTEND=noninteractive apt-get install -y snapd; then
|
|
log "WARN" "Snap konnte nicht installiert werden"
|
|
return 1
|
|
fi
|
|
|
|
log "INFO" "Snap für Chromium-Installation vorbereitet"
|
|
}
|
|
|
|
add_docker_repository() {
|
|
log "INFO" "Füge Docker Repository hinzu (optional)..."
|
|
|
|
# Docker GPG-Key
|
|
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - || {
|
|
log "WARN" "Docker GPG-Key konnte nicht hinzugefügt werden"
|
|
return 1
|
|
}
|
|
|
|
# Docker Repository
|
|
local os_codename=$(lsb_release -sc)
|
|
echo "deb [arch=amd64,arm64,armhf] https://download.docker.com/linux/debian $os_codename stable" > /etc/apt/sources.list.d/docker.list
|
|
|
|
# APT-Cache aktualisieren
|
|
apt-get update -y || {
|
|
log "WARN" "Docker Repository-Update fehlgeschlagen"
|
|
return 1
|
|
}
|
|
|
|
log "INFO" "Docker Repository hinzugefügt"
|
|
}
|
|
|
|
install_security_updates() {
|
|
log "INFO" "Installiere Sicherheitsupdates..."
|
|
|
|
# Unattended-upgrades für automatische Sicherheitsupdates
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y unattended-upgrades apt-listchanges || {
|
|
log "WARN" "Unattended-upgrades konnte nicht installiert werden"
|
|
}
|
|
|
|
# Konfiguriere automatische Sicherheitsupdates
|
|
cat > /etc/apt/apt.conf.d/20auto-upgrades << 'EOF'
|
|
APT::Periodic::Update-Package-Lists "1";
|
|
APT::Periodic::Unattended-Upgrade "1";
|
|
APT::Periodic::AutocleanInterval "7";
|
|
EOF
|
|
|
|
# Konfiguriere welche Updates automatisch installiert werden
|
|
cat > /etc/apt/apt.conf.d/50unattended-upgrades << 'EOF'
|
|
Unattended-Upgrade::Allowed-Origins {
|
|
"${distro_id}:${distro_codename}-security";
|
|
"${distro_id} ESMApps:${distro_codename}-apps-security";
|
|
"${distro_id} ESM:${distro_codename}-infra-security";
|
|
};
|
|
|
|
Unattended-Upgrade::Package-Blacklist {
|
|
// Keine Packages blockieren für MYP-System
|
|
};
|
|
|
|
Unattended-Upgrade::AutoFixInterruptedDpkg "true";
|
|
Unattended-Upgrade::MinimalSteps "true";
|
|
Unattended-Upgrade::Remove-Unused-Dependencies "true";
|
|
Unattended-Upgrade::Automatic-Reboot "false";
|
|
Unattended-Upgrade::SyslogEnable "true";
|
|
EOF
|
|
|
|
log "INFO" "Automatische Sicherheitsupdates konfiguriert"
|
|
}
|
|
|
|
cleanup_packages() {
|
|
log "INFO" "Bereinige Package-System..."
|
|
|
|
# Nicht mehr benötigte Packages entfernen
|
|
apt-get autoremove --purge -y || {
|
|
log "WARN" "Autoremove hatte Probleme"
|
|
}
|
|
|
|
# APT-Cache bereinigen
|
|
apt-get autoclean || {
|
|
log "WARN" "Autoclean hatte Probleme"
|
|
}
|
|
|
|
apt-get clean || {
|
|
log "WARN" "Clean hatte Probleme"
|
|
}
|
|
|
|
# Alte Kernel entfernen (behalte nur die letzten 2)
|
|
if command -v purge-old-kernels >/dev/null 2>&1; then
|
|
purge-old-kernels --keep 2 -y || {
|
|
log "WARN" "Alte Kernel konnten nicht bereinigt werden"
|
|
}
|
|
fi
|
|
|
|
log "INFO" "Package-System bereinigt"
|
|
}
|
|
|
|
verify_packages() {
|
|
log "INFO" "Überprüfe installierte Packages..."
|
|
|
|
local errors=0
|
|
|
|
# Kritische Packages prüfen
|
|
local critical_packages=(
|
|
"python3"
|
|
"python3-pip"
|
|
"git"
|
|
"curl"
|
|
"wget"
|
|
"build-essential"
|
|
"openssh-server"
|
|
"systemd"
|
|
)
|
|
|
|
for package in "${critical_packages[@]}"; do
|
|
if ! dpkg -l | grep -q "^ii.*$package"; then
|
|
log "ERROR" "Kritisches Package fehlt: $package"
|
|
errors=$((errors + 1))
|
|
fi
|
|
done
|
|
|
|
# System-Dienste prüfen
|
|
local critical_services=(
|
|
"ssh"
|
|
"systemd-resolved"
|
|
"cron"
|
|
)
|
|
|
|
for service in "${critical_services[@]}"; do
|
|
if ! systemctl is-active --quiet "$service"; then
|
|
log "WARN" "Service nicht aktiv: $service"
|
|
fi
|
|
done
|
|
|
|
if [[ $errors -eq 0 ]]; then
|
|
log "INFO" "Package-Verifikation erfolgreich"
|
|
return 0
|
|
else
|
|
log "ERROR" "Package-Verifikation fehlgeschlagen ($errors Fehler)"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
optimize_raspberry_pi() {
|
|
log "INFO" "Optimiere System für Raspberry Pi..."
|
|
|
|
# Prüfe ob es sich um einen Raspberry Pi handelt
|
|
if [[ ! -f /proc/device-tree/model ]] || ! grep -q "Raspberry Pi" /proc/device-tree/model; then
|
|
log "INFO" "Kein Raspberry Pi erkannt, überspringe Optimierungen"
|
|
return 0
|
|
fi
|
|
|
|
# GPU Memory Split optimieren
|
|
if command -v raspi-config >/dev/null 2>&1; then
|
|
log "INFO" "Konfiguriere GPU Memory Split..."
|
|
raspi-config nonint do_memory_split 128
|
|
fi
|
|
|
|
# Overclock aktivieren (vorsichtig)
|
|
if [[ -f /boot/config.txt ]]; then
|
|
log "INFO" "Aktiviere moderate Overclock-Einstellungen..."
|
|
|
|
# Backup der config.txt
|
|
cp /boot/config.txt /boot/config.txt.backup.$(date +%Y%m%d)
|
|
|
|
# Füge Overclock-Einstellungen hinzu
|
|
cat >> /boot/config.txt << 'EOF'
|
|
|
|
# MYP System Optimierungen
|
|
# Moderate Overclock für bessere Performance
|
|
arm_freq=1200
|
|
gpu_freq=400
|
|
sdram_freq=500
|
|
over_voltage=2
|
|
|
|
# USB Power
|
|
max_usb_current=1
|
|
|
|
# Audio deaktivieren (nicht benötigt)
|
|
dtparam=audio=off
|
|
EOF
|
|
fi
|
|
|
|
# Swap optimieren
|
|
if [[ -f /etc/dphys-swapfile ]]; then
|
|
log "INFO" "Optimiere Swap-Konfiguration..."
|
|
sed -i 's/CONF_SWAPSIZE=100/CONF_SWAPSIZE=1024/' /etc/dphys-swapfile
|
|
systemctl restart dphys-swapfile
|
|
fi
|
|
|
|
log "INFO" "Raspberry Pi Optimierungen abgeschlossen"
|
|
} |