testsAndMisc/linux_configuration/scripts/utils/upgrade.sh
Krzysztof kuhy Rudnicki 3ebb97b283 chore: optimize pre-commit, remove tracked binaries, fix lint issues
- Move slow hooks (mypy, pylint, bandit, pytest, prettier) to pre-push stage
- Remove redundant autoflake (ruff covers F401/F841)
- Fix shellcheck OOM by batching files with xargs -n 40
- Remove tracked .o, .wav, .pyc binaries from git
- Move pomodoro wav files to ../testsAndMisc_binaries/ with symlinks
- Add *.o, *.so, *.a to .gitignore
- Refactor hltb._pick_best_hltb_entry to fix C901/PLR0911/SIM102
- Fix SC2034 warnings in gif_to_square.sh and upgrade.sh
- Add disk_cleanup_check.sh script
- Various test and code improvements across screen_locker,
  steam_backlog_enforcer, word_frequency, moviepy_showcase
2026-04-10 18:48:37 +02:00

122 lines
4.2 KiB
Bash
Executable File

#!/bin/bash
# System upgrade script with automatic apt source hygiene
# Fixes common warnings/errors before running upgrades.
# All fixes are idempotent and safe to re-run.
set -euo pipefail
log() { printf '[upgrade] %s\n' "$*"; }
# =====================================================================
# Fix 1: Duplicate repository — microsoft-edge.list is a copy of
# google-chrome.list (both point to dl.google.com/linux/chrome)
# =====================================================================
fix_duplicate_chrome_edge_repo() {
local edge="/etc/apt/sources.list.d/microsoft-edge.list"
if [[ ! -f $edge ]]; then
return
fi
# Only act if edge list points to the chrome repo (the known bug)
if grep -q 'dl.google.com/linux/chrome' "$edge" 2>/dev/null; then
log "Disabling duplicate microsoft-edge.list (identical to google-chrome.list)"
mv "$edge" "${edge}.disabled"
fi
}
# =====================================================================
# Fix 2: Expired Cloudflare WARP GPG key (expired 2025-12-03)
# =====================================================================
fix_cloudflare_key() {
local keyring="/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg"
local source_list="/etc/apt/sources.list.d/cloudflare-client.list"
if [[ ! -f $source_list ]]; then
return
fi
# Check if key is expired
local expired
expired=$(gpg --no-default-keyring --keyring "$keyring" --list-keys 2>&1 | grep -c 'expired' || true)
if [[ ${expired:-0} -gt 0 ]]; then
log "Refreshing expired Cloudflare WARP GPG key..."
curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg \
| gpg --yes --dearmor -o "$keyring" 2>/dev/null \
&& log "Cloudflare key refreshed." \
|| log "WARNING: Could not refresh Cloudflare key (network issue?). Skipping."
fi
}
# =====================================================================
# Fix 3: WineHQ key in legacy trusted.gpg + repo targets focal not noble
# =====================================================================
fix_wine_legacy_key() {
local legacy_keyring="/etc/apt/trusted.gpg"
local wine_key_id="D43F640145369C51D786DDEA76F1A20FF987672F"
local modern_keyring="/usr/share/keyrings/winehq-archive.gpg"
# Check if wine key is in the legacy keyring
if ! gpg --no-default-keyring --keyring "$legacy_keyring" --list-keys "$wine_key_id" >/dev/null 2>&1; then
return
fi
log "Migrating WineHQ key from legacy trusted.gpg to modern keyring..."
# Export key to modern location
gpg --no-default-keyring --keyring "$legacy_keyring" \
--export "$wine_key_id" \
| gpg --yes --dearmor -o "$modern_keyring" 2>/dev/null
# Remove from legacy keyring (suppress the deprecation warning)
apt-key del "$wine_key_id" >/dev/null 2>&1 || true
# Fix the source file to use signed-by and correct distro codename
local codename
codename=$(lsb_release -cs 2>/dev/null || echo "noble")
# Find all wine source files
for src in /etc/apt/sources.list.d/*wine*.list; do
[[ -f $src ]] || continue
# Check if already using signed-by
if grep -q 'signed-by=' "$src" 2>/dev/null; then
continue
fi
local old_codename
old_codename=$(grep -oP 'ubuntu/?\s+\K\w+' "$src" | head -1)
log "Updating $src: ${old_codename:-unknown}$codename, adding signed-by"
sed -i \
-e "s|deb https://|deb [arch=amd64 signed-by=$modern_keyring] https://|" \
-e "s|deb-src https://|# deb-src [arch=amd64 signed-by=$modern_keyring] https://|" \
-e "s|ubuntu/ ${old_codename}|ubuntu/ ${codename}|g" \
-e "s|ubuntu ${old_codename}|ubuntu ${codename}|g" \
"$src"
done
log "WineHQ key migrated and source updated."
}
# =====================================================================
# Run all fixes, then upgrade
# =====================================================================
log "Running apt source hygiene checks..."
fix_duplicate_chrome_edge_repo
fix_cloudflare_key
fix_wine_legacy_key
log "Apt source checks complete."
echo ""
log "Installing aptitude if needed..."
apt-get install -y aptitude
log "Starting system upgrade..."
apt-get -y update && apt-get -y upgrade && apt-get -y dist-upgrade
apt-get -y autoremove
aptitude -y update && aptitude -y safe-upgrade && aptitude -y dist-upgrade
log "Upgrade complete."