1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
#!/bin/sh
exec </dev/null
set -xe
set -o pipefail
PREFIX=@@PREFIX@@
:
: disable useless repos
:
for repo in fedora-cisco-openh264 ; do
echo disabling: ${repo}
dnf config-manager --set-disable ${repo}
done
:
: enable useful repos
:
for repo in fedora-debuginfo updates-debuginfo ; do
echo enabling: ${repo}
dnf config-manager --set-enable ${repo}
done
:
: Point the cache at /pool/pkg.fedora.NNN
:
cachedir=$( . /etc/os-release ; echo /pool/pkg.${ID}.${VERSION_ID} )
dnf config-manager --save --setopt=keepcache=True
dnf config-manager --save --setopt=cachedir=${cachedir}
#dnf config-manager --save --setopt=makecache=0
:
: give network time to come online!
:
sleep 5
:
: explicitly build the cache
:
dnf makecache
:
: limit kernel to two installs
:
# https://ask.fedoraproject.org/t/old-kernels-removal/7026/2
sudo sed -i 's/installonly_limit=3/installonly_limit=2/' /etc/dnf/dnf.conf
:
: Install then upgrade
:
# stuff needed to build libreswan; this is first installed and then
# constantly upgraded
building() {
cat <<EOF | awk '{print $1}'
ElectricFence
audit-libs-devel
make
ldns-devel
libcurl-devel
libseccomp-devel
libselinux-devel
nss-devel
nss-tools
nss-util-devel
pam-devel
unbound
unbound-devel
xmlto
EOF
}
# latest kernel; this is only installed (upgrading kernels is not a
# fedora thing). XL2TPD sucks in the latest kernel so is included in
# the list.
kernel() {
cat <<EOF | awk '{print $1}'
kernel
kernel-devel
xl2tpd
EOF
}
# utilities used to test libreswan; these are only installed for now
# (so that there isn't too much version drift).
testing() {
cat <<EOF | awk '{print $1}'
bind-dnssec-utils
bind-utils
conntrack-tools
fping
gawk
gdb
gnutls-utils used by soft tokens
ike-scan
iptables
libcap-ng-utils
libfaketime
linux-system-roles
nc
net-tools
nftables
nsd
ocspd
openssl
python3-netaddr
python3-pexpect
python3-pyOpenSSL
rsync
selinux-policy-devel
socat
softhsm-devel used by soft tokens
sshpass used by ansible-playbook
strace
strongswan
strongswan-sqlite
systemd-networkd
tar
tcpdump
valgrind
vim-enhanced
wireshark-cli
EOF
}
dnf install -y `building` `testing` `kernel`
dnf upgrade -y `building` `testing`
|
