From Fedora Project Wiki
m
Line 1: Line 1:
Script version of http://fedorasolved.org/Members/fenris02/post_upgrade_cleanup
+
='''NO WARRANTY IMPLIED BY RUNNING THIS SCRIPT.  IT IS OUTDATED.'''=
 +
 
 +
== Script version of http://fedorasolved.org/Members/fenris02/post_upgrade_cleanup ==
 +
 
 +
=== You likely want to read the wiki page (above) and use the output from http://fedorapeople.org/cgit/fenris02/public_git/cleanup.git/plain/rpm-verify.sh rather than running this.===
  
 
<code>
 
<code>
 
  #!/bin/bash
 
  #!/bin/bash
 +
 +
# Script version of http://fedorasolved.org/Members/fenris02/post_upgrade_cleanup
 
   
 
   
 
  # Do not set TMPDIR to any tmpfs mount, these files should remain after boot.
 
  # Do not set TMPDIR to any tmpfs mount, these files should remain after boot.
 
  TMPDIR=/root/tmp
 
  TMPDIR=/root/tmp
  DEBUG=""
+
  DEBUG=''
 +
VERBOSE='1'
 +
LOG_ALL='1'
 +
 +
LANG=C
 +
DS=$(date +%Y%m%d)
 
   
 
   
 
  if [ "$(whoami)" != "root" ]; then
 
  if [ "$(whoami)" != "root" ]; then
  echo "Must be run as root"
+
  echo "Must be run as root."
  exit 1
+
  exit 1
 +
fi
 +
 +
ping -c3 -q 8.8.8.8 > /dev/null
 +
if [ $? -eq 1 ]; then
 +
  echo "Please ensure you have network connectivity."
 +
  exit 2
 
  fi
 
  fi
 
   
 
   
 
  if [ $(runlevel |awk '{print$NF}') != "3" ]; then
 
  if [ $(runlevel |awk '{print$NF}') != "3" ]; then
  echo "Must be run from runlevel 3"
+
  echo "Must be run from runlevel 3."
  exit 1
+
  exit 3
 
  fi
 
  fi
 
+
 
  cat -<<EOT
 
  cat -<<EOT
 
  Press ^C now if you do not have a good backup of your system.
 
  Press ^C now if you do not have a good backup of your system.
 
   
 
   
  If you press enter, this script will try to auto-clean your system.
+
Please make sure you are not running on battery power.  This cleanup may take
  Once complete, you will need to reboot.
+
30mins of heavy I/O and this may cause problems if you lose power.
 +
 +
  If you press enter, this script will try to auto-clean your system. Once
 +
  complete, you will need to reboot.
 
   
 
   
 
  EOT
 
  EOT
 
  read
 
  read
 +
 +
#
 +
[ -n "$DEBUG" ] && VERBOSE='1'
 +
[ -n "$VERBOSE" ] && set -x
 +
 
   
 
   
 
  #
 
  #
 
  [ -d "${TMPDIR}" ] || mkdir -p "${TMPDIR}"
 
  [ -d "${TMPDIR}" ] || mkdir -p "${TMPDIR}"
 
   
 
   
  DS=$(date +%Y%d%m)
+
  # needs to be above logging start
YSHELL=${TMPDIR}/YUM-SHELL_${DS}.txt
+
[ -n "$VERBOSE" ] && echo 'Set selinux to permissive mode'
 +
[ -n "$DEBUG" ] && read
 +
setenforce 0
 +
 +
# Log all output to a file if LOG_ALL is set
 +
if [ -n "$LOG_ALL" ]; then
 +
  PIPEFILE=$(mktemp -u ${TMPDIR}/${0##*/}-XXXXX.pipe)
 +
  mkfifo --context user_tmp_t $PIPEFILE
 +
  LOGFILE=$(mktemp ${TMPDIR}/${0##*/}-XXXXX.log)
 +
  tee -a $LOGFILE < $PIPEFILE &
 +
  TEEPID=$!
 
   
 
   
  setenforce 0
+
  [[ -t 1 ]] && echo "Writing to logfile '$LOGFILE'."
 +
  exec > $PIPEFILE 2>&1
 +
  #exec < /dev/null 2<&1
 +
  fi
 
   
 
   
 
  #
 
  #
  echo "Cleaning up yumdb"
+
  [ -n "$VERBOSE" ] && echo 'Cleaning up yumdb'
 +
[ -n "$DEBUG" ] && read
 
  rm /var/lib/rpm/__db.00?
 
  rm /var/lib/rpm/__db.00?
 +
rpm --rebuilddb
 +
yum update -y /etc/*-release dracut rpm yum
 
  yum clean all
 
  yum clean all
 
  yum-complete-transaction
 
  yum-complete-transaction
preupgrade-cli --clean
 
 
   
 
   
 
  #
 
  #
  echo "Removing old packages from cache directories"
+
  [ -n "$VERBOSE" ] && echo 'Removing old packages from cache directories'
 
  [ -n "$DEBUG" ] && read
 
  [ -n "$DEBUG" ] && read
 
  DIST=$(rpm --eval '%{dist}')
 
  DIST=$(rpm --eval '%{dist}')
 
  for D in /var/cache/yum /var/lib/yum/plugins/local; do
 
  for D in /var/cache/yum /var/lib/yum/plugins/local; do
  [ -d $D ] \
+
  [ -d $D ] \
    && find $D -type f -name \*.rpm \
+
    && find $D -type f -name \*.rpm \
      |grep -v $DIST \
+
      |grep -v $DIST \
      |xargs rm -f
+
      |xargs rm -f
 
  done
 
  done
 
   
 
   
 
  #
 
  #
  echo "Repairing permissions"
+
  [ -n "$VERBOSE" ] && echo 'Repairing permissions'
 
  [ -n "$DEBUG" ] && read
 
  [ -n "$DEBUG" ] && read
  rpm -a --setugids; rpm -a --setperms
+
  [ -n "$VERBOSE" ] && echo 'This may take a few minutes, resetting user/group ownership'
 +
time rpm -a --setugids > /dev/null 2>&1
 +
[ -n "$VERBOSE" ] && echo 'This may take a few minutes, resetting permissions'
 +
time rpm -a --setperms > /dev/null 2>&1
 
   
 
   
  yum install yum-utils
+
  [ -x /usr/bin/package-cleanup ] || yum install -y yum-utils
 +
 +
YSHELL=${TMPDIR}/YUM-SHELL_${DS}.txt
 +
YSHELL2=${TMPDIR}/YUM-SHELL2_${DS}.txt
 +
# Reinstall desktops and sync
 +
YSHELL3=${TMPDIR}/YUM-SHELL3_${DS}.txt
 
   
 
   
 
  # Locate installed leaves packages that were installed as a dep of some other package
 
  # Locate installed leaves packages that were installed as a dep of some other package
 
  repoquery --installed --qf "%{nvra} - %{yumdb_info.reason}" \
 
  repoquery --installed --qf "%{nvra} - %{yumdb_info.reason}" \
  `package-cleanup --leaves -q --all` \
+
  `package-cleanup --leaves -q --all` \
  |grep '\- dep' \
+
  |grep '\- dep' \
  |while read n a a; do \
+
  |while read n a a; do \
    echo remove $n
+
    echo remove $n
  done > $YSHELL
+
  done > $YSHELL
 
   
 
   
  # Locate installed desktops
+
  # reinstall duplicate packages, might clean them without breaking
  yum grouplist -v \
+
  package-cleanup -q --dupes > ${TMPDIR}/DUPLICATE-PACKAGES_${DS}.txt
  |sed '1,/^Installed/d;/^Available/,$d;s/[^()]*//;s/(//;s/)//;s/^/install @/' \
+
[ -s ${TMPDIR}/DUPLICATE-PACKAGES_${DS}.txt ] && \
  |grep desktop >> $YSHELL
+
  cat ${TMPDIR}/DUPLICATE-PACKAGES_${DS}.txt | \
 +
    while read PKGNAME; do
 +
      rpm -q --qf 'reinstall %{name}.%{arch}\n' $PKGNAME >> $YSHELL
 +
    done
 
   
 
   
 
  # Add default package sets
 
  # Add default package sets
Line 77: Line 128:
 
  reinstall policycoreutils*
 
  reinstall policycoreutils*
 
  reinstall selinux*
 
  reinstall selinux*
 +
install fpaste
 +
install redhat-lsb
 +
install rpmconf
 +
install yum-plugin-local
 +
EOT
 +
 +
# Break out non-essential groups so that yum succeeds even on rawhide
 +
cat ->> $YSHELL2 <<EOT
 
  install @admin-tools
 
  install @admin-tools
 
  install @base
 
  install @base
Line 86: Line 145:
 
  install @input-methods
 
  install @input-methods
 
  install @printing
 
  install @printing
install fpaste
 
 
  install memtest86+
 
  install memtest86+
install redhat-lsb
 
install rpmconf
 
distribution-synchronization
 
 
  EOT
 
  EOT
 
   
 
   
  echo run >> $YSHELL
+
# Locate installed desktops -- Hack around broken depsolver
 +
yum grouplist -v \
 +
  |sed '1,/^Installed/d;/^Available/,$d;s/[^()]*//;s/(//;s/)//;' \
 +
  |grep desktop \
 +
  |while read GROUP; do
 +
    echo "remove @${GROUP}" >> $YSHELL3
 +
    echo "install @${GROUP}" >> $YSHELL3
 +
  done
 +
 +
# Add default package sets
 +
  echo 'run' >> $YSHELL
 +
# Break out non-essential groups so that yum succeeds even on rawhide
 +
echo 'run' >> $YSHELL2
 +
# Locate installed desktops -- Hack around broken depsolver
 +
echo 'run' >> $YSHELL3
 +
 +
#
 +
echo 'Generate package list before package-updates'
 +
[ -x /usr/bin/show-installed ] || yum install -y yum-utils
 +
show-installed -f kickstart -e -o ${TMPDIR}/SHOW-INSTALLED1_${DS}.txt
 +
 +
[ -n "$VERBOSE" ] && echo 'Importing Keys for Fedora versions: https://fedoraproject.org/keys'
 +
[ -n "$DEBUG" ] && read
 +
curl -s https://fedoraproject.org/keys |\
 +
  grep fedoraproject.org/static |\
 +
  cut -f2 -d\" |\
 +
  while read URL; do
 +
    rpm --import $URL
 +
  done
 
   
 
   
 
  #
 
  #
  echo "Removing dependency leaves and installing default package sets"
+
  [ -n "$VERBOSE" ] && echo 'Removing dependency leaves and installing default package sets'
 
  [ -n "$DEBUG" ] && read
 
  [ -n "$DEBUG" ] && read
 +
[ -x /usr/sbin/semanage ] || yum install policycoreutils-python
 
  semanage -o ${TMPDIR}/SELINUX-CUSTOM-CONFIG_${DS}.txt
 
  semanage -o ${TMPDIR}/SELINUX-CUSTOM-CONFIG_${DS}.txt
 
  mv /etc/selinux/targeted ${TMPDIR}/targeted.${DS}
 
  mv /etc/selinux/targeted ${TMPDIR}/targeted.${DS}
  yum shell $YSHELL
+
  mkdir -p /etc/selinux/targeted
 +
time yum shell $YSHELL2 -y --disableplugin=presto --skip-broken
 +
time yum shell $YSHELL3 -y --disableplugin=presto --skip-broken
 +
time yum distribution-synchronization -y --disableplugin=presto --skip-broken
 +
time yum shell $YSHELL -y --disableplugin=presto --skip-broken
 +
 +
 +
[ -f /etc/PackageKit/CommandNotFound.conf ] \
 +
  && sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf
 +
 +
# Something went around above if this directory does not exist
 +
[ -n "$VERBOSE" ] && echo 'Resetting local selinux policy'
 +
[ -n "$DEBUG" ] && read
 +
[ -d /etc/selinux/targeted/policy ] || yum reinstall -y selinux-policy-targeted
 
  semanage -i ${TMPDIR}/SELINUX-CUSTOM-CONFIG_${DS}.txt
 
  semanage -i ${TMPDIR}/SELINUX-CUSTOM-CONFIG_${DS}.txt
 
   
 
   
  # Remove duplicate packages if any found
+
  #
  package-cleanup --dupes > ${TMPDIR}/DUPLICATE-PACKAGES_${DS}.txt
+
[ -n "$VERBOSE" ] && echo 'Remove duplicate packages if any found.'
 +
  [ -n "$DEBUG" ] && read
 
  package-cleanup --cleandupes
 
  package-cleanup --cleandupes
 
   
 
   
 
  #
 
  #
  echo "Moving ~/.config/ directories to ~/.config.${DS}"
+
  echo 'Generate package list after package-updates'
 +
[ -x /usr/bin/show-installed ] || yum install yum-utils
 +
show-installed -f kickstart -e -o ${TMPDIR}/SHOW-INSTALLED2_${DS}.txt
 +
 +
#
 +
[ -n "$VERBOSE" ] && echo "Moving ~/.config/ directories to ~/.config.${DS}"
 
  [ -n "$DEBUG" ] && read
 
  [ -n "$DEBUG" ] && read
 
  getent passwd \
 
  getent passwd \
  |while IFS=: read userName passWord userID groupID geCos homeDir userShell; do
+
  |while IFS=: read userName passWord userID groupID geCos homeDir userShell; do
    [ -d "${homeDir}/.config" ] \
+
    [ -d "${homeDir}/.config" ] \
      && echo mv "${homeDir}/.config" "${homeDir}/.config.${DS}"
+
      && mv "${homeDir}/.config" "${homeDir}/.config.${DS}"
  done
+
  done
 
   
 
   
 
  #
 
  #
  echo "Correct labels"
+
  [ -n "$VERBOSE" ] && echo 'Correct labels.'
 
  [ -n "$DEBUG" ] && read
 
  [ -n "$DEBUG" ] && read
  fixfiles -R -a restore
+
  [ -x /sbin/fixfiles ] || yum install -y policycoreutils
 +
time fixfiles -R -a restore
 
   
 
   
  # Merge *.rpmnew files semi-automatically
+
  #
 +
[ -n "$VERBOSE" ] && echo 'Merge *.rpmnew files semi-automatically.'
 +
[ -n "$DEBUG" ] && read
 +
[ -x /usr/sbin/rpmconf ] || yum install -y rpmconf
 
  rpmconf -a
 
  rpmconf -a
 
   
 
   
 
  #
 
  #
  echo "Build problem report"
+
  [ -n "$VERBOSE" ] && echo 'Build problem report.'
 
  [ -n "$DEBUG" ] && read
 
  [ -n "$DEBUG" ] && read
 
  [ -f /etc/sysconfig/prelink ] \
 
  [ -f /etc/sysconfig/prelink ] \
  && . /etc/sysconfig/prelink \
+
  && . /etc/sysconfig/prelink \
  && /usr/sbin/prelink -av $PRELINK_OPTS >> /var/log/prelink/prelink.log 2>&1
+
  && /usr/sbin/prelink -av $PRELINK_OPTS >> /var/log/prelink/prelink.log 2>&1
 
   
 
   
 
  #
 
  #
 +
[ -n "$VERBOSE" ] && echo 'configure dynamic linker run-time bindings'
 
  /sbin/ldconfig
 
  /sbin/ldconfig
 
   
 
   
  # Generate reports
+
  #
  rpm -Va > ${TMPDIR}/rpm-Va.txt 2>&1
+
  [ -n "$VERBOSE" ] && echo 'Verify all installed packages'
  egrep -v '^.{9}  c /' ${TMPDIR}/rpm-Va.txt > ${TMPDIR}/URGENT-REVIEW_${DS}.txt
+
  [ -n "$DEBUG" ] && read
  egrep '^.{9}  c /' ${TMPDIR}/rpm-Va.txt > ${TMPDIR}/REVIEW-CONFIGS_${DS}.txt
+
  time rpm -Va > ${TMPDIR}/RPM-VA_${DS}.txt 2>&1
find /etc /var -name '*.rpm?*' > ${TMPDIR}/REVIEW-OBSOLETE-CONFIGS_${DS}.txt
 
 
   
 
   
 
  # Need a better way to fix caps
 
  # Need a better way to fix caps
  echo "Reset file capabilities"
+
  [ -n "$VERBOSE" ] && echo 'Reset file capabilities'
 
  [ -n "$DEBUG" ] && read
 
  [ -n "$DEBUG" ] && read
  egrep '^.{8}P ' ${TMPDIR}/rpm-Va.txt \
+
  egrep '^.{8}P ' ${TMPDIR}/RPM-VA_${DS}.txt \
  |awk '{print$NF}' \
+
  |awk '{print$NF}' \
  |xargs rpm --filecaps -qf \
+
  |xargs rpm --filecaps -qf \
  |grep '= cap' \
+
  |grep '= cap' \
  |while read fileName eq fileCaps; do
+
  |while read fileName eq fileCaps; do
    rpm --qf '%{name}.%{arch}\n' -qf "${fileName}" >> ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt
+
    rpm --qf '%{name}.%{arch}\n' -qf "${fileName}" >> ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt
    setcap "${fileCaps}" "${fileName}"
+
    setcap "${fileCaps}" "${fileName}"
  done
+
  done
 
  sort -u -o ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt
 
  sort -u -o ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt
  #yum reinstall $(cat ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt)
+
  #yum reinstall -y $(cat ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt)
    
+
 +
#
 +
[ -n "$VERBOSE" ] && echo 'Generate reports'
 +
[ -n "$DEBUG" ] && read
 +
time rpm -Va > ${TMPDIR}/RPM-VA2_${DS}.txt 2>&1
 +
egrep -v '^.{9}  (c /|  /lib/modules/.*/modules\.)' ${TMPDIR}/RPM-VA2_${DS}.txt > ${TMPDIR}/URGENT-REVIEW_${DS}.txt
 +
egrep '^.{9}  c /' ${TMPDIR}/RPM-VA2_${DS}.txt > ${TMPDIR}/REVIEW-CONFIGS_${DS}.txt
 +
find /etc -name '*.rpm?*' > ${TMPDIR}/REVIEW-OBSOLETE-CONFIGS_${DS}.txt
 +
 +
# Stop logging.  No changes below this point.
 +
if [ -n "$LOG_ALL" ]; then
 +
  echo "Kill off logger"
 +
  #exec 1>&- 2>&-
 +
  #kill $TEEPID
 +
  rm $PIPEFILE
 +
   #wait $TEEPID
 +
fi
 +
 
  # Reboot script that works even when init has changed
 
  # Reboot script that works even when init has changed
 
  cat -> ${TMPDIR}/raising-elephants.sh <<EOT
 
  cat -> ${TMPDIR}/raising-elephants.sh <<EOT
Line 166: Line 290:
 
  # "Raising Elephants Is So Utterly Boring"
 
  # "Raising Elephants Is So Utterly Boring"
 
  for ST in r e i s s s u b; do
 
  for ST in r e i s s s u b; do
  echo \$ST > /proc/sysrq-trigger
+
  echo \$ST > /proc/sysrq-trigger
 
  done
 
  done
 
   
 
   
Line 177: Line 301:
 
   
 
   
 
  #EOF
 
  #EOF
 +
 
</code>
 
</code>

Revision as of 21:55, 11 October 2013

NO WARRANTY IMPLIED BY RUNNING THIS SCRIPT. IT IS OUTDATED.

Script version of http://fedorasolved.org/Members/fenris02/post_upgrade_cleanup

You likely want to read the wiki page (above) and use the output from http://fedorapeople.org/cgit/fenris02/public_git/cleanup.git/plain/rpm-verify.sh rather than running this.

#!/bin/bash

# Script version of http://fedorasolved.org/Members/fenris02/post_upgrade_cleanup

# Do not set TMPDIR to any tmpfs mount, these files should remain after boot.
TMPDIR=/root/tmp
DEBUG=
VERBOSE='1'
LOG_ALL='1'

LANG=C
DS=$(date +%Y%m%d)

if [ "$(whoami)" != "root" ]; then
 echo "Must be run as root."
 exit 1
fi

ping -c3 -q 8.8.8.8 > /dev/null
if [ $? -eq 1 ]; then
 echo "Please ensure you have network connectivity."
 exit 2
fi

if [ $(runlevel |awk '{print$NF}') != "3" ]; then
 echo "Must be run from runlevel 3."
 exit 3
fi

cat -<<EOT
Press ^C now if you do not have a good backup of your system.

Please make sure you are not running on battery power.  This cleanup may take
30mins of heavy I/O and this may cause problems if you lose power.

If you press enter, this script will try to auto-clean your system.  Once
complete, you will need to reboot.

EOT
read

#
[ -n "$DEBUG" ] && VERBOSE='1'
[ -n "$VERBOSE" ] && set -x


#
[ -d "${TMPDIR}" ] || mkdir -p "${TMPDIR}"

# needs to be above logging start
[ -n "$VERBOSE" ] && echo 'Set selinux to permissive mode'
[ -n "$DEBUG" ] && read
setenforce 0

# Log all output to a file if LOG_ALL is set
if [ -n "$LOG_ALL" ]; then
 PIPEFILE=$(mktemp -u ${TMPDIR}/${0##*/}-XXXXX.pipe)
 mkfifo --context user_tmp_t $PIPEFILE
 LOGFILE=$(mktemp ${TMPDIR}/${0##*/}-XXXXX.log)
 tee -a $LOGFILE < $PIPEFILE &
 TEEPID=$!

 -t 1  && echo "Writing to logfile '$LOGFILE'."
 exec > $PIPEFILE 2>&1
 #exec < /dev/null 2<&1
fi

#
[ -n "$VERBOSE" ] && echo 'Cleaning up yumdb'
[ -n "$DEBUG" ] && read
rm /var/lib/rpm/__db.00?
rpm --rebuilddb
yum update -y /etc/*-release dracut rpm yum
yum clean all
yum-complete-transaction

#
[ -n "$VERBOSE" ] && echo 'Removing old packages from cache directories'
[ -n "$DEBUG" ] && read
DIST=$(rpm --eval '%{dist}')
for D in /var/cache/yum /var/lib/yum/plugins/local; do
 [ -d $D ] \
   && find $D -type f -name \*.rpm \
     |grep -v $DIST \
     |xargs rm -f
done

#
[ -n "$VERBOSE" ] && echo 'Repairing permissions'
[ -n "$DEBUG" ] && read
[ -n "$VERBOSE" ] && echo 'This may take a few minutes, resetting user/group ownership'
time rpm -a --setugids > /dev/null 2>&1
[ -n "$VERBOSE" ] && echo 'This may take a few minutes, resetting permissions'
time rpm -a --setperms > /dev/null 2>&1

[ -x /usr/bin/package-cleanup ] || yum install -y yum-utils

YSHELL=${TMPDIR}/YUM-SHELL_${DS}.txt
YSHELL2=${TMPDIR}/YUM-SHELL2_${DS}.txt
# Reinstall desktops and sync
YSHELL3=${TMPDIR}/YUM-SHELL3_${DS}.txt

# Locate installed leaves packages that were installed as a dep of some other package
repoquery --installed --qf "%{nvra} - %{yumdb_info.reason}" \
 package-cleanup --leaves -q --all \
 |grep '\- dep' \
 |while read n a a; do \
   echo remove $n
 done > $YSHELL

# reinstall duplicate packages, might clean them without breaking
package-cleanup -q --dupes > ${TMPDIR}/DUPLICATE-PACKAGES_${DS}.txt
[ -s ${TMPDIR}/DUPLICATE-PACKAGES_${DS}.txt ] && \
 cat ${TMPDIR}/DUPLICATE-PACKAGES_${DS}.txt | \
   while read PKGNAME; do
     rpm -q --qf 'reinstall %{name}.%{arch}\n' $PKGNAME >> $YSHELL
   done

# Add default package sets
cat ->> $YSHELL <<EOT
reinstall policycoreutils*
reinstall selinux*
install fpaste
install redhat-lsb
install rpmconf
install yum-plugin-local
EOT

# Break out non-essential groups so that yum succeeds even on rawhide
cat ->> $YSHELL2 <<EOT
install @admin-tools
install @base
install @base-x
install @core
install @dial-up
install @fonts
install @hardware-support
install @input-methods
install @printing
install memtest86+
EOT

# Locate installed desktops -- Hack around broken depsolver
yum grouplist -v \
 |sed '1,/^Installed/d;/^Available/,$d;s/[^()]*//;s/(//;s/)//;' \
 |grep desktop \
 |while read GROUP; do
   echo "remove @${GROUP}" >> $YSHELL3
   echo "install @${GROUP}" >> $YSHELL3
 done

# Add default package sets
echo 'run' >> $YSHELL
# Break out non-essential groups so that yum succeeds even on rawhide
echo 'run' >> $YSHELL2
# Locate installed desktops -- Hack around broken depsolver
echo 'run' >> $YSHELL3

#
echo 'Generate package list before package-updates'
[ -x /usr/bin/show-installed ] || yum install -y yum-utils
show-installed -f kickstart -e -o ${TMPDIR}/SHOW-INSTALLED1_${DS}.txt

[ -n "$VERBOSE" ] && echo 'Importing Keys for Fedora versions: https://fedoraproject.org/keys'
[ -n "$DEBUG" ] && read
curl -s https://fedoraproject.org/keys |\
 grep fedoraproject.org/static |\
 cut -f2 -d\" |\
 while read URL; do
   rpm --import $URL
 done

#
[ -n "$VERBOSE" ] && echo 'Removing dependency leaves and installing default package sets'
[ -n "$DEBUG" ] && read
[ -x /usr/sbin/semanage ] || yum install policycoreutils-python
semanage -o ${TMPDIR}/SELINUX-CUSTOM-CONFIG_${DS}.txt
mv /etc/selinux/targeted ${TMPDIR}/targeted.${DS}
mkdir -p /etc/selinux/targeted
time yum shell $YSHELL2 -y --disableplugin=presto --skip-broken
time yum shell $YSHELL3 -y --disableplugin=presto --skip-broken
time yum distribution-synchronization -y --disableplugin=presto --skip-broken
time yum shell $YSHELL -y --disableplugin=presto --skip-broken


[ -f /etc/PackageKit/CommandNotFound.conf ] \
 && sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf

# Something went around above if this directory does not exist
[ -n "$VERBOSE" ] && echo 'Resetting local selinux policy'
[ -n "$DEBUG" ] && read
[ -d /etc/selinux/targeted/policy ] || yum reinstall -y selinux-policy-targeted
semanage -i ${TMPDIR}/SELINUX-CUSTOM-CONFIG_${DS}.txt

#
[ -n "$VERBOSE" ] && echo 'Remove duplicate packages if any found.'
[ -n "$DEBUG" ] && read
package-cleanup --cleandupes

#
echo 'Generate package list after package-updates'
[ -x /usr/bin/show-installed ] || yum install yum-utils
show-installed -f kickstart -e -o ${TMPDIR}/SHOW-INSTALLED2_${DS}.txt

#
[ -n "$VERBOSE" ] && echo "Moving ~/.config/ directories to ~/.config.${DS}"
[ -n "$DEBUG" ] && read
getent passwd \
 |while IFS=: read userName passWord userID groupID geCos homeDir userShell; do
   [ -d "${homeDir}/.config" ] \
     && mv "${homeDir}/.config" "${homeDir}/.config.${DS}"
 done

#
[ -n "$VERBOSE" ] && echo 'Correct labels.'
[ -n "$DEBUG" ] && read
[ -x /sbin/fixfiles ] || yum install -y policycoreutils
time fixfiles -R -a restore

#
[ -n "$VERBOSE" ] && echo 'Merge *.rpmnew files semi-automatically.'
[ -n "$DEBUG" ] && read
[ -x /usr/sbin/rpmconf ] || yum install -y rpmconf
rpmconf -a

#
[ -n "$VERBOSE" ] && echo 'Build problem report.'
[ -n "$DEBUG" ] && read
[ -f /etc/sysconfig/prelink ] \
 && . /etc/sysconfig/prelink \
 && /usr/sbin/prelink -av $PRELINK_OPTS >> /var/log/prelink/prelink.log 2>&1

#
[ -n "$VERBOSE" ] && echo 'configure dynamic linker run-time bindings'
/sbin/ldconfig

#
[ -n "$VERBOSE" ] && echo 'Verify all installed packages'
[ -n "$DEBUG" ] && read
time rpm -Va > ${TMPDIR}/RPM-VA_${DS}.txt 2>&1

# Need a better way to fix caps
[ -n "$VERBOSE" ] && echo 'Reset file capabilities'
[ -n "$DEBUG" ] && read
egrep '^.{8}P ' ${TMPDIR}/RPM-VA_${DS}.txt \
 |awk '{print$NF}' \
 |xargs rpm --filecaps -qf \
 |grep '= cap' \
 |while read fileName eq fileCaps; do
   rpm --qf '%{name}.%{arch}\n' -qf "${fileName}" >> ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt
   setcap "${fileCaps}" "${fileName}"
 done
sort -u -o ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt
#yum reinstall -y $(cat ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt)

#
[ -n "$VERBOSE" ] && echo 'Generate reports'
[ -n "$DEBUG" ] && read
time rpm -Va > ${TMPDIR}/RPM-VA2_${DS}.txt 2>&1
egrep -v '^.{9}  (c /|  /lib/modules/.*/modules\.)' ${TMPDIR}/RPM-VA2_${DS}.txt > ${TMPDIR}/URGENT-REVIEW_${DS}.txt
egrep '^.{9}  c /' ${TMPDIR}/RPM-VA2_${DS}.txt > ${TMPDIR}/REVIEW-CONFIGS_${DS}.txt
find /etc -name '*.rpm?*' > ${TMPDIR}/REVIEW-OBSOLETE-CONFIGS_${DS}.txt

# Stop logging.  No changes below this point.
if [ -n "$LOG_ALL" ]; then
 echo "Kill off logger"
 #exec 1>&- 2>&-
 #kill $TEEPID
 rm $PIPEFILE
 #wait $TEEPID
fi

# Reboot script that works even when init has changed
cat -> ${TMPDIR}/raising-elephants.sh <<EOT
#/bin/bash

# Try this first:
shutdown -r now

sysctl -w kernel.sysrq=1 || echo 1 > /proc/sys/kernel/sysrq

#https://secure.wikimedia.org/wikipedia/en/wiki/Magic_SysRq_key#.22Raising_Elephants.22_mnemonic_device
# "Raising Elephants Is So Utterly Boring"
for ST in r e i s s s u b; do
 echo \$ST > /proc/sysrq-trigger
done

#EOF
EOT
chmod 0700 ${TMPDIR}/raising-elephants.sh

# Done
echo "Verify packages are installed the way you want and then type ${TMPDIR}/raising-elephants.sh"

#EOF