Debian/Ubuntu upgrade security packages only

include/init_CentOS.sh

@@ -26,9 +26,6 @@ fi
 
 yum check-update
 
-# check upgrade OS
-[ "$upgrade_yn" == 'y' ] && yum -y upgrade
-
 # Install needed packages
 for Package in deltarpm gcc gcc-c++ make cmake autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel libaio readline-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5-devel libidn libidn-devel openssl openssl-devel libxslt-devel libicu-devel libevent-devel libtool libtool-ltdl bison gd-devel vim-enhanced pcre-devel zip unzip ntpdate sysstat patch bc expect rsync git lsof lrzsz
 do
@@ -205,9 +202,9 @@ fi
 # install htop
 if [ ! -e "`which htop`" ];then
     cd src
-    src_url=http://hisham.hm/htop/releases/2.0.0/htop-2.0.0.tar.gz && Download_src
-    tar xzf htop-2.0.0.tar.gz
-    cd htop-2.0.0
+    src_url=http://hisham.hm/htop/releases/2.0.2/htop-2.0.2.tar.gz && Download_src
+    tar xzf htop-2.0.2.tar.gz
+    cd htop-2.0.2
     ./configure
     make -j ${THREAD} && make install
     cd ../../

include/init_Debian.sh

@@ -16,8 +16,9 @@ dpkg -l | grep ^rc | awk '{print $2}' | xargs dpkg -P
 
 apt-get -y update
 
-# check upgrade OS
-[ "$upgrade_yn" == 'y' ] && apt-get -y upgrade
+# critical security updates 
+grep security /etc/apt/sources.list > /tmp/security.sources.list
+apt-get -y upgrade -o Dir::Etc::SourceList=/tmp/security.sources.list
 
 # Install needed packages
 for Package in gcc g++ make cmake autoconf libjpeg8 libjpeg8-dev libjpeg-dev libpng12-0 libpng12-dev libpng3 libfreetype6 libfreetype6-dev libxml2 libxml2-dev zlib1g zlib1g-dev libc6 libc6-dev libglib2.0-0 libglib2.0-dev bzip2 libzip-dev libbz2-1.0 libncurses5 libncurses5-dev libaio1 libaio-dev libreadline-dev curl libcurl3 libcurl4-openssl-dev libcurl4-gnutls-dev e2fsprogs libkrb5-3 libkrb5-dev libltdl-dev libidn11 libidn11-dev openssl libssl-dev libtool libevent-dev bison re2c libsasl2-dev libxslt1-dev libicu-dev locales libcloog-ppl0 patch vim zip unzip tmux htop bc expect rsync git lsof lrzsz cron logrotate ntpdate psmisc

include/init_Ubuntu.sh

@@ -16,8 +16,9 @@ dpkg -l | grep ^rc | awk '{print $2}' | xargs dpkg -P
 
 apt-get -y update
 
-# check upgrade OS
-[ "$upgrade_yn" == 'y' ] && apt-get -y upgrade
+# critical security updates 
+grep security /etc/apt/sources.list > /tmp/security.sources.list
+apt-get -y upgrade -o Dir::Etc::SourceList=/tmp/security.sources.list
 
 # Install needed packages
 for Package in gcc g++ make cmake autoconf libjpeg8 libjpeg8-dev libpng12-0 libpng12-dev libpng3 libfreetype6 libfreetype6-dev libxml2 libxml2-dev zlib1g zlib1g-dev libc6 libc6-dev libglib2.0-0 libglib2.0-dev bzip2 libzip-dev libbz2-1.0 libncurses5 libncurses5-dev libaio1 libaio-dev libreadline-dev curl libcurl3 libcurl4-openssl-dev e2fsprogs libkrb5-3 libkrb5-dev libltdl-dev libidn11 libidn11-dev openssl libssl-dev libtool libevent-dev re2c libsasl2-dev libxslt1-dev libicu-dev patch vim zip unzip tmux htop bc expect rsync git lsof lrzsz ntpdate

include/mariadb-10.0.sh

@@ -14,7 +14,7 @@ cd $oneinstack_dir/src
 FILE_NAME=mariadb-${mariadb_10_0_version}-${GLIBC_FLAG}-${SYS_BIT_b}.tar.gz
 
 if [ "$IPADDR_COUNTRY"x == "CN"x ];then
-    DOWN_ADDR_MARIADB=http://mirrors.aliyun.com/mariadb/mariadb-${mariadb_10_0_version}/bintar-${GLIBC_FLAG}-$SYS_BIT_a
+    DOWN_ADDR_MARIADB=https://mirrors.tuna.tsinghua.edu.cn/mariadb/mariadb-${mariadb_10_0_version}/bintar-${GLIBC_FLAG}-$SYS_BIT_a
     MARAIDB_TAR_MD5=`curl -Lk $DOWN_ADDR_MARIADB/md5sums.txt | grep $FILE_NAME | awk '{print $1}'`
     [ -z "$MARAIDB_TAR_MD5" ] && { DOWN_ADDR_MARIADB=https://mirrors.ustc.edu.cn/mariadb/mariadb-${mariadb_10_0_version}/bintar-${GLIBC_FLAG}-$SYS_BIT_a; MARAIDB_TAR_MD5=`curl -Lk $DOWN_ADDR_MARIADB/md5sums.txt | grep $FILE_NAME | awk '{print $1}'`; }
 else

include/mariadb-10.1.sh

@@ -14,7 +14,7 @@ cd $oneinstack_dir/src
 FILE_NAME=mariadb-${mariadb_10_1_version}-${GLIBC_FLAG}-${SYS_BIT_b}.tar.gz
 
 if [ "$IPADDR_COUNTRY"x == "CN"x ];then
-    DOWN_ADDR_MARIADB=http://mirrors.aliyun.com/mariadb/mariadb-${mariadb_10_1_version}/bintar-${GLIBC_FLAG}-$SYS_BIT_a
+    DOWN_ADDR_MARIADB=https://mirrors.tuna.tsinghua.edu.cn/mariadb/mariadb-${mariadb_10_1_version}/bintar-${GLIBC_FLAG}-$SYS_BIT_a
     MARAIDB_TAR_MD5=`curl -Lk $DOWN_ADDR_MARIADB/md5sums.txt | grep $FILE_NAME | awk '{print $1}'`
     [ -z "$MARAIDB_TAR_MD5" ] && { DOWN_ADDR_MARIADB=https://mirrors.ustc.edu.cn/mariadb/mariadb-${mariadb_10_1_version}/bintar-${GLIBC_FLAG}-$SYS_BIT_a; MARAIDB_TAR_MD5=`curl -Lk $DOWN_ADDR_MARIADB/md5sums.txt | grep $FILE_NAME | awk '{print $1}'`; }
 else

include/mariadb-5.5.sh

@@ -14,7 +14,7 @@ cd $oneinstack_dir/src
 FILE_NAME=mariadb-${mariadb_5_5_version}-${GLIBC_FLAG}-${SYS_BIT_b}.tar.gz
 
 if [ "$IPADDR_COUNTRY"x == "CN"x ];then
-    DOWN_ADDR_MARIADB=http://mirrors.aliyun.com/mariadb/mariadb-${mariadb_5_5_version}/bintar-${GLIBC_FLAG}-$SYS_BIT_a
+    DOWN_ADDR_MARIADB=https://mirrors.tuna.tsinghua.edu.cn/mariadb/mariadb-${mariadb_5_5_version}/bintar-${GLIBC_FLAG}-$SYS_BIT_a
     MARAIDB_TAR_MD5=`curl -Lk $DOWN_ADDR_MARIADB/md5sums.txt | grep $FILE_NAME | awk '{print $1}'`
     [ -z "$MARAIDB_TAR_MD5" ] && { DOWN_ADDR_MARIADB=https://mirrors.ustc.edu.cn/mariadb/mariadb-${mariadb_5_5_version}/bintar-${GLIBC_FLAG}-$SYS_BIT_a; MARAIDB_TAR_MD5=`curl -Lk $DOWN_ADDR_MARIADB/md5sums.txt | grep $FILE_NAME | awk '{print $1}'`; }
 else

include/mysql-5.5.sh

@@ -15,10 +15,10 @@ if [ "$IPADDR_COUNTRY"x == "CN"x -a "$IPADDR_ISP" == 'aliyun' -a "`../include/ch
     DOWN_ADDR_MYSQL=http://aliyun-oss.linuxeye.com/mysql/MySQL-5.5
 else
     if [ "$IPADDR_COUNTRY"x == "CN"x ];then
-        if [ "`../include/check_port.py mirrors.sohu.com 80`" == 'True' ];then
-            DOWN_ADDR_MYSQL=http://mirrors.sohu.com/mysql/MySQL-5.5
+        if [ "`../include/check_port.py mirrors.tuna.tsinghua.edu.cn 443`" == 'True' ];then
+            DOWN_ADDR_MYSQL=https://mirrors.tuna.tsinghua.edu.cn/mysql/downloads/MySQL-5.5
         else
-            DOWN_ADDR_MYSQL=http://mirror.bit.edu.cn/mysql/Downloads/MySQL-5.5
+            DOWN_ADDR_MYSQL=http://mirrors.sohu.com/mysql/MySQL-5.5
             DOWN_ADDR_MYSQL_BK=$DOWN_ADDR_MYSQL
         fi
     else
@@ -37,7 +37,7 @@ src_url=$DOWN_ADDR_MYSQL/$FILE_NAME.md5 && Download_src
 MYSQL_TAR_MD5=`awk '{print $1}' $FILE_NAME.md5`
 while [ "`md5sum $FILE_NAME | awk '{print $1}'`" != "$MYSQL_TAR_MD5" ];
 do
-    wget -c --no-check-certificate $DOWN_ADDR_MYSQL_BK/$FILE_NAME;sleep 1
+    wget -4c --no-check-certificate $DOWN_ADDR_MYSQL_BK/$FILE_NAME;sleep 1
     [ "`md5sum $FILE_NAME | awk '{print $1}'`" == "$MYSQL_TAR_MD5" ] && break || continue
 done
 

include/mysql-5.6.sh

@@ -15,10 +15,10 @@ if [ "$IPADDR_COUNTRY"x == "CN"x -a "$IPADDR_ISP" == 'aliyun' -a "`../include/ch
     DOWN_ADDR_MYSQL=http://aliyun-oss.linuxeye.com/mysql/MySQL-5.6
 else
     if [ "$IPADDR_COUNTRY"x == "CN"x ];then
-        if [ "`../include/check_port.py mirrors.sohu.com 80`" == 'True' ];then
-            DOWN_ADDR_MYSQL=http://mirrors.sohu.com/mysql/MySQL-5.6
+        if [ "`../include/check_port.py mirrors.tuna.tsinghua.edu.cn 443`" == 'True' ];then
+            DOWN_ADDR_MYSQL=https://mirrors.tuna.tsinghua.edu.cn/mysql/downloads/MySQL-5.6
         else
-            DOWN_ADDR_MYSQL=http://mirror.bit.edu.cn/mysql/Downloads/MySQL-5.6
+            DOWN_ADDR_MYSQL=http://mirrors.sohu.com/mysql/MySQL-5.6
             DOWN_ADDR_MYSQL_BK=$DOWN_ADDR_MYSQL
         fi
     else
@@ -37,7 +37,7 @@ src_url=$DOWN_ADDR_MYSQL/$FILE_NAME.md5 && Download_src
 MYSQL_TAR_MD5=`awk '{print $1}' $FILE_NAME.md5`
 while [ "`md5sum $FILE_NAME | awk '{print $1}'`" != "$MYSQL_TAR_MD5" ];
 do
-    wget -c --no-check-certificate $DOWN_ADDR_MYSQL_BK/$FILE_NAME;sleep 1
+    wget -4c --no-check-certificate $DOWN_ADDR_MYSQL_BK/$FILE_NAME;sleep 1
     [ "`md5sum $FILE_NAME | awk '{print $1}'`" == "$MYSQL_TAR_MD5" ] && break || continue
 done
 

include/mysql-5.7.sh

@@ -15,10 +15,10 @@ if [ "$IPADDR_COUNTRY"x == "CN"x -a "$IPADDR_ISP" == 'aliyun' -a "`../include/ch
     DOWN_ADDR_MYSQL=http://aliyun-oss.linuxeye.com/mysql/MySQL-5.7
 else
     if [ "$IPADDR_COUNTRY"x == "CN"x ];then
-        if [ "`../include/check_port.py mirrors.sohu.com 80`" == 'True' ];then
-            DOWN_ADDR_MYSQL=http://mirrors.sohu.com/mysql/MySQL-5.7
+        if [ "`../include/check_port.py mirrors.tuna.tsinghua.edu.cn 443`" == 'True' ];then
+            DOWN_ADDR_MYSQL=https://mirrors.tuna.tsinghua.edu.cn/mysql/downloads/MySQL-5.7
         else
-            DOWN_ADDR_MYSQL=http://mirror.bit.edu.cn/mysql/Downloads/MySQL-5.7
+            DOWN_ADDR_MYSQL=http://mirrors.sohu.com/mysql/MySQL-5.7
             DOWN_ADDR_MYSQL_BK=$DOWN_ADDR_MYSQL
         fi
     else
@@ -37,7 +37,7 @@ src_url=$DOWN_ADDR_MYSQL/$FILE_NAME.md5 && Download_src
 MYSQL_TAR_MD5=`awk '{print $1}' $FILE_NAME.md5`
 while [ "`md5sum $FILE_NAME | awk '{print $1}'`" != "$MYSQL_TAR_MD5" ];
 do
-    wget -c --no-check-certificate $DOWN_ADDR_MYSQL_BK/$FILE_NAME;sleep 1
+    wget -4c --no-check-certificate $DOWN_ADDR_MYSQL_BK/$FILE_NAME;sleep 1
     [ "`md5sum $FILE_NAME | awk '{print $1}'`" == "$MYSQL_TAR_MD5" ] && break || continue
 done
 

include/tomcat-6.sh

@@ -45,7 +45,7 @@ if [ -e "$tomcat_install_dir/conf/server.xml" ];then
     if [ -d "/usr/local/apr/lib" ];then
         [ $Mem -le 768 ] && Xms_Mem=`expr $Mem / 3` || Xms_Mem=256
         cat > $tomcat_install_dir/bin/setenv.sh << EOF
-JAVA_OPTS='-Djava.security.egd=file:/dev/./urandom -server -Xms${Xms_Mem}m -Xmx`expr $Mem / 2`m'
+JAVA_OPTS='-Djava.security.egd=file:/dev/./urandom -server -Xms${Xms_Mem}m -Xmx`expr $Mem / 2`m -Dfile.encoding=UTF-8'
 CATALINA_OPTS="-Djava.library.path=/usr/local/apr/lib"
 # -Djava.rmi.server.hostname=$IPADDR
 # -Dcom.sun.management.jmxremote.password.file=\$CATALINA_BASE/conf/jmxremote.password

include/tomcat-7.sh

@@ -45,7 +45,7 @@ if [ -e "$tomcat_install_dir/conf/server.xml" ];then
     if [ -d "/usr/local/apr/lib" ];then
         [ $Mem -le 768 ] && Xms_Mem=`expr $Mem / 3` || Xms_Mem=256
         cat > $tomcat_install_dir/bin/setenv.sh << EOF
-JAVA_OPTS='-Djava.security.egd=file:/dev/./urandom -server -Xms${Xms_Mem}m -Xmx`expr $Mem / 2`m'
+JAVA_OPTS='-Djava.security.egd=file:/dev/./urandom -server -Xms${Xms_Mem}m -Xmx`expr $Mem / 2`m -Dfile.encoding=UTF-8'
 CATALINA_OPTS="-Djava.library.path=/usr/local/apr/lib"
 # -Djava.rmi.server.hostname=$IPADDR
 # -Dcom.sun.management.jmxremote.password.file=\$CATALINA_BASE/conf/jmxremote.password

include/tomcat-8.sh

@@ -45,7 +45,7 @@ if [ -e "$tomcat_install_dir/conf/server.xml" ];then
     if [ -d "/usr/local/apr/lib" ];then
         [ $Mem -le 768 ] && Xms_Mem=`expr $Mem / 3` || Xms_Mem=256
         cat > $tomcat_install_dir/bin/setenv.sh << EOF
-JAVA_OPTS='-Djava.security.egd=file:/dev/./urandom -server -Xms${Xms_Mem}m -Xmx`expr $Mem / 2`m'
+JAVA_OPTS='-Djava.security.egd=file:/dev/./urandom -server -Xms${Xms_Mem}m -Xmx`expr $Mem / 2`m -Dfile.encoding=UTF-8'
 CATALINA_OPTS="-Djava.library.path=/usr/local/apr/lib"
 # -Djava.rmi.server.hostname=$IPADDR
 # -Dcom.sun.management.jmxremote.password.file=\$CATALINA_BASE/conf/jmxremote.password

include/upgrade_db.sh

@@ -14,7 +14,7 @@ cd $oneinstack_dir/src
 OLD_DB_version_tmp=`$db_install_dir/bin/mysql -V | awk '{print $5}' | awk -F, '{print $1}'`
 DB_tmp=`echo $OLD_DB_version_tmp | awk -F'-' '{print $2}'`
 if [ "$DB_tmp" == 'MariaDB' ];then
-    [ "$IPADDR_COUNTRY"x == "CN"x ] && DOWN_ADDR=http://mirrors.aliyun.com/mariadb || DOWN_ADDR=https://downloads.mariadb.org/f
+    [ "$IPADDR_COUNTRY"x == "CN"x ] && DOWN_ADDR=https://mirrors.tuna.tsinghua.edu.cn/mariadb || DOWN_ADDR=https://downloads.mariadb.org/f
     DB=MariaDB
     OLD_DB_version=`echo $OLD_DB_version_tmp | awk -F'-' '{print $1}'`
 elif [ -n "$DB_tmp" -a "$DB_tmp" != 'MariaDB' ];then

versions.txt

@@ -2,7 +2,7 @@
 # Web
 nginx_version=1.10.1
 tengine_version=2.1.1
-openresty_version=1.9.15.1
+openresty_version=1.11.2.1
 openssl_version=1.0.2h
 
 tomcat_8_version=8.0.30
@@ -21,10 +21,10 @@ mysql_5_6_version=5.6.32
 mysql_5_5_version=5.5.51
 
 mariadb_10_1_version=10.1.16
-mariadb_10_0_version=10.0.26
+mariadb_10_0_version=10.0.27
 mariadb_5_5_version=5.5.51
 
-percona_5_7_version=5.7.13-6
+percona_5_7_version=5.7.14-7
 percona_5_6_version=5.6.32-78.0
 percona_5_5_version=5.5.51-38.1