Update setup-auto-updates.sh

2025-07-28 05:43:17 +00:00
parent d077ce4572
commit 821eb53673
1 changed files with 17 additions and 30 deletions
--- a/setup-auto-updates.sh
+++ b/setup-auto-updates.sh
@@ -120,50 +120,23 @@ enable_timers_if_systemd() {
  fi
 }

-wait_for_apt_units() {
-  # Wait for apt-daily/apt-daily-upgrade units to finish (up to ~120s)
-  if command -v systemctl >/dev/null 2>&1; then
-    local units=(apt-daily.service apt-daily-upgrade.service)
-    for i in {1..60}; do
-      local busy=0
-      for u in "${units[@]}"; do
-        systemctl is-active --quiet "$u" && { busy=1; break; }
-      done
-      (( busy == 0 )) && return 0
-      (( i % 10 == 0 )) && echo "[INFO] apt units busy…waiting $((i*2))s"
-      sleep 2
-    done
-    echo "[WARN] apt units still busy after ~120s; continuing anyway."
-  fi
-}
-
 validate_with_dryrun() {
  wait_for_apt || true
-  wait_for_apt_units || true
  echo "[INFO] Validating unattended-upgrades with a dry run…"
  local log="/tmp/unattended-upgrades-dryrun.$$"
-
-  # Temporarily disable ERR trap so a non-zero here doesn't print "[ERROR] Line …"
-  trap - ERR
-  set +e
-  timeout 240 unattended-upgrades --dry-run --debug >"$log" 2>&1
-  local rc=$?
-  set -e
-  trap 'echo "[ERROR] Line $LINENO failed" >&2' ERR
-
-  if (( rc != 0 )); then
+  if ! timeout 180 unattended-upgrades --dry-run --debug >"$log" 2>&1; then
    echo "[WARN] Dry run timed out or failed; see $log"
    return 1
  fi
-
+  # Show the header line so you can see what matched
  grep -E "Allowed origins are" "$log" | head -n1 || true
+  # Catch real parser errors
  if grep -qiE "Unable to parse|ValueError|AttributeError|ImportError" "$log"; then
    echo "[ERROR] Parsing error detected; see $log"
    return 1
  fi
 }

-
 show_status() {
  echo
  echo "[INFO] Config files:"
@@ -184,8 +157,22 @@ main() {
  apt_refresh_and_install
  write_50unattended
  write_20auto
+
+  # If detect_os didn't export OS, derive it so we can gate ESM cleanup.
+  if [[ -z "${OS:-}" ]] && [[ -r /etc/os-release ]]; then
+    # shellcheck disable=SC1091
+    . /etc/os-release
+    OS="${ID,,}"
+  fi
+
+  # Drop Ubuntu ESM patterns on non-Ubuntu systems (cosmetic; harmless if kept).
+  if [[ "${OS:-}" != "ubuntu" ]]; then
+    sed -i '/UbuntuESM/d' /etc/apt/apt.conf.d/50unattended-upgrades
+  fi
+
  enable_timers_if_systemd

+  # Non-fatal validation (avoid aborting the run if APT is busy).
  set +e
  validate_with_dryrun
  vr=$?